史萊姆論壇 - SREng常用操作說明（2.0 RC2）

史萊姆論壇 (http://forum.slime.com.tw/)

- 作業系統操作技術文件 (http://forum.slime.com.tw/f128.html)

- - SREng常用操作說明（2.0 RC2） (http://forum.slime.com.tw/thread177281.html)

Q:

【求助】一個病毒---"alibaba2.exe"是什麼?請高手幫忙!

如題,我在BAIDU搜尋了沒有,在論壇裡也沒,請高手幫忙解決~~
謝謝了~~

A:

請提供以下相關病毒報告（病毒日誌）訊息：
病毒名稱（完整的病毒名稱）
病毒檔案名，以及病毒文件所在的位置（完整路徑）
反病毒軟體的處理結果（清除/移除失敗等）

並請用此帖中的 System Repair Engineer 掃瞄一個log貼上來。
1 解壓縮Sreng2.zip
2 執行Sreng2.exe
3 智能掃瞄——掃瞄——儲存報告
4 把日誌sreng.log中的報告內容完整拷貝貼上來，不要修改。
掃瞄時請關閉所有你手動開啟的程序
sreng操作和修復教學

Q:
C:\WINDOWS\System32\alibaba2.exe 我用的是卡巴的殺毒軟體處理情況是可以移除的

以下的是sreng.log:

2006-07-20,14:16:29

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選：
所有的啟動項目（包括註冊表、啟動檔案夾、服務等）
瀏覽器載入項
正在執行的工作（包括工作模組訊息）
文件關聯

啟動項目
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
<STYLEXP><C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide> []
<sys1><Rundll32.exe C:\WINDOWS\system32\Upsrv.dll,Run> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<1A:Stardock TrayMonitor><"C:\Program Files\Common Files\stardock\TrayServer.exe"> [Stardock]
<RichMedia><C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\HBClient\tbhelper.dll",WaitWindows> [Shanghai Henbang Technology Co., Ltd]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<IESAddr><> []
<Update><C:\Program Files\Common Files\UPDAT\Update.exe> []
<StormCodec_Helper><"d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]

==================================
啟動檔案夾
[騰訊QQ]
<C:\Documents and Settings\sxm20463\「開始」表單\程序\啟動\騰訊QQ.lnk><N>

==================================
服務
[kavsvc / kavsvc]
<"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[DNS 快取 / SOCEESe]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[StyleXPService / StyleXPService]
<"C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"><>

==================================
瀏覽器載入項
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[QuickBtn]
{1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <E:\Downloads\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[MMSAssist BHO]
{6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >
[CpapView Class]
{77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\Rundll32.dll, >
[HBObject Class]
{AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\tbhelper.dll, Shanghai Henbang Technology Co., Ltd>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <D:\download\software\NetTransport 2\NTIEHelper.dll, Xi>
[IEHlprObj Class]
{CE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\system32\IEHelper.dll, >
[浩方對戰平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <E:\Program Files\浩方對戰平台\GameClient.exe, 上海浩方在線資訊科技有限公司>
[QuickBtn]
{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Downloads\qq\QQ.EXE, TENCENT>
[易趣購物]
{DE607145-AC19-425e-862A-2D70ABDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=5, N/A>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <E:\Downloads\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[QuickBtn]
{1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <E:\Downloads\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[MMSAssist BHO]
{6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[CpapView Class]
{77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\Rundll32.dll, >
[HBObject Class]
{AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\tbhelper.dll, Shanghai Henbang Technology Co., Ltd>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <D:\download\software\NetTransport 2\NTIEHelper.dll, Xi>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[IEHlprObj Class]
{CE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\system32\IEHelper.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[ >> 彩信傳送 <<]
<res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A>
[上傳到QQ網路硬碟]
<E:\Downloads\qq\AddToNetDisk.htm, N/A>
[使用影音傳送帶下載]
<D:\download\software\NetTransport 2\NTAddLink.html, N/A>
[使用影音傳送帶下載全部連接]
<D:\download\software\NetTransport 2\NTAddList.html, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[增加到QQ自訂面板]
<E:\Downloads\qq\AddPanel.htm, N/A>
[增加到QQ表情]
<E:\Downloads\qq\AddEmotion.htm, N/A>
[用QQ彩信傳送該圖片]
<E:\Downloads\qq\SendMMS.htm, N/A>

==================================
正在執行的工作
[PID: 616][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 680][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 704][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 748][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 760][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\upfdll.dll] <N/A><N/A>
[PID: 908][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 956][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\upfdll.dll] <N/A><N/A>
[PID: 1048][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\upfdll.dll] <N/A><N/A>
[PID: 1080][C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe] <><0, 20, 0, 3000>
[PID: 1172][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\upfdll.dll] <N/A><N/A>
[PID: 1244][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\upfdll.dll] <N/A><N/A>
[PID: 1532][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1576][C:\WINDOWS\System32\SCardSvr.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1856][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.7190>
[C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7190>
[C:\WINDOWS\system32\nvshell.dll] <NVIDIA Corporation><6.14.10.10031>
[C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[C:\WINDOWS\system32\Rundll32.dll] <><1, 0, 1, 1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\Program Files\CoolWebsite\QuickLink.dll] <Fengcent><1, 0, 0, 2>
[C:\PROGRA~1\MMSASS~1\Mmsass~1.dll] <><1, 2, 0, 2>
[D:\download\software\NetTransport 2\NTIEHelper.dll] <Xi><1.91.12>
[PID: 184][C:\Program Files\Common Files\stardock\TrayServer.exe] <Stardock><v1.55>
[PID: 196][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\HBClient\tbhelper.dll] <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 3>
[PID: 220][C:\Program Files\Common Files\UPDAT\Update.exe] <N/A><N/A>
[PID: 240][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 272][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\Upsrv.dll] <N/A><N/A>
[PID: 424][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.7190>
[C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7190>
[PID: 480][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 876][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1020][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[PID: 148][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1472][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[d:\Program Files\AskTao\asktao.mod] <N/A><N/A>
[d:\Program Files\AskTao\fmod.dll] <Firelight Technologies Pty, Ltd><3.74>
[d:\Program Files\AskTao\memmgr.dll] <N/A><N/A>
[d:\Program Files\AskTao\Communicate.dll] <N/A><N/A>
[d:\Program Files\AskTao\gbits.dll] <N/A><N/A>
[d:\Program Files\AskTao\report.dll] <N/A><N/A>
[PID: 2452][E:\Downloads\qq\QQ.exe] <TENCENT><0, 0, 0, 0>
[E:\Downloads\qq\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\QQHelperDll.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\BasicCtrlDll.dll] <Tencent><5, 0, 200, 160>
[E:\Downloads\qq\QQAPI.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\TIMProxy.dll] <tencent><0, 3, 2, 4>
[E:\Downloads\qq\LoginCtrl.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 3, 2, 1>
[E:\Downloads\qq\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[E:\Downloads\qq\QQRes.dll] <tencent><1, 0, 0, 1>
[E:\Downloads\qq\QQMainFrame.dll] <N/A><N/A>
[E:\Downloads\qq\CQQApplication.dll] <N/A><N/A>
[C:\WINDOWS\system32\upfdll.dll] <N/A><N/A>
[E:\Downloads\qq\NewSkin.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\HostingMgr.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\CameraDll.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\MailSummary.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[E:\Downloads\qq\QQGroupMng.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\GroupLive.dll] <N/A><N/A>
[E:\Downloads\qq\LongConnection.dll] <tencent><5, 0, 200, 160>
[E:\Downloads\qq\QQPlugin.dll] <N/A><N/A>
[E:\Downloads\qq\ShareFiles.dll] <N/A><N/A>
[E:\Downloads\qq\QQZip.dll] <tencent><0, 3, 2, 4>
[E:\Downloads\qq\UserDefinedHead.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\QQConfigPlugin.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\QRingMng.dll] <N/A><N/A>
[E:\Downloads\qq\PhoneAPI.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[E:\Downloads\qq\QQAvatar.dll] <N/A><N/A>
[E:\Downloads\qq\FlashAvatarDll.dll] <><1, 4, 0, 1>
[E:\Downloads\qq\QQPet.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\QQSysMsgMng.dll] <N/A><N/A>
[E:\Downloads\qq\videodevice.dll] <Tencent><1.5.0.0>
[E:\Downloads\qq\inplus.dll] <Tencent><1.5.0.0>
[C:\WINDOWS\system32\l3codeca.acm] <Fraunhofer Institut Integrierte Schaltungen IIS><1, 9, 0, 0305>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[E:\Downloads\qq\QQAllInOne.dll] <N/A><N/A>
[E:\Downloads\qq\SCCore.dll] <N/A><N/A>
[E:\Downloads\qq\BQQApplication.dll] <N/A><N/A>
[E:\Downloads\qq\QQCustomFace.dll] <N/A><N/A>
[E:\Downloads\qq\CommercesMng.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\PersonalDesktop.dll] <深圳市騰訊電腦系統公司QQ工作小組><1, 0, 0, 2>
[E:\Downloads\qq\QQUdpGetFileLib.dll] <tencent><0, 2, 2, 3>
[E:\Downloads\qq\QQAddr.dll] <深圳市騰訊電腦系統有限公司><5, 0, 101, 200>
[E:\Downloads\qq\QQSceneMng.dll] <N/A><N/A>
[E:\Downloads\qq\QQPhoneHelper.dll] <騰訊科技（深圳）有限公司><2, 0, 4, 40>
[E:\Downloads\qq\ImageOle.dll] <TODO: <Company name>><1.0.0.1>
[E:\Downloads\qq\QQFileTransfer.dll] <Tencent><5, 0, 202, 180>
[E:\Downloads\qq\GroupConnection.dll] <Tencent><5, 0, 202, 170>
[PID: 2456][E:\Downloads\qq\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[E:\Downloads\qq\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 1072][C:\Documents and Settings\sxm20463\桌面\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\system32\upfdll.dll] <N/A><N/A>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

A:
<sys1><Rundll32.exe C:\WINDOWS\system32\Upsrv.dll,Run>
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
感覺有問題，個人意見

卸載酷站導航，很棒小秘書，雅虎助手，網路實名，mmsassist，

2 關閉所有視窗 ===〉執行sreng.exe ===〉啟動項目 ===〉註冊表 ===〉選下面的項目 ===〉移除
<sys1><Rundll32.exe C:\WINDOWS\system32\Upsrv.dll,Run> []
<RichMedia><C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\HBClient\tbhelper.dll",WaitWindows>
<IESAddr><> []
<Update><C:\Program Files\Common Files\UPDAT\Update.exe> []

3 啟動項目 ===〉服務 ===〉Win32 服務應用程式 ===〉勾選「隱藏微軟服務」 ===〉選下面的項目 ===〉點選「移除服務」 ===〉設定 ===〉是
[DNS 快取 / SOCEESe]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>

4 系統修復 ===〉瀏覽器載入項 ===〉選下面的項目 ===〉移除所選內容
[QuickBtn]
{1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[MMSAssist BHO]
{6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >
[CpapView Class]
{77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\Rundll32.dll, >
[HBObject Class]
{AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\tbhelper.dll, Shanghai Henbang Technology Co., Ltd>
[IEHlprObj Class]
{CE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\system32\IEHelper.dll, >
[QuickBtn]
{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[CpapView Class]
{77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\Rundll32.dll, >
[HBObject Class]
{AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\tbhelper.dll, Shanghai Henbang Technology Co., Ltd>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[IEHlprObj Class]
{CE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\system32\IEHelper.dll, >

5 重新啟動動進入安全模式（開機按F8，在等待介面選項「安全模式」），移除資料夾：
C:\PROGRAM FILES\HBClient
C:\Program Files\Common Files\UPDAT
C:\Program Files\CoolWebsite
C:\PROGRAM FILES\Yahoo!
C:\PROGRAM FILES\MMSASSIST
文件：
C:\WINDOWS\system32\Upsrv.dll
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL
C:\WINDOWS\system32\Rundll32.dll
C:\WINDOWS\system32\IEHelper.dll
c:\system32\SHELL32.dll
c:\system32\shdocvw.dll
C:\WINDOWS\system32\upfdll.dll
同時清空臨時資料夾。
刪不掉的文件請使用置頂帖子中的 killbox 輔助處理。
執行 killbox.exe ===〉在「要移除的文件的完整路徑」中填入該檔案 ===〉移除文件

6 重新啟動動回到正常模式，用惡意軟體清理助手輔助清理剩餘的文件。
執行RogueCleaner.exe ===〉關閉所有視窗，僅保留RogueCleaner ===〉系統清理 ===〉惡意軟體清理 ===〉開始檢測 ===〉勾選「使用強制清理模式」 ===〉開始清理

7 至於你說的alibaba2.exe，移除了就沒有問題了。

8 另外問一下，這個資料夾 d:\Program Files\AskTao 中的東西是你自己安裝的？

Q:

d:\Program Files\AskTao 是一個叫做《問道》的網路遊戲
怎麼了？有問題的嗎？

A:
那就!沒有問題了，我就是不熟悉，所以問你一下，以免操作失誤。

Q:
【求助】spoolsv工作無限佔用cpu資源的問題

麻煩大家幫我看看：就是最近我的電腦反應特別慢，發現spoolsv工作幾乎耗盡了cpu的全部資源。這個工作關閉以後可以恢復正常，但是列印機就沒法用了。我也試著在安全模式下去移除這個程序，可是好像沒用。請大家幫我出出主意，謝了

A:

請用 System Repair Engineer (SREng) 的智能掃瞄,掃瞄一個報告上來

1. 下載 SRENG2 ,並儲存到桌面
2. 解開壓縮包,執行SREng.exe
3. 按智能掃瞄 ,確保智能掃瞄下的項目已經全部打勾,再按掃瞄
4. 掃瞄完成後,按儲存報告 ,把報告儲存到桌面
5. 開啟SREngLOG.log報告,把報告所有內容複製 + 貼上來

Q:

2006-07-21,08:04:08

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選：
所有的啟動項目（包括註冊表、啟動檔案夾、服務等）
瀏覽器載入項
正在執行的工作（包括工作模組訊息）
文件關聯

啟動項目
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<Yahoo! Pager><"D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet> []
<msnmsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><; nwiz.exe /install> []
<NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<愛眼大使><D:\Program Files\eyer\eyer\eyer.exe> [ElectricPower.cn]
<KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize> [Kaspersky Lab]
<UserFaultCheck><%systemroot%\system32\dumprep 0 -u> []
<DAEMON Tools-1033><; "C:\Program Files\D-Tools\daemon.exe" -lang 1033> [DAEMON'S HOME]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<CdnCtr><; "C:\Program Files\SearchNet\ServeUp.exe"> []
<DAEMON Tools-1033><; "C:\Program Files\D-Tools\daemon.exe" -lang 1033> [DAEMON'S HOME]
<FeiyingUpdate><; C:\DOCUME~1\chn\LOCALS~1\Temp\~exB.exe> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MsnMsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<PCSuiteTrayApplication><; D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup> [Nokia]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<PcSync><; D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog> [Time Information Services Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<RaidTool><; C:\Program Files\VIA\RAID容錯式獨立磁碟陣列\raid_tool.exe> [VIA Technologies]
<SearchNet_Up><; "C:\Program Files\SearchNet\ServeUp.exe"> []
<UnlockerAssistant><; C:\Program Files\Unlocker\UnlockerAssistant.exe> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Yahoo! Pager><; "D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet> []

==================================
啟動檔案夾
服務
[Backbone Service / BBDemon]
<d:\Program Files\Dassault Systemes\B15\intel_a\code\bin\CATSysDemon.exe -service><Dassault Systemes>
[C-DillaCdaC11BA / C-DillaCdaC11BA]
<C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[kavsvc / kavsvc]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"><Kaspersky Lab>
[Moldflow Product Security / MFPS Daemon]
<C:\Program Files\Moldflow\Product Security\mfpsd.exe><N/A>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[ServiceLayer / ServiceLayer]
<"C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"><Nokia.>
[Plastics Insight 5.0 Job Manager / synjm50]
<C:\Program Files\Moldflow\Plastics Insight 5.0\bin\mpijm.exe><N/A>
[Unigraphics Plot Server (ugiipqd) / ugiipqd]
<C:\WINDOWS\system32\spool\ugplot\ugiipqd.exe><Unigraphics Solutions, Inc>
[Unigraphics License Server (uglmd) / Unigraphics License Server (uglmd)]
<"C:\Program Files\EDS\License Servers\UGNXFLEXlm\lmgrd.exe"><Macrovision Corporation>

==================================
瀏覽器載入項
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\原文件\KuGoo3V3.206\KuGoo3\KuGoo3DownXControl.ocx, N/A>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[MessengerStatsClient Class]
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} <C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v13.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[NaviHelperObj Class]
{3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINDOWS\system32\NaviHelper.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\原文件\KuGoo3V3.206\KuGoo3\KuGoo3DownXControl.ocx, N/A>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[QuickBtn]
{D1BB7CF4-4463-4E91-88D7-ECC3CE0A13B7} <C:\Program Files\CoolWebsite\QuickLink.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[MessengerChecker Class]
{DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <D:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, TODO: <Company name>>
[上傳到QQ網路硬碟]
<D:\QQ2006\QQ\AddToNetDisk.htm, N/A>
[使用KuGoo3下載(&K)]
<F:\原文件\KuGoo3V3.206\KuGoo3\KuGoo3DownX.htm, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[增加到QQ自訂面板]
<D:\QQ2006\QQ\AddPanel.htm, N/A>
[增加到QQ表情]
<D:\QQ2006\QQ\AddEmotion.htm, N/A>
[用QQ彩信傳送該圖片]
<D:\QQ2006\QQ\SendMMS.htm, N/A>

==================================
正在執行的工作
[PID: 692][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 772][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 796][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 848][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 860][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1024][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1088][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1176][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1300][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1396][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1692][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.0.0.86>
[D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2>
[F:\原文件\KuGoo3V3.206\KuGoo3\KuGoo3DownXControl.ocx] <N/A><N/A>
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[PID: 1956][D:\Program Files\eyer\eyer\eyer.exe] <ElectricPower.cn><0.9.6.11>
[PID: 1976][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1984][D:\Program Files\Yahoo!\Messenger\ypager.exe] <N/A><N/A>
[D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2>
[D:\Program Files\Yahoo!\Messenger\ygxa_2.dll] <Yahoo! Inc.><2004, 2, 19, 1>
[D:\Program Files\Yahoo!\Messenger\pcre.dll] <Pcre><3.9>
[D:\Program Files\Yahoo!\Messenger\YML.dll] <N/A><3, 0, 0, 2>
[D:\Program Files\Yahoo!\Messenger\YImage.dll] <Yahoo! Inc.><1, 0, 0, 1>
[D:\Program Files\Yahoo!\Messenger\xmlparse.dll] <N/A><N/A>
[D:\Program Files\Yahoo!\Messenger\xmltok.dll] <N/A><N/A>
[D:\Program Files\Yahoo!\Messenger\ft60.dll] <Yahoo! Inc.><1.0.0.4>
[D:\Program Files\Yahoo!\Messenger\res_msgr.dll] <Yahoo! Inc.><6, 0, 0, 1610>
[C:\Program Files\Yahoo!\Shared\YbSkin2.dll] <Yahoo! Inc.><2005, 6, 3, 1>
[D:\Program Files\Yahoo!\Messenger\MyYahoo.dll] <Yahoo! Inc.><6, 0, 0, 600>
[D:\Program Files\Yahoo!\Messenger\D32-FW.DLL] <Distinct Corporation><3.4.6>
[C:\WINDOWS\system32\icm32.dll] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0>
[D:\Program Files\Yahoo!\Messenger\yvoicesm.dll] <N/A><1, 0, 201, 1>
[D:\Program Files\Yahoo!\Messenger\yvoiceui.dll] <N/A><N/A>
[D:\Program Files\Yahoo!\Messenger\yaudiomgr.dll] <N/A><1, 0, 200, 1>
[D:\Program Files\Yahoo!\Messenger\yxtldr.dll] <N/A><1, 0, 200, 1>
[D:\Program Files\Yahoo!\Messenger\rvsip.dll] <RADVISION><3.1.1.30>
[D:\Program Files\Yahoo!\Messenger\rvcommon.dll] <RADVISION><1.0.18>
[D:\Program Files\Yahoo!\Messenger\rvads.dll] <RADVISION><3.1.1.30>
[D:\Program Files\Yahoo!\Messenger\rvsdp.dll] <RADVISION><>
[D:\Program Files\Yahoo!\Messenger\yv_res.dll] <N/A><N/A>
[D:\Program Files\Yahoo!\Messenger\eyeBeamAsDLL.dll] <N/A><N/A>
[D:\Program Files\Yahoo!\Messenger\AEC_PC_DLL.dll] <N/A><N/A>
[C:\Program Files\Yahoo!\Shared\YAlertCenter.dll] <Yahoo! Inc.><2004, 10, 20, 1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[PID: 1992][C:\Program Files\MSN Messenger\MsnMsgr.Exe] <Microsoft Corporation><8.0.0792.00>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[PID: 280][d:\Program Files\Dassault Systemes\B15\intel_a\code\bin\CATSysDemon.exe] <Dassault Systemes><5.15.0.5029>
[PID: 296][C:\WINDOWS\system32\drivers\CDAC11BA.EXE] <Macrovision><4.20.020>
[PID: 444][C:\Program Files\Moldflow\Product Security\mfpsd.exe] <N/A><N/A>
[PID: 484][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.8185>
[PID: 556][C:\Program Files\Moldflow\Plastics Insight 5.0\bin\mpijm.exe] <N/A><N/A>
[PID: 604][C:\WINDOWS\system32\spool\ugplot\ugiipqd.exe] <Unigraphics Solutions, Inc><2.0.0.21>
[C:\WINDOWS\system32\spool\ugplot\libplotq.dll] <Unigraphics Solutions, Inc><2.0.0.21>
[C:\WINDOWS\system32\spool\ugplot\libsyss.dll] <Unigraphics Solutions, Inc><2.0.0.21>
[PID: 720][C:\Program Files\EDS\License Servers\UGNXFLEXlm\lmgrd.exe] <Macrovision Corporation><8, 3, 2, 0>
[PID: 1000][C:\Program Files\EDS\License Servers\UGNXFLEXlm\uglmd.exe] <N/A><N/A>
[PID: 1676][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2424][C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE] <Microsoft Corporation><11.0.5510>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\mcou.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\mcoup.dll] <Kaspersky Lab><5.0.0.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klcp.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\mcouloc.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\mailappl.dll] <Kaspersky Lab><5.0.388.1>
[C:\PROGRA~1\MICROS~2\OFFICE11\OUTLCTL.DLL] <N/A><N/A>
[D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\nfio.ppl] <Kaspersky Lab><5.0.388.0>
[PID: 2652][C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE] <Microsoft Corporation><11.0.5604>
[C:\Program Files\Microsoft Office\OFFICE11\STARTUP\MathPage.wll] <N/A><N/A>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\offguard.dll] <Kaspersky Lab><5.0.388.1>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DI2011U.DLL] <KONICA MINOLTA BUSINESS TECHNOLOGIES,INC><1.00>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DI2011L.DLL] <KONICA MINOLTA BUSINESS TECHNOLOGIES,INC><1.00>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DI2011C.DLL] <KONICA MINOLTA BUSINESS TECHNOLOGIES,INC><1.00>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DI2011K.DLL] <KONICA MINOLTA BUSINESS TECHNOLOGIES,INC><1.00>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DI2011J.DLL] <KONICA MINOLTA BUSINESS TECHNOLOGIES,INC><1.0.0.0>
[PID: 2900][D:\Program Files\Maxthon\Maxthon.exe] <MY Soft Technology><1, 5, 0, 53>
[D:\Program Files\Maxthon\maxzlib.dll] < ><1, 0, 0, 2>
[C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[C:\WINDOWS\system32\xunleibho_v13.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 48>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[D:\Program Files\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1>
[D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll] <Gabest><1, 0, 1, 3>
[C:\Program Files\Ringz Studio\Storm Codec\Codecs\empgdmx.ax] <Elecard Ltd.><1, 0, 19, 51017>
[C:\WINDOWS\system32\RealMediaSplitter.ax] <Gabest><1, 0, 1, 0>
[C:\WINDOWS\system32\ffdshow.ax] <N/A><1.0.2.2003>
[PID: 1820][D:\Thunder\Thunder.exe] <Thunder Networking Technologies,LTD><5.1.3.168>
[D:\Thunder\UpdateDownload.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 2>
[D:\Thunder\download_interface.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 57>
[D:\Thunder\log4cplus.dll] <><1, 0, 2, 1>
[D:\Thunder\stlport_vc646.dll] <STLport Consulting, Inc.><4.6.2003.1031>
[D:\Thunder\msgmanage.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 13>
[D:\Thunder\historyinfo_manage.dll] <Thunder Networking Technologies,LTD><5, 2, 0, 148>
[D:\Thunder\RegisterDll.dll] <Thunder Networking Technologies,LTD><1, 2, 0, 6>
[D:\Thunder\FloatBar.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 2>
[D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2>
[C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[PID: 2236][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1584][C:\Documents and Settings\chn1.CHN\桌面\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR Error. [AutoCADScriptFile]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

A:

關於Spoolsv.exe
(所有資料通過收集整理)

spoolsv - spoolsv.exe - 工作訊息

spoolsv - spoolsv.exe - 工作訊息
工作文件: spoolsv or spoolsv.exe
工作名稱: Printer Spooler Service
描述: Windows列印工作控制程序，用以列印機就緒。
一般錯誤: N/A
是否為系統工作: 是

如果目前你沒有自己的列印機而且不想用這台電腦列印資料，可以在「我的電腦」右鍵「管理」裡的「服務」項目中找到「Print Spooler（將文件載入到記憶體中以便遲後列印。）」找到，停止並且禁用就可以了。

後台列印程序和「資源耗盡」消息
問題描述
• 當重新啟動電腦或重新啟動後台列印程序服務時，接收到以下錯誤消息：Spoolsv.exe 無法啟動。

• 當開啟列印機內容時，接收到以下錯誤消息：「資源耗盡錯誤。」

• 列印我的文件時，接收到訪問衝突 (Dr. Watson) 錯誤消息。Dr. Watson 日誌附帶錯誤碼 C0000005 指向 Spoolsv.exe。接收到以下錯誤訊息，後台列印程序停止：<address> 的指令引用記憶體在 <address>。記憶體不可讀。
Spoolsv.exe 或「列印子系統不可用」消息
問題描述
啟動 Windows Server 2003 列印伺服器時，可能接收到以下錯誤消息：Spoolsv.exe 產生了一個錯誤。

而且，如果嘗試檢視列印機內容，可能接收到顯示「列印子系統不可用」的錯誤消息。

問題原因

後台列印服務可能已經停止。如果伺服器執行 Windows Server 2003 而使用為 Windows 98 或 Windows NT 設計的列印啟動程序，則也可能發生這種問題。

問題解決方案

1.
開啟註冊表編輯器 (RegEdt32.exe)。

2.
定位到註冊表以下鍵並將之移除：
HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\ Control\\Print\\Printers\\

<Trouble Printer>

3.
結束註冊表編輯器。

補充：

前幾天感染了一個spoolsv.exe的木馬病毒，怎麼殺都殺不掉，殺了又來，最後找了下，發現spoolsv.exe的最新變種目前還沒有哪個軟體能殺掉，因此，將解決方法發怖在這裡，希望對大家有說明

spoolsv.exe是一種延緩列印木馬程序，它使電腦CPU使用率達到100%，從而使風扇保持高速嘈雜運轉。目前網上提供的方法或許能夠解決前期問題，但對最新的變種現象無能為力，
Ctrl+Alt+Delete停止spoolsv.exe執行工作

重新啟動電腦進入安全模式，在C:/windows/system32/移除spoolsv.exe(或可用搜尋方式移除C碟所有同名文件)

執行regedit，用尋找方式找到並移除所有spoolsv文件。

我的電腦點擊右鍵，選項管理，服務，禁用print spooler服務(目前網上提供的方法僅到此)

重新啟動電腦進入系統一般模式，你會發現電腦還是處於高速運轉，但在搜尋中已找不到任何spoolsv相關文件。

Ctrl+Alt+Delete，你可以在工作中找到一個名為inter的後台執行程序，將其關閉即可。

強烈建議在套用以上步驟解決問題之後，執行反木馬程序掃瞄並移除感染文件。

1 卸載中搜，酷站導航

2 關閉所有視窗 ===〉執行sreng.exe ===〉啟動項目 ===〉註冊表 ===〉選下面的項目 ===〉移除
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<CdnCtr><; "C:\Program Files\SearchNet\ServeUp.exe"> []
<FeiyingUpdate><; C:\DOCUME~1\chn\LOCALS~1\Temp\~exB.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<SearchNet_Up><; "C:\Program Files\SearchNet\ServeUp.exe"> []

3 系統修復 ===〉瀏覽器載入項 ===〉選下面的項目 ===〉移除所選內容
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[NaviHelperObj Class]
{3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINDOWS\system32\NaviHelper.dll, N/A>
[QuickBtn]
{D1BB7CF4-4463-4E91-88D7-ECC3CE0A13B7} <C:\Program Files\CoolWebsite\QuickLink.dll, N/A>

4 重新啟動動進入安全模式（開機按F8，在等待介面選項「安全模式」），移除資料夾：
C:\Program Files\SearchNet
C:\Program Files\CoolWebsite
文件：
C:\DOCUME~1\chn\LOCALS~1\Temp\~exB.exe
C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL
C:\WINDOWS\system32\NaviHelper.dll
並清空臨時資料夾
刪不掉的文件請使用置頂帖子中的 killbox 輔助處理。
執行 killbox.exe ===〉在「要移除的文件的完整路徑」中填入該檔案 ===〉移除文件

5 重新啟動動回到正常模式，用惡意軟體清理助手輔助清理剩餘的文件。
執行RogueCleaner.exe ===〉關閉所有視窗，僅保留RogueCleaner ===〉系統清理 ===〉惡意軟體清理 ===〉開始檢測 ===〉勾選「使用強制清理模式」 ===〉開始清理

6 關於中搜的訊息還請再看看 cyberarmy 版主的帖子。

====================================================================
如果已經正常處理了有害程序，且不再出現問題的話，將標題標籤改為【已解決】。

Q:

中了Adware.Dinkum.a,大家幫幫忙啊

如題,瑞星清了幾次都沒成工大家幫幫忙啊
附System Repair 報告:
2006-07-23,19:22:53

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選：
所有的啟動項目（包括註冊表、啟動檔案夾、服務等）
瀏覽器載入項
正在執行的工作（包括工作模組訊息）
文件關聯

啟動項目
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SKYNET Personal FireWall><C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe> [廣州眾達天網技術有限公司]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\Windows\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Themes]
<WinlogonNotify: Themes><C:\WINDOWS\system32\m0rmla911d.dll> []
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><; F:\7\7\Kv2006\KVSCRK~1.SCR> [Jiangmin Co.Ltd]

==================================
啟動檔案夾
服務
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[User Profile Hive Cleanup / UPHClean]
<C:\Program Files\UPHClean\uphclean.exe><Microsoft Corporation>

==================================
瀏覽器載入項
[微軟]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.microsoft.com/china/index.htm, N/A>
[啟動Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\QQ2005\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\QQ2005\QQIEHelper.dll, N/A>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_010.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A>
[超級兔子上網精靈]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <, N/A>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\QQ2005\QQIEHelper.dll, N/A>
[超級兔子上網精靈]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <, N/A>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <F:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin06.dll, Thunder Networking Technologies,LTD>
[Microsoft Web 瀏覽器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <f:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下載]
<f:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下載全部連接]
<f:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上傳到QQ網路硬碟]
<D:\Program Files\QQ2005\AddToNetDisk.htm, N/A>
[增加到QQ自訂面板]
<D:\Program Files\QQ2005\AddPanel.htm, N/A>
[增加到QQ表情]
<D:\Program Files\QQ2005\AddEmotion.htm, N/A>
[用QQ彩信傳送該圖片]
<D:\Program Files\QQ2005\SendMMS.htm, N/A>

==================================
正在執行的工作
[PID: 1740][C:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\mwjet40.dll] <N/A><N/A>
[C:\WINDOWS\system32\DRWEBSP.DLL] <Doctor Web, Ltd.><4.33.0.09160>
[PID: 312][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[C:\WINDOWS\system32\mwjet40.dll] <N/A><N/A>
[PID: 580][C:\Program Files\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[PID: 1060][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1164][C:\Program Files\Rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 30>
[C:\Program Files\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
[C:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 3144][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\DRWEBSP.DLL] <Doctor Web, Ltd.><4.33.0.09160>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\WINDOWS\system32\vsfilter.dll] <Gabest><1, 0, 0, 9>
[C:\Program Files\ffdshow\ffdshow.ax] <N/A><1, 0, 0, 1>
[PID: 1004][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A>
[PID: 2864][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3456][C:\DOCUME~1\212\LOCALS~1\Temp\Rar$EX05.499\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\system32\DRWEBSP.DLL] <Doctor Web, Ltd.><4.33.0.09160>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

A:
1. 找出以下檔案,上傳到 VirusTotal ,並在此貼上掃瞄結果
C:\WINDOWS\system32\mwjet40.dll

2.
a) 下載F-Look2Me ,儲存到桌面上
b) 把f-look2me.zip壓縮包解開到桌面,執行 f-look2me.exe , 按 Y 繼續
c) F-Look2Me 找到 Look2Me 後, 會提示你要重新啟動
d) 重新啟動電腦後,把 F-Look2Me.log (不是f-look2me.txt) 的內容貼上來,並掃瞄一個新的HijackThis log上來

Q:

我執行Look2Me 都沒有重新啟動
日誌是
2006-06-23 19:34:44 INFO Look2Me was not found.
2006-06-23 19:35:20 INFO F-Look2Me Removal Tool ver 1.00.0
2006-06-23 19:35:20 INFO Copyright (c) 2006, F-Secure Corporation. All rights reserved.
2006-06-23 19:35:20 WARN Disclaimer of Warranty on Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND. F-SECURE EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
2006-06-23 19:35:20 WARN For full license terms please visit:
2006-06-23 19:35:20 WARN http://www.f-secure.com/products/license-terms/
2006-06-23 19:35:23 INFO Agreed.
2006-06-23 19:35:23 INFO Look2Me was not found.

這是HijackThis log
Logfile of HijackThis v1.99.1
Scan saved at 19:37:43, on 2006-7-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\conime.exe
f:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\212\桌面\hijackthis\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下載 - f:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下載全部連接 - f:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上傳到QQ網路硬碟 - D:\Program Files\QQ2005\AddToNetDisk.htm
O8 - Extra context menu item: 增加到QQ自訂面板 - D:\Program Files\QQ2005\AddPanel.htm
O8 - Extra context menu item: 增加到QQ表情 - D:\Program Files\QQ2005\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信傳送該圖片 - D:\Program Files\QQ2005\SendMMS.htm
O9 - Extra button: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing)
O9 - Extra 'Tools' menuitem: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing)
O9 - Extra button: 啟動Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 啟動Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE
O9 - Extra 'Tools' menuitem: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE
O9 - Extra button: QQ炫彩工具條設定 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2005\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具條設定 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2005\QQIEHelper.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DD48FA2-2895-4116-8CAD-CA0273BB7FFB}: NameServer = 60.191.244.5 60.191.244.2
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\m0rmla911d.dll
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

A:

VirusTotal 的掃瞄結果是
STATUS: FINISHEDComplete scanning result of "mwjet40.dll", received in VirusTotal at 07.23.2006, 14:02:18 (CET).

Antivirus Version Update Result
AntiVir n - no virus found
Authentium n - no virus found
Avast n - no virus found
AVG n - no virus found
BitDefender n - no virus found
CAT-QuickHeal n - no virus found
ClamAV n - no virus found
DrWeb n - no virus found
eTrust-InoculateIT n - no virus found
eTrust-Vet n - no virus found
Ewido n - no virus found
Fortinet n - no virus found
F-Prot n - no virus found
F-Prot4 n - no virus found
Ikarus n - no virus found
Kaspersky n - no virus found
McAfee n - no virus found
Microsoft n - no virus found
NOD32v2 n - no virus found
Norman n - no virus found
Panda n - no virus found
Sophos n - no virus found
Symantec n - no virus found
TheHacker n - no virus found
UNA n - no virus found
VBA32 n - no virus found
VirusBuster n - no virus found

Q:

等待中,拜託高手了,急啊

A:

QUOTE:
引用第2樓7385587於2006-07-23 20:03發表的「」:
我執行Look2Me 都沒有重新啟動
日誌是
2006-06-23 19:34:44 INFO Look2Me was not found.
2006-06-23 19:35:20 INFO F-Look2Me Removal Tool ver 1.00.0
2006-06-23 19:35:20 INFO Copyright (c) 2006, F-Secure Corporation. All rights reserved.
.......

按 [Copy to clipboard] 複製以下所有文字

CODE:
Files to delete:
C:\WINDOWS\system32\m0rmla911d.dll

Registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Themes
[Copy to clipboard]

The Avenger
a) 下載 The Avenger,儲存到桌面並解開壓縮包
b) 執行 The Avenger , 按 Input script manually 再按放大鏡
c) 按 Ctrl + V/右click貼上剛才複製的內容 ,按 Done ,按綠燈開始,當有提示彈出, 按 Yes 兩次
d) The Avenger 會重新啟動你的電腦大約一至兩次,如果重新啟動時有黑色視窗彈出,這是正常情況
e) 當重新啟動後,把 C:\avenger.txt 的內容貼上來,並請同時掃瞄一個新的HijackThis log上來

Q:

打不開放大鏡啊提示:
error:could not open script file. please verify that path name is vaild and file exists

-------------
鋼材錯了,可以執行的

avenger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\osbbdghh

*******************

Script file located at: \??\C:\Documents and Settings\tnvqyutu.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\m0rmla911d.dll not found!
Deletion of file C:\WINDOWS\system32\m0rmla911d.dll failed!

Could not process line:
C:\WINDOWS\system32\m0rmla911d.dll
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Themes not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Themes failed!
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 20:43:38, on 2006-7-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\212\桌面\hijackthis\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下載 - f:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下載全部連接 - f:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上傳到QQ網路硬碟 - D:\Program Files\QQ2005\AddToNetDisk.htm
O8 - Extra context menu item: 增加到QQ自訂面板 - D:\Program Files\QQ2005\AddPanel.htm
O8 - Extra context menu item: 增加到QQ表情 - D:\Program Files\QQ2005\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信傳送該圖片 - D:\Program Files\QQ2005\SendMMS.htm
O9 - Extra button: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing)
O9 - Extra 'Tools' menuitem: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing)
O9 - Extra button: 啟動Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 啟動Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE
O9 - Extra 'Tools' menuitem: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE
O9 - Extra button: QQ炫彩工具條設定 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2005\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具條設定 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2005\QQIEHelper.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DD48FA2-2895-4116-8CAD-CA0273BB7FFB}: NameServer = 60.191.244.5 60.191.244.2
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\naapi32.dll
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

A:

...奇怪

a) 下載Look2Me-Destroyer ,儲存到 C:\
b) 執行 Look2Me-Destroyer.exe , 在 Run this program as a task 打勾,之後會提示你過一會就會自動再次執行
c) 當 Look2Me-Destroyer 自動執行,按 Scan for L2M button,這時候你的桌面圖示可能會消失
d) 掃瞄完成後,按 Remove L2M button ,當完成後, Look2Me-Destroyer 會提示你將會關閉電腦
e) 電腦關閉後,再次啟動你的電腦,把桌面Look2Me-Destroyer.txt 或C:\Look2Me-Destroyer.txt 的內容貼上來,並掃瞄一個新的HijackThis log上來

PS:
如果過一會(大約一至兩分鍾)不會自動再次執行
請驗證
-電腦時間格式為 H:mm:ss
-Look2Me-Destroyer.exe放在C:\

Q:

Look2Me-Destroyer日誌:
Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 2006-7-23 21:20:27

Infected! C:\WINDOWS\system32\naapi32.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\naapi32.dll
C:\WINDOWS\system32\naapi32.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D290EBBB-76A0-48B1-B894-3E5E7A8E236E}"
HKCR\Clsid\{D290EBBB-76A0-48B1-B894-3E5E7A8E236E}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5EA8FC6F-FF5F-47E1-A34F-C19B85830638}"
HKCR\Clsid\{5EA8FC6F-FF5F-47E1-A34F-C19B85830638}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{222CFF09-A539-4E70-83C2-64269DA2F7BD}"
HKCR\Clsid\{222CFF09-A539-4E70-83C2-64269DA2F7BD}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{40180886-B9C9-48DD-A53A-A6CB46FDD425}"
HKCR\Clsid\{40180886-B9C9-48DD-A53A-A6CB46FDD425}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2FACA6B4-778C-4224-9D5A-249E9B889CF6}"
HKCR\Clsid\{2FACA6B4-778C-4224-9D5A-249E9B889CF6}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1481D568-5A0F-4D63-A7FB-E9FCE2188BF9}"
HKCR\Clsid\{1481D568-5A0F-4D63-A7FB-E9FCE2188BF9}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B39636E6-581A-4CAB-905F-95EC4518B13C}"
HKCR\Clsid\{B39636E6-581A-4CAB-905F-95EC4518B13C}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{DC411158-F158-4867-9287-38B7C75CFF82}"
HKCR\Clsid\{DC411158-F158-4867-9287-38B7C75CFF82}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrators - Succeeded

hijackthis日誌:

Logfile of HijackThis v1.99.1
Scan saved at 21:26:07, on 2006-7-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Rising\Rav\RavMon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\212\桌面\hijackthis\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe
O4 - HKLM\..\Run: [RavTask] "D:\瑞星殺毒\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下載 - f:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下載全部連接 - f:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上傳到QQ網路硬碟 - D:\Program Files\QQ2005\AddToNetDisk.htm
O8 - Extra context menu item: 增加到QQ自訂面板 - D:\Program Files\QQ2005\AddPanel.htm
O8 - Extra context menu item: 增加到QQ表情 - D:\Program Files\QQ2005\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信傳送該圖片 - D:\Program Files\QQ2005\SendMMS.htm
O9 - Extra button: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing)
O9 - Extra 'Tools' menuitem: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing)
O9 - Extra button: 啟動Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 啟動Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE
O9 - Extra 'Tools' menuitem: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE
O9 - Extra button: QQ炫彩工具條設定 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2005\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具條設定 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2005\QQIEHelper.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DD48FA2-2895-4116-8CAD-CA0273BB7FFB}: NameServer = 60.191.244.5 60.191.244.2
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

A:

QUOTE:
引用第10樓7385587於2006-07-23 21:30發表的「」:
Look2Me-Destroyer日誌:
Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 2006-7-23 21:20:27
.......

哈哈~~Look2Me 已經清除了~~
你有沒有裝過Dr.Web??

Q:

沒啊,還是第一次聽到Dr.Web,他是什麼用的?

A:

Re:【求助】中了Adware.Dinkum.a,大家幫幫忙啊

QUOTE:
引用第12樓7385587於2006-07-23 21:51發表的「」:
沒啊,還是第一次聽到Dr.Web,他是什麼用的?

奇怪~~為什麼你有Dr.Web/Virus Chaser的東西.....
Suggest你把drwebsp.dll清除

1. 下載 LSPFix 並儲存到桌面
2. 執行 LSPFix , 在 I know what I'm doing 打勾
3. 把 drwebsp.dll 放到右邊 Remove, 按 Finish
4. 重新啟動電腦即可

Q:

【求助】碰到流氓網站：嘟呲實用導航

更改我的主頁，怎麼刪都刪不掉。用超級兔子也修復不了。
這年頭上網怎麼到處都是流氓軟件，流氓網站啊！！！

A:

1.下載最新官方版本System Repair Engineer :
http://www.kztechs.com/sreng/download.html
使用方法: 解壓到隨意資料夾,執行SREng.exe,點擊"智慧式掃瞄"->"掃瞄"->"儲存報告".然後把報告發上來供高手分析.

Q:

2006-08-03,12:37:20

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中：
所有的啟動專案（包括註冊表、啟動資料夾、服務等）
瀏覽器載入項
正在執行的工作行程（包括工作行程模塊訊息）
文件關聯

啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<bgswitch><C:\WINDOWS\system32\bgswitch.exe> []
<OM_Monitor><C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart> [OLYMPUS IMAGING CORP.]
<Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<DAEMON Tools><"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033> [DT Soft Ltd.]
<ATIModeChange><Ati2mdxx.exe> [ATI Technologies, Inc.]
<ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
<Smapp><C:\Program Files\Analog Devices\SoundMAX\SMTray.exe> [Analog Devices, Inc.]
<BigDogPath><C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera> []
<vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<Acrobat Assistant 7.0><"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"> [Adobe Systems Inc.]
<OM_Monitor><C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe> [OLYMPUS IMAGING CORP.]
<NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<Vistadrv><C:\Program Files\Vista\systool\Vistadrive\vsdrv.exe> []
<Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
<SKYNET Personal FireWall><C:\Program Files\SkyNet\FireWall\PFW.exe> [廣州眾達天網技術有限公司]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll> []

==================================
啟動資料夾
[Adobe Acrobat Speed Launcher]
<C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Adobe Acrobat Speed Launcher.lnk><N>
[Flash Video]
<C:\Documents and Settings\Administrator\「開始」表菜單\程式\啟動\Flash Video.lnk><N>

==================================
服務
[Adobe LM Service / Adobe LM Service]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\system32\Ati2evxx.exe><N/A>
[DefWatch / DefWatch]
<C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[kavsvc / kavsvc]
<C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe><Kaspersky Lab>
[Symantec AntiVirus Client / Norton AntiVirus Server]
<C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>

==================================
瀏覽器載入項
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[AcroIEToolbarHelper Class]
{AE7CD045-E861-484f-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[使用網文快捕儲存當前網頁...]
{0246d4c7-57d6-41eb-ae55-cc9a883929da} <, N/A>
[使用網文快捕儲存...]
{0246d4c7-57d6-41eb-ae55-cc9a883929db} <, N/A>
[]
{0246d4c7-57d6-41eb-ae55-cc9a883929de} <C:\Program Files\WebCatcher\WebCatcher.exe, Wizissoft>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[Easy-WebPrint]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} <C:\Program Files\Canon\Easy-WebPrint\Toolband.dll, >
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[金山快譯(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2006\IEBand.dll, 金山軟件股份有限公司>
[WebActivater Control]
{3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\system32\WEBACT~1.OCX, QQ>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Easy-WebPrint]
{327C2873-E90D-4C37-AA9D-10AC9BABA46C} <C:\Program Files\Canon\Easy-WebPrint\Toolband.dll, >
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[金山快譯(&K)]
{6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2006\IEBand.dll, 金山軟件股份有限公司>
[Microsoft Web 瀏覽器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[AcroIEToolbarHelper Class]
{AE7CD045-E861-484F-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[使用網際快車下載]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用網際快車下載全部鏈接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[轉換為 Adobe PDF]
<res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[轉換為現有 PDF]
<res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[轉換選定的鏈接為 Adobe PDF]
<res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[轉換選定的鏈接為現有 PDF]
<res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[轉換選項為 Adobe PDF]
<res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[轉換選項為現有 PDF]
<res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[轉換鏈接目標為 Adobe PDF]
<res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[轉換鏈接目標為現有 PDF]
<res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>

==================================
正在執行的工作行程
[PID: 476][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 536][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 560][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\WINDOWS\system32\NavLogon.dll] <N/A><N/A>
[PID: 612][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 624][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 780][C:\WINDOWS\system32\Ati2evxx.exe] <N/A><N/A>
[PID: 792][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 844][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 892][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 1356][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 1384][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 1536][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\Program Files\Tencent\QQ\Messenger.dll] <N/A><N/A>
[C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><6.0.1.2003110300>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS] <Adobe Systems, Inc.><7.0.0.0>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><8.1.0.821>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.142.1>
[C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll] <Adobe Systems Inc.><7.0.0.2004121400\0>
[C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.chs] <Adobe Systems Inc.><7.0.0.2004121400\0>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[PID: 1676][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\WINDOWS\system32\AdobePDF.dll] <Adobe Systems Incorporated.><7.0.0.00>
[C:\Program Files\Adobe\Acrobat 7.0\Distillr\AdistRes.CHS] <N/A><N/A>
[C:\WINDOWS\system32\CNMLM52.DLL] <CANON INC.><1.70.2.2>
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD52.DLL] <CANON INC.><1.70.2.2>
[PID: 1940][C:\Program Files\DAEMON Tools\daemon.exe] <DT Soft Ltd.><4.03.0.0>
[C:\Program Files\DAEMON Tools\daemon.dll] <DT Soft Ltd.><4.03.0.0>
[C:\Program Files\DAEMON Tools\PFCTOC.DLL] <Padus(R), Inc.><1, 0, 0, 12>
[C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll] <N/A><1.0.6.0>
[C:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll] <GENERIC><1.10.0.0>
[C:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll] <GENERIC><1.12.0.0>
[C:\Program Files\DAEMON Tools\Plugins\Images\nrgmount.dll] <GENERIC><1.11.0.0>
[C:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll] <GENERIC><1.01.0.0>
[PID: 1956][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] <ATI Technologies, Inc.><6.14.10.5061>
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] <ATI Technologies, Inc.><6.14.10.5061>
[C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS] <ATI Technologies, Inc.><6.14.10.5061>
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] <ATI Technologies, Inc.><6.14.10.5061>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 1968][C:\Program Files\Analog Devices\SoundMAX\SMTray.exe] <Analog Devices, Inc.><3, 2, 18, 0>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 1976][C:\WINDOWS\VM_STI.EXE] <VM.><4.2.610.4>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\WINDOWS\system32\VM31bPrp.Ax] <VM><4.2.711.31>
[PID: 1984][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] <Symantec Corporation><8.1.0.821>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><8.1.0.821>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[PID: 1996][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3208>
[PID: 2016][C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe] <Adobe Systems Inc.><6.0.1.2004121400>
[C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.chs] <Adobe Systems Inc.><6.0.0.0>
[PID: 256][C:\Program Files\Tencent\QQ\Messenger.exe] <N/A><N/A>
[PID: 344][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 408][C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe] <Symantec Corporation><8.1.0.821>
[PID: 524][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] <Microsoft Corporation><7.00.9466>
[PID: 740][C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe] <Symantec Corporation><8.1.0.821>
[C:\WINDOWS\system32\CBA.DLL] <Intel? Corporation><6.12.0.105 E>
[C:\WINDOWS\system32\MsgSys.dll] <Intel? Corporation><6.12.0.105 E>
[C:\WINDOWS\system32\NTS.dll] <Intel? Corporation><6.12.0.105 E>
[C:\WINDOWS\system32\PDS.DLL] <Intel? Corporation><6.12.0.105 E>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll] <Symantec Corporation><8.1.0.821>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll] <Symantec Corporation><8.1.0.821>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL] <Symantec Corp.><4.2.0.7>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060726.039\NAVEX32a.DLL] <Symantec Corporation><20061.2.0.24>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060726.039\NAVENG32.DLL] <Symantec Corporation><20061.2.0.24>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL] <Symantec Corporation><9.1.0.26>
[PID: 1056][C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe] <Adobe Systems Incorporated><7.0.0.0>
[PID: 1068][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] <Analog Devices, Inc.><3, 2, 6, 0>
[PID: 1076][C:\Program Files\flvplayer\flvplayer.exe] <N/A><N/A>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 1960][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 228][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 216][C:\Program Files\Chinanet\VnetClient.exe] <><2005, 11, 14, 1>
[C:\Program Files\Chinanet\Communicate.dll] <0><2005, 3, 3, 1>
[C:\Program Files\Chinanet\DialModule.dll] <GDCN><2005, 11, 15, 1>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\PROGRA~1\Chinanet\CLIENT~1.DLL] <><2004, 2, 28, 1>
[C:\PROGRA~1\Chinanet\PLUGIN~1.OCX] <><2005, 7, 27, 1>
[C:\PROGRA~1\Chinanet\sign.dll] <0><2004, 12, 1, 1>
[C:\PROGRA~1\Chinanet\PostPlug.dll] <><2004, 12, 16, 2>
[C:\PROGRA~1\Chinanet\ADVERT~1.OCX] <><2005, 10, 13, 1>
[C:\PROGRA~1\Chinanet\VnetBs.ocx] <><2004, 11, 18, 1>
[C:\PROGRA~1\Chinanet\ACCOUN~2.DLL] <><2005, 11, 14, 1>
[C:\PROGRA~1\Chinanet\AccountMgr.dll] <><2005, 11, 14, 17>
[C:\PROGRA~1\Chinanet\VnetSkin.ocx] <GDDC><2005, 11, 14, 1>
[C:\PROGRA~1\Chinanet\DialogStyle.dll] <><1, 0, 0, 1>
[C:\PROGRA~1\Chinanet\Timer.ocx] <><2005, 10, 9, 14>
[C:\PROGRA~1\Chinanet\PLUGIN~2.OCX] <><2005, 2, 24, 1>
[C:\PROGRA~1\Chinanet\NEWMES~1.DLL] <><2005, 8, 26, 1>
[C:\PROGRA~1\Chinanet\PassCtrl.dll] <><1, 0, 0, 1>
[C:\PROGRA~1\Chinanet\PlugPush.dll] <><2004, 12, 21, 1>
[C:\PROGRA~1\Chinanet\ALLINT~1.DLL] <><2004, 11, 23, 1>
[C:\PROGRA~1\Chinanet\VNETLO~1.OCX] <><2005, 10, 9, 1>
[C:\PROGRA~1\Chinanet\StatNum.dll] <><2004, 11, 18, 1>
[C:\PROGRA~1\Chinanet\VNETON~1.OCX] <><2005, 3, 2, 1>
[C:\PROGRA~1\Chinanet\ALLFUN~1.DLL] <GDCN><2005, 10, 9, 1>
[C:\PROGRA~1\Chinanet\VnetOptLog.dll] <><2005, 9, 13, 9>
[C:\WINDOWS\system32\IeFilter.dll] <N/A><N/A>
[C:\PROGRA~1\Chinanet\DlgSkin.ocx] <><2005, 11, 14, 1>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 2428][C:\GreenBrowserV3.4\GreenBrowser.exe] <MoreQuick><1, 0, 0, 0>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 2972][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 3056][C:\Documents and Settings\Administrator\My Documents\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

