高手请看看吧？我的小雨伞打不开了！！还有别的问题呀不知道怎么样讲？？？？？

请到http://forum.ikaka.com/topic.asp?board=28&artid=8105899
下载HijackThis
下载后运行HijackThis.rar,再运行HijackThis.exe
单机＂扫描日志并保存日志＂
把保存的日志复制粘贴上来．

还有２.exe是什么意思呀？？？？

2006-09-28,12:17:19

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <svc><C:\WINDOWS\svchost.exe>  []
    <91cast><>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <svhoost><C:\WINDOWS\system32\checksys.exe>  []
    <rx><C:\WINDOWS\system32\explore.exe>  []
    <zz><C:\WINDOWS\system32\intenet.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><C:\WINDOWS\system32\checksys.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <EPSON ME 1><C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3W1.EXE /P10 "EPSON ME 1" /O6 "USB001" /M "ME 1">  [SEIKO EPSON CORPORATION]
    <HupooShell><"C:\DOCUME~1\hnjbh1\LOCALS~1\Temp\5yad1008.exe " >  []
    <xy><C:\WINDOWS\Download\svhost32.exe>  []
    <wdfmgr32><C:\WINDOWS\system32\wdfmgr32.exe>  []
    <svhoost><C:\WINDOWS\system32\checksys.exe>  []
    <System><C:\WINDOWS\TEMP\\setup.exe>  []
    <Torjan Program><C:\WINDOWS\WINLOGON.EXE>  []
    <SoundMam><C:\WINDOWS\system32\SVOHOST.exe>  []
    <RichMedia><C:\WINDOWS\system32\Rundll32.exe  "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows>  [Shanghai Henbang Technology Co., Ltd]
    <svc><C:\WINDOWS\svchost.exe>  []
    <sky><C:\DOCUME~1\user\LOCALS~1\Temp\Skymmstp.exe>  []
    <91cast><>  []
    <Update><C:\WINDOWS\tools.exe>  [System Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <DTService><rundll32.exe C:\WINDOWS\system32\soundmix.dll,Load>  []
    <DEFAULT><rundll32.exe C:\WINDOWS\system32\SYSPOL~1.DLL,Start>  []
    <CONFIGURATION><rundll32.exe C:\WINDOWS\system32\tapidef.dll,Start>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\Userinit.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><"\Program Files\Logonui\Logonui.exe">  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{08315C1A-9BA9-4B7C-A432-26885F78DF28}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\xiaran.lmz>  []
    <{F3D0D422-CE6D-47B3-9CE6-C54DD63F1ADB}><C:\Program Files\Internet Explorer\PLUGINS\new123.sys>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <DelayRun><C:\WINDOWS\system32\288d7ca0.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr]
    <WinlogonNotify: Syncmgr><C:\WINDOWS\system32\ktnul7591.dll>  []

==================================
启动文件夹
服务
[IPSEC Client / MouTALS]
  <C:\WINDOWS\SYSTEM32\RUNDLL.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[RDPSSW32 / RDPSSW32]
  <C:\WINDOWS\System32\RDPSSW32.EXE><N/A>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Windows_rejoice / Windows_rejoice]
  <C:\Program Files\Common Files\Microsoft Shared\MSINFO\je2006_4.exe><N/A>

