D和E盘打不开（这两盘都有auto和autorun文件），KAKA自动关闭，启动时不明文件连网。 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛 D和E盘打不开（这两盘都有auto和autorun文件），KAKA自动关闭，启动时不明文件连网。

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第四十七次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

[原创] D和E盘打不开（这两盘都有auto和autorun文件），KAKA自动关闭，启动时不明文件连网。

本主题由版主天月来了于 2008-11-4 10:03:38 执行关闭主题/取消操作

网上溜达初生襁褓狮帖子:23 注册: 2008-10-26 来自:	发表于： 2008-10-26 22:02 \| 只看楼主短消息资料字号：小中大 1楼 D和E盘打不开（这两盘都有auto和autorun文件），KAKA自动关闭，启动时不明文件连网。瑞星防火墙虽没被关，但是却杀不出该病毒，桌面会出现两个图标。C盘格了多次，D和E的auto文件也被删了多次，不能解决问题，请大师出手帮在下了，拜托！发作时桌面会出现的图标. pic.jpg (3.74 K) 2008-10-26 23:07:15 用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) 网上溜达最后编辑于 2008-10-26 23:07:15
网上溜达初生襁褓狮帖子:23 注册: 2008-10-26 来自:	分享到：

诚心加虚心初生襁褓狮帖子:18 注册: 2008-10-18 来自:	发表于： 2008-10-26 22:17 \| 短消息资料字号：小中大 2楼回复：D和E盘打不开（这两盘都有auto和autorun文件），KAKA自动关闭，启动时不明文件连网。你这样说，谁也没法帮你解决问题。去下个SERng,扫个日志传上来，就有人帮忙解决了。
诚心加虚心初生襁褓狮帖子:18 注册: 2008-10-18 来自:

happysunday2003 叱咤花甲狮帖子:4313 注册: 2007-08-15 来自:358团	发表于： 2008-10-26 22:18 \| 短消息资料字号：小中大 3楼回复：D和E盘打不开（这两盘都有auto和autorun文件），KAKA自动关闭，启动时不明文件连网。扫日志上来盘符打不开里面可能有autorun。inf文件
happysunday2003 叱咤花甲狮帖子:4313 注册: 2007-08-15 来自:358团

网上溜达初生襁褓狮帖子:23 注册: 2008-10-26 来自:	发表于： 2008-10-26 22:49 \| 只看楼主短消息资料字号：小中大 4楼回复 1F 网上溜达的帖子谢谢关注，我会尽快传上日志
网上溜达初生襁褓狮帖子:23 注册: 2008-10-26 来自:

网上溜达初生襁褓狮帖子:23 注册: 2008-10-26 来自:	发表于： 2008-10-26 23:02 \| 只看楼主短消息资料字号：小中大 5楼回复: D和E盘打不开（这两盘都有auto和autorun文件），KAKA自动关闭，启动时不明文件连网。目前只能进入安全模式了，我现把在安全模式下扫描日志附在这里，请大师看下。附件: 文件名:SREngLOG.log 下载次数:134 文件类型:application/octet-stream 文件大小: 上传时间:2008-10-26 23:01:30 描述:log 网上溜达最后编辑于 2008-10-26 23:15:25
网上溜达初生襁褓狮帖子:23 注册: 2008-10-26 来自:

mopery 卡卡技术团队帖子:17737 注册: 2005-12-06 来自:New York	发表于： 2008-10-26 23:15 \| 短消息资料字号：小中大 6楼回复：D和E盘打不开（这两盘都有auto和autorun文件），KAKA自动关闭，启动时不明文件连网。用sreng 删除启动项目=>注册表 <{12B02216-AC3F-42A7-8313-449771237061}><12B02216.dll> [] <{CABA599D-5089-4865-9420-E41FA3C1F55F}><CABA599D.dll> [] <{A8FC611B-71F6-4B4D-BD3A-BFBCCDE96F57}><A8FC611B.dll> [] <{4BF9CBA3-8DEE-41A1-8BDB-FC28D30E949F}><4BF9CBA3.dll> [] <{3474A8C2-BEF9-46C8-983A-A26A0030EC30}><3474A8C2.dll> [] <{4D023DE9-F4B5-4BE0-99C6-7C7AD0CF5426}><4D023DE9.dll> [] <{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}><122B901E.dll> [] <{9F684DE8-3E87-4174-9033-E02A3DFD8B61}><9F684DE8.dll> [] <{8566F82E-03A4-416E-AEAC-66600D8881F1}><8566F82E.dll> [] <{6E3FCC92-4080-4619-86AA-D2AF43A478EE}><6E3FCC92.dll> [] <{4F34C688-FD49-42FC-97F7-87D2F5791612}><4F34C688.dll> [] <{DA63E650-537C-4042-87BB-9D19D844680B}><DA63E650.dll> [] <{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}><08223B03.dll> [] <{495271CA-D0C6-4052-ABE6-5B01C73CDFB0}><495271CA.dll> [] <{E4814792-EFA3-4C20-93D0-8B130A59F9A8}><E4814792.dll> [] <{E3367679-4775-4244-A62E-4CFE58FC850B}><E3367679.dll> [] <{B3721C07-62B3-411A-9DC7-F5F27E3E21FF}><B3721C07.dll> [] <{01BD9E17-3A38-4BC7-B779-517102C5A41F}><01BD9E17.dll> [] <{9CA963CA-107C-4089-B0AB-31380F90D7E3}><9CA963CA.dll> [] <{22D75360-199D-4F79-880D-82E766675F06}><22D75360.dll> [] <{43ACDCC5-9009-4AF4-B80A-93BC656EF298}><43ACDCC5.dll> [] <zhndf><rundll32.exe C:\WINDOWS\system\zhnhsdf081024b.dll zhqb16> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe] <IFEO[360rpt.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe] <IFEO[360Safe.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe] <IFEO[360tray.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe] <IFEO[adam.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe] <IFEO[AgentSvr.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe] <IFEO[AppSvc32.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe] <IFEO[auto.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.exe] <IFEO[AutoRun.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe] <IFEO[autoruns.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe] <IFEO[avgrssvc.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe] <IFEO[AvMonitor.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com] <IFEO[avp.com]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] <IFEO[avp.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe] <IFEO[CCenter.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe] <IFEO[ccSvcHst.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cross.exe] <IFEO[cross.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE] <IFEO[enc98.EXE]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe] <IFEO[FileDsty.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe] <IFEO[FTCleanerShell.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleToolbarNotifier.exe] <IFEO[GoogleToolbarNotifier.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guangd.exe] <IFEO[guangd.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe] <IFEO[HijackThis.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe] <IFEO[IceSword.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe] <IFEO[iparmo.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe] <IFEO[Iparmor.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe] <IFEO[isPwdSvc.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe] <IFEO[kabaload.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR] <IFEO[KaScrScn.SCR]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe] <IFEO[KASMain.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe] <IFEO[KASTask.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe] <IFEO[KAV32.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe] <IFEO[KAVDX.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe] <IFEO[KAVPFW.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe] <IFEO[KAVSetup.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe] <IFEO[KAVStart.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe] <IFEO[KISLnchr.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe] <IFEO[KMailMon.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe] <IFEO[KMFilter.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe] <IFEO[KPFW32.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe] <IFEO[KPFW32X.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe] <IFEO[KPFWSvc.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe] <IFEO[KRegEx.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.COM] <IFEO[KRepair.COM]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe] <IFEO[KsLoader.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp] <IFEO[KVCenter.kxp]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe] <IFEO[KvDetect.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe] <IFEO[KvfwMcl.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp] <IFEO[KVMonXP.kxp]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp] <IFEO[KVMonXP_1.kxp]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe] <IFEO[kvol.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe] <IFEO[kvolself.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp] <IFEO[KvReport.kxp]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe] <IFEO[KVSrvXP.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp] <IFEO[KVStub.kxp]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe] <IFEO[kvupload.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe] <IFEO[kvwsc.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp] <IFEO[KvXP.kxp]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe] <IFEO[KWatch.