A:

再次執行 System Repair Engineer 在「啟動專案」->「註冊表」中刪除下面專案

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []

C:\Program Files\Tencent\QQ\Messenger.exe <--刪除此文件
C:\Program Files\Tencent\QQ\Messenger.dll <--刪除此文件

下載Dr.Web CureIT! 免費掃瞄器，包含最新病毒庫，可以檢測清除病毒
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
自解壓格式，下載後直接執行cureit.exe，或者右鍵解壓縮後執行其中的_start.exe

先按「確定」進行「Start Express Scan」
執行殺毒，先會自動掃瞄記憶體工作行程和啟動項，自動掃瞄結束後，用滑鼠選中所有的硬碟分區再次殺毒.
最後把殺毒報告發上來,開始->執行 %USERPROFILE%\DoctorWeb\CureIt.log

Q:

求助】幫我看看我的報告~

2006-08-03,14:02:15

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中：
所有的啟動專案（包括註冊表、啟動資料夾、服務等）
瀏覽器載入項
正在執行的工作行程（包括工作行程模塊訊息）
文件關聯

啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<avgnt><"D:\AntiVir PersonalEdition Classic\avgnt.exe" /min> [Avira GmbH]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><KB235780M.LOG> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]

==================================
啟動資料夾
服務
[AntiVir PersonalEdition Classic Scheduler / AntiVirScheduler]
<D:\AntiVir PersonalEdition Classic\sched.exe><Avira GmbH>
[AntiVir PersonalEdition Classic Guard / AntiVirService]
<D:\AntiVir PersonalEdition Classic\avguard.exe><AVIRA GmbH>
[LexBce Server / LexBceS]
<C:\WINDOWS\system32\LEXBCES.EXE><Lexmark International, Inc.>
[Local Security Authority Subsystem Service / lsass]
<><N/A>
[Network Monitor / Network Monitor]
<C:\Program Files\Network Monitor\netmon.exe service><N/A>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[VKTServ / VKTServ]
<C:\WINDOWS\System32\VKTServ.exe><N/A>
[Microsoft Windows HelpFile / Windows Helpfile]
<><N/A>

==================================
瀏覽器載入項
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr1.dll, Tencent>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[訊息檢索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[金山快譯(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\PROGRA~1\Kingsoft\FASTAI~1\IEBand.dll, >
[UCmore XP - The Search Accelerator]
{44BE0690-5429-47f0-85BB-3FFD8020233E} <C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll, Effective-i Inc.>
[電台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[上傳到QQ網路硬碟]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[新增到QQ自定義面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[新增到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信發送該圖片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在執行的工作行程
[PID: 420][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 484][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 508][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 552][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 564][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 732][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 784][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 964][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 976][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1092][C:\WINDOWS\system32\LEXBCES.EXE] <Lexmark International, Inc.><9.42>
[C:\WINDOWS\system32\lexp2p32.dll] <Lexmark International, Inc.><9.42>
[C:\WINDOWS\system32\lex2kusb.dll] <Lexmark International, Inc.><9.42>
[PID: 1128][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.1699 (xpsp2.050610-1533)>
[C:\WINDOWS\system32\LEXLMPM.DLL] <Lexmark International, Inc.><96.9.42>
[C:\WINDOWS\system32\LexBce.dll] <Lexmark International, Inc.><9.42>
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LVBZPP5C.dll] <Lenovo (Beijing) Ltd.><1.0.2.3>
[C:\WINDOWS\system32\LVBZpwr.dll] <Lenovo (Beijing) Ltd.><1, 0, 1, 0>
[PID: 1132][C:\WINDOWS\system32\LEXPPS.EXE] <Lexmark International, Inc.><9.42>
[C:\WINDOWS\system32\LEXBCE.DLL] <Lexmark International, Inc.><9.42>
[PID: 1872][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
[C:\WINDOWS\System32\nvshell.dll] <NVIDIA Corporation><6.14.10.5303>
[C:\WINDOWS\System32\NVWRSZHC.DLL] <NVIDIA Corporation><6.14.10.5303>
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] <Tencent><4, 1, 8, 81>
[PID: 1976][D:\AntiVir PersonalEdition Classic\sched.exe] <Avira GmbH><7.00.00.17>
[D:\AntiVir PersonalEdition Classic\schedr.dll] < Avira GmbH><7.00.00.04>
[PID: 2036][D:\AntiVir PersonalEdition Classic\avguard.exe] <AVIRA GmbH><7.00.00.29>
[D:\AntiVir PersonalEdition Classic\GUARDMSG.DLL] <H+BEDV Datentechnik GmbH><7.00.00.04>
[D:\AntiVir PersonalEdition Classic\AVPREF.DLL] <Avira GmbH><7.00.00.01>
[D:\AntiVir PersonalEdition Classic\SMTPLIB.DLL] <Avira GmbH><1.02.00.08>
[D:\AntiVir PersonalEdition Classic\AVEWIN32.DLL] <Avira GmbH><7.1.1.0>
[PID: 192][C:\Program Files\Network Monitor\netmon.exe] <N/A><N/A>
[PID: 200][C:\WINDOWS\System32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.5303>
[PID: 232][D:\AntiVir PersonalEdition Classic\avgnt.exe] <Avira GmbH><7.00.00.10>
[D:\AntiVir PersonalEdition Classic\avgcmxp.dll] <Avira GmbH><7.00.00.09>
[PID: 236][C:\WINDOWS\System32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 268][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 1696][C:\Program Files\寬帶上網助手\Apa2.exe] <Linkage System Intergrated><1, 0, 0, 9>
[PID: 1764][C:\WINDOWS\System32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 388][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] <Tencent><4, 1, 8, 81>
[C:\Program Files\Tencent\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5>
[PID: 1428][F:\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

問題
電腦有點卡~

A:

再次執行 System Repair Engineer 在下面啟動項處點編輯按鈕，刪除其中的內容
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><KB235780M.LOG> []

有什麼問題請文字說明

Q:

圖片：

http://bbs.crsky.com/1128632305/Mon_0608/64_129820_82a344ac27168c5.jpg

圖片：

http://bbs.crsky.com/1128632305/Mon_0608/64_129820_bb4bc750ed877b6.jpg

圖片：

http://bbs.crsky.com/1128632305/Mon_0608/64_129820_679ff285f0bde28.jpg

圖片：

http://bbs.crsky.com/1128632305/Mon_0608/64_129820_15d844555f4ac64.jpg

QUOTE:
引用第2樓Bon Jovi於2006-08-03 14:35發表的「」:
再次執行 System Repair Engineer 在下面啟動項處點編輯按鈕，刪除其中的內容
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWindows]
[]
.......
那個我在殺毒的時候好像被刪了
但是啟動項好像還是弄不掉

A:

在下面啟動項處點編輯按擊<AppInit_DLLs>

在「值」這一項中，刪除 KB235780M.LOG 這幾個字母，然後確定

Q:

【求助】IE老彈廣告。請大家進來看看！附日誌！

2006-09-01,22:19:30

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中：
所有的啟動專案（包括註冊表、啟動資料夾、服務等）
瀏覽器載入項
正在執行的工作行程（包括工作行程模塊訊息）
文件關聯

啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<McAfeeUpdaterUI><"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey> [Network Associates, Inc.]
<Network Associates Error Reporting Service><"C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"> [Network Associates, Inc.]
<ShStatEXE><"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE> [Network Associates, Inc.]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> []
<CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32> [北京三七二一科技有限公司]
<DAEMON Tools-2052><; ; "C:\Program Files\D-Tools\daemon.exe" -lang 2052> []
<helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> []
<IMJPMIG8.1><; ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<NvMediaCenter><; ; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<nwiz><; ; nwiz.exe /install> []
<PHIME2002A><; ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<SunJavaUpdateSched><; C:\Program Files\Java\jre1.5.0\bin\jusched.exe> [Sun Microsystems, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]

==================================
啟動資料夾
服務
[Adobe LM Service / Adobe LM Service]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Computer Storage / BUZOR]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[McAfee Framework 服務 / McAfeeFramework]
<C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart><Network Associates, Inc.>
[Network Associates McShield / McShield]
<"C:\Program Files\Network Associates\VirusScan\Mcshield.exe"><Network Associates, Inc.>
[Network Associates Task Manager / McTaskManager]
<"C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"><Network Associates, Inc.>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
瀏覽器載入項
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v3.dll, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <d:\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[IEYHlprObj Class]
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation>
[Schedule Class]
{8B316DA1-9950-4926-B9EA-1AEC124AFA45} <C:\WINDOWS\system32\sscli.dll, >
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[EastAliveObj Class]
{A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, Eastday Corporation>
[T2BHO Class]
{B1D147E7-873E-4909-8127-695D9BB78728} <C:\WINDOWS\Downloaded Program Files\barhelp24.0.dll, N/A>
[tscgm Class]
{D11D0862-0390-4884-A95C-4702D0D4C11A} <C:\WINDOWS\system32\coredrv32.dll, >
[易得優播放器]
{009541A0-3B81-101C-92F3-040224009C04} <C:\Program Files\edusoft\SWFBROWER\swfbrowse.exe, 易得優軟件>
[Java Plug-in 1.5.0]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, Sun Microsystems, Inc.>
[浩方對戰平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <E:\軟件\浩方對戰平台\GameClient.exe, 上海浩方線上訊息技術有限公司>
[比較購物搜索(&C)]
{A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} <C:\WINDOWS\YayaBands.dll, Eastday Corporation>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <d:\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[BitCometBar]
{3F1ABCDB-A875-46c1-8345-B72A4567E486} <d:\BitComet\BitCometBar\BitCometBar0.2.dll, N/A>
[MMCPlayer Class]
{05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[Java Plug-in 1.5.0]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, Sun Microsystems, Inc.>
[estInsObj Class]
{A927C078-E82F-471B-83F5-3D1504F7D01B} <C:\WINDOWS\estAlive.dll, Eastday Corporation>
[Java Plug-in 1.5.0]
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v3.dll, >
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[BitCometBar]
{3F1ABCDB-A875-46C1-8345-B72A4567E486} <d:\BitComet\BitCometBar\BitCometBar0.2.dll, N/A>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <d:\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[IEYHlprObj Class]
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Schedule Class]
{8B316DA1-9950-4926-B9EA-1AEC124AFA45} <C:\WINDOWS\system32\sscli.dll, >
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[EastAliveObj Class]
{A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, Eastday Corporation>
[T2BHO Class]
{B1D147E7-873E-4909-8127-695D9BB78728} <C:\WINDOWS\Downloaded Program Files\barhelp24.0.dll, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[3721]
{B83FC273-3522-4CC6-92EC-75CC86678DA4} <C:\WINDOWS\Downloaded Program Files\CnsMin.dll, 北京三七二一科技有限公司>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[tscgm Class]
{D11D0862-0390-4884-A95C-4702D0D4C11A} <C:\WINDOWS\system32\coredrv32.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下載]
<D:\Thunder\geturl.htm, N/A>
[&使用迅雷下載全部鏈接]
<D:\Thunder\getAllurl.htm, N/A>
[上傳到QQ網路硬碟]
<D:\QQ\AddToNetDisk.htm, N/A>
[新增到QQ自定義面板]
<D:\QQ\AddPanel.htm, N/A>
[新增到QQ表情]
<D:\QQ\AddEmotion.htm, N/A>
[用QQ彩信發送該圖片]
<D:\QQ\SendMMS.htm, N/A>
[用比特精靈下載(&B)]
<D:\BitSpirit\bsurl.htm, N/A>
[秦皇島教育網]
<, N/A>

==================================
正在執行的工作行程
[PID: 416][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 636][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 668][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 712][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277>
[PID: 724][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277>
[PID: 880][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277>
[PID: 944][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277>
[PID: 1040][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277>
[PID: 1076][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277>
[PID: 1176][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277>
[PID: 1488][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277>
[C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.8420>
[C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.8420>
[C:\WINDOWS\system32\nvshell.dll] <N/A><N/A>
[C:\WINDOWS\system32\xunleibho_v3.dll] <><4, 3, 1, 28>
[C:\WINDOWS\system32\sscli.dll] <><5, 0, 2195, 6696>
[C:\WINDOWS\system32\WinSC32.dll] <N/A><N/A>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\Network Associates\VirusScan\shext.dll] <Network Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\RES04\ShExtRes.dll] <Network Associates, Inc.><8.0.0.912>
[PID: 1528][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1648][C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\nailog.dll] <Network Associates, Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] <Network Associates, Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\naXML.dll] <Network Associates, Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\0804\UpdRes.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] <Network Associates, Inc.><3.5.0.412>
[PID: 1676][C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe] <Network Associates, Inc.><2.0.275.0>
[PID: 1684][C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE] <Network Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] <Network Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\naiwmain.dll] <Network Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\RES04\shstat.dll] <Network Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\RES04\Product.dll] <Network Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\RES04\McShield.dll] <Network Associates, Inc.><8.0.0.251>
[C:\Program Files\Network Associates\VirusScan\RES04\Shutilrc.dll] <Network Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\Graphics.dll] <Network Associates, Inc.><8.0.0.912>
[PID: 1744][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 280][C:\Program Files\Network Associates\Common Framework\FrameworkService.exe] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\nailog.dll] <Network Associates, Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\naXML.dll] <Network Associates, Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] <Network Associates, Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\applib.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\Logging.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\InternetManager.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\naInet.dll] <Network Associates, Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\UserSpace.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\Management.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\cmalib.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\Scheduler.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\TCSubSys.dll] <Network Associates, Inc.><3.5.0.412>
[C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277>
[PID: 312][C:\Program Files\Network Associates\VirusScan\Mcshield.exe] <Network Associates, Inc.><8.0.0.251>
[C:\Program Files\Network Associates\VirusScan\Res04\McShield.DLL] <Network Associates, Inc.><8.0.0.251>
[C:\Program Files\Network Associates\VirusScan\FTL.Dll] <Network Associates, Inc.><8.0.0.135>
[C:\Program Files\Network Associates\VirusScan\naiann.dll] <Network Associates, Inc.><8.0.0.251>
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] <Network Associates, Inc.><8.0.0.251>
[C:\Program Files\Network Associates\Common Framework\GenEvtInf.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\VirusScan\NaEventU.DLL] <Network Associates, Inc.><8.0.0.342>
[C:\Program Files\Network Associates\VirusScan\Res04\naEvtRes.dll] <Network Associates, Inc.><8.0.0.342>
[C:\Program Files\Network Associates\VirusScan\VSIDSvr.dll] <Network Associates, Inc.><8.0.0.251>
[C:\Program Files\Common Files\Network Associates\Engine\MCSCAN32.DLL] <McAfee, Inc.><4.4.00>
[C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\VirusScan\EntSrv.Dll] <Network Associates, Inc><8.0.0.277>
[PID: 336][C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe] <Network Associates, Inc.><3.5.0.412>
[C:\PROGRA~1\NETWOR~1\COMMON~1\nailog.dll] <Network Associates, Inc.><3.5.0.474>
[C:\PROGRA~1\NETWOR~1\COMMON~1\naCmnLib.dll] <Network Associates, Inc.><3.5.0.474>
[C:\PROGRA~1\NETWOR~1\COMMON~1\naXML.dll] <Network Associates, Inc.><3.5.0.474>
[C:\PROGRA~1\NETWOR~1\COMMON~1\0804\AgentRes.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\VirusScan\VsPlugin.dll] <Network Associates, Inc.><8.0.0.912>
[C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277>
[PID: 480][C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe] <Network Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] <Network Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\naiwmain.dll] <Network Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\naicondl.dll] <Network Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\RES04\VsTskMgr.dll] <Network Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\MIDUtil.Dll] <McAfee, Inc.><8.0.0.152>
[PID: 564][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.8420>
[PID: 840][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1608][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2332][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277>
[PID: 2808][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277>
[C:\WINDOWS\system32\xunleibho_v3.dll] <><4, 3, 1, 28>
[d:\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5>
[C:\WINDOWS\IEYHelper.dll] <Eastday Corporation><1, 0, 0, 13>
[C:\WINDOWS\YayaBands.dll] <Eastday Corporation><1, 0, 0, 5>
[C:\WINDOWS\YayaVerAtl.dll] <Eastday Corporation><1, 0, 0, 48>
[C:\WINDOWS\system32\sscli.dll] <><5, 0, 2195, 6696>
[C:\WINDOWS\system32\WinSC32.dll] <N/A><N/A>
[C:\WINDOWS\estAlive.dll] <Eastday Corporation><1, 0, 0, 7>
[C:\WINDOWS\system32\coredrv32.dll] <><1, 0, 0, 1>
[C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] <Network Associates, Inc.><8.0.0.955>
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] <Network Associates, Inc.><8.0.0.251>
[C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll] <Network Associates, Inc.><8.0.0.251>
[C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll] <McAfee, Inc.><4.4.00>
[PID: 3048][C:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\coredrv32.dll] <><1, 0, 0, 1>
[PID: 1736][E:\軟件\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件關聯
.TXT Error. [notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. [hh.exe %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [notepad.exe %1]
.INF Error. [notepad.exe %1]
.VBS Error. [wscript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

A:

1. 使用SREng (相關操作說明)
-刪除以下的服務
[Computer Storage / BUZOR]
-刪除以下瀏覽器載入項
[IEYHlprObj Class]
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674}
[Schedule Class]
{8B316DA1-9950-4926-B9EA-1AEC124AFA45}
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61}
[EastAliveObj Class]
{A2B7A0F0-B697-4A71-8D91-43443F57D7BB}
[T2BHO Class]
{B1D147E7-873E-4909-8127-695D9BB78728}
[tscgm Class]
{D11D0862-0390-4884-A95C-4702D0D4C11A}
[比較購物搜索(&C)]
{A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC}
[estInsObj Class]
{A927C078-E82F-471B-83F5-3D1504F7D01B}
-修復以下文件關聯
.TXT Error. [notepad.exe %1]
.CHM Error. [hh.exe %1]
.INI Error. [notepad.exe %1]
.INF Error. [notepad.exe %1]
.VBS Error. [wscript.exe "%1" %*]
2. 重新啟動,刪除以下檔案 (看注1)
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL
C:\WINDOWS\IEYHelper.dll
C:\WINDOWS\estAlive.dll
C:\WINDOWS\YayaBands.dll
C:\WINDOWS\system32\sscli.dll
C:\WINDOWS\system32\WinSC.dll
C:\WINDOWS\system32\WinSC32.dll
C:\WINDOWS\system32\WinSC64.dll
C:\WINDOWS\system32\coredrv32.dll
3. 下載 惡意軟件清理助手,並儲存到桌面 (如有需要,把使用方法的圖同時儲存到桌面)

http://xs201.xs.to/xs201/06214/RogueCleaner.png

重新啟動,按 F8 進入安全模式,用惡意軟件清理助手清理一下你的系統
4. 用Dr.Web CureIT掃瞄一次你的電腦
a) 下載 Dr.Web CureIT 並儲存到桌面 (請同時把使用方法的圖片儲存到桌面,方便參考)

http://xs304.xs.to/xs304/06303/cureit.png

b) 執行 cureit.exe ,按 Start 繼續,會提示你做一次Express Scan (掃瞄記憶體) ,如果找到已感染的檔案,會提示你進行清除(Cure)
c) Express Scan完成後,按 Select drives ,再按右手面的 三角形/箭頭 開始掃瞄
d) 在掃瞄過程中找到已感染的檔案,按 Yes to All 去清除/移動檔案
e) 掃瞄完成後,如果找到已感染的檔案,根據圖中按藍圈 ---> 紅圈 ---> 綠圈
f) 關閉Dr.Web CureIT 並重新啟動電腦,之後,把 C:\Documents and Settings\[你的用戶名稱]\DoctorWeb\CureIT.log 內容貼上來

開始執行 services.msc 　　禁用下面名稱的服務
Computer Storage

刪除下面文件
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL

超級兔子清理王7.78beta2(2006.08.31更新) 可卸載 163種流氓LJ惡意軟件
http://download5.pctutu.com/soft/winspeed778beta.zip
執行「超級兔子清理王」裡面的「專業卸載」，把裡面用紅色標記的流氓不良綁裝軟件全部卸載掉
不要安裝超級兔子上網精靈裡面帶的「超級兔子工具欄」

下載執行流氓軟件清理助手 V2.1.1
http://www.tommsoft.com/Products.aspx?pid=2
選擇強制清理，如果第一次清理不掉，可以去安全模式下再次清理

Q:

中毒了。大家看看我的日誌

在某網站下載了一個東西後。自動安裝了一些亂七八糟的東西。進入安全模式用卡巴 ewido殺毒（掃瞄出20個病毒）現在開機啟動後卡巴提示C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper 目錄下有個IEHelper.dll文件是廣告程式卻怎麼也刪不掉。

日誌：

2006-09-01,13:59:22

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中：
所有的啟動專案（包括註冊表、啟動資料夾、服務等）
瀏覽器載入項
正在執行的工作行程（包括工作行程模塊訊息）
文件關聯

啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<kav><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
<Outpost Firewall><C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice> [Agnitum Ltd.]
<OutpostFeedBack><C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup> [Agnitum Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [Kaspersky Lab]

==================================
啟動資料夾
服務
[卡巴斯基反病毒軟件6.0 / AVP]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[C-DillaCdaC11BA / C-DillaCdaC11BA]
<C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Outpost Firewall Service / OutpostFirewall]
<C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /service><Agnitum Ltd.>

==================================
瀏覽器載入項
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4702.dll, N/A>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Web反病毒保護]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
[Outpost Firewall Pro 快速調較]
{44627E97-789B-40d4-B5C2-58BD171129A1} <C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll, Agnitum Ltd.>
[JUJU貓]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.jujumao.com, N/A>
[CibaCtrl Class]
{8DE0FCD4-5EB5-11D3-AD25-00002100131B} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, >
[JoyoCtrl Class]
{C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, >
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[YOK超級搜索]
{F869BB38-FFEF-4589-B986-610B7AD0ADA2} <http://www.yok.com, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4702.dll, N/A>
[RealPlayer SMIL Download Handler]
{224E833B-2CC6-42D9-AE39-90B6A38A4FA2} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 瀏覽器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[CibaCtrl Class]
{8DE0FCD4-5EB5-11D3-AD25-00002100131B} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, >
[PhotoUploadCtrl Control]
{A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} <C:\PROGRA~1\Tencent\QQ\QZone\PHOTOU~1.OCX, tencent>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[JoyoCtrl Class]
{C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, >
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Microsoft Agent Control 2.0]
{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F} <C:\WINDOWS\msagent\agentctl.dll, Microsoft Corporation>
[TencentVmpCtl Class]
{D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>
[上傳到QQ網路硬碟]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用迅雷下載]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下載全部鏈接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[新增到QQ自定義面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[新增到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信發送該圖片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在執行的工作行程
[PID: 644][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 752][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 800][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\klogon.dll] <Kaspersky Lab><6.0.0.299>
[PID: 876][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 888][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1080][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1180][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1256][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1328][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1452][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1696][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 2008][C:\WINDOWS\system32\drivers\CDAC11BA.EXE] <Macrovision><4.20.020>
[PID: 136][C:\Program Files\Agnitum\Outpost Firewall\outpost.exe] <Agnitum Ltd.><3.5.462.6330>
[C:\Program Files\Agnitum\Outpost Firewall\engine.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\op_utils.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\Ads\ad_int.ofp] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\Content\cnt_int.ofp] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\DNS\dns_int.ofp] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\File\file_int.ofp] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\Web\web_int.ofp] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\op_hdlr.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\op_data.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\netstat.ofp] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\Protect\prot_int.ofp] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\sp_ui.ofp] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\sp_cure.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\sp_mon.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\sp_scan.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\zlib.dll] <Jean-loup Gailly and Mark Adler><1, 1, 4, 0>
[C:\Program Files\Agnitum\Outpost Firewall\unrar.dll] <N/A><N/A>
[C:\Program Files\Agnitum\Outpost Firewall\op_cmn.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\opst_ui.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\op_ctrls.dll] <Agnitum Ltd.><3.51.759.6511>
[PID: 204][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 744][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.0.0.86>
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[PID: 1860][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 560][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1716][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[C:\Program Files\Tencent\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5>
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] <Kaspersky Lab><1.0.6.299>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] <Kaspersky Lab><6.0.0.299>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] <Kaspersky Lab><6.0.0.299>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] <Kaspersky Lab><6.0.0.299>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] <Kaspersky Lab><6.0.0.299>
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.0.0.86>
[PID: 3536][E:\TDDownload\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件關聯
.TXT Error. [Notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

A:

超級兔子清理王7.78beta2(2006.08.31更新) 可卸載 163種流氓LJ惡意軟件
http://download5.pctutu.com/soft/winspeed778beta.zip
執行「超級兔子清理王」裡面的「專業卸載」，把裡面用紅色標記的流氓不良綁裝軟件全部卸載掉
不要安裝超級兔子上網精靈裡面帶的「超級兔子工具欄」

下載執行流氓軟件清理助手 V2.1.1
http://www.tommsoft.com/Products.aspx?pid=2
選擇強制清理，如果第一次清理不掉，可以去安全模式下再次清理

Q:

office損壞，rar和其它很多exe文件打不開

不知是不是中毒，首先公司局域網內很多office文檔都打不開，有錯誤提示，重裝安裝OFFICE軟件後，文檔可以用了，但rar和其它很多exe文件都無法執行。
我已經用卡巴、諾盾、麥咖啡殺過毒了，均無效。。
並且打開其它文件時並沒有錯誤提示，只是沒任何反應，並且任務管理器裡沒有相關工作行程。。

求其它解決方法。。。

A:

如果懷疑係統裡有病毒或木馬,下載Dr.Web CureIT! 免費掃瞄器，包含最新病毒庫，可以檢測清除病毒、木馬、後門、流氓惡意軟件，不和已裝殺毒軟件衝突
直接下載位址： ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
自解壓格式，下載後直接執行cureit.exe，或者滑鼠右鍵，解壓到目標資料夾，然後執行該資料夾裡面的「_start.exe」殺毒
先按「確定」進行「Start Express Scan」快速殺毒，先會自動掃瞄記憶體工作行程和啟動項，等快速掃瞄結束後，再用滑鼠左鍵選中硬碟分區的圖示，被選中的分區上會出現紅點標記，再次殺毒.Dr.Web界面左下角的5個按鍵分別是"全選" "清除" "重命名" "隔離" "刪除".可以先把殺毒報告發上來等待確認後再進行操作，或者Select all(全選) Cure ->Move incurable(將清除失敗的文件移動到隔離區)
最後把殺毒報告發上來,從"我的電腦"打開 %USERPROFILE%\DoctorWeb\ 打開下面文件CureIt.log複製其中內容到帖子裡
Dr.Web 使用圖解

http://static.flickr.com/66/222747514_9aed944e3a.jpg

如果還有問題,下載 System Repair Engineer
http://www.kztechs.com/sreng/sreng2.zip
使用方法: 解壓到一個資料夾如D:\sreng2.執行SREng.exe，點擊"智慧式掃瞄"->"掃瞄"->"儲存報告".然後把報告發上來分析

Q:

單位裡也是這種情況,把OFFCE重裝了,可以用, 不過第二天又出現這種問題

對啊。。第二天又會不行。到底怎麼回事啊！！
我已經查好一次了,把CureIt.log複製其中內容到帖子裡
=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.06080)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2006-09-01, 11:08:29 [LSFJ0008][Administrator]
Command-line: "C:\工具\cureit\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows 2000 Professional x86 (Build 2195), Service Pack 4
=============================================================================
Engine version: 4.33 (4.33.4.07270)
Engine API version: 2.01
[Virus base] C:\工具\cureit\crwtoday.cdb - 684 virus records
[Virus base] C:\工具\cureit\crw43350.cdb - 1020 virus records
[Virus base] C:\工具\cureit\crw43349.cdb - 1008 virus records
[Virus base] C:\工具\cureit\crw43348.cdb - 1096 virus records
[Virus base] C:\工具\cureit\crw43347.cdb - 707 virus records
[Virus base] C:\工具\cureit\crw43346.cdb - 1429 virus records
[Virus base] C:\工具\cureit\crw43345.cdb - 1358 virus records
[Virus base] C:\工具\cureit\crw43344.cdb - 694 virus records
[Virus base] C:\工具\cureit\crw43343.cdb - 1186 virus records
[Virus base] C:\工具\cureit\crw43342.cdb - 744 virus records
[Virus base] C:\工具\cureit\crw43341.cdb - 841 virus records
[Virus base] C:\工具\cureit\crw43340.cdb - 822 virus records
[Virus base] C:\工具\cureit\crw43339.cdb - 1071 virus records
[Virus base] C:\工具\cureit\crw43338.cdb - 989 virus records
[Virus base] C:\工具\cureit\crw43337.cdb - 855 virus records
[Virus base] C:\工具\cureit\crw43336.cdb - 1297 virus records
[Virus base] C:\工具\cureit\crw43335.cdb - 1195 virus records
[Virus base] C:\工具\cureit\crw43334.cdb - 900 virus records
[Virus base] C:\工具\cureit\crw43333.cdb - 1381 virus records
[Virus base] C:\工具\cureit\crw43332.cdb - 1340 virus records
[Virus base] C:\工具\cureit\crw43331.cdb - 2735 virus records
[Virus base] C:\工具\cureit\crw43330.cdb - 2078 virus records
[Virus base] C:\工具\cureit\crw43329.cdb - 2490 virus records
[Virus base] C:\工具\cureit\crw43328.cdb - 743 virus records
[Virus base] C:\工具\cureit\crw43327.cdb - 958 virus records
[Virus base] C:\工具\cureit\crw43326.cdb - 793 virus records
[Virus base] C:\工具\cureit\crw43325.cdb - 713 virus records
[Virus base] C:\工具\cureit\crw43324.cdb - 655 virus records
[Virus base] C:\工具\cureit\crw43323.cdb - 655 virus records
[Virus base] C:\工具\cureit\crw43322.cdb - 778 virus records
[Virus base] C:\工具\cureit\crw43321.cdb - 846 virus records
[Virus base] C:\工具\cureit\crw43320.cdb - 808 virus records
[Virus base] C:\工具\cureit\crw43319.cdb - 764 virus records
[Virus base] C:\工具\cureit\crw43318.cdb - 838 virus records
[Virus base] C:\工具\cureit\crw43317.cdb - 363 virus records
[Virus base] C:\工具\cureit\crw43316.cdb - 730 virus records
[Virus base] C:\工具\cureit\crw43315.cdb - 627 virus records
[Virus base] C:\工具\cureit\crw43314.cdb - 824 virus records
[Virus base] C:\工具\cureit\crw43313.cdb - 842 virus records
[Virus base] C:\工具\cureit\crw43312.cdb - 830 virus records
[Virus base] C:\工具\cureit\crw43311.cdb - 862 virus records
[Virus base] C:\工具\cureit\crw43310.cdb - 853 virus records
[Virus base] C:\工具\cureit\crw43309.cdb - 733 virus records
[Virus base] C:\工具\cureit\crw43308.cdb - 708 virus records
[Virus base] C:\工具\cureit\crw43307.cdb - 839 virus records
[Virus base] C:\工具\cureit\crw43306.cdb - 930 virus records
[Virus base] C:\工具\cureit\crw43305.cdb - 759 virus records
[Virus base] C:\工具\cureit\crw43304.cdb - 721 virus records
[Virus base] C:\工具\cureit\crw43303.cdb - 638 virus records
[Virus base] C:\工具\cureit\crw43302.cdb - 806 virus records
[Virus base] C:\工具\cureit\crw43301.cdb - 504 virus records
[Virus base] C:\工具\cureit\crw43300.cdb - 24 virus records
[Virus base] C:\工具\cureit\crwebase.cdb - 78674 virus records
[Virus base] C:\工具\cureit\cwrtoday.cdb - 227 virus records
[Virus base] C:\工具\cureit\cwr43301.cdb - 697 virus records
[Virus base] C:\工具\cureit\crwrisky.cdb - 1271 virus records
[Virus base] C:\工具\cureit\cwntoday.cdb - 105 virus records
[Virus base] C:\工具\cureit\cwn43304.cdb - 793 virus records
[Virus base] C:\工具\cureit\cwn43303.cdb - 766 virus records
[Virus base] C:\工具\cureit\cwn43302.cdb - 850 virus records
[Virus base] C:\工具\cureit\cwn43301.cdb - 773 virus records
[Virus base] C:\工具\cureit\crwnasty.cdb - 4867 virus records
Total virus records: 138087
Key file: C:\工具\cureit\cureit.key
License key number: 0000000010
Registered to: Dr.Web CureIt Project
License key activates: 2005-03-05
License key expires: 2007-03-05

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] D:\WINNT\System32\smss.exe
[Scan path] D:\WINNT\system32\csrss.exe
[Scan path] D:\WINNT\system32\winlogon.exe
[Scan path] D:\WINNT\system32\services.exe
[Scan path] D:\WINNT\system32\lsass.exe
[Scan path] D:\WINNT\system32\svchost.exe
[Scan path] D:\WINNT\system32\spoolsv.exe
[Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
[Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
[Scan path] D:\WINNT\system32\MSTask.exe
[Scan path] D:\WINNT\System32\WBEM\WinMgmt.exe
[Scan path] D:\WINNT\Explorer.EXE
[Scan path] D:\WINNT\system32\hkcmd.exe
[Scan path] D:\Program Files\Analog Devices\SoundMAX\Smtray.exe
[Scan path] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
[Scan path] D:\WINNT\system32\Internat.exe
[Scan path] C:\jstax\jstax.exe
[Scan path] C:\jstax\swdj.exe
[Scan path] D:\WINNT\system32\regsvc.exe
[Scan path] D:\WINNT\system32\conime.exe
[Scan path] D:\Program Files\Internet Explorer\IEXPLORE.EXE
[Scan path] C:\工具\cureit\_start.exe
[Scan path] C:\工具\cureit\cureit.exe
[Scan path] D:\WINNT\system32\mobsync.exe
[Scan path] D:\WINNT\system32\mswdm.exe
D:\WINNT\system32\mswdm.exe infected with Trojan.PWS.Gamania - incurable - moved

[Scan path] d:\program files\internet explorer\connection wizard\icwconn1.exe
[Scan path] D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[Scan path] D:\Program Files\Microsoft Office\Office\OSA9.EXE
[Scan path] D:\WINNT\system32\mmsys.cpl
[Scan path] D:\WINNT\system32\icmui.dll
[Scan path] D:\WINNT\system32\rshx32.dll
[Scan path] D:\WINNT\system32\docprop.dll
[Scan path] D:\WINNT\system32\ntshrui.dll
[Scan path] D:\WINNT\system32\plustab.dll
[Scan path] D:\WINNT\system32\deskadp.dll
[Scan path] D:\WINNT\system32\deskmon.dll
[Scan path] D:\WINNT\system32\dssec.dll
[Scan path] D:\WINNT\system32\shscrap.dll
[Scan path] D:\WINNT\system32\diskcopy.dll
[Scan path] D:\WINNT\system32\ntlanui2.dll
[Scan path] D:\WINNT\system32\printui.dll
[Scan path] D:\WINNT\system32\dskquoui.dll
[Scan path] D:\WINNT\system32\syncui.dll
[Scan path] D:\WINNT\system32\hticons.dll
[Scan path] D:\WINNT\system32\fontext.dll
[Scan path] D:\WINNT\system32\deskperf.dll
[Scan path] D:\WINNT\system32\wshext.dll
[Scan path] D:\WINNT\system32\cryptext.dll
[Scan path] D:\WINNT\system32\NETSHELL.dll
[Scan path] D:\WINNT\system32\shdocvw.dll
[Scan path] D:\WINNT\system32\mstask.dll
[Scan path] D:\WINNT\system32\shell32.dll
[Scan path] D:\WINNT\system32\browseui.dll
[Scan path] D:\WINNT\system32\sendmail.dll
[Scan path] D:\WINNT\system32\occache.dll
[Scan path] D:\WINNT\system32\webcheck.dll
[Scan path] D:\WINNT\system32\thumbvw.dll
[Scan path] D:\WINNT\system32\appwiz.cpl
[Scan path] D:\WINNT\system32\dsfolder.dll
[Scan path] D:\WINNT\system32\dsquery.dll
[Scan path] D:\WINNT\system32\dsuiext.dll
[Scan path] D:\WINNT\system32\mydocs.dll
[Scan path] D:\WINNT\system32\cscui.dll
[Scan path] D:\WINNT\system32\mmcshext.dll
[Scan path] D:\WINNT\system32\cabview.dll
[Scan path] D:\WINNT\system32\dllcache\wabfind.dll
[Scan path] D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
[Scan path] D:\WINNT\system32\cdfview.dll
[Scan path] D:\Program Files\Real\RealPlayer\rpshell.dll
[Scan path] D:\Program Files\WinRAR\rarext.dll
[Scan path] D:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
[Scan path] D:\WINNT\system32\stobject.dll
[Scan path] D:\WINNT\system32\crypt32.dll
[Scan path] D:\WINNT\system32\cryptnet.dll
[Scan path] D:\WINNT\system32\cscdll.dll
[Scan path] D:\WINNT\system32\igfxsrvc.dll
[Scan path] D:\WINNT\system32\NavLogon.dll
[Scan path] D:\WINNT\system32\sclgntfy.dll
[Scan path] D:\WINNT\system32\WlNotify.dll
[Scan path] D:\WINNT\system32\wzcdlg.dll
[Scan path] D:\WINNT\system32\DRIVERS\ACPI.sys
[Scan path] D:\WINNT\System32\drivers\afd.sys
[Scan path] D:\WINNT\system32\DRIVERS\asyncmac.sys
[Scan path] D:\WINNT\system32\DRIVERS\atapi.sys
[Scan path] D:\WINNT\system32\DRIVERS\atmarpc.sys
[Scan path] D:\WINNT\system32\DRIVERS\audstub.sys
[Scan path] d:\winnt\system32\svchost.exe
[Scan path] D:\WINNT\system32\DRIVERS\CCDECODE.sys
[Scan path] D:\WINNT\system32\DRIVERS\cdrom.sys
[Scan path] D:\WINNT\system32\cisvc.exe
[Scan path] D:\WINNT\system32\clipsrv.exe
[Scan path] D:\WINNT\system32\DRIVERS\disk.sys
[Scan path] d:\winnt\system32\dmadmin.exe
[Scan path] D:\WINNT\System32\drivers\dmboot.sys
[Scan path] D:\WINNT\System32\drivers\dmio.sys
[Scan path] D:\WINNT\System32\drivers\dmload.sys
[Scan path] D:\WINNT\system32\drivers\DMusic.sys
[Scan path] D:\WINNT\system32\DRIVERS\e100bnt5.sys
[Scan path] D:\WINNT\system32\faxsvc.exe
[Scan path] D:\WINNT\system32\DRIVERS\fdc.sys
[Scan path] D:\WINNT\system32\DRIVERS\flpydisk.sys
[Scan path] D:\WINNT\system32\drivers\fltmgr.sys
[Scan path] D:\WINNT\system32\DRIVERS\fsvga.sys
[Scan path] D:\WINNT\system32\DRIVERS\ftdisk.sys
[Scan path] D:\WINNT\system32\DRIVERS\msgpc.sys
[Scan path] D:\WINNT\system32\DRIVERS\i8042prt.sys
[Scan path] D:\WINNT\system32\DRIVERS\ialmnt5.sys
[Scan path] D:\WINNT\system32\DRIVERS\intelide.sys
[Scan path] D:\WINNT\System32\DRIVERS\ipfltdrv.sys
[Scan path] D:\WINNT\system32\DRIVERS\ipinip.sys
[Scan path] D:\WINNT\system32\DRIVERS\ipnat.sys
[Scan path] D:\WINNT\system32\DRIVERS\ipsec.sys
[Scan path] D:\WINNT\System32\DRIVERS\irenum.sys
[Scan path] D:\WINNT\system32\DRIVERS\isapnp.sys
[Scan path] D:\WINNT\system32\DRIVERS\kbdclass.sys
[Scan path] D:\WINNT\system32\drivers\kmixer.sys
[Scan path] D:\WINNT\system32\drivers\kmsinput.sys
[Scan path] D:\WINNT\system32\mnmsrvc.exe
[Scan path] D:\WINNT\system32\DRIVERS\mouclass.sys
[Scan path] D:\WINNT\system32\DRIVERS\MPE.sys
[Scan path] D:\WINNT\system32\DRIVERS\mrxsmb.sys
[Scan path] D:\WINNT\system32\msdtc.exe
[Scan path] d:\winnt\system32\msiexec.exe
[Scan path] D:\WINNT\system32\drivers\MSKSSRV.sys
[Scan path] D:\WINNT\system32\drivers\MSPCLOCK.sys
[Scan path] D:\WINNT\system32\drivers\MSPQM.sys
[Scan path] D:\WINNT\system32\drivers\MSTEE.sys
[Scan path] D:\WINNT\system32\DRIVERS\NABTSFEC.sys
[Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
[Scan path] C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPEL.SYS
[Scan path] D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG.sys
[Scan path] D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX15.sys
[Scan path] D:\WINNT\system32\DRIVERS\ndistapi.sys
[Scan path] D:\WINNT\system32\DRIVERS\ndisuio.sys
[Scan path] D:\WINNT\system32\DRIVERS\ndiswan.sys
[Scan path] D:\WINNT\system32\DRIVERS\netbios.sys
[Scan path] D:\WINNT\system32\DRIVERS\netbt.sys
[Scan path] D:\WINNT\system32\netdde.exe
[Scan path] D:\WINNT\system32\drivers\netdtect.sys
[Scan path] D:\WINNT\system32\DRIVERS\nwlnkflt.sys
[Scan path] D:\WINNT\system32\DRIVERS\nwlnkfwd.sys
[Scan path] D:\WINNT\system32\DRIVERS\parallel.sys
[Scan path] D:\WINNT\system32\DRIVERS\parport.sys
[Scan path] D:\WINNT\system32\DRIVERS\pci.sys
[Scan path] D:\WINNT\system32\DRIVERS\pciide.sys
[Scan path] D:\WINNT\system32\DRIVERS\raspptp.sys
[Scan path] D:\WINNT\system32\DRIVERS\ptilink.sys
[Scan path] D:\WINNT\system32\DRIVERS\rasacd.sys
[Scan path] D:\WINNT\system32\DRIVERS\rasl2tp.sys
[Scan path] D:\WINNT\system32\DRIVERS\raspti.sys
[Scan path] D:\WINNT\system32\drivers\RCA.sys
[Scan path] D:\WINNT\system32\DRIVERS\rdbss.sys
[Scan path] D:\WINNT\system32\DRIVERS\redbook.sys
[Scan path] D:\WINNT\system32\locator.exe
[Scan path] d:\winnt\system32\rsvp.exe
[Scan path] D:\WINNT\System32\SCardSvr.exe
[Scan path] D:\WINNT\system32\DRIVERS\serenum.sys
[Scan path] D:\WINNT\system32\DRIVERS\serial.sys
[Scan path] D:\WINNT\system32\DRIVERS\SLIP.sys
[Scan path] D:\WINNT\system32\drivers\smwdm.sys
[Scan path] D:\WINNT\system32\DRIVERS\srv.sys
[Scan path] D:\WINNT\system32\DRIVERS\StreamIP.sys
[Scan path] D:\WINNT\system32\DRIVERS\swenum.sys
[Scan path] D:\WINNT\system32\drivers\swmidi.sys
[Scan path] D:\Program Files\Symantec\SYMEVENT.SYS
[Scan path] D:\WINNT\system32\drivers\sysaudio.sys
[Scan path] D:\WINNT\system32\smlogsvc.exe
[Scan path] D:\WINNT\system32\DRIVERS\tcpip.sys
[Scan path] D:\WINNT\system32\tlntsvr.exe
[Scan path] D:\WINNT\system32\DRIVERS\uhcd.sys
[Scan path] D:\WINNT\system32\DRIVERS\update.sys
[Scan path] D:\WINNT\System32\ups.exe
[Scan path] D:\WINNT\system32\DRIVERS\usbehci.sys
[Scan path] D:\WINNT\system32\DRIVERS\usbhub.sys
[Scan path] D:\WINNT\system32\DRIVERS\usbhub20.sys
[Scan path] D:\WINNT\system32\DRIVERS\USBSTOR.SYS
[Scan path] D:\WINNT\System32\UtilMan.exe
[Scan path] D:\WINNT\System32\drivers\vga.sys
[Scan path] D:\WINNT\system32\DRIVERS\wanarp.sys
[Scan path] D:\WINNT\system32\drivers\wdmaud.sys
[Scan path] D:\WINNT\system32\DRIVERS\WSTCODEC.SYS
[Scan path] D:\WINNT\system32\drivers\ialmsbw.sys
[Scan path] D:\WINNT\system32\ntsd.exe
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 185
Infected objects found: 1
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 1
Objects ignored: 0
Scan speed: 264 Kb/s
Scan time: 00:01:25
-----------------------------------------------------------------------------

[Scan path] C:\
C:\IBMTOOLS\APPS\ACCESS\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\APPS\ACROBAT\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\APPS\NORTONAV\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\APPS\NORTONAV\NAV\MSSHLIB\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\APPS\NORTONAV\NAV\RESCUE\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SMAXWDM\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SMAXWDM\W2K_XP\INSTALL.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Control Panel\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Sensaura 3D\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Synthesizer\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\CHIPSET\INTEL\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\VIDEO\INTEL\WXP\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\power65bak\PB6\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
>C:\Program Files\Alcohol Soft\Alcohol 120\Patch.exe is hacktool program Tool.ASEye.2
C:\Program Files\Analog Devices\SoundMAX\install.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Analog Devices\SoundMAX WDM Driver\install.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\MSN Messenger\msnmsgr.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Outlook Express\msimn.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\Setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Real\RealOne Player\realplay.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Real\RealOne Player\Setup\setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Real\RealPlayer\realplay.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Real\RealPlayer\Setup\setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\TTPlayer\TTPlayer.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\UltraEdit\uedit32.exe infected with Win32.HLLW.Gavir.17 - cured
C:\RECYCLER\S-1-5-21-583907252-1364589140-682003330-500\Dc16.4\Setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\RECYCLER\S-1-5-21-583907252-1364589140-682003330-500\Dc19\APPS\SNMP\AGENT\W2K-WS32\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
>C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0007520.dll infected with Trojan.DownLoader.3944 - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010037.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010038.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010041.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010046.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010047.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010053.dll is adware program Adware.Cdn
>C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010054.exe probably infected with BINARYRES
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010055.exe is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010056.exe is adware program Adware.Cdn
>C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010611.dll infected with Trojan.DownLoader.3944 - deleted
>C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010646.exe probably infected with BACKDOOR.Trojan
>C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010651.exe probably infected with BACKDOOR.Trojan
>C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010653.exe probably infected with BACKDOOR.Trojan
>C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010657.exe probably infected with BACKDOOR.Trojan
>C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010658.exe probably infected with BACKDOOR.Trojan
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010700.dll is adware program Adware.Baidu
>C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010776.dll infected with Trojan.MulDrop.2135 - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010811.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010816.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010825.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010833.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010838.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010854.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010855.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP46\A0011464.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011507.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011508.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011509.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011510.exe is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011511.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011512.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011513.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011514.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011516.sys is adware program Adware.Cdn
>C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP78\A0013040.dll probably infected with BINARYRES
>C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP78\snapshot\MFEX-1.DAT probably infected with BINARYRES
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP88\A0015897.EXE probably infected with DLOADER.Trojan
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP195\A0026610.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP195\A0026611.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP196\A0026645.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP196\A0026646.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026685.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026686.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026707.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026708.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\snapshot\MFEX-1.DAT is adware program Adware.Cdn
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026736.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026737.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026784.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026785.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026807.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026808.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026814.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026815.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP199\A0026821.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP199\A0026822.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP200\A0026859.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP200\A0026860.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP201\A0026906.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP201\A0026907.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0026941.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0026942.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0027034.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0027035.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027072.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027073.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027083.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027084.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP204\A0027121.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP204\A0027122.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027195.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027196.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027206.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027207.sys is adware program Adware.Henbang
>C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027223.exe probably infected with BACKDOOR.Trojan
>C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027229.exe probably infected with BACKDOOR.Trojan
>C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027234.exe probably infected with BACKDOOR.Trojan
>C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027239.exe probably infected with BACKDOOR.Trojan
>C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027240.exe probably infected with BACKDOOR.Trojan
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027315.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027316.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027390.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027391.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP207\A0027446.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP207\A0027447.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP208\A0027493.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP208\A0027494.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027606.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027607.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027624.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027625.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027643.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027644.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027670.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027671.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP211\A0027716.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP211\A0027717.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP212\A0027795.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP212\A0027796.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP215\A0027894.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP215\A0027895.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027988.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027989.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027997.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027998.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028050.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028051.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028058.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028059.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP218\A0028094.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP218\A0028095.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028185.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028186.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028220.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028221.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP220\A0028405.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP220\A0028406.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP221\A0028428.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP221\A0028429.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028448.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028449.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028511.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028512.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP223\A0028532.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP223\A0028533.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP224\A0028559.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP224\A0028560.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP225\A0028582.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP225\A0028583.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028608.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028609.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028635.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028636.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP227\A0028697.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP227\A0028698.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028733.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028734.sys is adware program Adware.Henbang
>C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028760.exe probably infected with BACKDOOR.Trojan
>C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028766.exe probably infected with BACKDOOR.Trojan
>C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028771.exe probably infected with BACKDOOR.Trojan
>C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028776.exe probably infected with BACKDOOR.Trojan
>C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028777.exe probably infected with BACKDOOR.Trojan
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028814.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028815.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028846.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028847.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028867.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028868.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028887.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028888.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028970.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028971.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028992.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028993.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029018.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029019.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029037.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029038.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029050.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029051.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029159.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029160.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029196.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029197.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029279.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029280.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP233\A0029320.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP233\A0029321.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029356.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029361.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029404.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029405.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029430.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029431.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0030430.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0030431.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0031430.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0031431.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032430.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032431.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032472.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032473.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP236\A0032508.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP236\A0032509.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032589.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032590.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032612.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032613.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032653.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032654.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032663.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032664.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032673.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032674.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032689.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032690.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032704.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032705.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032733.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032734.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032844.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032845.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032904.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032905.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032926.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032927.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP241\A0032943.exe infected with Trojan.DownLoader.3223 - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP241\A0032953.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP241\A0032954.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP242\A0032995.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP242\A0032996.sys is adware program Adware.Henbang
C:\wbzx9801\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\WPS2000\WpsUpd.EXE probably infected with DLOADER.Trojan
C:\writeIC備份\ICsetup\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\Gordian.Knot.Rip.Pack.0.28.8.Setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\Install_Messenger_Beta.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\INSTALL_MSN_MESSENGER_NT.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\KS051221.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\PR16b1.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\QQGame.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\RealPlayer10-5GOLD.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\wangwangsetup_1.5.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\wrar330sc.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\xiaotv2006.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\znwb5502_setup.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\飄邈之旅[全].exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\18icyc\18icyc\icyc-ws-setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\ACDSee50en\acdsee50en.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\ACDSee50en\instmsiw.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\acdsee50_chs_yy\hb_acdsee5000025s_main_yy.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\acdsee50_chs_yy\hb_acdsee5000025s_other_yy.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\acdsee50_chs_yy\hb_acdsee5000025s_plugins_yy.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\CPCW_DianNaoBao_2005\PCWReadSys.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\DivX.Pro.v5.1.1.Incl.Keygen-SSG\DivXPro511Bundle.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\DivX.Pro.v5.1.1.Incl.Keygen-SSG\Divx_v5.1.1_Kg.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\DivXG400\setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\flash saver maker\flashchs.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\Photoshop 7.01簡體中文版\Setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\Photoshop 7.01簡體中文版\_ISDel.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\Sybase11.9.2客戶端\setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\Sybase11.9.2客戶端\_isdel.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\Sybase11.9.2客戶端\client\win31\Setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\任天堂\smynesc.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\瑩幕保護\MAT-V2-US.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\時鐘瑩幕保護\setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\王碼五筆字型輸入法第二版\WM9801\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\王碼五筆字型輸入法第二版\WM9801\TESTEN20.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\王碼五筆字型輸入法第二版\WM9801\UCDOS\INSTALL.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\王碼五筆字型輸入法第二版\WM9801\UCDOS\README.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\ANZH.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\DEF24P.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\INSTALL.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\MAKECZ.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\MAKEHZ.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\README.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\ZHCODE.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\超級兔子\magicset746onlinedown.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\迅雷\Setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\飛行\3dflyingsaver\3dflyingsaver.exe infected with Win32.HLLW.Gavir.17 - cured

[Scan path] D:\
D:\WINNT\veevrg.exe infected with Win32.HLLW.Gavir.17 - incurable - moved
D:\WINNT\rundl132.exe infected with Win32.HLLW.Gavir.17 - cured
>D:\WINNT\2Sy.exe infected with Trojan.PWS.Lineage - deleted
>D:\WINNT\1Sy.exe infected with Trojan.PWS.Lineage - deleted
>D:\WINNT\4Sy.exe infected with Trojan.PWS.Lineage - deleted
>D:\WINNT\5Sy.exe infected with Trojan.PWS.Lineage - deleted
>D:\WINNT\6Sy.exe infected with Trojan.PWS.Lineage - deleted
D:\WINNT\WINWORD.EXE infected with Win32.HLLW.Gavir.17 - cured
D:\WINNT\realplay.exe infected with Win32.HLLW.Gavir.17 - cured
D:\WINNT\EXCEL.EXE infected with Win32.HLLW.Gavir.17 - cured
D:\WINNT\msnmsgr.exe infected with Win32.HLLW.Gavir.17 - cured
D:\WINNT\Dll.dll infected with Win32.HLLW.Gavir.17 - will be cured after reboot
>D:\WINNT\system32\dmshell.dll is adware program Adware.Dmad
D:\WINNT\system32\layer1.dll probably infected with DLOADER.Trojan
D:\WINNT\system32\msdll.dll infected with Trojan.PWS.Lineage - deleted
D:\WINNT\system32\dl樓主.dll infected with Trojan.PWS.Lineage - deleted
D:\WINNT\system32\dllwm.dll infected with Trojan.PWS.Lineage - deleted
D:\WINNT\system32\bwdll.dll infected with Trojan.PWS.Lineage - deleted
D:\WINNT\system32\config\software.LOG - read error
D:\WINNT\system32\config\default.LOG - read error
D:\WINNT\system32\config\SECURITY - read error
D:\WINNT\system32\config\SECURITY.LOG - read error
D:\WINNT\system32\config\SYSTEM.ALT - read error
D:\WINNT\system32\config\SAM - read error
D:\WINNT\system32\config\SAM.LOG - read error
D:\WINNT\system32\config\SYSTEM - read error
D:\WINNT\system32\config\SOFTWARE - read error
D:\WINNT\system32\config\DEFAULT - read error
D:\WINNT\system32\alitb1\update.exe probably infected with DLOADER.Trojan
>D:\WINNT\command\rundll32.exe infected with Trojan.PWS.Lineage - deleted
D:\Documents and Settings\Administrator\NTUSER.DAT - read error
D:\Documents and Settings\Administrator\NTUSER~1.LOG - read error
D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLASS.DAT - read error
D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
D:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe infected with Win32.HLLW.Gavir.17 - cured
D:\Program Files\Analog Devices\SoundMAX WDM Driver\install.exe infected with Win32.HLLW.Gavir.17 - cured
>D:\Program Files\Intel\rundll32.exe infected with Trojan.PWS.Lineage - deleted
D:\Program Files\Real\RealPlayer\realplay.exe infected with Win32.HLLW.Gavir.17 - cured
D:\Program Files\Real\RealPlayer\Setup\setup.exe infected with Win32.HLLW.Gavir.17 - cured
D:\Program Files\MSN Messenger\msnmsgr.exe infected with Win32.HLLW.Gavir.17 - cured

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 176659
Infected objects found: 101
Objects with modifications found: 0
Suspicious objects found: 22
Adware programs found: 190
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 1
Objects cured: 84
Objects deleted: 15
Objects renamed: 0
Objects moved: 1
Objects ignored: 0
Scan speed: 97 Kb/s
Scan time: 01:48:22
-----------------------------------------------------------------------------

Scanning interrupted by user! - viruses found
D:\WINNT\system32\alitb1\update.exe - incurable - deleted
D:\WINNT\system32\layer1.dll - incurable - deleted
D:\WINNT\system32\dmshell.dll - incurable - deleted
C:\WPS2000\WpsUpd.EXE - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP242\A0032996.sys - incurable - moved
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP242\A0032995.sys - incurable - deleted
C:\Program Files\Alcohol Soft\Alcohol 120\Patch.exe - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010037.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010038.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010041.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010046.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010047.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010053.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010054.exe - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010055.exe - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010056.exe - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010646.exe - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010651.exe - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010653.exe - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010657.exe - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010658.exe - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010700.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010811.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010816.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010825.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010833.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010838.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010854.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010855.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP46\A0011464.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011507.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011508.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011509.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011510.exe - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011511.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011512.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011513.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011514.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011516.sys - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP78\A0013040.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP78\snapshot\MFEX-1.DAT - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP88\A0015897.EXE - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP195\A0026610.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP195\A0026611.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP196\A0026645.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP196\A0026646.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026685.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026686.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026707.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026708.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\snapshot\MFEX-1.DAT - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026736.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026737.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026784.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026785.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026807.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026808.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026814.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026815.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP199\A0026821.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP199\A0026822.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP200\A0026859.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP200\A0026860.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP201\A0026906.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP201\A0026907.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0026941.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0026942.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0027034.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0027035.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027072.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027073.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027083.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027084.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP204\A0027121.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP204\A0027122.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027195.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027196.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027206.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027207.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027223.exe - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027229.exe - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027234.exe - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027239.exe - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027240.exe - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027315.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027316.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027390.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027391.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP207\A0027446.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP207\A0027447.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP208\A0027493.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP208\A0027494.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027606.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027607.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027624.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027625.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027643.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027644.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027670.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027671.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP211\A0027716.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP211\A0027717.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP212\A0027795.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP212\A0027796.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP215\A0027894.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP215\A0027895.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027988.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027989.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027997.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027998.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028050.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028051.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028058.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028059.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP218\A0028094.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP218\A0028095.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028185.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028186.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028220.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028221.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP220\A0028405.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP220\A0028406.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP221\A0028428.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP221\A0028429.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028448.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028449.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028511.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028512.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP223\A0028532.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP223\A0028533.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP224\A0028559.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP224\A0028560.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP225\A0028582.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP225\A0028583.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028608.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028609.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028635.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028636.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP227\A0028697.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP227\A0028698.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028733.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028734.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028760.exe - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028766.exe - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028771.exe - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028776.exe - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028777.exe - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028814.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028815.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028846.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028847.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028867.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028868.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028887.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028888.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028970.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028971.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028992.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028993.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029018.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029019.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029037.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029038.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029050.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029051.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029159.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029160.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029196.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029197.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029279.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029280.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP233\A0029320.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP233\A0029321.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029356.dll - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029361.dll - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029404.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029405.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029430.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029431.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0030430.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0030431.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0031430.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0031431.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032430.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032431.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032472.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032473.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP236\A0032508.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP236\A0032509.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032589.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032590.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032612.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032613.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032653.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032654.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032663.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032664.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032673.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032674.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032689.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032690.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032704.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032705.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032733.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032734.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032844.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032845.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032904.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032905.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032926.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032927.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP241\A0032953.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-464

--------------------

公司的一台

把System Repair Engineer的報告也發上來,不過是我剛殺過的,求高手再看下,有沒有問題
2006-09-01,13:07:16

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理權限用戶 - 完整功能

以下內容被選中：
所有的啟動專案（包括註冊表、啟動資料夾、服務等）
瀏覽器載入項
正在執行的工作行程（包括工作行程模塊訊息）
文件關聯

啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><Internat.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation]
<IgfxTray><; D:\WINNT\system32\igfxtray.exe> [Intel Corporation]
<HotKeysCmds><D:\WINNT\system32\hkcmd.exe> [Intel Corporation]
<Smapp><D:\Program Files\Analog Devices\SoundMAX\Smtray.exe> [Analog Devices, Inc.]
<vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation]
<TkBellExe><; "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<CheckFaultKernel><D:\WINNT\system32\mswdm.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><D:\WINNT\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><D:\WINNT\system32\NavLogon.dll> []
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><D:\WINNT\system32\MAT2.scr> []

==================================
啟動資料夾
[Adobe Gamma Loader]
<D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Adobe Gamma Loader.lnk><H>
[Microsoft Office]
<D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Microsoft Office.lnk><N>

==================================
服務
[DefWatch / DefWatch]
<"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
<D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Kingsoft Personal Firewall Service / KPfwSvc]
<"D:\KAV2005\KPfwSvc.EXE"><N/A>
[Messenger / Messenger]
<\SystemRoot\D:\WINNT\system32\services.exe><N/A>
[Symantec AntiVirus Client / Norton AntiVirus Server]
<"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>

==================================
瀏覽器載入項
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <c:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[@msdxmLC.dll,-1@2052,電台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <D:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll, N/A>
[MeadCo ScriptX]
{1663ed61-23eb-11d2-b92f-008048fdd814} <D:\WINNT\system32\MCScripX.dll, Mead & Co Limited>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <D:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[上傳到QQ網路硬碟]
<C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[新增到QQ自定義面板]
<C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[新增到QQ表情]
<C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信發送該圖片]
<C:\Program Files\Tencent\qq\SendMMS.htm, N/A>

==================================
正在執行的工作行程
[PID: 144][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 172][\??\D:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 192][\??\D:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6997>
[D:\WINNT\system32\NavLogon.dll] <N/A><N/A>
[PID: 220][D:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.7035>
[D:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3>
[PID: 240][D:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.7011>
[PID: 416][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 440][D:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.7059>
[PID: 468][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe] <Symantec Corporation><8.00.00.9374>
[PID: 488][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 512][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe] <Symantec Corporation><8.00.00.9374>
[D:\WINNT\system32\CBA.DLL] <Intel? Corporation><6.12.0.71 E>
[D:\WINNT\system32\MsgSys.dll] <Intel? Corporation><6.12.0.71 E>
[D:\WINNT\system32\NTS.dll] <Intel? Corporation><6.12.0.71 E>
[D:\WINNT\system32\PDS.DLL] <Intel? Corporation><6.12.0.71 E>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVLU.dll] <Symantec Corporation><8.00.00.9374>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\i2ldvp3.dll] <Symantec Corporation><8.00.00.9374>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPI32.DLL] <Symantec Corp.><4.1.0.15>
[D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX32a.DLL] <Symantec Corporation><20061.2.0.26>
[D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG32.DLL] <Symantec Corporation><20061.2.0.26>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP32.DLL] <Symantec Corporation><9.0.0.14>
[D:\PROGRA~1\COMMON~1\SYMANT~1\SSC\Scandlgs.dll] <Symantec Corporation><8.00.00.9374>
[PID: 636][D:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6972>
[PID: 720][D:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100>
[PID: 748][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 944][D:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690>
[D:\WINNT\Dll.dll] <N/A><N/A>
[D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxress.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxcpl.cpl] <Intel Corporation><3,0,0,1517>
[D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><8.00.00.9374>
[D:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[D:\WINNT\system32\igfxpph.dll] <Intel Corporation><3,0,0,1517>
[PID: 1144][D:\WINNT\system32\hkcmd.exe] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxdev.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxhk.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517>
[PID: 1176][D:\Program Files\Analog Devices\SoundMAX\Smtray.exe] <Analog Devices, Inc.><3, 0, 205, 0>
[PID: 1128][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] <Symantec Corporation><8.00.00.9374>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll] <Symantec Corporation><8.00.00.9374>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><8.00.00.9374>
[PID: 316][D:\WINNT\system32\Internat.exe] <Microsoft Corporation><5.00.2920.0000>
[PID: 424][D:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701>
[PID: 1076][D:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655>
[PID: 420][D:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106>
[D:\WINNT\system32\PWBX3245.IME] <Beijing WangMa Computer General Company.><5.00.000>
[D:\WINNT\system\WBX3245.dll] <N/A><N/A>
[D:\WINNT\system\WMW3245.dll] <N/A><N/A>
[D:\WINNT\system\WMSYS32.dll] <N/A><N/A>
[PID: 1328][C:\工具\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["D:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

A:

System Repair Engineer 刪除下面一條啟動項
<CheckFaultKernel><D:\WINNT\system32\mswdm.exe> []

從system volumeinformation\_restore 系統還原備份資料夾中發現了病毒、木馬
我的電腦->右鍵->內容->系統還原,禁用系統還原功能

Dr.Web發現了很多病毒、木馬、後門，其中大部分已經被清除或刪除。重新用Dr.Web掃瞄一遍電腦，如果不再報告新病毒，就算解決了

Q:

請問我是win2000,在哪裡可以系統還原,禁用系統還原功能

A:

你大概裝的是雙系統。C硬碟分區上裝的是XP嗎？系統還原在XP中有這個功能，可用從XP系統中禁用

Q:
哦,原來如此,謝謝

我機器以前做過XP,後來出問題裝了2000,XP沒能刪清

A:

不用客氣，電腦問題尤其是病毒問題，還是具體問題具體分析的好

Q:

【求助】奇怪啊,Win32.HLLW.Gavir.17 殺不清

就是剛才OFFCE的問題,我使用Dr.Web CureIT殺了,重啟後再殺時發現又有文件感染了這個,再次使用Dr.Web CureIT殺一次,系統確認CURED,重啟過後再查又發現有文件感染
經常是winnt/rund132.exe等幾個exe文件,.
我再用System Repair Engineer,請高手再幫著看下
2006-09-01,16:24:37

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理權限用戶 - 完整功能

以下內容被選中：
所有的啟動專案（包括註冊表、啟動資料夾、服務等）
瀏覽器載入項
正在執行的工作行程（包括工作行程模塊訊息）
文件關聯

啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><Internat.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation]
<IgfxTray><; D:\WINNT\system32\igfxtray.exe> [Intel Corporation]
<HotKeysCmds><D:\WINNT\system32\hkcmd.exe> [Intel Corporation]
<Smapp><D:\Program Files\Analog Devices\SoundMAX\Smtray.exe> [Analog Devices, Inc.]
<vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation]
<TkBellExe><; "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><D:\WINNT\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><D:\WINNT\system32\NavLogon.dll> []
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><D:\WINNT\system32\MAT2.scr> []

==================================
啟動資料夾
[Adobe Gamma Loader]
<D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Adobe Gamma Loader.lnk><H>
[Microsoft Office]
<D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Microsoft Office.lnk><N>

==================================
服務
[DefWatch / DefWatch]
<"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
<D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Kingsoft Personal Firewall Service / KPfwSvc]
<"D:\KAV2005\KPfwSvc.EXE"><N/A>
[Messenger / Messenger]
<\SystemRoot\D:\WINNT\system32\services.exe><N/A>
[Symantec AntiVirus Client / Norton AntiVirus Server]
<"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>

==================================
瀏覽器載入項
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <c:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[@msdxmLC.dll,-1@2052,電台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <D:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll, N/A>
[MeadCo ScriptX]
{1663ed61-23eb-11d2-b92f-008048fdd814} <D:\WINNT\system32\MCScripX.dll, Mead & Co Limited>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <D:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[上傳到QQ網路硬碟]
<C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[新增到QQ自定義面板]
<C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[新增到QQ表情]
<C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信發送該圖片]
<C:\Program Files\Tencent\qq\SendMMS.htm, N/A>

==================================
正在執行的工作行程
[PID: 144][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 172][\??\D:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 192][\??\D:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6997>
[D:\WINNT\system32\NavLogon.dll] <N/A><N/A>
[PID: 220][D:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.7035>
[D:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3>
[PID: 232][D:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.7011>
[PID: 408][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 432][D:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.7059>
[PID: 460][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe] <Symantec Corporation><8.00.00.9374>
[PID: 480][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 504][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe] <Symantec Corporation><8.00.00.9374>
[D:\WINNT\system32\CBA.DLL] <Intel? Corporation><6.12.0.71 E>
[D:\WINNT\system32\MsgSys.dll] <Intel? Corporation><6.12.0.71 E>
[D:\WINNT\system32\NTS.dll] <Intel? Corporation><6.12.0.71 E>
[D:\WINNT\system32\PDS.DLL] <Intel? Corporation><6.12.0.71 E>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVLU.dll] <Symantec Corporation><8.00.00.9374>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\i2ldvp3.dll] <Symantec Corporation><8.00.00.9374>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPI32.DLL] <Symantec Corp.><4.1.0.15>
[D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX32a.DLL] <Symantec Corporation><20061.2.0.26>
[D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG32.DLL] <Symantec Corporation><20061.2.0.26>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP32.DLL] <Symantec Corporation><9.0.0.14>
[PID: 620][D:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6972>
[PID: 652][D:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100>
[PID: 728][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 940][D:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690>
[D:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><8.00.00.9374>
[D:\WINNT\Dll.dll] <N/A><N/A>
[PID: 964][D:\WINNT\system32\hkcmd.exe] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxdev.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxhk.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517>
[PID: 308][D:\Program Files\Analog Devices\SoundMAX\Smtray.exe] <Analog Devices, Inc.><3, 0, 205, 0>
[PID: 1164][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] <Symantec Corporation><8.00.00.9374>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll] <Symantec Corporation><8.00.00.9374>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><8.00.00.9374>
[PID: 1180][D:\WINNT\system32\Internat.exe] <Microsoft Corporation><5.00.2920.0000>
[PID: 808][D:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655>
[PID: 1288][C:\jstax\jstax.exe] <N/A><N/A>
[C:\jstax\PBVM60.dll] <Sybase Inc.><6.5.1.620>
[C:\jstax\pbdwe60.dll] <Sybase Inc.><6.5.1.620>
[PID: 304][C:\jstax\swdj.exe] <N/A><N/A>
[C:\jstax\PBVM60.dll] <Sybase Inc.><6.5.1.620>
[C:\jstax\pbdwe60.dll] <Sybase Inc.><6.5.1.620>
[C:\jstax\pbSYC60.dll] <Sybase Inc.><6.5.1.620>
[C:\jstax\libct.dll] <N/A><N/A>
[C:\jstax\libintl.dll] <N/A><N/A>
[C:\jstax\libcomn.dll] <N/A><N/A>
[C:\jstax\libtcl.dll] <N/A><N/A>
[C:\jstax\libcs.dll] <N/A><N/A>
[C:\jstax\nlmsnmp.dll] <N/A><N/A>
[C:\jstax\nlwnsck.dll] <N/A><N/A>
[PID: 684][D:\WINNT\WinRAR.exe] <N/A><N/A>
[PID: 340][D:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701>
[PID: 540][C:\工具\cureit\_start.exe] <Doctor Web, Ltd.><2.44>
[PID: 752][C:\工具\cureit\cureit.exe] <Doctor Web, Ltd.><4, 33, 2, 6080>
[C:\工具\cureit\dwebllio.dll] <Doctor Web Ltd.><4, 32, 0, 0>
[PID: 1068][D:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106>
[D:\WINNT\system32\PWBX3245.IME] <Beijing WangMa Computer General Company.><5.00.000>
[D:\WINNT\system\WBX3245.dll] <N/A><N/A>
[D:\WINNT\system\WMW3245.dll] <N/A><N/A>
[D:\WINNT\system\WMSYS32.dll] <N/A><N/A>
[PID: 1332][C:\工具\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["D:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

A:
Symantec AntiVirus 能升級嗎？不認識這個病毒？

Win32.HLLW.Gavir.17 國內的殺毒軟件命名為「維金」病毒，感染EXE格式文件

請把Dr.Web CureIT的殺毒報告發上來，最後有哪幾個病毒清除不掉？

D:\WINNT\Dll.dll 這個文件應該有問題，請手動刪除

Q:

星期五我下班前再查了一次,沒發現病毒,可是今天中午又跳出提示rund132.exe出現錯誤,一查又中了,

=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.06080)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2006-09-04, 11:52:44 [LSFJ0008][Administrator]
Command-line: "C:\工具\cureit\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows 2000 Professional x86 (Build 2195), Service Pack 4
=============================================================================
Engine version: 4.33 (4.33.4.07270)
Engine API version: 2.01
[Virus base] C:\工具\cureit\crwtoday.cdb - 684 virus records
[Virus base] C:\工具\cureit\crw43350.cdb - 1020 virus records
[Virus base] C:\工具\cureit\crw43349.cdb - 1008 virus records
[Virus base] C:\工具\cureit\crw43348.cdb - 1096 virus records
[Virus base] C:\工具\cureit\crw43347.cdb - 707 virus records
[Virus base] C:\工具\cureit\crw43346.cdb - 1429 virus records
[Virus base] C:\工具\cureit\crw43345.cdb - 1358 virus records
[Virus base] C:\工具\cureit\crw43344.cdb - 694 virus records
[Virus base] C:\工具\cureit\crw43343.cdb - 1186 virus records
[Virus base] C:\工具\cureit\crw43342.cdb - 744 virus records
[Virus base] C:\工具\cureit\crw43341.cdb - 841 virus records
[Virus base] C:\工具\cureit\crw43340.cdb - 822 virus records
[Virus base] C:\工具\cureit\crw43339.cdb - 1071 virus records
[Virus base] C:\工具\cureit\crw43338.cdb - 989 virus records
[Virus base] C:\工具\cureit\crw43337.cdb - 855 virus records
[Virus base] C:\工具\cureit\crw43336.cdb - 1297 virus records
[Virus base] C:\工具\cureit\crw43335.cdb - 1195 virus records
[Virus base] C:\工具\cureit\crw43334.cdb - 900 virus records
[Virus base] C:\工具\cureit\crw43333.cdb - 1381 virus records
[Virus base] C:\工具\cureit\crw43332.cdb - 1340 virus records
[Virus base] C:\工具\cureit\crw43331.cdb - 2735 virus records
[Virus base] C:\工具\cureit\crw43330.cdb - 2078 virus records
[Virus base] C:\工具\cureit\crw43329.cdb - 2490 virus records
[Virus base] C:\工具\cureit\crw43328.cdb - 743 virus records
[Virus base] C:\工具\cureit\crw43327.cdb - 958 virus records
[Virus base] C:\工具\cureit\crw43326.cdb - 793 virus records
[Virus base] C:\工具\cureit\crw43325.cdb - 713 virus records
[Virus base] C:\工具\cureit\crw43324.cdb - 655 virus records
[Virus base] C:\工具\cureit\crw43323.cdb - 655 virus records
[Virus base] C:\工具\cureit\crw43322.cdb - 778 virus records
[Virus base] C:\工具\cureit\crw43321.cdb - 846 virus records
[Virus base] C:\工具\cureit\crw43320.cdb - 808 virus records
[Virus base] C:\工具\cureit\crw43319.cdb - 764 virus records
[Virus base] C:\工具\cureit\crw43318.cdb - 838 virus records
[Virus base] C:\工具\cureit\crw43317.cdb - 363 virus records
[Virus base] C:\工具\cureit\crw43316.cdb - 730 virus records
[Virus base] C:\工具\cureit\crw43315.cdb - 627 virus records
[Virus base] C:\工具\cureit\crw43314.cdb - 824 virus records
[Virus base] C:\工具\cureit\crw43313.cdb - 842 virus records
[Virus base] C:\工具\cureit\crw43312.cdb - 830 virus records
[Virus base] C:\工具\cureit\crw43311.cdb - 862 virus records
[Virus base] C:\工具\cureit\crw43310.cdb - 853 virus records
[Virus base] C:\工具\cureit\crw43309.cdb - 733 virus records
[Virus base] C:\工具\cureit\crw43308.cdb - 708 virus records
[Virus base] C:\工具\cureit\crw43307.cdb - 839 virus records
[Virus base] C:\工具\cureit\crw43306.cdb - 930 virus records
[Virus base] C:\工具\cureit\crw43305.cdb - 759 virus records
[Virus base] C:\工具\cureit\crw43304.cdb - 721 virus records
[Virus base] C:\工具\cureit\crw43303.cdb - 638 virus records
[Virus base] C:\工具\cureit\crw43302.cdb - 806 virus records
[Virus base] C:\工具\cureit\crw43301.cdb - 504 virus records
[Virus base] C:\工具\cureit\crw43300.cdb - 24 virus records
[Virus base] C:\工具\cureit\crwebase.cdb - 78674 virus records
[Virus base] C:\工具\cureit\cwrtoday.cdb - 227 virus records
[Virus base] C:\工具\cureit\cwr43301.cdb - 697 virus records
[Virus base] C:\工具\cureit\crwrisky.cdb - 1271 virus records
[Virus base] C:\工具\cureit\cwntoday.cdb - 105 virus records
[Virus base] C:\工具\cureit\cwn43304.cdb - 793 virus records
[Virus base] C:\工具\cureit\cwn43303.cdb - 766 virus records
[Virus base] C:\工具\cureit\cwn43302.cdb - 850 virus records
[Virus base] C:\工具\cureit\cwn43301.cdb - 773 virus records
[Virus base] C:\工具\cureit\crwnasty.cdb - 4867 virus records
Total virus records: 138087
Key file: C:\工具\cureit\cureit.key
License key number: 0000000010
Registered to: Dr.Web CureIt Project
License key activates: 2005-03-05
License key expires: 2007-03-05

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] D:\WINNT\System32\smss.exe
[Scan path] D:\WINNT\system32\csrss.exe
[Scan path] D:\WINNT\system32\winlogon.exe
[Scan path] D:\WINNT\system32\services.exe
[Scan path] D:\WINNT\system32\lsass.exe
[Scan path] D:\WINNT\system32\svchost.exe
[Scan path] D:\WINNT\system32\spoolsv.exe
[Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
[Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
[Scan path] D:\WINNT\system32\MSTask.exe
[Scan path] D:\WINNT\System32\WBEM\WinMgmt.exe
[Scan path] D:\WINNT\Explorer.EXE
[Scan path] D:\WINNT\system32\hkcmd.exe
[Scan path] D:\Program Files\Analog Devices\SoundMAX\Smtray.exe
[Scan path] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
[Scan path] D:\WINNT\system32\Internat.exe
[Scan path] D:\WINNT\system32\conime.exe
[Scan path] D:\Program Files\Internet Explorer\IEXPLORE.EXE
[Scan path] D:\WINNT\magicset746onlinedown.exe
D:\WINNT\magicset746onlinedown.exe infected with Win32.HLLW.Gavir.17 - will be cured after reboot

[Scan path] D:\WINNT\system32\regsvc.exe
[Scan path] C:\工具\cureit\_start.exe
[Scan path] C:\工具\cureit\cureit.exe
[Scan path] D:\WINNT\system32\mobsync.exe
[Scan path] D:\WINNT\command\rundll32.exe
[Scan path] D:\WINNT\system32\mswdm.exe
D:\WINNT\system32\mswdm.exe infected with Trojan.PWS.Gamania - incurable - moved

[Scan path] d:\program files\internet explorer\connection wizard\icwconn1.exe
[Scan path] D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[Scan path] D:\Program Files\Microsoft Office\Office\OSA9.EXE
[Scan path] D:\WINNT\system32\mmsys.cpl
[Scan path] D:\WINNT\system32\icmui.dll
[Scan path] D:\WINNT\system32\rshx32.dll
[Scan path] D:\WINNT\system32\docprop.dll
[Scan path] D:\WINNT\system32\ntshrui.dll
[Scan path] D:\WINNT\system32\plustab.dll
[Scan path] D:\WINNT\system32\deskadp.dll
[Scan path] D:\WINNT\system32\deskmon.dll
[Scan path] D:\WINNT\system32\dssec.dll
[Scan path] D:\WINNT\system32\shscrap.dll
[Scan path] D:\WINNT\system32\diskcopy.dll
[Scan path] D:\WINNT\system32\ntlanui2.dll
[Scan path] D:\WINNT\system32\printui.dll
[Scan path] D:\WINNT\system32\dskquoui.dll
[Scan path] D:\WINNT\system32\syncui.dll
[Scan path] D:\WINNT\system32\hticons.dll
[Scan path] D:\WINNT\system32\fontext.dll
[Scan path] D:\WINNT\system32\deskperf.dll
[Scan path] D:\WINNT\system32\wshext.dll
[Scan path] D:\WINNT\system32\cryptext.dll
[Scan path] D:\WINNT\system32\NETSHELL.dll
[Scan path] D:\WINNT\system32\shdocvw.dll
[Scan path] D:\WINNT\system32\mstask.dll
[Scan path] D:\WINNT\system32\shell32.dll
[Scan path] D:\WINNT\system32\browseui.dll
[Scan path] D:\WINNT\system32\sendmail.dll
[Scan path] D:\WINNT\system32\occache.dll
[Scan path] D:\WINNT\system32\webcheck.dll
[Scan path] D:\WINNT\system32\thumbvw.dll
[Scan path] D:\WINNT\system32\appwiz.cpl
[Scan path] D:\WINNT\system32\dsfolder.dll
[Scan path] D:\WINNT\system32\dsquery.dll
[Scan path] D:\WINNT\system32\dsuiext.dll
[Scan path] D:\WINNT\system32\mydocs.dll
[Scan path] D:\WINNT\system32\cscui.dll
[Scan path] D:\WINNT\system32\mmcshext.dll
[Scan path] D:\WINNT\system32\cabview.dll
[Scan path] D:\WINNT\system32\dllcache\wabfind.dll
[Scan path] D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
[Scan path] D:\WINNT\system32\cdfview.dll
[Scan path] D:\Program Files\Real\RealPlayer\rpshell.dll
[Scan path] D:\Program Files\WinRAR\rarext.dll
[Scan path] D:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
[Scan path] D:\WINNT\system32\stobject.dll
[Scan path] D:\WINNT\system32\crypt32.dll
[Scan path] D:\WINNT\system32\cryptnet.dll
[Scan path] D:\WINNT\system32\cscdll.dll
[Scan path] D:\WINNT\system32\igfxsrvc.dll
[Scan path] D:\WINNT\system32\NavLogon.dll
[Scan path] D:\WINNT\system32\sclgntfy.dll
[Scan path] D:\WINNT\system32\WlNotify.dll
[Scan path] D:\WINNT\system32\wzcdlg.dll
[Scan path] D:\WINNT\system32\DRIVERS\ACPI.sys
[Scan path] D:\WINNT\System32\drivers\afd.sys
[Scan path] D:\WINNT\system32\DRIVERS\asyncmac.sys
[Scan path] D:\WINNT\system32\DRIVERS\atapi.sys
[Scan path] D:\WINNT\system32\DRIVERS\atmarpc.sys
[Scan path] D:\WINNT\system32\DRIVERS\audstub.sys
[Scan path] d:\winnt\system32\svchost.exe
[Scan path] D:\WINNT\system32\DRIVERS\CCDECODE.sys
[Scan path] D:\WINNT\system32\DRIVERS\cdrom.sys
[Scan path] D:\WINNT\system32\cisvc.exe
[Scan path] D:\WINNT\system32\clipsrv.exe
[Scan path] D:\WINNT\system32\DRIVERS\disk.sys
[Scan path] d:\winnt\system32\dmadmin.exe
[Scan path] D:\WINNT\System32\drivers\dmboot.sys
[Scan path] D:\WINNT\System32\drivers\dmio.sys
[Scan path] D:\WINNT\System32\drivers\dmload.sys
[Scan path] D:\WINNT\system32\drivers\DMusic.sys
[Scan path] D:\WINNT\system32\DRIVERS\e100bnt5.sys
[Scan path] D:\WINNT\system32\faxsvc.exe
[Scan path] D:\WINNT\system32\DRIVERS\fdc.sys
[Scan path] D:\WINNT\system32\DRIVERS\flpydisk.sys
[Scan path] D:\WINNT\system32\drivers\fltmgr.sys
[Scan path] D:\WINNT\system32\DRIVERS\fsvga.sys
[Scan path] D:\WINNT\system32\DRIVERS\ftdisk.sys
[Scan path] D:\WINNT\system32\DRIVERS\msgpc.sys
[Scan path] D:\WINNT\system32\DRIVERS\i8042prt.sys
[Scan path] D:\WINNT\system32\DRIVERS\ialmnt5.sys
[Scan path] D:\WINNT\system32\DRIVERS\intelide.sys
[Scan path] D:\WINNT\System32\DRIVERS\ipfltdrv.sys
[Scan path] D:\WINNT\system32\DRIVERS\ipinip.sys
[Scan path] D:\WINNT\system32\DRIVERS\ipnat.sys
[Scan path] D:\WINNT\system32\DRIVERS\ipsec.sys
[Scan path] D:\WINNT\System32\DRIVERS\irenum.sys
[Scan path] D:\WINNT\system32\DRIVERS\isapnp.sys
[Scan path] D:\WINNT\system32\DRIVERS\kbdclass.sys
[Scan path] D:\WINNT\system32\drivers\kmixer.sys
[Scan path] D:\WINNT\system32\drivers\kmsinput.sys
[Scan path] D:\WINNT\system32\mnmsrvc.exe
[Scan path] D:\WINNT\system32\DRIVERS\mouclass.sys
[Scan path] D:\WINNT\system32\DRIVERS\MPE.sys
[Scan path] D:\WINNT\system32\DRIVERS\mrxsmb.sys
[Scan path] D:\WINNT\system32\msdtc.exe
[Scan path] d:\winnt\system32\msiexec.exe
[Scan path] D:\WINNT\system32\drivers\MSKSSRV.sys
[Scan path] D:\WINNT\system32\drivers\MSPCLOCK.sys
[Scan path] D:\WINNT\system32\drivers\MSPQM.sys
[Scan path] D:\WINNT\system32\drivers\MSTEE.sys
[Scan path] D:\WINNT\system32\DRIVERS\NABTSFEC.sys
[Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
[Scan path] C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPEL.SYS
[Scan path] D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG.sys
[Scan path] D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX15.sys
[Scan path] D:\WINNT\system32\DRIVERS\ndistapi.sys
[Scan path] D:\WINNT\system32\DRIVERS\ndisuio.sys
[Scan path] D:\WINNT\system32\DRIVERS\ndiswan.sys
[Scan path] D:\WINNT\system32\DRIVERS\netbios.sys
[Scan path] D:\WINNT\system32\DRIVERS\netbt.sys
[Scan path] D:\WINNT\system32\netdde.exe
[Scan path] D:\WINNT\system32\drivers\netdtect.sys
[Scan path] D:\WINNT\system32\DRIVERS\nwlnkflt.sys
[Scan path] D:\WINNT\system32\DRIVERS\nwlnkfwd.sys
[Scan path] D:\WINNT\system32\DRIVERS\parallel.sys
[Scan path] D:\WINNT\system32\DRIVERS\parport.sys
[Scan path] D:\WINNT\system32\DRIVERS\pci.sys
[Scan path] D:\WINNT\system32\DRIVERS\pciide.sys
[Scan path] D:\WINNT\system32\DRIVERS\raspptp.sys
[Scan path] D:\WINNT\system32\DRIVERS\ptilink.sys
[Scan path] D:\WINNT\system32\DRIVERS\rasacd.sys
[Scan path] D:\WINNT\system32\DRIVERS\rasl2tp.sys
[Scan path] D:\WINNT\system32\DRIVERS\raspti.sys
[Scan path] D:\WINNT\system32\drivers\RCA.sys
[Scan path] D:\WINNT\system32\DRIVERS\rdbss.sys
[Scan path] D:\WINNT\system32\DRIVERS\redbook.sys
[Scan path] D:\WINNT\system32\locator.exe
[Scan path] d:\winnt\system32\rsvp.exe
[Scan path] D:\WINNT\System32\SCardSvr.exe
[Scan path] D:\WINNT\system32\DRIVERS\serenum.sys
[Scan path] D:\WINNT\system32\DRIVERS\serial.sys
[Scan path] D:\WINNT\system32\DRIVERS\SLIP.sys
[Scan path] D:\WINNT\system32\drivers\smwdm.sys
[Scan path] D:\WINNT\system32\DRIVERS\srv.sys
[Scan path] D:\WINNT\system32\DRIVERS\StreamIP.sys
[Scan path] D:\WINNT\system32\DRIVERS\swenum.sys
[Scan path] D:\WINNT\system32\drivers\swmidi.sys
[Scan path] D:\Program Files\Symantec\SYMEVENT.SYS
[Scan path] D:\WINNT\system32\drivers\sysaudio.sys
[Scan path] D:\WINNT\system32\smlogsvc.exe
[Scan path] D:\WINNT\system32\DRIVERS\tcpip.sys
[Scan path] D:\WINNT\system32\tlntsvr.exe
[Scan path] D:\WINNT\system32\DRIVERS\uhcd.sys
[Scan path] D:\WINNT\system32\DRIVERS\update.sys
[Scan path] D:\WINNT\System32\ups.exe
[Scan path] D:\WINNT\system32\DRIVERS\usbehci.sys
[Scan path] D:\WINNT\system32\DRIVERS\usbhub.sys
[Scan path] D:\WINNT\system32\DRIVERS\usbhub20.sys
[Scan path] D:\WINNT\system32\DRIVERS\USBSTOR.SYS
[Scan path] D:\WINNT\System32\UtilMan.exe
[Scan path] D:\WINNT\System32\drivers\vga.sys
[Scan path] D:\WINNT\system32\DRIVERS\wanarp.sys
[Scan path] D:\WINNT\system32\drivers\wdmaud.sys
[Scan path] D:\WINNT\system32\DRIVERS\WSTCODEC.SYS
[Scan path] D:\WINNT\system32\drivers\ialmsbw.sys
[Scan path] D:\WINNT\system32\ntsd.exe
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 185
Infected objects found: 2
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 1
Objects ignored: 0
Scan speed: 361 Kb/s
Scan time: 00:01:25
-----------------------------------------------------------------------------

[Scan path] C:\
C:\IBMTOOLS\APPS\ACCESS\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\APPS\ACROBAT\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\APPS\NORTONAV\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\APPS\NORTONAV\NAV\MSSHLIB\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\APPS\NORTONAV\NAV\RESCUE\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SMAXWDM\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SMAXWDM\W2K_XP\INSTALL.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Control Panel\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Sensaura 3D\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Synthesizer\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\CHIPSET\INTEL\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\VIDEO\INTEL\WXP\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\power65bak\PB6\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Analog Devices\SoundMAX\install.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Analog Devices\SoundMAX WDM Driver\install.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\MSN Messenger\msnmsgr.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Outlook Express\msimn.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\Setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Real\RealOne Player\realplay.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Real\RealPlayer\realplay.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\TTPlayer\TTPlayer.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\UltraEdit\uedit32.exe infected with Win32.HLLW.Gavir.17 - cured
C:\RECYCLER\S-1-5-21-583907252-1364589140-682003330-500\Dc16.4\Setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\RECYCLER\S-1-5-21-583907252-1364589140-682003330-500\Dc19\APPS\SNMP\AGENT\W2K-WS32\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\wbzx9801\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\writeIC備份\ICsetup\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured

[Scan path] D:\
D:\WINNT\Dll.dll infected with Win32.HLLW.Gavir.17 - will be cured after reboot
D:\WINNT\rundl132.exe infected with Win32.HLLW.Gavir.17 - cured
D:\WINNT\magicset746onlinedown.exe.delete_on_reboot infected with Win32.HLLW.Gavir.17 - will be cured after reboot
D:\WINNT\system32\config\software.LOG - read error
D:\WINNT\system32\config\default.LOG - read error
D:\WINNT\system32\config\SECURITY - read error
D:\WINNT\system32\config\SECURITY.LOG - read error
D:\WINNT\system32\config\SYSTEM.ALT - read error
D:\WINNT\system32\config\SAM - read error
D:\WINNT\system32\config\SAM.LOG - read error
D:\WINNT\system32\config\SYSTEM - read error
D:\WINNT\system32\config\SOFTWARE - read error
D:\WINNT\system32\config\DEFAULT - read error
D:\Documents and Settings\Administrator\NTUSER.DAT - read error
D:\Documents and Settings\Administrator\NTUSER~1.LOG - read error
>D:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\J6WRJTKD\icast[1].txtD:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\STIBCDUN\mhxy[1].exe infected with Trojan.PWS.Gamania - incurable - moved
D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLASS.DAT - read error
D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
D:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe infected with Win32.HLLW.Gavir.17 - cured
D:\Program Files\WinRAR\WinRAR.exe infected with Win32.HLLW.Gavir.17 - cured
D:\Program Files\Analog Devices\SoundMAX WDM Driver\install.exe infected with Win32.HLLW.Gavir.17 - cured
D:\Program Files\Microsoft Office\Office\EXCEL.EXE infected with Win32.HLLW.Gavir.17 - cured
D:\Program Files\Microsoft Office\Office\WINWORD.EXE infected with Win32.HLLW.Gavir.17 - cured
D:\Program Files\Real\RealPlayer\realplay.exe infected with Win32.HLLW.Gavir.17 - cured

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 123413
Infected objects found: 37
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 34
Objects deleted: 0
Objects renamed: 0
Objects moved: 1
Objects ignored: 0
Scan speed: 663 Kb/s
Scan time: 01:41:25
-----------------------------------------------------------------------------
2006-09-04,13:45:20

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理權限用戶 - 完整功能

以下內容被選中：
所有的啟動專案（包括註冊表、啟動資料夾、服務等）
瀏覽器載入項
正在執行的工作行程（包括工作行程模塊訊息）
文件關聯

啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><Internat.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation]
<IgfxTray><; D:\WINNT\system32\igfxtray.exe> [Intel Corporation]
<HotKeysCmds><D:\WINNT\system32\hkcmd.exe> [Intel Corporation]
<Smapp><D:\Program Files\Analog Devices\SoundMAX\Smtray.exe> [Analog Devices, Inc.]
<vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation]
<TkBellExe><; "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<Tray><D:\WINNT\command\rundll32.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><D:\WINNT\system32\userinit.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><D:\WINNT\system32\NavLogon.dll> []
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><D:\WINNT\system32\MAT2.scr> []

==================================
啟動資料夾
[Adobe Gamma Loader]
<D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Adobe Gamma Loader.lnk><H>
[Microsoft Office]
<D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Microsoft Office.lnk><N>

==================================
服務
[DefWatch / DefWatch]
<"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
<D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Kingsoft Personal Firewall Service / KPfwSvc]
<"D:\KAV2005\KPfwSvc.EXE"><N/A>
[Messenger / Messenger]
<\SystemRoot\D:\WINNT\system32\services.exe><N/A>
[Symantec AntiVirus Client / Norton AntiVirus Server]
<"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>

==================================
瀏覽器載入項
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <c:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[@msdxmLC.dll,-1@2052,電台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <D:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll, N/A>
[MeadCo ScriptX]
{1663ed61-23eb-11d2-b92f-008048fdd814} <D:\WINNT\system32\MCScripX.dll, Mead & Co Limited>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <D:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[上傳到QQ網路硬碟]
<C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[新增到QQ自定義面板]
<C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[新增到QQ表情]
<C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信發送該圖片]
<C:\Program Files\Tencent\qq\SendMMS.htm, N/A>

==================================
正在執行的工作行程
[PID: 144][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 172][\??\D:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 192][\??\D:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6997>
[D:\WINNT\system32\NavLogon.dll] <N/A><N/A>
[PID: 220][D:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.7035>
[D:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3>
[PID: 232][D:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.7011>
[PID: 404][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 428][D:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.7059>
[PID: 456][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe] <Symantec Corporation><8.00.00.9374>
[PID: 476][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 508][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe] <Symantec Corporation><8.00.00.9374>
[D:\WINNT\system32\CBA.DLL] <Intel? Corporation><6.12.0.71 E>
[D:\WINNT\system32\MsgSys.dll] <Intel? Corporation><6.12.0.71 E>
[D:\WINNT\system32\NTS.dll] <Intel? Corporation><6.12.0.71 E>
[D:\WINNT\system32\PDS.DLL] <Intel? Corporation><6.12.0.71 E>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVLU.dll] <Symantec Corporation><8.00.00.9374>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\i2ldvp3.dll] <Symantec Corporation><8.00.00.9374>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPI32.DLL] <Symantec Corp.><4.1.0.15>
[D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX32a.DLL] <Symantec Corporation><20061.2.0.26>
[D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG32.DLL] <Symantec Corporation><20061.2.0.26>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP32.DLL] <Symantec Corporation><9.0.0.14>
[D:\PROGRA~1\COMMON~1\SYMANT~1\SSC\Scandlgs.dll] <Symantec Corporation><8.00.00.9374>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\DecSDK.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2ID.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2UUE.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2AMG.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2ARJ.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2CAB.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2EXE.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2GZIP.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2HQX.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2LHA.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2LZ.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2MIME.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2SS.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2RTF.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2TAR.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2TNEF.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2ZIP.dll] <Symantec Corporation><3.02.07.19>
[PID: 624][D:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6972>
[PID: 656][D:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100>
[PID: 720][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 868][D:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690>
[D:\WINNT\system32\igfxcpl.cpl] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxress.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3,0,0,1517>
[D:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><8.00.00.9374>
[D:\WINNT\system32\igfxpph.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxdev.dll] <Intel Corporation><3,0,0,1517>
[PID: 412][D:\WINNT\system32\hkcmd.exe] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxdev.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxhk.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517>
[PID: 1104][D:\Program Files\Analog Devices\SoundMAX\Smtray.exe] <Analog Devices, Inc.><3, 0, 205, 0>
[PID: 1144][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] <Symantec Corporation><8.00.00.9374>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll] <Symantec Corporation><8.00.00.9374>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><8.00.00.9374>
[PID: 1168][D:\WINNT\system32\Internat.exe] <Microsoft Corporation><5.00.2920.0000>
[PID: 1284][D:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655>
[PID: 536][D:\WINNT\magicset746onlinedown.exe] <N/A><N/A>
[PID: 1236][D:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701>
[PID: 1384][C:\工具\cureit\_start.exe] <Doctor Web, Ltd.><2.44>
[PID: 1356][C:\工具\cureit\cureit.exe] <Doctor Web, Ltd.><4, 33, 2, 6080>
[C:\工具\cureit\dwebllio.dll] <Doctor Web Ltd.><4, 32, 0, 0>
[D:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL] <N/A><N/A>
[PID: 1348][D:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106>
[D:\WINNT\system32\PWBX3245.IME] <Beijing WangMa Computer General Company.><5.00.000>
[D:\WINNT\system\WBX3245.dll] <N/A><N/A>
[D:\WINNT\system\WMW3245.dll] <N/A><N/A>
[D:\WINNT\system\WMSYS32.dll] <N/A><N/A>
[PID: 1480][C:\工具\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP Error. [winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

A:

<Tray><D:\WINNT\command\rundll32.exe> [] 刪除此啟動項

D:\WINNT\command\rundll32.exe 刪除這個文件

請樓主檢查一下，局域網內其他電腦是否也中了這個毒？ Win32.HLLW.Gavir.17 Viking病毒會通過網路傳播的

Windows 2000系統沒有自帶防火牆，因此對網路上面的病毒沒有防禦能力

建議裝一個防火牆軟件，如ZoneAlarm 6.0 Free 版。同時用殺毒軟件清理本機上的病毒

Q:

【求助】IE被修改~怎麼也改不回來，求救
2006-09-04,14:55:45

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中：
所有的啟動專案（包括註冊表、啟動資料夾、服務等）
瀏覽器載入項
正在執行的工作行程（包括工作行程模塊訊息）
文件關聯

啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit> [NVIDIA Corporation]
<Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
<Realplayer.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
<Messager.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><nwiz.exe /install> [NVIDIA Corporation]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
<Realplayer.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
<Messager.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]

==================================
啟動資料夾
服務
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
瀏覽器載入項
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Recorder Control]
{2423AB16-9F42-457B-A337-FE3B11964DB0} <C:\PROGRA~1\bluesky\BLUESK~1\recorder.ocx, Bluesky Studio (http://www.bluesky.cn)>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[BlueskyVideo Control]
{2EA6D939-4445-43F1-A12B-8CB3DDA8B855} <C:\PROGRA~1\bluesky\BLUESK~1\v2.ocx, 藍天工作室(http://www.bluesky.cn)>
[Share Control]
{3072B1F1-0C4D-4E76-A7C6-FBAF129DBCC9} <C:\PROGRA~1\bluesky\BLUESK~1\share.ocx, http://www.bluesky.cn>
[HHCtrl Object]
{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[PP Control]
{7005341F-8E42-47E3-987B-3DBE6288048C} <C:\PROGRA~1\bluesky\BLUESK~1\pp.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Videohelp Control]
{75B75D86-D88B-4BEA-BC59-BFD9D7300518} <C:\PROGRA~1\bluesky\BLUESK~1\VIDEOH~1.OCX, Bluesky Studio(http://www.bluesky.cn)>
[Microsoft Web 瀏覽器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Filetran Control]
{88734439-46D0-42C0-A13F-7E881EE550CF} <C:\PROGRA~1\bluesky\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Chat Control]
{94EFE58C-E678-4808-AD65-24CE4B94C1FE} <C:\PROGRA~1\bluesky\BLUESK~1\chat.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Blueskyvoice Control]
{991481A7-4669-4e15-8C24-100404E1F5CB} <C:\PROGRA~1\bluesky\BLUESK~1\BLUESK~1.OCX, 藍天工作室(http://www.bluesky.cn)>
[Display Control]
{A1D97DB3-E564-4743-B2E7-6F5182CBF406} <C:\PROGRA~1\bluesky\BLUESK~1\display.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Tracechat Control]
{A40335C4-D3D1-4E7B-9130-039CDA5B603C} <C:\PROGRA~1\bluesky\BLUESK~1\TRACEC~1.OCX, bluesky studio>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Blueskyvoice Control]
{BA0F088C-72C1-475a-92F8-42391DEF6961} <C:\PROGRA~1\bluesky\BLUESK~1\BLUESK~2.OCX, 藍天工作室(http://www.bluesky.cn)>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Client Control]
{C7B0C764-5D4E-433E-A854-591F28520577} <C:\PROGRA~1\bluesky\BLUESK~1\client.ocx, >
[Play Control]
{CC20DDA1-9A21-4DEC-B5BE-E61E0351FCA9} <C:\PROGRA~1\bluesky\BLUESK~1\play.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下載]
<F:\迅雷\Thunder\geturl.htm, N/A>
[&使用迅雷下載全部鏈接]
<F:\迅雷\Thunder\getallurl.htm, N/A>
[使用網際快車下載]
<F:\FlashGet\jc_link.htm, N/A>
[使用網際快車下載全部鏈接]
<F:\FlashGet\jc_all.htm, N/A>

==================================
正在執行的工作行程
[PID: 444][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 508][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 532][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 576][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 588][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 740][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 796][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 856][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 904][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 952][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1240][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Tencent\QQ\RTraveler.dll] <N/A><N/A>
[C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.7776>
[C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7776>
[C:\WINDOWS\system32\nvshell.dll] <NVIDIA Corporation><6.14.10.10530>
[C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[PID: 1280][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1412][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.10>
[PID: 1524][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1552][C:\WINDOWS\system32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\NVMCTRAY.DLL] <NVIDIA Corporation><6.14.10.7776>
[C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7776>
[PID: 1568][C:\Program Files\Tencent\QQ\Messenger.exe] <N/A><N/A>
[PID: 1828][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.7776>
[PID: 1880][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 780][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 988][C:\WINDOWS\system32\wscntfy.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 224][E:\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[E:\sreng2\SREng2\Plugins\SREngPluginDemo.SRE] <Smallfrogs Studio><1, 1, 1, 0>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

A:

先問一下,IE的主頁被修改為什麼網址???

1. 可以的話,把以下檔案壓縮好,上傳到樣本區
C:\Program Files\Tencent\QQ\RTraveler.dll
C:\Program Files\Tencent\QQ\Messenger.exe

2. 按 [Copy to clipboard] 複製以下所有文字

CODE:
OptionStatusOn
OptionSetStatus Terminating processes...
ProcessKill \Messenger.exe|1
ProcessKill \explorer.exe|1

OptionSetStatus Deleting files...
OptionOnDeleteFailUseReboot
FileDelete C:\Program Files\Tencent\QQ\RTraveler.dll
FileDelete C:\Program Files\Tencent\QQ\Messenger.exe

OptionSetStatus Cleaning Registry...
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Realplayer.exe
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Messenger.exe
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Messager.exe
RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Realplayer.exe
RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Messenger.exe
RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Messager.exe

OptionSetStatus Setting IE Start Page to about:blank
RegSetStringValue HKCU\Software\Microsoft\Internet Explorer\Main|Start Page|about:blank

OptionSetStatus Emptying the Temp folder...
SystemEmptyTempFolder

SystemRun %WINDIR%\explorer.exe

SystemRestart Some files cannot be deleted now.Please reboot your computer!|1
[Copy to clipboard]

a) 開始---->所有程式---->附屬應用程式---->記事本
b) 按 Ctrl + V/右click貼上剛才複製的內容,按檔案 ----> 儲存
c) 改檔案類型:所有檔案 ,檔案名稱為 delete.bfu ,儲存到桌面

3.
a)下載 Brute Force Uninstaller ,解壓到桌面,執行bfu.exe
b) 按一下黃色資料夾,選取剛才的delete.bfu
c) 按 Execute ,之後會提示你重新啟動電腦,按 Y / 是重新啟動電腦
d) 重新啟動後,掃瞄一個新的SREng log上黎

Q:

[url]http://7b.com.cn/[url]
這個網址`~還有另一個的`現在不記得了~

A:

好的~先跟著步驟做一次看看

把它上傳樣本區..專門==偵毒往網掃掃看....

Q:

2006-09-04,15:22:12

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中：
所有的啟動專案（包括註冊表、啟動資料夾、服務等）
瀏覽器載入項
正在執行的工作行程（包括工作行程模塊訊息）
文件關聯

啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit> [NVIDIA Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><nwiz.exe /install> [NVIDIA Corporation]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]

==================================
啟動資料夾
服務
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
瀏覽器載入項
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Recorder Control]
{2423AB16-9F42-457B-A337-FE3B11964DB0} <C:\PROGRA~1\bluesky\BLUESK~1\recorder.ocx, Bluesky Studio (http://www.bluesky.cn)>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[BlueskyVideo Control]
{2EA6D939-4445-43F1-A12B-8CB3DDA8B855} <C:\PROGRA~1\bluesky\BLUESK~1\v2.ocx, 藍天工作室(http://www.bluesky.cn)>
[Share Control]
{3072B1F1-0C4D-4E76-A7C6-FBAF129DBCC9} <C:\PROGRA~1\bluesky\BLUESK~1\share.ocx, http://www.bluesky.cn>
[HHCtrl Object]
{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[PP Control]
{7005341F-8E42-47E3-987B-3DBE6288048C} <C:\PROGRA~1\bluesky\BLUESK~1\pp.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Videohelp Control]
{75B75D86-D88B-4BEA-BC59-BFD9D7300518} <C:\PROGRA~1\bluesky\BLUESK~1\VIDEOH~1.OCX, Bluesky Studio(http://www.bluesky.cn)>
[Microsoft Web 瀏覽器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Filetran Control]
{88734439-46D0-42C0-A13F-7E881EE550CF} <C:\PROGRA~1\bluesky\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Chat Control]
{94EFE58C-E678-4808-AD65-24CE4B94C1FE} <C:\PROGRA~1\bluesky\BLUESK~1\chat.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Blueskyvoice Control]
{991481A7-4669-4e15-8C24-100404E1F5CB} <C:\PROGRA~1\bluesky\BLUESK~1\BLUESK~1.OCX, 藍天工作室(http://www.bluesky.cn)>
[Display Control]
{A1D97DB3-E564-4743-B2E7-6F5182CBF406} <C:\PROGRA~1\bluesky\BLUESK~1\display.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Tracechat Control]
{A40335C4-D3D1-4E7B-9130-039CDA5B603C} <C:\PROGRA~1\bluesky\BLUESK~1\TRACEC~1.OCX, bluesky studio>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Blueskyvoice Control]
{BA0F088C-72C1-475a-92F8-42391DEF6961} <C:\PROGRA~1\bluesky\BLUESK~1\BLUESK~2.OCX, 藍天工作室(http://www.bluesky.cn)>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Client Control]
{C7B0C764-5D4E-433E-A854-591F28520577} <C:\PROGRA~1\bluesky\BLUESK~1\client.ocx, >
[Play Control]
{CC20DDA1-9A21-4DEC-B5BE-E61E0351FCA9} <C:\PROGRA~1\bluesky\BLUESK~1\play.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下載]
<F:\迅雷\Thunder\geturl.htm, N/A>
[&使用迅雷下載全部鏈接]
<F:\迅雷\Thunder\getallurl.htm, N/A>
[使用網際快車下載]
<F:\FlashGet\jc_link.htm, N/A>
[使用網際快車下載全部鏈接]
<F:\FlashGet\jc_all.htm, N/A>

==================================
正在執行的工作行程
[PID: 444][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 508][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 532][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 576][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 588][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 740][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 796][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 856][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 908][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1004][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1236][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.7776>
[C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7776>
[C:\WINDOWS\system32\nvshell.dll] <NVIDIA Corporation><6.14.10.10530>
[C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[PID: 1272][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1408][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.10>
[PID: 1432][C:\WINDOWS\system32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\NvMcTray.dll] <NVIDIA Corporation><6.14.10.7776>
[C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7776>
[PID: 1440][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1712][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.7776>
[PID: 1760][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 400][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 852][C:\WINDOWS\system32\wscntfy.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1488][E:\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

A:

log沒問題~
問題解決了

Q:
【求助】不知為什麼我的電腦用著用著，就會自動當機！！！

不知為什麼我的電腦用著用著，就會自動當機！！！
請各位幫我看看是什麼回事？？
2006-09-03,12:10:58

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中：
所有的啟動專案（包括註冊表、啟動資料夾、服務等）
瀏覽器載入項
正在執行的工作行程（包括工作行程模塊訊息）
文件關聯

啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation]
<iDuba Personal FireWall><C:\KAV6\Kavpfw.EXE> [Kingsoft Corporation]
<Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
<Realplayer.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
<Messager.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<iDuba Personal FireWall><C:\KAV6\Kavpfw.EXE> [Kingsoft Corporation]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<iparmor><rem C:\Program Files\Iparmor\Iparmor.exe mini> []
<KAVRun><C:\KAV6\KAVRun.EXE> [kingsoft]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
<SOUNDM><winsmd.exe> []
<Realplayer.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
<Messager.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\updown.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\KAV6\KaScrScn.scr> []

==================================
啟動資料夾
服務
[Autodesk Licensing Service / Autodesk Licensing Service]
<"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk, Inc.>
[C-DillaCdaC11BA / C-DillaCdaC11BA]
<C:\WINDOWS\System32\drivers\CDAC11BA.EXE><Macrovision>
[DirectX Graphics / dxdmain]
<C:\WINDOWS\System32\dxdmain.exe><N/A>
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[JMediaService / JMediaService]
<C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service><N/A>
[Local Security Authority Server / LSA Server]
<C:\WINDOWS\System32\lsasrv.exe><N/A>
[Local Security Authority Subsystem Service / lsass]
<"C:\WINDOWS\lsass.exe"><N/A>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[VKTServ / VKTServ]
<C:\WINDOWS\System32\VKTServ.exe><N/A>
[wint / wint]
<C:\WINDOWS\System32\RunDLL32.exe "C:\WINDOWS\System32\wint\wint.dll",Run -r><N/A>

==================================
瀏覽器載入項
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\System32\xunleibho_v4.dll, >
[KAVIEHelper Class]
{1B2F92A1-CDAF-4511-9382-91E3F5CE0880} <C:\Program Files\KOS\KOSIEBar.dll, 金山軟件股份有限公司>
[Router Layer]
{5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} <C:\WINDOWS\System32\aclayer.dll, N/A>
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[浩方對戰平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <C:\Program Files\浩方對戰平台\GameClient.exe, 上海浩方線上訊息技術有限公司>
[金山毒霸安全助手]
{EF72500A-C234-46C4-BF0A-9AA6913DDF34} <C:\Program Files\KOS\KOSIEBar.dll, 金山軟件股份有限公司>
[系統標準按鍵(&E)]
{6B2455FD-3669-4555-8DF8-69FD5BC846F8} <C:\WINDOWS\system32\SystemToolbar.dll, N/A>
[使用網際快車下載]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用網際快車下載全部鏈接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[新增到QQ自定義面板]
<C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[新增到QQ表情]
<C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>

==================================
正在執行的工作行程
[PID: 552][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 620][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 644][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 688][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 700][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 872][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 972][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1108][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1120][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1332][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.1699 (xpsp2.050610-1533)>
[PID: 1612][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
[C:\WINDOWS\System32\AcSignIcon.dll] <Autodesk><16.1.63.0>
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.1.63.0>
[C:\Program Files\Tencent\QQ\RTraveler.dll] <N/A><N/A>
[C:\WINDOWS\System32\KB4553736.LOG] <N/A><N/A>
[C:\WINDOWS\System32\xunleibho_v4.dll] <><4, 3, 2, 29>
[C:\PROGRA~1\FLASHGET\jccatch.dll] <Amaze Soft><1, 1, 4, 0>
[PID: 248][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.1622>
[PID: 288][C:\Program Files\Tencent\QQ\Messenger.exe] <N/A><N/A>
[PID: 344][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 956][C:\WINDOWS\System32\drivers\CDAC11BA.EXE] <Macrovision><4.20.030>
[PID: 1048][C:\WINDOWS\System32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.5303>
[PID: 224][C:\Program Files\SkyNet\FireWall\PFW.exe] <廣州眾達天網技術有限公司><2.7.7.1004>
[C:\Program Files\SkyNet\FireWall\SKYMISC.DLL] <N/A><N/A>
[C:\Program Files\SkyNet\FireWall\COMPRESSWRAP.DLL] <N/A><N/A>
[PID: 472][C:\Program Files\Vnet\VnetClient.exe] <><1, 0, 0, 1>
[C:\WINDOWS\system32\Maxthonz.dll] <N/A><N/A>
[C:\WINDOWS\System32\Macromed\Flash\FLASH.OCX] <Macromedia, Inc.><7,0,19,0>
[PID: 768][C:\Program Files\Common Files\Real\Update_OB\realevent.exe] <RealNetworks, Inc.><0.1.0.1622>
[C:\WINDOWS\System32\PNCRT.dll] <Real Networks, Inc><6.0.0.0>
[C:\Program Files\Common Files\Real\Update_OB\rnms3270.dll] <RealNetworks, Inc.><7.0.0.1452>
[C:\Program Files\Common Files\Real\Common\objb3201.dll] <RealNetworks, Inc.><0.1.0.3389>
[C:\Program Files\Common Files\Real\RCAPlugins\uisy3201.dll] <RealNetworks, Inc.><0.1.0.1760>
[C:\Program Files\Common Files\Real\Update_OB\rnad3201.dll] <RealNetworks, Inc.><0.1.0.1622>
[C:\Program Files\Common Files\Real\Update_OB\rnqu3270.dll] <RealNetworks, Inc.><7.0.0.1685>
[C:\Program Files\Common Files\Real\Update_OB\setu3270.dll] <RealNetworks, Inc.><7.0.0.2311>
[C:\Program Files\Common Files\Real\Plugins\http3260.dll] <RealNetworks, Inc.><6.0.7.4278>
[PID: 848][C:\Program Files\Common Files\Real\Update_OB\realevent.exe] <RealNetworks, Inc.><0.1.0.1622>
[C:\WINDOWS\System32\PNCRT.dll] <Real Networks, Inc><6.0.0.0>
[C:\Program Files\Common Files\Real\Update_OB\upgr3270.dll] <RealNetworks, Inc.><7.0.0.1675>
[C:\Program Files\Common Files\Real\Common\objb3201.dll] <RealNetworks, Inc.><0.1.0.3389>
[C:\Program Files\Common Files\Real\Update_OB\setu3270.dll] <RealNetworks, Inc.><7.0.0.2311>
[C:\Program Files\Common Files\Real\Update_OB\rnqu3270.dll] <RealNetworks, Inc.><7.0.0.1685>
[C:\Program Files\Common Files\Real\Update_OB\rnup3270.dll] <RealNetworks, Inc.><7.0.0.1052>
[C:\Program Files\Common Files\Real\Update_OB\twebbrowse.dll] <RealNetworks, Inc.><1.0.2.311>
[C:\Program Files\Common Files\Real\Update_OB\faus3270.dll] <RealNetworks, Inc.><7.0.0.1362>
[C:\Program Files\Common Files\Real\Common\pnrs3260.dll] <RealNetworks, Inc.><6.0.9.2068>
[C:\Program Files\Common Files\Real\Update_OB\rnad3201.dll] <RealNetworks, Inc.><0.1.0.1622>
[C:\Program Files\Common Files\Real\Update_OB\rnms3270.dll] <RealNetworks, Inc.><7.0.0.1452>
[C:\Program Files\Common Files\Real\Plugins\http3260.dll] <RealNetworks, Inc.><6.0.7.4278>
[PID: 1884][C:\Program Files\FlashGet\flashget.exe] <Amaze Soft><1, 6, 5, 0>
[C:\WINDOWS\system32\Maxthonz.dll] <N/A><N/A>
[C:\WINDOWS\System32\Macromed\Flash\FLASH.OCX] <Macromedia, Inc.><7,0,19,0>
[PID: 1956][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A>
[C:\WINDOWS\System32\AcSignIcon.dll] <Autodesk><16.1.63.0>
[PID: 492][C:\DOCUME~1\Naquan\LOCALS~1\Temp\Rar$EX02.625\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件關聯
.TXT Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. [C:\WINDOWS\hh.exe %1]
.HLP Error. [C:\WINDOWS\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

;
A:

很多LJ....

1. 用 GMER 做個Rootkit Scan
a) 下載 GMER 並解壓gmer.zip
b) 執行gmer.exe ----> Rootkit
c) 確認選取了所有專案 ( Show All 除外), 按 Scan
d) 掃瞄完成後, 按 Copy複製掃瞄結果,在這裡貼上你的掃瞄結果

2. 使用SREng (相關操作說明)
-刪除以下的啟動項
<Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
<Realplayer.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
<Messager.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
<SOUNDM><winsmd.exe> []

-修改Userinit的數值為
C:\WINDOWS\System32\userinit.exe,

-刪除以下的服務
[DirectX Graphics / dxdmain]
<C:\WINDOWS\System32\dxdmain.exe><N/A>
[JMediaService / JMediaService]
<C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service><N/A>
[Local Security Authority Server / LSA Server]
<C:\WINDOWS\System32\lsasrv.exe><N/A>
[Local Security Authority Subsystem Service / lsass]
<"C:\WINDOWS\lsass.exe"><N/A>
[wint / wint]
<C:\WINDOWS\System32\RunDLL32.exe "C:\WINDOWS\System32\wint\wint.dll",Run -r><N/A>

-刪除以下瀏覽器載入項
[Router Layer]
{5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} <C:\WINDOWS\System32\aclayer.dll, N/A>
[系統標準按鍵(&E)]
{6B2455FD-3669-4555-8DF8-69FD5BC846F8} <C:\WINDOWS\system32\SystemToolbar.dll, N/A>

-修復以下文件關聯
.TXT Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.CHM Error. [C:\WINDOWS\hh.exe %1]
.HLP Error. [C:\WINDOWS\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF Error. [C:\WINDOWS\NOTEPAD.EXE %1]

3.
a) 下載 Pocket KillBox 並儲存到桌面
b) 按 [Copy to clipboard] 複製以下所有文字

CODE:
C:\WINDOWS\system32\Maxthonz.dll
C:\WINDOWS\System32\KB4553736.LOG
C:\WINDOWS\System32\wint\wint.dll
C:\WINDOWS\System32\dxdmain.exe
C:\WINDOWS\System32\lsasrv.exe
C:\WINDOWS\lsass.exe
[Copy to clipboard]

c) 執行 killbox.exe ,選 Delete on Reboot,再選 All Files
d) 按 File ---> Paste from Clipboard
e) 再按紅色交叉(Delete File) , 當有提示時,按 Yes,另一個再按 No

電腦會自動重新啟動,如果沒有,請自行重新啟動電腦

4. 掃瞄新的SREng log上來

Q:

問當機了還開的了幾嗎？
我還要斷電源才可以開機

A:

請參考 - SREng常用操作說明刪除給你的建議。如果不能刪除，說明具體遇到的問題。

建議在安全模式下嘗試刪除

下載老九 WinPE 最終修改版
http://laomaotao.u.winzheng.com/

用虛擬光碟載入BootCD.ISO 或者直接用WinRAR解壓縮。執行 WINPE安裝資料夾中的可執行程式安裝.EXE。直接按照提示操作即可。

重啟電腦，進入WinPE 工具箱，在WinPE環境下刪除C硬碟中存在的木馬、病毒文件。注意文件的路徑，別把系統文件誤刪了

Q:
【求助】老大，我電腦裡有不明飛行物（有DOS視窗不斷跳出又立即消失），995那可憐的電腦啊！！

我只是打開一個瀏覽器，以下是掃瞄結果：

2006-09-20,20:25:45

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中：
所有的啟動專案（包括註冊表、啟動資料夾、服務等）
瀏覽器載入項
正在執行的工作行程（包括工作行程模塊訊息）
文件關聯

啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<caishowmanage><C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE> []
<Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<rx><C:\WINDOWS\system32\explore.exe> []
<wow><C:\WINDOWS\system32\Launcher.exe> []
<zz><C:\WINDOWS\system32\intenet.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<nwiz><nwiz.exe /install> []
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
<stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe> [Tencent]
<DesktopMemo><"C:\Program Files\DeskMemo\Deskmemo.exe"> []
<Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe> []
<CnsMin><8V?> []
<Torjan Program><C:\WINDOWS\WINLOGON.EXE> [wa1vTRVHCVJwSh8Xf92t]
<ToP><C:\WINDOWS\LSASS.exe> []
<softbox><C:\WINDOWS\system32\softbox.exe> [bcnet]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> []
<RichMedia><C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows> [Shanghai Henbang Technology Co., Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<kokv><C:\WINDOWS\system32\019i8e1.exe> []
<Alexa><C:\WINDOWS\system32\qproecss.exe> []
<Ver><2006.07.20> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe 1> []
<Userinit><userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<DelayRun><C:\WINDOWS\019d8e10.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> []
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> []
<StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []

==================================

啟動資料夾
[IE-Bar]
<C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\IE-Bar.lnk><N>

==================================
服務
[Performance Moniter / MOBILL]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL,Export 1087><N/A>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Corporation Limited>
[Rising Process Communication Center / RsCCenter]
<C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SVCHAST / SystemInspect]
<C:\Program Files\SystemInspect\SVCHAST.exe><N/A>

瀏覽器載入項
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v13.dll, Thunder Networking Technologies,LTD>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5025.dll, N/A>
[Adobe-Plugins Manager]
{2AFA7CEC-26D9-4256-AF57-497A13180BA5} <C:\WINDOWS\System32\Agm.dll, AdoBeSoft Co.>
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, yahoo! china>
[CaiShowBH Class]
{3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>>
[]
{3D898C55-74CC-4B7C-B5F1-45913F368388} <C:\PROGRA~1\SYSTEM~1\SYSTEM~1.DLL, N/A>
[raObject Class]
{46F194EB-B7DB-4B7A-BD42-5FF39FD17664} <C:\PROGRA~1\pcast\hbcast.dll, Shanghai Henbang Technology Co., Ltd>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <F:\應用軟件\聊天軟件\QQ2006BETA2SP1　雙顯IP版\azcx\Tencent\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[NetAccelerate Class]
{5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\wuwebex.dll, Microsoft Corporation>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[]
{669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\ssup.dll, TENCENT>
[CpapView Class]
{77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\Rundl132.dll, N/A>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Schedule Class]
{8B316DA1-9950-4926-B9EA-1AEC124AFA45} <C:\WINDOWS\system32\sscli.dll, >
[]
{958E3537-7E8D-4B4F-BF80-A39E6FEEF27B} <C:\WINDOWS\system32\Dgit.dll, N/A>
[perfdp]
{995FF616-7583-4D6B-9675-EED24EDC93BB} <C:\WINDOWS\system32\perfidp.dll, >
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[]
{9C082F6C-91E4-4FC4-9280-186674ACCF83} <C:\WINDOWS\system32\Jkpl.dll, N/A>
[Spoolsv Class]
{9C363D55-07D7-433d-A13E-D9C105202F6F} <C:\WINDOWS\system32\drivers\spoolsv.dll, >
[DDOC]
{A64E86D2-203D-4145-AA9B-2425BAF568E9} <C:\WINDOWS\system32\henroer.dll, >
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Macromedia. Flash8 Object]
{C61A70F3-505E-4B90-916F-627A8706B4BC} <c:\WINDOWS\system32\FlashPlayer8OCX.dll, N/A>
[QuickBtn]
{D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} <C:\Program Files\kuzhan\kuzhan.dll, Fengcent>
[51響導]
{D271A289-57EB-4D0E-9131-A0CD25D4D1F8} <C:\WINDOWS\system32\browsewmzero.dll, N/A>
[Windows ToyClass]
{E3DB85B5-C559-4894-B474-42E89FAA1EFD} <C:\WINDOWS\system32\wlbs.dll, N/A>
[BHelper Class]
{F2E37336-BFDB-409B-8D0E-6F013C438B20} <C:\WINDOWS\system\019o8e11.dll, N/A>
[XBTP01967 Class]
{F3E19DD9-6D5B-4867-A057-1EFFFC62322E} <C:\WINDOWS\Temp\tbu1A\Toolbar.dll, N/A>
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll, Yahoo! China>
[啟動迅雷]
{0062C9BD-B349-40DE-91A0-755F37ACD559} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[QuickBtn]
{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\kuzhan\kuzhan.dll, Fengcent>
[上網助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://assistant.3721.com/index.htm, N/A>
[手機短信]
{5DA5CC16-90A8-4c78-AB5E-596BAEDD1289} <http://sms.3721.com/ie/index.htm, N/A>
[微軟]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.microsoft.com/china/index.htm, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\QQ2005\QQ.EXE, N/A>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <F:\應用軟件\聊天軟件\QQ2006BETA2SP1　雙顯IP版\azcx\Tencent\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Yahoo! Messenger]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <F:\應用軟件\聊天軟件\雅虎通\安裝程式\Messenger\YahooMessenger.exe, Yahoo! Inc.>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://assistant.3721.com/security1.htm, N/A>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://assistant.3721.com/clean1.htm, N/A>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[TT33定向搜索]
{D940F380-49C7-4A05-9E33-53930AF5768F} <C:\WINDOWS\Temp\tbu1A\Toolbar.dll, N/A>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, yahoo! china>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft? Corporation>
[WebActivater Control]
{3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\system32\WEBACT~1.OCX, QQ>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v13.dll, Thunder Networking Technologies,LTD>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[IEMonitor Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\Program Files\DeskAdTop\deskipn.dll, N/A>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5025.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Adobe-Plugins Manager]
{2AFA7CEC-26D9-4256-AF57-497A13180BA5} <C:\WINDOWS\System32\Agm.dll, AdoBeSoft Co.>
[Yahoo!Photo]
{33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, yahoo! china>
[CaiShowBH Class]
{3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>>
[]
{3D898C55-74CC-4B7C-B5F1-45913F368388} <C:\PROGRA~1\SYSTEM~1\SYSTEM~1.DLL, N/A>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, yahoo! china>
[raObject Class]
{46F194EB-B7DB-4B7A-BD42-5FF39FD17664} <C:\PROGRA~1\pcast\hbcast.dll, Shanghai Henbang Technology Co., Ltd>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <F:\應用軟件\聊天軟件\QQ2006BETA2SP1　雙顯IP版\azcx\Tencent\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[NetAccelerate Class]
{5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\wuwebex.dll, Microsoft Corporation>
[Yahoo!Live]
{57421194-58FB-49AE-9B4F-FD48869B9AD4} <C:\Program Files\Yahoo!\Assistant\yaLive.dll, yahoo! china>
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[]
{669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\ssup.dll, TENCENT>
[CpapView Class]
{77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\Rundl132.dll, N/A>
[Microsoft Web 瀏覽器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Schedule Class]
{8B316DA1-9950-4926-B9EA-1AEC124AFA45} <C:\WINDOWS\system32\sscli.dll, >
[]
{958E3537-7E8D-4B4F-BF80-A39E6FEEF27B} <C:\WINDOWS\system32\Dgit.dll, N/A>
[perfdp]
{995FF616-7583-4D6B-9675-EED24EDC93BB} <C:\WINDOWS\system32\perfidp.dll, >
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[]
{9C082F6C-91E4-4FC4-9280-186674ACCF83} <C:\WINDOWS\system32\Jkpl.dll, N/A>
[Spoolsv Class]
{9C363D55-07D7-433D-A13E-D9C105202F6F} <C:\WINDOWS\system32\drivers\spoolsv.dll, >
[DDOC]
{A64E86D2-203D-4145-AA9B-2425BAF568E9} <C:\WINDOWS\system32\henroer.dll, >
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Macromedia. Flash8 Object]
{C61A70F3-505E-4B90-916F-627A8706B4BC} <c:\WINDOWS\system32\FlashPlayer8OCX.dll, N/A>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[QuickBtn]
{D1BB7CF4-4463-4E91-88D7-ECC3CE0A13B7} <C:\Program Files\kuzhan\kuzhan.dll, Fengcent>
[51響導]
{D271A289-57EB-4D0E-9131-A0CD25D4D1F8} <C:\WINDOWS\system32\browsewmzero.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[TT33定向搜索]
{D940F380-49C7-4A05-9E33-53930AF5768F} <C:\WINDOWS\Temp\tbu1A\Toolbar.dll, N/A>
[Windows ToyClass]
{E3DB85B5-C559-4894-B474-42E89FAA1EFD} <C:\WINDOWS\system32\wlbs.dll, N/A>
[Messenger Class]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <, N/A>
[BHelper Class]
{F2E37336-BFDB-409B-8D0E-6F013C438B20} <C:\WINDOWS\system\019o8e11.dll, N/A>
[XBTP01967 Class]
{F3E19DD9-6D5B-4867-A057-1EFFFC62322E} <C:\WINDOWS\Temp\tbu1A\Toolbar.dll, N/A>
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll, Yahoo! China>
[&使用迅雷下載]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下載全部鏈接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[Google 搜索(&G)]
<res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
[上傳到QQ網路硬碟]
<C:\Program Files\QQ2005\AddToNetDisk.htm, N/A>
[使用影音傳送帶下載]
<C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音傳送帶下載全部鏈接]
<C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>
[反向鏈接]
<res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[新增到QQ自定義面板]
<C:\Program Files\QQ2005\AddPanel.htm, N/A>
[新增到QQ表情]
<C:\Program Files\QQ2005\AddEmotion.htm, N/A>
[新增到雅虎訂閱(&Y)]
<res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT, N/A>
[用QQ彩信發送該圖片]
<C:\Program Files\QQ2005\SendMMS.htm, N/A>
[用比特精靈下載(&B)]
<F:\應用軟件\下載工具\比特精靈 v3.0.0.087 穩定版\azcx\BitSpirit\bsurl.htm, N/A>
[用炫彩圖鈴發送該圖片]
<C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm, N/A>
[類似網頁]
<res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html, N/A>
[快取記憶體的網頁快照]
<res://c:\program files\google\GoogleToolbar2.dll/cmcache.html, N/A>
[翻譯英文字詞(&T)]
<res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html, N/A>
[雅虎搜索]
<res://C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll/203, N/A>