==================================
浏览器加载项
[google bar]
  {607E95A1-8F89-4343-B9BC-2EFC2B291BB4} <C:\WINDOWS\system32\googlebar.dll, Google Inc.>
[]
  {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\coolsign\coolsign.dll, Fengcent>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[天心传奇，国内在线人数最多的传奇]
  {B44CEFF3-EE81-45F8-ABF7-1DF940AE9C18} <http://www.234567.net/, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\QQ文件夹1\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\QQ文件夹1\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[泡游戏，给你推荐最新最好玩的游戏]
  {E4623A52-D862-4580-A0B7-A525C79423F3} <http://www.paogame.com/, N/A>
[中文网址导航]
  {FDDED1AA-8156-416D-85F7-94BEA1997739} <http://www.234567.com/, N/A>
[开心溜溜娱乐门户网，电影、音乐、DJ、相声、小品、FLASH等等应有尽有]
  {FDFD318D-E647-458A-918D-E0418559BB9E} <http://www.kx66.com/, N/A>
[EPSON Web-To-Page]
  {EE5D279F-081B-4404-994D-C6B60AAEBA6D} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[SearchCar]
  {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\SearchCar\tbu08121\SearchCar.dll, N/A>
[raObject Class]
  {46F194EB-B7DB-4B7A-BD42-5FF39FD17664} <C:\PROGRA~1\pcast\hbcast.dll, Shanghai Henbang Technology Co., Ltd>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[google bar]
  {607E95A1-8F89-4343-B9BC-2EFC2B291BB4} <C:\WINDOWS\system32\googlebar.dll, Google Inc.>
[SearchCar]
  {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\SearchCar\tbu08121\SearchCar.dll, N/A>
[XBTP05676 Class]
  {72BA415A-AE03-4279-ACAB-39A3DF73FD4E} <C:\PROGRA~1\BBMAOT~1\BBMAO_~1.DLL, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[Windows ToyClass]
  {E3DB85B5-C559-4894-B474-42E89FAA1EFD} <C:\WINDOWS\system32\winmsd.dll, Microsoft Corporation>
[EPSON Web-To-Page]
  {EE5D279F-081B-4404-994D-C6B60AAEBA6D} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[上传到QQ网络硬盘]
  <D:\QQ文件夹1\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://c:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\QQ文件夹1\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\QQ文件夹1\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\QQ文件夹1\SendMMS.htm, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

==================================
正在运行的进程
[PID: 1980][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\iapromon.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\xydll.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\winscok.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\SrvDll04.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [C:\WINDOWS\system32\myrx.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\myztr.dll]  <N/A><N/A>
    [C:\WINDOWS\msg.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
[PID: 1620][C:\WINDOWS\Download\svhost32.exe]  <N/A><N/A>
    [C:\WINDOWS\system32\xydll.dll]  <N/A><N/A>
[PID: 852][C:\WINDOWS\system32\SVOHOST.exe]  <N/A><N/A>
    [C:\WINDOWS\system32\winscok.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [C:\WINDOWS\system32\xydll.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\SrvDll04.dll]  <N/A><N/A>
[PID: 1988][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\winscok.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [C:\WINDOWS\system32\xydll.dll]  <N/A><N/A>
[PID: 2388][C:\WINDOWS\system32\conime.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\winscok.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [C:\WINDOWS\system32\xydll.dll]  <N/A><N/A>
[PID: 1924][C:\Program Files\racer-henan-cnc\racer.exe]  <Putian Runway><2, 0, 51, 92>
    [C:\WINDOWS\system32\winscok.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [C:\Program Files\racer-henan-cnc\rwxre.dll]  <Mozilla Foundation><1.7.3: 2005040616>
    [C:\Program Files\racer-henan-cnc\nspr4.dll]  <Netscape Communications Corporation><4.5 Beta>
    [C:\Program Files\racer-henan-cnc\xpcom.dll]  <Mozilla Foundation><1.7.3: 2005040616>
    [C:\Program Files\racer-henan-cnc\nss3.dll]  <Netscape Communications Corporation><3.9.1>
    [C:\Program Files\racer-henan-cnc\softokn3.dll]  <Netscape Communications Corporation><3.9.1>
    [C:\Program Files\racer-henan-cnc\gkgfx.dll]  <Mozilla Foundation><1.7.3: 2005040616>
    [C:\Program Files\racer-henan-cnc\js3250.dll]  <Netscape Communications Corporation><4.0>
    [C:\Program Files\racer-henan-cnc\components\racer_base_comp.dll]  <Putian Runway><2,0,47,87>
    [C:\Program Files\racer-henan-cnc\xpcom_compat.dll]  <Mozilla Foundation><1.7.3: 2005040616>
    [C:\Program Files\racer-henan-cnc\racer_base.dll]  <Putian Runway><2,0,47,87>
    [C:\WINDOWS\system32\wshcon32.dll]  <><4, 1, 0, 0>
    [C:\Program Files\racer-henan-cnc\components\pipnss.dll]  <Mozilla Foundation><1.7.3: 2005040616>
    [C:\Program Files\racer-henan-cnc\components\gklayout.dll]  <Mozilla Foundation><1.7.3: 2005040616>
    [C:\Program Files\racer-henan-cnc\components\jar50.dll]  <Mozilla Foundation><1.7.3: 2005040616>
    [C:\WINDOWS\system32\xydll.dll]  <N/A><N/A>
    [C:\Program Files\racer-henan-cnc\components\xpcom_compat_c.dll]  <Mozilla Foundation><1.7.3: 2005040616>
    [C:\Program Files\racer-henan-cnc\components\racer_ad_comp.dll]  <Putian Runway><2,0,47,87>
    [C:\Program Files\racer-henan-cnc\components\racer_access_dhcpplus.dll]  <Putian Runway><2,0,47,87>
    [C:\Program Files\racer-henan-cnc\dhcpplus.dll]  <北京润汇科技有限公司><0, 13, 21, 45>
    [C:\WINDOWS\system32\SrvDll04.dll]  <N/A><N/A>
    [C:\Program Files\racer-henan-cnc\components\racer_nss4_comp.dll]  <Putian Runway><2,0,47,87>
    [C:\Program Files\racer-henan-cnc\nss4.dll]  <北京普天润汇科技有限公司><1, 0, 0, 3>
    [C:\Program Files\racer-henan-cnc\wpcap.dll]  <Politecnico di Torino><3, 0, 0, 18>
    [C:\Program Files\racer-henan-cnc\pthreadVC.dll]  <N/A><N/A>
    [C:\Program Files\racer-henan-cnc\packet.dll]  <Politecnico di Torino><3, 0, 0, 18>
[PID: 6880][C:\Program Files\racer-henan-cnc\RacerKp.exe]  <北京润汇科技有限公司><1, 0, 0, 1>
    [C:\WINDOWS\system32\winscok.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [C:\WINDOWS\system32\xydll.dll]  <N/A><N/A>
[PID: 7016][C:\WINDOWS\svchost.exe]  <N/A><N/A>
    [C:\WINDOWS\system32\winscok.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [C:\WINDOWS\system32\xydll.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\SrvDll04.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\wshcon32.dll]  <><4, 1, 0, 0>
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 7700][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\winscok.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [C:\WINDOWS\system32\googlebar.dll]  <Google Inc.><1, 0, 3, 6696>
    [C:\WINDOWS\system32\xydll.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\SrvDll04.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\wshcon32.dll]  <><4, 1, 0, 0>
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\WINDOWS\system32\macromed\flash\Flash.ocx]  <Macromedia, Inc.><7,0,19,0>
[PID: 8756][C:\WINDOWS\tools.exe]  <System Inc.><1, 0, 6, 821>
[PID: 9656][H:\日志文件夹\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\WINDOWS\system32\winscok.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [C:\WINDOWS\system32\xydll.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\SrvDll04.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\wshcon32.dll]  <><4, 1, 0, 0>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

有很多网站不停跳出来呀????