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe] <IFEO[KWatch9x.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe] <IFEO[KWatchX.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe] <IFEO[loaddll.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe] <IFEO[MagicSet.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe] <IFEO[mcconsol.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe] <IFEO[mmqczj.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe] <IFEO[mmsk.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe] <IFEO[NAVSetup.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe] <IFEO[nod32krn.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe] <IFEO[nod32kui.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe] <IFEO[PFW.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe] <IFEO[PFWLiveUpdate.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe] <IFEO[QHSET.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe] <IFEO[QQDoctor.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe] <IFEO[Ras.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe] <IFEO[Rav.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe] <IFEO[RavMon.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe] <IFEO[RavMonD.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe] <IFEO[RavStub.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe] <IFEO[RavTask.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe] <IFEO[RegClean.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe] <IFEO[rfwcfg.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe] <IFEO[RfwMain.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe] <IFEO[rfwProxy.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe] <IFEO[rfwsrv.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe] <IFEO[RsAgent.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe] <IFEO[Rsaupd.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe] <IFEO[runiep.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe] <IFEO[safelive.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe] <IFEO[scan32.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDGames.exe] <IFEO[SDGames.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe] <IFEO[shcfg32.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ShuiNiu.exe] <IFEO[ShuiNiu.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe] <IFEO[SmartUp.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sos.exe] <IFEO[sos.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.exe] <IFEO[SREng.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svch0st.exe] <IFEO[svch0st.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe] <IFEO[symlcsvc.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe] <IFEO[SysSafe.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Systom.exe] <IFEO[Systom.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe] <IFEO[taskmgr.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TNT.Exe] <IFEO[TNT.Exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe] <IFEO[TrojanDetector.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe] <IFEO[Trojanwall.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp] <IFEO[TrojDie.kxp]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TxoMoU.Exe] <IFEO[TxoMoU.Exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE] <IFEO[ua80.EXE]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UFO.exe] <IFEO[UFO.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe] <IFEO[UIHost.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe] <IFEO[UmxAgent.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe] <IFEO[UmxAttachment.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe] <IFEO[UmxCfg.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe] <IFEO[UmxFwHlp.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe] <IFEO[UmxPol.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.EXE] <IFEO[UpLive.EXE]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UUSEEunion_1qifa_Setup_41960.exe] <IFEO[UUSEEunion_1qifa_Setup_41960.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe] <IFEO[WoptiClean.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\XP.exe] <IFEO[XP.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe] 删除启动项目=>服务=>驱动 [5102a80 / 5102a80][Stopped/Manual Start] <\??\C:\WINDOWS\system32\5102a80.sys><N/A> [9fd8db / 9fd8db][Stopped/Manual Start] <\??\C:\WINDOWS\system32\9fd8db.sys><N/A> 重启,删除文件 C:\WINDOWS\system32\43ACDCC5.dll C:\WINDOWS\system32\22D75360.dll C:\WINDOWS\system32\9CA963CA.dll C:\WINDOWS\system32\01BD9E17.dll C:\WINDOWS\system32\B3721C07.dll C:\WINDOWS\system32\E3367679.dll C:\WINDOWS\system32\E4814792.dll C:\WINDOWS\system32\495271CA.dll C:\WINDOWS\system32\08223B03.dll C:\WINDOWS\system32\DA63E650.dll C:\WINDOWS\system32\4F34C688.dll C:\WINDOWS\system32\6E3FCC92.dll C:\WINDOWS\system32\8566F82E.dll C:\WINDOWS\system32\9F684DE8.dll C:\WINDOWS\system32\122B901E.dll C:\WINDOWS\system32\4D023DE9.dll C:\WINDOWS\system32\3474A8C2.dll C:\WINDOWS\system32\4BF9CBA3.dll C:\WINDOWS\system32\A8FC611B.dll C:\WINDOWS\system32\CABA599D.dll C:\WINDOWS\system32\12B02216.dll D:\Autorun.inf E:\Autorun.inf D:\auto.exe E:\auto.exe
mopery 卡卡技术团队帖子:17737 注册: 2005-12-06 来自:New York

网上溜达初生襁褓狮帖子:23 注册: 2008-10-26 来自:	发表于： 2008-10-26 23:28 \| 只看楼主短消息资料字号：小中大 7楼回复: D和E盘打不开（这两盘都有auto和autorun文件），KAKA自动关闭，启动时不明文件连网。这么多？怎么才能在sreng里删除？我试过了，删不掉，删了又会出现。网上溜达最后编辑于 2008-10-27 00:05:11
网上溜达初生襁褓狮帖子:23 注册: 2008-10-26 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT