查看單個文章
舊 2006-06-19, 11:29 PM   #9 (permalink)
psac
榮譽會員
 
psac 的頭像
榮譽勳章
UID - 3662
在線等級: 級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時
註冊日期: 2002-12-07
住址: 木柵市立動物園
文章: 17381
現金: 5253 金幣
資產: 33853 金幣
預設

Q:

【求助】新裝系統卡巴報警msplus1.dll可疑文件,無法刪除!

昨天剛剛用TomatoWinXP_SP2_v2.7_SATA安裝系統後,卡巴發現以下情況,

---警告: 發現木馬可疑模塊!---
C:\WINDOWS\system32\msplus1.dll

二次安裝系統後,仍然有該病毒報警,懷疑是否操作系統鏡像帶有此病毒。

刪除該病毒後重啟依然發現並報警.

用ewido4.0,繼續掃瞄發現病毒TrackingCookie.Atdmt.

刪除重啟後掃瞄依然存在.

連接網路情況下,IE自動彈出彩虹堂網頁,尋求幫助!Thx!


按照版主在其他帖子中的要求,用System Repair Engineer 2.0.21.505 (2.0 RC 2)工具掃瞄系統

結果如下:

2006-06-19,18:42:48

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KAVPersonal50><"D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize> [Kaspersky Lab]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><D:\應用軟件\病毒防治\ewido anti-malware 4.0\shellexecutehook.dll> [ewido networks GmbH & Co. KG]

==================================
啟動資料夾
服務
[ewido anti-malware 4.0 guard / ewido anti-malware 4.0 guard]
<D:\應用軟件\病毒防治\ewido anti-malware 4.0\guard.exe><N/A>
[kavsvc / kavsvc]
<"D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"><Kaspersky Lab>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[O&O Defrag / O&O Defrag]
<D:\應用軟件\磁碟優化\Defrag_Server_Edition_8.0.1398\oodag.exe><O&O Software GmbH>

==================================
瀏覽器載入項
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\應用軟件\聊天工具\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[番茄花園]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[訊息檢索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\應用軟件\辦公軟件\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\應用軟件\聊天工具\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\應用軟件\聊天工具\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 瀏覽器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx, Adobe Systems, Inc.>
[使用迅雷下載]
<D:\應用軟件\中斷點續傳\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下載全部鏈接]
<D:\應用軟件\中斷點續傳\Thunder\Program\GetAllUrl.htm, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://D:\應用軟件\辦公軟件\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[新增到QQ表情]
<D:\應用軟件\聊天工具\QQ\AddEmotion.htm, N/A>

==================================
正在執行的工作行程
[PID: 688][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 748][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 772][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 820][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 832][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 980][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1040][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[PID: 1080][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[PID: 1128][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1200][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1356][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1668][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[D:\應用軟件\壓縮解壓\WinRAR\rarext.dll] <N/A><N/A>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\shellex.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\ewido anti-malware 4.0\context.dll] <ewido networks><1.0.0.1>
[C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.8421>
[C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.8421>
[C:\WINDOWS\system32\nvshell.dll] <N/A><N/A>
[D:\應用軟件\病毒防治\ewido anti-malware 4.0\shellexecutehook.dll] <ewido networks GmbH & Co. KG><1.0.0.1>
[PID: 1736][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.8421>
[PID: 1760][D:\應用軟件\磁碟優化\Defrag_Server_Edition_8.0.1398\oodag.exe] <O&O Software GmbH><8.0.1398>
[D:\應用軟件\磁碟優化\Defrag_Server_Edition_8.0.1398\OODAGRS.DLL] <O&O Software GmbH><8.0.1.1347>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[PID: 440][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[PID: 972][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1248][C:\Program Files\ChinaNet\VnetClient.exe] <><2005, 11, 14, 1>
[C:\Program Files\ChinaNet\Communicate.dll] <0><2005, 3, 3, 1>
[C:\Program Files\ChinaNet\DialModule.dll] <GDCN><2005, 11, 15, 1>
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1>
[C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX] <><2005, 7, 27, 1>
[C:\PROGRA~1\ChinaNet\sign.dll] <0><2004, 12, 1, 1>
[C:\PROGRA~1\ChinaNet\WEBPLU~1.DLL] <><2005, 8, 18, 1>
[C:\PROGRA~1\ChinaNet\PostPlug.dll] <><2004, 12, 16, 2>
[C:\PROGRA~1\ChinaNet\ADVERT~1.OCX] <><2005, 10, 13, 1>
[C:\PROGRA~1\ChinaNet\Gif89a.dll] <><2005, 6, 21, 1>
[C:\PROGRA~1\ChinaNet\VnetBs.ocx] <><2004, 11, 18, 1>
[C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL] <><2005, 11, 14, 1>
[C:\PROGRA~1\ChinaNet\AccountMgr.dll] <><2005, 11, 14, 17>
[C:\PROGRA~1\ChinaNet\VnetSkin.ocx] <GDDC><2005, 11, 14, 1>
[C:\PROGRA~1\ChinaNet\DialogStyle.dll] <><1, 0, 0, 1>
[C:\PROGRA~1\ChinaNet\Timer.ocx] <><2005, 10, 9, 14>
[C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX] <><2005, 2, 24, 1>
[C:\PROGRA~1\ChinaNet\NEWMES~1.DLL] <><2005, 8, 26, 1>
[C:\PROGRA~1\ChinaNet\PassCtrl.dll] <><1, 0, 0, 1>
[C:\PROGRA~1\ChinaNet\PlugPush.dll] <><2004, 12, 21, 1>
[C:\PROGRA~1\ChinaNet\ALLINT~1.DLL] <><2004, 11, 23, 1>
[C:\PROGRA~1\ChinaNet\VNetLog.ocx] <><2005, 10, 9, 1>
[C:\PROGRA~1\ChinaNet\StatNum.dll] <><2004, 11, 18, 1>
[C:\PROGRA~1\ChinaNet\VNETON~1.OCX] <><2005, 3, 2, 1>
[C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL] <GDCN><2005, 10, 9, 1>
[C:\PROGRA~1\ChinaNet\VnetOptLog.dll] <><2005, 9, 13, 9>
[C:\PROGRA~1\ChinaNet\DlgSkin.ocx] <><2005, 11, 14, 1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx] <Adobe Systems, Inc.><9,0,0,296>
[PID: 3560][D:\應用軟件\BT下載軟件\eMule\emule.exe] <http://www.emule.org.cn><0.47.0>
[D:\應用軟件\BT下載軟件\eMule\VNNClientS.Dll] <VNN><3.0.22.1>
[D:\應用軟件\BT下載軟件\eMule\ZipLib.dll] <VNN><1.0.0.1>
[D:\應用軟件\BT下載軟件\eMule\vdevstate.dll] <N/A><N/A>
[D:\應用軟件\BT下載軟件\eMule\lang\zh_CN.dll] <http://www.emule-project.net><0.47.0>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx] <Adobe Systems, Inc.><9,0,0,296>
[PID: 472][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[c:\PROGRA~1\chinanet\VNETTR~1.DLL] <><2005, 4, 6, 1>
[c:\PROGRA~1\chinanet\Communicate.dll] <0><2005, 3, 3, 1>
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1>
[D:\應用軟件\聊天工具\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5>
[D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[C:\WINDOWS\system32\UNISPIM5.IME] <北京紫光華宇軟件股份有限公司><5.0.0.5076>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx] <Adobe Systems, Inc.><9,0,0,296>
[PID: 3428][D:\應用軟件\病毒防治\ewido anti-malware 4.0\ewido.exe] <ewido networks GmbH & Co. KG><4, 0, 0, 151>
[D:\應用軟件\病毒防治\ewido anti-malware 4.0\engine.dll] <ewido networks GmbH & Co. KG><4, 0, 0, 7>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[PID: 3340][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[c:\PROGRA~1\chinanet\VNETTR~1.DLL] <><2005, 4, 6, 1>
[c:\PROGRA~1\chinanet\Communicate.dll] <0><2005, 3, 3, 1>
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1>
[D:\應用軟件\聊天工具\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5>
[D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[PID: 3924][D:\應用軟件\病毒防治\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[D:\應用軟件\病毒防治\SREng2\Plugins\SREngPluginDemo.SRE] <Smallfrogs Studio><1, 1, 1, 0>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
緊急請求高人幫助,該病毒在重啟後或間隔幾小時後會再次出現。


A:
安全模式下刪除:C:\WINDOWS\system32\msplus.dll

如果找不到以上檔案,可以試試先作出以下設定
1. 重啟動電腦,按 F8 鍵,進入 安全模式
2. 在 我的電腦,點擊 工具--->資料夾選項
3. 點 檢視 選擇項,然後去掉 隱藏受保護的操作系統文件 前的勾,點選 顯示所有文件和資料夾 ,最後 確定




Q:

安全模式下刪除:C:WINDOWSsystem32msplus.dll

會導致IE不能使用,網路連接失效。

曾嘗試改msplus1.dll為msplus.dll,無效

安全模式下取消隱藏找不到該文件,過幾天自己又會出來的....



A:



請到使使用!病毒救援區版規--(附常用工具+查毒網站)中下載LSPFIX

執行LSPFix.exe,選中選項「I Know What I'm Doing」,然後把左面視窗裡的msplus.dll
文件移到右面視窗裡(不要動其他文件),然後選「Finish」。

重起電腦按F8進安全模式,在資料夾選項中,顯示隱藏文件和取消「隱藏受保護的操作系統文件」。然後找到c:\windows\system32\msplus.dll並刪除

此帖於 2006-06-20 05:36 AM 被 psac 編輯.
__________________
http://bbsimg.qianlong.com/upload/01/08/29/68/1082968_1136014649812.gif
psac 目前離線  
送花文章: 3, 收花文章: 1630 篇, 收花: 3203 次