==================================

正在运行的进程
[PID: 568][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 620][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 644][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 688][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 700][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 856][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 920][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[PID: 1060][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[PID: 1144][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1268][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1692][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1828][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5, 1, 0, 48>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[PID: 1904][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[PID: 1920][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3427>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[PID: 1984][C:\Program Files\DeskMemo\Deskmemo.exe] <><1, 0, 0, 1>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[PID: 132][C:\WINDOWS\system32\SVOHOST.exe] <N/A><N/A>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020>
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[PID: 472][C:\WINDOWS\WINLOGON.EXE] <wa1vTRVHCVJwSh8Xf92t><0.00.0109>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[PID: 1180][C:\WINDOWS\system32\softbox.exe] <bcnet><1.00>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[PID: 1868][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\pcast\hbcast.dll] <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 8>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020>
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015>
[PID: 332][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020>
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015>
[PID: 1260][C:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\DOCUME~1\new\TEMPLA~1\ba3e3f5\1.dll] <千橡互联><3, 0, 2, 0>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\DOCUME~1\new\TEMPLA~1\ba3e3f5\3.dll] <千橡互联><3, 0, 2, 8>
[C:\DOCUME~1\new\TEMPLA~1\ba3e3f5\4.dll] <千橡互联><3, 0, 2, 8>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020>
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015>
[PID: 588][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[c:\WINDOWS\system32\urlmons32.dll] <N/A><N/A>
[PID: 612][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 592][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1544][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.8195>
[PID: 1936][C:\Program Files\SystemInspect\SVCHAST.exe] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[PID: 864][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1552][C:\WINDOWS\system32\wscntfy.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[PID: 1640][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[PID: 3876][c:\windows\system32\inetsrv\csrss.exe] <Microsoft><1.0.0.0>
[PID: 2772][C:\Program Files\ChinaNet\VnetClient.exe] <><2005, 11, 14, 1>
[C:\Program Files\ChinaNet\Communicate.dll] <0><2005, 3, 3, 1>
[C:\Program Files\ChinaNet\DialModule.dll] <GDCN><2006, 6, 26, 1>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1>
[C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX] <><2005, 7, 27, 1>
[C:\PROGRA~1\ChinaNet\sign.dll] <0><2004, 12, 1, 1>
[C:\PROGRA~1\ChinaNet\WEBPLU~1.DLL] <><2005, 8, 18, 1>
[C:\PROGRA~1\ChinaNet\PostPlug.dll] <><2004, 12, 16, 2>
[C:\PROGRA~1\ChinaNet\ADVERT~1.OCX] <><2005, 10, 13, 1>
[C:\PROGRA~1\ChinaNet\Gif89a.dll] <><2005, 6, 21, 1>
[C:\PROGRA~1\ChinaNet\VnetBs.ocx] <><2004, 11, 18, 1>
[C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL] <><2005, 11, 14, 1>
[C:\PROGRA~1\ChinaNet\AccountMgr.dll] <><2005, 11, 14, 17>
[C:\PROGRA~1\ChinaNet\VnetSkin.ocx] <GDDC><2005, 11, 14, 1>
[C:\PROGRA~1\ChinaNet\DialogStyle.dll] <><1, 0, 0, 1>
[C:\PROGRA~1\ChinaNet\Timer.ocx] <><2005, 10, 9, 14>
[C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX] <><2005, 2, 24, 1>
[C:\PROGRA~1\ChinaNet\NEWMES~1.DLL] <><2005, 8, 26, 1>
[C:\PROGRA~1\ChinaNet\PassCtrl.dll] <><1, 0, 0, 1>
[C:\PROGRA~1\ChinaNet\PlugPush.dll] <><2004, 12, 21, 1>
[C:\PROGRA~1\ChinaNet\ALLINT~1.DLL] <><2004, 11, 23, 1>
[C:\PROGRA~1\ChinaNet\VNetLog.ocx] <><2005, 10, 9, 1>
[C:\PROGRA~1\ChinaNet\StatNum.dll] <><2004, 11, 18, 1>
[C:\PROGRA~1\ChinaNet\VNETON~1.OCX] <><2005, 3, 2, 1>
[C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL] <GDCN><2005, 11, 1, 17>
[C:\PROGRA~1\ChinaNet\VnetOptLog.dll] <><2005, 9, 13, 9>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\PROGRA~1\ChinaNet\DlgSkin.ocx] <><2005, 11, 14, 1>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020>
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015>
[PID: 3364][F:\网络浏览及播放器\网络及电视浏览器\Maxthon v1.1.090 增强版\azcx\Maxthon\Maxthon.exe] <MY Soft Technology><1, 1, 0, 90>
[F:\网络浏览及播放器\网络及电视浏览器\Maxthon v1.1.090 增强版\azcx\Maxthon\zlib.dll] <N/A><N/A>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020>
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015>
[F:\网络浏览及播放器\网络及电视浏览器\Maxthon v1.1.090 增强版\azcx\Maxthon\Plugin\FloatBar\FloatBar.dll] <><1, 8, 0, 0>
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[F:\网络浏览及播放器\网络及电视浏览器\Maxthon v1.1.090 增强版\azcx\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 3424][C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe] <Yahoo! China><3, 0, 9, 1015>
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll] <yahoo! china><3, 3, 5, 1086>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] <Yahoo! China><3, 0, 1, 1010>
[C:\Program Files\Yahoo!\Assistant\yNotifier.dll] <yahoo! china><3, 0, 0, 1000>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[PID: 3580][C:\PROGRA~1\PPRich\MINIPP~1.EXE] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[PID: 4040][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\xunleibho_v13.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 48>
[C:\Program Files\TENCENT\Adplus\SSAddr.dll] <Tencent><4, 2, 4, 43>
[C:\WINDOWS\System32\Agm.dll] <AdoBeSoft Co.><4, 4, 26, 1>
[C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll] <Yahoo! China><3, 0, 4, 1006>
[C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll] <yahoo! china><3, 0, 2, 1003>
[C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll] <TODO: <公司名>><1.0.0.1>
[C:\PROGRA~1\SYSTEM~1\SYSTEM~1.DLL] <N/A><N/A>
[C:\PROGRA~1\pcast\hbcast.dll] <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 8>
[c:\PROGRA~1\chinanet\VNETTR~1.DLL] <><2005, 4, 6, 1>
[c:\PROGRA~1\chinanet\Communicate.dll] <0><2005, 3, 3, 1>
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1>
[F:\应用软件\聊天软件\QQ2006BETA2SP1　双显IP版\azcx\Tencent\QQIEHelper.dll] <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] <yahoo! china><3, 0, 1, 1001>
[C:\WINDOWS\system32\ssup.dll] <TENCENT><4, 2, 4, 43>
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[C:\WINDOWS\system32\sscli.dll] <><5, 0, 2195, 6696>
[C:\WINDOWS\system32\Dgit.dll] <N/A><N/A>
[C:\WINDOWS\system32\perfidp.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[C:\WINDOWS\system32\Jkpl.dll] <N/A><N/A>
[C:\WINDOWS\system32\drivers\spoolsv.dll] <><1, 0, 1, 1>
[C:\WINDOWS\system32\henroer.dll] <><1, 0, 0, 1>
[c:\program files\google\googletoolbar2.dll] <Google Inc.><3, 0, 131, 0>
[c:\WINDOWS\system32\FlashPlayer8OCX.dll] <N/A><N/A>
[C:\Program Files\kuzhan\kuzhan.dll] <Fengcent><1, 0, 0, 2>
[C:\WINDOWS\system\019o8e11.dll] <N/A><N/A>
[C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll] <Yahoo! China><3, 0, 9, 1014>
[C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll] <yahoo! china><3, 1, 2, 1057>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ysearch.dll] <Yahoo! China><3, 0, 5, 1005>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasnoad.dll] <yahoo! china><3, 0, 2, 1004>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yzsNetProto.dll] <Yahoo! China><3, 0, 0, 1000>
[C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll] <Yahoo! China><3, 0, 1, 1001>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yaswiper.dll] <Yahoo! China><3, 0, 2, 1002>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasiesec.dll] <Yahoo! China><3, 0, 3, 1003>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YSETTI~1.DLL] <yahoo! china><3, 0, 5, 1010>
[C:\Program Files\Yahoo!\Assistant\Assist\ymailp.dll] <Yahoo! China><3.0.0.1006>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[c:\WINDOWS\system32\urlmons32.dll] <N/A><N/A>
[PID: 3480][C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 4084][c:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Corporation Limited><3, 1, 0, 36>
[c:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Corporation Limited><3, 0, 1, 5>
[c:\program files\rising\rfw\rfwrule.dll] <Beijing Rising Technology Corporation Limited><3, 1, 0, 0>
[c:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Corporation Limited><3, 1, 0, 2>
[PID: 2936][F:\系统安全\System Repair Engineer\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020>
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[PID: 2216][C:\WINDOWS\Explorer.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020>
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
對了，電腦出問題後跳出視窗原來也有，不過它把殺毒軟件關閉後就沒有了，今天我用服務把殺毒打開後就不斷跳出來，影響在電腦上進行的一切活動。

A:

1.
江民發佈「落雪」(GamePass)木馬專殺1.1
http://www.jiangmin.com/download/TrojanKiller.rar
由C.I.S.R.T. 幸福的獅子編寫的「落雪」木馬專殺工具
http://www.cisrt.org/avtools/MiscKiller.rar

2.再次執行 System Repair Engineer 在「啟動專案」->「註冊表」中刪除下面專案
<Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe> []
<rx><C:\WINDOWS\system32\explore.exe> []
<wow><C:\WINDOWS\system32\Launcher.exe> []
<zz><C:\WINDOWS\system32\intenet.exe> []
<Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe> []
<CnsMin><8V?> []
<Torjan Program><C:\WINDOWS\WINLOGON.EXE> [wa1vTRVHCVJwSh8Xf92t]
<ToP><C:\WINDOWS\LSASS.exe> []
<softbox><C:\WINDOWS\system32\softbox.exe> [bcnet]
<kokv><C:\WINDOWS\system32\019i8e1.exe> []
<Alexa><C:\WINDOWS\system32\qproecss.exe> []
<Ver><2006.07.20> []
<DelayRun><C:\WINDOWS\019d8e10.dll> []

再次執行 System Repair Engineer 在"啟動專案->服務->"Win32服務應用程式"選中"隱藏微軟服務" 然後將下面名稱的服務
[Performance Moniter / MOBILL]
[SVCHAST / SystemInspect]
"修改啟動類型"->"disable"->"設置"
"刪除服務"->"設置"->"否" (注意: 按"否"是確認刪除服務,按"是"為取消操作)

3.重啟電腦，顯示所有文件和資料夾（隱含及系統保護）
打開「我的電腦-->工具-->資料夾選項-->檢視

去掉下面選項前面的鉤
「隱藏受保護系統文件（推薦）」
「隱藏已知文件類型的延伸名」
選中顯示所有文件和資料夾-->儲存設置

刪除下面文件

Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe
C:\WINDOWS\system32\explore.exe
C:\WINDOWS\system32\Launcher.exe
C:\WINDOWS\system32\intenet.exe
C:\WINDOWS\WINLOGON.EXE
C:\WINDOWS\LSASS.exe
C:\WINDOWS\system32\softbox.ex
C:\WINDOWS\system32\019i8e1.exe
C:\WINDOWS\system32\qproecss.exe
C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL
C:\Program Files\SystemInspect\SVCHAST.exe
C:\WINDOWS\019d8e10.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5025.dll

4.下載Dr.Web CureIT! 免費掃瞄器，包含最新病毒庫，可以檢測清除病毒、木馬、後門、流氓惡意軟件，不和已裝殺毒軟件衝突
直接下載位址： ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
自解壓格式，下載後直接執行cureit.exe，或者滑鼠右鍵，解壓到目標資料夾，然後執行該資料夾裡面的「_start.exe」殺毒
先按「確定」進行「Start Express Scan」快速殺毒，先會自動掃瞄記憶體工作行程和啟動項，等快速掃瞄結束後，再用滑鼠左鍵選中硬碟分區的圖示，被選中的分區上會出現紅點標記，再次殺毒.Dr.Web界面左下角的5個按鍵分別是"全選" "清除" "重命名" "隔離" "刪除".可以先把殺毒報告發上來等待確認後再進行操作，或者Select all(全選) Cure ->Move incurable(將清除失敗的文件移動到隔離區)
最後把殺毒報告發上來,從"我的電腦"打開 %USERPROFILE%\DoctorWeb\ 打開下面文件CureIt.log複製其中內容到帖子裡

Dr.Web 使用圖解

Q:

已經按照以上執行，不過在執行「刪除下面文件」的過程中出現下面問題：

Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe（成功刪除）
C:\WINDOWS\system32\explore.exe「沒有找到文件」
C:\WINDOWS\system32\Launcher.exe「沒有找到文件」
C:\WINDOWS\system32\intenet.exe「沒有找到文件」
C:\WINDOWS\WINLOGON.EXE「沒有找到文件」
C:\WINDOWS\LSASS.exe「沒有找到文件」
C:\WINDOWS\system32\softbox.ex（成功刪除）
C:\WINDOWS\system32\019i8e1.exe「沒有找到文件」
C:\WINDOWS\system32\qproecss.exe（刪除後3秒又出現）
C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL「沒有找到文件」
C:\Program Files\SystemInspect\SVCHAST.exe「沒有找到文件」
C:\WINDOWS\019d8e10.dll「沒有找到文件」
C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5025.dll「沒有找到文件」

最後結果：沒有解決任何問題，暈死了
對了，在安全模式下殺出22種381個病毒，不過今天殺明天又出來.

A:

><C:\WINDOWS\system32\019i8e1.exe> []
這個文件肯定是病毒,你在帶命令提示字元的安全模式下,把系統受保護的文件都打開,或者查找，刪除掉~

Q:

可我找不到這個文件呀，為什麼？C:\WINDOWS\system32\019i8e1.exe> []

A:

顯示所有文件和資料夾（隱含及系統保護）了嗎？

把Dr.Web的殺毒報告發上來

Q:

求助】先是報錯user.dll文件丟失～～後來有朋友說是中毒了～～～特來求救～～謝謝了～～

開機後就出現了這個提示，系統還算能正常執行～～

可是打開QQ交談視窗的時候出現了這個提示～～

http://bbs.crsky.com/1128632305/Mon_0609/64_164278_63b4bf1a1b5772d.jpg

http://bbs.crsky.com/1128632305/Mon_0609/64_164278_c14e188755041f7.jpg

為什麼會這樣～？～？應該如何解決呢～？～？～
向壇友求助～～～謝謝大家啦～～～附上 hijackthis的掃瞄文檔

Logfile of HijackThis v1.99.1
Scan saved at 11:52:43, on 2006-9-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\download\ACDSee\ACDSee.exe
E:\系統工具\檢測系統工具\HijackThis\HijackThis.exe

O1 - Hosts: 125.91.1.20 localhost
O1 - Hosts: 125.91.1.20 www.7939.com
O1 - Hosts: 125.91.1.20 www.hao123.com
O1 - Hosts: 125.91.1.20 www.9991.com
O1 - Hosts: 125.91.1.20 www.5566.net
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 125.91.1.20 www.265.com
O1 - Hosts: 125.91.1.20 www.v111.com
O2 - BHO: (no name) - {4BBC1A4D-DD20-4980-A645-2E13F6FC286D} - C:\WINDOWS\system32\3721.1.dll (file missing)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\QQ\QQIEHelper.dll
O2 - BHO: 超級兔子上網精靈 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - D:\PROGRA~1\MagicSet\haokanbar.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX
O3 - Toolbar: 超級兔子上網精靈 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - D:\PROGRA~1\MagicSet\haokanbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] ; nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] ; RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE QQ-EYE PC Camera
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [rundll] rundll32 user.dll s
O4 - HKLM\..\Run: [Super Rabbit SRRestore] D:\Program Files\MagicSet\srrest.exe /autosave
O4 - HKCU\..\Run: [bgswitch] ; C:\WINDOWS\system32\bgswitch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: 卡巴斯基駭客防護程式.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O8 - Extra context menu item: &使用迅雷下載 - D:\Program Files\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下載全部鏈接 - D:\Program Files\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上傳到QQ網路硬碟 - D:\Program Files\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 匯出到 Microsoft Office Excel(&X) - res://E:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 新增到QQ自定義面板 - D:\Program Files\QQ\AddPanel.htm
O8 - Extra context menu item: 新增到QQ表情 - D:\Program Files\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信發送該圖片 - D:\Program Files\QQ\SendMMS.htm
O9 - Extra button: 浩方對戰平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\浩方對戰平台\GameClient.exe (file missing)
O9 - Extra button: 番茄花園 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具條設置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {045ADB92-9635-45CE-B25B-F19F825B0E39} (MSTPlayerInstaller Control) - http://www.aim99.com/QHPlayer/chs/MS...rInstaller.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DC1D374-01B7-44F6-B834-4A990F5BBE42}: NameServer = 202.100.192.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{0DC1D374-01B7-44F6-B834-4A990F5BBE42}: NameServer = 202.100.192.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{0DC1D374-01B7-44F6-B834-4A990F5BBE42}: NameServer = 202.100.192.68
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: host Service For Windows (mshost) - Unknown owner - C:\WINDOWS\mshost.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

再附上SREng2的掃瞄～～～
2006-09-21,12:10:16

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中：
所有的啟動專案（包括註冊表、啟動資料夾、服務等）
瀏覽器載入項
正在執行的工作行程（包括工作行程模塊訊息）
文件關聯

啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<bgswitch><; C:\WINDOWS\system32\bgswitch.exe> []
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><; nwiz.exe /install> []
<NvMediaCenter><; RunDLL32.exe NvMCTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize> [Kaspersky Lab]
<BigDogPath><C:\WINDOWS\VM_STI.EXE QQ-EYE PC Camera> []
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> []
<rundll><rundll32 user.dll s> []
<Super Rabbit SRRestore><D:\Program Files\MagicSet\srrest.exe /autosave> [Super Rabbit Soft]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{7AED4686-F3AB-44EC-A118-D70ADF6CCE21}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat> []

==================================
啟動資料夾
[卡巴斯基駭客防護程式]
<C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\卡巴斯基駭客防護程式.lnk><N>
[CoreCenter]
<C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\CoreCenter.lnk><N>

==================================
服務
[Crypkey License / Crypkey License]
<crypserv.exe><Kenonic Controls Ltd.>
[kavsvc / kavsvc]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[host Service For Windows / mshost]
<C:\WINDOWS\mshost.exe><N/A>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
瀏覽器載入項
[]
{4BBC1A4D-DD20-4980-A645-2E13F6FC286D} <C:\WINDOWS\system32\3721.1.dll, N/A>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[超級兔子上網精靈]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\PROGRA~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX, N/A>
[浩方對戰平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <C:\Program Files\浩方對戰平台\GameClient.exe, N/A>
[番茄花園]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[超級兔子上網精靈]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\PROGRA~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
[MSTPlayerInstaller Control]
{045ADB92-9635-45CE-B25B-F19F825B0E39} <C:\WINDOWS\DOWNLO~1\MSTPLA~1.OCX, Liztech Co., Ltd>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[超級兔子上網精靈]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\PROGRA~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
[]
{4BBC1A4D-DD20-4980-A645-2E13F6FC286D} <C:\WINDOWS\system32\3721.1.dll, N/A>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[超級兔子上網精靈]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\PROGRA~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Microsoft Web 瀏覽器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[&使用迅雷下載]
<D:\Program Files\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下載全部鏈接]
<D:\Program Files\Thunder\Program\GetAllUrl.htm, N/A>
[上傳到QQ網路硬碟]
<D:\Program Files\QQ\AddToNetDisk.htm, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://E:\OFFICE~1\OFFICE11\EXCEL.EXE/3000, N/A>
[新增到QQ自定義面板]
<D:\Program Files\QQ\AddPanel.htm, N/A>
[新增到QQ表情]
<D:\Program Files\QQ\AddEmotion.htm, N/A>
[用QQ彩信發送該圖片]
<D:\Program Files\QQ\SendMMS.htm, N/A>

==================================
正在執行的工作行程
[PID: 636][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 696][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 720][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 764][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 776][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 940][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1004][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1104][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1144][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1212][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1460][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp.050610-1527)>
[PID: 1688][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[C:\WINDOWS\system32\mp3infp.dll] <win32lab.com><2.52.6.0>
[C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.9133>
[C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.9133>
[C:\WINDOWS\system32\nvshell.dll] <N/A><N/A>
[D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1>
[F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX] <N/A><N/A>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.227.1>
[PID: 1776][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5, 1, 0, 52>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[PID: 1784][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3512>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[PID: 1804][C:\WINDOWS\VM_STI.EXE] <VM.><4.2.610.4>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[PID: 1852][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[PID: 1864][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe] <Kaspersky Labs><1.7.0.130>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\BCGCB59.dll] <BCGSoft Ltd><5, 84, 0, 0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\perfiloc.dll] <Kaspersky Labs><1.5.0.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\BCGCBRes.dll] <BCGSoft Ltd><5, 84, 0, 0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\wcswmi.dll] <Kaspersky Labs><5.0.201.1>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[E:\系統工具\SPX\engine.dll] <N/A><N/A>
[PID: 1876][C:\Program Files\MSI\Core Center\CoreCenter.exe] <><1, 6, 6, 0>
[C:\Program Files\MSI\Core Center\GLM7X.dll] <MICRO-STAR INT'L CO., LTD.><3, 0, 0, 0>
[C:\Program Files\MSI\Core Center\RushTop.dll] <N/A><N/A>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[PID: 1948][C:\WINDOWS\system32\crypserv.exe] <Kenonic Controls Ltd.><5.4.0>
[PID: 2028][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.9133>
[PID: 1360][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2520][C:\WINDOWS\system32\taskmgr.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[PID: 3352][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3528][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[D:\PROGRA~1\MagicSet\haokanbar.dll] <Xiang Feng Technology><2, 2, 0, 1612>
[D:\Program Files\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5>
[D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1>
[F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX] <N/A><N/A>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.227.342>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.227.3>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.227.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.227.0>
[C:\WINDOWS\system32\UNISPIM5.IME] <北京紫光華宇軟件股份有限公司><5.0.0.5076>
[C:\WINDOWS\system32\mp3infp.dll] <win32lab.com><2.52.6.0>
[PID: 4064][F:\download\千千靜聽\TTPlayer.exe] <Alen Soft><4, 6, 8, 0>
[F:\download\千千靜聽\ttpcomm.dll] <N/A><N/A>
[F:\download\千千靜聽\ttpres.dll] <Alen Soft><4, 6, 8, 0>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[PID: 2428][E:\系統工具\檢測系統工具\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

A:
O1 - Hosts: 125.91.1.20 www.7939.com
O1 - Hosts: 125.91.1.20 www.hao123.com
O1 - Hosts: 125.91.1.20 www.9991.com
O1 - Hosts: 125.91.1.20 www.5566.net
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 125.91.1.20 www.265.com
O1 - Hosts: 125.91.1.20 www.v111.com
O16 - DPF: {045ADB92-9635-45CE-B25B-F19F825B0E39} (MSTPlayerInstaller Control) - http://www.aim99.com/QHPlayer/chs/MSTPlayerInstaller.ocx
清除以上條目

交談視窗的解決：點開始--執行-輸入Msconfig-點確定--啟動項裡留輸入法和殺毒軟件就行了。

Q:

謝謝這位朋友～～～～
我已經用hijackthis修復這些了～～～～～
你說的啟動項，我有這些啟動項：

http://bbs.crsky.com/1128632305/Mon_0609/64_164278_ec8066eb37807aa.jpg

http://bbs.crsky.com/1128632305/Mon_0609/64_164278_de417965821cde4.jpg

除了我知道的殺軟、CPU溫度監控軟件、超級兔子的備份程式還有一個音效卡管理程式我都要關閉嗎～？？～

A:
關閉所有應用程式和瀏覽器視窗，執行HijackThis，在主界面中需要修復/刪除的專案前面的正方形裡用滑鼠點擊打勾，接著按下「修復選項/Fix Checked」按鍵。會有一個安全提示，點擊「Yes」讓它繼續

O1 - Hosts: 125.91.1.20 localhost
O1 - Hosts: 125.91.1.20 www.7939.com
O1 - Hosts: 125.91.1.20 www.hao123.com
O1 - Hosts: 125.91.1.20 www.9991.com
O1 - Hosts: 125.91.1.20 www.5566.net
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 125.91.1.20 www.265.com
O1 - Hosts: 125.91.1.20 www.v111.com
O2 - BHO: (no name) - {4BBC1A4D-DD20-4980-A645-2E13F6FC286D} - C:\WINDOWS\system32\3721.1.dll (file missing)
O4 - HKLM\..\Run: [rundll] rundll32 user.dll s

再次執行 System Repair Engineer 在「啟動專案」->「註冊表」中刪除下面專案

<{7AED4686-F3AB-44EC-A118-D70ADF6CCE21}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat> []

重啟電腦，顯示所有文件和資料夾（隱含及系統保護）
打開「我的電腦-->工具-->資料夾選項-->檢視

去掉下面選項前面的鉤
「隱藏受保護系統文件（推薦）」
「隱藏已知文件類型的延伸名」
選中顯示所有文件和資料夾-->儲存設置

刪除下面文件
C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat

就用 System Repair Engineer 清一下註冊表～

A: