Q:
【求助】一個病毒---"alibaba2.exe"是什麼?請高手幫忙! 如題,我在BAIDU搜尋了沒有,在論壇裡也沒,請高手幫忙解決~~ 謝謝了~~ A: 請提供以下相關病毒報告(病毒日誌)訊息: 病毒名稱(完整的病毒名稱) 病毒檔案名,以及病毒文件所在的位置(完整路徑) 反病毒軟體的處理結果(清除/移除失敗等) 並請用 此帖 中的 System Repair Engineer 掃瞄一個log貼上來。 1 解壓縮Sreng2.zip 2 執行Sreng2.exe 3 智能掃瞄——掃瞄——儲存報告 4 把日誌sreng.log中的報告內容完整拷貝貼上來,不要修改。 掃瞄時請關閉所有你手動開啟的程序 sreng操作和修復教學 Q: C:\WINDOWS\System32\alibaba2.exe 我用的是卡巴的殺毒軟體 處理情況是可以移除的 以下的是sreng.log: 2006-07-20,14:16:29 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選: 所有的啟動項目(包括註冊表、啟動檔案夾、服務等) 瀏覽器載入項 正在執行的工作(包括工作模組訊息) 文件關聯 啟動項目 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation] <STYLEXP><C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide> [] <sys1><Rundll32.exe C:\WINDOWS\system32\Upsrv.dll,Run> [] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <1A:Stardock TrayMonitor><"C:\Program Files\Common Files\stardock\TrayServer.exe"> [Stardock] <RichMedia><C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\HBClient\tbhelper.dll",WaitWindows> [Shanghai Henbang Technology Co., Ltd] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation] <IESAddr><> [] <Update><C:\Program Files\Common Files\UPDAT\Update.exe> [] <StormCodec_Helper><"d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] ================================== 啟動檔案夾 [騰訊QQ] <C:\Documents and Settings\sxm20463\「開始」表單\程序\啟動\騰訊QQ.lnk><N> ================================== 服務 [kavsvc / kavsvc] <"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab> [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> [DNS 快取 / SOCEESe] <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A> [StyleXPService / StyleXPService] <"C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"><> ================================== 瀏覽器載入項 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [QuickBtn] {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <E:\Downloads\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [DragSearch BHO] {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A> [MMSAssist BHO] {6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, > [CpapView Class] {77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\Rundll32.dll, > [HBObject Class] {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\tbhelper.dll, Shanghai Henbang Technology Co., Ltd> [NTIECatcher Class] {C56CB6B0-0D96-11D6-8C65-B2868B609932} <D:\download\software\NetTransport 2\NTIEHelper.dll, Xi> [IEHlprObj Class] {CE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\system32\IEHelper.dll, > [浩方對戰平台] {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\Program Files\浩方對戰平台\GameClient.exe, 上海浩方在線資訊科技有限公司> [QuickBtn] {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent> [MMSAssistMenu] {6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, > [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Downloads\qq\QQ.EXE, TENCENT> [易趣購物] {DE607145-AC19-425e-862A-2D70ABDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=5, N/A> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <E:\Downloads\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [QuickBtn] {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <E:\Downloads\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [DragSearch BHO] {62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A> [MMSAssist BHO] {6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, > [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Active Desktop Mover] {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A> [CpapView Class] {77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\Rundll32.dll, > [HBObject Class] {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\tbhelper.dll, Shanghai Henbang Technology Co., Ltd> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [NTIECatcher Class] {C56CB6B0-0D96-11D6-8C65-B2868B609932} <D:\download\software\NetTransport 2\NTIEHelper.dll, Xi> [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [IEHlprObj Class] {CE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\system32\IEHelper.dll, > [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [ >> 彩信傳送 <<] <res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A> [上傳到QQ網路硬碟] <E:\Downloads\qq\AddToNetDisk.htm, N/A> [使用影音傳送帶下載] <D:\download\software\NetTransport 2\NTAddLink.html, N/A> [使用影音傳送帶下載全部連接] <D:\download\software\NetTransport 2\NTAddList.html, N/A> [匯出到 Microsoft Office Excel(&X)] <res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A> [增加到QQ自訂面板] <E:\Downloads\qq\AddPanel.htm, N/A> [增加到QQ表情] <E:\Downloads\qq\AddEmotion.htm, N/A> [用QQ彩信傳送該圖片] <E:\Downloads\qq\SendMMS.htm, N/A> ================================== 正在執行的工作 [PID: 616][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 680][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 704][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 748][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 760][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\upfdll.dll] <N/A><N/A> [PID: 908][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 956][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\upfdll.dll] <N/A><N/A> [PID: 1048][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\upfdll.dll] <N/A><N/A> [PID: 1080][C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe] <><0, 20, 0, 3000> [PID: 1172][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\upfdll.dll] <N/A><N/A> [PID: 1244][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\upfdll.dll] <N/A><N/A> [PID: 1532][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [PID: 1576][C:\WINDOWS\System32\SCardSvr.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1856][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.7190> [C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7190> [C:\WINDOWS\system32\nvshell.dll] <NVIDIA Corporation><6.14.10.10031> [C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62> [C:\WINDOWS\system32\Rundll32.dll] <><1, 0, 1, 1> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [C:\Program Files\CoolWebsite\QuickLink.dll] <Fengcent><1, 0, 0, 2> [C:\PROGRA~1\MMSASS~1\Mmsass~1.dll] <><1, 2, 0, 2> [D:\download\software\NetTransport 2\NTIEHelper.dll] <Xi><1.91.12> [PID: 184][C:\Program Files\Common Files\stardock\TrayServer.exe] <Stardock><v1.55> [PID: 196][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\PROGRA~1\HBClient\tbhelper.dll] <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 3> [PID: 220][C:\Program Files\Common Files\UPDAT\Update.exe] <N/A><N/A> [PID: 240][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 272][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\Upsrv.dll] <N/A><N/A> [PID: 424][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.7190> [C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7190> [PID: 480][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 876][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1020][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)> [PID: 148][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1472][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [d:\Program Files\AskTao\asktao.mod] <N/A><N/A> [d:\Program Files\AskTao\fmod.dll] <Firelight Technologies Pty, Ltd><3.74> [d:\Program Files\AskTao\memmgr.dll] <N/A><N/A> [d:\Program Files\AskTao\Communicate.dll] <N/A><N/A> [d:\Program Files\AskTao\gbits.dll] <N/A><N/A> [d:\Program Files\AskTao\report.dll] <N/A><N/A> [PID: 2452][E:\Downloads\qq\QQ.exe] <TENCENT><0, 0, 0, 0> [E:\Downloads\qq\QQBaseClassInDll.dll] <><1, 0, 0, 1> [E:\Downloads\qq\QQHelperDll.dll] <><1, 0, 0, 1> [E:\Downloads\qq\BasicCtrlDll.dll] <Tencent><5, 0, 200, 160> [E:\Downloads\qq\QQAPI.dll] <><1, 0, 0, 1> [E:\Downloads\qq\TIMProxy.dll] <tencent><0, 3, 2, 4> [E:\Downloads\qq\LoginCtrl.dll] <><1, 0, 0, 1> [E:\Downloads\qq\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 3, 2, 1> [E:\Downloads\qq\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1> [E:\Downloads\qq\QQRes.dll] <tencent><1, 0, 0, 1> [E:\Downloads\qq\QQMainFrame.dll] <N/A><N/A> [E:\Downloads\qq\CQQApplication.dll] <N/A><N/A> [C:\WINDOWS\system32\upfdll.dll] <N/A><N/A> [E:\Downloads\qq\NewSkin.dll] <><1, 0, 0, 1> [E:\Downloads\qq\HostingMgr.dll] <><1, 0, 0, 1> [E:\Downloads\qq\CameraDll.dll] <><1, 0, 0, 1> [E:\Downloads\qq\MailSummary.dll] <><1, 0, 0, 1> [E:\Downloads\qq\QQSpace.dll] <><1, 0, 0, 1> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [E:\Downloads\qq\QQGroupMng.dll] <><1, 0, 0, 1> [E:\Downloads\qq\GroupLive.dll] <N/A><N/A> [E:\Downloads\qq\LongConnection.dll] <tencent><5, 0, 200, 160> [E:\Downloads\qq\QQPlugin.dll] <N/A><N/A> [E:\Downloads\qq\ShareFiles.dll] <N/A><N/A> [E:\Downloads\qq\QQZip.dll] <tencent><0, 3, 2, 4> [E:\Downloads\qq\UserDefinedHead.dll] <><1, 0, 0, 1> [E:\Downloads\qq\QQConfigPlugin.dll] <><1, 0, 0, 1> [E:\Downloads\qq\QRingMng.dll] <N/A><N/A> [E:\Downloads\qq\PhoneAPI.dll] <><1, 0, 0, 1> [E:\Downloads\qq\DialerAllinOne.dll] <tencent><1, 4, 0, 0> [E:\Downloads\qq\QQAvatar.dll] <N/A><N/A> [E:\Downloads\qq\FlashAvatarDll.dll] <><1, 4, 0, 1> [E:\Downloads\qq\QQPet.dll] <><1, 0, 0, 1> [E:\Downloads\qq\QQSysMsgMng.dll] <N/A><N/A> [E:\Downloads\qq\videodevice.dll] <Tencent><1.5.0.0> [E:\Downloads\qq\inplus.dll] <Tencent><1.5.0.0> [C:\WINDOWS\system32\l3codeca.acm] <Fraunhofer Institut Integrierte Schaltungen IIS><1, 9, 0, 0305> [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [E:\Downloads\qq\QQAllInOne.dll] <N/A><N/A> [E:\Downloads\qq\SCCore.dll] <N/A><N/A> [E:\Downloads\qq\BQQApplication.dll] <N/A><N/A> [E:\Downloads\qq\QQCustomFace.dll] <N/A><N/A> [E:\Downloads\qq\CommercesMng.dll] <><1, 0, 0, 1> [E:\Downloads\qq\PersonalDesktop.dll] <深圳市騰訊電腦系統公司QQ工作小組><1, 0, 0, 2> [E:\Downloads\qq\QQUdpGetFileLib.dll] <tencent><0, 2, 2, 3> [E:\Downloads\qq\QQAddr.dll] <深圳市騰訊電腦系統有限公司><5, 0, 101, 200> [E:\Downloads\qq\QQSceneMng.dll] <N/A><N/A> [E:\Downloads\qq\QQPhoneHelper.dll] <騰訊科技(深圳)有限公司><2, 0, 4, 40> [E:\Downloads\qq\ImageOle.dll] <TODO: <Company name>><1.0.0.1> [E:\Downloads\qq\QQFileTransfer.dll] <Tencent><5, 0, 202, 180> [E:\Downloads\qq\GroupConnection.dll] <Tencent><5, 0, 202, 170> [PID: 2456][E:\Downloads\qq\TIMPlatform.exe] <tencent><0, 3, 1, 8> [E:\Downloads\qq\TIMProxy.dll] <tencent><0, 3, 2, 4> [PID: 1072][C:\Documents and Settings\sxm20463\桌面\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [C:\WINDOWS\system32\upfdll.dll] <N/A><N/A> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: <sys1><Rundll32.exe C:\WINDOWS\system32\Upsrv.dll,Run> <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] 感覺有問題,個人意見 卸載 酷站導航,很棒小秘書,雅虎助手,網路實名,mmsassist, 2 關閉所有視窗 ===〉執行sreng.exe ===〉啟動項目 ===〉註冊表 ===〉選下面的項目 ===〉移除 <sys1><Rundll32.exe C:\WINDOWS\system32\Upsrv.dll,Run> [] <RichMedia><C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\HBClient\tbhelper.dll",WaitWindows> <IESAddr><> [] <Update><C:\Program Files\Common Files\UPDAT\Update.exe> [] 3 啟動項目 ===〉服務 ===〉Win32 服務應用程式 ===〉勾選 「隱藏微軟服務」 ===〉選下面的項目 ===〉點選「移除服務」 ===〉設定 ===〉是 [DNS 快取 / SOCEESe] <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A> 4 系統修復 ===〉瀏覽器載入項 ===〉選下面的項目 ===〉移除所選內容 [QuickBtn] {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent> [DragSearch BHO] {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A> [MMSAssist BHO] {6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, > [CpapView Class] {77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\Rundll32.dll, > [HBObject Class] {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\tbhelper.dll, Shanghai Henbang Technology Co., Ltd> [IEHlprObj Class] {CE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\system32\IEHelper.dll, > [QuickBtn] {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent> [MMSAssistMenu] {6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, > [Active Desktop Mover] {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A> [CpapView Class] {77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\Rundll32.dll, > [HBObject Class] {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\tbhelper.dll, Shanghai Henbang Technology Co., Ltd> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [IEHlprObj Class] {CE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\system32\IEHelper.dll, > 5 重新啟動動進入安全模式(開機按F8,在等待介面選項「安全模式」),移除資料夾: C:\PROGRAM FILES\HBClient C:\Program Files\Common Files\UPDAT C:\Program Files\CoolWebsite C:\PROGRAM FILES\Yahoo! C:\PROGRAM FILES\MMSASSIST 文件: C:\WINDOWS\system32\Upsrv.dll C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL C:\WINDOWS\system32\Rundll32.dll C:\WINDOWS\system32\IEHelper.dll c:\system32\SHELL32.dll c:\system32\shdocvw.dll C:\WINDOWS\system32\upfdll.dll 同時清空臨時資料夾。 刪不掉的文件請使用 置頂帖子 中的 killbox 輔助處理。 執行 killbox.exe ===〉在「要移除的文件的完整路徑」中填入該檔案 ===〉移除文件 6 重新啟動動回到正常模式,用 惡意軟體清理助手 輔助清理剩餘的文件。 執行RogueCleaner.exe ===〉關閉所有視窗,僅保留RogueCleaner ===〉系統清理 ===〉惡意軟體清理 ===〉開始檢測 ===〉勾選「使用強制清理模式」 ===〉開始清理 7 至於你說的alibaba2.exe,移除了就沒有問題了。 8 另外問一下,這個資料夾 d:\Program Files\AskTao 中的東西是你自己安裝的? Q: d:\Program Files\AskTao 是一個叫做《問道》的網路遊戲 怎麼了?有問題的嗎? A: 那就!沒有問題了,我就是不熟悉,所以問你一下,以免操作失誤。 |
Q:
【求助】spoolsv工作無限佔用cpu資源的問題 麻煩大家幫我看看:就是最近我的電腦反應特別慢,發現spoolsv工作幾乎耗盡了cpu的全部資源。這個工作關閉以後可以恢復正常,但是列印機就沒法用了。我也試著在安全模式下去移除這個程序,可是好像沒用。請大家幫我出出主意,謝了 A: 請用 System Repair Engineer (SREng) 的智能掃瞄,掃瞄一個報告上來 1. 下載 SRENG2 ,並儲存到桌面 2. 解開壓縮包,執行SREng.exe 3. 按 智能掃瞄 ,確保智能掃瞄下的項目已經全部打勾,再按 掃瞄 4. 掃瞄完成後,按 儲存報告 ,把報告儲存到桌面 5. 開啟SREngLOG.log報告,把報告所有內容複製 + 貼上來 Q: 2006-07-21,08:04:08 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選: 所有的啟動項目(包括註冊表、啟動檔案夾、服務等) 瀏覽器載入項 正在執行的工作(包括工作模組訊息) 文件關聯 啟動項目 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] <Yahoo! Pager><"D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet> [] <msnmsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] <run><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation] <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation] <nwiz><; nwiz.exe /install> [] <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation] <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation] <愛眼大使><D:\Program Files\eyer\eyer\eyer.exe> [ElectricPower.cn] <KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize> [Kaspersky Lab] <UserFaultCheck><%systemroot%\system32\dumprep 0 -u> [] <DAEMON Tools-1033><; "C:\Program Files\D-Tools\daemon.exe" -lang 1033> [DAEMON'S HOME] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <CdnCtr><; "C:\Program Files\SearchNet\ServeUp.exe"> [] <DAEMON Tools-1033><; "C:\Program Files\D-Tools\daemon.exe" -lang 1033> [DAEMON'S HOME] <FeiyingUpdate><; C:\DOCUME~1\chn\LOCALS~1\Temp\~exB.exe> [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <MsnMsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <PCSuiteTrayApplication><; D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup> [Nokia] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <PcSync><; D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog> [Time Information Services Ltd.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <RaidTool><; C:\Program Files\VIA\RAID容錯式獨立磁碟陣列\raid_tool.exe> [VIA Technologies] <SearchNet_Up><; "C:\Program Files\SearchNet\ServeUp.exe"> [] <UnlockerAssistant><; C:\Program Files\Unlocker\UnlockerAssistant.exe> [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <Yahoo! Pager><; "D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet> [] ================================== 啟動檔案夾 服務 [Backbone Service / BBDemon] <d:\Program Files\Dassault Systemes\B15\intel_a\code\bin\CATSysDemon.exe -service><Dassault Systemes> [C-DillaCdaC11BA / C-DillaCdaC11BA] <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision> [kavsvc / kavsvc] <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"><Kaspersky Lab> [Moldflow Product Security / MFPS Daemon] <C:\Program Files\Moldflow\Product Security\mfpsd.exe><N/A> [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> [ServiceLayer / ServiceLayer] <"C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"><Nokia.> [Plastics Insight 5.0 Job Manager / synjm50] <C:\Program Files\Moldflow\Plastics Insight 5.0\bin\mpijm.exe><N/A> [Unigraphics Plot Server (ugiipqd) / ugiipqd] <C:\WINDOWS\system32\spool\ugplot\ugiipqd.exe><Unigraphics Solutions, Inc> [Unigraphics License Server (uglmd) / Unigraphics License Server (uglmd)] <"C:\Program Files\EDS\License Servers\UGNXFLEXlm\lmgrd.exe"><Macrovision Corporation> ================================== 瀏覽器載入項 [] {A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\原文件\KuGoo3V3.206\KuGoo3\KuGoo3DownXControl.ocx, N/A> [AxInputControl Class] {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, > [MessengerStatsClient Class] {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} <C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.> [Rising Web Scan Object] {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v13.dll, Thunder Networking Technologies,LTD> [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [NaviHelperObj Class] {3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINDOWS\system32\NaviHelper.dll, N/A> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [] {A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\原文件\KuGoo3V3.206\KuGoo3\KuGoo3DownXControl.ocx, N/A> [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [QuickBtn] {D1BB7CF4-4463-4E91-88D7-ECC3CE0A13B7} <C:\Program Files\CoolWebsite\QuickLink.dll, N/A> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.> [MessengerChecker Class] {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <D:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, TODO: <Company name>> [上傳到QQ網路硬碟] <D:\QQ2006\QQ\AddToNetDisk.htm, N/A> [使用KuGoo3下載(&K)] <F:\原文件\KuGoo3V3.206\KuGoo3\KuGoo3DownX.htm, N/A> [匯出到 Microsoft Office Excel(&X)] <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A> [增加到QQ自訂面板] <D:\QQ2006\QQ\AddPanel.htm, N/A> [增加到QQ表情] <D:\QQ2006\QQ\AddEmotion.htm, N/A> [用QQ彩信傳送該圖片] <D:\QQ2006\QQ\SendMMS.htm, N/A> ================================== 正在執行的工作 [PID: 692][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 772][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 796][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 848][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 860][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1024][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1088][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1176][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1300][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1396][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1692][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86> [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.0.0.86> [D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2> [F:\原文件\KuGoo3V3.206\KuGoo3\KuGoo3DownXControl.ocx] <N/A><N/A> [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0> [PID: 1956][D:\Program Files\eyer\eyer\eyer.exe] <ElectricPower.cn><0.9.6.11> [PID: 1976][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1984][D:\Program Files\Yahoo!\Messenger\ypager.exe] <N/A><N/A> [D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2> [D:\Program Files\Yahoo!\Messenger\ygxa_2.dll] <Yahoo! Inc.><2004, 2, 19, 1> [D:\Program Files\Yahoo!\Messenger\pcre.dll] <Pcre><3.9> [D:\Program Files\Yahoo!\Messenger\YML.dll] <N/A><3, 0, 0, 2> [D:\Program Files\Yahoo!\Messenger\YImage.dll] <Yahoo! Inc.><1, 0, 0, 1> [D:\Program Files\Yahoo!\Messenger\xmlparse.dll] <N/A><N/A> [D:\Program Files\Yahoo!\Messenger\xmltok.dll] <N/A><N/A> [D:\Program Files\Yahoo!\Messenger\ft60.dll] <Yahoo! Inc.><1.0.0.4> [D:\Program Files\Yahoo!\Messenger\res_msgr.dll] <Yahoo! Inc.><6, 0, 0, 1610> [C:\Program Files\Yahoo!\Shared\YbSkin2.dll] <Yahoo! Inc.><2005, 6, 3, 1> [D:\Program Files\Yahoo!\Messenger\MyYahoo.dll] <Yahoo! Inc.><6, 0, 0, 600> [D:\Program Files\Yahoo!\Messenger\D32-FW.DLL] <Distinct Corporation><3.4.6> [C:\WINDOWS\system32\icm32.dll] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0> [D:\Program Files\Yahoo!\Messenger\yvoicesm.dll] <N/A><1, 0, 201, 1> [D:\Program Files\Yahoo!\Messenger\yvoiceui.dll] <N/A><N/A> [D:\Program Files\Yahoo!\Messenger\yaudiomgr.dll] <N/A><1, 0, 200, 1> [D:\Program Files\Yahoo!\Messenger\yxtldr.dll] <N/A><1, 0, 200, 1> [D:\Program Files\Yahoo!\Messenger\rvsip.dll] <RADVISION><3.1.1.30> [D:\Program Files\Yahoo!\Messenger\rvcommon.dll] <RADVISION><1.0.18> [D:\Program Files\Yahoo!\Messenger\rvads.dll] <RADVISION><3.1.1.30> [D:\Program Files\Yahoo!\Messenger\rvsdp.dll] <RADVISION><> [D:\Program Files\Yahoo!\Messenger\yv_res.dll] <N/A><N/A> [D:\Program Files\Yahoo!\Messenger\eyeBeamAsDLL.dll] <N/A><N/A> [D:\Program Files\Yahoo!\Messenger\AEC_PC_DLL.dll] <N/A><N/A> [C:\Program Files\Yahoo!\Shared\YAlertCenter.dll] <Yahoo! Inc.><2004, 10, 20, 1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0> [PID: 1992][C:\Program Files\MSN Messenger\MsnMsgr.Exe] <Microsoft Corporation><8.0.0792.00> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0> [PID: 280][d:\Program Files\Dassault Systemes\B15\intel_a\code\bin\CATSysDemon.exe] <Dassault Systemes><5.15.0.5029> [PID: 296][C:\WINDOWS\system32\drivers\CDAC11BA.EXE] <Macrovision><4.20.020> [PID: 444][C:\Program Files\Moldflow\Product Security\mfpsd.exe] <N/A><N/A> [PID: 484][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.8185> [PID: 556][C:\Program Files\Moldflow\Plastics Insight 5.0\bin\mpijm.exe] <N/A><N/A> [PID: 604][C:\WINDOWS\system32\spool\ugplot\ugiipqd.exe] <Unigraphics Solutions, Inc><2.0.0.21> [C:\WINDOWS\system32\spool\ugplot\libplotq.dll] <Unigraphics Solutions, Inc><2.0.0.21> [C:\WINDOWS\system32\spool\ugplot\libsyss.dll] <Unigraphics Solutions, Inc><2.0.0.21> [PID: 720][C:\Program Files\EDS\License Servers\UGNXFLEXlm\lmgrd.exe] <Macrovision Corporation><8, 3, 2, 0> [PID: 1000][C:\Program Files\EDS\License Servers\UGNXFLEXlm\uglmd.exe] <N/A><N/A> [PID: 1676][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 2424][C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE] <Microsoft Corporation><11.0.5510> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\mcou.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\mcoup.dll] <Kaspersky Lab><5.0.0.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klcp.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\mcouloc.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\mailappl.dll] <Kaspersky Lab><5.0.388.1> [C:\PROGRA~1\MICROS~2\OFFICE11\OUTLCTL.DLL] <N/A><N/A> [D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\nfio.ppl] <Kaspersky Lab><5.0.388.0> [PID: 2652][C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE] <Microsoft Corporation><11.0.5604> [C:\Program Files\Microsoft Office\OFFICE11\STARTUP\MathPage.wll] <N/A><N/A> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\offguard.dll] <Kaspersky Lab><5.0.388.1> [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DI2011U.DLL] <KONICA MINOLTA BUSINESS TECHNOLOGIES,INC><1.00> [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DI2011L.DLL] <KONICA MINOLTA BUSINESS TECHNOLOGIES,INC><1.00> [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DI2011C.DLL] <KONICA MINOLTA BUSINESS TECHNOLOGIES,INC><1.00> [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DI2011K.DLL] <KONICA MINOLTA BUSINESS TECHNOLOGIES,INC><1.00> [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DI2011J.DLL] <KONICA MINOLTA BUSINESS TECHNOLOGIES,INC><1.0.0.0> [PID: 2900][D:\Program Files\Maxthon\Maxthon.exe] <MY Soft Technology><1, 5, 0, 53> [D:\Program Files\Maxthon\maxzlib.dll] < ><1, 0, 0, 2> [C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86> [C:\WINDOWS\system32\xunleibho_v13.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 48> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0> [D:\Program Files\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1> [D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [C:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll] <Gabest><1, 0, 1, 3> [C:\Program Files\Ringz Studio\Storm Codec\Codecs\empgdmx.ax] <Elecard Ltd.><1, 0, 19, 51017> [C:\WINDOWS\system32\RealMediaSplitter.ax] <Gabest><1, 0, 1, 0> [C:\WINDOWS\system32\ffdshow.ax] <N/A><1.0.2.2003> [PID: 1820][D:\Thunder\Thunder.exe] <Thunder Networking Technologies,LTD><5.1.3.168> [D:\Thunder\UpdateDownload.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 2> [D:\Thunder\download_interface.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 57> [D:\Thunder\log4cplus.dll] <><1, 0, 2, 1> [D:\Thunder\stlport_vc646.dll] <STLport Consulting, Inc.><4.6.2003.1031> [D:\Thunder\msgmanage.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 13> [D:\Thunder\historyinfo_manage.dll] <Thunder Networking Technologies,LTD><5, 2, 0, 148> [D:\Thunder\RegisterDll.dll] <Thunder Networking Technologies,LTD><1, 2, 0, 6> [D:\Thunder\FloatBar.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 2> [D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2> [C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86> [PID: 2236][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1584][C:\Documents and Settings\chn1.CHN\桌面\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR Error. [AutoCADScriptFile] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: 關於Spoolsv.exe (所有資料通過收集整理) spoolsv - spoolsv.exe - 工作訊息 spoolsv - spoolsv.exe - 工作訊息 工作文件: spoolsv or spoolsv.exe 工作名稱: Printer Spooler Service 描述: Windows列印工作控制程序,用以列印機就緒。 一般錯誤: N/A 是否為系統工作: 是 如果目前你沒有自己的列印機而且不想用這台電腦列印資料,可以在「我的電腦」右鍵「管理」裡的「服務」項目中找到「Print Spooler(將文件載入到記憶體中以便遲後列印。)」找到,停止並且禁用就可以了。 後台列印程序和「資源耗盡」消息 問題描述 • 當重新啟動電腦或重新啟動後台列印程序服務時,接收到以下錯誤消息:Spoolsv.exe 無法啟動。 • 當開啟列印機內容時,接收到以下錯誤消息:「資源耗盡錯誤。」 • 列印我的文件時,接收到訪問衝突 (Dr. Watson) 錯誤消息。Dr. Watson 日誌附帶錯誤碼 C0000005 指向 Spoolsv.exe。接收到以下錯誤訊息,後台列印程序停止:<address> 的指令引用記憶體在 <address>。記憶體不可讀。 Spoolsv.exe 或「列印子系統不可用」消息 問題描述 啟動 Windows Server 2003 列印伺服器時,可能接收到以下錯誤消息:Spoolsv.exe 產生了一個錯誤。 而且,如果嘗試檢視列印機內容,可能接收到顯示「列印子系統不可用」的錯誤消息。 問題原因 後台列印服務可能已經停止。如果伺服器執行 Windows Server 2003 而使用為 Windows 98 或 Windows NT 設計的列印啟動程序,則也可能發生這種問題。 問題解決方案 1. 開啟註冊表編輯器 (RegEdt32.exe)。 2. 定位到註冊表以下鍵並將之移除: HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\ Control\\Print\\Printers\\ <Trouble Printer> 3. 結束註冊表編輯器。 補充: 前幾天感染了一個spoolsv.exe的木馬病毒,怎麼殺都殺不掉,殺了又來,最後找了下,發現spoolsv.exe的最新變種目前還沒有哪個軟體能殺掉,因此,將解決方法發怖在這裡,希望對大家有說明 spoolsv.exe是一種延緩列印木馬程序,它使電腦CPU使用率達到100%,從而使風扇保持高速嘈雜運轉。目前網上提供的方法或許能夠解決前期問題,但對最新的變種現象無能為力, Ctrl+Alt+Delete停止spoolsv.exe執行工作 重新啟動電腦進入安全模式,在C:/windows/system32/移除spoolsv.exe(或可用搜尋方式移除C碟所有同名文件) 執行regedit,用尋找方式找到並移除所有spoolsv文件。 我的電腦點擊右鍵,選項管理,服務,禁用print spooler服務(目前網上提供的方法僅到此) 重新啟動電腦進入系統一般模式,你會發現電腦還是處於高速運轉,但在搜尋中已找不到任何spoolsv相關文件。 Ctrl+Alt+Delete,你可以在工作中找到一個名為inter的後台執行程序,將其關閉即可。 強烈建議在套用以上步驟解決問題之後,執行反木馬程序掃瞄並移除感染文件。 1 卸載 中搜,酷站導航 2 關閉所有視窗 ===〉執行sreng.exe ===〉啟動項目 ===〉註冊表 ===〉選下面的項目 ===〉移除 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <CdnCtr><; "C:\Program Files\SearchNet\ServeUp.exe"> [] <FeiyingUpdate><; C:\DOCUME~1\chn\LOCALS~1\Temp\~exB.exe> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <SearchNet_Up><; "C:\Program Files\SearchNet\ServeUp.exe"> [] 3 系統修復 ===〉瀏覽器載入項 ===〉選下面的項目 ===〉移除所選內容 [AxInputControl Class] {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, > [NaviHelperObj Class] {3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINDOWS\system32\NaviHelper.dll, N/A> [QuickBtn] {D1BB7CF4-4463-4E91-88D7-ECC3CE0A13B7} <C:\Program Files\CoolWebsite\QuickLink.dll, N/A> 4 重新啟動動進入安全模式(開機按F8,在等待介面選項「安全模式」),移除資料夾: C:\Program Files\SearchNet C:\Program Files\CoolWebsite 文件: C:\DOCUME~1\chn\LOCALS~1\Temp\~exB.exe C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL C:\WINDOWS\system32\NaviHelper.dll 並清空臨時資料夾 刪不掉的文件請使用 置頂帖子 中的 killbox 輔助處理。 執行 killbox.exe ===〉在「要移除的文件的完整路徑」中填入該檔案 ===〉移除文件 5 重新啟動動回到正常模式,用 惡意軟體清理助手 輔助清理剩餘的文件。 執行RogueCleaner.exe ===〉關閉所有視窗,僅保留RogueCleaner ===〉系統清理 ===〉惡意軟體清理 ===〉開始檢測 ===〉勾選「使用強制清理模式」 ===〉開始清理 6 關於 中搜 的訊息還請再看看 cyberarmy 版主的帖子。 ==================================================================== 如果已經正常處理了有害程序,且不再出現問題的話,將標題標籤改為【已解決】。 |
Q:
