+ HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
{81716107-A10D-11cf-64CD-11115FE1CF41}
[A ] 29. c:\windows\system32\nwizzhuxians.exe
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{252D2432-37A2-324F-2A54-21BF5CF2F1A2}
[AM] 34. c:\windows\system32\jhapri.dll
mppds
[A ] 40. c:\windows\mppds.exe
WinForm
[A ] 41. c:\windows\winform.exe
Microsoft Autorun10
[A ] 42. c:\windows\system32\nwizwmgjs.exe
+ 程序初始化和已知动态连接库
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs
[AM] 34. c:\windows\system32\jhapri.dll
+ 其他自启动项目
+ c:\autorun.inf
open
[A ] 47. c:\auto.exe
shellexecute
[A ] 47. c:\auto.exe
shell\Auto\command
[A ] 47. c:\auto.exe
+ e:\autorun.inf
open
[A ] 48. e:\auto.exe
shellexecute
[A ] 48. e:\auto.exe
shell\Auto\command
[A ] 48. e:\auto.exe
+ f:\autorun.inf
open
[A ] 49. f:\auto.exe
shellexecute
[A ] 49. f:\auto.exe
shell\Auto\command
[A ] 49. f:\auto.exe
+ 正在运行的进程
+ 00000154(340) E6525297.exe
00400000[00022000]
[ M] 50. c:\windows\system32\e6525297.exe
10000000[0000C000]
[ M] 55. c:\windows\system32\29b3cb7c.dll
+ 000003c8(968) svchost.exe
003C0000[0000A000]
[AM] 34. c:\windows\system32\jhapri.dll
021B0000[0002C000]
[ M] 57. c:\windows\system32\50b89051.dll
发现病毒,换SRE日志
下载 System Repair Engineer,
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来,不要修改
日志一次发不完,请分次发上来