又一台被病毒残害的电脑...
建议你重装系统,比手动杀来得快干净

用sreng
删除启动项目=>注册表
<svc><C:\WINDOWS\svchost.exe> []
<91cast><> []
<svhoost><C:\WINDOWS\system32\checksys.exe> []
<rx><C:\WINDOWS\system32\explore.exe> []
<zz><C:\WINDOWS\system32\intenet.exe> []
<run><C:\WINDOWS\system32\checksys.exe> []
<HupooShell><"C:\DOCUME~1\hnjbh1\LOCALS~1\Temp\5yad1008.exe " > []
<xy><C:\WINDOWS\Download\svhost32.exe> []
<wdfmgr32><C:\WINDOWS\system32\wdfmgr32.exe> []
<svhoost><C:\WINDOWS\system32\checksys.exe> []
<System><C:\WINDOWS\TEMP\\setup.exe> []
<Torjan Program><C:\WINDOWS\WINLOGON.EXE> []
<SoundMam><C:\WINDOWS\system32\SVOHOST.exe> []
<svc><C:\WINDOWS\svchost.exe> []
<sky><C:\DOCUME~1\user\LOCALS~1\Temp\Skymmstp.exe> []
<91cast><> []
<Update><C:\WINDOWS\tools.exe> [System Inc.]
<DEFAULT><rundll32.exe C:\WINDOWS\system32\SYSPOL~1.DLL,Start> []
<CONFIGURATION><rundll32.exe C:\WINDOWS\system32\tapidef.dll,Start> []
<{08315C1A-9BA9-4B7C-A432-26885F78DF28}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\xiaran.lmz> []
<{F3D0D422-CE6D-47B3-9CE6-C54DD63F1ADB}><C:\Program Files\Internet Explorer\PLUGINS\new123.sys> []
<DelayRun><C:\WINDOWS\system32\288d7ca0.dll> []
<WinlogonNotify: Syncmgr><C:\WINDOWS\system32\ktnul7591.dll> []
删除
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\checksys.exe
C:\WINDOWS\system32\explore.exe
C:\WINDOWS\system32\intenet.exe
C:\WINDOWS\system32\checksys.exe
C:\WINDOWS\Download\svhost32.exe
C:\WINDOWS\system32\wdfmgr32.exe
C:\WINDOWS\TEMP\\setup.exe
C:\WINDOWS\system32\SVOHOST.exe
C:\WINDOWS\tools.exe
C:\WINDOWS\system32\SYSPOL~1.DLL
C:\WINDOWS\system32\tapidef.dll
C:\Program Files\Common Files\Microsoft Shared\MSINFO\xiaran.lmz
C:\Program Files\Internet Explorer\PLUGINS\new123.sys
C:\WINDOWS\system32\288d7ca0.dll
C:\WINDOWS\system32\ktnul7591.dll
C:\WINDOWS\system32\iapromon.dll
C:\WINDOWS\system32\xydll.dll
C:\WINDOWS\system32\winscok.dll
C:\WINDOWS\system32\SrvDll04.dll
C:\WINDOWS\system32\myrx.dll
C:\WINDOWS\system32\myztr.dll
C:\WINDOWS\msg.dll


安全模式清空
C:\DOCUME~1\hnjbh1\LOCALS~1\Temp\
C:\WINDOWS\Temp\

用sreng
删除启动项目=>服务
[IPSEC Client / MouTALS]
<C:\WINDOWS\SYSTEM32\RUNDLL.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
删除
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL

[RDPSSW32 / RDPSSW32]
<C:\WINDOWS\System32\RDPSSW32.EXE><N/A>
[Windows_rejoice / Windows_rejoice]
<C:\Program Files\Common Files\Microsoft Shared\MSINFO\je2006_4.exe><N/A>
灰鸽子..安全模式...打开注册表编辑器，展开：HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
搜索 RDPSSW32 和 Windows_rejoice 删除...
删除
C:\WINDOWS\System32\RDPSSW32.EXE
C:\Program Files\Common Files\Microsoft Shared\MSINFO\je2006_4.exe

http://download5.pctutu.com/soft/winspeed782.zip
用超级兔子清理王在安全模式下卸载流氓软件...

http;//mopery.hits.io/MiscKiller.zip
下载专杀查杀..

引用:

【westbeck的贴子】又一台被病毒残害的电脑... 建议你重装系统,比手动杀来得快干净 ………………

同感....