中了Adware.Dinkum.a,大家幫幫忙啊 如題,瑞星清了幾次都沒成工大家幫幫忙啊 附System Repair 報告: 2006-07-23,19:22:53 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選: 所有的啟動項目(包括註冊表、啟動檔案夾、服務等) 瀏覽器載入項 正在執行的工作(包括工作模組訊息) 文件關聯 啟動項目 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] <run><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <SKYNET Personal FireWall><C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe> [廣州眾達天網技術有限公司] <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\Windows\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Themes] <WinlogonNotify: Themes><C:\WINDOWS\system32\m0rmla911d.dll> [] [HKEY_CURRENT_USER\Control Panel\Desktop] <SCRNSAVE.EXE><; F:\7\7\Kv2006\KVSCRK~1.SCR> [Jiangmin Co.Ltd] ================================== 啟動檔案夾 服務 [Rising Process Communication Center / RsCCenter] <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [RsRavMon Service / RsRavMon] <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [User Profile Hive Cleanup / UPHClean] <C:\Program Files\UPHClean\uphclean.exe><Microsoft Corporation> ================================== 瀏覽器載入項 [微軟] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.microsoft.com/china/index.htm, N/A> [啟動Web迅雷] {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\QQ2005\QQ.EXE, TENCENT> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\QQ2005\QQIEHelper.dll, N/A> [&Google] {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.> [WebThunder Browser Helper] {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_010.dll, Thunder Networking Technologies,LTD> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A> [超級兔子上網精靈] {43869BB3-22FD-4F15-9B46-238106BA2F4E} <, N/A> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\QQ2005\QQIEHelper.dll, N/A> [超級兔子上網精靈] {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <, N/A> [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <F:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin06.dll, Thunder Networking Technologies,LTD> [Microsoft Web 瀏覽器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <f:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD> [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, N/A> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [NTIECatcher Class] {C56CB6B0-0D96-11D6-8C65-B2868B609932} <, N/A> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.> [&使用迅雷下載] <f:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A> [&使用迅雷下載全部連接] <f:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A> [上傳到QQ網路硬碟] <D:\Program Files\QQ2005\AddToNetDisk.htm, N/A> [增加到QQ自訂面板] <D:\Program Files\QQ2005\AddPanel.htm, N/A> [增加到QQ表情] <D:\Program Files\QQ2005\AddEmotion.htm, N/A> [用QQ彩信傳送該圖片] <D:\Program Files\QQ2005\SendMMS.htm, N/A> ================================== 正在執行的工作 [PID: 1740][C:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\mwjet40.dll] <N/A><N/A> [C:\WINDOWS\system32\DRWEBSP.DLL] <Doctor Web, Ltd.><4.33.0.09160> [PID: 312][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21> [C:\WINDOWS\system32\mwjet40.dll] <N/A><N/A> [PID: 580][C:\Program Files\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22> [C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2> [C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11> [C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1> [PID: 1060][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1164][C:\Program Files\Rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 30> [C:\Program Files\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24> [C:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19> [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2> [C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11> [C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1> [C:\Program Files\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5> [PID: 3144][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\DRWEBSP.DLL] <Doctor Web, Ltd.><4.33.0.09160> [C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [C:\WINDOWS\system32\vsfilter.dll] <Gabest><1, 0, 0, 9> [C:\Program Files\ffdshow\ffdshow.ax] <N/A><1, 0, 0, 1> [PID: 1004][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A> [PID: 2864][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 3456][C:\DOCUME~1\212\LOCALS~1\Temp\Rar$EX05.499\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [C:\WINDOWS\system32\DRWEBSP.DLL] <Doctor Web, Ltd.><4.33.0.09160> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: 1. 找出以下檔案,上傳到 VirusTotal ,並在此貼上掃瞄結果 C:\WINDOWS\system32\mwjet40.dll 2. a) 下載F-Look2Me ,儲存到桌面上 b) 把f-look2me.zip壓縮包解開到桌面,執行 f-look2me.exe , 按 Y 繼續 c) F-Look2Me 找到 Look2Me 後, 會提示你要重新啟動 d) 重新啟動電腦後,把 F-Look2Me.log (不是f-look2me.txt) 的內容貼上來,並掃瞄一個新的HijackThis log上來 Q: 我執行Look2Me 都沒有重新啟動 日誌是 2006-06-23 19:34:44 INFO Look2Me was not found. 2006-06-23 19:35:20 INFO F-Look2Me Removal Tool ver 1.00.0 2006-06-23 19:35:20 INFO Copyright (c) 2006, F-Secure Corporation. All rights reserved. 2006-06-23 19:35:20 WARN Disclaimer of Warranty on Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND. F-SECURE EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 2006-06-23 19:35:20 WARN For full license terms please visit: 2006-06-23 19:35:20 WARN http://www.f-secure.com/products/license-terms/ 2006-06-23 19:35:23 INFO Agreed. 2006-06-23 19:35:23 INFO Look2Me was not found. 這是HijackThis log Logfile of HijackThis v1.99.1 Scan saved at 19:37:43, on 2006-7-23 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Rising\Rav\RavStub.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Rising\Rav\RavTask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Rising\Rav\Ravmon.exe C:\WINDOWS\system32\conime.exe f:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\212\桌面\hijackthis\HijackThis.exe O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &使用迅雷下載 - f:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下載全部連接 - f:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm O8 - Extra context menu item: 上傳到QQ網路硬碟 - D:\Program Files\QQ2005\AddToNetDisk.htm O8 - Extra context menu item: 增加到QQ自訂面板 - D:\Program Files\QQ2005\AddPanel.htm O8 - Extra context menu item: 增加到QQ表情 - D:\Program Files\QQ2005\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信傳送該圖片 - D:\Program Files\QQ2005\SendMMS.htm O9 - Extra button: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing) O9 - Extra 'Tools' menuitem: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing) O9 - Extra button: 啟動Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing) O9 - Extra 'Tools' menuitem: 啟動Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing) O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE O9 - Extra 'Tools' menuitem: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE O9 - Extra button: QQ炫彩工具條設定 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2005\QQIEHelper.dll (file missing) O9 - Extra 'Tools' menuitem: QQ炫彩工具條設定 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2005\QQIEHelper.dll (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{2DD48FA2-2895-4116-8CAD-CA0273BB7FFB}: NameServer = 60.191.244.5 60.191.244.2 O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\m0rmla911d.dll O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe A: VirusTotal 的掃瞄結果是 STATUS: FINISHEDComplete scanning result of "mwjet40.dll", received in VirusTotal at 07.23.2006, 14:02:18 (CET). Antivirus Version Update Result AntiVir n - no virus found Authentium n - no virus found Avast n - no virus found AVG n - no virus found BitDefender n - no virus found CAT-QuickHeal n - no virus found ClamAV n - no virus found DrWeb n - no virus found eTrust-InoculateIT n - no virus found eTrust-Vet n - no virus found Ewido n - no virus found Fortinet n - no virus found F-Prot n - no virus found F-Prot4 n - no virus found Ikarus n - no virus found Kaspersky n - no virus found McAfee n - no virus found Microsoft n - no virus found NOD32v2 n - no virus found Norman n - no virus found Panda n - no virus found Sophos n - no virus found Symantec n - no virus found TheHacker n - no virus found UNA n - no virus found VBA32 n - no virus found VirusBuster n - no virus found Q: 等待中,拜託高手了,急啊 A: QUOTE: 引用第2樓7385587於2006-07-23 20:03發表的「」: 我執行Look2Me 都沒有重新啟動 日誌是 2006-06-23 19:34:44 INFO Look2Me was not found. 2006-06-23 19:35:20 INFO F-Look2Me Removal Tool ver 1.00.0 2006-06-23 19:35:20 INFO Copyright (c) 2006, F-Secure Corporation. All rights reserved. ....... 按 [Copy to clipboard] 複製以下所有文字 CODE: Files to delete: C:\WINDOWS\system32\m0rmla911d.dll Registry keys to delete: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Themes [Copy to clipboard] The Avenger a) 下載 The Avenger,儲存到桌面並解開壓縮包 b) 執行 The Avenger , 按 Input script manually 再按 放大鏡 c) 按 Ctrl + V/右click貼上剛才複製的內容 ,按 Done ,按 綠燈 開始,當有提示彈出, 按 Yes 兩次 d) The Avenger 會重新啟動你的電腦大約一至兩次,如果重新啟動時有黑色視窗彈出,這是正常情況 e) 當重新啟動後,把 C:\avenger.txt 的內容貼上來,並請同時掃瞄一個新的HijackThis log上來 Q: 打不開放大鏡啊提示: error:could not open script file. please verify that path name is vaild and file exists ------------- 鋼材錯了,可以執行的 avenger: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\osbbdghh ******************* Script file located at: \??\C:\Documents and Settings\tnvqyutu.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\m0rmla911d.dll not found! Deletion of file C:\WINDOWS\system32\m0rmla911d.dll failed! Could not process line: C:\WINDOWS\system32\m0rmla911d.dll Status: 0xc0000034 Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Themes not found! Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Themes failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 20:43:38, on 2006-7-23 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Rising\Rav\RavStub.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Rising\Rav\RavTask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Rising\Rav\Ravmon.exe C:\WINDOWS\system32\conime.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\212\桌面\hijackthis\HijackThis.exe O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &使用迅雷下載 - f:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下載全部連接 - f:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm O8 - Extra context menu item: 上傳到QQ網路硬碟 - D:\Program Files\QQ2005\AddToNetDisk.htm O8 - Extra context menu item: 增加到QQ自訂面板 - D:\Program Files\QQ2005\AddPanel.htm O8 - Extra context menu item: 增加到QQ表情 - D:\Program Files\QQ2005\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信傳送該圖片 - D:\Program Files\QQ2005\SendMMS.htm O9 - Extra button: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing) O9 - Extra 'Tools' menuitem: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing) O9 - Extra button: 啟動Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing) O9 - Extra 'Tools' menuitem: 啟動Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing) O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE O9 - Extra 'Tools' menuitem: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE O9 - Extra button: QQ炫彩工具條設定 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2005\QQIEHelper.dll (file missing) O9 - Extra 'Tools' menuitem: QQ炫彩工具條設定 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2005\QQIEHelper.dll (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{2DD48FA2-2895-4116-8CAD-CA0273BB7FFB}: NameServer = 60.191.244.5 60.191.244.2 O20 - Winlogon Notify: Run - C:\WINDOWS\system32\naapi32.dll O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe A: ...奇怪 a) 下載Look2Me-Destroyer ,儲存到 C:\ b) 執行 Look2Me-Destroyer.exe , 在 Run this program as a task 打勾,之後會提示你過一會就會自動再次執行 c) 當 Look2Me-Destroyer 自動執行,按 Scan for L2M button,這時候你的桌面圖示可能會消失 d) 掃瞄完成後,按 Remove L2M button ,當完成後, Look2Me-Destroyer 會提示你將會關閉電腦 e) 電腦關閉後,再次啟動你的電腦,把桌面Look2Me-Destroyer.txt 或C:\Look2Me-Destroyer.txt 的內容貼上來,並掃瞄一個新的HijackThis log上來 PS: 如果過一會(大約一至兩分鍾)不會自動再次執行 請驗證 -電腦時間格式為 H:mm:ss -Look2Me-Destroyer.exe放在C:\ Q: Look2Me-Destroyer日誌: Look2Me-Destroyer V1.0.12 Scanning for infected files..... Scan started at 2006-7-23 21:20:27 Infected! C:\WINDOWS\system32\naapi32.dll Attempting to delete infected files... Attempting to delete: C:\WINDOWS\system32\naapi32.dll C:\WINDOWS\system32\naapi32.dll Deleted successfully! Making registry repairs. Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D290EBBB-76A0-48B1-B894-3E5E7A8E236E}" HKCR\Clsid\{D290EBBB-76A0-48B1-B894-3E5E7A8E236E} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5EA8FC6F-FF5F-47E1-A34F-C19B85830638}" HKCR\Clsid\{5EA8FC6F-FF5F-47E1-A34F-C19B85830638} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{222CFF09-A539-4E70-83C2-64269DA2F7BD}" HKCR\Clsid\{222CFF09-A539-4E70-83C2-64269DA2F7BD} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{40180886-B9C9-48DD-A53A-A6CB46FDD425}" HKCR\Clsid\{40180886-B9C9-48DD-A53A-A6CB46FDD425} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2FACA6B4-778C-4224-9D5A-249E9B889CF6}" HKCR\Clsid\{2FACA6B4-778C-4224-9D5A-249E9B889CF6} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1481D568-5A0F-4D63-A7FB-E9FCE2188BF9}" HKCR\Clsid\{1481D568-5A0F-4D63-A7FB-E9FCE2188BF9} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B39636E6-581A-4CAB-905F-95EC4518B13C}" HKCR\Clsid\{B39636E6-581A-4CAB-905F-95EC4518B13C} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{DC411158-F158-4867-9287-38B7C75CFF82}" HKCR\Clsid\{DC411158-F158-4867-9287-38B7C75CFF82} Restoring Windows certificates. Replaced hosts file with default windows hosts file Restoring SeDebugPrivilege for Administrators - Succeeded hijackthis日誌: Logfile of HijackThis v1.99.1 Scan saved at 21:26:07, on 2006-7-23 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Rising\Rav\RavStub.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Rising\Rav\RavMon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\212\桌面\hijackthis\HijackThis.exe O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe O4 - HKLM\..\Run: [RavTask] "D:\瑞星殺毒\Rising\Rav\RavTask.exe" -system O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &使用迅雷下載 - f:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下載全部連接 - f:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm O8 - Extra context menu item: 上傳到QQ網路硬碟 - D:\Program Files\QQ2005\AddToNetDisk.htm O8 - Extra context menu item: 增加到QQ自訂面板 - D:\Program Files\QQ2005\AddPanel.htm O8 - Extra context menu item: 增加到QQ表情 - D:\Program Files\QQ2005\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信傳送該圖片 - D:\Program Files\QQ2005\SendMMS.htm O9 - Extra button: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing) O9 - Extra 'Tools' menuitem: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing) O9 - Extra button: 啟動Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing) O9 - Extra 'Tools' menuitem: 啟動Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing) O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE O9 - Extra 'Tools' menuitem: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE O9 - Extra button: QQ炫彩工具條設定 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2005\QQIEHelper.dll (file missing) O9 - Extra 'Tools' menuitem: QQ炫彩工具條設定 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2005\QQIEHelper.dll (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{2DD48FA2-2895-4116-8CAD-CA0273BB7FFB}: NameServer = 60.191.244.5 60.191.244.2 O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe A: QUOTE: 引用第10樓7385587於2006-07-23 21:30發表的「」: Look2Me-Destroyer日誌: Look2Me-Destroyer V1.0.12 Scanning for infected files..... Scan started at 2006-7-23 21:20:27 ....... 哈哈~~Look2Me 已經清除了~~ 你有沒有裝過Dr.Web?? Q: 沒啊,還是第一次聽到Dr.Web,他是什麼用的? A: Re:【求助】中了Adware.Dinkum.a,大家幫幫忙啊 QUOTE: 引用第12樓7385587於2006-07-23 21:51發表的「」: 沒啊,還是第一次聽到Dr.Web,他是什麼用的? 奇怪~~為什麼你有Dr.Web/Virus Chaser的東西..... Suggest你把drwebsp.dll清除 1. 下載 LSPFix 並儲存到桌面 2. 執行 LSPFix , 在 I know what I'm doing 打勾 3. 把 drwebsp.dll 放到 右邊 Remove, 按 Finish 4. 重新啟動電腦即可 |
Q:
【求助】碰到流氓網站:嘟呲實用導航 更改我的主頁, 怎麼刪都刪不掉。用超級兔子也修復不了。 這年頭上網怎麼到處都是流氓軟件,流氓網站啊!!! A: 1.下載最新官方版本System Repair Engineer : http://www.kztechs.com/sreng/download.html 使用方法: 解壓到隨意資料夾,執行SREng.exe,點擊"智慧式掃瞄"->"掃瞄"->"儲存報告".然後把報告發上來供高手分析. Q: 2006-08-03,12:37:20 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] <bgswitch><C:\WINDOWS\system32\bgswitch.exe> [] <OM_Monitor><C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart> [OLYMPUS IMAGING CORP.] <Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] <run><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation] <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <DAEMON Tools><"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033> [DT Soft Ltd.] <ATIModeChange><Ati2mdxx.exe> [ATI Technologies, Inc.] <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.] <Smapp><C:\Program Files\Analog Devices\SoundMAX\SMTray.exe> [Analog Devices, Inc.] <BigDogPath><C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera> [] <vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation] <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation] <Acrobat Assistant 7.0><"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"> [Adobe Systems Inc.] <OM_Monitor><C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe> [OLYMPUS IMAGING CORP.] <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh] <Vistadrv><C:\Program Files\Vista\systool\Vistadrive\vsdrv.exe> [] <Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] <SKYNET Personal FireWall><C:\Program Files\SkyNet\FireWall\PFW.exe> [廣州眾達天網技術有限公司] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] <WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll> [] ================================== 啟動資料夾 [Adobe Acrobat Speed Launcher] <C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Adobe Acrobat Speed Launcher.lnk><N> [Flash Video] <C:\Documents and Settings\Administrator\「開始」表菜單\程式\啟動\Flash Video.lnk><N> ================================== 服務 [Adobe LM Service / Adobe LM Service] <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems> [Ati HotKey Poller / Ati HotKey Poller] <C:\WINDOWS\system32\Ati2evxx.exe><N/A> [DefWatch / DefWatch] <C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation> [InstallDriver Table Manager / IDriverT] <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation> [kavsvc / kavsvc] <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe><Kaspersky Lab> [Symantec AntiVirus Client / Norton AntiVirus Server] <C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation> [SoundMAX Agent Service / SoundMAX Agent Service (default)] <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.> ================================== 瀏覽器載入項 [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [VnetCookie Class] {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, > [AcroIEToolbarHelper Class] {AE7CD045-E861-484f-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated> [使用網文快捕儲存當前網頁...] {0246d4c7-57d6-41eb-ae55-cc9a883929da} <, N/A> [使用網文快捕儲存...] {0246d4c7-57d6-41eb-ae55-cc9a883929db} <, N/A> [] {0246d4c7-57d6-41eb-ae55-cc9a883929de} <C:\Program Files\WebCatcher\WebCatcher.exe, Wizissoft> [FlashGet Bar] {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft> [Easy-WebPrint] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} <C:\Program Files\Canon\Easy-WebPrint\Toolband.dll, > [Adobe PDF] {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated> [金山快譯(&K)] {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2006\IEBand.dll, 金山軟件股份有限公司> [WebActivater Control] {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\system32\WEBACT~1.OCX, QQ> [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [Easy-WebPrint] {327C2873-E90D-4C37-AA9D-10AC9BABA46C} <C:\Program Files\Canon\Easy-WebPrint\Toolband.dll, > [Adobe PDF] {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated> [VnetCookie Class] {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, > [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [金山快譯(&K)] {6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2006\IEBand.dll, 金山軟件股份有限公司> [Microsoft Web 瀏覽器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [AcroIEToolbarHelper Class] {AE7CD045-E861-484F-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [FlashGet Bar] {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft> [使用網際快車下載] <C:\Program Files\FlashGet\jc_link.htm, N/A> [使用網際快車下載全部鏈接] <C:\Program Files\FlashGet\jc_all.htm, N/A> [匯出到 Microsoft Office Excel(&X)] <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A> [轉換為 Adobe PDF] <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A> [轉換為現有 PDF] <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A> [轉換選定的鏈接為 Adobe PDF] <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A> [轉換選定的鏈接為現有 PDF] <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A> [轉換選項為 Adobe PDF] <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A> [轉換選項為現有 PDF] <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A> [轉換鏈接目標為 Adobe PDF] <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A> [轉換鏈接目標為現有 PDF] <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A> ================================== 正在執行的工作行程 [PID: 476][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 536][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 560][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [C:\WINDOWS\system32\NavLogon.dll] <N/A><N/A> [PID: 612][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 624][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 780][C:\WINDOWS\system32\Ati2evxx.exe] <N/A><N/A> [PID: 792][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 844][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 892][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\System32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 1356][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 1384][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 1536][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [C:\Program Files\Tencent\QQ\Messenger.dll] <N/A><N/A> [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><6.0.1.2003110300> [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS] <Adobe Systems, Inc.><7.0.0.0> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><8.1.0.821> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.142.1> [C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll] <Adobe Systems Inc.><7.0.0.2004121400\0> [C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.chs] <Adobe Systems Inc.><7.0.0.2004121400\0> [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0> [PID: 1676][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [C:\WINDOWS\system32\AdobePDF.dll] <Adobe Systems Incorporated.><7.0.0.00> [C:\Program Files\Adobe\Acrobat 7.0\Distillr\AdistRes.CHS] <N/A><N/A> [C:\WINDOWS\system32\CNMLM52.DLL] <CANON INC.><1.70.2.2> [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD52.DLL] <CANON INC.><1.70.2.2> [PID: 1940][C:\Program Files\DAEMON Tools\daemon.exe] <DT Soft Ltd.><4.03.0.0> [C:\Program Files\DAEMON Tools\daemon.dll] <DT Soft Ltd.><4.03.0.0> [C:\Program Files\DAEMON Tools\PFCTOC.DLL] <Padus(R), Inc.><1, 0, 0, 12> [C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll] <N/A><1.0.6.0> [C:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll] <GENERIC><1.10.0.0> [C:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll] <GENERIC><1.12.0.0> [C:\Program Files\DAEMON Tools\Plugins\Images\nrgmount.dll] <GENERIC><1.11.0.0> [C:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll] <GENERIC><1.01.0.0> [PID: 1956][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] <ATI Technologies, Inc.><6.14.10.5061> [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] <ATI Technologies, Inc.><6.14.10.5061> [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS] <ATI Technologies, Inc.><6.14.10.5061> [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] <ATI Technologies, Inc.><6.14.10.5061> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 1968][C:\Program Files\Analog Devices\SoundMAX\SMTray.exe] <Analog Devices, Inc.><3, 2, 18, 0> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 1976][C:\WINDOWS\VM_STI.EXE] <VM.><4.2.610.4> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [C:\WINDOWS\system32\VM31bPrp.Ax] <VM><4.2.711.31> [PID: 1984][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] <Symantec Corporation><8.1.0.821> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><8.1.0.821> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1> [PID: 1996][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3208> [PID: 2016][C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe] <Adobe Systems Inc.><6.0.1.2004121400> [C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.chs] <Adobe Systems Inc.><6.0.0.0> [PID: 256][C:\Program Files\Tencent\QQ\Messenger.exe] <N/A><N/A> [PID: 344][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 408][C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe] <Symantec Corporation><8.1.0.821> [PID: 524][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] <Microsoft Corporation><7.00.9466> [PID: 740][C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe] <Symantec Corporation><8.1.0.821> [C:\WINDOWS\system32\CBA.DLL] <Intel? Corporation><6.12.0.105 E> [C:\WINDOWS\system32\MsgSys.dll] <Intel? Corporation><6.12.0.105 E> [C:\WINDOWS\system32\NTS.dll] <Intel? Corporation><6.12.0.105 E> [C:\WINDOWS\system32\PDS.DLL] <Intel? Corporation><6.12.0.105 E> [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll] <Symantec Corporation><8.1.0.821> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1> [C:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll] <Symantec Corporation><8.1.0.821> [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL] <Symantec Corp.><4.2.0.7> [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060726.039\NAVEX32a.DLL] <Symantec Corporation><20061.2.0.24> [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060726.039\NAVENG32.DLL] <Symantec Corporation><20061.2.0.24> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL] <Symantec Corporation><9.1.0.26> [PID: 1056][C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe] <Adobe Systems Incorporated><7.0.0.0> [PID: 1068][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] <Analog Devices, Inc.><3, 2, 6, 0> [PID: 1076][C:\Program Files\flvplayer\flvplayer.exe] <N/A><N/A> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [PID: 1960][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\System32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 228][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 216][C:\Program Files\Chinanet\VnetClient.exe] <><2005, 11, 14, 1> [C:\Program Files\Chinanet\Communicate.dll] <0><2005, 3, 3, 1> [C:\Program Files\Chinanet\DialModule.dll] <GDCN><2005, 11, 15, 1> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [C:\PROGRA~1\Chinanet\CLIENT~1.DLL] <><2004, 2, 28, 1> [C:\PROGRA~1\Chinanet\PLUGIN~1.OCX] <><2005, 7, 27, 1> [C:\PROGRA~1\Chinanet\sign.dll] <0><2004, 12, 1, 1> [C:\PROGRA~1\Chinanet\PostPlug.dll] <><2004, 12, 16, 2> [C:\PROGRA~1\Chinanet\ADVERT~1.OCX] <><2005, 10, 13, 1> [C:\PROGRA~1\Chinanet\VnetBs.ocx] <><2004, 11, 18, 1> [C:\PROGRA~1\Chinanet\ACCOUN~2.DLL] <><2005, 11, 14, 1> [C:\PROGRA~1\Chinanet\AccountMgr.dll] <><2005, 11, 14, 17> [C:\PROGRA~1\Chinanet\VnetSkin.ocx] <GDDC><2005, 11, 14, 1> [C:\PROGRA~1\Chinanet\DialogStyle.dll] <><1, 0, 0, 1> [C:\PROGRA~1\Chinanet\Timer.ocx] <><2005, 10, 9, 14> [C:\PROGRA~1\Chinanet\PLUGIN~2.OCX] <><2005, 2, 24, 1> [C:\PROGRA~1\Chinanet\NEWMES~1.DLL] <><2005, 8, 26, 1> [C:\PROGRA~1\Chinanet\PassCtrl.dll] <><1, 0, 0, 1> [C:\PROGRA~1\Chinanet\PlugPush.dll] <><2004, 12, 21, 1> [C:\PROGRA~1\Chinanet\ALLINT~1.DLL] <><2004, 11, 23, 1> [C:\PROGRA~1\Chinanet\VNETLO~1.OCX] <><2005, 10, 9, 1> [C:\PROGRA~1\Chinanet\StatNum.dll] <><2004, 11, 18, 1> [C:\PROGRA~1\Chinanet\VNETON~1.OCX] <><2005, 3, 2, 1> [C:\PROGRA~1\Chinanet\ALLFUN~1.DLL] <GDCN><2005, 10, 9, 1> [C:\PROGRA~1\Chinanet\VnetOptLog.dll] <><2005, 9, 13, 9> [C:\WINDOWS\system32\IeFilter.dll] <N/A><N/A> [C:\PROGRA~1\Chinanet\DlgSkin.ocx] <><2005, 11, 14, 1> [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [PID: 2428][C:\GreenBrowserV3.4\GreenBrowser.exe] <MoreQuick><1, 0, 0, 0> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 2972][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 3056][C:\Documents and Settings\Administrator\My Documents\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 A: 再次執行 System Repair Engineer 在「啟動專案」->「註冊表」中刪除下面專案 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] C:\Program Files\Tencent\QQ\Messenger.exe <--刪除此文件 C:\Program Files\Tencent\QQ\Messenger.dll <--刪除此文件 下載Dr.Web CureIT! 免費掃瞄器,包含最新病毒庫,可以檢測清除病毒 ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe 自解壓格式,下載後直接執行cureit.exe,或者右鍵解壓縮後執行其中的_start.exe 先按「確定」進行「Start Express Scan」 執行殺毒,先會自動掃瞄記憶體工作行程和啟動項,自動掃瞄結束後,用滑鼠選中所有的硬碟分區再次殺毒. 最後把殺毒報告發上來,開始->執行 %USERPROFILE%\DoctorWeb\CureIt.log |
Q:
求助】幫我看看我的報告~ 2006-08-03,14:02:15 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 1 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [NVIDIA Corporation] <avgnt><"D:\AntiVir PersonalEdition Classic\avgnt.exe" /min> [Avira GmbH] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><KB235780M.LOG> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] ================================== 啟動資料夾 服務 [AntiVir PersonalEdition Classic Scheduler / AntiVirScheduler] <D:\AntiVir PersonalEdition Classic\sched.exe><Avira GmbH> [AntiVir PersonalEdition Classic Guard / AntiVirService] <D:\AntiVir PersonalEdition Classic\avguard.exe><AVIRA GmbH> [LexBce Server / LexBceS] <C:\WINDOWS\system32\LEXBCES.EXE><Lexmark International, Inc.> [Local Security Authority Subsystem Service / lsass] <><N/A> [Network Monitor / Network Monitor] <C:\Program Files\Network Monitor\netmon.exe service><N/A> [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation> [VKTServ / VKTServ] <C:\WINDOWS\System32\VKTServ.exe><N/A> [Microsoft Windows HelpFile / Windows Helpfile] <><N/A> ================================== 瀏覽器載入項 [Tencent Browser Helper] {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr1.dll, Tencent> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [訊息檢索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation> [@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [金山快譯(&K)] {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\PROGRA~1\Kingsoft\FASTAI~1\IEBand.dll, > [UCmore XP - The Search Accelerator] {44BE0690-5429-47f0-85BB-3FFD8020233E} <C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll, Effective-i Inc.> [電台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation> [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.> [上傳到QQ網路硬碟] <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A> [匯出到 Microsoft Office Excel(&X)] <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A> [新增到QQ自定義面板] <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A> [新增到QQ表情] <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A> [用QQ彩信發送該圖片] <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A> ================================== 正在執行的工作行程 [PID: 420][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [PID: 484][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 508][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [PID: 552][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 564][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [PID: 732][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 784][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 964][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 976][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 1092][C:\WINDOWS\system32\LEXBCES.EXE] <Lexmark International, Inc.><9.42> [C:\WINDOWS\system32\lexp2p32.dll] <Lexmark International, Inc.><9.42> [C:\WINDOWS\system32\lex2kusb.dll] <Lexmark International, Inc.><9.42> [PID: 1128][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.1699 (xpsp2.050610-1533)> [C:\WINDOWS\system32\LEXLMPM.DLL] <Lexmark International, Inc.><96.9.42> [C:\WINDOWS\system32\LexBce.dll] <Lexmark International, Inc.><9.42> [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LVBZPP5C.dll] <Lenovo (Beijing) Ltd.><1.0.2.3> [C:\WINDOWS\system32\LVBZpwr.dll] <Lenovo (Beijing) Ltd.><1, 0, 1, 0> [PID: 1132][C:\WINDOWS\system32\LEXPPS.EXE] <Lexmark International, Inc.><9.42> [C:\WINDOWS\system32\LEXBCE.DLL] <Lexmark International, Inc.><9.42> [PID: 1872][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)> [C:\WINDOWS\System32\nvshell.dll] <NVIDIA Corporation><6.14.10.5303> [C:\WINDOWS\System32\NVWRSZHC.DLL] <NVIDIA Corporation><6.14.10.5303> [C:\Program Files\TENCENT\Adplus\SSAddr1.dll] <Tencent><4, 1, 8, 81> [PID: 1976][D:\AntiVir PersonalEdition Classic\sched.exe] <Avira GmbH><7.00.00.17> [D:\AntiVir PersonalEdition Classic\schedr.dll] < Avira GmbH><7.00.00.04> [PID: 2036][D:\AntiVir PersonalEdition Classic\avguard.exe] <AVIRA GmbH><7.00.00.29> [D:\AntiVir PersonalEdition Classic\GUARDMSG.DLL] <H+BEDV Datentechnik GmbH><7.00.00.04> [D:\AntiVir PersonalEdition Classic\AVPREF.DLL] <Avira GmbH><7.00.00.01> [D:\AntiVir PersonalEdition Classic\SMTPLIB.DLL] <Avira GmbH><1.02.00.08> [D:\AntiVir PersonalEdition Classic\AVEWIN32.DLL] <Avira GmbH><7.1.1.0> [PID: 192][C:\Program Files\Network Monitor\netmon.exe] <N/A><N/A> [PID: 200][C:\WINDOWS\System32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.5303> [PID: 232][D:\AntiVir PersonalEdition Classic\avgnt.exe] <Avira GmbH><7.00.00.10> [D:\AntiVir PersonalEdition Classic\avgcmxp.dll] <Avira GmbH><7.00.00.09> [PID: 236][C:\WINDOWS\System32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)> [PID: 268][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [PID: 1696][C:\Program Files\寬帶上網助手\Apa2.exe] <Linkage System Intergrated><1, 0, 0, 9> [PID: 1764][C:\WINDOWS\System32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)> [PID: 388][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)> [C:\Program Files\TENCENT\Adplus\SSAddr1.dll] <Tencent><4, 1, 8, 81> [C:\Program Files\Tencent\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5> [PID: 1428][F:\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== 問題 電腦有點卡~ A: 再次執行 System Repair Engineer 在下面啟動項處點編輯按鈕,刪除其中的內容 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><KB235780M.LOG> [] 有什麼問題請文字說明 Q: 圖片: 圖片: 圖片: 圖片: QUOTE: 引用第2樓Bon Jovi於2006-08-03 14:35發表的「」: 再次執行 System Repair Engineer 在下面啟動項處點編輯按鈕,刪除其中的內容 [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWindows] [] ....... 那個我在殺毒的時候好像被刪了 但是啟動項好像還是弄不掉 A: 在下面啟動項處點編輯按擊<AppInit_DLLs> 在「值」這一項中,刪除 KB235780M.LOG 這幾個字母,然後確定 |
Q:
【求助】IE老彈廣告。請大家進來看看!附日誌! 2006-09-01,22:19:30 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation] <McAfeeUpdaterUI><"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey> [Network Associates, Inc.] <Network Associates Error Reporting Service><"C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"> [Network Associates, Inc.] <ShStatEXE><"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE> [Network Associates, Inc.] <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [] <CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32> [北京三七二一科技有限公司] <DAEMON Tools-2052><; ; "C:\Program Files\D-Tools\daemon.exe" -lang 2052> [] <helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> [] <IMJPMIG8.1><; ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <NvMediaCenter><; ; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation] <nwiz><; ; nwiz.exe /install> [] <PHIME2002A><; ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <SunJavaUpdateSched><; C:\Program Files\Java\jre1.5.0\bin\jusched.exe> [Sun Microsystems, Inc.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] ================================== 啟動資料夾 服務 [Adobe LM Service / Adobe LM Service] <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems> [Computer Storage / BUZOR] <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A> [McAfee Framework 服務 / McAfeeFramework] <C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart><Network Associates, Inc.> [Network Associates McShield / McShield] <"C:\Program Files\Network Associates\VirusScan\Mcshield.exe"><Network Associates, Inc.> [Network Associates Task Manager / McTaskManager] <"C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"><Network Associates, Inc.> [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> ================================== 瀏覽器載入項 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v3.dll, > [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <d:\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [IEYHlprObj Class] {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation> [Schedule Class] {8B316DA1-9950-4926-B9EA-1AEC124AFA45} <C:\WINDOWS\system32\sscli.dll, > [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation> [WinSC Class] {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A> [EastAliveObj Class] {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, Eastday Corporation> [T2BHO Class] {B1D147E7-873E-4909-8127-695D9BB78728} <C:\WINDOWS\Downloaded Program Files\barhelp24.0.dll, N/A> [tscgm Class] {D11D0862-0390-4884-A95C-4702D0D4C11A} <C:\WINDOWS\system32\coredrv32.dll, > [易得優播放器] {009541A0-3B81-101C-92F3-040224009C04} <C:\Program Files\edusoft\SWFBROWER\swfbrowse.exe, 易得優軟件> [Java Plug-in 1.5.0] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, Sun Microsystems, Inc.> [浩方對戰平台] {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\軟件\浩方對戰平台\GameClient.exe, 上海浩方線上訊息技術有限公司> [比較購物搜索(&C)] {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} <C:\WINDOWS\YayaBands.dll, Eastday Corporation> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <d:\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [BitCometBar] {3F1ABCDB-A875-46c1-8345-B72A4567E486} <d:\BitComet\BitCometBar\BitCometBar0.2.dll, N/A> [MMCPlayer Class] {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.> [Java Plug-in 1.5.0] {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, Sun Microsystems, Inc.> [estInsObj Class] {A927C078-E82F-471B-83F5-3D1504F7D01B} <C:\WINDOWS\estAlive.dll, Eastday Corporation> [Java Plug-in 1.5.0] {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, Sun Microsystems, Inc.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v3.dll, > [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [BitCometBar] {3F1ABCDB-A875-46C1-8345-B72A4567E486} <d:\BitComet\BitCometBar\BitCometBar0.2.dll, N/A> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <d:\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [IEYHlprObj Class] {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Schedule Class] {8B316DA1-9950-4926-B9EA-1AEC124AFA45} <C:\WINDOWS\system32\sscli.dll, > [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation> [WinSC Class] {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A> [EastAliveObj Class] {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, Eastday Corporation> [T2BHO Class] {B1D147E7-873E-4909-8127-695D9BB78728} <C:\WINDOWS\Downloaded Program Files\barhelp24.0.dll, N/A> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [3721] {B83FC273-3522-4CC6-92EC-75CC86678DA4} <C:\WINDOWS\Downloaded Program Files\CnsMin.dll, 北京三七二一科技有限公司> [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation> [tscgm Class] {D11D0862-0390-4884-A95C-4702D0D4C11A} <C:\WINDOWS\system32\coredrv32.dll, > [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.> [&使用迅雷下載] <D:\Thunder\geturl.htm, N/A> [&使用迅雷下載全部鏈接] <D:\Thunder\getAllurl.htm, N/A> [上傳到QQ網路硬碟] <D:\QQ\AddToNetDisk.htm, N/A> [新增到QQ自定義面板] <D:\QQ\AddPanel.htm, N/A> [新增到QQ表情] <D:\QQ\AddEmotion.htm, N/A> [用QQ彩信發送該圖片] <D:\QQ\SendMMS.htm, N/A> [用比特精靈下載(&B)] <D:\BitSpirit\bsurl.htm, N/A> [秦皇島教育網] <, N/A> ================================== 正在執行的工作行程 [PID: 416][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 636][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 668][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 712][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277> [PID: 724][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277> [PID: 880][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277> [PID: 944][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277> [PID: 1040][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277> [PID: 1076][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277> [PID: 1176][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277> [PID: 1488][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277> [C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.8420> [C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.8420> [C:\WINDOWS\system32\nvshell.dll] <N/A><N/A> [C:\WINDOWS\system32\xunleibho_v3.dll] <><4, 3, 1, 28> [C:\WINDOWS\system32\sscli.dll] <><5, 0, 2195, 6696> [C:\WINDOWS\system32\WinSC32.dll] <N/A><N/A> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [C:\Program Files\Network Associates\VirusScan\shext.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\RES04\ShExtRes.dll] <Network Associates, Inc.><8.0.0.912> [PID: 1528][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1648][C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\nailog.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\naXML.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\0804\UpdRes.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] <Network Associates, Inc.><3.5.0.412> [PID: 1676][C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe] <Network Associates, Inc.><2.0.275.0> [PID: 1684][C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\naiwmain.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\RES04\shstat.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\RES04\Product.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\RES04\McShield.dll] <Network Associates, Inc.><8.0.0.251> [C:\Program Files\Network Associates\VirusScan\RES04\Shutilrc.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\Graphics.dll] <Network Associates, Inc.><8.0.0.912> [PID: 1744][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 280][C:\Program Files\Network Associates\Common Framework\FrameworkService.exe] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\nailog.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\naXML.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\applib.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\Logging.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\InternetManager.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\naInet.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\UserSpace.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\Management.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\cmalib.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\Scheduler.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\TCSubSys.dll] <Network Associates, Inc.><3.5.0.412> [C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277> [PID: 312][C:\Program Files\Network Associates\VirusScan\Mcshield.exe] <Network Associates, Inc.><8.0.0.251> [C:\Program Files\Network Associates\VirusScan\Res04\McShield.DLL] <Network Associates, Inc.><8.0.0.251> [C:\Program Files\Network Associates\VirusScan\FTL.Dll] <Network Associates, Inc.><8.0.0.135> [C:\Program Files\Network Associates\VirusScan\naiann.dll] <Network Associates, Inc.><8.0.0.251> [C:\Program Files\Network Associates\VirusScan\mytilus.dll] <Network Associates, Inc.><8.0.0.251> [C:\Program Files\Network Associates\Common Framework\GenEvtInf.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\VirusScan\NaEventU.DLL] <Network Associates, Inc.><8.0.0.342> [C:\Program Files\Network Associates\VirusScan\Res04\naEvtRes.dll] <Network Associates, Inc.><8.0.0.342> [C:\Program Files\Network Associates\VirusScan\VSIDSvr.dll] <Network Associates, Inc.><8.0.0.251> [C:\Program Files\Common Files\Network Associates\Engine\MCSCAN32.DLL] <McAfee, Inc.><4.4.00> [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\VirusScan\EntSrv.Dll] <Network Associates, Inc><8.0.0.277> [PID: 336][C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe] <Network Associates, Inc.><3.5.0.412> [C:\PROGRA~1\NETWOR~1\COMMON~1\nailog.dll] <Network Associates, Inc.><3.5.0.474> [C:\PROGRA~1\NETWOR~1\COMMON~1\naCmnLib.dll] <Network Associates, Inc.><3.5.0.474> [C:\PROGRA~1\NETWOR~1\COMMON~1\naXML.dll] <Network Associates, Inc.><3.5.0.474> [C:\PROGRA~1\NETWOR~1\COMMON~1\0804\AgentRes.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\VirusScan\VsPlugin.dll] <Network Associates, Inc.><8.0.0.912> [C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277> [PID: 480][C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\naiwmain.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\naicondl.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\RES04\VsTskMgr.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\MIDUtil.Dll] <McAfee, Inc.><8.0.0.152> [PID: 564][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.8420> [PID: 840][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)> [PID: 1608][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 2332][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277> [PID: 2808][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277> [C:\WINDOWS\system32\xunleibho_v3.dll] <><4, 3, 1, 28> [d:\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5> [C:\WINDOWS\IEYHelper.dll] <Eastday Corporation><1, 0, 0, 13> [C:\WINDOWS\YayaBands.dll] <Eastday Corporation><1, 0, 0, 5> [C:\WINDOWS\YayaVerAtl.dll] <Eastday Corporation><1, 0, 0, 48> [C:\WINDOWS\system32\sscli.dll] <><5, 0, 2195, 6696> [C:\WINDOWS\system32\WinSC32.dll] <N/A><N/A> [C:\WINDOWS\estAlive.dll] <Eastday Corporation><1, 0, 0, 7> [C:\WINDOWS\system32\coredrv32.dll] <><1, 0, 0, 1> [C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] <Network Associates, Inc.><8.0.0.955> [C:\Program Files\Network Associates\VirusScan\mytilus.dll] <Network Associates, Inc.><8.0.0.251> [C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll] <Network Associates, Inc.><8.0.0.251> [C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll] <McAfee, Inc.><4.4.00> [PID: 3048][C:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\coredrv32.dll] <><1, 0, 0, 1> [PID: 1736][E:\軟件\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> ================================== 文件關聯 .TXT Error. [notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. [hh.exe %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [notepad.exe %1] .INF Error. [notepad.exe %1] .VBS Error. [wscript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: 1. 使用SREng (相關操作說明) -刪除以下的服務 [Computer Storage / BUZOR] -刪除以下瀏覽器載入項 [IEYHlprObj Class] {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} [Schedule Class] {8B316DA1-9950-4926-B9EA-1AEC124AFA45} [WinSC Class] {9ACEEE31-1440-471B-AA46-72B061FE7D61} [EastAliveObj Class] {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} [T2BHO Class] {B1D147E7-873E-4909-8127-695D9BB78728} [tscgm Class] {D11D0862-0390-4884-A95C-4702D0D4C11A} [比較購物搜索(&C)] {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} [estInsObj Class] {A927C078-E82F-471B-83F5-3D1504F7D01B} -修復以下文件關聯 .TXT Error. [notepad.exe %1] .CHM Error. [hh.exe %1] .INI Error. [notepad.exe %1] .INF Error. [notepad.exe %1] .VBS Error. [wscript.exe "%1" %*] 2. 重新啟動,刪除以下檔案 (看注1) C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL C:\WINDOWS\IEYHelper.dll C:\WINDOWS\estAlive.dll C:\WINDOWS\YayaBands.dll C:\WINDOWS\system32\sscli.dll C:\WINDOWS\system32\WinSC.dll C:\WINDOWS\system32\WinSC32.dll C:\WINDOWS\system32\WinSC64.dll C:\WINDOWS\system32\coredrv32.dll 3. 下載 惡意軟件清理助手,並儲存到桌面 (如有需要,把使用方法的圖同時儲存到桌面) 重新啟動,按 F8 進入安全模式,用惡意軟件清理助手清理一下你的系統 4. 用Dr.Web CureIT掃瞄一次你的電腦 a) 下載 Dr.Web CureIT 並儲存到桌面 (請同時把使用方法的圖片儲存到桌面,方便參考) b) 執行 cureit.exe ,按 Start 繼續,會提示你做一次Express Scan (掃瞄記憶體) ,如果找到已感染的檔案,會提示你進行清除(Cure) c) Express Scan完成後,按 Select drives ,再按右手面的 三角形/箭頭 開始掃瞄 d) 在掃瞄過程中找到已感染的檔案,按 Yes to All 去清除/移動檔案 e) 掃瞄完成後,如果找到已感染的檔案,根據圖中按 藍圈 ---> 紅圈 ---> 綠圈 f) 關閉Dr.Web CureIT 並重新啟動電腦,之後,把 C:\Documents and Settings\[你的用戶名稱]\DoctorWeb\CureIT.log 內容貼上來 開始 執行 services.msc 禁用下面名稱的服務 Computer Storage 刪除下面文件 C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL 超級兔子清理王7.78beta2(2006.08.31更新) 可卸載 163種流氓LJ惡意軟件 http://download5.pctutu.com/soft/winspeed778beta.zip 執行「超級兔子清理王」裡面的「專業卸載」,把裡面用紅色標記的流氓不良綁裝軟件全部卸載掉 不要安裝超級兔子上網精靈裡面帶的「超級兔子工具欄」 下載 執行 流氓軟件清理助手 V2.1.1 http://www.tommsoft.com/Products.aspx?pid=2 選擇強制清理,如果第一次清理不掉,可以去安全模式下再次清理 |
Q:
中毒了。大家看看我的日誌 在某網站下載了一個東西後。自動安裝了一些亂七八糟的東西。進入安全模式用卡巴 ewido殺毒 (掃瞄出20個病毒) 現在開機啟動後卡巴提示C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper 目錄下有個IEHelper.dll文件是廣告程式卻怎麼也刪不掉。 日誌: 2006-09-01,13:59:22 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] <run><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <kav><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab] <Outpost Firewall><C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice> [Agnitum Ltd.] <OutpostFeedBack><C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup> [Agnitum Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [Kaspersky Lab] ================================== 啟動資料夾 服務 [卡巴斯基反病毒軟件6.0 / AVP] <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab> [C-DillaCdaC11BA / C-DillaCdaC11BA] <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision> [Outpost Firewall Service / OutpostFirewall] <C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /service><Agnitum Ltd.> ================================== 瀏覽器載入項 [MyIEHelper Class] {16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4702.dll, N/A> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD> [Web反病毒保護] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab> [Outpost Firewall Pro 快速調較] {44627E97-789B-40d4-B5C2-58BD171129A1} <C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll, Agnitum Ltd.> [JUJU貓] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.jujumao.com, N/A> [CibaCtrl Class] {8DE0FCD4-5EB5-11D3-AD25-00002100131B} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, > [JoyoCtrl Class] {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, > [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [YOK超級搜索] {F869BB38-FFEF-4589-B986-610B7AD0ADA2} <http://www.yok.com, N/A> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [WebActivater Control] {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [ActiveMovieControl Object] {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation> [MyIEHelper Class] {16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4702.dll, N/A> [RealPlayer SMIL Download Handler] {224E833B-2CC6-42D9-AE39-90B6A38A4FA2} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [IETag Factory] {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation> [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Microsoft Web 瀏覽器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD> [CibaCtrl Class] {8DE0FCD4-5EB5-11D3-AD25-00002100131B} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, > [PhotoUploadCtrl Control] {A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} <C:\PROGRA~1\Tencent\QQ\QZone\PHOTOU~1.OCX, tencent> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation> [WebActivater Control] {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ> [JoyoCtrl Class] {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, > [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [AUDIO__WAV Moniker Class] {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [Microsoft Agent Control 2.0] {D45FD31B-5C6E-11D1-9EC1-00C04FD7081F} <C:\WINDOWS\msagent\agentctl.dll, Microsoft Corporation> [TencentVmpCtl Class] {D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation> [上傳到QQ網路硬碟] <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A> [使用迅雷下載] <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A> [使用迅雷下載全部鏈接] <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A> [匯出到 Microsoft Office Excel(&X)] <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A> [新增到QQ自定義面板] <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A> [新增到QQ表情] <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A> [用QQ彩信發送該圖片] <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A> ================================== 正在執行的工作行程 [PID: 644][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 752][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 800][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\klogon.dll] <Kaspersky Lab><6.0.0.299> [PID: 876][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 888][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1080][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1180][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1256][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1328][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1452][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1696][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [PID: 2008][C:\WINDOWS\system32\drivers\CDAC11BA.EXE] <Macrovision><4.20.020> [PID: 136][C:\Program Files\Agnitum\Outpost Firewall\outpost.exe] <Agnitum Ltd.><3.5.462.6330> [C:\Program Files\Agnitum\Outpost Firewall\engine.dll] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\op_utils.dll] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\Plugins\Ads\ad_int.ofp] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\Plugins\Content\cnt_int.ofp] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\Plugins\DNS\dns_int.ofp] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\Plugins\File\file_int.ofp] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\Plugins\Web\web_int.ofp] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\op_hdlr.dll] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\op_data.dll] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\netstat.ofp] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\Plugins\Protect\prot_int.ofp] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\sp_ui.ofp] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\sp_cure.dll] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\sp_mon.dll] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\sp_scan.dll] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\zlib.dll] <Jean-loup Gailly and Mark Adler><1, 1, 4, 0> [C:\Program Files\Agnitum\Outpost Firewall\unrar.dll] <N/A><N/A> [C:\Program Files\Agnitum\Outpost Firewall\op_cmn.dll] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\opst_ui.dll] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\op_ctrls.dll] <Agnitum Ltd.><3.51.759.6511> [PID: 204][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)> [PID: 744][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86> [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.0.0.86> [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2> [PID: 1860][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 560][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1716][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86> [C:\Program Files\Tencent\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5> [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] <Kaspersky Lab><1.0.6.299> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] <Kaspersky Lab><6.0.0.299> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] <Kaspersky Lab><6.0.0.299> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] <Kaspersky Lab><6.0.0.299> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] <Kaspersky Lab><6.0.0.299> [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] <Kaspersky Lab><6.0.0.299> [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] <Kaspersky Lab><6.0.0.299> [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] <Kaspersky Lab><6.0.0.299> [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] <Kaspersky Lab><6.0.0.299> [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] <Kaspersky Lab><6.0.0.299> [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.0.0.86> [PID: 3536][E:\TDDownload\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> ================================== 文件關聯 .TXT Error. [Notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: 超級兔子清理王7.78beta2(2006.08.31更新) 可卸載 163種流氓LJ惡意軟件 http://download5.pctutu.com/soft/winspeed778beta.zip 執行「超級兔子清理王」裡面的「專業卸載」,把裡面用紅色標記的流氓不良綁裝軟件全部卸載掉 不要安裝超級兔子上網精靈裡面帶的「超級兔子工具欄」 下載 執行 流氓軟件清理助手 V2.1.1 http://www.tommsoft.com/Products.aspx?pid=2 選擇強制清理,如果第一次清理不掉,可以去安全模式下再次清理 |
Q:
office損壞,rar和其它很多exe文件打不開 不知是不是中毒,首先公司局域網內很多office文檔都打不開,有錯誤提示,重裝安裝OFFICE軟件後,文檔可以用了,但rar和其它很多exe文件都無法執行。 我已經用卡巴、諾盾、麥咖啡殺過毒了,均無效。。 並且打開其它文件時並沒有錯誤提示,只是沒任何反應,並且任務管理器裡沒有相關工作行程。。 求其它解決方法。。。 A: 如果懷疑係統裡有病毒或木馬,下載Dr.Web CureIT! 免費掃瞄器,包含最新病毒庫,可以檢測清除病毒、木馬、後門、流氓惡意軟件,不和已裝殺毒軟件衝突 直接下載位址: ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe 自解壓格式,下載後直接執行cureit.exe,或者滑鼠右鍵,解壓到目標資料夾,然後執行該資料夾裡面的「_start.exe」殺毒 先按「確定」進行「Start Express Scan」快速殺毒,先會自動掃瞄記憶體工作行程和啟動項,等快速掃瞄結束後,再用滑鼠左鍵選中硬碟分區的圖示,被選中的分區上會出現紅點標記,再次殺毒.Dr.Web界面左下角的5個按鍵分別是"全選" "清除" "重命名" "隔離" "刪除".可以先把殺毒報告發上來等待確認後再進行操作,或者Select all(全選) Cure ->Move incurable(將清除失敗的文件移動到隔離區) 最後把殺毒報告發上來,從"我的電腦"打開 %USERPROFILE%\DoctorWeb\ 打開下面文件CureIt.log複製其中內容到帖子裡 Dr.Web 使用圖解 如果還有問題,下載 System Repair Engineer http://www.kztechs.com/sreng/sreng2.zip 使用方法: 解壓到一個資料夾如D:\sreng2.執行SREng.exe,點擊"智慧式掃瞄"->"掃瞄"->"儲存報告".然後把報告發上來分析 Q: 單位裡也是這種情況,把OFFCE重裝了,可以用, 不過第二天又出現這種問題 對啊。。第二天又會不行。到底怎麼回事啊!! 我已經查好一次了,把CureIt.log複製其中內容到帖子裡 ============================================================================= Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.06080) Copyright (c) Igor Daniloff, 1992-2006 Log generated on: 2006-09-01, 11:08:29 [LSFJ0008][Administrator] Command-line: "C:\工具\cureit\cureit.exe" /lng /ini:cureit_XP.ini Operating system:Windows 2000 Professional x86 (Build 2195), Service Pack 4 ============================================================================= Engine version: 4.33 (4.33.4.07270) Engine API version: 2.01 [Virus base] C:\工具\cureit\crwtoday.cdb - 684 virus records [Virus base] C:\工具\cureit\crw43350.cdb - 1020 virus records [Virus base] C:\工具\cureit\crw43349.cdb - 1008 virus records [Virus base] C:\工具\cureit\crw43348.cdb - 1096 virus records [Virus base] C:\工具\cureit\crw43347.cdb - 707 virus records [Virus base] C:\工具\cureit\crw43346.cdb - 1429 virus records [Virus base] C:\工具\cureit\crw43345.cdb - 1358 virus records [Virus base] C:\工具\cureit\crw43344.cdb - 694 virus records [Virus base] C:\工具\cureit\crw43343.cdb - 1186 virus records [Virus base] C:\工具\cureit\crw43342.cdb - 744 virus records [Virus base] C:\工具\cureit\crw43341.cdb - 841 virus records [Virus base] C:\工具\cureit\crw43340.cdb - 822 virus records [Virus base] C:\工具\cureit\crw43339.cdb - 1071 virus records [Virus base] C:\工具\cureit\crw43338.cdb - 989 virus records [Virus base] C:\工具\cureit\crw43337.cdb - 855 virus records [Virus base] C:\工具\cureit\crw43336.cdb - 1297 virus records [Virus base] C:\工具\cureit\crw43335.cdb - 1195 virus records [Virus base] C:\工具\cureit\crw43334.cdb - 900 virus records [Virus base] C:\工具\cureit\crw43333.cdb - 1381 virus records [Virus base] C:\工具\cureit\crw43332.cdb - 1340 virus records [Virus base] C:\工具\cureit\crw43331.cdb - 2735 virus records [Virus base] C:\工具\cureit\crw43330.cdb - 2078 virus records [Virus base] C:\工具\cureit\crw43329.cdb - 2490 virus records [Virus base] C:\工具\cureit\crw43328.cdb - 743 virus records [Virus base] C:\工具\cureit\crw43327.cdb - 958 virus records [Virus base] C:\工具\cureit\crw43326.cdb - 793 virus records [Virus base] C:\工具\cureit\crw43325.cdb - 713 virus records [Virus base] C:\工具\cureit\crw43324.cdb - 655 virus records [Virus base] C:\工具\cureit\crw43323.cdb - 655 virus records [Virus base] C:\工具\cureit\crw43322.cdb - 778 virus records [Virus base] C:\工具\cureit\crw43321.cdb - 846 virus records [Virus base] C:\工具\cureit\crw43320.cdb - 808 virus records [Virus base] C:\工具\cureit\crw43319.cdb - 764 virus records [Virus base] C:\工具\cureit\crw43318.cdb - 838 virus records [Virus base] C:\工具\cureit\crw43317.cdb - 363 virus records [Virus base] C:\工具\cureit\crw43316.cdb - 730 virus records [Virus base] C:\工具\cureit\crw43315.cdb - 627 virus records [Virus base] C:\工具\cureit\crw43314.cdb - 824 virus records [Virus base] C:\工具\cureit\crw43313.cdb - 842 virus records [Virus base] C:\工具\cureit\crw43312.cdb - 830 virus records [Virus base] C:\工具\cureit\crw43311.cdb - 862 virus records [Virus base] C:\工具\cureit\crw43310.cdb - 853 virus records [Virus base] C:\工具\cureit\crw43309.cdb - 733 virus records [Virus base] C:\工具\cureit\crw43308.cdb - 708 virus records [Virus base] C:\工具\cureit\crw43307.cdb - 839 virus records [Virus base] C:\工具\cureit\crw43306.cdb - 930 virus records [Virus base] C:\工具\cureit\crw43305.cdb - 759 virus records [Virus base] C:\工具\cureit\crw43304.cdb - 721 virus records [Virus base] C:\工具\cureit\crw43303.cdb - 638 virus records [Virus base] C:\工具\cureit\crw43302.cdb - 806 virus records [Virus base] C:\工具\cureit\crw43301.cdb - 504 virus records [Virus base] C:\工具\cureit\crw43300.cdb - 24 virus records [Virus base] C:\工具\cureit\crwebase.cdb - 78674 virus records [Virus base] C:\工具\cureit\cwrtoday.cdb - 227 virus records [Virus base] C:\工具\cureit\cwr43301.cdb - 697 virus records [Virus base] C:\工具\cureit\crwrisky.cdb - 1271 virus records [Virus base] C:\工具\cureit\cwntoday.cdb - 105 virus records [Virus base] C:\工具\cureit\cwn43304.cdb - 793 virus records [Virus base] C:\工具\cureit\cwn43303.cdb - 766 virus records [Virus base] C:\工具\cureit\cwn43302.cdb - 850 virus records [Virus base] C:\工具\cureit\cwn43301.cdb - 773 virus records [Virus base] C:\工具\cureit\crwnasty.cdb - 4867 virus records Total virus records: 138087 Key file: C:\工具\cureit\cureit.key License key number: 0000000010 Registered to: Dr.Web CureIt Project License key activates: 2005-03-05 License key expires: 2007-03-05 ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 0 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 0 Kb/s Scan time: 00:00:00 ----------------------------------------------------------------------------- [Scan path] D:\WINNT\System32\smss.exe [Scan path] D:\WINNT\system32\csrss.exe [Scan path] D:\WINNT\system32\winlogon.exe [Scan path] D:\WINNT\system32\services.exe [Scan path] D:\WINNT\system32\lsass.exe [Scan path] D:\WINNT\system32\svchost.exe [Scan path] D:\WINNT\system32\spoolsv.exe [Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe [Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe [Scan path] D:\WINNT\system32\MSTask.exe [Scan path] D:\WINNT\System32\WBEM\WinMgmt.exe [Scan path] D:\WINNT\Explorer.EXE [Scan path] D:\WINNT\system32\hkcmd.exe [Scan path] D:\Program Files\Analog Devices\SoundMAX\Smtray.exe [Scan path] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [Scan path] D:\WINNT\system32\Internat.exe [Scan path] C:\jstax\jstax.exe [Scan path] C:\jstax\swdj.exe [Scan path] D:\WINNT\system32\regsvc.exe [Scan path] D:\WINNT\system32\conime.exe [Scan path] D:\Program Files\Internet Explorer\IEXPLORE.EXE [Scan path] C:\工具\cureit\_start.exe [Scan path] C:\工具\cureit\cureit.exe [Scan path] D:\WINNT\system32\mobsync.exe [Scan path] D:\WINNT\system32\mswdm.exe D:\WINNT\system32\mswdm.exe infected with Trojan.PWS.Gamania - incurable - moved [Scan path] d:\program files\internet explorer\connection wizard\icwconn1.exe [Scan path] D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [Scan path] D:\Program Files\Microsoft Office\Office\OSA9.EXE [Scan path] D:\WINNT\system32\mmsys.cpl [Scan path] D:\WINNT\system32\icmui.dll [Scan path] D:\WINNT\system32\rshx32.dll [Scan path] D:\WINNT\system32\docprop.dll [Scan path] D:\WINNT\system32\ntshrui.dll [Scan path] D:\WINNT\system32\plustab.dll [Scan path] D:\WINNT\system32\deskadp.dll [Scan path] D:\WINNT\system32\deskmon.dll [Scan path] D:\WINNT\system32\dssec.dll [Scan path] D:\WINNT\system32\shscrap.dll [Scan path] D:\WINNT\system32\diskcopy.dll [Scan path] D:\WINNT\system32\ntlanui2.dll [Scan path] D:\WINNT\system32\printui.dll [Scan path] D:\WINNT\system32\dskquoui.dll [Scan path] D:\WINNT\system32\syncui.dll [Scan path] D:\WINNT\system32\hticons.dll [Scan path] D:\WINNT\system32\fontext.dll [Scan path] D:\WINNT\system32\deskperf.dll [Scan path] D:\WINNT\system32\wshext.dll [Scan path] D:\WINNT\system32\cryptext.dll [Scan path] D:\WINNT\system32\NETSHELL.dll [Scan path] D:\WINNT\system32\shdocvw.dll [Scan path] D:\WINNT\system32\mstask.dll [Scan path] D:\WINNT\system32\shell32.dll [Scan path] D:\WINNT\system32\browseui.dll [Scan path] D:\WINNT\system32\sendmail.dll [Scan path] D:\WINNT\system32\occache.dll [Scan path] D:\WINNT\system32\webcheck.dll [Scan path] D:\WINNT\system32\thumbvw.dll [Scan path] D:\WINNT\system32\appwiz.cpl [Scan path] D:\WINNT\system32\dsfolder.dll [Scan path] D:\WINNT\system32\dsquery.dll [Scan path] D:\WINNT\system32\dsuiext.dll [Scan path] D:\WINNT\system32\mydocs.dll [Scan path] D:\WINNT\system32\cscui.dll [Scan path] D:\WINNT\system32\mmcshext.dll [Scan path] D:\WINNT\system32\cabview.dll [Scan path] D:\WINNT\system32\dllcache\wabfind.dll [Scan path] D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll [Scan path] D:\WINNT\system32\cdfview.dll [Scan path] D:\Program Files\Real\RealPlayer\rpshell.dll [Scan path] D:\Program Files\WinRAR\rarext.dll [Scan path] D:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL [Scan path] D:\WINNT\system32\stobject.dll [Scan path] D:\WINNT\system32\crypt32.dll [Scan path] D:\WINNT\system32\cryptnet.dll [Scan path] D:\WINNT\system32\cscdll.dll [Scan path] D:\WINNT\system32\igfxsrvc.dll [Scan path] D:\WINNT\system32\NavLogon.dll [Scan path] D:\WINNT\system32\sclgntfy.dll [Scan path] D:\WINNT\system32\WlNotify.dll [Scan path] D:\WINNT\system32\wzcdlg.dll [Scan path] D:\WINNT\system32\DRIVERS\ACPI.sys [Scan path] D:\WINNT\System32\drivers\afd.sys [Scan path] D:\WINNT\system32\DRIVERS\asyncmac.sys [Scan path] D:\WINNT\system32\DRIVERS\atapi.sys [Scan path] D:\WINNT\system32\DRIVERS\atmarpc.sys [Scan path] D:\WINNT\system32\DRIVERS\audstub.sys [Scan path] d:\winnt\system32\svchost.exe [Scan path] D:\WINNT\system32\DRIVERS\CCDECODE.sys [Scan path] D:\WINNT\system32\DRIVERS\cdrom.sys [Scan path] D:\WINNT\system32\cisvc.exe [Scan path] D:\WINNT\system32\clipsrv.exe [Scan path] D:\WINNT\system32\DRIVERS\disk.sys [Scan path] d:\winnt\system32\dmadmin.exe [Scan path] D:\WINNT\System32\drivers\dmboot.sys [Scan path] D:\WINNT\System32\drivers\dmio.sys [Scan path] D:\WINNT\System32\drivers\dmload.sys [Scan path] D:\WINNT\system32\drivers\DMusic.sys [Scan path] D:\WINNT\system32\DRIVERS\e100bnt5.sys [Scan path] D:\WINNT\system32\faxsvc.exe [Scan path] D:\WINNT\system32\DRIVERS\fdc.sys [Scan path] D:\WINNT\system32\DRIVERS\flpydisk.sys [Scan path] D:\WINNT\system32\drivers\fltmgr.sys [Scan path] D:\WINNT\system32\DRIVERS\fsvga.sys [Scan path] D:\WINNT\system32\DRIVERS\ftdisk.sys [Scan path] D:\WINNT\system32\DRIVERS\msgpc.sys [Scan path] D:\WINNT\system32\DRIVERS\i8042prt.sys [Scan path] D:\WINNT\system32\DRIVERS\ialmnt5.sys [Scan path] D:\WINNT\system32\DRIVERS\intelide.sys [Scan path] D:\WINNT\System32\DRIVERS\ipfltdrv.sys [Scan path] D:\WINNT\system32\DRIVERS\ipinip.sys [Scan path] D:\WINNT\system32\DRIVERS\ipnat.sys [Scan path] D:\WINNT\system32\DRIVERS\ipsec.sys [Scan path] D:\WINNT\System32\DRIVERS\irenum.sys [Scan path] D:\WINNT\system32\DRIVERS\isapnp.sys [Scan path] D:\WINNT\system32\DRIVERS\kbdclass.sys [Scan path] D:\WINNT\system32\drivers\kmixer.sys [Scan path] D:\WINNT\system32\drivers\kmsinput.sys [Scan path] D:\WINNT\system32\mnmsrvc.exe [Scan path] D:\WINNT\system32\DRIVERS\mouclass.sys [Scan path] D:\WINNT\system32\DRIVERS\MPE.sys [Scan path] D:\WINNT\system32\DRIVERS\mrxsmb.sys [Scan path] D:\WINNT\system32\msdtc.exe [Scan path] d:\winnt\system32\msiexec.exe [Scan path] D:\WINNT\system32\drivers\MSKSSRV.sys [Scan path] D:\WINNT\system32\drivers\MSPCLOCK.sys [Scan path] D:\WINNT\system32\drivers\MSPQM.sys [Scan path] D:\WINNT\system32\drivers\MSTEE.sys [Scan path] D:\WINNT\system32\DRIVERS\NABTSFEC.sys [Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys [Scan path] C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPEL.SYS [Scan path] D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG.sys [Scan path] D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX15.sys [Scan path] D:\WINNT\system32\DRIVERS\ndistapi.sys [Scan path] D:\WINNT\system32\DRIVERS\ndisuio.sys [Scan path] D:\WINNT\system32\DRIVERS\ndiswan.sys [Scan path] D:\WINNT\system32\DRIVERS\netbios.sys [Scan path] D:\WINNT\system32\DRIVERS\netbt.sys [Scan path] D:\WINNT\system32\netdde.exe [Scan path] D:\WINNT\system32\drivers\netdtect.sys [Scan path] D:\WINNT\system32\DRIVERS\nwlnkflt.sys [Scan path] D:\WINNT\system32\DRIVERS\nwlnkfwd.sys [Scan path] D:\WINNT\system32\DRIVERS\parallel.sys [Scan path] D:\WINNT\system32\DRIVERS\parport.sys [Scan path] D:\WINNT\system32\DRIVERS\pci.sys [Scan path] D:\WINNT\system32\DRIVERS\pciide.sys [Scan path] D:\WINNT\system32\DRIVERS\raspptp.sys [Scan path] D:\WINNT\system32\DRIVERS\ptilink.sys [Scan path] D:\WINNT\system32\DRIVERS\rasacd.sys [Scan path] D:\WINNT\system32\DRIVERS\rasl2tp.sys [Scan path] D:\WINNT\system32\DRIVERS\raspti.sys [Scan path] D:\WINNT\system32\drivers\RCA.sys [Scan path] D:\WINNT\system32\DRIVERS\rdbss.sys [Scan path] D:\WINNT\system32\DRIVERS\redbook.sys [Scan path] D:\WINNT\system32\locator.exe [Scan path] d:\winnt\system32\rsvp.exe [Scan path] D:\WINNT\System32\SCardSvr.exe [Scan path] D:\WINNT\system32\DRIVERS\serenum.sys [Scan path] D:\WINNT\system32\DRIVERS\serial.sys [Scan path] D:\WINNT\system32\DRIVERS\SLIP.sys [Scan path] D:\WINNT\system32\drivers\smwdm.sys [Scan path] D:\WINNT\system32\DRIVERS\srv.sys [Scan path] D:\WINNT\system32\DRIVERS\StreamIP.sys [Scan path] D:\WINNT\system32\DRIVERS\swenum.sys [Scan path] D:\WINNT\system32\drivers\swmidi.sys [Scan path] D:\Program Files\Symantec\SYMEVENT.SYS [Scan path] D:\WINNT\system32\drivers\sysaudio.sys [Scan path] D:\WINNT\system32\smlogsvc.exe [Scan path] D:\WINNT\system32\DRIVERS\tcpip.sys [Scan path] D:\WINNT\system32\tlntsvr.exe [Scan path] D:\WINNT\system32\DRIVERS\uhcd.sys [Scan path] D:\WINNT\system32\DRIVERS\update.sys [Scan path] D:\WINNT\System32\ups.exe [Scan path] D:\WINNT\system32\DRIVERS\usbehci.sys [Scan path] D:\WINNT\system32\DRIVERS\usbhub.sys [Scan path] D:\WINNT\system32\DRIVERS\usbhub20.sys [Scan path] D:\WINNT\system32\DRIVERS\USBSTOR.SYS [Scan path] D:\WINNT\System32\UtilMan.exe [Scan path] D:\WINNT\System32\drivers\vga.sys [Scan path] D:\WINNT\system32\DRIVERS\wanarp.sys [Scan path] D:\WINNT\system32\drivers\wdmaud.sys [Scan path] D:\WINNT\system32\DRIVERS\WSTCODEC.SYS [Scan path] D:\WINNT\system32\drivers\ialmsbw.sys [Scan path] D:\WINNT\system32\ntsd.exe ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 185 Infected objects found: 1 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 1 Objects ignored: 0 Scan speed: 264 Kb/s Scan time: 00:01:25 ----------------------------------------------------------------------------- [Scan path] C:\ C:\IBMTOOLS\APPS\ACCESS\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\APPS\ACROBAT\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\APPS\NORTONAV\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\APPS\NORTONAV\NAV\MSSHLIB\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\APPS\NORTONAV\NAV\RESCUE\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SMAXWDM\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SMAXWDM\W2K_XP\INSTALL.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Control Panel\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Sensaura 3D\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Synthesizer\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\CHIPSET\INTEL\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\VIDEO\INTEL\WXP\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\power65bak\PB6\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured >C:\Program Files\Alcohol Soft\Alcohol 120\Patch.exe is hacktool program Tool.ASEye.2 C:\Program Files\Analog Devices\SoundMAX\install.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Analog Devices\SoundMAX WDM Driver\install.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\MSN Messenger\msnmsgr.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Outlook Express\msimn.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\Setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Real\RealOne Player\realplay.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Real\RealOne Player\Setup\setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Real\RealPlayer\realplay.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Real\RealPlayer\Setup\setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\TTPlayer\TTPlayer.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\UltraEdit\uedit32.exe infected with Win32.HLLW.Gavir.17 - cured C:\RECYCLER\S-1-5-21-583907252-1364589140-682003330-500\Dc16.4\Setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\RECYCLER\S-1-5-21-583907252-1364589140-682003330-500\Dc19\APPS\SNMP\AGENT\W2K-WS32\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured >C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0007520.dll infected with Trojan.DownLoader.3944 - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010037.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010038.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010041.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010046.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010047.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010053.dll is adware program Adware.Cdn >C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010054.exe probably infected with BINARYRES C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010055.exe is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010056.exe is adware program Adware.Cdn >C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010611.dll infected with Trojan.DownLoader.3944 - deleted >C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010646.exe probably infected with BACKDOOR.Trojan >C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010651.exe probably infected with BACKDOOR.Trojan >C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010653.exe probably infected with BACKDOOR.Trojan >C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010657.exe probably infected with BACKDOOR.Trojan >C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010658.exe probably infected with BACKDOOR.Trojan C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010700.dll is adware program Adware.Baidu >C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010776.dll infected with Trojan.MulDrop.2135 - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010811.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010816.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010825.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010833.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010838.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010854.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010855.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP46\A0011464.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011507.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011508.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011509.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011510.exe is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011511.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011512.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011513.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011514.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011516.sys is adware program Adware.Cdn >C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP78\A0013040.dll probably infected with BINARYRES >C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP78\snapshot\MFEX-1.DAT probably infected with BINARYRES C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP88\A0015897.EXE probably infected with DLOADER.Trojan C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP195\A0026610.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP195\A0026611.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP196\A0026645.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP196\A0026646.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026685.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026686.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026707.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026708.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\snapshot\MFEX-1.DAT is adware program Adware.Cdn C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026736.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026737.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026784.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026785.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026807.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026808.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026814.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026815.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP199\A0026821.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP199\A0026822.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP200\A0026859.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP200\A0026860.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP201\A0026906.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP201\A0026907.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0026941.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0026942.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0027034.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0027035.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027072.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027073.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027083.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027084.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP204\A0027121.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP204\A0027122.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027195.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027196.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027206.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027207.sys is adware program Adware.Henbang >C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027223.exe probably infected with BACKDOOR.Trojan >C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027229.exe probably infected with BACKDOOR.Trojan >C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027234.exe probably infected with BACKDOOR.Trojan >C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027239.exe probably infected with BACKDOOR.Trojan >C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027240.exe probably infected with BACKDOOR.Trojan C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027315.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027316.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027390.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027391.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP207\A0027446.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP207\A0027447.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP208\A0027493.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP208\A0027494.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027606.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027607.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027624.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027625.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027643.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027644.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027670.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027671.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP211\A0027716.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP211\A0027717.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP212\A0027795.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP212\A0027796.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP215\A0027894.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP215\A0027895.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027988.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027989.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027997.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027998.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028050.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028051.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028058.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028059.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP218\A0028094.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP218\A0028095.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028185.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028186.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028220.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028221.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP220\A0028405.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP220\A0028406.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP221\A0028428.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP221\A0028429.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028448.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028449.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028511.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028512.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP223\A0028532.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP223\A0028533.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP224\A0028559.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP224\A0028560.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP225\A0028582.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP225\A0028583.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028608.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028609.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028635.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028636.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP227\A0028697.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP227\A0028698.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028733.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028734.sys is adware program Adware.Henbang >C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028760.exe probably infected with BACKDOOR.Trojan >C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028766.exe probably infected with BACKDOOR.Trojan >C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028771.exe probably infected with BACKDOOR.Trojan >C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028776.exe probably infected with BACKDOOR.Trojan >C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028777.exe probably infected with BACKDOOR.Trojan C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028814.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028815.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028846.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028847.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028867.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028868.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028887.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028888.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028970.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028971.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028992.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028993.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029018.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029019.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029037.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029038.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029050.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029051.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029159.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029160.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029196.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029197.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029279.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029280.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP233\A0029320.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP233\A0029321.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029356.dll is adware program Adware.Cdn C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029361.dll is adware program Adware.Cdn C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029404.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029405.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029430.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029431.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0030430.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0030431.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0031430.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0031431.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032430.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032431.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032472.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032473.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP236\A0032508.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP236\A0032509.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032589.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032590.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032612.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032613.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032653.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032654.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032663.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032664.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032673.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032674.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032689.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032690.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032704.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032705.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032733.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032734.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032844.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032845.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032904.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032905.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032926.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032927.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP241\A0032943.exe infected with Trojan.DownLoader.3223 - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP241\A0032953.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP241\A0032954.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP242\A0032995.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP242\A0032996.sys is adware program Adware.Henbang C:\wbzx9801\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\WPS2000\WpsUpd.EXE probably infected with DLOADER.Trojan C:\writeIC備份\ICsetup\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\Gordian.Knot.Rip.Pack.0.28.8.Setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\Install_Messenger_Beta.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\INSTALL_MSN_MESSENGER_NT.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\KS051221.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\PR16b1.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\QQGame.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\RealPlayer10-5GOLD.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\wangwangsetup_1.5.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\wrar330sc.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\xiaotv2006.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\znwb5502_setup.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\飄邈之旅[全].exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\18icyc\18icyc\icyc-ws-setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\ACDSee50en\acdsee50en.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\ACDSee50en\instmsiw.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\acdsee50_chs_yy\hb_acdsee5000025s_main_yy.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\acdsee50_chs_yy\hb_acdsee5000025s_other_yy.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\acdsee50_chs_yy\hb_acdsee5000025s_plugins_yy.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\CPCW_DianNaoBao_2005\PCWReadSys.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\DivX.Pro.v5.1.1.Incl.Keygen-SSG\DivXPro511Bundle.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\DivX.Pro.v5.1.1.Incl.Keygen-SSG\Divx_v5.1.1_Kg.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\DivXG400\setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\flash saver maker\flashchs.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\Photoshop 7.01簡體中文版\Setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\Photoshop 7.01簡體中文版\_ISDel.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\Sybase11.9.2客戶端\setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\Sybase11.9.2客戶端\_isdel.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\Sybase11.9.2客戶端\client\win31\Setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\任天堂\smynesc.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\瑩幕保護\MAT-V2-US.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\時鐘瑩幕保護\setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\王碼五筆字型輸入法第二版\WM9801\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\王碼五筆字型輸入法第二版\WM9801\TESTEN20.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\王碼五筆字型輸入法第二版\WM9801\UCDOS\INSTALL.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\王碼五筆字型輸入法第二版\WM9801\UCDOS\README.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\ANZH.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\DEF24P.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\INSTALL.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\MAKECZ.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\MAKEHZ.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\README.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\ZHCODE.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\超級兔子\magicset746onlinedown.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\迅雷\Setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\飛行\3dflyingsaver\3dflyingsaver.exe infected with Win32.HLLW.Gavir.17 - cured [Scan path] D:\ D:\WINNT\veevrg.exe infected with Win32.HLLW.Gavir.17 - incurable - moved D:\WINNT\rundl132.exe infected with Win32.HLLW.Gavir.17 - cured >D:\WINNT\2Sy.exe infected with Trojan.PWS.Lineage - deleted >D:\WINNT\1Sy.exe infected with Trojan.PWS.Lineage - deleted >D:\WINNT\4Sy.exe infected with Trojan.PWS.Lineage - deleted >D:\WINNT\5Sy.exe infected with Trojan.PWS.Lineage - deleted >D:\WINNT\6Sy.exe infected with Trojan.PWS.Lineage - deleted D:\WINNT\WINWORD.EXE infected with Win32.HLLW.Gavir.17 - cured D:\WINNT\realplay.exe infected with Win32.HLLW.Gavir.17 - cured D:\WINNT\EXCEL.EXE infected with Win32.HLLW.Gavir.17 - cured D:\WINNT\msnmsgr.exe infected with Win32.HLLW.Gavir.17 - cured D:\WINNT\Dll.dll infected with Win32.HLLW.Gavir.17 - will be cured after reboot >D:\WINNT\system32\dmshell.dll is adware program Adware.Dmad D:\WINNT\system32\layer1.dll probably infected with DLOADER.Trojan D:\WINNT\system32\msdll.dll infected with Trojan.PWS.Lineage - deleted D:\WINNT\system32\dl樓主.dll infected with Trojan.PWS.Lineage - deleted D:\WINNT\system32\dllwm.dll infected with Trojan.PWS.Lineage - deleted D:\WINNT\system32\bwdll.dll infected with Trojan.PWS.Lineage - deleted D:\WINNT\system32\config\software.LOG - read error D:\WINNT\system32\config\default.LOG - read error D:\WINNT\system32\config\SECURITY - read error D:\WINNT\system32\config\SECURITY.LOG - read error D:\WINNT\system32\config\SYSTEM.ALT - read error D:\WINNT\system32\config\SAM - read error D:\WINNT\system32\config\SAM.LOG - read error D:\WINNT\system32\config\SYSTEM - read error D:\WINNT\system32\config\SOFTWARE - read error D:\WINNT\system32\config\DEFAULT - read error D:\WINNT\system32\alitb1\update.exe probably infected with DLOADER.Trojan >D:\WINNT\command\rundll32.exe infected with Trojan.PWS.Lineage - deleted D:\Documents and Settings\Administrator\NTUSER.DAT - read error D:\Documents and Settings\Administrator\NTUSER~1.LOG - read error D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLASS.DAT - read error D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error D:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe infected with Win32.HLLW.Gavir.17 - cured D:\Program Files\Analog Devices\SoundMAX WDM Driver\install.exe infected with Win32.HLLW.Gavir.17 - cured >D:\Program Files\Intel\rundll32.exe infected with Trojan.PWS.Lineage - deleted D:\Program Files\Real\RealPlayer\realplay.exe infected with Win32.HLLW.Gavir.17 - cured D:\Program Files\Real\RealPlayer\Setup\setup.exe infected with Win32.HLLW.Gavir.17 - cured D:\Program Files\MSN Messenger\msnmsgr.exe infected with Win32.HLLW.Gavir.17 - cured ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 176659 Infected objects found: 101 Objects with modifications found: 0 Suspicious objects found: 22 Adware programs found: 190 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 1 Objects cured: 84 Objects deleted: 15 Objects renamed: 0 Objects moved: 1 Objects ignored: 0 Scan speed: 97 Kb/s Scan time: 01:48:22 ----------------------------------------------------------------------------- Scanning interrupted by user! - viruses found D:\WINNT\system32\alitb1\update.exe - incurable - deleted D:\WINNT\system32\layer1.dll - incurable - deleted D:\WINNT\system32\dmshell.dll - incurable - deleted C:\WPS2000\WpsUpd.EXE - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP242\A0032996.sys - incurable - moved C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP242\A0032995.sys - incurable - deleted C:\Program Files\Alcohol Soft\Alcohol 120\Patch.exe - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010037.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010038.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010041.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010046.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010047.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010053.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010054.exe - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010055.exe - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010056.exe - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010646.exe - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010651.exe - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010653.exe - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010657.exe - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010658.exe - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010700.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010811.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010816.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010825.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010833.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010838.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010854.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010855.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP46\A0011464.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011507.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011508.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011509.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011510.exe - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011511.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011512.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011513.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011514.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011516.sys - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP78\A0013040.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP78\snapshot\MFEX-1.DAT - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP88\A0015897.EXE - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP195\A0026610.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP195\A0026611.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP196\A0026645.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP196\A0026646.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026685.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026686.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026707.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026708.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\snapshot\MFEX-1.DAT - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026736.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026737.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026784.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026785.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026807.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026808.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026814.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026815.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP199\A0026821.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP199\A0026822.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP200\A0026859.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP200\A0026860.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP201\A0026906.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP201\A0026907.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0026941.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0026942.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0027034.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0027035.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027072.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027073.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027083.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027084.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP204\A0027121.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP204\A0027122.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027195.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027196.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027206.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027207.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027223.exe - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027229.exe - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027234.exe - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027239.exe - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027240.exe - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027315.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027316.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027390.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027391.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP207\A0027446.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP207\A0027447.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP208\A0027493.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP208\A0027494.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027606.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027607.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027624.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027625.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027643.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027644.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027670.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027671.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP211\A0027716.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP211\A0027717.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP212\A0027795.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP212\A0027796.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP215\A0027894.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP215\A0027895.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027988.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027989.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027997.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027998.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028050.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028051.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028058.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028059.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP218\A0028094.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP218\A0028095.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028185.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028186.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028220.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028221.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP220\A0028405.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP220\A0028406.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP221\A0028428.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP221\A0028429.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028448.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028449.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028511.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028512.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP223\A0028532.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP223\A0028533.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP224\A0028559.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP224\A0028560.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP225\A0028582.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP225\A0028583.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028608.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028609.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028635.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028636.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP227\A0028697.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP227\A0028698.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028733.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028734.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028760.exe - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028766.exe - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028771.exe - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028776.exe - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028777.exe - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028814.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028815.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028846.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028847.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028867.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028868.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028887.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028888.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028970.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028971.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028992.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028993.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029018.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029019.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029037.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029038.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029050.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029051.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029159.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029160.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029196.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029197.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029279.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029280.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP233\A0029320.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP233\A0029321.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029356.dll - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029361.dll - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029404.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029405.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029430.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029431.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0030430.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0030431.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0031430.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0031431.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032430.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032431.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032472.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032473.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP236\A0032508.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP236\A0032509.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032589.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032590.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032612.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032613.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032653.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032654.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032663.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032664.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032673.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032674.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032689.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032690.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032704.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032705.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032733.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032734.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032844.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032845.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032904.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032905.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032926.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032927.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP241\A0032953.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-464 -------------------- 公司的一台 把System Repair Engineer的報告也發上來,不過是我剛殺過的,求高手再看下,有沒有問題 2006-09-01,13:07:16 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows 2000 Professional Service Pack 4 (Build 2195) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <Internat.exe><Internat.exe> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] <run><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation] <IgfxTray><; D:\WINNT\system32\igfxtray.exe> [Intel Corporation] <HotKeysCmds><D:\WINNT\system32\hkcmd.exe> [Intel Corporation] <Smapp><D:\Program Files\Analog Devices\SoundMAX\Smtray.exe> [Analog Devices, Inc.] <vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation] <TkBellExe><; "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] <CheckFaultKernel><D:\WINNT\system32\mswdm.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><D:\WINNT\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] <WinlogonNotify: NavLogon><D:\WINNT\system32\NavLogon.dll> [] [HKEY_CURRENT_USER\Control Panel\Desktop] <SCRNSAVE.EXE><D:\WINNT\system32\MAT2.scr> [] ================================== 啟動資料夾 [Adobe Gamma Loader] <D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Adobe Gamma Loader.lnk><H> [Microsoft Office] <D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Microsoft Office.lnk><N> ================================== 服務 [DefWatch / DefWatch] <"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation> [Logical Disk Manager Administrative Service / dmadmin] <D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.> [Kingsoft Personal Firewall Service / KPfwSvc] <"D:\KAV2005\KPfwSvc.EXE"><N/A> [Messenger / Messenger] <\SystemRoot\D:\WINNT\system32\services.exe><N/A> [Symantec AntiVirus Client / Norton AntiVirus Server] <"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation> ================================== 瀏覽器載入項 [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <c:\Program Files\Tencent\QQ\QQ.EXE, N/A> [@msdxmLC.dll,-1@2052,電台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\system32\msdxm.ocx, Microsoft Corporation> [MSN] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <D:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll, N/A> [MeadCo ScriptX] {1663ed61-23eb-11d2-b92f-008048fdd814} <D:\WINNT\system32\MCScripX.dll, Mead & Co Limited> [CEditCtrl Object] {488A4255-3236-44B3-8F27-FA1AECAA8844} <D:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.> [上傳到QQ網路硬碟] <C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A> [新增到QQ自定義面板] <C:\Program Files\Tencent\qq\AddPanel.htm, N/A> [新增到QQ表情] <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A> [用QQ彩信發送該圖片] <C:\Program Files\Tencent\qq\SendMMS.htm, N/A> ================================== 正在執行的工作行程 [PID: 144][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 172][\??\D:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 192][\??\D:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6997> [D:\WINNT\system32\NavLogon.dll] <N/A><N/A> [PID: 220][D:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.7035> [D:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3> [PID: 240][D:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.7011> [PID: 416][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 440][D:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.7059> [PID: 468][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe] <Symantec Corporation><8.00.00.9374> [PID: 488][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 512][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe] <Symantec Corporation><8.00.00.9374> [D:\WINNT\system32\CBA.DLL] <Intel? Corporation><6.12.0.71 E> [D:\WINNT\system32\MsgSys.dll] <Intel? Corporation><6.12.0.71 E> [D:\WINNT\system32\NTS.dll] <Intel? Corporation><6.12.0.71 E> [D:\WINNT\system32\PDS.DLL] <Intel? Corporation><6.12.0.71 E> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVLU.dll] <Symantec Corporation><8.00.00.9374> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\i2ldvp3.dll] <Symantec Corporation><8.00.00.9374> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPI32.DLL] <Symantec Corp.><4.1.0.15> [D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX32a.DLL] <Symantec Corporation><20061.2.0.26> [D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG32.DLL] <Symantec Corporation><20061.2.0.26> [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP32.DLL] <Symantec Corporation><9.0.0.14> [D:\PROGRA~1\COMMON~1\SYMANT~1\SSC\Scandlgs.dll] <Symantec Corporation><8.00.00.9374> [PID: 636][D:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6972> [PID: 720][D:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100> [PID: 748][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 944][D:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690> [D:\WINNT\Dll.dll] <N/A><N/A> [D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxress.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxcpl.cpl] <Intel Corporation><3,0,0,1517> [D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><8.00.00.9374> [D:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [D:\WINNT\system32\igfxpph.dll] <Intel Corporation><3,0,0,1517> [PID: 1144][D:\WINNT\system32\hkcmd.exe] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxdev.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxhk.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517> [PID: 1176][D:\Program Files\Analog Devices\SoundMAX\Smtray.exe] <Analog Devices, Inc.><3, 0, 205, 0> [PID: 1128][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] <Symantec Corporation><8.00.00.9374> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll] <Symantec Corporation><8.00.00.9374> [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><8.00.00.9374> [PID: 316][D:\WINNT\system32\Internat.exe] <Microsoft Corporation><5.00.2920.0000> [PID: 424][D:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701> [PID: 1076][D:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655> [PID: 420][D:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106> [D:\WINNT\system32\PWBX3245.IME] <Beijing WangMa Computer General Company.><5.00.000> [D:\WINNT\system\WBX3245.dll] <N/A><N/A> [D:\WINNT\system\WMW3245.dll] <N/A><N/A> [D:\WINNT\system\WMSYS32.dll] <N/A><N/A> [PID: 1328][C:\工具\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["D:\WINNT\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: System Repair Engineer 刪除下面一條啟動項 <CheckFaultKernel><D:\WINNT\system32\mswdm.exe> [] 從system volumeinformation\_restore 系統還原備份資料夾中發現了病毒、木馬 我的電腦->右鍵->內容->系統還原,禁用系統還原功能 Dr.Web發現了很多病毒、木馬、後門,其中大部分已經被清除或刪除。重新用Dr.Web掃瞄一遍電腦,如果不再報告新病毒,就算解決了 Q: 請問我是win2000,在哪裡可以系統還原,禁用系統還原功能 A: 你大概裝的是雙系統。C硬碟分區上裝的是XP嗎? 系統還原在XP中有這個功能,可用從XP系統中禁用 Q: 哦,原來如此,謝謝 我機器以前做過XP,後來出問題裝了2000,XP沒能刪清 A: 不用客氣,電腦問題尤其是病毒問題,還是具體問題具體分析的好 |
Q:
【求助】奇怪啊,Win32.HLLW.Gavir.17 殺不清 就是剛才OFFCE的問題,我使用Dr.Web CureIT殺了,重啟後再殺時發現又有文件感染了這個,再次使用Dr.Web CureIT殺一次,系統確認CURED,重啟過後再查又發現有文件感染 經常是winnt/rund132.exe等幾個exe文件,. 我再用System Repair Engineer,請高手再幫著看下 2006-09-01,16:24:37 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows 2000 Professional Service Pack 4 (Build 2195) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <Internat.exe><Internat.exe> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] <run><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation] <IgfxTray><; D:\WINNT\system32\igfxtray.exe> [Intel Corporation] <HotKeysCmds><D:\WINNT\system32\hkcmd.exe> [Intel Corporation] <Smapp><D:\Program Files\Analog Devices\SoundMAX\Smtray.exe> [Analog Devices, Inc.] <vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation] <TkBellExe><; "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><D:\WINNT\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] <WinlogonNotify: NavLogon><D:\WINNT\system32\NavLogon.dll> [] [HKEY_CURRENT_USER\Control Panel\Desktop] <SCRNSAVE.EXE><D:\WINNT\system32\MAT2.scr> [] ================================== 啟動資料夾 [Adobe Gamma Loader] <D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Adobe Gamma Loader.lnk><H> [Microsoft Office] <D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Microsoft Office.lnk><N> ================================== 服務 [DefWatch / DefWatch] <"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation> [Logical Disk Manager Administrative Service / dmadmin] <D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.> [Kingsoft Personal Firewall Service / KPfwSvc] <"D:\KAV2005\KPfwSvc.EXE"><N/A> [Messenger / Messenger] <\SystemRoot\D:\WINNT\system32\services.exe><N/A> [Symantec AntiVirus Client / Norton AntiVirus Server] <"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation> ================================== 瀏覽器載入項 [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <c:\Program Files\Tencent\QQ\QQ.EXE, N/A> [@msdxmLC.dll,-1@2052,電台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\system32\msdxm.ocx, Microsoft Corporation> [MSN] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <D:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll, N/A> [MeadCo ScriptX] {1663ed61-23eb-11d2-b92f-008048fdd814} <D:\WINNT\system32\MCScripX.dll, Mead & Co Limited> [CEditCtrl Object] {488A4255-3236-44B3-8F27-FA1AECAA8844} <D:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.> [上傳到QQ網路硬碟] <C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A> [新增到QQ自定義面板] <C:\Program Files\Tencent\qq\AddPanel.htm, N/A> [新增到QQ表情] <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A> [用QQ彩信發送該圖片] <C:\Program Files\Tencent\qq\SendMMS.htm, N/A> ================================== 正在執行的工作行程 [PID: 144][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 172][\??\D:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 192][\??\D:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6997> [D:\WINNT\system32\NavLogon.dll] <N/A><N/A> [PID: 220][D:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.7035> [D:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3> [PID: 232][D:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.7011> [PID: 408][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 432][D:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.7059> [PID: 460][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe] <Symantec Corporation><8.00.00.9374> [PID: 480][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 504][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe] <Symantec Corporation><8.00.00.9374> [D:\WINNT\system32\CBA.DLL] <Intel? Corporation><6.12.0.71 E> [D:\WINNT\system32\MsgSys.dll] <Intel? Corporation><6.12.0.71 E> [D:\WINNT\system32\NTS.dll] <Intel? Corporation><6.12.0.71 E> [D:\WINNT\system32\PDS.DLL] <Intel? Corporation><6.12.0.71 E> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVLU.dll] <Symantec Corporation><8.00.00.9374> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\i2ldvp3.dll] <Symantec Corporation><8.00.00.9374> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPI32.DLL] <Symantec Corp.><4.1.0.15> [D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX32a.DLL] <Symantec Corporation><20061.2.0.26> [D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG32.DLL] <Symantec Corporation><20061.2.0.26> [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP32.DLL] <Symantec Corporation><9.0.0.14> [PID: 620][D:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6972> [PID: 652][D:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100> [PID: 728][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 940][D:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690> [D:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><8.00.00.9374> [D:\WINNT\Dll.dll] <N/A><N/A> [PID: 964][D:\WINNT\system32\hkcmd.exe] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxdev.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxhk.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517> [PID: 308][D:\Program Files\Analog Devices\SoundMAX\Smtray.exe] <Analog Devices, Inc.><3, 0, 205, 0> [PID: 1164][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] <Symantec Corporation><8.00.00.9374> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll] <Symantec Corporation><8.00.00.9374> [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><8.00.00.9374> [PID: 1180][D:\WINNT\system32\Internat.exe] <Microsoft Corporation><5.00.2920.0000> [PID: 808][D:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655> [PID: 1288][C:\jstax\jstax.exe] <N/A><N/A> [C:\jstax\PBVM60.dll] <Sybase Inc.><6.5.1.620> [C:\jstax\pbdwe60.dll] <Sybase Inc.><6.5.1.620> [PID: 304][C:\jstax\swdj.exe] <N/A><N/A> [C:\jstax\PBVM60.dll] <Sybase Inc.><6.5.1.620> [C:\jstax\pbdwe60.dll] <Sybase Inc.><6.5.1.620> [C:\jstax\pbSYC60.dll] <Sybase Inc.><6.5.1.620> [C:\jstax\libct.dll] <N/A><N/A> [C:\jstax\libintl.dll] <N/A><N/A> [C:\jstax\libcomn.dll] <N/A><N/A> [C:\jstax\libtcl.dll] <N/A><N/A> [C:\jstax\libcs.dll] <N/A><N/A> [C:\jstax\nlmsnmp.dll] <N/A><N/A> [C:\jstax\nlwnsck.dll] <N/A><N/A> [PID: 684][D:\WINNT\WinRAR.exe] <N/A><N/A> [PID: 340][D:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701> [PID: 540][C:\工具\cureit\_start.exe] <Doctor Web, Ltd.><2.44> [PID: 752][C:\工具\cureit\cureit.exe] <Doctor Web, Ltd.><4, 33, 2, 6080> [C:\工具\cureit\dwebllio.dll] <Doctor Web Ltd.><4, 32, 0, 0> [PID: 1068][D:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106> [D:\WINNT\system32\PWBX3245.IME] <Beijing WangMa Computer General Company.><5.00.000> [D:\WINNT\system\WBX3245.dll] <N/A><N/A> [D:\WINNT\system\WMW3245.dll] <N/A><N/A> [D:\WINNT\system\WMSYS32.dll] <N/A><N/A> [PID: 1332][C:\工具\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["D:\WINNT\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: Symantec AntiVirus 能升級嗎? 不認識這個病毒? Win32.HLLW.Gavir.17 國內的殺毒軟件命名為「維金」病毒,感染EXE格式文件 請把Dr.Web CureIT的殺毒報告發上來,最後有哪幾個病毒清除不掉? D:\WINNT\Dll.dll 這個文件應該有問題,請手動刪除 Q: 星期五我下班前再查了一次,沒發現病毒,可是今天中午又跳出提示rund132.exe出現錯誤,一查又中了, ============================================================================= Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.06080) Copyright (c) Igor Daniloff, 1992-2006 Log generated on: 2006-09-04, 11:52:44 [LSFJ0008][Administrator] Command-line: "C:\工具\cureit\cureit.exe" /lng /ini:cureit_XP.ini Operating system:Windows 2000 Professional x86 (Build 2195), Service Pack 4 ============================================================================= Engine version: 4.33 (4.33.4.07270) Engine API version: 2.01 [Virus base] C:\工具\cureit\crwtoday.cdb - 684 virus records [Virus base] C:\工具\cureit\crw43350.cdb - 1020 virus records [Virus base] C:\工具\cureit\crw43349.cdb - 1008 virus records [Virus base] C:\工具\cureit\crw43348.cdb - 1096 virus records [Virus base] C:\工具\cureit\crw43347.cdb - 707 virus records [Virus base] C:\工具\cureit\crw43346.cdb - 1429 virus records [Virus base] C:\工具\cureit\crw43345.cdb - 1358 virus records [Virus base] C:\工具\cureit\crw43344.cdb - 694 virus records [Virus base] C:\工具\cureit\crw43343.cdb - 1186 virus records [Virus base] C:\工具\cureit\crw43342.cdb - 744 virus records [Virus base] C:\工具\cureit\crw43341.cdb - 841 virus records [Virus base] C:\工具\cureit\crw43340.cdb - 822 virus records [Virus base] C:\工具\cureit\crw43339.cdb - 1071 virus records [Virus base] C:\工具\cureit\crw43338.cdb - 989 virus records [Virus base] C:\工具\cureit\crw43337.cdb - 855 virus records [Virus base] C:\工具\cureit\crw43336.cdb - 1297 virus records [Virus base] C:\工具\cureit\crw43335.cdb - 1195 virus records [Virus base] C:\工具\cureit\crw43334.cdb - 900 virus records [Virus base] C:\工具\cureit\crw43333.cdb - 1381 virus records [Virus base] C:\工具\cureit\crw43332.cdb - 1340 virus records [Virus base] C:\工具\cureit\crw43331.cdb - 2735 virus records [Virus base] C:\工具\cureit\crw43330.cdb - 2078 virus records [Virus base] C:\工具\cureit\crw43329.cdb - 2490 virus records [Virus base] C:\工具\cureit\crw43328.cdb - 743 virus records [Virus base] C:\工具\cureit\crw43327.cdb - 958 virus records [Virus base] C:\工具\cureit\crw43326.cdb - 793 virus records [Virus base] C:\工具\cureit\crw43325.cdb - 713 virus records [Virus base] C:\工具\cureit\crw43324.cdb - 655 virus records [Virus base] C:\工具\cureit\crw43323.cdb - 655 virus records [Virus base] C:\工具\cureit\crw43322.cdb - 778 virus records [Virus base] C:\工具\cureit\crw43321.cdb - 846 virus records [Virus base] C:\工具\cureit\crw43320.cdb - 808 virus records [Virus base] C:\工具\cureit\crw43319.cdb - 764 virus records [Virus base] C:\工具\cureit\crw43318.cdb - 838 virus records [Virus base] C:\工具\cureit\crw43317.cdb - 363 virus records [Virus base] C:\工具\cureit\crw43316.cdb - 730 virus records [Virus base] C:\工具\cureit\crw43315.cdb - 627 virus records [Virus base] C:\工具\cureit\crw43314.cdb - 824 virus records [Virus base] C:\工具\cureit\crw43313.cdb - 842 virus records [Virus base] C:\工具\cureit\crw43312.cdb - 830 virus records [Virus base] C:\工具\cureit\crw43311.cdb - 862 virus records [Virus base] C:\工具\cureit\crw43310.cdb - 853 virus records [Virus base] C:\工具\cureit\crw43309.cdb - 733 virus records [Virus base] C:\工具\cureit\crw43308.cdb - 708 virus records [Virus base] C:\工具\cureit\crw43307.cdb - 839 virus records [Virus base] C:\工具\cureit\crw43306.cdb - 930 virus records [Virus base] C:\工具\cureit\crw43305.cdb - 759 virus records [Virus base] C:\工具\cureit\crw43304.cdb - 721 virus records [Virus base] C:\工具\cureit\crw43303.cdb - 638 virus records [Virus base] C:\工具\cureit\crw43302.cdb - 806 virus records [Virus base] C:\工具\cureit\crw43301.cdb - 504 virus records [Virus base] C:\工具\cureit\crw43300.cdb - 24 virus records [Virus base] C:\工具\cureit\crwebase.cdb - 78674 virus records [Virus base] C:\工具\cureit\cwrtoday.cdb - 227 virus records [Virus base] C:\工具\cureit\cwr43301.cdb - 697 virus records [Virus base] C:\工具\cureit\crwrisky.cdb - 1271 virus records [Virus base] C:\工具\cureit\cwntoday.cdb - 105 virus records [Virus base] C:\工具\cureit\cwn43304.cdb - 793 virus records [Virus base] C:\工具\cureit\cwn43303.cdb - 766 virus records [Virus base] C:\工具\cureit\cwn43302.cdb - 850 virus records [Virus base] C:\工具\cureit\cwn43301.cdb - 773 virus records [Virus base] C:\工具\cureit\crwnasty.cdb - 4867 virus records Total virus records: 138087 Key file: C:\工具\cureit\cureit.key License key number: 0000000010 Registered to: Dr.Web CureIt Project License key activates: 2005-03-05 License key expires: 2007-03-05 ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 0 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 0 Kb/s Scan time: 00:00:00 ----------------------------------------------------------------------------- [Scan path] D:\WINNT\System32\smss.exe [Scan path] D:\WINNT\system32\csrss.exe [Scan path] D:\WINNT\system32\winlogon.exe [Scan path] D:\WINNT\system32\services.exe [Scan path] D:\WINNT\system32\lsass.exe [Scan path] D:\WINNT\system32\svchost.exe [Scan path] D:\WINNT\system32\spoolsv.exe [Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe [Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe [Scan path] D:\WINNT\system32\MSTask.exe [Scan path] D:\WINNT\System32\WBEM\WinMgmt.exe [Scan path] D:\WINNT\Explorer.EXE [Scan path] D:\WINNT\system32\hkcmd.exe [Scan path] D:\Program Files\Analog Devices\SoundMAX\Smtray.exe [Scan path] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [Scan path] D:\WINNT\system32\Internat.exe [Scan path] D:\WINNT\system32\conime.exe [Scan path] D:\Program Files\Internet Explorer\IEXPLORE.EXE [Scan path] D:\WINNT\magicset746onlinedown.exe D:\WINNT\magicset746onlinedown.exe infected with Win32.HLLW.Gavir.17 - will be cured after reboot [Scan path] D:\WINNT\system32\regsvc.exe [Scan path] C:\工具\cureit\_start.exe [Scan path] C:\工具\cureit\cureit.exe [Scan path] D:\WINNT\system32\mobsync.exe [Scan path] D:\WINNT\command\rundll32.exe [Scan path] D:\WINNT\system32\mswdm.exe D:\WINNT\system32\mswdm.exe infected with Trojan.PWS.Gamania - incurable - moved [Scan path] d:\program files\internet explorer\connection wizard\icwconn1.exe [Scan path] D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [Scan path] D:\Program Files\Microsoft Office\Office\OSA9.EXE [Scan path] D:\WINNT\system32\mmsys.cpl [Scan path] D:\WINNT\system32\icmui.dll [Scan path] D:\WINNT\system32\rshx32.dll [Scan path] D:\WINNT\system32\docprop.dll [Scan path] D:\WINNT\system32\ntshrui.dll [Scan path] D:\WINNT\system32\plustab.dll [Scan path] D:\WINNT\system32\deskadp.dll [Scan path] D:\WINNT\system32\deskmon.dll [Scan path] D:\WINNT\system32\dssec.dll [Scan path] D:\WINNT\system32\shscrap.dll [Scan path] D:\WINNT\system32\diskcopy.dll [Scan path] D:\WINNT\system32\ntlanui2.dll [Scan path] D:\WINNT\system32\printui.dll [Scan path] D:\WINNT\system32\dskquoui.dll [Scan path] D:\WINNT\system32\syncui.dll [Scan path] D:\WINNT\system32\hticons.dll [Scan path] D:\WINNT\system32\fontext.dll [Scan path] D:\WINNT\system32\deskperf.dll [Scan path] D:\WINNT\system32\wshext.dll [Scan path] D:\WINNT\system32\cryptext.dll [Scan path] D:\WINNT\system32\NETSHELL.dll [Scan path] D:\WINNT\system32\shdocvw.dll [Scan path] D:\WINNT\system32\mstask.dll [Scan path] D:\WINNT\system32\shell32.dll [Scan path] D:\WINNT\system32\browseui.dll [Scan path] D:\WINNT\system32\sendmail.dll [Scan path] D:\WINNT\system32\occache.dll [Scan path] D:\WINNT\system32\webcheck.dll [Scan path] D:\WINNT\system32\thumbvw.dll [Scan path] D:\WINNT\system32\appwiz.cpl [Scan path] D:\WINNT\system32\dsfolder.dll [Scan path] D:\WINNT\system32\dsquery.dll [Scan path] D:\WINNT\system32\dsuiext.dll [Scan path] D:\WINNT\system32\mydocs.dll [Scan path] D:\WINNT\system32\cscui.dll [Scan path] D:\WINNT\system32\mmcshext.dll [Scan path] D:\WINNT\system32\cabview.dll [Scan path] D:\WINNT\system32\dllcache\wabfind.dll [Scan path] D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll [Scan path] D:\WINNT\system32\cdfview.dll [Scan path] D:\Program Files\Real\RealPlayer\rpshell.dll [Scan path] D:\Program Files\WinRAR\rarext.dll [Scan path] D:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL [Scan path] D:\WINNT\system32\stobject.dll [Scan path] D:\WINNT\system32\crypt32.dll [Scan path] D:\WINNT\system32\cryptnet.dll [Scan path] D:\WINNT\system32\cscdll.dll [Scan path] D:\WINNT\system32\igfxsrvc.dll [Scan path] D:\WINNT\system32\NavLogon.dll [Scan path] D:\WINNT\system32\sclgntfy.dll [Scan path] D:\WINNT\system32\WlNotify.dll [Scan path] D:\WINNT\system32\wzcdlg.dll [Scan path] D:\WINNT\system32\DRIVERS\ACPI.sys [Scan path] D:\WINNT\System32\drivers\afd.sys [Scan path] D:\WINNT\system32\DRIVERS\asyncmac.sys [Scan path] D:\WINNT\system32\DRIVERS\atapi.sys [Scan path] D:\WINNT\system32\DRIVERS\atmarpc.sys [Scan path] D:\WINNT\system32\DRIVERS\audstub.sys [Scan path] d:\winnt\system32\svchost.exe [Scan path] D:\WINNT\system32\DRIVERS\CCDECODE.sys [Scan path] D:\WINNT\system32\DRIVERS\cdrom.sys [Scan path] D:\WINNT\system32\cisvc.exe [Scan path] D:\WINNT\system32\clipsrv.exe [Scan path] D:\WINNT\system32\DRIVERS\disk.sys [Scan path] d:\winnt\system32\dmadmin.exe [Scan path] D:\WINNT\System32\drivers\dmboot.sys [Scan path] D:\WINNT\System32\drivers\dmio.sys [Scan path] D:\WINNT\System32\drivers\dmload.sys [Scan path] D:\WINNT\system32\drivers\DMusic.sys [Scan path] D:\WINNT\system32\DRIVERS\e100bnt5.sys [Scan path] D:\WINNT\system32\faxsvc.exe [Scan path] D:\WINNT\system32\DRIVERS\fdc.sys [Scan path] D:\WINNT\system32\DRIVERS\flpydisk.sys [Scan path] D:\WINNT\system32\drivers\fltmgr.sys [Scan path] D:\WINNT\system32\DRIVERS\fsvga.sys [Scan path] D:\WINNT\system32\DRIVERS\ftdisk.sys [Scan path] D:\WINNT\system32\DRIVERS\msgpc.sys [Scan path] D:\WINNT\system32\DRIVERS\i8042prt.sys [Scan path] D:\WINNT\system32\DRIVERS\ialmnt5.sys [Scan path] D:\WINNT\system32\DRIVERS\intelide.sys [Scan path] D:\WINNT\System32\DRIVERS\ipfltdrv.sys [Scan path] D:\WINNT\system32\DRIVERS\ipinip.sys [Scan path] D:\WINNT\system32\DRIVERS\ipnat.sys [Scan path] D:\WINNT\system32\DRIVERS\ipsec.sys [Scan path] D:\WINNT\System32\DRIVERS\irenum.sys [Scan path] D:\WINNT\system32\DRIVERS\isapnp.sys [Scan path] D:\WINNT\system32\DRIVERS\kbdclass.sys [Scan path] D:\WINNT\system32\drivers\kmixer.sys [Scan path] D:\WINNT\system32\drivers\kmsinput.sys [Scan path] D:\WINNT\system32\mnmsrvc.exe [Scan path] D:\WINNT\system32\DRIVERS\mouclass.sys [Scan path] D:\WINNT\system32\DRIVERS\MPE.sys [Scan path] D:\WINNT\system32\DRIVERS\mrxsmb.sys [Scan path] D:\WINNT\system32\msdtc.exe [Scan path] d:\winnt\system32\msiexec.exe [Scan path] D:\WINNT\system32\drivers\MSKSSRV.sys [Scan path] D:\WINNT\system32\drivers\MSPCLOCK.sys [Scan path] D:\WINNT\system32\drivers\MSPQM.sys [Scan path] D:\WINNT\system32\drivers\MSTEE.sys [Scan path] D:\WINNT\system32\DRIVERS\NABTSFEC.sys [Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys [Scan path] C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPEL.SYS [Scan path] D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG.sys [Scan path] D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX15.sys [Scan path] D:\WINNT\system32\DRIVERS\ndistapi.sys [Scan path] D:\WINNT\system32\DRIVERS\ndisuio.sys [Scan path] D:\WINNT\system32\DRIVERS\ndiswan.sys [Scan path] D:\WINNT\system32\DRIVERS\netbios.sys [Scan path] D:\WINNT\system32\DRIVERS\netbt.sys [Scan path] D:\WINNT\system32\netdde.exe [Scan path] D:\WINNT\system32\drivers\netdtect.sys [Scan path] D:\WINNT\system32\DRIVERS\nwlnkflt.sys [Scan path] D:\WINNT\system32\DRIVERS\nwlnkfwd.sys [Scan path] D:\WINNT\system32\DRIVERS\parallel.sys [Scan path] D:\WINNT\system32\DRIVERS\parport.sys [Scan path] D:\WINNT\system32\DRIVERS\pci.sys [Scan path] D:\WINNT\system32\DRIVERS\pciide.sys [Scan path] D:\WINNT\system32\DRIVERS\raspptp.sys [Scan path] D:\WINNT\system32\DRIVERS\ptilink.sys [Scan path] D:\WINNT\system32\DRIVERS\rasacd.sys [Scan path] D:\WINNT\system32\DRIVERS\rasl2tp.sys [Scan path] D:\WINNT\system32\DRIVERS\raspti.sys [Scan path] D:\WINNT\system32\drivers\RCA.sys [Scan path] D:\WINNT\system32\DRIVERS\rdbss.sys [Scan path] D:\WINNT\system32\DRIVERS\redbook.sys [Scan path] D:\WINNT\system32\locator.exe [Scan path] d:\winnt\system32\rsvp.exe [Scan path] D:\WINNT\System32\SCardSvr.exe [Scan path] D:\WINNT\system32\DRIVERS\serenum.sys [Scan path] D:\WINNT\system32\DRIVERS\serial.sys [Scan path] D:\WINNT\system32\DRIVERS\SLIP.sys [Scan path] D:\WINNT\system32\drivers\smwdm.sys [Scan path] D:\WINNT\system32\DRIVERS\srv.sys [Scan path] D:\WINNT\system32\DRIVERS\StreamIP.sys [Scan path] D:\WINNT\system32\DRIVERS\swenum.sys [Scan path] D:\WINNT\system32\drivers\swmidi.sys [Scan path] D:\Program Files\Symantec\SYMEVENT.SYS [Scan path] D:\WINNT\system32\drivers\sysaudio.sys [Scan path] D:\WINNT\system32\smlogsvc.exe [Scan path] D:\WINNT\system32\DRIVERS\tcpip.sys [Scan path] D:\WINNT\system32\tlntsvr.exe [Scan path] D:\WINNT\system32\DRIVERS\uhcd.sys [Scan path] D:\WINNT\system32\DRIVERS\update.sys [Scan path] D:\WINNT\System32\ups.exe [Scan path] D:\WINNT\system32\DRIVERS\usbehci.sys [Scan path] D:\WINNT\system32\DRIVERS\usbhub.sys [Scan path] D:\WINNT\system32\DRIVERS\usbhub20.sys [Scan path] D:\WINNT\system32\DRIVERS\USBSTOR.SYS [Scan path] D:\WINNT\System32\UtilMan.exe [Scan path] D:\WINNT\System32\drivers\vga.sys [Scan path] D:\WINNT\system32\DRIVERS\wanarp.sys [Scan path] D:\WINNT\system32\drivers\wdmaud.sys [Scan path] D:\WINNT\system32\DRIVERS\WSTCODEC.SYS [Scan path] D:\WINNT\system32\drivers\ialmsbw.sys [Scan path] D:\WINNT\system32\ntsd.exe ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 185 Infected objects found: 2 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 1 Objects ignored: 0 Scan speed: 361 Kb/s Scan time: 00:01:25 ----------------------------------------------------------------------------- [Scan path] C:\ C:\IBMTOOLS\APPS\ACCESS\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\APPS\ACROBAT\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\APPS\NORTONAV\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\APPS\NORTONAV\NAV\MSSHLIB\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\APPS\NORTONAV\NAV\RESCUE\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SMAXWDM\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SMAXWDM\W2K_XP\INSTALL.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Control Panel\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Sensaura 3D\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Synthesizer\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\CHIPSET\INTEL\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\VIDEO\INTEL\WXP\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\power65bak\PB6\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Analog Devices\SoundMAX\install.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Analog Devices\SoundMAX WDM Driver\install.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\MSN Messenger\msnmsgr.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Outlook Express\msimn.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\Setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Real\RealOne Player\realplay.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Real\RealPlayer\realplay.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\TTPlayer\TTPlayer.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\UltraEdit\uedit32.exe infected with Win32.HLLW.Gavir.17 - cured C:\RECYCLER\S-1-5-21-583907252-1364589140-682003330-500\Dc16.4\Setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\RECYCLER\S-1-5-21-583907252-1364589140-682003330-500\Dc19\APPS\SNMP\AGENT\W2K-WS32\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\wbzx9801\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\writeIC備份\ICsetup\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured [Scan path] D:\ D:\WINNT\Dll.dll infected with Win32.HLLW.Gavir.17 - will be cured after reboot D:\WINNT\rundl132.exe infected with Win32.HLLW.Gavir.17 - cured D:\WINNT\magicset746onlinedown.exe.delete_on_reboot infected with Win32.HLLW.Gavir.17 - will be cured after reboot D:\WINNT\system32\config\software.LOG - read error D:\WINNT\system32\config\default.LOG - read error D:\WINNT\system32\config\SECURITY - read error D:\WINNT\system32\config\SECURITY.LOG - read error D:\WINNT\system32\config\SYSTEM.ALT - read error D:\WINNT\system32\config\SAM - read error D:\WINNT\system32\config\SAM.LOG - read error D:\WINNT\system32\config\SYSTEM - read error D:\WINNT\system32\config\SOFTWARE - read error D:\WINNT\system32\config\DEFAULT - read error D:\Documents and Settings\Administrator\NTUSER.DAT - read error D:\Documents and Settings\Administrator\NTUSER~1.LOG - read error >D:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\J6WRJTKD\icast[1].txtD:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\STIBCDUN\mhxy[1].exe infected with Trojan.PWS.Gamania - incurable - moved D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLASS.DAT - read error D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error D:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe infected with Win32.HLLW.Gavir.17 - cured D:\Program Files\WinRAR\WinRAR.exe infected with Win32.HLLW.Gavir.17 - cured D:\Program Files\Analog Devices\SoundMAX WDM Driver\install.exe infected with Win32.HLLW.Gavir.17 - cured D:\Program Files\Microsoft Office\Office\EXCEL.EXE infected with Win32.HLLW.Gavir.17 - cured D:\Program Files\Microsoft Office\Office\WINWORD.EXE infected with Win32.HLLW.Gavir.17 - cured D:\Program Files\Real\RealPlayer\realplay.exe infected with Win32.HLLW.Gavir.17 - cured ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 123413 Infected objects found: 37 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 34 Objects deleted: 0 Objects renamed: 0 Objects moved: 1 Objects ignored: 0 Scan speed: 663 Kb/s Scan time: 01:41:25 ----------------------------------------------------------------------------- 2006-09-04,13:45:20 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows 2000 Professional Service Pack 4 (Build 2195) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <Internat.exe><Internat.exe> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <run><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation] <IgfxTray><; D:\WINNT\system32\igfxtray.exe> [Intel Corporation] <HotKeysCmds><D:\WINNT\system32\hkcmd.exe> [Intel Corporation] <Smapp><D:\Program Files\Analog Devices\SoundMAX\Smtray.exe> [Analog Devices, Inc.] <vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation] <TkBellExe><; "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] <Tray><D:\WINNT\command\rundll32.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><D:\WINNT\system32\userinit.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] <WinlogonNotify: NavLogon><D:\WINNT\system32\NavLogon.dll> [] [HKEY_CURRENT_USER\Control Panel\Desktop] <SCRNSAVE.EXE><D:\WINNT\system32\MAT2.scr> [] ================================== 啟動資料夾 [Adobe Gamma Loader] <D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Adobe Gamma Loader.lnk><H> [Microsoft Office] <D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Microsoft Office.lnk><N> ================================== 服務 [DefWatch / DefWatch] <"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation> [Logical Disk Manager Administrative Service / dmadmin] <D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.> [Kingsoft Personal Firewall Service / KPfwSvc] <"D:\KAV2005\KPfwSvc.EXE"><N/A> [Messenger / Messenger] <\SystemRoot\D:\WINNT\system32\services.exe><N/A> [Symantec AntiVirus Client / Norton AntiVirus Server] <"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation> ================================== 瀏覽器載入項 [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <c:\Program Files\Tencent\QQ\QQ.EXE, N/A> [@msdxmLC.dll,-1@2052,電台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\system32\msdxm.ocx, Microsoft Corporation> [MSN] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <D:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll, N/A> [MeadCo ScriptX] {1663ed61-23eb-11d2-b92f-008048fdd814} <D:\WINNT\system32\MCScripX.dll, Mead & Co Limited> [CEditCtrl Object] {488A4255-3236-44B3-8F27-FA1AECAA8844} <D:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.> [上傳到QQ網路硬碟] <C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A> [新增到QQ自定義面板] <C:\Program Files\Tencent\qq\AddPanel.htm, N/A> [新增到QQ表情] <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A> [用QQ彩信發送該圖片] <C:\Program Files\Tencent\qq\SendMMS.htm, N/A> ================================== 正在執行的工作行程 [PID: 144][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 172][\??\D:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 192][\??\D:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6997> [D:\WINNT\system32\NavLogon.dll] <N/A><N/A> [PID: 220][D:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.7035> [D:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3> [PID: 232][D:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.7011> [PID: 404][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 428][D:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.7059> [PID: 456][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe] <Symantec Corporation><8.00.00.9374> [PID: 476][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 508][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe] <Symantec Corporation><8.00.00.9374> [D:\WINNT\system32\CBA.DLL] <Intel? Corporation><6.12.0.71 E> [D:\WINNT\system32\MsgSys.dll] <Intel? Corporation><6.12.0.71 E> [D:\WINNT\system32\NTS.dll] <Intel? Corporation><6.12.0.71 E> [D:\WINNT\system32\PDS.DLL] <Intel? Corporation><6.12.0.71 E> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVLU.dll] <Symantec Corporation><8.00.00.9374> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\i2ldvp3.dll] <Symantec Corporation><8.00.00.9374> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPI32.DLL] <Symantec Corp.><4.1.0.15> [D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX32a.DLL] <Symantec Corporation><20061.2.0.26> [D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG32.DLL] <Symantec Corporation><20061.2.0.26> [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP32.DLL] <Symantec Corporation><9.0.0.14> [D:\PROGRA~1\COMMON~1\SYMANT~1\SSC\Scandlgs.dll] <Symantec Corporation><8.00.00.9374> [C:\PROGRA~1\SYMANT~1\SYMANT~1\DecSDK.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2ID.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2UUE.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2AMG.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2ARJ.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2CAB.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2EXE.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2GZIP.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2HQX.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2LHA.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2LZ.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2MIME.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2SS.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2RTF.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2TAR.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2TNEF.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2ZIP.dll] <Symantec Corporation><3.02.07.19> [PID: 624][D:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6972> [PID: 656][D:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100> [PID: 720][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 868][D:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690> [D:\WINNT\system32\igfxcpl.cpl] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxress.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3,0,0,1517> [D:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><8.00.00.9374> [D:\WINNT\system32\igfxpph.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxdev.dll] <Intel Corporation><3,0,0,1517> [PID: 412][D:\WINNT\system32\hkcmd.exe] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxdev.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxhk.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517> [PID: 1104][D:\Program Files\Analog Devices\SoundMAX\Smtray.exe] <Analog Devices, Inc.><3, 0, 205, 0> [PID: 1144][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] <Symantec Corporation><8.00.00.9374> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll] <Symantec Corporation><8.00.00.9374> [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><8.00.00.9374> [PID: 1168][D:\WINNT\system32\Internat.exe] <Microsoft Corporation><5.00.2920.0000> [PID: 1284][D:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655> [PID: 536][D:\WINNT\magicset746onlinedown.exe] <N/A><N/A> [PID: 1236][D:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701> [PID: 1384][C:\工具\cureit\_start.exe] <Doctor Web, Ltd.><2.44> [PID: 1356][C:\工具\cureit\cureit.exe] <Doctor Web, Ltd.><4, 33, 2, 6080> [C:\工具\cureit\dwebllio.dll] <Doctor Web Ltd.><4, 32, 0, 0> [D:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL] <N/A><N/A> [PID: 1348][D:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106> [D:\WINNT\system32\PWBX3245.IME] <Beijing WangMa Computer General Company.><5.00.000> [D:\WINNT\system\WBX3245.dll] <N/A><N/A> [D:\WINNT\system\WMW3245.dll] <N/A><N/A> [D:\WINNT\system\WMSYS32.dll] <N/A><N/A> [PID: 1480][C:\工具\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP Error. [winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: <Tray><D:\WINNT\command\rundll32.exe> [] 刪除此啟動項 D:\WINNT\command\rundll32.exe 刪除這個文件 請樓主檢查一下,局域網內其他電腦是否也中了這個毒? Win32.HLLW.Gavir.17 Viking病毒會通過網路傳播的 Windows 2000系統沒有自帶防火牆,因此對網路上面的病毒沒有防禦能力 建議裝一個防火牆軟件,如ZoneAlarm 6.0 Free 版。同時用殺毒軟件清理本機上的病毒 |
Q:
【求助】IE被修改~怎麼也改不回來,求救 2006-09-04,14:55:45 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit> [NVIDIA Corporation] <Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] <Realplayer.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] <Messager.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] <run><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation] <nwiz><nwiz.exe /install> [NVIDIA Corporation] <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation] <Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] <Realplayer.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] <Messager.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] ================================== 啟動資料夾 服務 [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> ================================== 瀏覽器載入項 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [Recorder Control] {2423AB16-9F42-457B-A337-FE3B11964DB0} <C:\PROGRA~1\bluesky\BLUESK~1\recorder.ocx, Bluesky Studio (http://www.bluesky.cn)> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [BlueskyVideo Control] {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} <C:\PROGRA~1\bluesky\BLUESK~1\v2.ocx, 藍天工作室(http://www.bluesky.cn)> [Share Control] {3072B1F1-0C4D-4E76-A7C6-FBAF129DBCC9} <C:\PROGRA~1\bluesky\BLUESK~1\share.ocx, http://www.bluesky.cn> [HHCtrl Object] {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [PP Control] {7005341F-8E42-47E3-987B-3DBE6288048C} <C:\PROGRA~1\bluesky\BLUESK~1\pp.ocx, Bluesky Studio (http://www.bluesky.cn)> [Videohelp Control] {75B75D86-D88B-4BEA-BC59-BFD9D7300518} <C:\PROGRA~1\bluesky\BLUESK~1\VIDEOH~1.OCX, Bluesky Studio(http://www.bluesky.cn)> [Microsoft Web 瀏覽器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [Filetran Control] {88734439-46D0-42C0-A13F-7E881EE550CF} <C:\PROGRA~1\bluesky\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)> [Chat Control] {94EFE58C-E678-4808-AD65-24CE4B94C1FE} <C:\PROGRA~1\bluesky\BLUESK~1\chat.ocx, Bluesky Studio(http://www.bluesky.cn)> [Blueskyvoice Control] {991481A7-4669-4e15-8C24-100404E1F5CB} <C:\PROGRA~1\bluesky\BLUESK~1\BLUESK~1.OCX, 藍天工作室(http://www.bluesky.cn)> [Display Control] {A1D97DB3-E564-4743-B2E7-6F5182CBF406} <C:\PROGRA~1\bluesky\BLUESK~1\display.ocx, Bluesky Studio (http://www.bluesky.cn)> [Tracechat Control] {A40335C4-D3D1-4E7B-9130-039CDA5B603C} <C:\PROGRA~1\bluesky\BLUESK~1\TRACEC~1.OCX, bluesky studio> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [Blueskyvoice Control] {BA0F088C-72C1-475a-92F8-42391DEF6961} <C:\PROGRA~1\bluesky\BLUESK~1\BLUESK~2.OCX, 藍天工作室(http://www.bluesky.cn)> [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation> [Client Control] {C7B0C764-5D4E-433E-A854-591F28520577} <C:\PROGRA~1\bluesky\BLUESK~1\client.ocx, > [Play Control] {CC20DDA1-9A21-4DEC-B5BE-E61E0351FCA9} <C:\PROGRA~1\bluesky\BLUESK~1\play.ocx, Bluesky Studio (http://www.bluesky.cn)> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.> [&使用迅雷下載] <F:\迅雷\Thunder\geturl.htm, N/A> [&使用迅雷下載全部鏈接] <F:\迅雷\Thunder\getallurl.htm, N/A> [使用網際快車下載] <F:\FlashGet\jc_link.htm, N/A> [使用網際快車下載全部鏈接] <F:\FlashGet\jc_all.htm, N/A> ================================== 正在執行的工作行程 [PID: 444][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 508][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 532][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 576][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 588][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 740][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 796][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 856][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 904][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 952][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1240][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\Program Files\Tencent\QQ\RTraveler.dll] <N/A><N/A> [C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.7776> [C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7776> [C:\WINDOWS\system32\nvshell.dll] <NVIDIA Corporation><6.14.10.10530> [C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62> [PID: 1280][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1412][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.10> [PID: 1524][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1552][C:\WINDOWS\system32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\NVMCTRAY.DLL] <NVIDIA Corporation><6.14.10.7776> [C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7776> [PID: 1568][C:\Program Files\Tencent\QQ\Messenger.exe] <N/A><N/A> [PID: 1828][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.7776> [PID: 1880][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)> [PID: 780][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 988][C:\WINDOWS\system32\wscntfy.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 224][E:\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [E:\sreng2\SREng2\Plugins\SREngPluginDemo.SRE] <Smallfrogs Studio><1, 1, 1, 0> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: 先問一下,IE的主頁被修改為什麼網址??? 1. 可以的話,把以下檔案壓縮好,上傳到樣本區 C:\Program Files\Tencent\QQ\RTraveler.dll C:\Program Files\Tencent\QQ\Messenger.exe 2. 按 [Copy to clipboard] 複製以下所有文字 CODE: OptionStatusOn OptionSetStatus Terminating processes... ProcessKill \Messenger.exe|1 ProcessKill \explorer.exe|1 OptionSetStatus Deleting files... OptionOnDeleteFailUseReboot FileDelete C:\Program Files\Tencent\QQ\RTraveler.dll FileDelete C:\Program Files\Tencent\QQ\Messenger.exe OptionSetStatus Cleaning Registry... RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Realplayer.exe RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Messenger.exe RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Messager.exe RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Realplayer.exe RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Messenger.exe RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Messager.exe OptionSetStatus Setting IE Start Page to about:blank RegSetStringValue HKCU\Software\Microsoft\Internet Explorer\Main|Start Page|about:blank OptionSetStatus Emptying the Temp folder... SystemEmptyTempFolder SystemRun %WINDIR%\explorer.exe SystemRestart Some files cannot be deleted now.Please reboot your computer!|1 [Copy to clipboard] a) 開始---->所有程式---->附屬應用程式---->記事本 b) 按 Ctrl + V/右click貼上剛才複製的內容,按 檔案 ----> 儲存 c) 改 檔案類型:所有檔案 ,檔案名稱為 delete.bfu ,儲存到桌面 3. a)下載 Brute Force Uninstaller ,解壓到桌面,執行bfu.exe b) 按一下 黃色資料夾,選取剛才的delete.bfu c) 按 Execute ,之後會提示你重新啟動電腦,按 Y / 是 重新啟動電腦 d) 重新啟動後,掃瞄一個新的SREng log上黎 Q: [url]http://7b.com.cn/[url] 這個網址`~還有另一個的`現在不記得了~ A: 好的~先跟著步驟做一次看看 把它上傳樣本區..專門==偵毒往網掃掃看.... Q: 2006-09-04,15:22:12 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit> [NVIDIA Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] <run><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation] <nwiz><nwiz.exe /install> [NVIDIA Corporation] <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] ================================== 啟動資料夾 服務 [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> ================================== 瀏覽器載入項 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [Recorder Control] {2423AB16-9F42-457B-A337-FE3B11964DB0} <C:\PROGRA~1\bluesky\BLUESK~1\recorder.ocx, Bluesky Studio (http://www.bluesky.cn)> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [BlueskyVideo Control] {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} <C:\PROGRA~1\bluesky\BLUESK~1\v2.ocx, 藍天工作室(http://www.bluesky.cn)> [Share Control] {3072B1F1-0C4D-4E76-A7C6-FBAF129DBCC9} <C:\PROGRA~1\bluesky\BLUESK~1\share.ocx, http://www.bluesky.cn> [HHCtrl Object] {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [PP Control] {7005341F-8E42-47E3-987B-3DBE6288048C} <C:\PROGRA~1\bluesky\BLUESK~1\pp.ocx, Bluesky Studio (http://www.bluesky.cn)> [Videohelp Control] {75B75D86-D88B-4BEA-BC59-BFD9D7300518} <C:\PROGRA~1\bluesky\BLUESK~1\VIDEOH~1.OCX, Bluesky Studio(http://www.bluesky.cn)> [Microsoft Web 瀏覽器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [Filetran Control] {88734439-46D0-42C0-A13F-7E881EE550CF} <C:\PROGRA~1\bluesky\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)> [Chat Control] {94EFE58C-E678-4808-AD65-24CE4B94C1FE} <C:\PROGRA~1\bluesky\BLUESK~1\chat.ocx, Bluesky Studio(http://www.bluesky.cn)> [Blueskyvoice Control] {991481A7-4669-4e15-8C24-100404E1F5CB} <C:\PROGRA~1\bluesky\BLUESK~1\BLUESK~1.OCX, 藍天工作室(http://www.bluesky.cn)> [Display Control] {A1D97DB3-E564-4743-B2E7-6F5182CBF406} <C:\PROGRA~1\bluesky\BLUESK~1\display.ocx, Bluesky Studio (http://www.bluesky.cn)> [Tracechat Control] {A40335C4-D3D1-4E7B-9130-039CDA5B603C} <C:\PROGRA~1\bluesky\BLUESK~1\TRACEC~1.OCX, bluesky studio> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [Blueskyvoice Control] {BA0F088C-72C1-475a-92F8-42391DEF6961} <C:\PROGRA~1\bluesky\BLUESK~1\BLUESK~2.OCX, 藍天工作室(http://www.bluesky.cn)> [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation> [Client Control] {C7B0C764-5D4E-433E-A854-591F28520577} <C:\PROGRA~1\bluesky\BLUESK~1\client.ocx, > [Play Control] {CC20DDA1-9A21-4DEC-B5BE-E61E0351FCA9} <C:\PROGRA~1\bluesky\BLUESK~1\play.ocx, Bluesky Studio (http://www.bluesky.cn)> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.> [&使用迅雷下載] <F:\迅雷\Thunder\geturl.htm, N/A> [&使用迅雷下載全部鏈接] <F:\迅雷\Thunder\getallurl.htm, N/A> [使用網際快車下載] <F:\FlashGet\jc_link.htm, N/A> [使用網際快車下載全部鏈接] <F:\FlashGet\jc_all.htm, N/A> ================================== 正在執行的工作行程 [PID: 444][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 508][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 532][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 576][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 588][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 740][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 796][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 856][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 908][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1004][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1236][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.7776> [C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7776> [C:\WINDOWS\system32\nvshell.dll] <NVIDIA Corporation><6.14.10.10530> [C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62> [PID: 1272][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1408][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.10> [PID: 1432][C:\WINDOWS\system32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\NvMcTray.dll] <NVIDIA Corporation><6.14.10.7776> [C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7776> [PID: 1440][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1712][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.7776> [PID: 1760][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)> [PID: 400][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 852][C:\WINDOWS\system32\wscntfy.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1488][E:\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: log沒問題~ 問題解決了 |
Q:
【求助】不知為什麼我的電腦用著用著,就會自動當機!!! 不知為什麼我的電腦用著用著,就會自動當機!!! 請各位幫我看看是什麼回事?? 2006-09-03,12:10:58 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 1 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation] <iDuba Personal FireWall><C:\KAV6\Kavpfw.EXE> [Kingsoft Corporation] <Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] <Realplayer.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] <Messager.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <iDuba Personal FireWall><C:\KAV6\Kavpfw.EXE> [Kingsoft Corporation] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <iparmor><rem C:\Program Files\Iparmor\Iparmor.exe mini> [] <KAVRun><C:\KAV6\KAVRun.EXE> [kingsoft] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [NVIDIA Corporation] <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation] <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] <Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] <SOUNDM><winsmd.exe> [] <Realplayer.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] <Messager.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\updown.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] [HKEY_CURRENT_USER\Control Panel\Desktop] <SCRNSAVE.EXE><C:\KAV6\KaScrScn.scr> [] ================================== 啟動資料夾 服務 [Autodesk Licensing Service / Autodesk Licensing Service] <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk, Inc.> [C-DillaCdaC11BA / C-DillaCdaC11BA] <C:\WINDOWS\System32\drivers\CDAC11BA.EXE><Macrovision> [DirectX Graphics / dxdmain] <C:\WINDOWS\System32\dxdmain.exe><N/A> [InstallDriver Table Manager / IDriverT] <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation> [JMediaService / JMediaService] <C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service><N/A> [Local Security Authority Server / LSA Server] <C:\WINDOWS\System32\lsasrv.exe><N/A> [Local Security Authority Subsystem Service / lsass] <"C:\WINDOWS\lsass.exe"><N/A> [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation> [VKTServ / VKTServ] <C:\WINDOWS\System32\VKTServ.exe><N/A> [wint / wint] <C:\WINDOWS\System32\RunDLL32.exe "C:\WINDOWS\System32\wint\wint.dll",Run -r><N/A> ================================== 瀏覽器載入項 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\System32\xunleibho_v4.dll, > [KAVIEHelper Class] {1B2F92A1-CDAF-4511-9382-91E3F5CE0880} <C:\Program Files\KOS\KOSIEBar.dll, 金山軟件股份有限公司> [Router Layer] {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} <C:\WINDOWS\System32\aclayer.dll, N/A> [IeCatch2 Class] {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft> [浩方對戰平台] {0A155D3C-68E2-4215-A47A-E800A446447A} <C:\Program Files\浩方對戰平台\GameClient.exe, 上海浩方線上訊息技術有限公司> [金山毒霸安全助手] {EF72500A-C234-46C4-BF0A-9AA6913DDF34} <C:\Program Files\KOS\KOSIEBar.dll, 金山軟件股份有限公司> [系統標準按鍵(&E)] {6B2455FD-3669-4555-8DF8-69FD5BC846F8} <C:\WINDOWS\system32\SystemToolbar.dll, N/A> [使用網際快車下載] <C:\Program Files\FlashGet\jc_link.htm, N/A> [使用網際快車下載全部鏈接] <C:\Program Files\FlashGet\jc_all.htm, N/A> [新增到QQ自定義面板] <C:\Program Files\Tencent\qq\AddPanel.htm, N/A> [新增到QQ表情] <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A> ================================== 正在執行的工作行程 [PID: 552][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [PID: 620][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 644][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [PID: 688][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 700][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [PID: 872][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 972][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 1108][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 1120][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 1332][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.1699 (xpsp2.050610-1533)> [PID: 1612][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)> [C:\WINDOWS\System32\AcSignIcon.dll] <Autodesk><16.1.63.0> [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.1.63.0> [C:\Program Files\Tencent\QQ\RTraveler.dll] <N/A><N/A> [C:\WINDOWS\System32\KB4553736.LOG] <N/A><N/A> [C:\WINDOWS\System32\xunleibho_v4.dll] <><4, 3, 2, 29> [C:\PROGRA~1\FLASHGET\jccatch.dll] <Amaze Soft><1, 1, 4, 0> [PID: 248][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.1622> [PID: 288][C:\Program Files\Tencent\QQ\Messenger.exe] <N/A><N/A> [PID: 344][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [PID: 956][C:\WINDOWS\System32\drivers\CDAC11BA.EXE] <Macrovision><4.20.030> [PID: 1048][C:\WINDOWS\System32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.5303> [PID: 224][C:\Program Files\SkyNet\FireWall\PFW.exe] <廣州眾達天網技術有限公司><2.7.7.1004> [C:\Program Files\SkyNet\FireWall\SKYMISC.DLL] <N/A><N/A> [C:\Program Files\SkyNet\FireWall\COMPRESSWRAP.DLL] <N/A><N/A> [PID: 472][C:\Program Files\Vnet\VnetClient.exe] <><1, 0, 0, 1> [C:\WINDOWS\system32\Maxthonz.dll] <N/A><N/A> [C:\WINDOWS\System32\Macromed\Flash\FLASH.OCX] <Macromedia, Inc.><7,0,19,0> [PID: 768][C:\Program Files\Common Files\Real\Update_OB\realevent.exe] <RealNetworks, Inc.><0.1.0.1622> [C:\WINDOWS\System32\PNCRT.dll] <Real Networks, Inc><6.0.0.0> [C:\Program Files\Common Files\Real\Update_OB\rnms3270.dll] <RealNetworks, Inc.><7.0.0.1452> [C:\Program Files\Common Files\Real\Common\objb3201.dll] <RealNetworks, Inc.><0.1.0.3389> [C:\Program Files\Common Files\Real\RCAPlugins\uisy3201.dll] <RealNetworks, Inc.><0.1.0.1760> [C:\Program Files\Common Files\Real\Update_OB\rnad3201.dll] <RealNetworks, Inc.><0.1.0.1622> [C:\Program Files\Common Files\Real\Update_OB\rnqu3270.dll] <RealNetworks, Inc.><7.0.0.1685> [C:\Program Files\Common Files\Real\Update_OB\setu3270.dll] <RealNetworks, Inc.><7.0.0.2311> [C:\Program Files\Common Files\Real\Plugins\http3260.dll] <RealNetworks, Inc.><6.0.7.4278> [PID: 848][C:\Program Files\Common Files\Real\Update_OB\realevent.exe] <RealNetworks, Inc.><0.1.0.1622> [C:\WINDOWS\System32\PNCRT.dll] <Real Networks, Inc><6.0.0.0> [C:\Program Files\Common Files\Real\Update_OB\upgr3270.dll] <RealNetworks, Inc.><7.0.0.1675> [C:\Program Files\Common Files\Real\Common\objb3201.dll] <RealNetworks, Inc.><0.1.0.3389> [C:\Program Files\Common Files\Real\Update_OB\setu3270.dll] <RealNetworks, Inc.><7.0.0.2311> [C:\Program Files\Common Files\Real\Update_OB\rnqu3270.dll] <RealNetworks, Inc.><7.0.0.1685> [C:\Program Files\Common Files\Real\Update_OB\rnup3270.dll] <RealNetworks, Inc.><7.0.0.1052> [C:\Program Files\Common Files\Real\Update_OB\twebbrowse.dll] <RealNetworks, Inc.><1.0.2.311> [C:\Program Files\Common Files\Real\Update_OB\faus3270.dll] <RealNetworks, Inc.><7.0.0.1362> [C:\Program Files\Common Files\Real\Common\pnrs3260.dll] <RealNetworks, Inc.><6.0.9.2068> [C:\Program Files\Common Files\Real\Update_OB\rnad3201.dll] <RealNetworks, Inc.><0.1.0.1622> [C:\Program Files\Common Files\Real\Update_OB\rnms3270.dll] <RealNetworks, Inc.><7.0.0.1452> [C:\Program Files\Common Files\Real\Plugins\http3260.dll] <RealNetworks, Inc.><6.0.7.4278> [PID: 1884][C:\Program Files\FlashGet\flashget.exe] <Amaze Soft><1, 6, 5, 0> [C:\WINDOWS\system32\Maxthonz.dll] <N/A><N/A> [C:\WINDOWS\System32\Macromed\Flash\FLASH.OCX] <Macromedia, Inc.><7,0,19,0> [PID: 1956][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A> [C:\WINDOWS\System32\AcSignIcon.dll] <Autodesk><16.1.63.0> [PID: 492][C:\DOCUME~1\Naquan\LOCALS~1\Temp\Rar$EX02.625\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> ================================== 文件關聯 .TXT Error. [C:\WINDOWS\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. [C:\WINDOWS\hh.exe %1] .HLP Error. [C:\WINDOWS\winhlp32.exe %1] .INI Error. [C:\WINDOWS\NOTEPAD.EXE %1] .INF Error. [C:\WINDOWS\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== ; A: 很多LJ.... 1. 用 GMER 做個Rootkit Scan a) 下載 GMER 並解壓gmer.zip b) 執行gmer.exe ----> Rootkit c) 確認選取了所有專案 ( Show All 除外), 按 Scan d) 掃瞄完成後, 按 Copy複製掃瞄結果,在這裡貼上你的掃瞄結果 2. 使用SREng (相關操作說明) -刪除以下的啟動項 <Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] <Realplayer.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] <Messager.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] <SOUNDM><winsmd.exe> [] -修改Userinit的數值為 C:\WINDOWS\System32\userinit.exe, -刪除以下的服務 [DirectX Graphics / dxdmain] <C:\WINDOWS\System32\dxdmain.exe><N/A> [JMediaService / JMediaService] <C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service><N/A> [Local Security Authority Server / LSA Server] <C:\WINDOWS\System32\lsasrv.exe><N/A> [Local Security Authority Subsystem Service / lsass] <"C:\WINDOWS\lsass.exe"><N/A> [wint / wint] <C:\WINDOWS\System32\RunDLL32.exe "C:\WINDOWS\System32\wint\wint.dll",Run -r><N/A> -刪除以下瀏覽器載入項 [Router Layer] {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} <C:\WINDOWS\System32\aclayer.dll, N/A> [系統標準按鍵(&E)] {6B2455FD-3669-4555-8DF8-69FD5BC846F8} <C:\WINDOWS\system32\SystemToolbar.dll, N/A> -修復以下文件關聯 .TXT Error. [C:\WINDOWS\NOTEPAD.EXE %1] .CHM Error. [C:\WINDOWS\hh.exe %1] .HLP Error. [C:\WINDOWS\winhlp32.exe %1] .INI Error. [C:\WINDOWS\NOTEPAD.EXE %1] .INF Error. [C:\WINDOWS\NOTEPAD.EXE %1] 3. a) 下載 Pocket KillBox 並儲存到桌面 b) 按 [Copy to clipboard] 複製以下所有文字 CODE: C:\WINDOWS\system32\Maxthonz.dll C:\WINDOWS\System32\KB4553736.LOG C:\WINDOWS\System32\wint\wint.dll C:\WINDOWS\System32\dxdmain.exe C:\WINDOWS\System32\lsasrv.exe C:\WINDOWS\lsass.exe [Copy to clipboard] c) 執行 killbox.exe ,選 Delete on Reboot,再選 All Files d) 按 File ---> Paste from Clipboard e) 再按 紅色交叉(Delete File) , 當有提示時,按 Yes,另一個再按 No 電腦會自動重新啟動,如果沒有,請自行重新啟動電腦 4. 掃瞄新的SREng log上來 Q: 問當機了還開的了幾嗎? 我還要斷電源才可以開機 A: 請參考 - SREng常用操作說明 刪除給你的建議。如果不能刪除,說明具體遇到的問題。 建議在安全模式下嘗試刪除 下載老九 WinPE 最終修改版 http://laomaotao.u.winzheng.com/ 用虛擬光碟載入BootCD.ISO 或者直接用WinRAR解壓縮。執行 WINPE安裝 資料夾中的可執行程式 安裝.EXE。直接按照提示操作即可。 重啟電腦,進入WinPE 工具箱,在WinPE環境下刪除C硬碟中存在的木馬、病毒文件。注意文件的路徑,別把系統文件誤刪了 |
Q:
【求助】老大,我電腦裡有不明飛行物(有DOS視窗不斷跳出又立即消失),995那可憐的電腦啊!! 我只是打開一個瀏覽器,以下是掃瞄結果: 2006-09-20,20:25:45 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] <caishowmanage><C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE> [] <Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe> [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] <rx><C:\WINDOWS\system32\explore.exe> [] <wow><C:\WINDOWS\system32\Launcher.exe> [] <zz><C:\WINDOWS\system32\intenet.exe> [] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <nwiz><nwiz.exe /install> [] <SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.] <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [] <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe> [Tencent] <DesktopMemo><"C:\Program Files\DeskMemo\Deskmemo.exe"> [] <Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe> [] <CnsMin><8V?> [] <Torjan Program><C:\WINDOWS\WINLOGON.EXE> [wa1vTRVHCVJwSh8Xf92t] <ToP><C:\WINDOWS\LSASS.exe> [] <softbox><C:\WINDOWS\system32\softbox.exe> [bcnet] <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [] <RichMedia><C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows> [Shanghai Henbang Technology Co., Ltd] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] <kokv><C:\WINDOWS\system32\019i8e1.exe> [] <Alexa><C:\WINDOWS\system32\qproecss.exe> [] <Ver><2006.07.20> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe 1> [] <Userinit><userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <DelayRun><C:\WINDOWS\019d8e10.dll> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [] <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [] <StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [] ================================== 啟動資料夾 [IE-Bar] <C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\IE-Bar.lnk><N> ================================== 服務 [Performance Moniter / MOBILL] <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL,Export 1087><N/A> [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> [Rising Personal Firewall Service / RfwService] <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Corporation Limited> [Rising Process Communication Center / RsCCenter] <C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE><Beijing Rising Technology Co., Ltd.> [RsRavMon Service / RsRavMon] <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [SVCHAST / SystemInspect] <C:\Program Files\SystemInspect\SVCHAST.exe><N/A> 瀏覽器載入項 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v13.dll, Thunder Networking Technologies,LTD> [Tencent Browser Helper] {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent> [MyIEHelper Class] {16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5025.dll, N/A> [Adobe-Plugins Manager] {2AFA7CEC-26D9-4256-AF57-497A13180BA5} <C:\WINDOWS\System32\Agm.dll, AdoBeSoft Co.> [Yahoo!Photo] {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China> [AntiFish Class] {38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, yahoo! china> [CaiShowBH Class] {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>> [] {3D898C55-74CC-4B7C-B5F1-45913F368388} <C:\PROGRA~1\SYSTEM~1\SYSTEM~1.DLL, N/A> [raObject Class] {46F194EB-B7DB-4B7A-BD42-5FF39FD17664} <C:\PROGRA~1\pcast\hbcast.dll, Shanghai Henbang Technology Co., Ltd> [VnetCookie Class] {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, > [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <F:\應用軟件\聊天軟件\QQ2006BETA2SP1 雙顯IP版\azcx\Tencent\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [NetAccelerate Class] {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\wuwebex.dll, Microsoft Corporation> [DragSearch BHO] {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china> [] {669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\ssup.dll, TENCENT> [CpapView Class] {77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\Rundl132.dll, N/A> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD> [Schedule Class] {8B316DA1-9950-4926-B9EA-1AEC124AFA45} <C:\WINDOWS\system32\sscli.dll, > [] {958E3537-7E8D-4B4F-BF80-A39E6FEEF27B} <C:\WINDOWS\system32\Dgit.dll, N/A> [perfdp] {995FF616-7583-4D6B-9675-EED24EDC93BB} <C:\WINDOWS\system32\perfidp.dll, > [WinSC Class] {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A> [] {9C082F6C-91E4-4FC4-9280-186674ACCF83} <C:\WINDOWS\system32\Jkpl.dll, N/A> [Spoolsv Class] {9C363D55-07D7-433d-A13E-D9C105202F6F} <C:\WINDOWS\system32\drivers\spoolsv.dll, > [DDOC] {A64E86D2-203D-4145-AA9B-2425BAF568E9} <C:\WINDOWS\system32\henroer.dll, > [Google Toolbar Helper] {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.> [Macromedia. Flash8 Object] {C61A70F3-505E-4B90-916F-627A8706B4BC} <c:\WINDOWS\system32\FlashPlayer8OCX.dll, N/A> [QuickBtn] {D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} <C:\Program Files\kuzhan\kuzhan.dll, Fengcent> [51響導] {D271A289-57EB-4D0E-9131-A0CD25D4D1F8} <C:\WINDOWS\system32\browsewmzero.dll, N/A> [Windows ToyClass] {E3DB85B5-C559-4894-B474-42E89FAA1EFD} <C:\WINDOWS\system32\wlbs.dll, N/A> [BHelper Class] {F2E37336-BFDB-409B-8D0E-6F013C438B20} <C:\WINDOWS\system\019o8e11.dll, N/A> [XBTP01967 Class] {F3E19DD9-6D5B-4867-A057-1EFFFC62322E} <C:\WINDOWS\Temp\tbu1A\Toolbar.dll, N/A> [assist] {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll, Yahoo! China> [啟動迅雷] {0062C9BD-B349-40DE-91A0-755F37ACD559} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD> [QuickBtn] {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\kuzhan\kuzhan.dll, Fengcent> [上網助手] {5D73EE86-05F1-49ed-B850-E423120EC338} <http://assistant.3721.com/index.htm, N/A> [手機短信] {5DA5CC16-90A8-4c78-AB5E-596BAEDD1289} <http://sms.3721.com/ie/index.htm, N/A> [微軟] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.microsoft.com/china/index.htm, N/A> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\QQ2005\QQ.EXE, N/A> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <F:\應用軟件\聊天軟件\QQ2006BETA2SP1 雙顯IP版\azcx\Tencent\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [Yahoo! Messenger] {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <F:\應用軟件\聊天軟件\雅虎通\安裝程式\Messenger\YahooMessenger.exe, Yahoo! Inc.> [] {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://assistant.3721.com/security1.htm, N/A> [] {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://assistant.3721.com/clean1.htm, N/A> [&Google] {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.> [TT33定向搜索] {D940F380-49C7-4A05-9E33-53930AF5768F} <C:\WINDOWS\Temp\tbu1A\Toolbar.dll, N/A> [雅虎助手] {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, yahoo! china> [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft? Corporation> [WebActivater Control] {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\system32\WEBACT~1.OCX, QQ> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v13.dll, Thunder Networking Technologies,LTD> [Google Script Object] {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.> [IEMonitor Class] {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\Program Files\DeskAdTop\deskipn.dll, N/A> [Tencent Browser Helper] {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent> [MyIEHelper Class] {16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5025.dll, N/A> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [Adobe-Plugins Manager] {2AFA7CEC-26D9-4256-AF57-497A13180BA5} <C:\WINDOWS\System32\Agm.dll, AdoBeSoft Co.> [Yahoo!Photo] {33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China> [AntiFish Class] {38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, yahoo! china> [CaiShowBH Class] {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>> [] {3D898C55-74CC-4B7C-B5F1-45913F368388} <C:\PROGRA~1\SYSTEM~1\SYSTEM~1.DLL, N/A> [雅虎助手] {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, yahoo! china> [raObject Class] {46F194EB-B7DB-4B7A-BD42-5FF39FD17664} <C:\PROGRA~1\pcast\hbcast.dll, Shanghai Henbang Technology Co., Ltd> [VnetCookie Class] {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, > [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <F:\應用軟件\聊天軟件\QQ2006BETA2SP1 雙顯IP版\azcx\Tencent\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [NetAccelerate Class] {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\wuwebex.dll, Microsoft Corporation> [Yahoo!Live] {57421194-58FB-49AE-9B4F-FD48869B9AD4} <C:\Program Files\Yahoo!\Assistant\yaLive.dll, yahoo! china> [DragSearch BHO] {62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china> [] {669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\ssup.dll, TENCENT> [CpapView Class] {77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\Rundl132.dll, N/A> [Microsoft Web 瀏覽器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD> [Schedule Class] {8B316DA1-9950-4926-B9EA-1AEC124AFA45} <C:\WINDOWS\system32\sscli.dll, > [] {958E3537-7E8D-4B4F-BF80-A39E6FEEF27B} <C:\WINDOWS\system32\Dgit.dll, N/A> [perfdp] {995FF616-7583-4D6B-9675-EED24EDC93BB} <C:\WINDOWS\system32\perfidp.dll, > [WinSC Class] {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A> [] {9C082F6C-91E4-4FC4-9280-186674ACCF83} <C:\WINDOWS\system32\Jkpl.dll, N/A> [Spoolsv Class] {9C363D55-07D7-433D-A13E-D9C105202F6F} <C:\WINDOWS\system32\drivers\spoolsv.dll, > [DDOC] {A64E86D2-203D-4145-AA9B-2425BAF568E9} <C:\WINDOWS\system32\henroer.dll, > [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation> [Macromedia. Flash8 Object] {C61A70F3-505E-4B90-916F-627A8706B4BC} <c:\WINDOWS\system32\FlashPlayer8OCX.dll, N/A> [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [QuickBtn] {D1BB7CF4-4463-4E91-88D7-ECC3CE0A13B7} <C:\Program Files\kuzhan\kuzhan.dll, Fengcent> [51響導] {D271A289-57EB-4D0E-9131-A0CD25D4D1F8} <C:\WINDOWS\system32\browsewmzero.dll, N/A> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [TT33定向搜索] {D940F380-49C7-4A05-9E33-53930AF5768F} <C:\WINDOWS\Temp\tbu1A\Toolbar.dll, N/A> [Windows ToyClass] {E3DB85B5-C559-4894-B474-42E89FAA1EFD} <C:\WINDOWS\system32\wlbs.dll, N/A> [Messenger Class] {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <, N/A> [BHelper Class] {F2E37336-BFDB-409B-8D0E-6F013C438B20} <C:\WINDOWS\system\019o8e11.dll, N/A> [XBTP01967 Class] {F3E19DD9-6D5B-4867-A057-1EFFFC62322E} <C:\WINDOWS\Temp\tbu1A\Toolbar.dll, N/A> [assist] {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll, Yahoo! China> [&使用迅雷下載] <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A> [&使用迅雷下載全部鏈接] <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A> [Google 搜索(&G)] <res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A> [上傳到QQ網路硬碟] <C:\Program Files\QQ2005\AddToNetDisk.htm, N/A> [使用影音傳送帶下載] <C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A> [使用影音傳送帶下載全部鏈接] <C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A> [反向鏈接] <res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html, N/A> [匯出到 Microsoft Office Excel(&X)] <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A> [新增到QQ自定義面板] <C:\Program Files\QQ2005\AddPanel.htm, N/A> [新增到QQ表情] <C:\Program Files\QQ2005\AddEmotion.htm, N/A> [新增到雅虎訂閱(&Y)] <res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT, N/A> [用QQ彩信發送該圖片] <C:\Program Files\QQ2005\SendMMS.htm, N/A> [用比特精靈下載(&B)] <F:\應用軟件\下載工具\比特精靈 v3.0.0.087 穩定版\azcx\BitSpirit\bsurl.htm, N/A> [用炫彩圖鈴發送該圖片] <C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm, N/A> [類似網頁] <res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html, N/A> [快取記憶體的網頁快照] <res://c:\program files\google\GoogleToolbar2.dll/cmcache.html, N/A> [翻譯英文字詞(&T)] <res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html, N/A> [雅虎搜索] <res://C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll/203, N/A> ================================== 正在运行的进程 [PID: 568][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 620][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 644][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 688][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 700][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 856][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 920][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [PID: 1060][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [PID: 1144][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1268][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1692][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [PID: 1828][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5, 1, 0, 48> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [PID: 1904][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [PID: 1920][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3427> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [PID: 1984][C:\Program Files\DeskMemo\Deskmemo.exe] <><1, 0, 0, 1> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [PID: 132][C:\WINDOWS\system32\SVOHOST.exe] <N/A><N/A> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020> [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [PID: 472][C:\WINDOWS\WINLOGON.EXE] <wa1vTRVHCVJwSh8Xf92t><0.00.0109> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [PID: 1180][C:\WINDOWS\system32\softbox.exe] <bcnet><1.00> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [PID: 1868][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\PROGRA~1\pcast\hbcast.dll] <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 8> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020> [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015> [PID: 332][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020> [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015> [PID: 1260][C:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\DOCUME~1\new\TEMPLA~1\ba3e3f5\1.dll] <千橡互联><3, 0, 2, 0> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [C:\DOCUME~1\new\TEMPLA~1\ba3e3f5\3.dll] <千橡互联><3, 0, 2, 8> [C:\DOCUME~1\new\TEMPLA~1\ba3e3f5\4.dll] <千橡互联><3, 0, 2, 8> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020> [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015> [PID: 588][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [c:\WINDOWS\system32\urlmons32.dll] <N/A><N/A> [PID: 612][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 592][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1544][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.8195> [PID: 1936][C:\Program Files\SystemInspect\SVCHAST.exe] <N/A><N/A> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21> [PID: 864][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)> [PID: 1552][C:\WINDOWS\system32\wscntfy.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [PID: 1640][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [PID: 3876][c:\windows\system32\inetsrv\csrss.exe] <Microsoft><1.0.0.0> [PID: 2772][C:\Program Files\ChinaNet\VnetClient.exe] <><2005, 11, 14, 1> [C:\Program Files\ChinaNet\Communicate.dll] <0><2005, 3, 3, 1> [C:\Program Files\ChinaNet\DialModule.dll] <GDCN><2006, 6, 26, 1> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1> [C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX] <><2005, 7, 27, 1> [C:\PROGRA~1\ChinaNet\sign.dll] <0><2004, 12, 1, 1> [C:\PROGRA~1\ChinaNet\WEBPLU~1.DLL] <><2005, 8, 18, 1> [C:\PROGRA~1\ChinaNet\PostPlug.dll] <><2004, 12, 16, 2> [C:\PROGRA~1\ChinaNet\ADVERT~1.OCX] <><2005, 10, 13, 1> [C:\PROGRA~1\ChinaNet\Gif89a.dll] <><2005, 6, 21, 1> [C:\PROGRA~1\ChinaNet\VnetBs.ocx] <><2004, 11, 18, 1> [C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL] <><2005, 11, 14, 1> [C:\PROGRA~1\ChinaNet\AccountMgr.dll] <><2005, 11, 14, 17> [C:\PROGRA~1\ChinaNet\VnetSkin.ocx] <GDDC><2005, 11, 14, 1> [C:\PROGRA~1\ChinaNet\DialogStyle.dll] <><1, 0, 0, 1> [C:\PROGRA~1\ChinaNet\Timer.ocx] <><2005, 10, 9, 14> [C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX] <><2005, 2, 24, 1> [C:\PROGRA~1\ChinaNet\NEWMES~1.DLL] <><2005, 8, 26, 1> [C:\PROGRA~1\ChinaNet\PassCtrl.dll] <><1, 0, 0, 1> [C:\PROGRA~1\ChinaNet\PlugPush.dll] <><2004, 12, 21, 1> [C:\PROGRA~1\ChinaNet\ALLINT~1.DLL] <><2004, 11, 23, 1> [C:\PROGRA~1\ChinaNet\VNetLog.ocx] <><2005, 10, 9, 1> [C:\PROGRA~1\ChinaNet\StatNum.dll] <><2004, 11, 18, 1> [C:\PROGRA~1\ChinaNet\VNETON~1.OCX] <><2005, 3, 2, 1> [C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL] <GDCN><2005, 11, 1, 17> [C:\PROGRA~1\ChinaNet\VnetOptLog.dll] <><2005, 9, 13, 9> [C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\PROGRA~1\ChinaNet\DlgSkin.ocx] <><2005, 11, 14, 1> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020> [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015> [PID: 3364][F:\网络浏览及播放器\网络及电视浏览器\Maxthon v1.1.090 增强版\azcx\Maxthon\Maxthon.exe] <MY Soft Technology><1, 1, 0, 90> [F:\网络浏览及播放器\网络及电视浏览器\Maxthon v1.1.090 增强版\azcx\Maxthon\zlib.dll] <N/A><N/A> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020> [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015> [F:\网络浏览及播放器\网络及电视浏览器\Maxthon v1.1.090 增强版\azcx\Maxthon\Plugin\FloatBar\FloatBar.dll] <><1, 8, 0, 0> [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [F:\网络浏览及播放器\网络及电视浏览器\Maxthon v1.1.090 增强版\azcx\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1> [C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [PID: 3424][C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe] <Yahoo! China><3, 0, 9, 1015> [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015> [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll] <yahoo! china><3, 3, 5, 1086> [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] <Yahoo! China><3, 0, 1, 1010> [C:\Program Files\Yahoo!\Assistant\yNotifier.dll] <yahoo! china><3, 0, 0, 1000> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [PID: 3580][C:\PROGRA~1\PPRich\MINIPP~1.EXE] <N/A><N/A> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [PID: 4040][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\xunleibho_v13.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 48> [C:\Program Files\TENCENT\Adplus\SSAddr.dll] <Tencent><4, 2, 4, 43> [C:\WINDOWS\System32\Agm.dll] <AdoBeSoft Co.><4, 4, 26, 1> [C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll] <Yahoo! China><3, 0, 4, 1006> [C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll] <yahoo! china><3, 0, 2, 1003> [C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll] <TODO: <公司名>><1.0.0.1> [C:\PROGRA~1\SYSTEM~1\SYSTEM~1.DLL] <N/A><N/A> [C:\PROGRA~1\pcast\hbcast.dll] <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 8> [c:\PROGRA~1\chinanet\VNETTR~1.DLL] <><2005, 4, 6, 1> [c:\PROGRA~1\chinanet\Communicate.dll] <0><2005, 3, 3, 1> [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1> [F:\应用软件\聊天软件\QQ2006BETA2SP1 双显IP版\azcx\Tencent\QQIEHelper.dll] <深圳市腾讯计算机系统有限公司><1, 1, 0, 5> [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] <yahoo! china><3, 0, 1, 1001> [C:\WINDOWS\system32\ssup.dll] <TENCENT><4, 2, 4, 43> [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2> [C:\WINDOWS\system32\sscli.dll] <><5, 0, 2195, 6696> [C:\WINDOWS\system32\Dgit.dll] <N/A><N/A> [C:\WINDOWS\system32\perfidp.dll] <><1, 0, 0, 1> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [C:\WINDOWS\system32\Jkpl.dll] <N/A><N/A> [C:\WINDOWS\system32\drivers\spoolsv.dll] <><1, 0, 1, 1> [C:\WINDOWS\system32\henroer.dll] <><1, 0, 0, 1> [c:\program files\google\googletoolbar2.dll] <Google Inc.><3, 0, 131, 0> [c:\WINDOWS\system32\FlashPlayer8OCX.dll] <N/A><N/A> [C:\Program Files\kuzhan\kuzhan.dll] <Fengcent><1, 0, 0, 2> [C:\WINDOWS\system\019o8e11.dll] <N/A><N/A> [C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll] <Yahoo! China><3, 0, 9, 1014> [C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll] <yahoo! china><3, 1, 2, 1057> [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ysearch.dll] <Yahoo! China><3, 0, 5, 1005> [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasnoad.dll] <yahoo! china><3, 0, 2, 1004> [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yzsNetProto.dll] <Yahoo! China><3, 0, 0, 1000> [C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll] <Yahoo! China><3, 0, 1, 1001> [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yaswiper.dll] <Yahoo! China><3, 0, 2, 1002> [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasiesec.dll] <Yahoo! China><3, 0, 3, 1003> [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YSETTI~1.DLL] <yahoo! china><3, 0, 5, 1010> [C:\Program Files\Yahoo!\Assistant\Assist\ymailp.dll] <Yahoo! China><3.0.0.1006> [C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21> [C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [c:\WINDOWS\system32\urlmons32.dll] <N/A><N/A> [PID: 3480][C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3> [PID: 4084][c:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Corporation Limited><3, 1, 0, 36> [c:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Corporation Limited><3, 0, 1, 5> [c:\program files\rising\rfw\rfwrule.dll] <Beijing Rising Technology Corporation Limited><3, 1, 0, 0> [c:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Corporation Limited><3, 1, 0, 2> [PID: 2936][F:\系统安全\System Repair Engineer\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020> [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [PID: 2216][C:\WINDOWS\Explorer.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020> [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21> 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== 對了,電腦出問題後跳出視窗原來也有,不過它把殺毒軟件關閉後就沒有了,今天我用服務把殺毒打開後就不斷跳出來,影響在電腦上進行的一切活動。 A: 1. 江民發佈「落雪」(GamePass)木馬專殺1.1 http://www.jiangmin.com/download/TrojanKiller.rar 由C.I.S.R.T. 幸福的獅子編寫的「落雪」木馬專殺工具 http://www.cisrt.org/avtools/MiscKiller.rar 2.再次執行 System Repair Engineer 在「啟動專案」->「註冊表」中刪除下面專案 <Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe> [] <rx><C:\WINDOWS\system32\explore.exe> [] <wow><C:\WINDOWS\system32\Launcher.exe> [] <zz><C:\WINDOWS\system32\intenet.exe> [] <Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe> [] <CnsMin><8V?> [] <Torjan Program><C:\WINDOWS\WINLOGON.EXE> [wa1vTRVHCVJwSh8Xf92t] <ToP><C:\WINDOWS\LSASS.exe> [] <softbox><C:\WINDOWS\system32\softbox.exe> [bcnet] <kokv><C:\WINDOWS\system32\019i8e1.exe> [] <Alexa><C:\WINDOWS\system32\qproecss.exe> [] <Ver><2006.07.20> [] <DelayRun><C:\WINDOWS\019d8e10.dll> [] 再次執行 System Repair Engineer 在"啟動專案->服務->"Win32服務應用程式"選中"隱藏微軟服務" 然後將下面名稱的服務 [Performance Moniter / MOBILL] [SVCHAST / SystemInspect] "修改啟動類型"->"disable"->"設置" "刪除服務"->"設置"->"否" (注意: 按"否"是確認刪除服務,按"是"為取消操作) 3.重啟電腦,顯示所有文件和資料夾(隱含及系統保護) 打開「我的電腦-->工具-->資料夾選項-->檢視 去掉下面選項前面的鉤 「隱藏受保護系統文件(推薦)」 「隱藏已知文件類型的延伸名」 選中顯示所有文件和資料夾-->儲存設置 刪除下面文件 Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe C:\WINDOWS\system32\explore.exe C:\WINDOWS\system32\Launcher.exe C:\WINDOWS\system32\intenet.exe C:\WINDOWS\WINLOGON.EXE C:\WINDOWS\LSASS.exe C:\WINDOWS\system32\softbox.ex C:\WINDOWS\system32\019i8e1.exe C:\WINDOWS\system32\qproecss.exe C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL C:\Program Files\SystemInspect\SVCHAST.exe C:\WINDOWS\019d8e10.dll C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5025.dll 4.下載Dr.Web CureIT! 免費掃瞄器,包含最新病毒庫,可以檢測清除病毒、木馬、後門、流氓惡意軟件,不和已裝殺毒軟件衝突 直接下載位址: ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe 自解壓格式,下載後直接執行cureit.exe,或者滑鼠右鍵,解壓到目標資料夾,然後執行該資料夾裡面的「_start.exe」殺毒 先按「確定」進行「Start Express Scan」快速殺毒,先會自動掃瞄記憶體工作行程和啟動項,等快速掃瞄結束後,再用滑鼠左鍵選中硬碟分區的圖示,被選中的分區上會出現紅點標記,再次殺毒.Dr.Web界面左下角的5個按鍵分別是"全選" "清除" "重命名" "隔離" "刪除".可以先把殺毒報告發上來等待確認後再進行操作,或者Select all(全選) Cure ->Move incurable(將清除失敗的文件移動到隔離區) 最後把殺毒報告發上來,從"我的電腦"打開 %USERPROFILE%\DoctorWeb\ 打開下面文件CureIt.log複製其中內容到帖子裡 Dr.Web 使用圖解 Q: 已經按照以上執行,不過在執行「刪除下面文件」的過程中出現下面問題: Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe(成功刪除) C:\WINDOWS\system32\explore.exe「沒有找到文件」 C:\WINDOWS\system32\Launcher.exe「沒有找到文件」 C:\WINDOWS\system32\intenet.exe「沒有找到文件」 C:\WINDOWS\WINLOGON.EXE「沒有找到文件」 C:\WINDOWS\LSASS.exe「沒有找到文件」 C:\WINDOWS\system32\softbox.ex(成功刪除) C:\WINDOWS\system32\019i8e1.exe「沒有找到文件」 C:\WINDOWS\system32\qproecss.exe(刪除後3秒又出現) C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL「沒有找到文件」 C:\Program Files\SystemInspect\SVCHAST.exe「沒有找到文件」 C:\WINDOWS\019d8e10.dll「沒有找到文件」 C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5025.dll「沒有找到文件」 最後結果:沒有解決任何問題,暈死了 對了,在安全模式下殺出22種381個病毒,不過今天殺明天又出來. A: ><C:\WINDOWS\system32\019i8e1.exe> [] 這個文件肯定是病毒,你在帶命令提示字元的安全模式下,把系統受保護的文件都打開,或者查找,刪除掉~ Q: 可我找不到這個文件呀,為什麼?C:\WINDOWS\system32\019i8e1.exe> [] A: 顯示所有文件和資料夾(隱含及系統保護) 了嗎? 把Dr.Web的殺毒報告發上來 |
Q:
求助】先是報錯user.dll文件丟失~~後來有朋友說是中毒了~~~特來求救~~謝謝了~~ 開機後就出現了這個提示,系統還算能正常執行~~ 可是打開QQ交談視窗的時候出現了這個提示~~ 為什麼會這樣~?~?應該如何解決呢~?~?~ 向壇友求助~~~謝謝大家啦~~~ 附上 hijackthis的掃瞄文檔 Logfile of HijackThis v1.99.1 Scan saved at 11:52:43, on 2006-9-21 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe C:\Program Files\MSI\Core Center\CoreCenter.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe F:\download\ACDSee\ACDSee.exe E:\系統工具\檢測系統工具\HijackThis\HijackThis.exe O1 - Hosts: 125.91.1.20 localhost O1 - Hosts: 125.91.1.20 www.7939.com O1 - Hosts: 125.91.1.20 www.hao123.com O1 - Hosts: 125.91.1.20 www.9991.com O1 - Hosts: 125.91.1.20 www.5566.net O1 - Hosts: 125.91.1.20 www.gjj.cc O1 - Hosts: 125.91.1.20 www.265.com O1 - Hosts: 125.91.1.20 www.v111.com O2 - BHO: (no name) - {4BBC1A4D-DD20-4980-A645-2E13F6FC286D} - C:\WINDOWS\system32\3721.1.dll (file missing) O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\QQ\QQIEHelper.dll O2 - BHO: 超級兔子上網精靈 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - D:\PROGRA~1\MagicSet\haokanbar.dll O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX O3 - Toolbar: 超級兔子上網精靈 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - D:\PROGRA~1\MagicSet\haokanbar.dll O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] ; nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] ; RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE QQ-EYE PC Camera O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [rundll] rundll32 user.dll s O4 - HKLM\..\Run: [Super Rabbit SRRestore] D:\Program Files\MagicSet\srrest.exe /autosave O4 - HKCU\..\Run: [bgswitch] ; C:\WINDOWS\system32\bgswitch.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: 卡巴斯基駭客防護程式.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe O8 - Extra context menu item: &使用迅雷下載 - D:\Program Files\Thunder\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下載全部鏈接 - D:\Program Files\Thunder\Program\GetAllUrl.htm O8 - Extra context menu item: 上傳到QQ網路硬碟 - D:\Program Files\QQ\AddToNetDisk.htm O8 - Extra context menu item: 匯出到 Microsoft Office Excel(&X) - res://E:\OFFICE~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 新增到QQ自定義面板 - D:\Program Files\QQ\AddPanel.htm O8 - Extra context menu item: 新增到QQ表情 - D:\Program Files\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信發送該圖片 - D:\Program Files\QQ\SendMMS.htm O9 - Extra button: 浩方對戰平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\浩方對戰平台\GameClient.exe (file missing) O9 - Extra button: 番茄花園 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing) O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQ炫彩工具條設置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ\QQIEHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {045ADB92-9635-45CE-B25B-F19F825B0E39} (MSTPlayerInstaller Control) - http://www.aim99.com/QHPlayer/chs/MS...rInstaller.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{0DC1D374-01B7-44F6-B834-4A990F5BBE42}: NameServer = 202.100.192.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{0DC1D374-01B7-44F6-B834-4A990F5BBE42}: NameServer = 202.100.192.68 O17 - HKLM\System\CS2\Services\Tcpip\..\{0DC1D374-01B7-44F6-B834-4A990F5BBE42}: NameServer = 202.100.192.68 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: host Service For Windows (mshost) - Unknown owner - C:\WINDOWS\mshost.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe 再附上SREng2的掃瞄~~~ 2006-09-21,12:10:16 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <bgswitch><; C:\WINDOWS\system32\bgswitch.exe> [] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation] <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation] <nwiz><; nwiz.exe /install> [] <NvMediaCenter><; RunDLL32.exe NvMCTray.dll,NvTaskbarInit> [NVIDIA Corporation] <SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.] <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] <KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize> [Kaspersky Lab] <BigDogPath><C:\WINDOWS\VM_STI.EXE QQ-EYE PC Camera> [] <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [] <rundll><rundll32 user.dll s> [] <Super Rabbit SRRestore><D:\Program Files\MagicSet\srrest.exe /autosave> [Super Rabbit Soft] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{7AED4686-F3AB-44EC-A118-D70ADF6CCE21}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat> [] ================================== 啟動資料夾 [卡巴斯基駭客防護程式] <C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\卡巴斯基駭客防護程式.lnk><N> [CoreCenter] <C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\CoreCenter.lnk><N> ================================== 服務 [Crypkey License / Crypkey License] <crypserv.exe><Kenonic Controls Ltd.> [kavsvc / kavsvc] <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab> [host Service For Windows / mshost] <C:\WINDOWS\mshost.exe><N/A> [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> ================================== 瀏覽器載入項 [] {4BBC1A4D-DD20-4980-A645-2E13F6FC286D} <C:\WINDOWS\system32\3721.1.dll, N/A> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [超級兔子上網精靈] {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\PROGRA~1\MagicSet\haokanbar.dll, Xiang Feng Technology> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD> [] {A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX, N/A> [浩方對戰平台] {0A155D3C-68E2-4215-A47A-E800A446447A} <C:\Program Files\浩方對戰平台\GameClient.exe, N/A> [番茄花園] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [超級兔子上網精靈] {43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\PROGRA~1\MagicSet\haokanbar.dll, Xiang Feng Technology> [MSTPlayerInstaller Control] {045ADB92-9635-45CE-B25B-F19F825B0E39} <C:\WINDOWS\DOWNLO~1\MSTPLA~1.OCX, Liztech Co., Ltd> [ActiveMovieControl Object] {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [超級兔子上網精靈] {43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\PROGRA~1\MagicSet\haokanbar.dll, Xiang Feng Technology> [] {4BBC1A4D-DD20-4980-A645-2E13F6FC286D} <C:\WINDOWS\system32\3721.1.dll, N/A> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [超級兔子上網精靈] {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\PROGRA~1\MagicSet\haokanbar.dll, Xiang Feng Technology> [Microsoft Web 瀏覽器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD> [] {A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX, N/A> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.> [&使用迅雷下載] <D:\Program Files\Thunder\Program\GetUrl.htm, N/A> [&使用迅雷下載全部鏈接] <D:\Program Files\Thunder\Program\GetAllUrl.htm, N/A> [上傳到QQ網路硬碟] <D:\Program Files\QQ\AddToNetDisk.htm, N/A> [匯出到 Microsoft Office Excel(&X)] <res://E:\OFFICE~1\OFFICE11\EXCEL.EXE/3000, N/A> [新增到QQ自定義面板] <D:\Program Files\QQ\AddPanel.htm, N/A> [新增到QQ表情] <D:\Program Files\QQ\AddEmotion.htm, N/A> [用QQ彩信發送該圖片] <D:\Program Files\QQ\SendMMS.htm, N/A> ================================== 正在執行的工作行程 [PID: 636][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 696][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 720][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 764][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 776][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 940][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1004][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1104][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1144][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1212][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1460][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp.050610-1527)> [PID: 1688][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A> [C:\WINDOWS\system32\mp3infp.dll] <win32lab.com><2.52.6.0> [C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.9133> [C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.9133> [C:\WINDOWS\system32\nvshell.dll] <N/A><N/A> [D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1> [F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX] <N/A><N/A> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.227.1> [PID: 1776][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5, 1, 0, 52> [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A> [PID: 1784][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3512> [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A> [PID: 1804][C:\WINDOWS\VM_STI.EXE] <VM.><4.2.610.4> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A> [PID: 1852][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A> [PID: 1864][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe] <Kaspersky Labs><1.7.0.130> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\BCGCB59.dll] <BCGSoft Ltd><5, 84, 0, 0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\perfiloc.dll] <Kaspersky Labs><1.5.0.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\BCGCBRes.dll] <BCGSoft Ltd><5, 84, 0, 0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\wcswmi.dll] <Kaspersky Labs><5.0.201.1> [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A> [E:\系統工具\SPX\engine.dll] <N/A><N/A> [PID: 1876][C:\Program Files\MSI\Core Center\CoreCenter.exe] <><1, 6, 6, 0> [C:\Program Files\MSI\Core Center\GLM7X.dll] <MICRO-STAR INT'L CO., LTD.><3, 0, 0, 0> [C:\Program Files\MSI\Core Center\RushTop.dll] <N/A><N/A> [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A> [PID: 1948][C:\WINDOWS\system32\crypserv.exe] <Kenonic Controls Ltd.><5.4.0> [PID: 2028][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.9133> [PID: 1360][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 2520][C:\WINDOWS\system32\taskmgr.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A> [PID: 3352][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 3528][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [D:\PROGRA~1\MagicSet\haokanbar.dll] <Xiang Feng Technology><2, 2, 0, 1612> [D:\Program Files\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5> [D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1> [F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX] <N/A><N/A> [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.227.342> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.227.3> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.227.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.227.0> [C:\WINDOWS\system32\UNISPIM5.IME] <北京紫光華宇軟件股份有限公司><5.0.0.5076> [C:\WINDOWS\system32\mp3infp.dll] <win32lab.com><2.52.6.0> [PID: 4064][F:\download\千千靜聽\TTPlayer.exe] <Alen Soft><4, 6, 8, 0> [F:\download\千千靜聽\ttpcomm.dll] <N/A><N/A> [F:\download\千千靜聽\ttpres.dll] <Alen Soft><4, 6, 8, 0> [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A> [PID: 2428][E:\系統工具\檢測系統工具\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: O1 - Hosts: 125.91.1.20 www.7939.com O1 - Hosts: 125.91.1.20 www.hao123.com O1 - Hosts: 125.91.1.20 www.9991.com O1 - Hosts: 125.91.1.20 www.5566.net O1 - Hosts: 125.91.1.20 www.gjj.cc O1 - Hosts: 125.91.1.20 www.265.com O1 - Hosts: 125.91.1.20 www.v111.com O16 - DPF: {045ADB92-9635-45CE-B25B-F19F825B0E39} (MSTPlayerInstaller Control) - http://www.aim99.com/QHPlayer/chs/MSTPlayerInstaller.ocx 清除以上條目 交談視窗的解決:點開始--執行-輸入Msconfig-點確定--啟動項裡留輸入法和殺毒軟件就行了。 Q: 謝謝這位朋友~~~~ 我已經用hijackthis修復這些了~~~~~ 你說的啟動項,我有這些啟動項: 除了我知道的殺軟、CPU溫度監控軟件、超級兔子的備份程式還有一個音效卡管理程式我都要關閉嗎~??~ A: 關閉所有應用程式和瀏覽器視窗,執行HijackThis,在主界面中需要修復/刪除的專案前面的正方形裡用滑鼠點擊打勾,接著按下「修復選項/Fix Checked」按鍵。會有一個安全提示,點擊「Yes」讓它繼續 O1 - Hosts: 125.91.1.20 localhost O1 - Hosts: 125.91.1.20 www.7939.com O1 - Hosts: 125.91.1.20 www.hao123.com O1 - Hosts: 125.91.1.20 www.9991.com O1 - Hosts: 125.91.1.20 www.5566.net O1 - Hosts: 125.91.1.20 www.gjj.cc O1 - Hosts: 125.91.1.20 www.265.com O1 - Hosts: 125.91.1.20 www.v111.com O2 - BHO: (no name) - {4BBC1A4D-DD20-4980-A645-2E13F6FC286D} - C:\WINDOWS\system32\3721.1.dll (file missing) O4 - HKLM\..\Run: [rundll] rundll32 user.dll s 再次執行 System Repair Engineer 在「啟動專案」->「註冊表」中刪除下面專案 <{7AED4686-F3AB-44EC-A118-D70ADF6CCE21}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat> [] 重啟電腦,顯示所有文件和資料夾(隱含及系統保護) 打開「我的電腦-->工具-->資料夾選項-->檢視 去掉下面選項前面的鉤 「隱藏受保護系統文件(推薦)」 「隱藏已知文件類型的延伸名」 選中顯示所有文件和資料夾-->儲存設置 刪除下面文件 C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat 就用 System Repair Engineer 清一下註冊表~ A: |
所有時間均為台北時間。現在的時間是 11:19 AM。 |
Powered by vBulletin® 版本 3.6.8
版權所有 ©2000 - 2024, Jelsoft Enterprises Ltd.
『服務條款』
* 有問題不知道該怎麼解決嗎?請聯絡本站的系統管理員 *