史萊姆論壇

史萊姆論壇 (http://forum.slime.com.tw/)
-   作業系統操作技術文件 (http://forum.slime.com.tw/f128.html)
-   -   SREng常用操作說明 (2.0 RC2) (http://forum.slime.com.tw/thread177281.html)

psac 2006-06-15 01:24 PM

SREng常用操作說明 (2.0 RC2)
 
SREng常用操作說明 (2.0 RC2)

編輯、刪除、註釋註冊表啟動項

打開 SREng ,到「啟動專案」->「註冊表」,這裡顯示了註冊表裡大部分啟動項訊息,除了常說的run等啟動項外,2.0 RC2新增加了對 ShellServiceObjectDelayLoad 、 SharedTaskScheduler 、 ShellExecuteHooks 、 WinlogonNotify 的檢測,只是對 ShellServiceObjectDelayLoad 、 SharedTaskScheduler 、 ShellExecuteHooks 三類只能進行刪除操作,不能編輯。

SREng 2.0 RC2 還增加了顏色標識,紅色表示高危專案,藍色表示未知安全狀態專案。


編輯註冊表啟動項

點擊選擇一個需要編輯的註冊表啟動專案,然後點擊「編輯」按鈕就會出現編輯交談視窗,可以對「名字」和「值」進行修改編輯。
雙擊一個註冊表啟動專案也可以打開編輯交談視窗。
http://www.simkz.com/antivirus/rescue/tools/images/s2rc201.gif

http://www.simkz.com/antivirus/rescue/tools/images/s2rc201.gif

刪除註冊表啟動項

要刪除一個註冊表啟動項,點擊選擇一個需要刪除的註冊表啟動專案,然後點擊「刪除」按鈕,出現刪除確認交談視窗,點擊是刪除,點擊否取消。

http://www.simkz.com/antivirus/rescue/tools/images/s2rc202.gif


註釋註冊表啟動項

每個註冊表啟動項前都有一個小勾,點擊去掉小勾就「註釋」了那個啟動項,對應值資料前會出現一個「;」好,表示已註釋專案,和在msconfig系統配置實用程式裡一樣,被註釋掉的啟動項將不起作用。

註:對於 ShellServiceObjectDelayLoad 、 SharedTaskScheduler 、 ShellExecuteHooks 三類,不能進行編輯和註釋操作,只可以進行刪除操作。

psac 2006-06-15 01:26 PM

調整服務啟動類型、刪除服務

SREng 2.0 RC2 增加了對系統驅動程式服務的掃瞄,打開 SREng ,到「啟動專案」->「服務」可以看到「Win32應用程式服務」和「驅動程式」兩個按鈕,按下相應按鈕彈出相應服務列表視窗(是可以最大化的視窗哦)。
http://www.simkz.com/antivirus/rescue/tools/images/s2rc203.gif


一般情況下,我們經常操作的是「Win32應用程式服務」。

註:勾選「隱藏微軟服務」將隱藏發行者是微軟的服務,使服務列表看起來更加整潔,也可以減少誤操作系統服務的概率。


調整服務啟動類型

首先在列表中點擊選擇一個需要調整啟動類型的服務,然後點選「修改啟動類型」,再到「啟動類型」下拉列表裡選擇需要調整到的啟動類型:「Auto Start」、「Manual Start」或「Disabled」,最後點擊「設置」按鈕,出現確認交談視窗,點擊是確認,點擊否取消。

「Auto Start」表示「自動」
「Manual Start」表示「手動」
「Disabled」表示「已禁用」


http://www.simkz.com/antivirus/rescue/tools/images/s2rc204.gif

刪除服務

首先在列表中點擊選擇一個需要刪除的服務,然後點選「刪除服務」,再點擊「設置」按鈕,出現警告交談視窗,請仔細閱讀警告交談視窗中的內容,確認是否繼續刪除服務的操作,點擊是取消,點擊否確認刪除。


http://www.simkz.com/antivirus/rescue/tools/images/s2rc205.gif

「驅動程式」服務的相關操作基本和「Win32應用程式服務」的操作相同,不同之處是「驅動程式」的「啟動類型」裡還有「Boot Start」和「System Start」兩種啟動類型。

註:在服務列表裡 SREng 2.0 RC2 也增加了顏色標識,紅色表示高危專案,藍色表示未知安全狀態專案。

psac 2006-06-15 01:29 PM

系統修復

文件關聯修復

SREng 會自動判斷所列文件關聯是否正常,如果不正常會在「狀態」列顯示「錯誤」字樣並自動勾選,點擊「修復」按鈕即可修復。

http://www.simkz.com/antivirus/rescue/tools/images/s2rc206.gif


Windows Shell修復

這裡列出了一些常見的系統限制專案,勾選需要修復的專案,點擊「修復」按鈕進行修復。
圖中舉例:修復註冊表編輯器的禁用 和 任務管理器的禁用。

http://www.simkz.com/antivirus/rescue/tools/images/s2rc207.gif

Internet Explorer修復

這裡列出了常見的一些和IE相關的限制專案,勾選需要修復的專案,點擊「修復」按鈕進行修復。
圖中舉例:恢復IE主頁為「空白頁」 和 修復Internet選項交談視窗內容設置的禁用。


http://www.simkz.com/antivirus/rescue/tools/images/s2rc208.gif

瀏覽器載入項修復

選擇一個需要刪除的瀏覽器載入項,點擊「刪除所選內容」可以刪除對應的瀏覽器載入項,在出現的確認交談視窗中,點擊是確認刪除,點擊否取消操作。

http://www.simkz.com/antivirus/rescue/tools/images/s2rc209.gif
註:選擇一個瀏覽器載入項,去掉「已啟用」的勾選可以禁用該瀏覽器載入項。


自動修復

預定為「推薦修復級別」,修復所有已知Windows註冊表相關錯誤,點擊「修復」按鈕進行修復。
另一個級別是「高強修復級別」,將刪除系統內所有策略項。


http://www.simkz.com/antivirus/rescue/tools/images/s2rc210.gif

psac 2006-06-15 01:30 PM

智慧式掃瞄

在右邊的視窗內勾選需要掃瞄的內容,點擊「掃瞄」按鈕開始掃瞄……
掃瞄完成後出現「詳細報告」交談視窗,顯示了掃瞄結果報告內容,點擊「儲存報告」可以儲存掃瞄報告為LOG文件,預定文件名SREngLOG.LOG。
http://www.simkz.com/antivirus/rescue/tools/images/s2rc211.gif
http://www.simkz.com/antivirus/rescue/tools/images/s2rc211.gif

psac 2006-06-15 01:31 PM

更多說明可見 System Repair Engineer(SREng) 作者 Smallfrogs 主頁:http://www.kztechs.com/

System Repair Engineer(SREng)2.0 RC2 線上用戶手冊:http://www.kztechs.com/sreng/help2/
System Repair Engineer (SREng) 2.0 RC2 正式發佈
System Repair Engineer (SREng) 2.0 RC2 正式發佈
http://www.kztechs.com/

  System Repair Engineer (SREng) 是一款系統診斷配置工具,主要用於發現、發掘潛在的電腦故障和大多數由於電腦病毒造成的破壞。該軟件是由 KZTechs.COM 網站站長 Smallfrogs 開發的,能夠執行在所有主流的 Windows 操作系統上。目前用戶量已經超過30萬人次。
  System Repair Engineer (SREng) 2.0 RC2 在以往版本的基礎上,重點增強了危險性檢測和擴展功能,提供了一套全新的系統掃瞄、配置功能,並提供了對第三方插件支持。System Repair Engineer (SREng) 2.0 RC2 版本裡面,增加了對 X64 操作系統的支持能力, 32bit 版本的 System Repair Engineer (SREng) 2.0 RC2 已經能夠很好的檢查 Windows XP Professional X64 操作系統上可能存在的問題,而專用的 64bit 版本的 System Repair Engineer (SREng) 也會在近期發佈。
  在 System Repair Engineer (SREng) 的幫助下,您可以自己診斷您操作系統可能存在的普遍性問題,即使您是電腦的初學者,您也可以使用 System Repair Engineer (SREng) 的智慧式掃瞄功能將您系統的概況產生一份簡要的日誌,然後將該日誌傳送給對操作系統熟悉的朋友或網友,在他們的幫助下解決您系統可能存在的問題。

System Repair Engineer 2.0.21.505 發行說明
-------------------------------------------------------
1. 提供插件支持功能,允許用戶自己編寫插件
2. 提供X64平台支持
3. 強化工作行程、服務枚舉檢查功能
4. 增加一些註冊表啟動項自動檢測
5. 提供全新的服務、驅動配置界面
6. 整合 Services/Drivers Configuration Tool 全部功能
7. 增加啟動項、服務簡易判斷規則,當發現可疑內容時會以顏色高亮顯示(紅色表示高危專案,藍色表示未知安全狀態專案)
8. 增加參數支持,可以使用 SREng.EXE /? 察看參數支持列表
9. 內置程式內部檢測除錯日誌產生功能
10. 增加消息提示抑制功能,可以通過設置選項抑制某些提示訊息
11. 修正一些BUG
12. 其他數十項改進


軟件下載:http://www.KZTechs.com/sreng/sreng2.zip
發行說明:http://www.kztechs.com/sreng/ReleaseNotes2.htm
線上手冊:http://www.kztechs.com/sreng/help2/


引用:
關於著色功能的說明:
雖然這部分在幫助裡面寫了,但是這裡再說明一下:

System Repair Engineer (SREng) 2.0 RC2 版本加入了可疑文件判定規則,當發現一個文件具有可疑特徵時,會進入可疑文件判定過程。可疑文件判定過程的判定結果目前有兩種:高危程式和未知安全等級程式。
高危程式:會以紅色顯示出來
未知安全等級程式:會以藍色顯示出來

驅動部分出現藍色是很正常的,不必介意。

* 如果碰到紅色專案,建議的操作先禁用,然後將對應的文件提交反病毒軟件廠商進行分析識別,確定是不是電腦病毒或惡意程式。
* 如果是藍色專案,建議的操作是將對應的文件提交反病毒軟件廠商進行分析識別,確定是不是電腦病毒或惡意程式。
* 該判定規則首先在註冊表啟動項、Win32服務、驅動程式裡面使用。

ENglish的操作系統 SREng如何顯示成CHS界面 選項裡頭預定語言就是CHS 但是顯示的界面還是EN的

我用AppLocale轉,繁體中文系統顯簡體沒問題,不用AppLocale顯示英文.

psac 2006-06-18 04:52 PM

Q:
每打開個程式就彈出個DOS視窗

今天剛開機,就彈出幾個DOS視窗

標題為C:\windows\internet.exe

一看到這個標題我就知道是中毒了,因為XP系統是沒有這個程式的

果然,在系統目錄下發現了這個文件,同時打開任何程式都會彈出一個DOS視窗

進入安全模式,刪除internet.exe,提示無法刪除.另外有程式在使用.

接著我就在安全模式下用瑞星,木馬剋星,木馬防線掃瞄了一次

都無法清除這個病毒

在此請教各位高手,有什麼辦法可以刪除這個病毒?




A:
你試過在安全模式下刪除這個文件嗎?



Q:


有啊
不過提示說有另外的程式在使用
無發刪除



A:



請使用此貼的附件工具SYSTEM REPAIR ENGINEER軟件,解壓後執行使用裡面的智慧式掃瞄功能掃瞄系統,再將掃瞄結果以回復內容的形式貼上來以便分析問題。請不要在對分析結果作出建議前進行任何修復操作。


Q:
System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><rem "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<anvshell><rem anvshell.exe> []
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<C-Media Mixer><Mixer.exe /startup> [C-Media Electronic Inc. (www.cmedia.com.tw)]
<IMSCMig><rem C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<DAEMON Tools><rem "c:\DAEMON Tools\daemon.exe" -lang 1033> []
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> []
<MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<PigUpdate><; C:\Program Files\密码查看器\DownLoadPig.exe> []
<StormCodec_Helper><; "C:\Storm Codec\StormSet.exe" /S /opti> []
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]

==================================
启动文件夹
服务
[Security Driver NetBT Proxy / nbproxy]
<C:\Permeo\Security Driver\nbproxy.exe /service><Permeo Technologies, Inc.>
[Rising Proxy Service / RfwProxySrv]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SecuROM User Access Service (V7) / UserAccess7]
<C:\WINDOWS\system32\UAService7.exe><N/A>

==================================
浏览器加载项
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, >
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\KuGoo3\KuGoo3DownXControl.ocx, N/A>
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <D:\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[MonitorURL Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[TeachingPlayerTrigger Class]
{2902F471-A89E-4BE0-A093-A2DB06772FE1} <C:\WINDOWS\system32\TPTrigger.dll, 江苏科建教育软件有限责任公司>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[IEHandle Class]
{31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\WINDOWS\system32\TPHANDLE.dll, 江苏科建教育软件有限责任公司>
[Yahoo!Photo]
{33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.>
[NaviHelperObj Class]
{3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINDOWS\system32\NaviHelper.dll, TODO: <公司名>>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Yahoo!Live]
{57421194-58FB-49AE-9B4F-FD48869B9AD4} <C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll, >
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, >
[MMSAssist BHO]
{6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\KuGoo3\KuGoo3DownXControl.ocx, N/A>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Messenger Object]
{B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[OWSClientMiscApis Class]
{BDEADE3F-C265-11D0-BCED-00A0C90AB50F} <C:\MICROS~1\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
[OWSBrowserUI Class]
{BDEADE43-C265-11D0-BCED-00A0C90AB50F} <C:\MICROS~1\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
[OWSDiscussionServers Class]
{BDEADEB7-C265-11D0-BCED-00A0C90AB50F} <C:\MICROS~1\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo!>
[&使用迅雷下载]
<C:\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Thunder\getallurl.htm, N/A>
[上传到QQ网络硬盘]
<E:\qq\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
<D:\KuGoo3\KuGoo3DownX.htm, N/A>
[添加到QQ自定义面板]
<E:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<E:\qq\SendMMS.htm, N/A>
[百度--MP3搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM, N/A>
[百度--图片搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM, N/A>
[百度--新闻搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM, N/A>
[百度--歌词搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM, N/A>
[百度--网页搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM, N/A>
[百度--词典搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM, N/A>
[百度--贴吧搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM, N/A>

==================================
正在运行的进程
[PID: 716][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 800][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 824][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 872][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 884][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1036][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1116][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0>
[PID: 1200][C:\Program Files\Rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1220][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0>
[PID: 1256][C:\Permeo\Security Driver\nbproxy.exe] <Permeo Technologies, Inc.><1.0>
[PID: 1308][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1424][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1440][C:\Program Files\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 22>
[C:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[C:\Program Files\Rising\Rav\HOOKSYS.dll] <Rising><18, 1, 0, 9>
[C:\Program Files\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
[C:\Program Files\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\Program Files\Rising\Rav\HookWeb.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[C:\Program Files\Rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[C:\Program Files\Rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\Rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6>
[C:\Program Files\Rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
[C:\Program Files\Rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[C:\Program Files\Rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\Rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\Rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 15>
[C:\Program Files\Rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\Program Files\Rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\Program Files\Rising\Rav\ScanNet.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\Rising\Rav\ExtMail.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\Program Files\Rising\Rav\ScanElf.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1540][c:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 32>
[c:\program files\rising\rfw\RfwRule.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
[c:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
[c:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
[c:\program files\rising\rfw\MonDrv.dll] <rs><1, 0, 0, 4>
[c:\program files\rising\rfw\ProcLib.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[PID: 1696][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0>
[PID: 1788][C:\Program Files\Rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 332][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] <Microsoft Corporation><7.00.9466>
[PID: 356][C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe] <Microsoft Corporation><8.00.194>
[C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0>
[PID: 444][C:\WINDOWS\system32\UAService7.exe] <N/A><N/A>
[PID: 1068][C:\Program Files\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[PID: 1172][C:\WINDOWS\Mixer.exe] <C-Media Electronic Inc. (www.cmedia.com.tw)><1.51>
[C:\WINDOWS\System32\cmnprop.dll] <C-Media Corporation><5.00.2195.11>
[PID: 1356][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2316][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1364][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2024][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 428][C:\WINDOWS\explorer.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[C:\PROGRA~1\baidu\bar\baidubar.dll] <Baidu.com, Inc.><2, 0, 2, 76>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll] <N/A><1, 0, 1, 1014>
[C:\WINDOWS\system32\CmdLineExt.dll] <><1, 0, 0, 1>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll] <Yahoo! China><1, 1, 2, 1034>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll] <Yahoo!><2, 1, 5, 1045>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] <><1, 2, 7, 1006>
[D:\KuGoo3\KuGoo3DownXControl.ocx] <N/A><N/A>
[PID: 2820][C:\WINDOWS\system32\mmc.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 3112][D:\Program Files\Maxthon\Maxthon.exe] <Maxthon International Ltd.><1, 5, 3, 18>
[D:\Program Files\Maxthon\maxzlib.dll] < ><1, 0, 0, 2>
[C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0>
[D:\Program Files\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1924][D:\IPMsg\ipmsg.exe] <Azhi.net><2.05>
[C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0>
[PID: 1876][C:\Documents and Settings\ch\桌面\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE Error. [C:\WINDOWS\system32\Rundll.exe "%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. [Compiled Help Module]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================


A:
<PigUpdate><; C:\Program Files\密碼檢視器\DownLoadPig.exe> []
似乎是網路豬,建議刪除它的開機啟動


用SRENG軟件的修復功能,修復EXE文件關聯。然後刪除C:\WINDOWS\system32\Rundll.exe和internet.exe(可以用置頂的killbox工具)。建議你按修改/創建時間尋找硬碟上其他和這個Rundll.exe相同時間的EXE文件.

psac 2006-06-18 04:57 PM

Q:
上網總是出現彈出視窗

System Repair Engineer (常用推薦)
說明:
System Repair Engineer(SREng) 是一款全新的、強有力的、可擴充的用於調整和修復你系統的免費工具,在這個工具的幫助下,你可以察覺你的系統故障並能夠很容易的修復他們。本工具的前身是 RegFix 註冊表關鍵值修復工具,由於 RegFix 註冊表關鍵值修復工具的局限性和當前系統環境的複雜性,我重新設計了一個新的軟件,即 System Repair Engineer (SREng) 。
下載:
SREng.exe
http://www.kztechs.com/sreng/sreng2.zip


2006-06-17,20:49:15

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<KAVPersonal50><C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize> [Kaspersky Lab]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<BigDogPath><C:\WINDOWS\VM_STI.EXE FAMETECH USB PC CAMERA> []
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,,"C:\Program Files\HFEE\SVOHOST.EXE" un userinit.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]

==================================
啟動資料夾
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Adobe Gamma Loader.lnk><N>
[VPN Client]
<C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\VPN Client.lnk><N>

==================================
服務
[Cisco Systems, Inc. VPN Service / CVPND]
<"C:\Program Files\UTStarcom\VPN Client\cvpnd.exe"><Cisco Systems, Inc.>
[kavsvc / kavsvc]
<C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe><Kaspersky Lab>

==================================
瀏覽器載入項
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v8.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IEHandle Class]
{31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\PROGRA~1\COLLEG~1\TEACHI~1\tphandle.dll, 江蘇科建教育軟件有限責任公司>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\音樂\kugoo霏凡專用\KuGoo3DownXControl.ocx, N/A>
[浩方對戰平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <F:\Backup\軟件\浩方\GameClient.exe, 上海浩方線上訊息技術有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Dr.eye WebPage Translation]
{92B255FE-94E2-4BCA-958D-3926CE38913F} <C:\PROGRA~1\Inventec\Dreye\DreyeMT\DREYEI~1.DLL, >
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v8.dll, Thunder Networking Technologies,LTD>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[EWA Control]
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\COMMON~1\Synacast\SynaLive\SYNACA~1.OCX, Synacast>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[IEHandle Class]
{31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\PROGRA~1\COLLEG~1\TEACHI~1\tphandle.dll, 江蘇科建教育軟件有限責任公司>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[XML Data Source Object]
{550DDA30-0541-11D2-9CA9-0060B0EC3D39} <%SystemRoot%\system32\msxml3.dll, N/A>
[PowerPlayer Control]
{5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\DOCUME~1\mao\APPLIC~1\ppStream\100~1.138\POWERP~1.DLL, PPStream Inc.>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>[List Control]
{70CACCCA-8B83-4BCB-B2D1-188E9A495527} <C:\PROGRA~1\COMMON~1\Synacast\SynaLive\SYNACA~2.OCX, >
[Microsoft Web 瀏覽器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[WebPlayer Control]
{90203FFD-EF7F-4059-BC56-369E4D6D3824} <C:\PROGRA~1\VerySee\WEBPLA~1.OCX, TODO: <公司名>>
[Dr.eye WebPage Translation]
{92B255FE-94E2-4BCA-958D-3926CE38913F} <C:\PROGRA~1\Inventec\Dreye\DreyeMT\DREYEI~1.DLL, >
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\音樂\kugoo霏凡專用\KuGoo3DownXControl.ocx, N/A>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Adobe Acrobat Control for ActiveX]
{CA8A9780-280D-11CF-A24D-444553540000} <C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\pdf.ocx, Adobe Systems Incorporated>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[&使用迅雷下載]
<C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下載全部鏈接]
<C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[匯出到 Microsoft Excel(&x)]
<res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>

==================================
正在執行的工作行程
[PID: 700][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 784][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 808][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 852][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1>
[PID: 864][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1020][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1096][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1>
[PID: 1212][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1>
[PID: 1260][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1304][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1628][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[F:\Backup\軟件\NERO\Nero7.2.0.3b\NeroDigitalExt.dll] <Nero AG><2, 0, 0, 8>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.156.342>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.156.3>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.0.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.156.0>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.156.1>
[C:\WINDOWS\system32\xunleibho_v8.dll] <Thunder Networking Technologies,LTD><4, 5, 1, 33>
[C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><6.0.0.2003051500>
[D:\音樂\kugoo霏凡專用\KuGoo3DownXControl.ocx] <N/A><N/A>
[PID: 1696][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1876][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3208>
[PID: 1884][C:\WINDOWS\VM_STI.EXE] <VM.><4.2.610.4>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\WINDOWS\system32\VM31bPrp.Ax] <VM><4.2.711.31>
[PID: 1924][C:\Program Files\Messenger\msmsgs.exe] <Microsoft Corporation><4.7.3001>
[C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1>
[PID: 468][C:\Program Files\UTStarcom\VPN Client\cvpnd.exe] <Cisco Systems, Inc.><4.6.04.0043>
[C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\vsdata.dll] <Zone Labs LLC><5.5.062.011>
[C:\WINDOWS\system32\VSINIT.dll] <Zone Labs LLC><5.5.062.011>
[PID: 1392][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1400][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1404][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1>
[PID: 4068][C:\Program Files\InterVideo\WinDVR3\WinDvr.exe] <InterVideo Inc.><3.0.79.81>
[C:\Program Files\InterVideo\WinDVR3\LibACI.dll] <InterVideo Inc.><3.0.79.81>
[C:\Program Files\InterVideo\WinDVR3\ExtendedOEMDll.dll] <N/A><N/A>
[C:\Program Files\InterVideo\WinDVR3\RCENU.dll] <InterVideo Inc.><1.0 Beta1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\WINDOWS\system32\Prop7134.dll] <Philips Semiconductors><1, 4, 0, 0>
[C:\WINDOWS\system32\DVobSub.ax] <Gabest><1, 0, 0, 9>
[C:\Program Files\InterVideo\WinDVR3\IVIscapt.ax] <InterVideo Inc.><3.0.79.81>
[PID: 2256][F:\Backup\軟件\OICQ\騰訊QQ\QQ.exe] <TENCENT><0, 0, 0, 0>
[F:\Backup\軟件\OICQ\騰訊QQ\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\QQHelperDll.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\BasicCtrlDll.dll] <Tencent><5, 0, 200, 14>
[F:\Backup\軟件\OICQ\騰訊QQ\RunJin.dll] <飄雲 http://www.pyqq.cn><飄雲>
[F:\Backup\軟件\OICQ\騰訊QQ\ipsearcher.dll] <><1.0.0.3>
[F:\Backup\軟件\OICQ\騰訊QQ\QQAPI.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[F:\Backup\軟件\OICQ\騰訊QQ\LoginCtrl.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\npkcntc.dll] <INCA Internet Co., Ltd.><2005, 9, 1, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\QQRes.dll] <tencent><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\QQMainFrame.dll] <N/A><N/A>
[F:\Backup\軟件\OICQ\騰訊QQ\CQQApplication.dll] <N/A><N/A>
[C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\NewSkin.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\HostingMgr.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\CameraDll.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\MailSummary.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[F:\Backup\軟件\OICQ\騰訊QQ\QQGroupMng.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\QQSysMsgMng.dll] <N/A><N/A>
[F:\Backup\軟件\OICQ\騰訊QQ\LongConnection.dll] <tencent><0, 3, 3, 8>
[F:\Backup\軟件\OICQ\騰訊QQ\QQPlugin.dll] <N/A><N/A>
[F:\Backup\軟件\OICQ\騰訊QQ\QQAllInOne.dll] <N/A><N/A>
[F:\Backup\軟件\OICQ\騰訊QQ\SCCore.dll] <N/A><N/A>
[F:\Backup\軟件\OICQ\騰訊QQ\QQCustomFace.dll] <N/A><N/A>
[F:\Backup\軟件\OICQ\騰訊QQ\GroupConnection.dll] <Tencent><0, 3, 3, 5>
[F:\Backup\軟件\OICQ\騰訊QQ\QQConfigPlugin.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\QRingMng.dll] <N/A><N/A>
[F:\Backup\軟件\OICQ\騰訊QQ\UserDefinedHead.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\QQPet.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\QQAvatar.dll] <N/A><N/A>
[F:\Backup\軟件\OICQ\騰訊QQ\FlashAvatarDll.dll] <><1, 4, 0, 1>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[F:\Backup\軟件\OICQ\騰訊QQ\QQSceneMng.dll] <N/A><N/A>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清華紫光軟件股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\upengine.dll] <北京清華紫光軟件股份有限公司><3.0.0.3045>
[F:\Backup\軟件\OICQ\騰訊QQ\CommercesMng.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\PersonalDesktop.dll] <深圳市騰訊電腦系統公司QQ工作小組><1, 0, 0, 2>
[F:\Backup\軟件\OICQ\騰訊QQ\QQAddr.dll] <深圳市騰訊電腦系統有限公司><5, 0, 101, 141>
[F:\Backup\軟件\OICQ\騰訊QQ\ShareFiles.dll] <N/A><N/A>
[F:\Backup\軟件\OICQ\騰訊QQ\QQZip.dll] <tencent><0, 3, 2, 4>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.156.342>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.156.3>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.0.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.156.0>
[F:\Backup\軟件\OICQ\騰訊QQ\QQPhoneHelper.dll] <騰訊科技(深圳)有限公司><2, 0, 4, 40>
[PID: 1456][F:\Backup\軟件\OICQ\騰訊QQ\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[F:\Backup\軟件\OICQ\騰訊QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 3676][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\xunleibho_v8.dll] <Thunder Networking Technologies,LTD><4, 5, 1, 33>
[C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><6.0.0.2003051500>
[C:\PROGRA~1\COLLEG~1\TEACHI~1\tphandle.dll] <江蘇科建教育軟件有限責任公司><5, 0, 10, 10>
[D:\音樂\kugoo霏凡專用\KuGoo3DownXControl.ocx] <N/A><N/A>
[F:\Backup\軟件\NERO\Nero7.2.0.3b\NeroDigitalExt.dll] <Nero AG><2, 0, 0, 8>
[C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.156.342>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.156.3>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.0.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.156.0>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清華紫光軟件股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\upengine.dll] <北京清華紫光軟件股份有限公司><3.0.0.3045>
[PID: 1324][C:\Documents and Settings\mao\桌面\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================


A:
killbox v2.0.0.175 漢化版 (推薦)
說明:國外反病毒論壇很受歡迎的工具軟件,與 HijackThis 是最佳配合,實質是一個刪除任意文件的利器,它不管這個文件是EXE還是DLL等其它文件,也不管這個文件是正在執行中,還是被系統調用了,KillBox 都可以簡單幾步就將文件刪除
具體用法:http://www.47522999.com/news/data/2005/0618/article_34.htm
下載:http://www.crsky.com/soft/4640.html



请用置顶的KILLBOX工具删除这个文件 C:\WINDOWS\system32\msplus.dll

Q:
刪除msplus.dll後,就沒法打開網頁了啊!拷貝回去後,濤聲依舊


A:


到置頂的工具帖中下載lspfix

Lspfix (新手慎用)
說明:Winsock2修復工具,修復Layered Service Provider(LSP)。
下載:http://www.cexx.org/lspfix.exe
下載網頁面:http://www.cexx.org/lspfix.htm

執行前面下載的LSPFix.exe工具,選中選項「I Know What I'm Doing」,然後把左面視窗裡的msplus.dll文件移到右面視窗裡(不要動其他文件),然後選「Finish」。

然後再刪除它

psac 2006-06-19 09:16 PM

Q:
【求助】網路能PING通網關,但IE卻提示「打不開搜索而」??

系統中了病毒及廣告流氓軟件,連「我的電腦都打不開」,更不說IE了。經殺毒,可以打開「我的電腦」,但IE還是打不開網頁,提示「打不開搜索頁」,但網上的芳鄰能打開,網關也能PING通,用IE修復工具修復後也不行,請問該怎麼辦?請高手指教,謝謝!不想重裝系統。



A:


請到 這裡 下載 System Repair Engineer 。
解壓後雙擊sreng,點擊「智慧式掃瞄」——掃瞄——儲存報告——用記事本打開日誌文件SREngLOG.log,將內容複製貼上去上來。



Q:
現在問題是,網觀能ping通,局域網也通,就ie打不開,不知從何下手?



A:
可能是 winsock LSP 出現問題了

請把HijackThis或 System Repair Engineer的掃瞄報告發上來,以便分析是否適合用 Winsock XP Fix 來解決



Q:
分析報告發出來,請幫忙分析下,謝謝。
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><"\Program Files\Logonui\Logonui.exe"> [Microsoft Corporation]這個有沒有問題?殺毒軟件報告可能染病毒。請你看看。




2006-06-19,18:07:29

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE> [Eset ]
<stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe> [Tencent]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\Windows\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><"\Program Files\Logonui\Logonui.exe"> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AA6CCC90-B337-49FA-AF09-7A60B0CA1CAA}><> []
<{9E4B0A97-8E3B-4145-8127-4F5EBED58E5C}><> []
<{DE7BE181-4BB8-4520-B4AB-504BEAC008AA}><> []
<{213E78BD-8353-4D47-876B-E99D9C76CD66}><> []
<{3FA1CDC8-EDA0-4D7C-931E-F1CC67206C3C}><> []
<{F0248891-45C1-4559-8519-DFB07376F8D2}><> []
<{DEB835A8-4CCE-41FF-A104-53DAB57FF2A7}><> []
<{ACD330F3-E137-44F2-91CC-4BE2D0541A4E}><> []
<{11F9D051-5E27-428D-B760-0D94A653332C}><> []
<{15ADA3A1-E73E-4158-8ECB-7D73DF17681E}><> []
<{8002CC5A-DF35-4042-8EE3-C153991C1E49}><> []
<{ED241B5E-255F-4585-A8A6-F5EB691D9B6A}><> []
<{E6B069D6-7297-43EF-B87D-6B1368DBA66F}><> []
<{1DFCDD59-98C4-4E38-9DBA-64BCF4AD2632}><> []
<{C3CFB233-AE1F-4B5A-8C74-53922D111F3C}><> []
<{21153FB4-9C60-42A9-AD66-1BF3EE4A3F58}><> []
<{1909E461-7266-4201-8855-022294B7D164}><> []
<{0153E0FE-CEB7-4E69-8836-58B60F9D7F01}><> []
<{2361E63A-D1E9-4318-B50E-475AEDBA864C}><> []
<{F039B81A-AEE3-4F0A-A55D-293FFF34404F}><> []
<{53D56214-6FCD-4ED5-AF90-A9C8E0508666}><> []
<{0BC3BDDF-A4C0-4805-B16D-BD1822071631}><> []
<{54D9498B-CF93-414F-8984-8CE7FDE0D391}><C:\Program Files\ewido anti-malware\shellhook.dll> []
<{966261B0-3618-4B88-BAE1-B3086D634EB5}><> []
<{898EE642-7959-4F66-B589-B25248768EF7}><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<stdup><> []
<Vision><> []

==================================
啟動資料夾
服務
[Computer Storage / BRGNS]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[ewido security suite control / ewido security suite control]
<C:\Program Files\ewido anti-malware\ewidoctrl.exe><ewido networks>
[ewido security suite guard / ewido security suite guard]
<C:\Program Files\ewido anti-malware\ewidoguard.exe><ewido networks>
[NOD32 Kernel Service / NOD32krn]
<"C:\Program Files\Eset\nod32krn.exe"><Eset>
[Sample NT Service / SampleService]
<C:\WINDOWS\NTService.exe><N/A>

==================================
瀏覽器載入項
[新浪UC]
{2253922F-1B26-4C74-8B57-E3AEE748DBB8} <C:\Program Files\sina\UC\uc.exe, 北京新浪訊息技術有限公司>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <F:\F盤剩餘內容\新增資料夾\QQ.EXE, TENCENT>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Flash.ocx, Macromedia, Inc.>
[&使用迅雷下載全部鏈接]
<C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://c:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在執行的工作行程
[PID: 460][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 508][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 532][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 576][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 588][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 736][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 780][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 864][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 928][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1016][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1256][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1628][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\TENCENT\Adplus\Adplus.dll] <Tencent><4, 0, 8, 80>
[C:\Program Files\ewido anti-malware\shellhook.dll] <N/A><N/A>
[PID: 1740][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.30>
[PID: 1756][C:\Program Files\Eset\nod32kui.exe] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\nod32rui.dll] <N/A><N/A>
[C:\Program Files\TENCENT\Adplus\Adplus.dll] <Tencent><4, 0, 8, 80>
[C:\Program Files\Eset\pu_amon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_amon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pu_dmon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_dmon.dll] <N/A><N/A>
[C:\Program Files\Eset\pu_emon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_emon.dll] <N/A><N/A>
[C:\Program Files\Eset\pu_imon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[C:\Program Files\Eset\pu_mirr.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_mirr.dll] <N/A><N/A>
[C:\Program Files\Eset\pu_nod32.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_nod32.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pu_upd.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_upd.dll] <N/A><N/A>
[PID: 1776][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1840][C:\Documents and Settings\wk1\桌面\SREng2-v2.021\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\Program Files\TENCENT\Adplus\Adplus.dll] <Tencent><4, 0, 8, 80>
[PID: 424][C:\Program Files\ewido anti-malware\ewidoctrl.exe] <ewido networks><3, 0, 0, 1>
[C:\Program Files\ewido anti-malware\lang.dll] <privat><1, 0, 0, 1>
[PID: 744][C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe] <Microsoft Corporation><2000.080.0194.00>
[PID: 1144][C:\Program Files\Eset\nod32krn.exe] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\nod32krr.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\ps_amon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_amon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\ps_dmon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_dmon.dll] <N/A><N/A>
[C:\Program Files\Eset\ps_emon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_emon.dll] <N/A><N/A>
[C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[C:\Program Files\Eset\ps_mirr.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_mirr.dll] <N/A><N/A>
[C:\Program Files\Eset\ps_nod32.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_nod32.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\ps_upd.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_upd.dll] <N/A><N/A>
[PID: 1380][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>

==================================
文件關聯
.TXT Error. [NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================




A:


卸載騰訊地址欄搜索



再次執行 System Repair Engineer 在「啟動專案」->「註冊表」中刪除下面專案


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AA6CCC90-B337-49FA-AF09-7A60B0CA1CAA}><> []
<{9E4B0A97-8E3B-4145-8127-4F5EBED58E5C}><> []
<{DE7BE181-4BB8-4520-B4AB-504BEAC008AA}><> []
<{213E78BD-8353-4D47-876B-E99D9C76CD66}><> []
<{3FA1CDC8-EDA0-4D7C-931E-F1CC67206C3C}><> []
<{F0248891-45C1-4559-8519-DFB07376F8D2}><> []
<{DEB835A8-4CCE-41FF-A104-53DAB57FF2A7}><> []
<{ACD330F3-E137-44F2-91CC-4BE2D0541A4E}><> []
<{11F9D051-5E27-428D-B760-0D94A653332C}><> []
<{15ADA3A1-E73E-4158-8ECB-7D73DF17681E}><> []
<{8002CC5A-DF35-4042-8EE3-C153991C1E49}><> []
<{ED241B5E-255F-4585-A8A6-F5EB691D9B6A}><> []
<{E6B069D6-7297-43EF-B87D-6B1368DBA66F}><> []
<{1DFCDD59-98C4-4E38-9DBA-64BCF4AD2632}><> []
<{C3CFB233-AE1F-4B5A-8C74-53922D111F3C}><> []
<{21153FB4-9C60-42A9-AD66-1BF3EE4A3F58}><> []
<{1909E461-7266-4201-8855-022294B7D164}><> []
<{0153E0FE-CEB7-4E69-8836-58B60F9D7F01}><> []
<{2361E63A-D1E9-4318-B50E-475AEDBA864C}><> []
<{F039B81A-AEE3-4F0A-A55D-293FFF34404F}><> []
<{53D56214-6FCD-4ED5-AF90-A9C8E0508666}><> []
<{0BC3BDDF-A4C0-4805-B16D-BD1822071631}><> []
<{966261B0-3618-4B88-BAE1-B3086D634EB5}><> []
<{898EE642-7959-4F66-B589-B25248768EF7}><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<stdup><> []
<Vision><> []


執行 System Repair Engineer 在「啟動專案」->「服務」 中刪除下面專案

[Computer Storage / BRGNS]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[Sample NT Service / SampleService]
<C:\WINDOWS\NTService.exe><N/A>


刪除下面文件
C:\WINDOWS\NTService.exe
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL



工作行程文件: logonui 或者 logonui.exe

工作行程名稱: Microsoft Logon User Interface

工作行程名稱: logonui.exe是一個系統工作行程,用於顯示微軟Windows XP系統用戶切換界面。這個程式對你系統的正常執行是非常重要的。



出品者: Microsoft
屬於: Microsoft Windows Operating System

系統工作行程: 是
後台程式: 是
使用網路: 否
硬體相關: 否
常見錯誤: 未知N/A
記憶體使用: 未知N/A
安全等級 (0-5): 0
間諜軟件: 否
廣告軟件: 否
Virus: 否
木馬: 否


你是不是安裝了開機畫面美化工具?

psac 2006-06-19 11:29 PM

Q:

【求助】新裝系統卡巴報警msplus1.dll可疑文件,無法刪除!

昨天剛剛用TomatoWinXP_SP2_v2.7_SATA安裝系統後,卡巴發現以下情況,

---警告: 發現木馬可疑模塊!---
C:\WINDOWS\system32\msplus1.dll

二次安裝系統後,仍然有該病毒報警,懷疑是否操作系統鏡像帶有此病毒。

刪除該病毒後重啟依然發現並報警.

用ewido4.0,繼續掃瞄發現病毒TrackingCookie.Atdmt.

刪除重啟後掃瞄依然存在.

連接網路情況下,IE自動彈出彩虹堂網頁,尋求幫助!Thx!


按照版主在其他帖子中的要求,用System Repair Engineer 2.0.21.505 (2.0 RC 2)工具掃瞄系統

結果如下:

2006-06-19,18:42:48

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KAVPersonal50><"D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize> [Kaspersky Lab]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><D:\應用軟件\病毒防治\ewido anti-malware 4.0\shellexecutehook.dll> [ewido networks GmbH & Co. KG]

==================================
啟動資料夾
服務
[ewido anti-malware 4.0 guard / ewido anti-malware 4.0 guard]
<D:\應用軟件\病毒防治\ewido anti-malware 4.0\guard.exe><N/A>
[kavsvc / kavsvc]
<"D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"><Kaspersky Lab>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[O&O Defrag / O&O Defrag]
<D:\應用軟件\磁碟優化\Defrag_Server_Edition_8.0.1398\oodag.exe><O&O Software GmbH>

==================================
瀏覽器載入項
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\應用軟件\聊天工具\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[番茄花園]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[訊息檢索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\應用軟件\辦公軟件\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\應用軟件\聊天工具\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\應用軟件\聊天工具\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 瀏覽器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx, Adobe Systems, Inc.>
[使用迅雷下載]
<D:\應用軟件\中斷點續傳\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下載全部鏈接]
<D:\應用軟件\中斷點續傳\Thunder\Program\GetAllUrl.htm, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://D:\應用軟件\辦公軟件\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[新增到QQ表情]
<D:\應用軟件\聊天工具\QQ\AddEmotion.htm, N/A>

==================================
正在執行的工作行程
[PID: 688][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 748][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 772][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 820][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 832][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 980][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1040][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[PID: 1080][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[PID: 1128][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1200][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1356][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1668][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[D:\應用軟件\壓縮解壓\WinRAR\rarext.dll] <N/A><N/A>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\shellex.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\ewido anti-malware 4.0\context.dll] <ewido networks><1.0.0.1>
[C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.8421>
[C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.8421>
[C:\WINDOWS\system32\nvshell.dll] <N/A><N/A>
[D:\應用軟件\病毒防治\ewido anti-malware 4.0\shellexecutehook.dll] <ewido networks GmbH & Co. KG><1.0.0.1>
[PID: 1736][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.8421>
[PID: 1760][D:\應用軟件\磁碟優化\Defrag_Server_Edition_8.0.1398\oodag.exe] <O&O Software GmbH><8.0.1398>
[D:\應用軟件\磁碟優化\Defrag_Server_Edition_8.0.1398\OODAGRS.DLL] <O&O Software GmbH><8.0.1.1347>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[PID: 440][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[PID: 972][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1248][C:\Program Files\ChinaNet\VnetClient.exe] <><2005, 11, 14, 1>
[C:\Program Files\ChinaNet\Communicate.dll] <0><2005, 3, 3, 1>
[C:\Program Files\ChinaNet\DialModule.dll] <GDCN><2005, 11, 15, 1>
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1>
[C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX] <><2005, 7, 27, 1>
[C:\PROGRA~1\ChinaNet\sign.dll] <0><2004, 12, 1, 1>
[C:\PROGRA~1\ChinaNet\WEBPLU~1.DLL] <><2005, 8, 18, 1>
[C:\PROGRA~1\ChinaNet\PostPlug.dll] <><2004, 12, 16, 2>
[C:\PROGRA~1\ChinaNet\ADVERT~1.OCX] <><2005, 10, 13, 1>
[C:\PROGRA~1\ChinaNet\Gif89a.dll] <><2005, 6, 21, 1>
[C:\PROGRA~1\ChinaNet\VnetBs.ocx] <><2004, 11, 18, 1>
[C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL] <><2005, 11, 14, 1>
[C:\PROGRA~1\ChinaNet\AccountMgr.dll] <><2005, 11, 14, 17>
[C:\PROGRA~1\ChinaNet\VnetSkin.ocx] <GDDC><2005, 11, 14, 1>
[C:\PROGRA~1\ChinaNet\DialogStyle.dll] <><1, 0, 0, 1>
[C:\PROGRA~1\ChinaNet\Timer.ocx] <><2005, 10, 9, 14>
[C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX] <><2005, 2, 24, 1>
[C:\PROGRA~1\ChinaNet\NEWMES~1.DLL] <><2005, 8, 26, 1>
[C:\PROGRA~1\ChinaNet\PassCtrl.dll] <><1, 0, 0, 1>
[C:\PROGRA~1\ChinaNet\PlugPush.dll] <><2004, 12, 21, 1>
[C:\PROGRA~1\ChinaNet\ALLINT~1.DLL] <><2004, 11, 23, 1>
[C:\PROGRA~1\ChinaNet\VNetLog.ocx] <><2005, 10, 9, 1>
[C:\PROGRA~1\ChinaNet\StatNum.dll] <><2004, 11, 18, 1>
[C:\PROGRA~1\ChinaNet\VNETON~1.OCX] <><2005, 3, 2, 1>
[C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL] <GDCN><2005, 10, 9, 1>
[C:\PROGRA~1\ChinaNet\VnetOptLog.dll] <><2005, 9, 13, 9>
[C:\PROGRA~1\ChinaNet\DlgSkin.ocx] <><2005, 11, 14, 1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx] <Adobe Systems, Inc.><9,0,0,296>
[PID: 3560][D:\應用軟件\BT下載軟件\eMule\emule.exe] <http://www.emule.org.cn><0.47.0>
[D:\應用軟件\BT下載軟件\eMule\VNNClientS.Dll] <VNN><3.0.22.1>
[D:\應用軟件\BT下載軟件\eMule\ZipLib.dll] <VNN><1.0.0.1>
[D:\應用軟件\BT下載軟件\eMule\vdevstate.dll] <N/A><N/A>
[D:\應用軟件\BT下載軟件\eMule\lang\zh_CN.dll] <http://www.emule-project.net><0.47.0>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx] <Adobe Systems, Inc.><9,0,0,296>
[PID: 472][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[c:\PROGRA~1\chinanet\VNETTR~1.DLL] <><2005, 4, 6, 1>
[c:\PROGRA~1\chinanet\Communicate.dll] <0><2005, 3, 3, 1>
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1>
[D:\應用軟件\聊天工具\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5>
[D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[C:\WINDOWS\system32\UNISPIM5.IME] <北京紫光華宇軟件股份有限公司><5.0.0.5076>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx] <Adobe Systems, Inc.><9,0,0,296>
[PID: 3428][D:\應用軟件\病毒防治\ewido anti-malware 4.0\ewido.exe] <ewido networks GmbH & Co. KG><4, 0, 0, 151>
[D:\應用軟件\病毒防治\ewido anti-malware 4.0\engine.dll] <ewido networks GmbH & Co. KG><4, 0, 0, 7>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[PID: 3340][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[c:\PROGRA~1\chinanet\VNETTR~1.DLL] <><2005, 4, 6, 1>
[c:\PROGRA~1\chinanet\Communicate.dll] <0><2005, 3, 3, 1>
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1>
[D:\應用軟件\聊天工具\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5>
[D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[PID: 3924][D:\應用軟件\病毒防治\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[D:\應用軟件\病毒防治\SREng2\Plugins\SREngPluginDemo.SRE] <Smallfrogs Studio><1, 1, 1, 0>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
緊急請求高人幫助,該病毒在重啟後或間隔幾小時後會再次出現。


A:
安全模式下刪除:C:\WINDOWS\system32\msplus.dll

如果找不到以上檔案,可以試試先作出以下設定
1. 重啟動電腦,按 F8 鍵,進入 安全模式
2. 在 我的電腦,點擊 工具--->資料夾選項
3. 點 檢視 選擇項,然後去掉 隱藏受保護的操作系統文件 前的勾,點選 顯示所有文件和資料夾 ,最後 確定




Q:

安全模式下刪除:C:WINDOWSsystem32msplus.dll

會導致IE不能使用,網路連接失效。

曾嘗試改msplus1.dll為msplus.dll,無效

安全模式下取消隱藏找不到該文件,過幾天自己又會出來的....



A:



請到使使用!病毒救援區版規--(附常用工具+查毒網站)中下載LSPFIX

執行LSPFix.exe,選中選項「I Know What I'm Doing」,然後把左面視窗裡的msplus.dll
文件移到右面視窗裡(不要動其他文件),然後選「Finish」。

重起電腦按F8進安全模式,在資料夾選項中,顯示隱藏文件和取消「隱藏受保護的操作系統文件」。然後找到c:\windows\system32\msplus.dll並刪除

psac 2006-06-22 05:19 PM

Q:..
中了特諾伊木馬`刪除不了`怎麼辦(已解決)


描述:病毒名稱
圖片:
http://img20.imageshack.us/img20/5429/641291743915e64e0b29ea32xu.jpg
2006-06-21,21:17:54

System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows XP Professional Service Pack 2 - 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<run><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<StormCodec_Helper><"E:\播放工具\暴風影音\Storm Codec1\StormSet.exe" /S /opti>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><KB496973M.LOG>

==================================
啟動資料夾
服務
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard]
<E:\系統工具\殺毒軟件\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.>
[GrayPigeonServer / GrayPigeonServer]
<C:\WINDOWS\G_Server2006.exe><N/A>
[Gray_Pigeon_Server2.03 / GrayPigeonServer2.03]
<C:\WINDOWS\G_Server2.03.exe><N/A>
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPodService / iPodService]
<C:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[itshow.com.cn / it.com.cn]
<C:\WINDOWS\Hacker.com.cn.exe><N/A>
[kavsvc / kavsvc]
<"E:\殺毒\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"><Kaspersky Lab>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[ver / Perver]
<C:\WINDOWS\sz.exe><N/A>
[UFSoft SMS Platform / U8SmsSrv]
<C:\WINDOWS\system32\U8SMSSrv.exe><N/A>
[U8管理軟件 / UFNet]
<C:\WINDOWS\system32\ServerNT.EXE><N/A>
[Network Management Center Task / W32Tasks]
<C:\WINDOWS\system32\taskman32.exe><N/A>
[Window Time / Window Time]
<C:\WINDOWS\svchost.exe><N/A>

==================================
瀏覽器載入項
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\kugoo\KuGoo\KuGoo3DownXControl.ocx, N/A>
[浩方對戰平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <F:\浩方\HF.Loader.v1.21-Ayu\HFGameOPT\GameClient.exe, 上海浩方線上訊息技術有限公司>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <F:\QQ\qq2006\QQ.EXE, N/A>
[東方衛士]
{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EF} <C:\PROGRA~1\DFVSIE~1\DFVSIEBR.dll, >
[VTPlug3 Class]
{0400AC1C-EEF0-4638-A501-31D5A0DC2002} <C:\WINDOWS\system32\gxd\VTrans3.dll, >
[PowerPlayer Control]
{5EC7C511-CD0F-42E6-830C-1BD9882F3458} <E:\PPStream\POWERP~1.DLL, PPStream Inc.>
[IMCv1 Control]
{6924091F-CD97-41E1-B1D4-D9079409D413} <C:\PROGRA~1\LtUcx\1003\c0.dll, N/A>
[Filetran Control]
{88734439-46D0-42C0-A13F-7E881EE550CF} <C:\PROGRA~1\Bluesky\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)>
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[IMCv1 Control]
{6924091F-CD97-41E1-B1D4-D9079409D413} <C:\PROGRA~1\LtUcx\1003\c0.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\MediaAddin03.dll, Thunder Networking Technologies,LTD>
[Microsoft Web 瀏覽器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[東方衛士]
{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EF} <C:\PROGRA~1\DFVSIE~1\DFVSIEBR.dll, >
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\kugoo\KuGoo\KuGoo3DownXControl.ocx, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[&使用迅雷下載全部鏈接]
<C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[使用網際快車下載]
<F:\FlashGet\jc_link.htm, N/A>
[使用網際快車下載全部鏈接]
<F:\FlashGet\jc_all.htm, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://E:\學習工具\office\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在執行的工作行程
[PID: 672][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 744][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 768][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 820][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 832][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 1000][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 1064][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 1148][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 1200][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 1276][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 1696][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 1964][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A>
[C:\WINDOWS\szKey.DLL] <N/A><N/A>
[C:\WINDOWS\svchostKey.DLL] <N/A><N/A>
[PID: 224][E:\系統工具\殺毒軟件\ewido anti-spyware 4.0\guard.exe] <Anti-Malware Development a.s.><4, 0, 0, 172>
[E:\系統工具\殺毒軟件\ewido anti-spyware 4.0\engine.dll] <Anti-Malware Development a.s.><4, 0, 0, 172>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 344][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A>
[C:\WINDOWS\svchostKey.DLL] <N/A><N/A>
[C:\WINDOWS\szKey.DLL] <N/A><N/A>
[PID: 436][C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe] <Microsoft Corporation><2000.080.0194.00>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 564][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.5216>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A>
[C:\WINDOWS\szKey.DLL] <N/A><N/A>
[C:\WINDOWS\svchostKey.DLL] <N/A><N/A>
[PID: 664][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[F:\kugoo\KuGoo\KuGoo3DownXControl.ocx] <N/A><N/A>
[C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A>
[C:\WINDOWS\sz.DLL] <N/A><N/A>
[C:\WINDOWS\szKey.DLL] <N/A><N/A>
[C:\WINDOWS\svchostKey.DLL] <N/A><N/A>
[PID: 704][C:\WINDOWS\system32\U8SMSSrv.exe] <N/A><N/A>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 1268][C:\WINDOWS\system32\ServerNT.EXE] <N/A><N/A>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[C:\WINDOWS\system32\UMiscell.dll] <北京用友軟件股份有限公司><1, 0, 0, 1>
[C:\WINDOWS\system32\sgv.dll] <><8, 2, 0, 0>
[C:\WINDOWS\system\Sense3.dll] <N/A><N/A>
[C:\WINDOWS\system32\SecuComm.dll] <N/A><N/A>
[PID: 1232][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 2380][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 2396][C:\WINDOWS\system32\wscntfy.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[C:\WINDOWS\svchostKey.DLL] <N/A><N/A>
[C:\WINDOWS\szKey.DLL] <N/A><N/A>
[C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A>
[PID: 2100][C:\WINDOWS\explorer.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[C:\WINDOWS\szKey.DLL] <N/A><N/A>
[C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A>
[E:\系統工具\殺毒軟件\ewido anti-spyware 4.0\shellexecutehook.dll] <Anti-Malware Development a.s.><4, 0, 0, 172>
[C:\WINDOWS\svchostKey.DLL] <N/A><N/A>
[F:\kugoo\KuGoo\KuGoo3DownXControl.ocx] <N/A><N/A>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[E:\Right Click Image Converter\extRCIC.dll] <N/A><N/A>
[E:\殺毒\Kaspersky Anti-Virus Personal Pro\shellex.dll] <Kaspersky Lab><5.0.388.1>
[E:\系統工具\殺毒軟件\ewido anti-spyware 4.0\context.dll] <Anti-Malware Development a.s.><4, 0, 0, 172>
[PID: 2556][F:\QQ\06\QQ.exe] <TENCENT><0, 0, 0, 0>
[F:\QQ\06\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[F:\QQ\06\QQHelperDll.dll] <><1, 0, 0, 1>
[F:\QQ\06\BasicCtrlDll.dll] <Tencent><5, 0, 200, 160>
[F:\QQ\06\PYKer.dll] <飄雲 http://www.pyqq.cn><飄雲>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[F:\QQ\06\ipsearcher.dll] <><1.0.0.3>
[C:\WINDOWS\szKey.DLL] <N/A><N/A>
[C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A>
[F:\QQ\06\QQAPI.dll] <><1, 0, 0, 1>
[F:\QQ\06\TIMProxy.dll] <tencent><0, 3, 2, 4>
[F:\QQ\06\LoginCtrl.dll] <><1, 0, 0, 1>
[F:\QQ\06\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 3, 2, 1>
[F:\QQ\06\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[F:\QQ\06\QQRes.dll] <tencent><1, 0, 0, 1>
[F:\QQ\06\QQMainFrame.dll] <N/A><N/A>
[F:\QQ\06\CQQApplication.dll] <N/A><N/A>
[F:\QQ\06\NewSkin.dll] <><1, 0, 0, 1>
[F:\QQ\06\HostingMgr.dll] <><1, 0, 0, 1>
[F:\QQ\06\CameraDll.dll] <><1, 0, 0, 1>
[F:\QQ\06\MailSummary.dll] <><1, 0, 0, 1>
[F:\QQ\06\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[F:\QQ\06\QQGroupMng.dll] <><1, 0, 0, 1>
[F:\QQ\06\GroupLive.dll] <N/A><N/A>
[F:\QQ\06\QQSysMsgMng.dll] <N/A><N/A>
[F:\QQ\06\UserDefinedHead.dll] <><1, 0, 0, 1>
[F:\QQ\06\QQPlugin.dll] <N/A><N/A>
[F:\QQ\06\QQConfigPlugin.dll] <><1, 0, 0, 1>
[F:\QQ\06\LongConnection.dll] <tencent><5, 0, 200, 160>
[F:\QQ\06\QRingMng.dll] <N/A><N/A>
[F:\QQ\06\PhoneAPI.dll] <><1, 0, 0, 1>
[F:\QQ\06\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[F:\QQ\06\QQAllInOne.dll] <N/A><N/A>
[F:\QQ\06\SCCore.dll] <N/A><N/A>
[F:\QQ\06\QQCustomFace.dll] <N/A><N/A>
[F:\QQ\06\QQPet.dll] <><1, 0, 0, 1>
[F:\QQ\06\QQAvatar.dll] <N/A><N/A>
[F:\QQ\06\FlashAvatarDll.dll] <><1, 4, 0, 1>
[C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx] <Macromedia, Inc.><8,0,24,0>
[F:\QQ\06\QQSceneMng.dll] <N/A><N/A>
[F:\QQ\06\VqqModule.dll] <><1, 0, 0, 1>
[F:\QQ\06\ImageOle.dll] <TODO: <Company name>><1.0.0.1>
[F:\QQ\06\QQMagicFace.dll] <><1, 0, 0, 1>
[F:\QQ\06\QQFileTransfer.dll] <Tencent><5, 0, 202, 180>
[E:\系統工具\殺毒軟件\ewido anti-spyware 4.0\shellexecutehook.dll] <Anti-Malware Development a.s.><4, 0, 0, 172>
[F:\QQ\06\CommercesMng.dll] <><1, 0, 0, 1>
[F:\QQ\06\PersonalDesktop.dll] <深圳市騰訊電腦系統公司QQ工作小組><1, 0, 0, 2>
[F:\QQ\06\QQAddr.dll] <深圳市騰訊電腦系統有限公司><5, 0, 101, 200>
[C:\WINDOWS\svchostKey.DLL] <N/A><N/A>
[F:\QQ\06\GroupConnection.dll] <Tencent><5, 0, 202, 170>
[F:\QQ\06\QQZip.dll] <tencent><0, 3, 2, 4>
[F:\QQ\06\QQPhoneHelper.dll] <騰訊科技(深圳)有限公司><2, 0, 4, 40>
[PID: 1916][F:\QQ\06\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[C:\WINDOWS\szKey.DLL] <N/A><N/A>
[C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A>
[F:\QQ\06\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 4040][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[C:\WINDOWS\svchostKey.DLL] <N/A><N/A>
[C:\WINDOWS\szKey.DLL] <N/A><N/A>
[C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A>
[PID: 420][C:\DOCUME~1\tony\LOCALS~1\Temp\Rar$EX00.719\SREng.exe] <Smallfrogs Studio><2.0.12.350>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[C:\WINDOWS\svchostKey.DLL] <N/A><N/A>
[C:\WINDOWS\szKey.DLL] <N/A><N/A>
[C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP Error. [winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================



A:


1. 使用SREng (相關操作說明)

-刪除以下的啟動項
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><KB496973M.LOG>

-刪除以下的服務
[GrayPigeonServer / GrayPigeonServer]
<C:\WINDOWS\G_Server2006.exe><N/A>
[Gray_Pigeon_Server2.03 / GrayPigeonServer2.03]
<C:\WINDOWS\G_Server2.03.exe><N/A>
[itshow.com.cn / it.com.cn]
<C:\WINDOWS\Hacker.com.cn.exe><N/A>
[ver / Perver]
<C:\WINDOWS\sz.exe><N/A>
[Network Management Center Task / W32Tasks]
<C:\WINDOWS\system32\taskman32.exe><N/A>
[Window Time / Window Time]
<C:\WINDOWS\svchost.exe><N/A>


2. 重新啟動電腦,之後刪除以下檔案 (看注1)
C:\WINDOWS\KB496973M.LOG
C:\WINDOWS\sz.exe
C:\WINDOWS\sz.DLL
C:\WINDOWS\szKey.DLL
C:\WINDOWS\G_Server2006.exe
C:\WINDOWS\G_Server2006.DLL
C:\WINDOWS\G_Server2006Key.DLL
C:\WINDOWS\svchost.exe
C:\WINDOWS\svchost.DLL
C:\WINDOWS\svchostKey.DLL

注1: 如果找不到以上檔案,先作出以下設定
a) 在 我的電腦 ,點擊 工具--->資料夾選項
b) 點 檢視 選擇項,然後去掉 隱藏受保護的操作系統文件 前的勾,點選 顯示所有文件和資料夾 ,最後 確定
or...
用軟件Unlocker(最好的頑固軟件刪除工具) v1.8.1 官方中文版,沒有刪除不了的文件。我一直用它



Q:

刪除以下的啟動項
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><KB496973M.LOG>

它說這個文件對系統很重要,不能夠刪除~只能夠編輯~那怎麼辦??謝謝了




A:

把AppInit_DLLs編輯一下,改做空白的.....
再重新啟動刪除相關檔案

psac 2006-06-28 05:26 AM

Q:
一个嫌疑分子,注册表项目不能删除?
http://img444.imageshack.us/img444/9251/6427075f8251a3b0860ba2he.jpg
在註冊表:
localmachine\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDPSSW32
下..
整個LEGACY_RDPSSW32項都沒有辦法刪除~下面還有個0000的項..都沒有辦法刪除.
開始的時候開機自動執行C:\windows\rdpssw32.exe 程式..被我刪除了.我用了流氓軟件清理後說發現,但是無法清除之..

2006-06-27,15:45:45

System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows XP Professional Service Pack 2 - 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<run><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KvMonXP><"F:\Program Files\KV2006\KVMonXP.kxp" /auto>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>

==================================
啟動資料夾
[802.1X認證客戶端]
<C:\Documents and Settings\kingsgame\「開始」表菜單\程式\啟動\802.1X認證客戶端.lnk><N>

==================================
服務
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\System32\Ati2evxx.exe><N/A>
[ATI Smart / ATI Smart]
<C:\WINDOWS\system32\ati2sgag.exe><>
[KVSrvXP / KVSrvXP]
<F:\Program Files\KV2006\KVSrvXP.exe /Service><Jiangmin Co. Ltd>
[KVWSC / KVWSC]
<"F:\Program Files\KV2006\KVWsc.exe"><Jiangmin Co.Ltd>
[RDPSSW32 / RDPSSW32]
<><N/A>
[SVCHOST / SVCHOST]
<C:\WINDOWS\SVCHOST.EXE><N/A>

==================================
瀏覽器載入項
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <, N/A>
[江民殺毒工具欄]
{B5A34A93-D538-43A7-8371-864CB6148D12} <F:\Program Files\KV2006\KvShell.dll, Jiangmin Co.Ltd>
[TegoSoft SmartLoader ActiveX Control]
{1C960AA3-FAEE-11D0-9262-00A0243D2412} <C:\WINDOWS\DOWNLO~1\TegoLoad.OCX, TegoSoft Inc. http://www.tegosoft.com>
[UploadListView Class]
{474F00F5-3853-492C-AC3A-476512BBC336} <C:\WINDOWS\Downloaded Program Files\UploaderX.dll, >
[PhotoUploadCtrl Control]
{A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} <f:\PROGRA~1\Tencent\QZone\PHOTOU~1.OCX, tencent>
[Java Plug-in 1.5.0_01]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[FiltrateWebObj Class]
{42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} <F:\Program Files\KV2006\KVBHO.dll, Jiangmin Co.Ltd>
[超級兔子上網精靈]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <, N/A>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\SHDOCVW.DLL, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[超級兔子上網精靈]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\SHDOCVW.DLL, N/A>
[江民殺毒工具欄]
{B5A34A93-D538-43A7-8371-864CB6148D12} <F:\Program Files\KV2006\KvShell.dll, Jiangmin Co.Ltd>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[上傳到QQ網路硬碟]
<{DEDEB80D-FA35-45D9-9460-4983E5A8AFE6}, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[新增到QQ自定義面板]
<, N/A>
[新增到QQ表情]
<, N/A>
[用QQ彩信發送該圖片]
<F:\Program Files\Tencent\SendMMS.htm, N/A>
[用迅雷下載(&D)]
<F:\Program Files\Thunder5.1.3.168 綠色版 by令狐雨辰\geturl.htm, N/A>
[用迅雷下載全部(&A)]
<F:\Program Files\Thunder5.1.3.168 綠色版 by令狐雨辰\getallurl.htm, N/A>

==================================
正在執行的工作行程
[PID: 580][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 644][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 668][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\Ati2evxx.dll] <N/A><N/A>
[C:\WINDOWS\system32\antiwpa.dll] <N/A><N/A>
[PID: 712][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 724][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 884][C:\WINDOWS\System32\Ati2evxx.exe] <N/A><N/A>
[PID: 896][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1004][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1088][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1300][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1312][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1524][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1732][F:\Program Files\KV2006\KVSrvXP.exe] <Jiangmin Co. Ltd><9.2.0.50822>
[F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[F:\Program Files\KV2006\SvcSafe.dll] <Jiangmin Co. Ltd><9, 2, 0, 51107>
[F:\Program Files\KV2006\lang\SvcSafe0804.lng] <N/A><N/A>
[F:\Program Files\KV2006\RegProt.dll] <Jiangmin Co.Ltd><9, 0, 5, 1212>
[F:\Program Files\KV2006\Scan.dll] <Jiangmin Co., Ltd.><1.0.6.05190>
[F:\Program Files\KV2006\FileGD.dll] <Jiangmin Co.Ltd><9.2.0.50809>
[F:\Program Files\KV2006\KvSPI.dll] <Jiangmin Co. Ltd.><1.0.6.06030>
[F:\Program Files\KV2006\lang\KVSpi0804.lng] <N/A><N/A>
[F:\Program Files\KV2006\ScanHost.dll] <Jiangmin Co. Ltd><9, 2, 0, 50822>
[F:\Program Files\KV2006\KVWPSet.dll] <Jiangmin Co.Ltd><9, 0, 0, 60220>
[F:\Program Files\KV2006\KVEnhS.dll] <Jiangmin Co., Ltd.><9, 2, 6, 02040>
[F:\Program Files\KV2006\KVEnhJ.dll] <Jiangmin Co.Ltd><9, 1, 0, 50822>
[F:\Program Files\KV2006\KVExtCab.dll] <JiangMin Co. Ltd><9, 2, 0, 50822>
[F:\Program Files\KV2006\KVExtEml.dll] <Jiangmin Co. Ltd.><9, 2, 0, 51207>
[F:\Program Files\KV2006\lang\KVExtEml0804.lng] <N/A><N/A>
[F:\Program Files\KV2006\KvExtZip.dll] <JiangMin Co Ltd.><9, 2, 0, 50822>
[F:\Program Files\KV2006\KVExtZ.dll] <Jiangmin Co. Ltd><9.2.0.503>
[F:\Program Files\KV2006\KVExtTar.dll] <Jiangmin Co. Ltd><9, 2, 0, 50822>
[F:\Program Files\KV2006\KVExtLZH.dll] <JiangMin Co. Ltd.><9, 2, 6, 0316>
[F:\Program Files\KV2006\KvExtRar.dll] <JiangMin Co. Ltd.><9, 2, 6, 04020>
[F:\Program Files\KV2006\KVExtGz_1.dll] <Jiangmin Co. Ltd><9, 0, 6, 04200>
[F:\Program Files\KV2006\KVEnhK.dll] <Jiangmin Co.Ltd><9, 1, 0, 51209>
[F:\Program Files\KV2006\Fix.dll] <Jiangmin Co.Ltd><9, 2, 0, 51011>
[F:\Program Files\KV2006\KvCkMail.dll] <N/A><9, 0, 6, 605>
[F:\Program Files\KV2006\lang\KvMailRes0804.lng] <N/A><N/A>
[F:\Program Files\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817>
[F:\Program Files\KV2006\lang\PrivateCfg0804.lng] <TODO: <Company name>><1.0.0.1>
[PID: 432][C:\WINDOWS\system32\Ati2evxx.exe] <N/A><N/A>
[PID: 616][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[F:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[F:\Program Files\KV2006\KvShell.dll] <Jiangmin Co.Ltd><9, 0, 5, 830>
[F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[F:\Program Files\KV2006\lang\Kvxp0804_1.lng] <N/A><N/A>
[F:\Program Files\KV2006\APIImpl.dll] <JiangMin Ltd.><9.0.0.500>
[F:\Program Files\Tencent\qdshm.dll] <><1, 0, 101, 20>
[F:\Program Files\SPX Capture\engine.dll] <N/A><N/A>
[PID: 640][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[F:\Program Files\KV2006\KVMonXP.kxp] <Jiangmin Co.Ltd><9, 2, 0, 60103>
[F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[F:\Program Files\KV2006\lang\Kvxp0804_1.lng] <N/A><N/A>
[F:\Program Files\KV2006\GUIExt.dll] <Jiangmin Co.Ltd><9, 0, 5, 927>
[F:\Program Files\KV2006\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200>
[F:\Program Files\KV2006\EngFace.dll] <Jiangmin Co.Ltd><9.0.0.50809>
[F:\Program Files\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817>
[F:\Program Files\KV2006\KvMemory.dll] <Jiangmin Co. Ltd.><9, 0, 6, 0214>
[F:\Program Files\KV2006\KvOffice.dll] <JiangMin New Tech.><9.0.0.1213>
[F:\Program Files\KV2006\lang\KVOffice0804.lng] <N/A><N/A>
[F:\Program Files\KV2006\VirusUpload.dll] <N/A><2, 0, 0, 0>
[F:\Program Files\KV2006\lang\PrivateCfg0804.lng] <TODO: <Company name>><1.0.0.1>
[F:\Program Files\KV2006\PProtect.dll] <Jiangmin Co. Ltd.><9.0.0.921>
[PID: 1196][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[F:\Program Files\KV2006\TrojDie.kxp] <Jiangmin Co.Ltd><9.0.6.0413>
[F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[F:\Program Files\KV2006\lang\TrojDie0804.lng] <Jiangmin Co.Ltd><9.0.0.0813>
[F:\Program Files\KV2006\GUIExt.dll] <Jiangmin Co.Ltd><9, 0, 5, 927>
[F:\Program Files\KV2006\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200>
[F:\Program Files\KV2006\PProtect.dll] <Jiangmin Co. Ltd.><9.0.0.921>
[F:\Program Files\KV2006\ComUIPS.dll] <Jiangmin Ltd.><9. 5. 5. 20>
[PID: 1456][C:\Program Files\802.1X認證客戶端\Dot1XClient.exe] <huawei><2.00>
[C:\WINDOWS\system32\W32N50.dll] <Printing Communications Assoc., Inc. (PCAUSA)><5.03.16.54>
[PID: 1964][F:\Program Files\KV2006\KRegEx.exe] <Jiangmin Co.Ltd><9.0.6.210>
[F:\Program Files\KV2006\KRegEx.dll] <Jiangmin Co. Ltd.><9.0.6.0119>
[F:\Program Files\KV2006\KRegTrust.dll] <Jiangmin Co. Ltd.><9.0.0.825>
[PID: 200][F:\Program Files\KV2006\UIHost.exe] <Jiangmin Co. Ltd><9.2.0.50822>
[F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[F:\Program Files\KV2006\ComUI.dll] <Jiangmin Ltd.><9. 0. 0.509>
[F:\Program Files\KV2006\ComUIPS.dll] <Jiangmin Ltd.><9. 5. 5. 20>
[PID: 356][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 1408][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1868][F:\PROGRA~1\TheWorld\TheWorld.exe] <Phoenix Studio><1, 2, 3, 5>
[C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx] <Macromedia, Inc.><8,0,24,0>
[C:\WINDOWS\system32\FREEWB.IME] <Delphi Fan Studio><5.1>
[F:\Program Files\freewb\plugin\date.plg] <><1, 0, 0, 1>
[F:\Program Files\SPX Capture\engine.dll] <N/A><N/A>
[PID: 1616][F:\Program Files\SPX Capture\Spx.exe] <MoodySoft><4.0.0.0>
[F:\Program Files\SPX Capture\ICQMAPI.dll] <N/A><N/A>
[F:\Program Files\SPX Capture\lpng.dll] <N/A><N/A>
[F:\Program Files\SPX Capture\freeze.dll] <N/A><N/A>
[F:\Program Files\SPX Capture\engine.dll] <N/A><N/A>
[PID: 1368][F:\download\sreng2\SREng.exe] <Smallfrogs Studio><2.0.12.350>
[F:\Program Files\SPX Capture\engine.dll] <N/A><N/A>

==================================
文件關聯
.TXT Error. [emeditor.txt]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================





A:

再次執行 System Repair Engineer 在「啟動專案」->「服務」 中刪除下面專案

[RDPSSW32 / RDPSSW32]
<><N/A>
[SVCHOST / SVCHOST]
<C:\WINDOWS\SVCHOST.EXE><N/A>




Q:
2006-06-27,20:05:54

System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows XP Professional Service Pack 2 - 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<run><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KvMonXP><"F:\Program Files\KV2006\KVMonXP.kxp" /auto>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<Super Rabbit Winspeed><"F:\Program Files\Super Rabbit\MagicSet\winspeed.exe" /autokill:117>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>

==================================
啟動資料夾
[802.1X認證客戶端]
<C:\Documents and Settings\kingsgame\「開始」表菜單\程式\啟動\802.1X認證客戶端.lnk><N>

==================================
服務
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\System32\Ati2evxx.exe><N/A>
[ATI Smart / ATI Smart]
<C:\WINDOWS\system32\ati2sgag.exe><>
[KVSrvXP / KVSrvXP]
<F:\Program Files\KV2006\KVSrvXP.exe /Service><Jiangmin Co. Ltd>
[KVWSC / KVWSC]
<"F:\Program Files\KV2006\KVWsc.exe"><Jiangmin Co.Ltd>

==================================
瀏覽器載入項
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <, N/A>
[江民殺毒工具欄]
{B5A34A93-D538-43A7-8371-864CB6148D12} <F:\Program Files\KV2006\KvShell.dll, Jiangmin Co.Ltd>
[TegoSoft SmartLoader ActiveX Control]
{1C960AA3-FAEE-11D0-9262-00A0243D2412} <C:\WINDOWS\DOWNLO~1\TegoLoad.OCX, TegoSoft Inc. http://www.tegosoft.com>
[UploadListView Class]
{474F00F5-3853-492C-AC3A-476512BBC336} <C:\WINDOWS\Downloaded Program Files\UploaderX.dll, >
[PhotoUploadCtrl Control]
{A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} <f:\PROGRA~1\Tencent\QZone\PHOTOU~1.OCX, tencent>
[Java Plug-in 1.5.0_01]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[FiltrateWebObj Class]
{42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} <F:\Program Files\KV2006\KVBHO.dll, Jiangmin Co.Ltd>
[超級兔子上網精靈]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <, N/A>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\SHDOCVW.DLL, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[超級兔子上網精靈]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <, N/A>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\PROGRA~1\KuGoo2\KUGOO3~1.OCX, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\SHDOCVW.DLL, N/A>
[江民殺毒工具欄]
{B5A34A93-D538-43A7-8371-864CB6148D12} <F:\Program Files\KV2006\KvShell.dll, Jiangmin Co.Ltd>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[上傳到QQ網路硬碟]
<{DEDEB80D-FA35-45D9-9460-4983E5A8AFE6}, N/A>
[使用KuGoo3下載(&K)]
<F:\Program Files\KuGoo2\KuGoo3DownX.htm, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[新增到QQ自定義面板]
<, N/A>
[新增到QQ表情]
<, N/A>
[用QQ彩信發送該圖片]
<F:\Program Files\Tencent\SendMMS.htm, N/A>
[用迅雷下載(&D)]
<F:\Program Files\Thunder5.1.3.168 綠色版 by令狐雨辰\geturl.htm, N/A>
[用迅雷下載全部(&A)]
<F:\Program Files\Thunder5.1.3.168 綠色版 by令狐雨辰\getallurl.htm, N/A>

==================================
正在執行的工作行程
[PID: 580][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 644][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 668][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\Ati2evxx.dll] <N/A><N/A>
[C:\WINDOWS\system32\antiwpa.dll] <N/A><N/A>
[PID: 712][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 724][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 896][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1004][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1088][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1300][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1312][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1524][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1732][F:\Program Files\KV2006\KVSrvXP.exe] <Jiangmin Co. Ltd><9.2.0.50822>
[F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[F:\Program Files\KV2006\SvcSafe.dll] <Jiangmin Co. Ltd><9, 2, 0, 51107>
[F:\Program Files\KV2006\lang\SvcSafe0804.lng] <N/A><N/A>
[F:\Program Files\KV2006\RegProt.dll] <Jiangmin Co.Ltd><9, 0, 5, 1212>
[F:\Program Files\KV2006\Scan.dll] <Jiangmin Co., Ltd.><1.0.6.05190>
[F:\Program Files\KV2006\FileGD.dll] <Jiangmin Co.Ltd><9.2.0.50809>
[F:\Program Files\KV2006\KvSPI.dll] <Jiangmin Co. Ltd.><1.0.6.06030>
[F:\Program Files\KV2006\lang\KVSpi0804.lng] <N/A><N/A>
[F:\Program Files\KV2006\ScanHost.dll] <Jiangmin Co. Ltd><9, 2, 0, 50822>
[F:\Program Files\KV2006\KVWPSet.dll] <Jiangmin Co.Ltd><9, 0, 0, 60220>
[F:\Program Files\KV2006\KvCkMail.dll] <N/A><9, 0, 6, 605>
[F:\Program Files\KV2006\lang\KvMailRes0804.lng] <N/A><N/A>
[F:\Program Files\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817>
[F:\Program Files\KV2006\lang\PrivateCfg0804.lng] <TODO: <Company name>><1.0.0.1>
[PID: 616][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[F:\Program Files\KV2006\KvShell.dll] <Jiangmin Co.Ltd><9, 0, 5, 830>
[F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[F:\Program Files\KV2006\lang\Kvxp0804_1.lng] <N/A><N/A>
[F:\Program Files\KV2006\APIImpl.dll] <JiangMin Ltd.><9.0.0.500>
[F:\Program Files\Tencent\qdshm.dll] <><1, 0, 101, 20>
[F:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[F:\PROGRA~1\KuGoo2\KUGOO3~1.OCX] <N/A><N/A>
[PID: 640][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1196][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 356][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 1408][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1492][C:\Program Files\802.1X認證客戶端\Dot1XClient.exe] <huawei><2.00>
[C:\WINDOWS\system32\W32N50.dll] <Printing Communications Assoc., Inc. (PCAUSA)><5.03.16.54>
[PID: 1668][F:\PROGRA~1\TheWorld\TheWorld.exe] <Phoenix Studio><1, 2, 3, 5>
[C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx] <Macromedia, Inc.><8,0,24,0>
[C:\WINDOWS\system32\FREEWB.IME] <Delphi Fan Studio><5.1>
[F:\Program Files\freewb\plugin\date.plg] <><1, 0, 0, 1>
[C:\WINDOWS\System32\xunleibho_v13.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 48>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[F:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll] <Gabest><1, 0, 1, 2>
[F:\Program Files\Ringz Studio\Storm Codec\Codecs\OGGSplt.ax] <Gabest><1, 0, 0, 0>
[C:\WINDOWS\system32\RealMediaSplitter.ax] <Gabest><1, 0, 1, 1>
[F:\Program Files\Ringz Studio\Storm Codec\Codecs\MkvSplt.ax] <Gabest><1, 0, 2, 6>
[C:\WINDOWS\System32\ffdshow.ax] <N/A><1, 0, 0, 1>
[C:\DOCUME~1\KINGSG~1\APPLIC~1\ppStream\100~1.138\POWERL~1.OCX] <PPStream.com><1, 0, 0, 1216>
[C:\DOCUME~1\KINGSG~1\APPLIC~1\ppStream\100~1.138\POWERP~1.DLL] <PPStream Inc.><1,0,0,1566>
[C:\DOCUME~1\KINGSG~1\APPLIC~1\ppStream\100~1.138\PSNetwork.dll] <PPStream, inc.><1, 0, 0, 2296>
[PID: 940][F:\網號\QQ相關\Q工具\myQQC\myQQC.exe] <N/A><V2.2>
[PID: 3664][F:\download\sreng2\SREng.exe] <Smallfrogs Studio><2.0.12.350>

==================================
文件關聯
.TXT Error. [emeditor.txt]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================



A:新的掃瞄報告沒問題了

psac 2006-07-06 08:45 AM

Q:

【求助】被IEXPLORER.exe搞住了!刪不掉啊!

被IEXPLORER.exe搞住了!刪不掉啊!不到5秒再殺。又出來了!!

A:


請用 System Repair Engineer (SREng) 的智慧式掃瞄,掃瞄一個報告上來

1. 下載 System Repair Engineer 2 ,並儲存到桌面
2. 解開壓縮包裝,執行SREng.exe
3. 按 智慧式掃瞄 ,確保智慧式掃瞄下的專案已經全部打勾,再按 掃瞄
4. 掃瞄完成後,按 儲存報告 ,把報告儲存到桌面
5. 開啟SREngLOG.log報告,把報告所有內容複製 + 貼上來


Q:
2006-07-05,22:59:34

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<pyjj><E:\濾鏡\加加\jj4\jjsvr4.exe> [加加開發組]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<KvMonXP><"D:\KV2006\KVMonXP_2.kxp" /auto> [Jiangmin Co.Ltd]
<SKYNET Personal FireWall><E:\安全\FIREWALL\pfw.exe> [廣州眾達天網技術有限公司]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<><; > []
<CSPContext><; C:\WINDOWS\system32\CSPContext.exe> [中文之星]
<rundll31><C:\WINDOWS\system32\IEXPLORER.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<DLMon><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
<WinlogonNotify: AtiExtEvent><Ati2evxx.dll> [ATI Technologies Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ATICCC><; "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay> []
<ATIPTA><; ; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> []
<IMSCMIG40W><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log> [Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NVMixerTray><; "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"> [NVIDIA Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<pyjj><; E:\濾鏡\加加\jj4\jjsvr4.exe> [加加開發組]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<rundll31><; C:\WINDOWS\system32\IEXPLORER.exe> []
<TkBellExe><; ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> []
<Update><; > []

==================================
啟動資料夾
服務
[Adobe LM Service / Adobe LM Service]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
<C:\WINDOWS\system32\ati2sgag.exe><>
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[KVSrvXP / KVSrvXP]
<D:\KV2006\KVSrvXP.exe /Service><Jiangmin Co. Ltd>
[KVWSC / KVWSC]
<"D:\KV2006\kvwsc.exe"><Jiangmin Co.Ltd>

==================================
瀏覽器載入項
[解霸]
{367E0A21-8601-4986-9C9A-153BF5ACA118} <e:\HEROSOFT\Hero3000\MPLAYER.EXE, N/A>
[聯想]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A>
[訊息檢索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <E:\FlashGet-v1.71\flashget.exe, Amaze Soft>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[江民殺毒工具欄]
{B5A34A93-D538-43A7-8371-864CB6148D12} <D:\KV2006\KvShell.dll, Jiangmin Co.Ltd>
[SnagIt]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <E:\圖像\TechSmith\SnagIt 7\SnagItIEAddin.dll, TechSmith Corporation>
[&Save Flash]
{4064EA35-578D-4073-A834-C96D82CBCF40} <E:\濾鏡\Save Flash\SaveFlash.dll, TODO: <Company name>>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Alexa Web Search]
<CDB6E-AE6D-11CF-96B8-444553540000}, N/A>
[Get Alexa Data]
<, N/A>
[Mail to a Friend...]
<, N/A>
[See Related Links]
<, N/A>
[Write a Review...]
<, N/A>
[上傳到QQ網路硬碟]
<, N/A>
[使用網際快車下載]
<E:\FlashGet-v1.71\jc_link.htm, N/A>
[使用網際快車下載全部鏈接]
<E:\FlashGet-v1.71\jc_all.htm, N/A>
[定位檢視 GPS 衛星地圖]
<E:\濾鏡\Opanda\IExif 2.25\IExifMap.htm, N/A>
[檢視 Exif/GPS/IPTC 訊息]
<E:\濾鏡\Opanda\IExif 2.25\IExifCom.htm, N/A>
[新增到QQ自定義面板]
<, N/A>
[新增到QQ表情]
<, N/A>
[用QQ彩信發送該圖片]
<, N/A>

==================================
正在執行的工作行程
[PID: 508][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 576][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 604][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\Ati2evxx.dll] <ATI Technologies Inc.><6.14.10.4124>
[PID: 648][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 660][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 800][C:\WINDOWS\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4124>
[C:\WINDOWS\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2499>
[PID: 828][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 896][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 956][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1036][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1124][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1356][C:\WINDOWS\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4124>
[C:\WINDOWS\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2499>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[PID: 1420][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[D:\KV2006\KvShell.dll] <Jiangmin Co.Ltd><9, 0, 5, 830>
[D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[D:\KV2006\lang\Kvxp0804_1.lng] <N/A><N/A>
[D:\KV2006\APIImpl.dll] <JiangMin Ltd.><9.0.0.500>
[C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll] <><1, 0, 0, 1>
[PID: 1432][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[PID: 1588][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.29>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[D:\KV2006\KVMonXP_2.kxp] <Jiangmin Co.Ltd><9, 2, 0, 60103>
[D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[D:\KV2006\lang\Kvxp0804_1.lng] <N/A><N/A>
[D:\KV2006\GUIExt.dll] <Jiangmin Co.Ltd><9, 0, 5, 927>
[D:\KV2006\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200>
[D:\KV2006\EngFace.dll] <Jiangmin Co.Ltd><9.0.0.50809>
[D:\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817>
[D:\KV2006\KvMemory.dll] <Jiangmin Co. Ltd.><9, 0, 6, 0214>
[D:\KV2006\KvOffice.dll] <JiangMin New Tech.><9.0.0.1213>
[D:\KV2006\lang\KVOffice0804.lng] <N/A><N/A>
[D:\KV2006\VirusUpload.dll] <N/A><2, 0, 0, 0>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[D:\KV2006\PProtect.dll] <Jiangmin Co. Ltd.><9.0.0.921>
[PID: 1612][C:\WINDOWS\system32\IEXPLORER.exe] <N/A><N/A>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[PID: 1632][E:\濾鏡\加加\jj4\jjsvr4.exe] <加加開發組><4.0.0.18>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[PID: 1740][D:\KV2006\KVSrvXP.exe] <Jiangmin Co. Ltd><9.2.0.50822>
[D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[D:\KV2006\SvcSafe.dll] <Jiangmin Co. Ltd><9, 2, 0, 51107>
[D:\KV2006\lang\SvcSafe0804.lng] <N/A><N/A>
[D:\KV2006\RegProt.dll] <Jiangmin Co.Ltd><9, 0, 5, 1212>
[D:\KV2006\Scan.dll] <Jiangmin Co., Ltd.><1.0.6.05190>
[D:\KV2006\FileGD.dll] <Jiangmin Co.Ltd><9.2.0.50809>
[D:\KV2006\KvSPI.dll] <Jiangmin Co. Ltd.><1.0.6.06030>
[D:\KV2006\lang\KVSpi0804.lng] <N/A><N/A>
[D:\KV2006\ScanHost.dll] <Jiangmin Co. Ltd><9, 2, 0, 50822>
[D:\KV2006\KVWPSet_1.dll] <Jiangmin Co.Ltd><9, 0, 0, 60220>
[D:\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817>
[D:\KV2006\KVEnhS.dll] <Jiangmin Co., Ltd.><9, 2, 6, 02040>
[D:\KV2006\KVEnhJ.dll] <Jiangmin Co.Ltd><9, 1, 0, 50822>
[D:\KV2006\KVExtCab.dll] <JiangMin Co. Ltd><9, 2, 0, 50822>
[D:\KV2006\KvExtZip.dll] <JiangMin Co Ltd.><9, 2, 0, 50822>
[D:\KV2006\KVExtZ.dll] <Jiangmin Co. Ltd><9.2.0.503>
[D:\KV2006\KVExtTar.dll] <Jiangmin Co. Ltd><9, 2, 0, 50822>
[D:\KV2006\KVExtLZH_1.dll] <JiangMin Co. Ltd.><9, 2, 6, 0316>
[D:\KV2006\KvExtRar_1.dll] <JiangMin Co. Ltd.><9, 2, 6, 04020>
[D:\KV2006\KVExtGz_1.dll] <Jiangmin Co. Ltd><9, 0, 6, 04200>
[D:\KV2006\KVExtEml.dll] <Jiangmin Co. Ltd.><9, 2, 0, 51207>
[D:\KV2006\lang\KVExtEml0804.lng] <N/A><N/A>
[D:\KV2006\KVEnhK.dll] <Jiangmin Co.Ltd><9, 1, 0, 51209>
[D:\KV2006\Fix.dll] <Jiangmin Co.Ltd><9, 2, 0, 51011>
[D:\KV2006\KvCkMail.dll] <N/A><9, 0, 6, 605>
[D:\KV2006\lang\KvMailRes0804.lng] <N/A><N/A>
[PID: 1764][D:\KV2006\kvwsc.exe] <Jiangmin Co.Ltd><9, 0, 5, 908>
[D:\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817>
[D:\KV2006\EngFace.dll] <Jiangmin Co.Ltd><9.0.0.50809>
[D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[PID: 1828][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1856][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1024][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[D:\KV2006\TrojDie.kxp] <Jiangmin Co.Ltd><9.0.6.0413>
[D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[D:\KV2006\lang\TrojDie0804.lng] <Jiangmin Co.Ltd><9.0.0.0813>
[D:\KV2006\GUIExt.dll] <Jiangmin Co.Ltd><9, 0, 5, 927>
[D:\KV2006\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200>
[D:\KV2006\PProtect.dll] <Jiangmin Co. Ltd.><9.0.0.921>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[D:\KV2006\ComUIPS.dll] <Jiangmin Ltd.><9. 5. 5. 20>
[PID: 1724][D:\KV2006\KRegEx.exe] <Jiangmin Co.Ltd><9.0.6.210>
[D:\KV2006\KRegEx.dll] <Jiangmin Co. Ltd.><9.0.6.0119>
[D:\KV2006\KRegTrust.dll] <Jiangmin Co. Ltd.><9.0.0.825>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[PID: 1932][D:\KV2006\UIHost.exe] <Jiangmin Co. Ltd><9.2.0.50822>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[D:\KV2006\ComUI.dll] <Jiangmin Ltd.><9. 0. 0.509>
[D:\KV2006\ComUIPS.dll] <Jiangmin Ltd.><9. 5. 5. 20>
[D:\KV2006\GUIExt.dll] <Jiangmin Co.Ltd><9, 0, 5, 927>
[D:\KV2006\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200>
[PID: 2696][E:\圖像\TheWorld-v1.26\TheWorld.exe] <Phoenix Studio><1, 2, 3, 5>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 3036][E:\安全\FireWall\PFW.exe] <廣州眾達天網技術有限公司><2.7.7.1000>
[E:\安全\FireWall\SKYMISC.DLL] <N/A><N/A>
[E:\安全\FireWall\COMPRESSWRAP.DLL] <N/A><N/A>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[PID: 3108][E:\安全\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG Error. ["regedit.exe" "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS Error. []
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================




A:


1. 使用SREng (相關操作說明)
-刪除以下的啟動項
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<rundll31><C:\WINDOWS\system32\IEXPLORER.exe> []

2. 重新啟動,按F8進入安全模式,刪除以下檔案 (看注1)
C:\WINDOWS\system32\IEXPLORER.exe

注1: 如果找不到以上檔案,先作出以下設定
a) 在 我的電腦 ,點擊 工具--->資料夾選項
b) 點 檢視 選擇項,然後去掉 隱藏受保護的操作系統文件 前的勾,點選 顯示所有文件和資料夾 ,最後 確定

psac 2006-07-15 02:58 PM

Q:

【求助】C:\WINDOWS\svchost.exe

工作行程中出現這個東西C:\WINDOWS\svchost.exe
無法結束工作行程,也不能刪除,該svchost.exe創建的日期是今天?
註冊表run鍵值中有svc在執行,刪除後自動出現
winlogon.exe在任務管理器中有兩個一個ID 532
一個是744
諾頓一直提示有病毒,但是總殺不玩?
怎麼辦?是中了什麼毒?
2006-07-14,00:06:22

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<svc><C:\WINDOWS\svchost.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<pdfFactory Dispatcher v1><C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe> [FinePrint Software, LLC]
<ccApp><; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [Symantec Corporation]
<vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe> [Symantec Corporation]
<svc><C:\WINDOWS\svchost.exe> []
<HotKeysCmds><; C:\WINDOWS\system32\hkcmd.exe> [Intel Corporation]
<IgfxTray><; C:\WINDOWS\system32\igfxtray.exe> [Intel Corporation]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<SoundMan><; SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\inituser.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll> [Symantec Corporation]

==================================
啟動資料夾
服務
[Symantec Event Manager / ccEvtMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
<"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch]
<"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[DameWare Mini Remote Control / DWMRCS]
<C:\WINDOWS\SYSTEM32\DWRCS.EXE -service><N/A>
[KDDelegateService / KDDelegateService]
<d:\Program Files\Kingdee\K3ERP\KDDelegateService.exe><KINGDEE>
[SavRoam / SavRoam]
<"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc]
<"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc]
<"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
<"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[VIPTray / VIPTray]
<2 - 系統找不到指定的文件。
><N/A>

==================================
瀏覽器載入項
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v5.dll, >
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IEYHlprObj Class]
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[Webacc Class]
{CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, >
[IEHlprObj Class]
{F5B3ECED-9BF3-4f7e-882B-A6E75343C499} <C:\Progra~1\NetMeeting\netinit.dll, Microsoft Corporation>
[iehelper]
{F651FCAA-F826-4922-8990-C6F99CC67AFC} <C:\WINDOWS\Win32ef.dll, N/A>
[google bar]
{FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A>
[比較購物搜索(&C)]
{A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} <C:\WINDOWS\YayaBands.dll, Eastday Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <, N/A>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v5.dll, >
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[MonitorURL Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A>
[HHCtrl Object]
{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[IEYHlprObj Class]
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation>
[XBTP03129 Class]
{6029B367-250A-4696-925C-641709CA7381} <C:\PROGRA~1\KUAISO~1\KUAISO~1.DLL, N/A>
[Kuaiso Toolsbar]
{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\Kuaiso Toolsbar\kuaiso_06040.dll, N/A>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[estAliveObj Class]
{A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, N/A>
[IEHlprObj Class]
{BA623AA0-9A82-4D0C-944C-0228CEA17780} <C:\Progra~1\Messenger\netshow.dll, N/A>
[Webacc Class]
{CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <, N/A>
[IEHlprObj Class]
{F5B3ECED-9BF3-4F7E-882B-A6E75343C499} <C:\Progra~1\NetMeeting\netinit.dll, Microsoft Corporation>
[iehelper]
{F651FCAA-F826-4922-8990-C6F99CC67AFC} <C:\WINDOWS\Win32ef.dll, N/A>
[google bar]
{FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A>

==================================
正在執行的工作行程
[PID: 664][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 720][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 744][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\NavLogon.dll] <Symantec Corporation><10.0.2.2000>
[PID: 788][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 800][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 968][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1016][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1080][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1132][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1168][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1328][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] <Symantec Corporation><103.5.6.3>
[PID: 1356][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.5.6.3>
[C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\BB.DLL] <Symantec Corporation><1,5,1,3>
[C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL] <Symantec Corporation><1,5,1,3>
[C:\Program Files\Common Files\Symantec Shared\ccSet.dll] <Symantec Corporation><103.5.6.3>
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL] <Symantec Corporation><103.5.6.3>
[PID: 1664][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\fppmon1.dll] <FinePrint Software, LLC><1.17>
[C:\WINDOWS\system32\fppr132.dll] <FinePrint Software, LLC><1.17>
[PID: 1804][C:\Program Files\Symantec AntiVirus\DefWatch.exe] <Symantec Corporation><10.0.2.2000>
[PID: 1828][C:\WINDOWS\SYSTEM32\DWRCS.EXE] <N/A><N/A>
[PID: 1956][C:\Program Files\Symantec AntiVirus\SavRoam.exe] <symantec><10.0.2.2000>
[C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll] <Symantec Corporation><10.0.2.2000>
[C:\WINDOWS\system32\CBA.DLL] <LANDesk Software Ltd.><6.12.0.140 E>
[C:\WINDOWS\system32\MsgSys.dll] <LANDesk Software Ltd.><6.12.0.140 E>
[C:\WINDOWS\system32\NTS.dll] <LANDesk Software Ltd.><6.12.0.141 E>
[C:\WINDOWS\system32\PDS.DLL] <LANDesk Software Ltd.><6.12.0.140 E>
[c:\program files\common files\symantec shared\ssc\ScsComms.dll] <Symantec Corporation><10.0.2.2000>
[PID: 244][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\hpwx3770.dll] <Hewlett-Packard><3.2.2.674>
[C:\WINDOWS\system32\hpgt3770.dll] <Hewlett-Packard><1.0.2.682>
[PID: 328][C:\Program Files\Symantec AntiVirus\Rtvscan.exe] <Symantec Corporation><10.0.2.2000>
[C:\WINDOWS\system32\CBA.DLL] <LANDesk Software Ltd.><6.12.0.140 E>
[C:\WINDOWS\system32\MsgSys.dll] <LANDesk Software Ltd.><6.12.0.140 E>
[C:\WINDOWS\system32\NTS.dll] <LANDesk Software Ltd.><6.12.0.141 E>
[C:\WINDOWS\system32\PDS.DLL] <LANDesk Software Ltd.><6.12.0.140 E>
[C:\Program Files\Symantec AntiVirus\NAVLU.dll] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL] <Symantec Corporation><10.0.2.2000>
[c:\program files\common files\symantec shared\ssc\ScsComms.dll] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Symantec AntiVirus\I2ldvp3.dll] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccDec.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\ccScan.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL] <Symantec Corporation><51.2.0.12>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060712.021\ccEraser.dll] <Symantec Corporation><106.1.5.2>
[C:\Program Files\Symantec AntiVirus\DefUtDCD.dll] <Symantec Corporation><3.1.13a.0>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060712.021\ecmsvr32.dll] <Symantec Corporation><61.1.0.11>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060712.021\NAVEX32a.DLL] <Symantec Corporation><20061.1.0.14>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060712.021\NAVENG32.DLL] <Symantec Corporation><20061.1.0.14>
[C:\Program Files\Symantec AntiVirus\NAVAP32.DLL] <Symantec Corporation><9.7.0.10>
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] <Symantec Corporation><9.7.0.10>
[C:\Program Files\Symantec AntiVirus\IMail.dll] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Symantec AntiVirus\NotesExt.dll] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Symantec AntiVirus\vpmsece3.dll] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll] <Symantec Corporation><1,5,1,3>
[C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><10.0.2.2000>
[PID: 592][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2976][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><7.0.5.2005092300>
[C:\WINDOWS\system32\svchost.dll] <><1, 0, 0, 1>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[C:\WINDOWS\system32\igfxpph.dll] <Intel Corporation><3.0.0.3847>
[C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.3847>
[C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.3847>
[C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.3847>
[C:\WINDOWS\system32\igfxdev.dll] <Intel Corporation><3.0.0.3847>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><10.0.2.2000>
[C:\WINDOWS\system32\igfxress.dll] <Intel Corporation><3.0.0.3847>
[C:\WINDOWS\system32\xunleibho_v5.dll] <><4, 3, 3, 30>
[C:\WINDOWS\Win32ef.dll] <N/A><N/A>
[C:\WINDOWS\vwwreg.dll] <N/A><N/A>
[PID: 3112][C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe] <FinePrint Software, LLC><1.17>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppr132.dll] <FinePrint Software, LLC><1.17>
[PID: 3128][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.5.6.3>
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL] <Symantec Corporation><103.5.6.3>
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL] <Symantec Corporation><103.5.6.3>
[C:\WINDOWS\system32\SYMREDIR.DLL] <Symantec Corporation><6.0.1.105>
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Symantec AntiVirus\SavEmail.dll] <Symantec Corporation><10.0.2.2000>
[PID: 3144][C:\PROGRA~1\SYMANT~1\VPTray.exe] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] <Symantec Corporation><9.7.0.10>
[C:\Program Files\Symantec AntiVirus\Cliproxy.dll] <Symantec Corporation><10.0.2.2000>
[C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL] <Symantec Corporation><10.0.2.2000>
[c:\program files\common files\symantec shared\ssc\ScsComms.dll] <Symantec Corporation><10.0.2.2000>
[C:\WINDOWS\system32\nts.dll] <LANDesk Software Ltd.><6.12.0.141 E>
[C:\WINDOWS\system32\cba.dll] <LANDesk Software Ltd.><6.12.0.140 E>
[C:\WINDOWS\system32\MsgSys.dll] <LANDesk Software Ltd.><6.12.0.140 E>
[C:\WINDOWS\system32\PDS.DLL] <LANDesk Software Ltd.><6.12.0.140 E>
[PID: 3168][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3336][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2384][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 532][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2644][C:\WINDOWS\system32\rdpclip.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3472][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 3632][C:\WINDOWS\system32\taskmgr.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 184][C:\WINDOWS\regedit.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3108][C:\DOCUME~1\wangquan\LOCALS~1\Temp\Rar$EX00.016\PrcView.exe] <PrcView><3.7.3.1>
[PID: 3796][C:\WINDOWS\svchost.exe] <N/A><N/A>
[PID: 3560][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A>
[PID: 3072][C:\DOCUME~1\wangquan\LOCALS~1\Temp\Rar$EX00.079\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================




A:


用sreng刪除啟動專案
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<svc><C:\WINDOWS\svchost.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<svc><C:\WINDOWS\svchost.exe> []

重啟後在安全模式刪除
C:\WINDOWS\svchost.exe
如果刪除不了 請下載killbox強制刪除


除了上述問題外,還有以下需要處理的

建議修復操作時關閉其他所有的無關程式,包括IE瀏覽器等,建議將以下內容複製貼上去到記事本然後儲存以便操作。

請執行剛才用來做智慧式掃瞄的工具SREng,
在系統修復->瀏覽器載入項裡,勾選並b]刪除以下內容 ,都是些流氓軟件

[IEYHlprObj Class]
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[Webacc Class]
{CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, >
[IEHlprObj Class]
{F5B3ECED-9BF3-4f7e-882B-A6E75343C499} <C:\Progra~1\NetMeeting\netinit.dll, Microsoft Corporation>
[iehelper]
{F651FCAA-F826-4922-8990-C6F99CC67AFC} <C:\WINDOWS\Win32ef.dll, N/A>
[google bar]
{FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A>
[比較購物搜索(&C)]
{A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} <C:\WINDOWS\YayaBands.dll, Eastday Corporation>
[MonitorURL Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, N/A>
[IEYHlprObj Class]
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation>
[XBTP03129 Class]
{6029B367-250A-4696-925C-641709CA7381} <C:\PROGRA~1\KUAISO~1\KUAISO~1.DLL, N/A>
[Kuaiso Toolsbar]
{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\Kuaiso Toolsbar\kuaiso_06040.dll, N/A>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[estAliveObj Class]
{A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, N/A>
[IEHlprObj Class]
{BA623AA0-9A82-4D0C-944C-0228CEA17780} <C:\Progra~1\Messenger\netshow.dll, N/A>
[Webacc Class]
{CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <, N/A>
[IEHlprObj Class]
{F5B3ECED-9BF3-4F7E-882B-A6E75343C499} <C:\Progra~1\NetMeeting\netinit.dll, Microsoft Corporation>
[iehelper]
{F651FCAA-F826-4922-8990-C6F99CC67AFC} <C:\WINDOWS\Win32ef.dll, N/A>
[google bar]
{FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A>

psac 2006-07-20 07:41 PM

Q:

【求助】工作裡的RUNDLL32.EXE圖示變大變花了?病毒嗎?

以前也有過這樣的例子。RUNDLL32.EXE圖示變大變花了以後,桌面的圖示也變花了,接著感染了所有EXE文件和RAR文件,殺不了,後來只有格了硬碟。這次又出現了,好怕啊。
我掃瞄的系統報告:

2006-07-19,13:41:18

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Advanced Server Service Pack 4 (Build 2195)
- 管理權限用戶 - 完整功能

以下內容被選:
所有的啟動項目(包括註冊表、啟動檔案夾、服務等)
瀏覽器載入項
正在執行的工作(包括工作模組訊息)
文件關聯


啟動項目
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<ShStatEXE><"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE>

[Network Associates, Inc.]
<McAfeeUpdaterUI><"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"

/StartedFromRunKey> [Network Associates, Inc.]
<Network Associates Error Reporting Service><"C:\Program Files\Common Files\Network

Associates\TalkBack\TBMon.exe"> [Network Associates, Inc.]
<!ewido><"E:\ewido anti-spyware 4.0\ewido.exe" /minimized> [Anti-Malware Development

a.s.]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>

[RealNetworks, Inc.]
<Update><C:\Program Files\Common Files\UPDAT\Update.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINNT\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><E:\ewido anti-spyware

4.0\shellexecutehook.dll> [Anti-Malware Development a.s.]

==================================
啟動檔案夾
服務
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINNT\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
<C:\WINNT\system32\ati2sgag.exe><>
[Logical Disk Manager Administrative Service / dmadmin]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard]
<E:\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.>
[McAfee Framework 服務 / McAfeeFramework]
<C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

/ServiceStart><Network Associates, Inc.>
[Network Associates McShield / McShield]
<"C:\Program Files\Network Associates\VirusScan\Mcshield.exe"><Network Associates, Inc.>
[Network Associates Task Manager / McTaskManager]
<"C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"><Network Associates, Inc.>
[Security Machine Manager / MouTALS]
<C:\WINNT\SYSTEM32\RUNDLL32.EXE C:\WINNT\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[Ulead Burning Helper / UleadBurningHelper]
<C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>

==================================
瀏覽器載入項
[]
{01A7A372-71E8-4022-9D76-B66BECF71A2E} <C:\WINNT\system32\IEBHOGET.dll, N/A>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder

Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[NewWebController Class]
{9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINNT\system32\AdvSC.dll, N/A>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINNT\system32\WinSC.dll, N/A>
[QuickBtn]
{D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} <C:\Program Files\CoolWebsite\QuickLink.dll,

Fengcent>
[DuiSo.com Search]
{E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINNT\system32\Inte32.dll, N/A>
[QuickBtn]
{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll,

Fengcent>
[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,電台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft

Corporation>
[WebActivater Control]
{3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINNT\system32\WEBACT~1.OCX, QQ>
[InfoSecNetSign Class]
{62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINNT\DOWNLO~1\NetSign.dll, Infosec

Technologies Co., Ltd.>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINNT\DOWNLO~1\SUBMIT~1.DLL, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8b.ocx,

Macromedia, Inc.>
[IcbcSsl快取CleanerCtrl Class]
{E9707834-5BF7-4CFF-A639-398427DE1991} <C:\WINNT\Downloaded Program

Files\IcbcSsl快取Cleaner.dll, 中國工商銀行>
[&使用迅雷下載]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下載全部連接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>

==================================
正在執行的工作
[PID: 176][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 200][\??\C:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 220][\??\C:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6997>
[C:\WINNT\system32\Ati2evxx.dll] <ATI Technologies Inc.><6.14.10.4117>
[PID: 248][C:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.7035>
[C:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[PID: 260][C:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.7011>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[PID: 368][C:\WINNT\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4117>
[C:\WINNT\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2497>
[PID: 456][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[PID: 488][C:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.7059>
[PID: 536][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[PID: 576][C:\WINNT\System32\llssrv.exe] <Microsoft Corporation><5.00.2195.7021>
[PID: 608][C:\Program Files\Network Associates\Common Framework\FrameworkService.exe]

<Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\nailog.dll] <Network Associates,

Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\naXML.dll] <Network Associates,

Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] <Network

Associates, Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\applib.dll] <Network Associates,

Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\Logging.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\InternetManager.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\naInet.dll] <Network Associates,

Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\UserSpace.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll]

<Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\Management.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\cmalib.dll] <Network Associates,

Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\Scheduler.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\TCSubSys.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[PID: 660][C:\Program Files\Network Associates\VirusScan\Mcshield.exe] <Network

Associates, Inc.><8.0.0.309>
[C:\Program Files\Network Associates\VirusScan\Res04\McShield.DLL] <Network

Associates, Inc.><8.0.0.251>
[C:\Program Files\Network Associates\VirusScan\FTL.Dll] <Network Associates,

Inc.><8.0.0.135>
[C:\Program Files\Network Associates\VirusScan\naiann.dll] <Network Associates,

Inc.><8.0.0.308>
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] <Network Associates,

Inc.><8.0.0.316>
[C:\Program Files\Network Associates\Common Framework\GenEvtInf.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\VirusScan\NaEventU.DLL] <Network Associates,

Inc.><8.0.0.342>
[C:\Program Files\Network Associates\VirusScan\Res04\naEvtRes.dll] <Network

Associates, Inc.><8.0.0.342>
[C:\Program Files\Network Associates\VirusScan\VSIDSvr.dll] <Network Associates,

Inc.><8.0.0.291>
[C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll]

<Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\VirusScan\EntSrv.Dll] <Network Associates,

Inc><8.0.0.448>
[PID: 676][C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe] <Network

Associates, Inc.><8.0.0.1002>
[C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] <Network Associates,

Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\naiwmain.dll] <Network Associates,

Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\naicondl.dll] <Network Associates,

Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\RES04\VsTskMgr.dll] <Network

Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\MIDUtil.Dll] <McAfee, Inc.><8.0.0.152>
[PID: 740][C:\WINNT\SYSTEM32\RUNDLL32.EXE] <Microsoft Corporation><5.00.2134.1>
[PID: 748][C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe] <Network Associates,

Inc.><3.5.0.412>
[C:\PROGRA~1\NETWOR~1\COMMON~1\nailog.dll] <Network Associates, Inc.><3.5.0.474>
[C:\PROGRA~1\NETWOR~1\COMMON~1\naCmnLib.dll] <Network Associates, Inc.><3.5.0.474>
[C:\PROGRA~1\NETWOR~1\COMMON~1\naXML.dll] <Network Associates, Inc.><3.5.0.474>
[C:\PROGRA~1\NETWOR~1\COMMON~1\0804\AgentRes.dll] <Network Associates,

Inc.><3.5.0.412>
[C:\Program Files\Network Associates\VirusScan\VsPlugin.dll] <Network Associates,

Inc.><8.0.0.981>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[PID: 812][C:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701>
[PID: 828][C:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6972>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[PID: 840][C:\WINNT\system32\stisvc.exe] <Microsoft Corporation><5.00.2195.6656>
[C:\WINNT\system32\VM31bSTI.dll] <VM><4.2.510.21>
[PID: 932][C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe] <Ulead Systems,

Inc.><1, 0, 0, 4>
[PID: 952][C:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100>
[PID: 984][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[PID: 1020][C:\WINNT\system32\inetsrv\inetinfo.exe] <Microsoft Corporation><5.00.0984>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[PID: 1056][C:\WINNT\system32\msdtc.exe] <Microsoft Corporation><1999.9.3421.3>
[PID: 1596][C:\WINNT\System32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[PID: 1432][C:\WINNT\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4117>
[C:\WINNT\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2497>
[PID: 1380][C:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[E:\ewido anti-spyware 4.0\shellexecutehook.dll] <Anti-Malware Development a.s.><4, 0,

0, 172>
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder

Networking Technologies,LTD><5, 0, 0, 1>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\Network Associates\VirusScan\shext.dll] <Network Associates,

Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\RES04\ShExtRes.dll] <Network

Associates, Inc.><8.0.0.912>
[PID: 1812][C:\WINNT\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.30>
[PID: 1820][C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE] <Network Associates,

Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] <Network Associates,

Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\naiwmain.dll] <Network Associates,

Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\RES04\shstat.dll] <Network Associates,

Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\RES04\Product.dll] <Network Associates,

Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\RES04\McShield.dll] <Network

Associates, Inc.><8.0.0.251>
[C:\Program Files\Network Associates\VirusScan\RES04\Shutilrc.dll] <Network

Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\Graphics.dll] <Network Associates,

Inc.><8.0.0.912>
[PID: 1828][C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\nailog.dll] <Network Associates,

Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] <Network

Associates, Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\naXML.dll] <Network Associates,

Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\0804\UpdRes.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll]

<Network Associates, Inc.><3.5.0.412>
[PID: 1836][C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe] <Network

Associates, Inc.><2.0.275.0>
[PID: 1916][E:\ewido anti-spyware 4.0\ewido.exe] <Anti-Malware Development a.s.><4, 0, 0,

172>
[E:\ewido anti-spyware 4.0\engine.dll] <Anti-Malware Development a.s.><4, 0, 0, 172>
[PID: 1924][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks,

Inc.><0.1.0.3510>
[PID: 1960][C:\WINNT\system32\dllhost.exe] <Microsoft Corporation><5.00.2195.6692>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] <Network Associates,

Inc.><8.0.0.992>
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] <Network Associates,

Inc.><8.0.0.316>
[C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll] <Network

Associates, Inc.><8.0.0.251>
[C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll] <McAfee,

Inc.><4.4.00>
[PID: 2048][C:\WINNT\system32\dllhost.exe] <Microsoft Corporation><5.00.2195.6692>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[PID: 2136][C:\DOCUME~1\lxy\LOCALS~1\Temp\M2Server.exe] <亞盟網路><1.0.0.1>
[D:\MirServer\Mir200\IPLocal.dll] <N/A><N/A>
[D:\MirServer\Mir200\M2Server.dll] <N/A><N/A>
[D:\MirServer\Mir200\zPlugOfEngine.dll] <N/A><N/A>
[C:\Program Files\Common Files\Borland Shared\BDE\IDAPI32.DLL] <N/A><N/A>
[C:\Program Files\Common Files\Borland Shared\BDE\IDR20009.DLL] <N/A><N/A>
[C:\Program Files\Common Files\Borland Shared\BDE\BANTAM.DLL] <N/A><N/A>
[C:\Program Files\Common Files\Borland Shared\BDE\idsql32.DLL] <N/A><N/A>
[C:\Program Files\Common Files\Borland Shared\BDE\IDPDX32.DLL] <N/A><N/A>
[C:\Program Files\Common Files\Borland Shared\BDE\idbat32.DLL] <N/A><N/A>
[PID: 2196][C:\WINNT\system32\mdm.exe] <Microsoft Corporation><6.00.8424>
[PID: 2168][D:\MirServer\xysrvII.exe] <N/A><N/A>
[C:\Program Files\Common Files\Borland Shared\BDE\IDAPI32.DLL] <N/A><N/A>
[C:\Program Files\Common Files\Borland Shared\BDE\IDR20009.DLL] <N/A><N/A>
[C:\Program Files\Common Files\Borland Shared\BDE\BANTAM.DLL] <N/A><N/A>
[C:\Program Files\Common Files\Borland Shared\BDE\IDPDX32.DLL] <N/A><N/A>
[PID: 652][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft

Corporation><6.00.2800.1106>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[C:\WINNT\system32\IEBHOGET.dll] <N/A><N/A>
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder

Networking Technologies,LTD><5, 0, 0, 1>
[C:\Program Files\CoolWebsite\QuickLink.dll] <Fengcent><1, 0, 0, 2>
[C:\WINNT\system32\Inte32.dll] <N/A><N/A>
[C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] <Network Associates,

Inc.><8.0.0.992>
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] <Network Associates,

Inc.><8.0.0.316>
[C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll] <Network

Associates, Inc.><8.0.0.251>
[C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll] <McAfee,

Inc.><4.4.00>
[PID: 1720][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft

Corporation><6.00.2800.1106>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[C:\WINNT\system32\IEBHOGET.dll] <N/A><N/A>
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder

Networking Technologies,LTD><5, 0, 0, 1>
[C:\Program Files\CoolWebsite\QuickLink.dll] <Fengcent><1, 0, 0, 2>
[C:\WINNT\system32\Inte32.dll] <N/A><N/A>
[PID: 2516][C:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655>
[PID: 2532][C:\DOCUME~1\lxy\LOCALS~1\Temp\Rar$EX00.719\SREng2\SREng.exe] <Smallfrogs

Studio><2.0.21.505>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者



A:


使用SREng (相關操作說明)一樓
-移除以下的啟動項
[RealNetworks, Inc.]
<Update><C:\Program Files\Common Files\UPDAT\Update.exe> []

-移除以下瀏覽器載入項
[]
{01A7A372-71E8-4022-9D76-B66BECF71A2E} <C:\WINNT\system32\IEBHOGET.dll, N/A>
[NewWebController Class]
{9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINNT\system32\AdvSC.dll, N/A>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINNT\system32\WinSC.dll, N/A>
[QuickBtn]
{D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} <C:\Program Files\CoolWebsite\QuickLink.dll,
Fengcent>
[DuiSo.com Search]
{E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINNT\system32\Inte32.dll, N/A>
[QuickBtn]
{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll,
Fengcent>
[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >


你中的是Worm.Viking....試試用瑞星提供的Worm.Viking專殺工具
http://it.rising.com.cn/service/tech...RavVikiing.htm

psac 2006-07-20 07:43 PM

Q:
為什麼老是彈出廣告網頁

明明用清理LJ軟體清理過一次了 可是還是有廣告網頁自動彈出來 我的MM現在很鬱悶 大家幫幫忙啦~~~~~


A:
請用 System Repair Engineer 掃瞄一個log貼上來。
1 解壓縮Sreng2.zip
2 執行Sreng2.exe
3 智能掃瞄——掃瞄——儲存報告
4 把日誌sreng.log中的報告內容完整拷貝貼上來,不要修改。
掃瞄時請關閉所有你手動開啟的程序
sreng操作和修復教學


Q:

啟動項目
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [Microsoft Corporation]
<pbmini><D:\Program Files\pcast\PodcastbarMini\PodcastBarMiniStarter.exe> []
<MyShares><c:\program Files\易虎\MyShares.exe /tray> []
<MSNShell><D:\Program Files\MSNShell\BIN\MSNShell.exe autorun> []
<msnnt><C:\WINDOWS\Updatec.exe> []
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
<VoipDiscount><"d:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized> [VoipDiscount]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<spoolsv><C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer> [廣州傲訊訊息科技有限公司]
<Update><C:\Program Files\Common Files\UPDAT\Update.exe> []
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> []
<Thunder><"d:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s> []
<sysservice><C:\DOCUME~1\Admin\LOCALS~1\Temp\servicea.exe> []
<supdate2.dll><RUNDLL32.EXE C:\WINDOWS\system32\supdate2.dll,Run> []
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<res><C:\WINDOWS\system32\res.exe> []
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC> []
<KAVPersonal50><"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize> []
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [Intel Corporation]
<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [Intel Corporation]
<BIE><Rundll32 C:\WINDOWS\DOWNLO~1\BDPlugin.dll,Rundll32> []
<bgoomain.exe><C:\PROGRA~1\baigoo\bgoomain.exe> [BGoo]
<AddrPlus3><C:\PROGRA~1\TENCENT\Adplus\stup.exe C:\PROGRA~1\TENCENT\Adplus\Adplus.dll Rundll32> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<C:\PROGRA~1\baigoo\plugin\bgoocos\bgoocos.dll><regsvr32 /s C:\PROGRA~1\baigoo\plugin\bgoocos\bgoocos.dll> [BAIGOO]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{B83FC273-3522-4CC6-92EC-75CC86678DA4}><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<Vision><C:\PROGRA~1\MMSASS~1\Mmsass~1.dll> []

==================================
啟動檔案夾
[WinBrowse]
<C:\Documents and Settings\Admin\「開始」表單\程序\啟動\WinBrowse.lnk><N>

==================================
服務
[Server2.03 / 2.03]
<C:\WINDOWS\G_Server2.03.exe><N/A>
[NT Data Provider / MOVEESS]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>

==================================
瀏覽器載入項
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[CPub Object]
{0CA51D02-7739-43EA-8D9A-1E8AD4327B03} <d:\Program Files\P4P\sodaie.dll, N/A>
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, Allsum Info. Tech. Ltd.>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\Program Files\BAIDU\BAR\BAIDUBAR.DLL, Baidu.com, Inc.>
[Status Class]
{7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\Program Files\baigoo\BGooBHO.dll, >
[ST]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} <C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation>
[NewWebController Class]
{9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINDOWS\system32\WinSC.dll, N/A>
[MSNToolBandBHO]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll, Microsoft Corporation>
[免費精彩視瀕超流暢在線觀看]
{022C4009-5283-4365-97BF-144054B40E2E} <http://itv.mop.com, N/A>
[浩方對戰平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <D:\Program Files\浩方對戰平台\GameClient.exe, N/A>
[訊息檢索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll, Microsoft Corporation>
[MMCPlayer Class]
{05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[CPub Object]
{0CA51D02-7739-43EA-8D9A-1E8AD4327B03} <d:\Program Files\P4P\sodaie.dll, N/A>
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, Allsum Info. Tech. Ltd.>
[QuickBtn]
{1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[MMSAssist BHO]
{6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, N/A>
[stdup]
{6A512BF7-EC78-4E8D-9841-6C02E8FA9838} <C:\WINDOWS\SYSTEM32\stdup.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\Program Files\BAIDU\BAR\BAIDUBAR.DLL, Baidu.com, Inc.>
[Status Class]
{7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\Program Files\baigoo\BGooBHO.dll, >
[Microsoft Web 瀏覽器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[ST]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} <C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation>
[NewWebController Class]
{9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINDOWS\system32\WinSC.dll, N/A>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll, Microsoft Corporation>
[MSNToolBandBHO]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[pCastPanel Class]
{FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <C:\WINDOWS\system32\pCastCtl.dll, >
[ >> 彩信傳送 <<]
<res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A>
[>>彩信傳送<<]
<res://C:\Program Files\MMSAssist\Mmsass~1.dll/mms.htm, N/A>
[上傳到QQ網路硬碟]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[增加到QQ自訂面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[增加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信傳送該圖片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在執行的工作
[PID: 568][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 640][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 664][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 708][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 720][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 868][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 912][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 984][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1036][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1152][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1284][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[C:\WINDOWS\system32\ZLhp1020.DLL] <Zenographics, Inc.><5, 53, 2714, 0>
[C:\WINDOWS\system32\ZLM.dll] <Zenographics, Inc.><5, 50, 1416, 0>
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL] <Zenographics, Inc.><5, 54, 330, 0>
[C:\WINDOWS\system32\Imf32.dll] <Zenographics, Inc.><5, 60, 1204, 0>
[C:\WINDOWS\system32\ZTAG32.dll] <Zenographics, Inc.><5, 60, 1210, 0>
[C:\WINDOWS\system32\ZSPOOL.dll] <Zenographics, Inc.><5, 51, 709, 0>
[PID: 1644][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[C:\WINDOWS\system32\msicn\msibm.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\igfxpph.dll] <Intel Corporation><3.0.0.3924>
[C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.3924>
[C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.3924>
[C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.3924>
[C:\WINDOWS\system32\igfxdev.dll] <Intel Corporation><3.0.0.3924>
[C:\WINDOWS\system32\msicn\plugins\bse.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\msicn\plugins\lup.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\msicn\plugins\bm.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\msicn\plugins\as.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\igfxress.dll] <Intel Corporation><3.0.0.3924>
[PID: 1764][C:\DOCUME~1\Admin\LOCALS~1\Temp\servicea.exe] <N/A><N/A>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[PID: 1780][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.30>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[PID: 1836][C:\WINDOWS\system32\hkcmd.exe] <Intel Corporation><3.0.0.3924>
[C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.3924>
[C:\WINDOWS\system32\igfxdev.dll] <Intel Corporation><3.0.0.3924>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.3924>
[C:\WINDOWS\system32\igfxhk.dll] <Intel Corporation><3.0.0.3924>
[C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.3924>
[PID: 1844][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[PID: 1852][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[C:\WINDOWS\system32\msicn\msibm.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1>
[PID: 1860][C:\Program Files\MSN Messenger\msnmsgr.exe] <Microsoft Corporation><7.5.0324>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\WINDOWS\system32\msicn\msibm.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1>
[PID: 1888][C:\Program Files\Messenger\msmsgs.exe] <Microsoft Corporation><4.7.3001>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[PID: 188][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] <Microsoft Corporation><7.00.9466>
[PID: 508][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[PID: 900][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3200][C:\Program Files\baigoo\bgoomain.exe] <BGoo><1, 0, 0, 1006>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\Program Files\baigoo\bgooex.dll] <><1, 0, 0, 1007>
[PID: 1708][D:\Program Files\Tencent\QQ\QQ.exe] <TENCENT><0, 0, 0, 0>
[D:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QQHelperDll.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\BasicCtrlDll.dll] <Tencent><5, 0, 200, 160>
[C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[D:\Program Files\Tencent\QQ\QQAPI.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[D:\Program Files\Tencent\QQ\LoginCtrl.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 3, 2, 1>
[D:\Program Files\Tencent\QQ\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[D:\Program Files\Tencent\QQ\QQRes.dll] <tencent><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QQMainFrame.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\CQQApplication.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\NewSkin.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\HostingMgr.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\CameraDll.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\MailSummary.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QQGroupMng.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\GroupLive.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\UserDefinedHead.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QQPlugin.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QQConfigPlugin.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QQSysMsgMng.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QRingMng.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\PhoneAPI.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[D:\Program Files\Tencent\QQ\QQAvatar.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\FlashAvatarDll.dll] <><1, 4, 0, 1>
[D:\Program Files\Tencent\QQ\LongConnection.dll] <tencent><5, 0, 200, 160>
[D:\Program Files\Tencent\QQ\QQPet.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\BQQApplication.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QQFileTransfer.dll] <Tencent><5, 0, 202, 180>
[D:\Program Files\Tencent\QQ\CommercesMng.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\PersonalDesktop.dll] <深圳市騰訊電腦系統公司QQ工作小組><1, 0, 0, 2>
[D:\Program Files\Tencent\QQ\QQAddr.dll] <深圳市騰訊電腦系統有限公司><5, 0, 101, 200>
[D:\Program Files\Tencent\QQ\QQSceneMng.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QQPhoneHelper.dll] <騰訊科技(深圳)有限公司><2, 0, 4, 40>
[D:\Program Files\Tencent\QQ\QQAllInOne.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\SCCore.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QQCustomFace.dll] <N/A><N/A>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清華紫光軟體股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\upengine.dll] <北京清華紫光軟體股份有限公司><3.0.0.3045>
[D:\Program Files\Tencent\QQ\GroupConnection.dll] <Tencent><5, 0, 202, 170>
[D:\Program Files\Tencent\QQ\ImageOle.dll] <TODO: <Company name>><1.0.0.1>
[D:\Program Files\Tencent\QQ\QQZip.dll] <tencent><0, 3, 2, 4>
[C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax] <N/A><N/A>
[C:\WINDOWS\system32\l3codecx.ax] <Fraunhofer Institut Integrierte Schaltungen IIS><1, 5, 0, 50>
[D:\Program Files\Tencent\QQ\QQMagicFace.dll] <><1, 0, 0, 1>
[PID: 2280][D:\Program Files\Tencent\QQ\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[D:\Program Files\Tencent\QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 2912][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3656][D:\Program Files\Maxthon\Maxthon.exe] <Maxthon International Ltd.><1, 5, 6, 42>
[D:\Program Files\Maxthon\maxzlib.dll] < ><1, 0, 0, 2>
[C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[C:\WINDOWS\system32\wmpdrm.dll] <Allsum Info. Tech. Ltd.><2, 0, 0, 1>
[C:\PROGRA~1\baigoo\bgook.dll] <BAIGOO.COM><1, 0, 0, 1007>
[C:\PROGRA~1\baigoo\plugin\bgoobar\bgoobar.dll] <BAIGOO><1, 0, 0, 1007>
[C:\PROGRA~1\baigoo\plugin\bgoocos\bgoocos.dll] <BAIGOO><1.0.0.1007>
[D:\Program Files\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清華紫光軟體股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\upengine.dll] <北京清華紫光軟體股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 4004][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A>
[C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[PID: 2124][C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.984\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[PID: 1776][C:\WINDOWS\system32\zshp1020.exe] <><1, 0, 1007, 0>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]


A:


<sysservice><C:\DOCUME~1\Admin\LOCALS~1\Temp\servicea.exe>
<res><C:\WINDOWS\system32\res.exe>
<supdate2.dll><RUNDLL32.EXE C:\WINDOWS\system32\supdate2.dll,Run>
<Vision><C:\PROGRA~1\MMSASS~1\Mmsass~1.dll>
<C:\WINDOWS\G_Server2.03.exe><N/A>
[NT Data Provider / MOVEESS]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087>

有問題

psac 2006-07-20 07:46 PM

Q:

【求助】一個病毒---"alibaba2.exe"是什麼?請高手幫忙!

如題,我在BAIDU搜尋了沒有,在論壇裡也沒,請高手幫忙解決~~
謝謝了~~


A:

請提供以下相關病毒報告(病毒日誌)訊息:
病毒名稱(完整的病毒名稱)
病毒檔案名,以及病毒文件所在的位置(完整路徑)
反病毒軟體的處理結果(清除/移除失敗等)

並請用 此帖 中的 System Repair Engineer 掃瞄一個log貼上來。
1 解壓縮Sreng2.zip
2 執行Sreng2.exe
3 智能掃瞄——掃瞄——儲存報告
4 把日誌sreng.log中的報告內容完整拷貝貼上來,不要修改。
掃瞄時請關閉所有你手動開啟的程序
sreng操作和修復教學





Q:
C:\WINDOWS\System32\alibaba2.exe 我用的是卡巴的殺毒軟體 處理情況是可以移除的

以下的是sreng.log:

2006-07-20,14:16:29

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選:
所有的啟動項目(包括註冊表、啟動檔案夾、服務等)
瀏覽器載入項
正在執行的工作(包括工作模組訊息)
文件關聯


啟動項目
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
<STYLEXP><C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide> []
<sys1><Rundll32.exe C:\WINDOWS\system32\Upsrv.dll,Run> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<1A:Stardock TrayMonitor><"C:\Program Files\Common Files\stardock\TrayServer.exe"> [Stardock]
<RichMedia><C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\HBClient\tbhelper.dll",WaitWindows> [Shanghai Henbang Technology Co., Ltd]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<IESAddr><> []
<Update><C:\Program Files\Common Files\UPDAT\Update.exe> []
<StormCodec_Helper><"d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]

==================================
啟動檔案夾
[騰訊QQ]
<C:\Documents and Settings\sxm20463\「開始」表單\程序\啟動\騰訊QQ.lnk><N>

==================================
服務
[kavsvc / kavsvc]
<"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[DNS 快取 / SOCEESe]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[StyleXPService / StyleXPService]
<"C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"><>

==================================
瀏覽器載入項
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[QuickBtn]
{1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <E:\Downloads\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[MMSAssist BHO]
{6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >
[CpapView Class]
{77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\Rundll32.dll, >
[HBObject Class]
{AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\tbhelper.dll, Shanghai Henbang Technology Co., Ltd>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <D:\download\software\NetTransport 2\NTIEHelper.dll, Xi>
[IEHlprObj Class]
{CE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\system32\IEHelper.dll, >
[浩方對戰平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <E:\Program Files\浩方對戰平台\GameClient.exe, 上海浩方在線資訊科技有限公司>
[QuickBtn]
{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Downloads\qq\QQ.EXE, TENCENT>
[易趣購物]
{DE607145-AC19-425e-862A-2D70ABDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=5, N/A>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <E:\Downloads\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[QuickBtn]
{1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <E:\Downloads\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[MMSAssist BHO]
{6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[CpapView Class]
{77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\Rundll32.dll, >
[HBObject Class]
{AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\tbhelper.dll, Shanghai Henbang Technology Co., Ltd>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <D:\download\software\NetTransport 2\NTIEHelper.dll, Xi>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[IEHlprObj Class]
{CE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\system32\IEHelper.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[ >> 彩信傳送 <<]
<res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A>
[上傳到QQ網路硬碟]
<E:\Downloads\qq\AddToNetDisk.htm, N/A>
[使用影音傳送帶下載]
<D:\download\software\NetTransport 2\NTAddLink.html, N/A>
[使用影音傳送帶下載全部連接]
<D:\download\software\NetTransport 2\NTAddList.html, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[增加到QQ自訂面板]
<E:\Downloads\qq\AddPanel.htm, N/A>
[增加到QQ表情]
<E:\Downloads\qq\AddEmotion.htm, N/A>
[用QQ彩信傳送該圖片]
<E:\Downloads\qq\SendMMS.htm, N/A>

==================================
正在執行的工作
[PID: 616][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 680][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 704][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 748][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 760][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\upfdll.dll] <N/A><N/A>
[PID: 908][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 956][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\upfdll.dll] <N/A><N/A>
[PID: 1048][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\upfdll.dll] <N/A><N/A>
[PID: 1080][C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe] <><0, 20, 0, 3000>
[PID: 1172][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\upfdll.dll] <N/A><N/A>
[PID: 1244][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\upfdll.dll] <N/A><N/A>
[PID: 1532][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1576][C:\WINDOWS\System32\SCardSvr.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1856][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.7190>
[C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7190>
[C:\WINDOWS\system32\nvshell.dll] <NVIDIA Corporation><6.14.10.10031>
[C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[C:\WINDOWS\system32\Rundll32.dll] <><1, 0, 1, 1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\Program Files\CoolWebsite\QuickLink.dll] <Fengcent><1, 0, 0, 2>
[C:\PROGRA~1\MMSASS~1\Mmsass~1.dll] <><1, 2, 0, 2>
[D:\download\software\NetTransport 2\NTIEHelper.dll] <Xi><1.91.12>
[PID: 184][C:\Program Files\Common Files\stardock\TrayServer.exe] <Stardock><v1.55>
[PID: 196][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\HBClient\tbhelper.dll] <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 3>
[PID: 220][C:\Program Files\Common Files\UPDAT\Update.exe] <N/A><N/A>
[PID: 240][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 272][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\Upsrv.dll] <N/A><N/A>
[PID: 424][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.7190>
[C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7190>
[PID: 480][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 876][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1020][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[PID: 148][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1472][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[d:\Program Files\AskTao\asktao.mod] <N/A><N/A>
[d:\Program Files\AskTao\fmod.dll] <Firelight Technologies Pty, Ltd><3.74>
[d:\Program Files\AskTao\memmgr.dll] <N/A><N/A>
[d:\Program Files\AskTao\Communicate.dll] <N/A><N/A>
[d:\Program Files\AskTao\gbits.dll] <N/A><N/A>
[d:\Program Files\AskTao\report.dll] <N/A><N/A>
[PID: 2452][E:\Downloads\qq\QQ.exe] <TENCENT><0, 0, 0, 0>
[E:\Downloads\qq\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\QQHelperDll.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\BasicCtrlDll.dll] <Tencent><5, 0, 200, 160>
[E:\Downloads\qq\QQAPI.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\TIMProxy.dll] <tencent><0, 3, 2, 4>
[E:\Downloads\qq\LoginCtrl.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 3, 2, 1>
[E:\Downloads\qq\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[E:\Downloads\qq\QQRes.dll] <tencent><1, 0, 0, 1>
[E:\Downloads\qq\QQMainFrame.dll] <N/A><N/A>
[E:\Downloads\qq\CQQApplication.dll] <N/A><N/A>
[C:\WINDOWS\system32\upfdll.dll] <N/A><N/A>
[E:\Downloads\qq\NewSkin.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\HostingMgr.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\CameraDll.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\MailSummary.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[E:\Downloads\qq\QQGroupMng.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\GroupLive.dll] <N/A><N/A>
[E:\Downloads\qq\LongConnection.dll] <tencent><5, 0, 200, 160>
[E:\Downloads\qq\QQPlugin.dll] <N/A><N/A>
[E:\Downloads\qq\ShareFiles.dll] <N/A><N/A>
[E:\Downloads\qq\QQZip.dll] <tencent><0, 3, 2, 4>
[E:\Downloads\qq\UserDefinedHead.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\QQConfigPlugin.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\QRingMng.dll] <N/A><N/A>
[E:\Downloads\qq\PhoneAPI.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[E:\Downloads\qq\QQAvatar.dll] <N/A><N/A>
[E:\Downloads\qq\FlashAvatarDll.dll] <><1, 4, 0, 1>
[E:\Downloads\qq\QQPet.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\QQSysMsgMng.dll] <N/A><N/A>
[E:\Downloads\qq\videodevice.dll] <Tencent><1.5.0.0>
[E:\Downloads\qq\inplus.dll] <Tencent><1.5.0.0>
[C:\WINDOWS\system32\l3codeca.acm] <Fraunhofer Institut Integrierte Schaltungen IIS><1, 9, 0, 0305>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[E:\Downloads\qq\QQAllInOne.dll] <N/A><N/A>
[E:\Downloads\qq\SCCore.dll] <N/A><N/A>
[E:\Downloads\qq\BQQApplication.dll] <N/A><N/A>
[E:\Downloads\qq\QQCustomFace.dll] <N/A><N/A>
[E:\Downloads\qq\CommercesMng.dll] <><1, 0, 0, 1>
[E:\Downloads\qq\PersonalDesktop.dll] <深圳市騰訊電腦系統公司QQ工作小組><1, 0, 0, 2>
[E:\Downloads\qq\QQUdpGetFileLib.dll] <tencent><0, 2, 2, 3>
[E:\Downloads\qq\QQAddr.dll] <深圳市騰訊電腦系統有限公司><5, 0, 101, 200>
[E:\Downloads\qq\QQSceneMng.dll] <N/A><N/A>
[E:\Downloads\qq\QQPhoneHelper.dll] <騰訊科技(深圳)有限公司><2, 0, 4, 40>
[E:\Downloads\qq\ImageOle.dll] <TODO: <Company name>><1.0.0.1>
[E:\Downloads\qq\QQFileTransfer.dll] <Tencent><5, 0, 202, 180>
[E:\Downloads\qq\GroupConnection.dll] <Tencent><5, 0, 202, 170>
[PID: 2456][E:\Downloads\qq\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[E:\Downloads\qq\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 1072][C:\Documents and Settings\sxm20463\桌面\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\system32\upfdll.dll] <N/A><N/A>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================




A:
<sys1><Rundll32.exe C:\WINDOWS\system32\Upsrv.dll,Run>
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
感覺有問題,個人意見


卸載 酷站導航,很棒小秘書,雅虎助手,網路實名,mmsassist,

2 關閉所有視窗 ===〉執行sreng.exe ===〉啟動項目 ===〉註冊表 ===〉選下面的項目 ===〉移除
<sys1><Rundll32.exe C:\WINDOWS\system32\Upsrv.dll,Run> []
<RichMedia><C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\HBClient\tbhelper.dll",WaitWindows>
<IESAddr><> []
<Update><C:\Program Files\Common Files\UPDAT\Update.exe> []

3 啟動項目 ===〉服務 ===〉Win32 服務應用程式 ===〉勾選 「隱藏微軟服務」 ===〉選下面的項目 ===〉點選「移除服務」 ===〉設定 ===〉是
[DNS 快取 / SOCEESe]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>

4 系統修復 ===〉瀏覽器載入項 ===〉選下面的項目 ===〉移除所選內容
[QuickBtn]
{1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[MMSAssist BHO]
{6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >
[CpapView Class]
{77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\Rundll32.dll, >
[HBObject Class]
{AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\tbhelper.dll, Shanghai Henbang Technology Co., Ltd>
[IEHlprObj Class]
{CE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\system32\IEHelper.dll, >
[QuickBtn]
{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[CpapView Class]
{77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\Rundll32.dll, >
[HBObject Class]
{AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\tbhelper.dll, Shanghai Henbang Technology Co., Ltd>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[IEHlprObj Class]
{CE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\system32\IEHelper.dll, >

5 重新啟動動進入安全模式(開機按F8,在等待介面選項「安全模式」),移除資料夾:
C:\PROGRAM FILES\HBClient
C:\Program Files\Common Files\UPDAT
C:\Program Files\CoolWebsite
C:\PROGRAM FILES\Yahoo!
C:\PROGRAM FILES\MMSASSIST
文件:
C:\WINDOWS\system32\Upsrv.dll
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL
C:\WINDOWS\system32\Rundll32.dll
C:\WINDOWS\system32\IEHelper.dll
c:\system32\SHELL32.dll
c:\system32\shdocvw.dll
C:\WINDOWS\system32\upfdll.dll
同時清空臨時資料夾。
刪不掉的文件請使用 置頂帖子 中的 killbox 輔助處理。
執行 killbox.exe ===〉在「要移除的文件的完整路徑」中填入該檔案 ===〉移除文件

6 重新啟動動回到正常模式,用 惡意軟體清理助手 輔助清理剩餘的文件。
執行RogueCleaner.exe ===〉關閉所有視窗,僅保留RogueCleaner ===〉系統清理 ===〉惡意軟體清理 ===〉開始檢測 ===〉勾選「使用強制清理模式」 ===〉開始清理

7 至於你說的alibaba2.exe,移除了就沒有問題了。

8 另外問一下,這個資料夾 d:\Program Files\AskTao 中的東西是你自己安裝的?




Q:

d:\Program Files\AskTao 是一個叫做《問道》的網路遊戲
怎麼了?有問題的嗎?

A:
那就!沒有問題了,我就是不熟悉,所以問你一下,以免操作失誤。

psac 2006-07-21 05:37 PM

Q:
【求助】spoolsv工作無限佔用cpu資源的問題

麻煩大家幫我看看:就是最近我的電腦反應特別慢,發現spoolsv工作幾乎耗盡了cpu的全部資源。這個工作關閉以後可以恢復正常,但是列印機就沒法用了。我也試著在安全模式下去移除這個程序,可是好像沒用。請大家幫我出出主意,謝了



A:

請用 System Repair Engineer (SREng) 的智能掃瞄,掃瞄一個報告上來

1. 下載 SRENG2 ,並儲存到桌面
2. 解開壓縮包,執行SREng.exe
3. 按 智能掃瞄 ,確保智能掃瞄下的項目已經全部打勾,再按 掃瞄
4. 掃瞄完成後,按 儲存報告 ,把報告儲存到桌面
5. 開啟SREngLOG.log報告,把報告所有內容複製 + 貼上來



Q:


2006-07-21,08:04:08

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選:
所有的啟動項目(包括註冊表、啟動檔案夾、服務等)
瀏覽器載入項
正在執行的工作(包括工作模組訊息)
文件關聯


啟動項目
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<Yahoo! Pager><"D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet> []
<msnmsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><; nwiz.exe /install> []
<NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<愛眼大使><D:\Program Files\eyer\eyer\eyer.exe> [ElectricPower.cn]
<KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize> [Kaspersky Lab]
<UserFaultCheck><%systemroot%\system32\dumprep 0 -u> []
<DAEMON Tools-1033><; "C:\Program Files\D-Tools\daemon.exe" -lang 1033> [DAEMON'S HOME]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<CdnCtr><; "C:\Program Files\SearchNet\ServeUp.exe"> []
<DAEMON Tools-1033><; "C:\Program Files\D-Tools\daemon.exe" -lang 1033> [DAEMON'S HOME]
<FeiyingUpdate><; C:\DOCUME~1\chn\LOCALS~1\Temp\~exB.exe> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MsnMsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<PCSuiteTrayApplication><; D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup> [Nokia]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<PcSync><; D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog> [Time Information Services Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<RaidTool><; C:\Program Files\VIA\RAID容錯式獨立磁碟陣列\raid_tool.exe> [VIA Technologies]
<SearchNet_Up><; "C:\Program Files\SearchNet\ServeUp.exe"> []
<UnlockerAssistant><; C:\Program Files\Unlocker\UnlockerAssistant.exe> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Yahoo! Pager><; "D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet> []

==================================
啟動檔案夾
服務
[Backbone Service / BBDemon]
<d:\Program Files\Dassault Systemes\B15\intel_a\code\bin\CATSysDemon.exe -service><Dassault Systemes>
[C-DillaCdaC11BA / C-DillaCdaC11BA]
<C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[kavsvc / kavsvc]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"><Kaspersky Lab>
[Moldflow Product Security / MFPS Daemon]
<C:\Program Files\Moldflow\Product Security\mfpsd.exe><N/A>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[ServiceLayer / ServiceLayer]
<"C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"><Nokia.>
[Plastics Insight 5.0 Job Manager / synjm50]
<C:\Program Files\Moldflow\Plastics Insight 5.0\bin\mpijm.exe><N/A>
[Unigraphics Plot Server (ugiipqd) / ugiipqd]
<C:\WINDOWS\system32\spool\ugplot\ugiipqd.exe><Unigraphics Solutions, Inc>
[Unigraphics License Server (uglmd) / Unigraphics License Server (uglmd)]
<"C:\Program Files\EDS\License Servers\UGNXFLEXlm\lmgrd.exe"><Macrovision Corporation>

==================================
瀏覽器載入項
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\原文件\KuGoo3V3.206\KuGoo3\KuGoo3DownXControl.ocx, N/A>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[MessengerStatsClient Class]
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} <C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v13.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[NaviHelperObj Class]
{3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINDOWS\system32\NaviHelper.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\原文件\KuGoo3V3.206\KuGoo3\KuGoo3DownXControl.ocx, N/A>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[QuickBtn]
{D1BB7CF4-4463-4E91-88D7-ECC3CE0A13B7} <C:\Program Files\CoolWebsite\QuickLink.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[MessengerChecker Class]
{DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <D:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, TODO: <Company name>>
[上傳到QQ網路硬碟]
<D:\QQ2006\QQ\AddToNetDisk.htm, N/A>
[使用KuGoo3下載(&K)]
<F:\原文件\KuGoo3V3.206\KuGoo3\KuGoo3DownX.htm, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[增加到QQ自訂面板]
<D:\QQ2006\QQ\AddPanel.htm, N/A>
[增加到QQ表情]
<D:\QQ2006\QQ\AddEmotion.htm, N/A>
[用QQ彩信傳送該圖片]
<D:\QQ2006\QQ\SendMMS.htm, N/A>

==================================
正在執行的工作
[PID: 692][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 772][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 796][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 848][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 860][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1024][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1088][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1176][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1300][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1396][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1692][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.0.0.86>
[D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2>
[F:\原文件\KuGoo3V3.206\KuGoo3\KuGoo3DownXControl.ocx] <N/A><N/A>
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[PID: 1956][D:\Program Files\eyer\eyer\eyer.exe] <ElectricPower.cn><0.9.6.11>
[PID: 1976][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1984][D:\Program Files\Yahoo!\Messenger\ypager.exe] <N/A><N/A>
[D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2>
[D:\Program Files\Yahoo!\Messenger\ygxa_2.dll] <Yahoo! Inc.><2004, 2, 19, 1>
[D:\Program Files\Yahoo!\Messenger\pcre.dll] <Pcre><3.9>
[D:\Program Files\Yahoo!\Messenger\YML.dll] <N/A><3, 0, 0, 2>
[D:\Program Files\Yahoo!\Messenger\YImage.dll] <Yahoo! Inc.><1, 0, 0, 1>
[D:\Program Files\Yahoo!\Messenger\xmlparse.dll] <N/A><N/A>
[D:\Program Files\Yahoo!\Messenger\xmltok.dll] <N/A><N/A>
[D:\Program Files\Yahoo!\Messenger\ft60.dll] <Yahoo! Inc.><1.0.0.4>
[D:\Program Files\Yahoo!\Messenger\res_msgr.dll] <Yahoo! Inc.><6, 0, 0, 1610>
[C:\Program Files\Yahoo!\Shared\YbSkin2.dll] <Yahoo! Inc.><2005, 6, 3, 1>
[D:\Program Files\Yahoo!\Messenger\MyYahoo.dll] <Yahoo! Inc.><6, 0, 0, 600>
[D:\Program Files\Yahoo!\Messenger\D32-FW.DLL] <Distinct Corporation><3.4.6>
[C:\WINDOWS\system32\icm32.dll] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0>
[D:\Program Files\Yahoo!\Messenger\yvoicesm.dll] <N/A><1, 0, 201, 1>
[D:\Program Files\Yahoo!\Messenger\yvoiceui.dll] <N/A><N/A>
[D:\Program Files\Yahoo!\Messenger\yaudiomgr.dll] <N/A><1, 0, 200, 1>
[D:\Program Files\Yahoo!\Messenger\yxtldr.dll] <N/A><1, 0, 200, 1>
[D:\Program Files\Yahoo!\Messenger\rvsip.dll] <RADVISION><3.1.1.30>
[D:\Program Files\Yahoo!\Messenger\rvcommon.dll] <RADVISION><1.0.18>
[D:\Program Files\Yahoo!\Messenger\rvads.dll] <RADVISION><3.1.1.30>
[D:\Program Files\Yahoo!\Messenger\rvsdp.dll] <RADVISION><>
[D:\Program Files\Yahoo!\Messenger\yv_res.dll] <N/A><N/A>
[D:\Program Files\Yahoo!\Messenger\eyeBeamAsDLL.dll] <N/A><N/A>
[D:\Program Files\Yahoo!\Messenger\AEC_PC_DLL.dll] <N/A><N/A>
[C:\Program Files\Yahoo!\Shared\YAlertCenter.dll] <Yahoo! Inc.><2004, 10, 20, 1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[PID: 1992][C:\Program Files\MSN Messenger\MsnMsgr.Exe] <Microsoft Corporation><8.0.0792.00>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[PID: 280][d:\Program Files\Dassault Systemes\B15\intel_a\code\bin\CATSysDemon.exe] <Dassault Systemes><5.15.0.5029>
[PID: 296][C:\WINDOWS\system32\drivers\CDAC11BA.EXE] <Macrovision><4.20.020>
[PID: 444][C:\Program Files\Moldflow\Product Security\mfpsd.exe] <N/A><N/A>
[PID: 484][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.8185>
[PID: 556][C:\Program Files\Moldflow\Plastics Insight 5.0\bin\mpijm.exe] <N/A><N/A>
[PID: 604][C:\WINDOWS\system32\spool\ugplot\ugiipqd.exe] <Unigraphics Solutions, Inc><2.0.0.21>
[C:\WINDOWS\system32\spool\ugplot\libplotq.dll] <Unigraphics Solutions, Inc><2.0.0.21>
[C:\WINDOWS\system32\spool\ugplot\libsyss.dll] <Unigraphics Solutions, Inc><2.0.0.21>
[PID: 720][C:\Program Files\EDS\License Servers\UGNXFLEXlm\lmgrd.exe] <Macrovision Corporation><8, 3, 2, 0>
[PID: 1000][C:\Program Files\EDS\License Servers\UGNXFLEXlm\uglmd.exe] <N/A><N/A>
[PID: 1676][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2424][C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE] <Microsoft Corporation><11.0.5510>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\mcou.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\mcoup.dll] <Kaspersky Lab><5.0.0.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klcp.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\mcouloc.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\mailappl.dll] <Kaspersky Lab><5.0.388.1>
[C:\PROGRA~1\MICROS~2\OFFICE11\OUTLCTL.DLL] <N/A><N/A>
[D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\nfio.ppl] <Kaspersky Lab><5.0.388.0>
[PID: 2652][C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE] <Microsoft Corporation><11.0.5604>
[C:\Program Files\Microsoft Office\OFFICE11\STARTUP\MathPage.wll] <N/A><N/A>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\offguard.dll] <Kaspersky Lab><5.0.388.1>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DI2011U.DLL] <KONICA MINOLTA BUSINESS TECHNOLOGIES,INC><1.00>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DI2011L.DLL] <KONICA MINOLTA BUSINESS TECHNOLOGIES,INC><1.00>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DI2011C.DLL] <KONICA MINOLTA BUSINESS TECHNOLOGIES,INC><1.00>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DI2011K.DLL] <KONICA MINOLTA BUSINESS TECHNOLOGIES,INC><1.00>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DI2011J.DLL] <KONICA MINOLTA BUSINESS TECHNOLOGIES,INC><1.0.0.0>
[PID: 2900][D:\Program Files\Maxthon\Maxthon.exe] <MY Soft Technology><1, 5, 0, 53>
[D:\Program Files\Maxthon\maxzlib.dll] < ><1, 0, 0, 2>
[C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[C:\WINDOWS\system32\xunleibho_v13.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 48>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[D:\Program Files\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1>
[D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll] <Gabest><1, 0, 1, 3>
[C:\Program Files\Ringz Studio\Storm Codec\Codecs\empgdmx.ax] <Elecard Ltd.><1, 0, 19, 51017>
[C:\WINDOWS\system32\RealMediaSplitter.ax] <Gabest><1, 0, 1, 0>
[C:\WINDOWS\system32\ffdshow.ax] <N/A><1.0.2.2003>
[PID: 1820][D:\Thunder\Thunder.exe] <Thunder Networking Technologies,LTD><5.1.3.168>
[D:\Thunder\UpdateDownload.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 2>
[D:\Thunder\download_interface.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 57>
[D:\Thunder\log4cplus.dll] <><1, 0, 2, 1>
[D:\Thunder\stlport_vc646.dll] <STLport Consulting, Inc.><4.6.2003.1031>
[D:\Thunder\msgmanage.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 13>
[D:\Thunder\historyinfo_manage.dll] <Thunder Networking Technologies,LTD><5, 2, 0, 148>
[D:\Thunder\RegisterDll.dll] <Thunder Networking Technologies,LTD><1, 2, 0, 6>
[D:\Thunder\FloatBar.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 2>
[D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2>
[C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[PID: 2236][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1584][C:\Documents and Settings\chn1.CHN\桌面\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR Error. [AutoCADScriptFile]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================



A:


關於Spoolsv.exe
(所有資料通過收集整理)

spoolsv - spoolsv.exe - 工作訊息

spoolsv - spoolsv.exe - 工作訊息
工作文件: spoolsv or spoolsv.exe
工作名稱: Printer Spooler Service
描述: Windows列印工作控制程序,用以列印機就緒。
一般錯誤: N/A
是否為系統工作: 是

如果目前你沒有自己的列印機而且不想用這台電腦列印資料,可以在「我的電腦」右鍵「管理」裡的「服務」項目中找到「Print Spooler(將文件載入到記憶體中以便遲後列印。)」找到,停止並且禁用就可以了。



後台列印程序和「資源耗盡」消息
問題描述
• 當重新啟動電腦或重新啟動後台列印程序服務時,接收到以下錯誤消息:Spoolsv.exe 無法啟動。

• 當開啟列印機內容時,接收到以下錯誤消息:「資源耗盡錯誤。」

• 列印我的文件時,接收到訪問衝突 (Dr. Watson) 錯誤消息。Dr. Watson 日誌附帶錯誤碼 C0000005 指向 Spoolsv.exe。接收到以下錯誤訊息,後台列印程序停止:<address> 的指令引用記憶體在 <address>。記憶體不可讀。
Spoolsv.exe 或「列印子系統不可用」消息
問題描述
啟動 Windows Server 2003 列印伺服器時,可能接收到以下錯誤消息:Spoolsv.exe 產生了一個錯誤。



而且,如果嘗試檢視列印機內容,可能接收到顯示「列印子系統不可用」的錯誤消息。

問題原因

後台列印服務可能已經停止。如果伺服器執行 Windows Server 2003 而使用為 Windows 98 或 Windows NT 設計的列印啟動程序,則也可能發生這種問題。

問題解決方案

1.
開啟註冊表編輯器 (RegEdt32.exe)。

2.
定位到註冊表以下鍵並將之移除:
HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\ Control\\Print\\Printers\\



<Trouble Printer>

3.
結束註冊表編輯器。





補充:

前幾天感染了一個spoolsv.exe的木馬病毒,怎麼殺都殺不掉,殺了又來,最後找了下,發現spoolsv.exe的最新變種目前還沒有哪個軟體能殺掉,因此,將解決方法發怖在這裡,希望對大家有說明

spoolsv.exe是一種延緩列印木馬程序,它使電腦CPU使用率達到100%,從而使風扇保持高速嘈雜運轉。目前網上提供的方法或許能夠解決前期問題,但對最新的變種現象無能為力,
Ctrl+Alt+Delete停止spoolsv.exe執行工作

重新啟動電腦進入安全模式,在C:/windows/system32/移除spoolsv.exe(或可用搜尋方式移除C碟所有同名文件)

執行regedit,用尋找方式找到並移除所有spoolsv文件。

我的電腦點擊右鍵,選項管理,服務,禁用print spooler服務(目前網上提供的方法僅到此)

重新啟動電腦進入系統一般模式,你會發現電腦還是處於高速運轉,但在搜尋中已找不到任何spoolsv相關文件。

Ctrl+Alt+Delete,你可以在工作中找到一個名為inter的後台執行程序,將其關閉即可。

強烈建議在套用以上步驟解決問題之後,執行反木馬程序掃瞄並移除感染文件。


1 卸載 中搜,酷站導航

2 關閉所有視窗 ===〉執行sreng.exe ===〉啟動項目 ===〉註冊表 ===〉選下面的項目 ===〉移除
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<CdnCtr><; "C:\Program Files\SearchNet\ServeUp.exe"> []
<FeiyingUpdate><; C:\DOCUME~1\chn\LOCALS~1\Temp\~exB.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<SearchNet_Up><; "C:\Program Files\SearchNet\ServeUp.exe"> []

3 系統修復 ===〉瀏覽器載入項 ===〉選下面的項目 ===〉移除所選內容
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[NaviHelperObj Class]
{3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINDOWS\system32\NaviHelper.dll, N/A>
[QuickBtn]
{D1BB7CF4-4463-4E91-88D7-ECC3CE0A13B7} <C:\Program Files\CoolWebsite\QuickLink.dll, N/A>

4 重新啟動動進入安全模式(開機按F8,在等待介面選項「安全模式」),移除資料夾:
C:\Program Files\SearchNet
C:\Program Files\CoolWebsite
文件:
C:\DOCUME~1\chn\LOCALS~1\Temp\~exB.exe
C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL
C:\WINDOWS\system32\NaviHelper.dll
並清空臨時資料夾
刪不掉的文件請使用 置頂帖子 中的 killbox 輔助處理。
執行 killbox.exe ===〉在「要移除的文件的完整路徑」中填入該檔案 ===〉移除文件

5 重新啟動動回到正常模式,用 惡意軟體清理助手 輔助清理剩餘的文件。
執行RogueCleaner.exe ===〉關閉所有視窗,僅保留RogueCleaner ===〉系統清理 ===〉惡意軟體清理 ===〉開始檢測 ===〉勾選「使用強制清理模式」 ===〉開始清理

6 關於 中搜 的訊息還請再看看 cyberarmy 版主的帖子。





====================================================================
如果已經正常處理了有害程序,且不再出現問題的話,將標題標籤改為【已解決】。

psac 2006-07-24 01:20 AM

Q:

中了Adware.Dinkum.a,大家幫幫忙啊

如題,瑞星清了幾次都沒成工大家幫幫忙啊
附System Repair 報告:
2006-07-23,19:22:53

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選:
所有的啟動項目(包括註冊表、啟動檔案夾、服務等)
瀏覽器載入項
正在執行的工作(包括工作模組訊息)
文件關聯


啟動項目
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SKYNET Personal FireWall><C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe> [廣州眾達天網技術有限公司]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\Windows\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Themes]
<WinlogonNotify: Themes><C:\WINDOWS\system32\m0rmla911d.dll> []
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><; F:\7\7\Kv2006\KVSCRK~1.SCR> [Jiangmin Co.Ltd]

==================================
啟動檔案夾
服務
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[User Profile Hive Cleanup / UPHClean]
<C:\Program Files\UPHClean\uphclean.exe><Microsoft Corporation>

==================================
瀏覽器載入項
[微軟]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.microsoft.com/china/index.htm, N/A>
[啟動Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\QQ2005\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\QQ2005\QQIEHelper.dll, N/A>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_010.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A>
[超級兔子上網精靈]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <, N/A>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\QQ2005\QQIEHelper.dll, N/A>
[超級兔子上網精靈]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <, N/A>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <F:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin06.dll, Thunder Networking Technologies,LTD>
[Microsoft Web 瀏覽器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <f:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下載]
<f:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下載全部連接]
<f:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上傳到QQ網路硬碟]
<D:\Program Files\QQ2005\AddToNetDisk.htm, N/A>
[增加到QQ自訂面板]
<D:\Program Files\QQ2005\AddPanel.htm, N/A>
[增加到QQ表情]
<D:\Program Files\QQ2005\AddEmotion.htm, N/A>
[用QQ彩信傳送該圖片]
<D:\Program Files\QQ2005\SendMMS.htm, N/A>

==================================
正在執行的工作
[PID: 1740][C:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\mwjet40.dll] <N/A><N/A>
[C:\WINDOWS\system32\DRWEBSP.DLL] <Doctor Web, Ltd.><4.33.0.09160>
[PID: 312][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[C:\WINDOWS\system32\mwjet40.dll] <N/A><N/A>
[PID: 580][C:\Program Files\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[PID: 1060][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1164][C:\Program Files\Rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 30>
[C:\Program Files\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
[C:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 3144][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\DRWEBSP.DLL] <Doctor Web, Ltd.><4.33.0.09160>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\WINDOWS\system32\vsfilter.dll] <Gabest><1, 0, 0, 9>
[C:\Program Files\ffdshow\ffdshow.ax] <N/A><1, 0, 0, 1>
[PID: 1004][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A>
[PID: 2864][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3456][C:\DOCUME~1\212\LOCALS~1\Temp\Rar$EX05.499\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\system32\DRWEBSP.DLL] <Doctor Web, Ltd.><4.33.0.09160>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================



A:
1. 找出以下檔案,上傳到 VirusTotal ,並在此貼上掃瞄結果
C:\WINDOWS\system32\mwjet40.dll

2.
a) 下載F-Look2Me ,儲存到桌面上
b) 把f-look2me.zip壓縮包解開到桌面,執行 f-look2me.exe , 按 Y 繼續
c) F-Look2Me 找到 Look2Me 後, 會提示你要重新啟動
d) 重新啟動電腦後,把 F-Look2Me.log (不是f-look2me.txt) 的內容貼上來,並掃瞄一個新的HijackThis log上來



Q:



我執行Look2Me 都沒有重新啟動
日誌是
2006-06-23 19:34:44 INFO Look2Me was not found.
2006-06-23 19:35:20 INFO F-Look2Me Removal Tool ver 1.00.0
2006-06-23 19:35:20 INFO Copyright (c) 2006, F-Secure Corporation. All rights reserved.
2006-06-23 19:35:20 WARN Disclaimer of Warranty on Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND. F-SECURE EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
2006-06-23 19:35:20 WARN For full license terms please visit:
2006-06-23 19:35:20 WARN http://www.f-secure.com/products/license-terms/
2006-06-23 19:35:23 INFO Agreed.
2006-06-23 19:35:23 INFO Look2Me was not found.


這是HijackThis log
Logfile of HijackThis v1.99.1
Scan saved at 19:37:43, on 2006-7-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\conime.exe
f:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\212\桌面\hijackthis\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下載 - f:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下載全部連接 - f:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上傳到QQ網路硬碟 - D:\Program Files\QQ2005\AddToNetDisk.htm
O8 - Extra context menu item: 增加到QQ自訂面板 - D:\Program Files\QQ2005\AddPanel.htm
O8 - Extra context menu item: 增加到QQ表情 - D:\Program Files\QQ2005\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信傳送該圖片 - D:\Program Files\QQ2005\SendMMS.htm
O9 - Extra button: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing)
O9 - Extra 'Tools' menuitem: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing)
O9 - Extra button: 啟動Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 啟動Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE
O9 - Extra 'Tools' menuitem: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE
O9 - Extra button: QQ炫彩工具條設定 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2005\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具條設定 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2005\QQIEHelper.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DD48FA2-2895-4116-8CAD-CA0273BB7FFB}: NameServer = 60.191.244.5 60.191.244.2
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\m0rmla911d.dll
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe




A:


VirusTotal 的掃瞄結果是
STATUS: FINISHEDComplete scanning result of "mwjet40.dll", received in VirusTotal at 07.23.2006, 14:02:18 (CET).

Antivirus Version Update Result
AntiVir n - no virus found
Authentium n - no virus found
Avast n - no virus found
AVG n - no virus found
BitDefender n - no virus found
CAT-QuickHeal n - no virus found
ClamAV n - no virus found
DrWeb n - no virus found
eTrust-InoculateIT n - no virus found
eTrust-Vet n - no virus found
Ewido n - no virus found
Fortinet n - no virus found
F-Prot n - no virus found
F-Prot4 n - no virus found
Ikarus n - no virus found
Kaspersky n - no virus found
McAfee n - no virus found
Microsoft n - no virus found
NOD32v2 n - no virus found
Norman n - no virus found
Panda n - no virus found
Sophos n - no virus found
Symantec n - no virus found
TheHacker n - no virus found
UNA n - no virus found
VBA32 n - no virus found
VirusBuster n - no virus found




Q:

等待中,拜託高手了,急啊

A:

QUOTE:
引用第2樓7385587於2006-07-23 20:03發表的「」:
我執行Look2Me 都沒有重新啟動
日誌是
2006-06-23 19:34:44 INFO Look2Me was not found.
2006-06-23 19:35:20 INFO F-Look2Me Removal Tool ver 1.00.0
2006-06-23 19:35:20 INFO Copyright (c) 2006, F-Secure Corporation. All rights reserved.
.......


按 [Copy to clipboard] 複製以下所有文字

CODE:
Files to delete:
C:\WINDOWS\system32\m0rmla911d.dll

Registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Themes
[Copy to clipboard]


The Avenger
a) 下載 The Avenger,儲存到桌面並解開壓縮包
b) 執行 The Avenger , 按 Input script manually 再按 放大鏡
c) 按 Ctrl + V/右click貼上剛才複製的內容 ,按 Done ,按 綠燈 開始,當有提示彈出, 按 Yes 兩次
d) The Avenger 會重新啟動你的電腦大約一至兩次,如果重新啟動時有黑色視窗彈出,這是正常情況
e) 當重新啟動後,把 C:\avenger.txt 的內容貼上來,並請同時掃瞄一個新的HijackThis log上來




Q:


打不開放大鏡啊提示:
error:could not open script file. please verify that path name is vaild and file exists

-------------
鋼材錯了,可以執行的


avenger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\osbbdghh

*******************

Script file located at: \??\C:\Documents and Settings\tnvqyutu.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\m0rmla911d.dll not found!
Deletion of file C:\WINDOWS\system32\m0rmla911d.dll failed!

Could not process line:
C:\WINDOWS\system32\m0rmla911d.dll
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Themes not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Themes failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.



HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 20:43:38, on 2006-7-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\212\桌面\hijackthis\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下載 - f:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下載全部連接 - f:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上傳到QQ網路硬碟 - D:\Program Files\QQ2005\AddToNetDisk.htm
O8 - Extra context menu item: 增加到QQ自訂面板 - D:\Program Files\QQ2005\AddPanel.htm
O8 - Extra context menu item: 增加到QQ表情 - D:\Program Files\QQ2005\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信傳送該圖片 - D:\Program Files\QQ2005\SendMMS.htm
O9 - Extra button: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing)
O9 - Extra 'Tools' menuitem: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing)
O9 - Extra button: 啟動Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 啟動Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE
O9 - Extra 'Tools' menuitem: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE
O9 - Extra button: QQ炫彩工具條設定 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2005\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具條設定 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2005\QQIEHelper.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DD48FA2-2895-4116-8CAD-CA0273BB7FFB}: NameServer = 60.191.244.5 60.191.244.2
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\naapi32.dll
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe



A:


...奇怪

a) 下載Look2Me-Destroyer ,儲存到 C:\
b) 執行 Look2Me-Destroyer.exe , 在 Run this program as a task 打勾,之後會提示你過一會就會自動再次執行
c) 當 Look2Me-Destroyer 自動執行,按 Scan for L2M button,這時候你的桌面圖示可能會消失
d) 掃瞄完成後,按 Remove L2M button ,當完成後, Look2Me-Destroyer 會提示你將會關閉電腦
e) 電腦關閉後,再次啟動你的電腦,把桌面Look2Me-Destroyer.txt 或C:\Look2Me-Destroyer.txt 的內容貼上來,並掃瞄一個新的HijackThis log上來

PS:
如果過一會(大約一至兩分鍾)不會自動再次執行
請驗證
-電腦時間格式為 H:mm:ss
-Look2Me-Destroyer.exe放在C:\






Q:





Look2Me-Destroyer日誌:
Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 2006-7-23 21:20:27

Infected! C:\WINDOWS\system32\naapi32.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\naapi32.dll
C:\WINDOWS\system32\naapi32.dll Deleted successfully!

Making registry repairs.


Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D290EBBB-76A0-48B1-B894-3E5E7A8E236E}"
HKCR\Clsid\{D290EBBB-76A0-48B1-B894-3E5E7A8E236E}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5EA8FC6F-FF5F-47E1-A34F-C19B85830638}"
HKCR\Clsid\{5EA8FC6F-FF5F-47E1-A34F-C19B85830638}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{222CFF09-A539-4E70-83C2-64269DA2F7BD}"
HKCR\Clsid\{222CFF09-A539-4E70-83C2-64269DA2F7BD}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{40180886-B9C9-48DD-A53A-A6CB46FDD425}"
HKCR\Clsid\{40180886-B9C9-48DD-A53A-A6CB46FDD425}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2FACA6B4-778C-4224-9D5A-249E9B889CF6}"
HKCR\Clsid\{2FACA6B4-778C-4224-9D5A-249E9B889CF6}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1481D568-5A0F-4D63-A7FB-E9FCE2188BF9}"
HKCR\Clsid\{1481D568-5A0F-4D63-A7FB-E9FCE2188BF9}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B39636E6-581A-4CAB-905F-95EC4518B13C}"
HKCR\Clsid\{B39636E6-581A-4CAB-905F-95EC4518B13C}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{DC411158-F158-4867-9287-38B7C75CFF82}"
HKCR\Clsid\{DC411158-F158-4867-9287-38B7C75CFF82}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

hijackthis日誌:

Logfile of HijackThis v1.99.1
Scan saved at 21:26:07, on 2006-7-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Rising\Rav\RavMon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\212\桌面\hijackthis\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe
O4 - HKLM\..\Run: [RavTask] "D:\瑞星殺毒\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下載 - f:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下載全部連接 - f:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上傳到QQ網路硬碟 - D:\Program Files\QQ2005\AddToNetDisk.htm
O8 - Extra context menu item: 增加到QQ自訂面板 - D:\Program Files\QQ2005\AddPanel.htm
O8 - Extra context menu item: 增加到QQ表情 - D:\Program Files\QQ2005\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信傳送該圖片 - D:\Program Files\QQ2005\SendMMS.htm
O9 - Extra button: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing)
O9 - Extra 'Tools' menuitem: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing)
O9 - Extra button: 啟動Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 啟動Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE
O9 - Extra 'Tools' menuitem: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE
O9 - Extra button: QQ炫彩工具條設定 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2005\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具條設定 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2005\QQIEHelper.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DD48FA2-2895-4116-8CAD-CA0273BB7FFB}: NameServer = 60.191.244.5 60.191.244.2
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe



A:



QUOTE:
引用第10樓7385587於2006-07-23 21:30發表的「」:
Look2Me-Destroyer日誌:
Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 2006-7-23 21:20:27
.......


哈哈~~Look2Me 已經清除了~~
你有沒有裝過Dr.Web??


Q:

沒啊,還是第一次聽到Dr.Web,他是什麼用的?


A:





Re:【求助】中了Adware.Dinkum.a,大家幫幫忙啊


QUOTE:
引用第12樓7385587於2006-07-23 21:51發表的「」:
沒啊,還是第一次聽到Dr.Web,他是什麼用的?


奇怪~~為什麼你有Dr.Web/Virus Chaser的東西.....
Suggest你把drwebsp.dll清除

1. 下載 LSPFix 並儲存到桌面
2. 執行 LSPFix , 在 I know what I'm doing 打勾
3. 把 drwebsp.dll 放到 右邊 Remove, 按 Finish
4. 重新啟動電腦即可

psac 2006-08-03 03:04 PM

Q:

【求助】碰到流氓網站:嘟呲實用導航

更改我的主頁, 怎麼刪都刪不掉。用超級兔子也修復不了。
這年頭上網怎麼到處都是流氓軟件,流氓網站啊!!!

A:





1.下載最新官方版本System Repair Engineer :
http://www.kztechs.com/sreng/download.html
使用方法: 解壓到隨意資料夾,執行SREng.exe,點擊"智慧式掃瞄"->"掃瞄"->"儲存報告".然後把報告發上來供高手分析.



Q:

2006-08-03,12:37:20

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<bgswitch><C:\WINDOWS\system32\bgswitch.exe> []
<OM_Monitor><C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart> [OLYMPUS IMAGING CORP.]
<Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<DAEMON Tools><"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033> [DT Soft Ltd.]
<ATIModeChange><Ati2mdxx.exe> [ATI Technologies, Inc.]
<ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
<Smapp><C:\Program Files\Analog Devices\SoundMAX\SMTray.exe> [Analog Devices, Inc.]
<BigDogPath><C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera> []
<vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<Acrobat Assistant 7.0><"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"> [Adobe Systems Inc.]
<OM_Monitor><C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe> [OLYMPUS IMAGING CORP.]
<NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<Vistadrv><C:\Program Files\Vista\systool\Vistadrive\vsdrv.exe> []
<Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
<SKYNET Personal FireWall><C:\Program Files\SkyNet\FireWall\PFW.exe> [廣州眾達天網技術有限公司]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll> []

==================================
啟動資料夾
[Adobe Acrobat Speed Launcher]
<C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Adobe Acrobat Speed Launcher.lnk><N>
[Flash Video]
<C:\Documents and Settings\Administrator\「開始」表菜單\程式\啟動\Flash Video.lnk><N>

==================================
服務
[Adobe LM Service / Adobe LM Service]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\system32\Ati2evxx.exe><N/A>
[DefWatch / DefWatch]
<C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[kavsvc / kavsvc]
<C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe><Kaspersky Lab>
[Symantec AntiVirus Client / Norton AntiVirus Server]
<C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>

==================================
瀏覽器載入項
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[AcroIEToolbarHelper Class]
{AE7CD045-E861-484f-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[使用網文快捕儲存當前網頁...]
{0246d4c7-57d6-41eb-ae55-cc9a883929da} <, N/A>
[使用網文快捕儲存...]
{0246d4c7-57d6-41eb-ae55-cc9a883929db} <, N/A>
[]
{0246d4c7-57d6-41eb-ae55-cc9a883929de} <C:\Program Files\WebCatcher\WebCatcher.exe, Wizissoft>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[Easy-WebPrint]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} <C:\Program Files\Canon\Easy-WebPrint\Toolband.dll, >
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[金山快譯(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2006\IEBand.dll, 金山軟件股份有限公司>
[WebActivater Control]
{3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\system32\WEBACT~1.OCX, QQ>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Easy-WebPrint]
{327C2873-E90D-4C37-AA9D-10AC9BABA46C} <C:\Program Files\Canon\Easy-WebPrint\Toolband.dll, >
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[金山快譯(&K)]
{6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2006\IEBand.dll, 金山軟件股份有限公司>
[Microsoft Web 瀏覽器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[AcroIEToolbarHelper Class]
{AE7CD045-E861-484F-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[使用網際快車下載]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用網際快車下載全部鏈接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[轉換為 Adobe PDF]
<res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[轉換為現有 PDF]
<res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[轉換選定的鏈接為 Adobe PDF]
<res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[轉換選定的鏈接為現有 PDF]
<res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[轉換選項為 Adobe PDF]
<res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[轉換選項為現有 PDF]
<res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[轉換鏈接目標為 Adobe PDF]
<res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[轉換鏈接目標為現有 PDF]
<res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>

==================================
正在執行的工作行程
[PID: 476][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 536][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 560][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\WINDOWS\system32\NavLogon.dll] <N/A><N/A>
[PID: 612][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 624][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 780][C:\WINDOWS\system32\Ati2evxx.exe] <N/A><N/A>
[PID: 792][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 844][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 892][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 1356][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 1384][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 1536][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\Program Files\Tencent\QQ\Messenger.dll] <N/A><N/A>
[C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><6.0.1.2003110300>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS] <Adobe Systems, Inc.><7.0.0.0>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><8.1.0.821>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.142.1>
[C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll] <Adobe Systems Inc.><7.0.0.2004121400\0>
[C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.chs] <Adobe Systems Inc.><7.0.0.2004121400\0>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[PID: 1676][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\WINDOWS\system32\AdobePDF.dll] <Adobe Systems Incorporated.><7.0.0.00>
[C:\Program Files\Adobe\Acrobat 7.0\Distillr\AdistRes.CHS] <N/A><N/A>
[C:\WINDOWS\system32\CNMLM52.DLL] <CANON INC.><1.70.2.2>
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD52.DLL] <CANON INC.><1.70.2.2>
[PID: 1940][C:\Program Files\DAEMON Tools\daemon.exe] <DT Soft Ltd.><4.03.0.0>
[C:\Program Files\DAEMON Tools\daemon.dll] <DT Soft Ltd.><4.03.0.0>
[C:\Program Files\DAEMON Tools\PFCTOC.DLL] <Padus(R), Inc.><1, 0, 0, 12>
[C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll] <N/A><1.0.6.0>
[C:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll] <GENERIC><1.10.0.0>
[C:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll] <GENERIC><1.12.0.0>
[C:\Program Files\DAEMON Tools\Plugins\Images\nrgmount.dll] <GENERIC><1.11.0.0>
[C:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll] <GENERIC><1.01.0.0>
[PID: 1956][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] <ATI Technologies, Inc.><6.14.10.5061>
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] <ATI Technologies, Inc.><6.14.10.5061>
[C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS] <ATI Technologies, Inc.><6.14.10.5061>
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] <ATI Technologies, Inc.><6.14.10.5061>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 1968][C:\Program Files\Analog Devices\SoundMAX\SMTray.exe] <Analog Devices, Inc.><3, 2, 18, 0>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 1976][C:\WINDOWS\VM_STI.EXE] <VM.><4.2.610.4>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\WINDOWS\system32\VM31bPrp.Ax] <VM><4.2.711.31>
[PID: 1984][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] <Symantec Corporation><8.1.0.821>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><8.1.0.821>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[PID: 1996][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3208>
[PID: 2016][C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe] <Adobe Systems Inc.><6.0.1.2004121400>
[C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.chs] <Adobe Systems Inc.><6.0.0.0>
[PID: 256][C:\Program Files\Tencent\QQ\Messenger.exe] <N/A><N/A>
[PID: 344][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 408][C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe] <Symantec Corporation><8.1.0.821>
[PID: 524][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] <Microsoft Corporation><7.00.9466>
[PID: 740][C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe] <Symantec Corporation><8.1.0.821>
[C:\WINDOWS\system32\CBA.DLL] <Intel? Corporation><6.12.0.105 E>
[C:\WINDOWS\system32\MsgSys.dll] <Intel? Corporation><6.12.0.105 E>
[C:\WINDOWS\system32\NTS.dll] <Intel? Corporation><6.12.0.105 E>
[C:\WINDOWS\system32\PDS.DLL] <Intel? Corporation><6.12.0.105 E>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll] <Symantec Corporation><8.1.0.821>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll] <Symantec Corporation><8.1.0.821>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL] <Symantec Corp.><4.2.0.7>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060726.039\NAVEX32a.DLL] <Symantec Corporation><20061.2.0.24>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060726.039\NAVENG32.DLL] <Symantec Corporation><20061.2.0.24>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL] <Symantec Corporation><9.1.0.26>
[PID: 1056][C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe] <Adobe Systems Incorporated><7.0.0.0>
[PID: 1068][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] <Analog Devices, Inc.><3, 2, 6, 0>
[PID: 1076][C:\Program Files\flvplayer\flvplayer.exe] <N/A><N/A>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 1960][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 228][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 216][C:\Program Files\Chinanet\VnetClient.exe] <><2005, 11, 14, 1>
[C:\Program Files\Chinanet\Communicate.dll] <0><2005, 3, 3, 1>
[C:\Program Files\Chinanet\DialModule.dll] <GDCN><2005, 11, 15, 1>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\PROGRA~1\Chinanet\CLIENT~1.DLL] <><2004, 2, 28, 1>
[C:\PROGRA~1\Chinanet\PLUGIN~1.OCX] <><2005, 7, 27, 1>
[C:\PROGRA~1\Chinanet\sign.dll] <0><2004, 12, 1, 1>
[C:\PROGRA~1\Chinanet\PostPlug.dll] <><2004, 12, 16, 2>
[C:\PROGRA~1\Chinanet\ADVERT~1.OCX] <><2005, 10, 13, 1>
[C:\PROGRA~1\Chinanet\VnetBs.ocx] <><2004, 11, 18, 1>
[C:\PROGRA~1\Chinanet\ACCOUN~2.DLL] <><2005, 11, 14, 1>
[C:\PROGRA~1\Chinanet\AccountMgr.dll] <><2005, 11, 14, 17>
[C:\PROGRA~1\Chinanet\VnetSkin.ocx] <GDDC><2005, 11, 14, 1>
[C:\PROGRA~1\Chinanet\DialogStyle.dll] <><1, 0, 0, 1>
[C:\PROGRA~1\Chinanet\Timer.ocx] <><2005, 10, 9, 14>
[C:\PROGRA~1\Chinanet\PLUGIN~2.OCX] <><2005, 2, 24, 1>
[C:\PROGRA~1\Chinanet\NEWMES~1.DLL] <><2005, 8, 26, 1>
[C:\PROGRA~1\Chinanet\PassCtrl.dll] <><1, 0, 0, 1>
[C:\PROGRA~1\Chinanet\PlugPush.dll] <><2004, 12, 21, 1>
[C:\PROGRA~1\Chinanet\ALLINT~1.DLL] <><2004, 11, 23, 1>
[C:\PROGRA~1\Chinanet\VNETLO~1.OCX] <><2005, 10, 9, 1>
[C:\PROGRA~1\Chinanet\StatNum.dll] <><2004, 11, 18, 1>
[C:\PROGRA~1\Chinanet\VNETON~1.OCX] <><2005, 3, 2, 1>
[C:\PROGRA~1\Chinanet\ALLFUN~1.DLL] <GDCN><2005, 10, 9, 1>
[C:\PROGRA~1\Chinanet\VnetOptLog.dll] <><2005, 9, 13, 9>
[C:\WINDOWS\system32\IeFilter.dll] <N/A><N/A>
[C:\PROGRA~1\Chinanet\DlgSkin.ocx] <><2005, 11, 14, 1>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 2428][C:\GreenBrowserV3.4\GreenBrowser.exe] <MoreQuick><1, 0, 0, 0>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 2972][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 3056][C:\Documents and Settings\Administrator\My Documents\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者




A:

再次執行 System Repair Engineer 在「啟動專案」->「註冊表」中刪除下面專案

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []


C:\Program Files\Tencent\QQ\Messenger.exe <--刪除此文件
C:\Program Files\Tencent\QQ\Messenger.dll <--刪除此文件


下載Dr.Web CureIT! 免費掃瞄器,包含最新病毒庫,可以檢測清除病毒
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
自解壓格式,下載後直接執行cureit.exe,或者右鍵解壓縮後執行其中的_start.exe

先按「確定」進行「Start Express Scan」
執行殺毒,先會自動掃瞄記憶體工作行程和啟動項,自動掃瞄結束後,用滑鼠選中所有的硬碟分區再次殺毒.
最後把殺毒報告發上來,開始->執行 %USERPROFILE%\DoctorWeb\CureIt.log

psac 2006-08-03 03:06 PM

Q:


求助】幫我看看我的報告~

2006-08-03,14:02:15

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<avgnt><"D:\AntiVir PersonalEdition Classic\avgnt.exe" /min> [Avira GmbH]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><KB235780M.LOG> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]

==================================
啟動資料夾
服務
[AntiVir PersonalEdition Classic Scheduler / AntiVirScheduler]
<D:\AntiVir PersonalEdition Classic\sched.exe><Avira GmbH>
[AntiVir PersonalEdition Classic Guard / AntiVirService]
<D:\AntiVir PersonalEdition Classic\avguard.exe><AVIRA GmbH>
[LexBce Server / LexBceS]
<C:\WINDOWS\system32\LEXBCES.EXE><Lexmark International, Inc.>
[Local Security Authority Subsystem Service / lsass]
<><N/A>
[Network Monitor / Network Monitor]
<C:\Program Files\Network Monitor\netmon.exe service><N/A>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[VKTServ / VKTServ]
<C:\WINDOWS\System32\VKTServ.exe><N/A>
[Microsoft Windows HelpFile / Windows Helpfile]
<><N/A>

==================================
瀏覽器載入項
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr1.dll, Tencent>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[訊息檢索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[金山快譯(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\PROGRA~1\Kingsoft\FASTAI~1\IEBand.dll, >
[UCmore XP - The Search Accelerator]
{44BE0690-5429-47f0-85BB-3FFD8020233E} <C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll, Effective-i Inc.>
[電台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[上傳到QQ網路硬碟]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[新增到QQ自定義面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[新增到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信發送該圖片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在執行的工作行程
[PID: 420][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 484][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 508][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 552][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 564][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 732][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 784][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 964][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 976][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1092][C:\WINDOWS\system32\LEXBCES.EXE] <Lexmark International, Inc.><9.42>
[C:\WINDOWS\system32\lexp2p32.dll] <Lexmark International, Inc.><9.42>
[C:\WINDOWS\system32\lex2kusb.dll] <Lexmark International, Inc.><9.42>
[PID: 1128][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.1699 (xpsp2.050610-1533)>
[C:\WINDOWS\system32\LEXLMPM.DLL] <Lexmark International, Inc.><96.9.42>
[C:\WINDOWS\system32\LexBce.dll] <Lexmark International, Inc.><9.42>
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LVBZPP5C.dll] <Lenovo (Beijing) Ltd.><1.0.2.3>
[C:\WINDOWS\system32\LVBZpwr.dll] <Lenovo (Beijing) Ltd.><1, 0, 1, 0>
[PID: 1132][C:\WINDOWS\system32\LEXPPS.EXE] <Lexmark International, Inc.><9.42>
[C:\WINDOWS\system32\LEXBCE.DLL] <Lexmark International, Inc.><9.42>
[PID: 1872][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
[C:\WINDOWS\System32\nvshell.dll] <NVIDIA Corporation><6.14.10.5303>
[C:\WINDOWS\System32\NVWRSZHC.DLL] <NVIDIA Corporation><6.14.10.5303>
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] <Tencent><4, 1, 8, 81>
[PID: 1976][D:\AntiVir PersonalEdition Classic\sched.exe] <Avira GmbH><7.00.00.17>
[D:\AntiVir PersonalEdition Classic\schedr.dll] < Avira GmbH><7.00.00.04>
[PID: 2036][D:\AntiVir PersonalEdition Classic\avguard.exe] <AVIRA GmbH><7.00.00.29>
[D:\AntiVir PersonalEdition Classic\GUARDMSG.DLL] <H+BEDV Datentechnik GmbH><7.00.00.04>
[D:\AntiVir PersonalEdition Classic\AVPREF.DLL] <Avira GmbH><7.00.00.01>
[D:\AntiVir PersonalEdition Classic\SMTPLIB.DLL] <Avira GmbH><1.02.00.08>
[D:\AntiVir PersonalEdition Classic\AVEWIN32.DLL] <Avira GmbH><7.1.1.0>
[PID: 192][C:\Program Files\Network Monitor\netmon.exe] <N/A><N/A>
[PID: 200][C:\WINDOWS\System32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.5303>
[PID: 232][D:\AntiVir PersonalEdition Classic\avgnt.exe] <Avira GmbH><7.00.00.10>
[D:\AntiVir PersonalEdition Classic\avgcmxp.dll] <Avira GmbH><7.00.00.09>
[PID: 236][C:\WINDOWS\System32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 268][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 1696][C:\Program Files\寬帶上網助手\Apa2.exe] <Linkage System Intergrated><1, 0, 0, 9>
[PID: 1764][C:\WINDOWS\System32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 388][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] <Tencent><4, 1, 8, 81>
[C:\Program Files\Tencent\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5>
[PID: 1428][F:\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

問題
電腦有點卡~



A:


再次執行 System Repair Engineer 在下面啟動項處點編輯按鈕,刪除其中的內容
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><KB235780M.LOG> []


有什麼問題請文字說明





Q:


圖片:
http://bbs.crsky.com/1128632305/Mon_0608/64_129820_82a344ac27168c5.jpg

圖片:
http://bbs.crsky.com/1128632305/Mon_0608/64_129820_bb4bc750ed877b6.jpg

圖片:
http://bbs.crsky.com/1128632305/Mon_0608/64_129820_679ff285f0bde28.jpg

圖片:
http://bbs.crsky.com/1128632305/Mon_0608/64_129820_15d844555f4ac64.jpg

QUOTE:
引用第2樓Bon Jovi2006-08-03 14:35發表的「」:
再次執行 System Repair Engineer 在下面啟動項處點編輯按鈕,刪除其中的內容
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWindows]
[]
.......
那個我在殺毒的時候好像被刪了
但是啟動項好像還是弄不掉


A:


在下面啟動項處點編輯按擊<AppInit_DLLs>

在「值」這一項中,刪除 KB235780M.LOG 這幾個字母,然後確定

psac 2006-09-02 12:10 AM

Q:


【求助】IE老彈廣告。請大家進來看看!附日誌!

2006-09-01,22:19:30

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<McAfeeUpdaterUI><"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey> [Network Associates, Inc.]
<Network Associates Error Reporting Service><"C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"> [Network Associates, Inc.]
<ShStatEXE><"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE> [Network Associates, Inc.]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> []
<CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32> [北京三七二一科技有限公司]
<DAEMON Tools-2052><; ; "C:\Program Files\D-Tools\daemon.exe" -lang 2052> []
<helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> []
<IMJPMIG8.1><; ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<NvMediaCenter><; ; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<nwiz><; ; nwiz.exe /install> []
<PHIME2002A><; ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<SunJavaUpdateSched><; C:\Program Files\Java\jre1.5.0\bin\jusched.exe> [Sun Microsystems, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]

==================================
啟動資料夾
服務
[Adobe LM Service / Adobe LM Service]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Computer Storage / BUZOR]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[McAfee Framework 服務 / McAfeeFramework]
<C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart><Network Associates, Inc.>
[Network Associates McShield / McShield]
<"C:\Program Files\Network Associates\VirusScan\Mcshield.exe"><Network Associates, Inc.>
[Network Associates Task Manager / McTaskManager]
<"C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"><Network Associates, Inc.>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
瀏覽器載入項
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v3.dll, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <d:\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[IEYHlprObj Class]
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation>
[Schedule Class]
{8B316DA1-9950-4926-B9EA-1AEC124AFA45} <C:\WINDOWS\system32\sscli.dll, >
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[EastAliveObj Class]
{A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, Eastday Corporation>
[T2BHO Class]
{B1D147E7-873E-4909-8127-695D9BB78728} <C:\WINDOWS\Downloaded Program Files\barhelp24.0.dll, N/A>
[tscgm Class]
{D11D0862-0390-4884-A95C-4702D0D4C11A} <C:\WINDOWS\system32\coredrv32.dll, >
[易得優播放器]
{009541A0-3B81-101C-92F3-040224009C04} <C:\Program Files\edusoft\SWFBROWER\swfbrowse.exe, 易得優軟件>
[Java Plug-in 1.5.0]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, Sun Microsystems, Inc.>
[浩方對戰平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <E:\軟件\浩方對戰平台\GameClient.exe, 上海浩方線上訊息技術有限公司>
[比較購物搜索(&C)]
{A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} <C:\WINDOWS\YayaBands.dll, Eastday Corporation>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <d:\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[BitCometBar]
{3F1ABCDB-A875-46c1-8345-B72A4567E486} <d:\BitComet\BitCometBar\BitCometBar0.2.dll, N/A>
[MMCPlayer Class]
{05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[Java Plug-in 1.5.0]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, Sun Microsystems, Inc.>
[estInsObj Class]
{A927C078-E82F-471B-83F5-3D1504F7D01B} <C:\WINDOWS\estAlive.dll, Eastday Corporation>
[Java Plug-in 1.5.0]
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v3.dll, >
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[BitCometBar]
{3F1ABCDB-A875-46C1-8345-B72A4567E486} <d:\BitComet\BitCometBar\BitCometBar0.2.dll, N/A>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <d:\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[IEYHlprObj Class]
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Schedule Class]
{8B316DA1-9950-4926-B9EA-1AEC124AFA45} <C:\WINDOWS\system32\sscli.dll, >
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[EastAliveObj Class]
{A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, Eastday Corporation>
[T2BHO Class]
{B1D147E7-873E-4909-8127-695D9BB78728} <C:\WINDOWS\Downloaded Program Files\barhelp24.0.dll, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[3721]
{B83FC273-3522-4CC6-92EC-75CC86678DA4} <C:\WINDOWS\Downloaded Program Files\CnsMin.dll, 北京三七二一科技有限公司>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[tscgm Class]
{D11D0862-0390-4884-A95C-4702D0D4C11A} <C:\WINDOWS\system32\coredrv32.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下載]
<D:\Thunder\geturl.htm, N/A>
[&使用迅雷下載全部鏈接]
<D:\Thunder\getAllurl.htm, N/A>
[上傳到QQ網路硬碟]
<D:\QQ\AddToNetDisk.htm, N/A>
[新增到QQ自定義面板]
<D:\QQ\AddPanel.htm, N/A>
[新增到QQ表情]
<D:\QQ\AddEmotion.htm, N/A>
[用QQ彩信發送該圖片]
<D:\QQ\SendMMS.htm, N/A>
[用比特精靈下載(&B)]
<D:\BitSpirit\bsurl.htm, N/A>
[秦皇島教育網]
<, N/A>

==================================
正在執行的工作行程
[PID: 416][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 636][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 668][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 712][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277>
[PID: 724][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277>
[PID: 880][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277>
[PID: 944][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277>
[PID: 1040][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277>
[PID: 1076][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277>
[PID: 1176][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277>
[PID: 1488][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277>
[C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.8420>
[C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.8420>
[C:\WINDOWS\system32\nvshell.dll] <N/A><N/A>
[C:\WINDOWS\system32\xunleibho_v3.dll] <><4, 3, 1, 28>
[C:\WINDOWS\system32\sscli.dll] <><5, 0, 2195, 6696>
[C:\WINDOWS\system32\WinSC32.dll] <N/A><N/A>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\Network Associates\VirusScan\shext.dll] <Network Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\RES04\ShExtRes.dll] <Network Associates, Inc.><8.0.0.912>
[PID: 1528][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1648][C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\nailog.dll] <Network Associates, Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] <Network Associates, Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\naXML.dll] <Network Associates, Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\0804\UpdRes.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] <Network Associates, Inc.><3.5.0.412>
[PID: 1676][C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe] <Network Associates, Inc.><2.0.275.0>
[PID: 1684][C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE] <Network Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] <Network Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\naiwmain.dll] <Network Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\RES04\shstat.dll] <Network Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\RES04\Product.dll] <Network Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\RES04\McShield.dll] <Network Associates, Inc.><8.0.0.251>
[C:\Program Files\Network Associates\VirusScan\RES04\Shutilrc.dll] <Network Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\Graphics.dll] <Network Associates, Inc.><8.0.0.912>
[PID: 1744][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 280][C:\Program Files\Network Associates\Common Framework\FrameworkService.exe] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\nailog.dll] <Network Associates, Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\naXML.dll] <Network Associates, Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] <Network Associates, Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\applib.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\Logging.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\InternetManager.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\naInet.dll] <Network Associates, Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\UserSpace.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\Management.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\cmalib.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\Scheduler.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\TCSubSys.dll] <Network Associates, Inc.><3.5.0.412>
[C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277>
[PID: 312][C:\Program Files\Network Associates\VirusScan\Mcshield.exe] <Network Associates, Inc.><8.0.0.251>
[C:\Program Files\Network Associates\VirusScan\Res04\McShield.DLL] <Network Associates, Inc.><8.0.0.251>
[C:\Program Files\Network Associates\VirusScan\FTL.Dll] <Network Associates, Inc.><8.0.0.135>
[C:\Program Files\Network Associates\VirusScan\naiann.dll] <Network Associates, Inc.><8.0.0.251>
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] <Network Associates, Inc.><8.0.0.251>
[C:\Program Files\Network Associates\Common Framework\GenEvtInf.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\VirusScan\NaEventU.DLL] <Network Associates, Inc.><8.0.0.342>
[C:\Program Files\Network Associates\VirusScan\Res04\naEvtRes.dll] <Network Associates, Inc.><8.0.0.342>
[C:\Program Files\Network Associates\VirusScan\VSIDSvr.dll] <Network Associates, Inc.><8.0.0.251>
[C:\Program Files\Common Files\Network Associates\Engine\MCSCAN32.DLL] <McAfee, Inc.><4.4.00>
[C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\VirusScan\EntSrv.Dll] <Network Associates, Inc><8.0.0.277>
[PID: 336][C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe] <Network Associates, Inc.><3.5.0.412>
[C:\PROGRA~1\NETWOR~1\COMMON~1\nailog.dll] <Network Associates, Inc.><3.5.0.474>
[C:\PROGRA~1\NETWOR~1\COMMON~1\naCmnLib.dll] <Network Associates, Inc.><3.5.0.474>
[C:\PROGRA~1\NETWOR~1\COMMON~1\naXML.dll] <Network Associates, Inc.><3.5.0.474>
[C:\PROGRA~1\NETWOR~1\COMMON~1\0804\AgentRes.dll] <Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\VirusScan\VsPlugin.dll] <Network Associates, Inc.><8.0.0.912>
[C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277>
[PID: 480][C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe] <Network Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] <Network Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\naiwmain.dll] <Network Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\naicondl.dll] <Network Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\RES04\VsTskMgr.dll] <Network Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\MIDUtil.Dll] <McAfee, Inc.><8.0.0.152>
[PID: 564][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.8420>
[PID: 840][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1608][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2332][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277>
[PID: 2808][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277>
[C:\WINDOWS\system32\xunleibho_v3.dll] <><4, 3, 1, 28>
[d:\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5>
[C:\WINDOWS\IEYHelper.dll] <Eastday Corporation><1, 0, 0, 13>
[C:\WINDOWS\YayaBands.dll] <Eastday Corporation><1, 0, 0, 5>
[C:\WINDOWS\YayaVerAtl.dll] <Eastday Corporation><1, 0, 0, 48>
[C:\WINDOWS\system32\sscli.dll] <><5, 0, 2195, 6696>
[C:\WINDOWS\system32\WinSC32.dll] <N/A><N/A>
[C:\WINDOWS\estAlive.dll] <Eastday Corporation><1, 0, 0, 7>
[C:\WINDOWS\system32\coredrv32.dll] <><1, 0, 0, 1>
[C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] <Network Associates, Inc.><8.0.0.955>
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] <Network Associates, Inc.><8.0.0.251>
[C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll] <Network Associates, Inc.><8.0.0.251>
[C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll] <McAfee, Inc.><4.4.00>
[PID: 3048][C:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\coredrv32.dll] <><1, 0, 0, 1>
[PID: 1736][E:\軟件\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件關聯
.TXT Error. [notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. [hh.exe %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [notepad.exe %1]
.INF Error. [notepad.exe %1]
.VBS Error. [wscript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================



A:


1. 使用SREng (相關操作說明)
-刪除以下的服務
[Computer Storage / BUZOR]
-刪除以下瀏覽器載入項
[IEYHlprObj Class]
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674}
[Schedule Class]
{8B316DA1-9950-4926-B9EA-1AEC124AFA45}
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61}
[EastAliveObj Class]
{A2B7A0F0-B697-4A71-8D91-43443F57D7BB}
[T2BHO Class]
{B1D147E7-873E-4909-8127-695D9BB78728}
[tscgm Class]
{D11D0862-0390-4884-A95C-4702D0D4C11A}
[比較購物搜索(&C)]
{A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC}
[estInsObj Class]
{A927C078-E82F-471B-83F5-3D1504F7D01B}
-修復以下文件關聯
.TXT Error. [notepad.exe %1]
.CHM Error. [hh.exe %1]
.INI Error. [notepad.exe %1]
.INF Error. [notepad.exe %1]
.VBS Error. [wscript.exe "%1" %*]
2. 重新啟動,刪除以下檔案 (看注1)

C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL
C:\WINDOWS\IEYHelper.dll
C:\WINDOWS\estAlive.dll
C:\WINDOWS\YayaBands.dll
C:\WINDOWS\system32\sscli.dll
C:\WINDOWS\system32\WinSC.dll
C:\WINDOWS\system32\WinSC32.dll
C:\WINDOWS\system32\WinSC64.dll
C:\WINDOWS\system32\coredrv32.dll
3. 下載 惡意軟件清理助手,並儲存到桌面 (如有需要,把使用方法的圖同時儲存到桌面)
http://xs201.xs.to/xs201/06214/RogueCleaner.png
重新啟動,按 F8 進入安全模式,用惡意軟件清理助手清理一下你的系統
4. 用Dr.Web CureIT掃瞄一次你的電腦
a) 下載
Dr.Web CureIT 並儲存到桌面 (請同時把使用方法的圖片儲存到桌面,方便參考)
http://xs304.xs.to/xs304/06303/cureit.png
b) 執行 cureit.exe ,按 Start 繼續,會提示你做一次Express Scan (掃瞄記憶體) ,如果找到已感染的檔案,會提示你進行清除(Cure)
c) Express Scan完成後,按 Select drives ,再按右手面的 三角形/箭頭 開始掃瞄
d) 在掃瞄過程中找到已感染的檔案,按 Yes to All 去清除/移動檔案
e) 掃瞄完成後,如果找到已感染的檔案,根據圖中按 藍圈
---> 紅圈 ---> 綠圈
f) 關閉Dr.Web CureIT 並重新啟動電腦,之後,把 C:\Documents and Settings\[你的用戶名稱]\DoctorWeb\CureIT.log 內容貼上來

開始 執行 services.msc   禁用下面名稱的服務
Computer Storage

刪除下面文件
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL


超級兔子清理王7.78beta2(2006.08.31更新) 可卸載 163種流氓LJ惡意軟件
http://download5.pctutu.com/soft/winspeed778beta.zip
執行「超級兔子清理王」裡面的「專業卸載」,把裡面用紅色標記的流氓不良綁裝軟件全部卸載掉
不要安裝超級兔子上網精靈裡面帶的「超級兔子工具欄」

下載 執行 流氓軟件清理助手 V2.1.1
http://www.tommsoft.com/Products.aspx?pid=2
選擇強制清理,如果第一次清理不掉,可以去安全模式下再次清理

psac 2006-09-02 12:17 AM

Q:

中毒了。大家看看我的日誌

在某網站下載了一個東西後。自動安裝了一些亂七八糟的東西。進入安全模式用卡巴 ewido殺毒 (掃瞄出20個病毒) 現在開機啟動後卡巴提示C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper 目錄下有個IEHelper.dll文件是廣告程式卻怎麼也刪不掉。

日誌:


2006-09-01,13:59:22

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<kav><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
<Outpost Firewall><C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice> [Agnitum Ltd.]
<OutpostFeedBack><C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup> [Agnitum Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [Kaspersky Lab]

==================================
啟動資料夾
服務
[卡巴斯基反病毒軟件6.0 / AVP]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[C-DillaCdaC11BA / C-DillaCdaC11BA]
<C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Outpost Firewall Service / OutpostFirewall]
<C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /service><Agnitum Ltd.>

==================================
瀏覽器載入項
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4702.dll, N/A>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Web反病毒保護]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
[Outpost Firewall Pro 快速調較]
{44627E97-789B-40d4-B5C2-58BD171129A1} <C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll, Agnitum Ltd.>
[JUJU貓]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.jujumao.com, N/A>
[CibaCtrl Class]
{8DE0FCD4-5EB5-11D3-AD25-00002100131B} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, >
[JoyoCtrl Class]
{C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, >
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[YOK超級搜索]
{F869BB38-FFEF-4589-B986-610B7AD0ADA2} <http://www.yok.com, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4702.dll, N/A>
[RealPlayer SMIL Download Handler]
{224E833B-2CC6-42D9-AE39-90B6A38A4FA2} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 瀏覽器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[CibaCtrl Class]
{8DE0FCD4-5EB5-11D3-AD25-00002100131B} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, >
[PhotoUploadCtrl Control]
{A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} <C:\PROGRA~1\Tencent\QQ\QZone\PHOTOU~1.OCX, tencent>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[JoyoCtrl Class]
{C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, >
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Microsoft Agent Control 2.0]
{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F} <C:\WINDOWS\msagent\agentctl.dll, Microsoft Corporation>
[TencentVmpCtl Class]
{D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>
[上傳到QQ網路硬碟]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用迅雷下載]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下載全部鏈接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[新增到QQ自定義面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[新增到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信發送該圖片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在執行的工作行程
[PID: 644][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 752][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 800][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\klogon.dll] <Kaspersky Lab><6.0.0.299>
[PID: 876][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 888][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1080][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1180][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1256][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1328][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1452][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1696][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 2008][C:\WINDOWS\system32\drivers\CDAC11BA.EXE] <Macrovision><4.20.020>
[PID: 136][C:\Program Files\Agnitum\Outpost Firewall\outpost.exe] <Agnitum Ltd.><3.5.462.6330>
[C:\Program Files\Agnitum\Outpost Firewall\engine.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\op_utils.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\Ads\ad_int.ofp] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\Content\cnt_int.ofp] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\DNS\dns_int.ofp] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\File\file_int.ofp] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\Web\web_int.ofp] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\op_hdlr.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\op_data.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\netstat.ofp] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\Protect\prot_int.ofp] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\sp_ui.ofp] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\sp_cure.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\sp_mon.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\sp_scan.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\zlib.dll] <Jean-loup Gailly and Mark Adler><1, 1, 4, 0>
[C:\Program Files\Agnitum\Outpost Firewall\unrar.dll] <N/A><N/A>
[C:\Program Files\Agnitum\Outpost Firewall\op_cmn.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\opst_ui.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\op_ctrls.dll] <Agnitum Ltd.><3.51.759.6511>
[PID: 204][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 744][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.0.0.86>
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[PID: 1860][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 560][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1716][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[C:\Program Files\Tencent\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5>
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] <Kaspersky Lab><1.0.6.299>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] <Kaspersky Lab><6.0.0.299>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] <Kaspersky Lab><6.0.0.299>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] <Kaspersky Lab><6.0.0.299>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] <Kaspersky Lab><6.0.0.299>
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.0.0.86>
[PID: 3536][E:\TDDownload\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件關聯
.TXT Error. [Notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================



A:

超級兔子清理王7.78beta2(2006.08.31更新) 可卸載 163種流氓LJ惡意軟件
http://download5.pctutu.com/soft/winspeed778beta.zip
執行「超級兔子清理王」裡面的「專業卸載」,把裡面用紅色標記的流氓不良綁裝軟件全部卸載掉
不要安裝超級兔子上網精靈裡面帶的「超級兔子工具欄」

下載 執行 流氓軟件清理助手 V2.1.1
http://www.tommsoft.com/Products.aspx?pid=2
選擇強制清理,如果第一次清理不掉,可以去安全模式下再次清理

psac 2006-09-02 12:24 AM

Q:

office損壞,rar和其它很多exe文件打不開

不知是不是中毒,首先公司局域網內很多office文檔都打不開,有錯誤提示,重裝安裝OFFICE軟件後,文檔可以用了,但rar和其它很多exe文件都無法執行。
我已經用卡巴、諾盾、麥咖啡殺過毒了,均無效。。
並且打開其它文件時並沒有錯誤提示,只是沒任何反應,並且任務管理器裡沒有相關工作行程。。

求其它解決方法。。。


A:

如果懷疑係統裡有病毒或木馬,下載Dr.Web CureIT! 免費掃瞄器,包含最新病毒庫,可以檢測清除病毒、木馬、後門、流氓惡意軟件,不和已裝殺毒軟件衝突
直接下載位址:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
自解壓格式,下載後直接執行cureit.exe,或者滑鼠右鍵,解壓到目標資料夾,然後執行該資料夾裡面的「_start.exe」殺毒
先按「確定」進行「Start Express Scan」快速殺毒,先會自動掃瞄記憶體工作行程和啟動項,等快速掃瞄結束後,再用滑鼠左鍵選中硬碟分區的圖示,被選中的分區上會出現紅點標記,再次殺毒.Dr.Web界面左下角的5個按鍵分別是"全選" "清除" "重命名" "隔離" "刪除".可以先把殺毒報告發上來等待確認後再進行操作,或者Select all(全選) Cure ->Move incurable(將清除失敗的文件移動到隔離區)
最後把殺毒報告發上來,從"我的電腦"打開 %USERPROFILE%\DoctorWeb\ 打開下面文件CureIt.log複製其中內容到帖子裡
Dr.Web 使用圖解
http://static.flickr.com/66/222747514_9aed944e3a.jpg
如果還有問題,下載 System Repair Engineer
http://www.kztechs.com/sreng/sreng2.zip
使用方法: 解壓到一個資料夾如D:\sreng2.執行SREng.exe,點擊"智慧式掃瞄"->"掃瞄"->"儲存報告".然後把報告發上來分析




Q:

單位裡也是這種情況,把OFFCE重裝了,可以用, 不過第二天又出現這種問題


對啊。。第二天又會不行。到底怎麼回事啊!!
我已經查好一次了,把CureIt.log複製其中內容到帖子裡
=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.06080)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2006-09-01, 11:08:29 [LSFJ0008][Administrator]
Command-line: "C:\工具\cureit\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows 2000 Professional x86 (Build 2195), Service Pack 4
=============================================================================
Engine version: 4.33 (4.33.4.07270)
Engine API version: 2.01
[Virus base] C:\工具\cureit\crwtoday.cdb - 684 virus records
[Virus base] C:\工具\cureit\crw43350.cdb - 1020 virus records
[Virus base] C:\工具\cureit\crw43349.cdb - 1008 virus records
[Virus base] C:\工具\cureit\crw43348.cdb - 1096 virus records
[Virus base] C:\工具\cureit\crw43347.cdb - 707 virus records
[Virus base] C:\工具\cureit\crw43346.cdb - 1429 virus records
[Virus base] C:\工具\cureit\crw43345.cdb - 1358 virus records
[Virus base] C:\工具\cureit\crw43344.cdb - 694 virus records
[Virus base] C:\工具\cureit\crw43343.cdb - 1186 virus records
[Virus base] C:\工具\cureit\crw43342.cdb - 744 virus records
[Virus base] C:\工具\cureit\crw43341.cdb - 841 virus records
[Virus base] C:\工具\cureit\crw43340.cdb - 822 virus records
[Virus base] C:\工具\cureit\crw43339.cdb - 1071 virus records
[Virus base] C:\工具\cureit\crw43338.cdb - 989 virus records
[Virus base] C:\工具\cureit\crw43337.cdb - 855 virus records
[Virus base] C:\工具\cureit\crw43336.cdb - 1297 virus records
[Virus base] C:\工具\cureit\crw43335.cdb - 1195 virus records
[Virus base] C:\工具\cureit\crw43334.cdb - 900 virus records
[Virus base] C:\工具\cureit\crw43333.cdb - 1381 virus records
[Virus base] C:\工具\cureit\crw43332.cdb - 1340 virus records
[Virus base] C:\工具\cureit\crw43331.cdb - 2735 virus records
[Virus base] C:\工具\cureit\crw43330.cdb - 2078 virus records
[Virus base] C:\工具\cureit\crw43329.cdb - 2490 virus records
[Virus base] C:\工具\cureit\crw43328.cdb - 743 virus records
[Virus base] C:\工具\cureit\crw43327.cdb - 958 virus records
[Virus base] C:\工具\cureit\crw43326.cdb - 793 virus records
[Virus base] C:\工具\cureit\crw43325.cdb - 713 virus records
[Virus base] C:\工具\cureit\crw43324.cdb - 655 virus records
[Virus base] C:\工具\cureit\crw43323.cdb - 655 virus records
[Virus base] C:\工具\cureit\crw43322.cdb - 778 virus records
[Virus base] C:\工具\cureit\crw43321.cdb - 846 virus records
[Virus base] C:\工具\cureit\crw43320.cdb - 808 virus records
[Virus base] C:\工具\cureit\crw43319.cdb - 764 virus records
[Virus base] C:\工具\cureit\crw43318.cdb - 838 virus records
[Virus base] C:\工具\cureit\crw43317.cdb - 363 virus records
[Virus base] C:\工具\cureit\crw43316.cdb - 730 virus records
[Virus base] C:\工具\cureit\crw43315.cdb - 627 virus records
[Virus base] C:\工具\cureit\crw43314.cdb - 824 virus records
[Virus base] C:\工具\cureit\crw43313.cdb - 842 virus records
[Virus base] C:\工具\cureit\crw43312.cdb - 830 virus records
[Virus base] C:\工具\cureit\crw43311.cdb - 862 virus records
[Virus base] C:\工具\cureit\crw43310.cdb - 853 virus records
[Virus base] C:\工具\cureit\crw43309.cdb - 733 virus records
[Virus base] C:\工具\cureit\crw43308.cdb - 708 virus records
[Virus base] C:\工具\cureit\crw43307.cdb - 839 virus records
[Virus base] C:\工具\cureit\crw43306.cdb - 930 virus records
[Virus base] C:\工具\cureit\crw43305.cdb - 759 virus records
[Virus base] C:\工具\cureit\crw43304.cdb - 721 virus records
[Virus base] C:\工具\cureit\crw43303.cdb - 638 virus records
[Virus base] C:\工具\cureit\crw43302.cdb - 806 virus records
[Virus base] C:\工具\cureit\crw43301.cdb - 504 virus records
[Virus base] C:\工具\cureit\crw43300.cdb - 24 virus records
[Virus base] C:\工具\cureit\crwebase.cdb - 78674 virus records
[Virus base] C:\工具\cureit\cwrtoday.cdb - 227 virus records
[Virus base] C:\工具\cureit\cwr43301.cdb - 697 virus records
[Virus base] C:\工具\cureit\crwrisky.cdb - 1271 virus records
[Virus base] C:\工具\cureit\cwntoday.cdb - 105 virus records
[Virus base] C:\工具\cureit\cwn43304.cdb - 793 virus records
[Virus base] C:\工具\cureit\cwn43303.cdb - 766 virus records
[Virus base] C:\工具\cureit\cwn43302.cdb - 850 virus records
[Virus base] C:\工具\cureit\cwn43301.cdb - 773 virus records
[Virus base] C:\工具\cureit\crwnasty.cdb - 4867 virus records
Total virus records: 138087
Key file: C:\工具\cureit\cureit.key
License key number: 0000000010
Registered to: Dr.Web CureIt Project
License key activates: 2005-03-05
License key expires: 2007-03-05

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] D:\WINNT\System32\smss.exe
[Scan path] D:\WINNT\system32\csrss.exe
[Scan path] D:\WINNT\system32\winlogon.exe
[Scan path] D:\WINNT\system32\services.exe
[Scan path] D:\WINNT\system32\lsass.exe
[Scan path] D:\WINNT\system32\svchost.exe
[Scan path] D:\WINNT\system32\spoolsv.exe
[Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
[Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
[Scan path] D:\WINNT\system32\MSTask.exe
[Scan path] D:\WINNT\System32\WBEM\WinMgmt.exe
[Scan path] D:\WINNT\Explorer.EXE
[Scan path] D:\WINNT\system32\hkcmd.exe
[Scan path] D:\Program Files\Analog Devices\SoundMAX\Smtray.exe
[Scan path] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
[Scan path] D:\WINNT\system32\Internat.exe
[Scan path] C:\jstax\jstax.exe
[Scan path] C:\jstax\swdj.exe
[Scan path] D:\WINNT\system32\regsvc.exe
[Scan path] D:\WINNT\system32\conime.exe
[Scan path] D:\Program Files\Internet Explorer\IEXPLORE.EXE
[Scan path] C:\工具\cureit\_start.exe
[Scan path] C:\工具\cureit\cureit.exe
[Scan path] D:\WINNT\system32\mobsync.exe
[Scan path] D:\WINNT\system32\mswdm.exe
D:\WINNT\system32\mswdm.exe infected with Trojan.PWS.Gamania - incurable - moved

[Scan path] d:\program files\internet explorer\connection wizard\icwconn1.exe
[Scan path] D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[Scan path] D:\Program Files\Microsoft Office\Office\OSA9.EXE
[Scan path] D:\WINNT\system32\mmsys.cpl
[Scan path] D:\WINNT\system32\icmui.dll
[Scan path] D:\WINNT\system32\rshx32.dll
[Scan path] D:\WINNT\system32\docprop.dll
[Scan path] D:\WINNT\system32\ntshrui.dll
[Scan path] D:\WINNT\system32\plustab.dll
[Scan path] D:\WINNT\system32\deskadp.dll
[Scan path] D:\WINNT\system32\deskmon.dll
[Scan path] D:\WINNT\system32\dssec.dll
[Scan path] D:\WINNT\system32\shscrap.dll
[Scan path] D:\WINNT\system32\diskcopy.dll
[Scan path] D:\WINNT\system32\ntlanui2.dll
[Scan path] D:\WINNT\system32\printui.dll
[Scan path] D:\WINNT\system32\dskquoui.dll
[Scan path] D:\WINNT\system32\syncui.dll
[Scan path] D:\WINNT\system32\hticons.dll
[Scan path] D:\WINNT\system32\fontext.dll
[Scan path] D:\WINNT\system32\deskperf.dll
[Scan path] D:\WINNT\system32\wshext.dll
[Scan path] D:\WINNT\system32\cryptext.dll
[Scan path] D:\WINNT\system32\NETSHELL.dll
[Scan path] D:\WINNT\system32\shdocvw.dll
[Scan path] D:\WINNT\system32\mstask.dll
[Scan path] D:\WINNT\system32\shell32.dll
[Scan path] D:\WINNT\system32\browseui.dll
[Scan path] D:\WINNT\system32\sendmail.dll
[Scan path] D:\WINNT\system32\occache.dll
[Scan path] D:\WINNT\system32\webcheck.dll
[Scan path] D:\WINNT\system32\thumbvw.dll
[Scan path] D:\WINNT\system32\appwiz.cpl
[Scan path] D:\WINNT\system32\dsfolder.dll
[Scan path] D:\WINNT\system32\dsquery.dll
[Scan path] D:\WINNT\system32\dsuiext.dll
[Scan path] D:\WINNT\system32\mydocs.dll
[Scan path] D:\WINNT\system32\cscui.dll
[Scan path] D:\WINNT\system32\mmcshext.dll
[Scan path] D:\WINNT\system32\cabview.dll
[Scan path] D:\WINNT\system32\dllcache\wabfind.dll
[Scan path] D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
[Scan path] D:\WINNT\system32\cdfview.dll
[Scan path] D:\Program Files\Real\RealPlayer\rpshell.dll
[Scan path] D:\Program Files\WinRAR\rarext.dll
[Scan path] D:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
[Scan path] D:\WINNT\system32\stobject.dll
[Scan path] D:\WINNT\system32\crypt32.dll
[Scan path] D:\WINNT\system32\cryptnet.dll
[Scan path] D:\WINNT\system32\cscdll.dll
[Scan path] D:\WINNT\system32\igfxsrvc.dll
[Scan path] D:\WINNT\system32\NavLogon.dll
[Scan path] D:\WINNT\system32\sclgntfy.dll
[Scan path] D:\WINNT\system32\WlNotify.dll
[Scan path] D:\WINNT\system32\wzcdlg.dll
[Scan path] D:\WINNT\system32\DRIVERS\ACPI.sys
[Scan path] D:\WINNT\System32\drivers\afd.sys
[Scan path] D:\WINNT\system32\DRIVERS\asyncmac.sys
[Scan path] D:\WINNT\system32\DRIVERS\atapi.sys
[Scan path] D:\WINNT\system32\DRIVERS\atmarpc.sys
[Scan path] D:\WINNT\system32\DRIVERS\audstub.sys
[Scan path] d:\winnt\system32\svchost.exe
[Scan path] D:\WINNT\system32\DRIVERS\CCDECODE.sys
[Scan path] D:\WINNT\system32\DRIVERS\cdrom.sys
[Scan path] D:\WINNT\system32\cisvc.exe
[Scan path] D:\WINNT\system32\clipsrv.exe
[Scan path] D:\WINNT\system32\DRIVERS\disk.sys
[Scan path] d:\winnt\system32\dmadmin.exe
[Scan path] D:\WINNT\System32\drivers\dmboot.sys
[Scan path] D:\WINNT\System32\drivers\dmio.sys
[Scan path] D:\WINNT\System32\drivers\dmload.sys
[Scan path] D:\WINNT\system32\drivers\DMusic.sys
[Scan path] D:\WINNT\system32\DRIVERS\e100bnt5.sys
[Scan path] D:\WINNT\system32\faxsvc.exe
[Scan path] D:\WINNT\system32\DRIVERS\fdc.sys
[Scan path] D:\WINNT\system32\DRIVERS\flpydisk.sys
[Scan path] D:\WINNT\system32\drivers\fltmgr.sys
[Scan path] D:\WINNT\system32\DRIVERS\fsvga.sys
[Scan path] D:\WINNT\system32\DRIVERS\ftdisk.sys
[Scan path] D:\WINNT\system32\DRIVERS\msgpc.sys
[Scan path] D:\WINNT\system32\DRIVERS\i8042prt.sys
[Scan path] D:\WINNT\system32\DRIVERS\ialmnt5.sys
[Scan path] D:\WINNT\system32\DRIVERS\intelide.sys
[Scan path] D:\WINNT\System32\DRIVERS\ipfltdrv.sys
[Scan path] D:\WINNT\system32\DRIVERS\ipinip.sys
[Scan path] D:\WINNT\system32\DRIVERS\ipnat.sys
[Scan path] D:\WINNT\system32\DRIVERS\ipsec.sys
[Scan path] D:\WINNT\System32\DRIVERS\irenum.sys
[Scan path] D:\WINNT\system32\DRIVERS\isapnp.sys
[Scan path] D:\WINNT\system32\DRIVERS\kbdclass.sys
[Scan path] D:\WINNT\system32\drivers\kmixer.sys
[Scan path] D:\WINNT\system32\drivers\kmsinput.sys
[Scan path] D:\WINNT\system32\mnmsrvc.exe
[Scan path] D:\WINNT\system32\DRIVERS\mouclass.sys
[Scan path] D:\WINNT\system32\DRIVERS\MPE.sys
[Scan path] D:\WINNT\system32\DRIVERS\mrxsmb.sys
[Scan path] D:\WINNT\system32\msdtc.exe
[Scan path] d:\winnt\system32\msiexec.exe
[Scan path] D:\WINNT\system32\drivers\MSKSSRV.sys
[Scan path] D:\WINNT\system32\drivers\MSPCLOCK.sys
[Scan path] D:\WINNT\system32\drivers\MSPQM.sys
[Scan path] D:\WINNT\system32\drivers\MSTEE.sys
[Scan path] D:\WINNT\system32\DRIVERS\NABTSFEC.sys
[Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
[Scan path] C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPEL.SYS
[Scan path] D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG.sys
[Scan path] D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX15.sys
[Scan path] D:\WINNT\system32\DRIVERS\ndistapi.sys
[Scan path] D:\WINNT\system32\DRIVERS\ndisuio.sys
[Scan path] D:\WINNT\system32\DRIVERS\ndiswan.sys
[Scan path] D:\WINNT\system32\DRIVERS\netbios.sys
[Scan path] D:\WINNT\system32\DRIVERS\netbt.sys
[Scan path] D:\WINNT\system32\netdde.exe
[Scan path] D:\WINNT\system32\drivers\netdtect.sys
[Scan path] D:\WINNT\system32\DRIVERS\nwlnkflt.sys
[Scan path] D:\WINNT\system32\DRIVERS\nwlnkfwd.sys
[Scan path] D:\WINNT\system32\DRIVERS\parallel.sys
[Scan path] D:\WINNT\system32\DRIVERS\parport.sys
[Scan path] D:\WINNT\system32\DRIVERS\pci.sys
[Scan path] D:\WINNT\system32\DRIVERS\pciide.sys
[Scan path] D:\WINNT\system32\DRIVERS\raspptp.sys
[Scan path] D:\WINNT\system32\DRIVERS\ptilink.sys
[Scan path] D:\WINNT\system32\DRIVERS\rasacd.sys
[Scan path] D:\WINNT\system32\DRIVERS\rasl2tp.sys
[Scan path] D:\WINNT\system32\DRIVERS\raspti.sys
[Scan path] D:\WINNT\system32\drivers\RCA.sys
[Scan path] D:\WINNT\system32\DRIVERS\rdbss.sys
[Scan path] D:\WINNT\system32\DRIVERS\redbook.sys
[Scan path] D:\WINNT\system32\locator.exe
[Scan path] d:\winnt\system32\rsvp.exe
[Scan path] D:\WINNT\System32\SCardSvr.exe
[Scan path] D:\WINNT\system32\DRIVERS\serenum.sys
[Scan path] D:\WINNT\system32\DRIVERS\serial.sys
[Scan path] D:\WINNT\system32\DRIVERS\SLIP.sys
[Scan path] D:\WINNT\system32\drivers\smwdm.sys
[Scan path] D:\WINNT\system32\DRIVERS\srv.sys
[Scan path] D:\WINNT\system32\DRIVERS\StreamIP.sys
[Scan path] D:\WINNT\system32\DRIVERS\swenum.sys
[Scan path] D:\WINNT\system32\drivers\swmidi.sys
[Scan path] D:\Program Files\Symantec\SYMEVENT.SYS
[Scan path] D:\WINNT\system32\drivers\sysaudio.sys
[Scan path] D:\WINNT\system32\smlogsvc.exe
[Scan path] D:\WINNT\system32\DRIVERS\tcpip.sys
[Scan path] D:\WINNT\system32\tlntsvr.exe
[Scan path] D:\WINNT\system32\DRIVERS\uhcd.sys
[Scan path] D:\WINNT\system32\DRIVERS\update.sys
[Scan path] D:\WINNT\System32\ups.exe
[Scan path] D:\WINNT\system32\DRIVERS\usbehci.sys
[Scan path] D:\WINNT\system32\DRIVERS\usbhub.sys
[Scan path] D:\WINNT\system32\DRIVERS\usbhub20.sys
[Scan path] D:\WINNT\system32\DRIVERS\USBSTOR.SYS
[Scan path] D:\WINNT\System32\UtilMan.exe
[Scan path] D:\WINNT\System32\drivers\vga.sys
[Scan path] D:\WINNT\system32\DRIVERS\wanarp.sys
[Scan path] D:\WINNT\system32\drivers\wdmaud.sys
[Scan path] D:\WINNT\system32\DRIVERS\WSTCODEC.SYS
[Scan path] D:\WINNT\system32\drivers\ialmsbw.sys
[Scan path] D:\WINNT\system32\ntsd.exe
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 185
Infected objects found: 1
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 1
Objects ignored: 0
Scan speed: 264 Kb/s
Scan time: 00:01:25
-----------------------------------------------------------------------------

[Scan path] C:\
C:\IBMTOOLS\APPS\ACCESS\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\APPS\ACROBAT\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\APPS\NORTONAV\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\APPS\NORTONAV\NAV\MSSHLIB\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\APPS\NORTONAV\NAV\RESCUE\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SMAXWDM\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SMAXWDM\W2K_XP\INSTALL.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Control Panel\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Sensaura 3D\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Synthesizer\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\CHIPSET\INTEL\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\VIDEO\INTEL\WXP\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\power65bak\PB6\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
>C:\Program Files\Alcohol Soft\Alcohol 120\Patch.exe is hacktool program Tool.ASEye.2
C:\Program Files\Analog Devices\SoundMAX\install.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Analog Devices\SoundMAX WDM Driver\install.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\MSN Messenger\msnmsgr.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Outlook Express\msimn.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\Setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Real\RealOne Player\realplay.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Real\RealOne Player\Setup\setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Real\RealPlayer\realplay.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Real\RealPlayer\Setup\setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\TTPlayer\TTPlayer.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\UltraEdit\uedit32.exe infected with Win32.HLLW.Gavir.17 - cured
C:\RECYCLER\S-1-5-21-583907252-1364589140-682003330-500\Dc16.4\Setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\RECYCLER\S-1-5-21-583907252-1364589140-682003330-500\Dc19\APPS\SNMP\AGENT\W2K-WS32\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
>C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0007520.dll infected with Trojan.DownLoader.3944 - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010037.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010038.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010041.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010046.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010047.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010053.dll is adware program Adware.Cdn
>C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010054.exe probably infected with BINARYRES
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010055.exe is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010056.exe is adware program Adware.Cdn
>C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010611.dll infected with Trojan.DownLoader.3944 - deleted
>C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010646.exe probably infected with BACKDOOR.Trojan
>C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010651.exe probably infected with BACKDOOR.Trojan
>C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010653.exe probably infected with BACKDOOR.Trojan
>C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010657.exe probably infected with BACKDOOR.Trojan
>C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010658.exe probably infected with BACKDOOR.Trojan
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010700.dll is adware program Adware.Baidu
>C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010776.dll infected with Trojan.MulDrop.2135 - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010811.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010816.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010825.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010833.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010838.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010854.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010855.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP46\A0011464.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011507.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011508.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011509.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011510.exe is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011511.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011512.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011513.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011514.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011516.sys is adware program Adware.Cdn
>C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP78\A0013040.dll probably infected with BINARYRES
>C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP78\snapshot\MFEX-1.DAT probably infected with BINARYRES
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP88\A0015897.EXE probably infected with DLOADER.Trojan
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP195\A0026610.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP195\A0026611.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP196\A0026645.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP196\A0026646.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026685.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026686.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026707.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026708.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\snapshot\MFEX-1.DAT is adware program Adware.Cdn
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026736.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026737.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026784.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026785.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026807.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026808.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026814.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026815.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP199\A0026821.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP199\A0026822.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP200\A0026859.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP200\A0026860.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP201\A0026906.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP201\A0026907.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0026941.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0026942.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0027034.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0027035.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027072.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027073.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027083.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027084.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP204\A0027121.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP204\A0027122.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027195.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027196.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027206.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027207.sys is adware program Adware.Henbang
>C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027223.exe probably infected with BACKDOOR.Trojan
>C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027229.exe probably infected with BACKDOOR.Trojan
>C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027234.exe probably infected with BACKDOOR.Trojan
>C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027239.exe probably infected with BACKDOOR.Trojan
>C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027240.exe probably infected with BACKDOOR.Trojan
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027315.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027316.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027390.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027391.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP207\A0027446.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP207\A0027447.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP208\A0027493.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP208\A0027494.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027606.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027607.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027624.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027625.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027643.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027644.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027670.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027671.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP211\A0027716.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP211\A0027717.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP212\A0027795.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP212\A0027796.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP215\A0027894.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP215\A0027895.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027988.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027989.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027997.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027998.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028050.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028051.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028058.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028059.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP218\A0028094.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP218\A0028095.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028185.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028186.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028220.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028221.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP220\A0028405.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP220\A0028406.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP221\A0028428.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP221\A0028429.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028448.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028449.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028511.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028512.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP223\A0028532.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP223\A0028533.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP224\A0028559.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP224\A0028560.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP225\A0028582.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP225\A0028583.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028608.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028609.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028635.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028636.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP227\A0028697.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP227\A0028698.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028733.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028734.sys is adware program Adware.Henbang
>C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028760.exe probably infected with BACKDOOR.Trojan
>C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028766.exe probably infected with BACKDOOR.Trojan
>C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028771.exe probably infected with BACKDOOR.Trojan
>C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028776.exe probably infected with BACKDOOR.Trojan
>C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028777.exe probably infected with BACKDOOR.Trojan
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028814.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028815.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028846.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028847.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028867.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028868.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028887.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028888.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028970.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028971.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028992.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028993.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029018.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029019.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029037.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029038.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029050.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029051.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029159.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029160.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029196.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029197.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029279.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029280.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP233\A0029320.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP233\A0029321.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029356.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029361.dll is adware program Adware.Cdn
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029404.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029405.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029430.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029431.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0030430.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0030431.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0031430.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0031431.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032430.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032431.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032472.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032473.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP236\A0032508.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP236\A0032509.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032589.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032590.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032612.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032613.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032653.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032654.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032663.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032664.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032673.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032674.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032689.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032690.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032704.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032705.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032733.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032734.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032844.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032845.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032904.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032905.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032926.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032927.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP241\A0032943.exe infected with Trojan.DownLoader.3223 - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP241\A0032953.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP241\A0032954.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP242\A0032995.sys is adware program Adware.Henbang
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP242\A0032996.sys is adware program Adware.Henbang
C:\wbzx9801\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\WPS2000\WpsUpd.EXE probably infected with DLOADER.Trojan
C:\writeIC備份\ICsetup\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\Gordian.Knot.Rip.Pack.0.28.8.Setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\Install_Messenger_Beta.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\INSTALL_MSN_MESSENGER_NT.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\KS051221.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\PR16b1.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\QQGame.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\RealPlayer10-5GOLD.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\wangwangsetup_1.5.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\wrar330sc.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\xiaotv2006.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\znwb5502_setup.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\飄邈之旅[全].exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\18icyc\18icyc\icyc-ws-setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\ACDSee50en\acdsee50en.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\ACDSee50en\instmsiw.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\acdsee50_chs_yy\hb_acdsee5000025s_main_yy.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\acdsee50_chs_yy\hb_acdsee5000025s_other_yy.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\acdsee50_chs_yy\hb_acdsee5000025s_plugins_yy.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\CPCW_DianNaoBao_2005\PCWReadSys.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\DivX.Pro.v5.1.1.Incl.Keygen-SSG\DivXPro511Bundle.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\DivX.Pro.v5.1.1.Incl.Keygen-SSG\Divx_v5.1.1_Kg.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\DivXG400\setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\flash saver maker\flashchs.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\Photoshop 7.01簡體中文版\Setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\Photoshop 7.01簡體中文版\_ISDel.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\Sybase11.9.2客戶端\setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\Sybase11.9.2客戶端\_isdel.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\Sybase11.9.2客戶端\client\win31\Setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\任天堂\smynesc.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\瑩幕保護\MAT-V2-US.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\時鐘瑩幕保護\setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\王碼五筆字型輸入法第二版\WM9801\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\王碼五筆字型輸入法第二版\WM9801\TESTEN20.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\王碼五筆字型輸入法第二版\WM9801\UCDOS\INSTALL.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\王碼五筆字型輸入法第二版\WM9801\UCDOS\README.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\ANZH.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\DEF24P.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\INSTALL.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\MAKECZ.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\MAKEHZ.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\README.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\ZHCODE.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\工具\超級兔子\magicset746onlinedown.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\迅雷\Setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\工具\飛行\3dflyingsaver\3dflyingsaver.exe infected with Win32.HLLW.Gavir.17 - cured

[Scan path] D:\
D:\WINNT\veevrg.exe infected with Win32.HLLW.Gavir.17 - incurable - moved
D:\WINNT\rundl132.exe infected with Win32.HLLW.Gavir.17 - cured
>D:\WINNT\2Sy.exe infected with Trojan.PWS.Lineage - deleted
>D:\WINNT\1Sy.exe infected with Trojan.PWS.Lineage - deleted
>D:\WINNT\4Sy.exe infected with Trojan.PWS.Lineage - deleted
>D:\WINNT\5Sy.exe infected with Trojan.PWS.Lineage - deleted
>D:\WINNT\6Sy.exe infected with Trojan.PWS.Lineage - deleted
D:\WINNT\WINWORD.EXE infected with Win32.HLLW.Gavir.17 - cured
D:\WINNT\realplay.exe infected with Win32.HLLW.Gavir.17 - cured
D:\WINNT\EXCEL.EXE infected with Win32.HLLW.Gavir.17 - cured
D:\WINNT\msnmsgr.exe infected with Win32.HLLW.Gavir.17 - cured
D:\WINNT\Dll.dll infected with Win32.HLLW.Gavir.17 - will be cured after reboot
>D:\WINNT\system32\dmshell.dll is adware program Adware.Dmad
D:\WINNT\system32\layer1.dll probably infected with DLOADER.Trojan
D:\WINNT\system32\msdll.dll infected with Trojan.PWS.Lineage - deleted
D:\WINNT\system32\dl樓主.dll infected with Trojan.PWS.Lineage - deleted
D:\WINNT\system32\dllwm.dll infected with Trojan.PWS.Lineage - deleted
D:\WINNT\system32\bwdll.dll infected with Trojan.PWS.Lineage - deleted
D:\WINNT\system32\config\software.LOG - read error
D:\WINNT\system32\config\default.LOG - read error
D:\WINNT\system32\config\SECURITY - read error
D:\WINNT\system32\config\SECURITY.LOG - read error
D:\WINNT\system32\config\SYSTEM.ALT - read error
D:\WINNT\system32\config\SAM - read error
D:\WINNT\system32\config\SAM.LOG - read error
D:\WINNT\system32\config\SYSTEM - read error
D:\WINNT\system32\config\SOFTWARE - read error
D:\WINNT\system32\config\DEFAULT - read error
D:\WINNT\system32\alitb1\update.exe probably infected with DLOADER.Trojan
>D:\WINNT\command\rundll32.exe infected with Trojan.PWS.Lineage - deleted
D:\Documents and Settings\Administrator\NTUSER.DAT - read error
D:\Documents and Settings\Administrator\NTUSER~1.LOG - read error
D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLASS.DAT - read error
D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
D:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe infected with Win32.HLLW.Gavir.17 - cured
D:\Program Files\Analog Devices\SoundMAX WDM Driver\install.exe infected with Win32.HLLW.Gavir.17 - cured
>D:\Program Files\Intel\rundll32.exe infected with Trojan.PWS.Lineage - deleted
D:\Program Files\Real\RealPlayer\realplay.exe infected with Win32.HLLW.Gavir.17 - cured
D:\Program Files\Real\RealPlayer\Setup\setup.exe infected with Win32.HLLW.Gavir.17 - cured
D:\Program Files\MSN Messenger\msnmsgr.exe infected with Win32.HLLW.Gavir.17 - cured

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 176659
Infected objects found: 101
Objects with modifications found: 0
Suspicious objects found: 22
Adware programs found: 190
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 1
Objects cured: 84
Objects deleted: 15
Objects renamed: 0
Objects moved: 1
Objects ignored: 0
Scan speed: 97 Kb/s
Scan time: 01:48:22
-----------------------------------------------------------------------------

Scanning interrupted by user! - viruses found
D:\WINNT\system32\alitb1\update.exe - incurable - deleted
D:\WINNT\system32\layer1.dll - incurable - deleted
D:\WINNT\system32\dmshell.dll - incurable - deleted
C:\WPS2000\WpsUpd.EXE - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP242\A0032996.sys - incurable - moved
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP242\A0032995.sys - incurable - deleted
C:\Program Files\Alcohol Soft\Alcohol 120\Patch.exe - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010037.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010038.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010041.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010046.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010047.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010053.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010054.exe - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010055.exe - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010056.exe - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010646.exe - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010651.exe - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010653.exe - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010657.exe - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010658.exe - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010700.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010811.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010816.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010825.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010833.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010838.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010854.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010855.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP46\A0011464.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011507.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011508.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011509.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011510.exe - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011511.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011512.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011513.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011514.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011516.sys - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP78\A0013040.dll - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP78\snapshot\MFEX-1.DAT - incurable - deleted
C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP88\A0015897.EXE - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP195\A0026610.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP195\A0026611.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP196\A0026645.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP196\A0026646.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026685.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026686.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026707.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026708.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\snapshot\MFEX-1.DAT - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026736.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026737.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026784.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026785.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026807.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026808.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026814.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026815.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP199\A0026821.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP199\A0026822.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP200\A0026859.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP200\A0026860.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP201\A0026906.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP201\A0026907.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0026941.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0026942.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0027034.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0027035.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027072.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027073.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027083.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027084.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP204\A0027121.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP204\A0027122.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027195.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027196.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027206.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027207.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027223.exe - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027229.exe - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027234.exe - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027239.exe - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027240.exe - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027315.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027316.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027390.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027391.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP207\A0027446.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP207\A0027447.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP208\A0027493.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP208\A0027494.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027606.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027607.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027624.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027625.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027643.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027644.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027670.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027671.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP211\A0027716.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP211\A0027717.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP212\A0027795.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP212\A0027796.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP215\A0027894.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP215\A0027895.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027988.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027989.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027997.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027998.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028050.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028051.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028058.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028059.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP218\A0028094.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP218\A0028095.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028185.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028186.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028220.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028221.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP220\A0028405.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP220\A0028406.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP221\A0028428.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP221\A0028429.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028448.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028449.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028511.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028512.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP223\A0028532.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP223\A0028533.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP224\A0028559.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP224\A0028560.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP225\A0028582.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP225\A0028583.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028608.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028609.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028635.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028636.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP227\A0028697.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP227\A0028698.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028733.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028734.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028760.exe - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028766.exe - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028771.exe - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028776.exe - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028777.exe - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028814.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028815.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028846.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028847.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028867.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028868.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028887.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028888.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028970.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028971.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028992.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028993.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029018.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029019.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029037.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029038.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029050.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029051.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029159.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029160.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029196.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029197.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029279.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029280.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP233\A0029320.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP233\A0029321.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029356.dll - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029361.dll - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029404.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029405.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029430.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029431.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0030430.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0030431.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0031430.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0031431.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032430.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032431.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032472.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032473.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP236\A0032508.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP236\A0032509.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032589.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032590.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032612.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032613.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032653.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032654.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032663.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032664.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032673.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032674.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032689.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032690.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032704.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032705.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032733.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032734.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032844.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032845.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032904.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032905.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032926.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032927.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP241\A0032953.sys - incurable - deleted
C:\System Volume Information\_restore{B4718DC3-7164-464



--------------------

公司的一台

把System Repair Engineer的報告也發上來,不過是我剛殺過的,求高手再看下,有沒有問題
2006-09-01,13:07:16

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><Internat.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation]
<IgfxTray><; D:\WINNT\system32\igfxtray.exe> [Intel Corporation]
<HotKeysCmds><D:\WINNT\system32\hkcmd.exe> [Intel Corporation]
<Smapp><D:\Program Files\Analog Devices\SoundMAX\Smtray.exe> [Analog Devices, Inc.]
<vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation]
<TkBellExe><; "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<CheckFaultKernel><D:\WINNT\system32\mswdm.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><D:\WINNT\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><D:\WINNT\system32\NavLogon.dll> []
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><D:\WINNT\system32\MAT2.scr> []

==================================
啟動資料夾
[Adobe Gamma Loader]
<D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Adobe Gamma Loader.lnk><H>
[Microsoft Office]
<D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Microsoft Office.lnk><N>

==================================
服務
[DefWatch / DefWatch]
<"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
<D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Kingsoft Personal Firewall Service / KPfwSvc]
<"D:\KAV2005\KPfwSvc.EXE"><N/A>
[Messenger / Messenger]
<\SystemRoot\D:\WINNT\system32\services.exe><N/A>
[Symantec AntiVirus Client / Norton AntiVirus Server]
<"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>

==================================
瀏覽器載入項
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <c:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[@msdxmLC.dll,-1@2052,電台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <D:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll, N/A>
[MeadCo ScriptX]
{1663ed61-23eb-11d2-b92f-008048fdd814} <D:\WINNT\system32\MCScripX.dll, Mead & Co Limited>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <D:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[上傳到QQ網路硬碟]
<C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[新增到QQ自定義面板]
<C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[新增到QQ表情]
<C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信發送該圖片]
<C:\Program Files\Tencent\qq\SendMMS.htm, N/A>

==================================
正在執行的工作行程
[PID: 144][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 172][\??\D:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 192][\??\D:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6997>
[D:\WINNT\system32\NavLogon.dll] <N/A><N/A>
[PID: 220][D:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.7035>
[D:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3>
[PID: 240][D:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.7011>
[PID: 416][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 440][D:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.7059>
[PID: 468][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe] <Symantec Corporation><8.00.00.9374>
[PID: 488][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 512][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe] <Symantec Corporation><8.00.00.9374>
[D:\WINNT\system32\CBA.DLL] <Intel? Corporation><6.12.0.71 E>
[D:\WINNT\system32\MsgSys.dll] <Intel? Corporation><6.12.0.71 E>
[D:\WINNT\system32\NTS.dll] <Intel? Corporation><6.12.0.71 E>
[D:\WINNT\system32\PDS.DLL] <Intel? Corporation><6.12.0.71 E>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVLU.dll] <Symantec Corporation><8.00.00.9374>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\i2ldvp3.dll] <Symantec Corporation><8.00.00.9374>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPI32.DLL] <Symantec Corp.><4.1.0.15>
[D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX32a.DLL] <Symantec Corporation><20061.2.0.26>
[D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG32.DLL] <Symantec Corporation><20061.2.0.26>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP32.DLL] <Symantec Corporation><9.0.0.14>
[D:\PROGRA~1\COMMON~1\SYMANT~1\SSC\Scandlgs.dll] <Symantec Corporation><8.00.00.9374>
[PID: 636][D:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6972>
[PID: 720][D:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100>
[PID: 748][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 944][D:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690>
[D:\WINNT\Dll.dll] <N/A><N/A>
[D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxress.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxcpl.cpl] <Intel Corporation><3,0,0,1517>
[D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><8.00.00.9374>
[D:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[D:\WINNT\system32\igfxpph.dll] <Intel Corporation><3,0,0,1517>
[PID: 1144][D:\WINNT\system32\hkcmd.exe] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxdev.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxhk.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517>
[PID: 1176][D:\Program Files\Analog Devices\SoundMAX\Smtray.exe] <Analog Devices, Inc.><3, 0, 205, 0>
[PID: 1128][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] <Symantec Corporation><8.00.00.9374>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll] <Symantec Corporation><8.00.00.9374>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><8.00.00.9374>
[PID: 316][D:\WINNT\system32\Internat.exe] <Microsoft Corporation><5.00.2920.0000>
[PID: 424][D:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701>
[PID: 1076][D:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655>
[PID: 420][D:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106>
[D:\WINNT\system32\PWBX3245.IME] <Beijing WangMa Computer General Company.><5.00.000>
[D:\WINNT\system\WBX3245.dll] <N/A><N/A>
[D:\WINNT\system\WMW3245.dll] <N/A><N/A>
[D:\WINNT\system\WMSYS32.dll] <N/A><N/A>
[PID: 1328][C:\工具\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["D:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================




A:



System Repair Engineer 刪除下面一條啟動項
<CheckFaultKernel><D:\WINNT\system32\mswdm.exe> []


從system volumeinformation\_restore 系統還原備份資料夾中發現了病毒、木馬
我的電腦->右鍵->內容->系統還原,禁用系統還原功能


Dr.Web發現了很多病毒、木馬、後門,其中大部分已經被清除或刪除。重新用Dr.Web掃瞄一遍電腦,如果不再報告新病毒,就算解決了

Q:


請問我是win2000,在哪裡可以系統還原,禁用系統還原功能



A:

你大概裝的是雙系統。C硬碟分區上裝的是XP嗎? 系統還原在XP中有這個功能,可用從XP系統中禁用



Q:
哦,原來如此,謝謝

我機器以前做過XP,後來出問題裝了2000,XP沒能刪清




A:




不用客氣,電腦問題尤其是病毒問題,還是具體問題具體分析的好

psac 2006-09-04 05:52 PM

Q:

【求助】奇怪啊,Win32.HLLW.Gavir.17 殺不清

就是剛才OFFCE的問題,我使用Dr.Web CureIT殺了,重啟後再殺時發現又有文件感染了這個,再次使用Dr.Web CureIT殺一次,系統確認CURED,重啟過後再查又發現有文件感染
經常是winnt/rund132.exe等幾個exe文件,.
我再用System Repair Engineer,請高手再幫著看下
2006-09-01,16:24:37

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><Internat.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation]
<IgfxTray><; D:\WINNT\system32\igfxtray.exe> [Intel Corporation]
<HotKeysCmds><D:\WINNT\system32\hkcmd.exe> [Intel Corporation]
<Smapp><D:\Program Files\Analog Devices\SoundMAX\Smtray.exe> [Analog Devices, Inc.]
<vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation]
<TkBellExe><; "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><D:\WINNT\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><D:\WINNT\system32\NavLogon.dll> []
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><D:\WINNT\system32\MAT2.scr> []

==================================
啟動資料夾
[Adobe Gamma Loader]
<D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Adobe Gamma Loader.lnk><H>
[Microsoft Office]
<D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Microsoft Office.lnk><N>

==================================
服務
[DefWatch / DefWatch]
<"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
<D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Kingsoft Personal Firewall Service / KPfwSvc]
<"D:\KAV2005\KPfwSvc.EXE"><N/A>
[Messenger / Messenger]
<\SystemRoot\D:\WINNT\system32\services.exe><N/A>
[Symantec AntiVirus Client / Norton AntiVirus Server]
<"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>

==================================
瀏覽器載入項
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <c:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[@msdxmLC.dll,-1@2052,電台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <D:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll, N/A>
[MeadCo ScriptX]
{1663ed61-23eb-11d2-b92f-008048fdd814} <D:\WINNT\system32\MCScripX.dll, Mead & Co Limited>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <D:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[上傳到QQ網路硬碟]
<C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[新增到QQ自定義面板]
<C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[新增到QQ表情]
<C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信發送該圖片]
<C:\Program Files\Tencent\qq\SendMMS.htm, N/A>

==================================
正在執行的工作行程
[PID: 144][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 172][\??\D:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 192][\??\D:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6997>
[D:\WINNT\system32\NavLogon.dll] <N/A><N/A>
[PID: 220][D:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.7035>
[D:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3>
[PID: 232][D:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.7011>
[PID: 408][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 432][D:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.7059>
[PID: 460][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe] <Symantec Corporation><8.00.00.9374>
[PID: 480][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 504][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe] <Symantec Corporation><8.00.00.9374>
[D:\WINNT\system32\CBA.DLL] <Intel? Corporation><6.12.0.71 E>
[D:\WINNT\system32\MsgSys.dll] <Intel? Corporation><6.12.0.71 E>
[D:\WINNT\system32\NTS.dll] <Intel? Corporation><6.12.0.71 E>
[D:\WINNT\system32\PDS.DLL] <Intel? Corporation><6.12.0.71 E>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVLU.dll] <Symantec Corporation><8.00.00.9374>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\i2ldvp3.dll] <Symantec Corporation><8.00.00.9374>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPI32.DLL] <Symantec Corp.><4.1.0.15>
[D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX32a.DLL] <Symantec Corporation><20061.2.0.26>
[D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG32.DLL] <Symantec Corporation><20061.2.0.26>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP32.DLL] <Symantec Corporation><9.0.0.14>
[PID: 620][D:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6972>
[PID: 652][D:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100>
[PID: 728][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 940][D:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690>
[D:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><8.00.00.9374>
[D:\WINNT\Dll.dll] <N/A><N/A>
[PID: 964][D:\WINNT\system32\hkcmd.exe] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxdev.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxhk.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517>
[PID: 308][D:\Program Files\Analog Devices\SoundMAX\Smtray.exe] <Analog Devices, Inc.><3, 0, 205, 0>
[PID: 1164][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] <Symantec Corporation><8.00.00.9374>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll] <Symantec Corporation><8.00.00.9374>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><8.00.00.9374>
[PID: 1180][D:\WINNT\system32\Internat.exe] <Microsoft Corporation><5.00.2920.0000>
[PID: 808][D:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655>
[PID: 1288][C:\jstax\jstax.exe] <N/A><N/A>
[C:\jstax\PBVM60.dll] <Sybase Inc.><6.5.1.620>
[C:\jstax\pbdwe60.dll] <Sybase Inc.><6.5.1.620>
[PID: 304][C:\jstax\swdj.exe] <N/A><N/A>
[C:\jstax\PBVM60.dll] <Sybase Inc.><6.5.1.620>
[C:\jstax\pbdwe60.dll] <Sybase Inc.><6.5.1.620>
[C:\jstax\pbSYC60.dll] <Sybase Inc.><6.5.1.620>
[C:\jstax\libct.dll] <N/A><N/A>
[C:\jstax\libintl.dll] <N/A><N/A>
[C:\jstax\libcomn.dll] <N/A><N/A>
[C:\jstax\libtcl.dll] <N/A><N/A>
[C:\jstax\libcs.dll] <N/A><N/A>
[C:\jstax\nlmsnmp.dll] <N/A><N/A>
[C:\jstax\nlwnsck.dll] <N/A><N/A>
[PID: 684][D:\WINNT\WinRAR.exe] <N/A><N/A>
[PID: 340][D:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701>
[PID: 540][C:\工具\cureit\_start.exe] <Doctor Web, Ltd.><2.44>
[PID: 752][C:\工具\cureit\cureit.exe] <Doctor Web, Ltd.><4, 33, 2, 6080>
[C:\工具\cureit\dwebllio.dll] <Doctor Web Ltd.><4, 32, 0, 0>
[PID: 1068][D:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106>
[D:\WINNT\system32\PWBX3245.IME] <Beijing WangMa Computer General Company.><5.00.000>
[D:\WINNT\system\WBX3245.dll] <N/A><N/A>
[D:\WINNT\system\WMW3245.dll] <N/A><N/A>
[D:\WINNT\system\WMSYS32.dll] <N/A><N/A>
[PID: 1332][C:\工具\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["D:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================



A:
Symantec AntiVirus 能升級嗎? 不認識這個病毒?


Win32.HLLW.Gavir.17 國內的殺毒軟件命名為「維金」病毒,感染EXE格式文件


請把Dr.Web CureIT的殺毒報告發上來,最後有哪幾個病毒清除不掉?


D:\WINNT\Dll.dll 這個文件應該有問題,請手動刪除



Q:

星期五我下班前再查了一次,沒發現病毒,可是今天中午又跳出提示rund132.exe出現錯誤,一查又中了,


=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.06080)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2006-09-04, 11:52:44 [LSFJ0008][Administrator]
Command-line: "C:\工具\cureit\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows 2000 Professional x86 (Build 2195), Service Pack 4
=============================================================================
Engine version: 4.33 (4.33.4.07270)
Engine API version: 2.01
[Virus base] C:\工具\cureit\crwtoday.cdb - 684 virus records
[Virus base] C:\工具\cureit\crw43350.cdb - 1020 virus records
[Virus base] C:\工具\cureit\crw43349.cdb - 1008 virus records
[Virus base] C:\工具\cureit\crw43348.cdb - 1096 virus records
[Virus base] C:\工具\cureit\crw43347.cdb - 707 virus records
[Virus base] C:\工具\cureit\crw43346.cdb - 1429 virus records
[Virus base] C:\工具\cureit\crw43345.cdb - 1358 virus records
[Virus base] C:\工具\cureit\crw43344.cdb - 694 virus records
[Virus base] C:\工具\cureit\crw43343.cdb - 1186 virus records
[Virus base] C:\工具\cureit\crw43342.cdb - 744 virus records
[Virus base] C:\工具\cureit\crw43341.cdb - 841 virus records
[Virus base] C:\工具\cureit\crw43340.cdb - 822 virus records
[Virus base] C:\工具\cureit\crw43339.cdb - 1071 virus records
[Virus base] C:\工具\cureit\crw43338.cdb - 989 virus records
[Virus base] C:\工具\cureit\crw43337.cdb - 855 virus records
[Virus base] C:\工具\cureit\crw43336.cdb - 1297 virus records
[Virus base] C:\工具\cureit\crw43335.cdb - 1195 virus records
[Virus base] C:\工具\cureit\crw43334.cdb - 900 virus records
[Virus base] C:\工具\cureit\crw43333.cdb - 1381 virus records
[Virus base] C:\工具\cureit\crw43332.cdb - 1340 virus records
[Virus base] C:\工具\cureit\crw43331.cdb - 2735 virus records
[Virus base] C:\工具\cureit\crw43330.cdb - 2078 virus records
[Virus base] C:\工具\cureit\crw43329.cdb - 2490 virus records
[Virus base] C:\工具\cureit\crw43328.cdb - 743 virus records
[Virus base] C:\工具\cureit\crw43327.cdb - 958 virus records
[Virus base] C:\工具\cureit\crw43326.cdb - 793 virus records
[Virus base] C:\工具\cureit\crw43325.cdb - 713 virus records
[Virus base] C:\工具\cureit\crw43324.cdb - 655 virus records
[Virus base] C:\工具\cureit\crw43323.cdb - 655 virus records
[Virus base] C:\工具\cureit\crw43322.cdb - 778 virus records
[Virus base] C:\工具\cureit\crw43321.cdb - 846 virus records
[Virus base] C:\工具\cureit\crw43320.cdb - 808 virus records
[Virus base] C:\工具\cureit\crw43319.cdb - 764 virus records
[Virus base] C:\工具\cureit\crw43318.cdb - 838 virus records
[Virus base] C:\工具\cureit\crw43317.cdb - 363 virus records
[Virus base] C:\工具\cureit\crw43316.cdb - 730 virus records
[Virus base] C:\工具\cureit\crw43315.cdb - 627 virus records
[Virus base] C:\工具\cureit\crw43314.cdb - 824 virus records
[Virus base] C:\工具\cureit\crw43313.cdb - 842 virus records
[Virus base] C:\工具\cureit\crw43312.cdb - 830 virus records
[Virus base] C:\工具\cureit\crw43311.cdb - 862 virus records
[Virus base] C:\工具\cureit\crw43310.cdb - 853 virus records
[Virus base] C:\工具\cureit\crw43309.cdb - 733 virus records
[Virus base] C:\工具\cureit\crw43308.cdb - 708 virus records
[Virus base] C:\工具\cureit\crw43307.cdb - 839 virus records
[Virus base] C:\工具\cureit\crw43306.cdb - 930 virus records
[Virus base] C:\工具\cureit\crw43305.cdb - 759 virus records
[Virus base] C:\工具\cureit\crw43304.cdb - 721 virus records
[Virus base] C:\工具\cureit\crw43303.cdb - 638 virus records
[Virus base] C:\工具\cureit\crw43302.cdb - 806 virus records
[Virus base] C:\工具\cureit\crw43301.cdb - 504 virus records
[Virus base] C:\工具\cureit\crw43300.cdb - 24 virus records
[Virus base] C:\工具\cureit\crwebase.cdb - 78674 virus records
[Virus base] C:\工具\cureit\cwrtoday.cdb - 227 virus records
[Virus base] C:\工具\cureit\cwr43301.cdb - 697 virus records
[Virus base] C:\工具\cureit\crwrisky.cdb - 1271 virus records
[Virus base] C:\工具\cureit\cwntoday.cdb - 105 virus records
[Virus base] C:\工具\cureit\cwn43304.cdb - 793 virus records
[Virus base] C:\工具\cureit\cwn43303.cdb - 766 virus records
[Virus base] C:\工具\cureit\cwn43302.cdb - 850 virus records
[Virus base] C:\工具\cureit\cwn43301.cdb - 773 virus records
[Virus base] C:\工具\cureit\crwnasty.cdb - 4867 virus records
Total virus records: 138087
Key file: C:\工具\cureit\cureit.key
License key number: 0000000010
Registered to: Dr.Web CureIt Project
License key activates: 2005-03-05
License key expires: 2007-03-05

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] D:\WINNT\System32\smss.exe
[Scan path] D:\WINNT\system32\csrss.exe
[Scan path] D:\WINNT\system32\winlogon.exe
[Scan path] D:\WINNT\system32\services.exe
[Scan path] D:\WINNT\system32\lsass.exe
[Scan path] D:\WINNT\system32\svchost.exe
[Scan path] D:\WINNT\system32\spoolsv.exe
[Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
[Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
[Scan path] D:\WINNT\system32\MSTask.exe
[Scan path] D:\WINNT\System32\WBEM\WinMgmt.exe
[Scan path] D:\WINNT\Explorer.EXE
[Scan path] D:\WINNT\system32\hkcmd.exe
[Scan path] D:\Program Files\Analog Devices\SoundMAX\Smtray.exe
[Scan path] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
[Scan path] D:\WINNT\system32\Internat.exe
[Scan path] D:\WINNT\system32\conime.exe
[Scan path] D:\Program Files\Internet Explorer\IEXPLORE.EXE
[Scan path] D:\WINNT\magicset746onlinedown.exe
D:\WINNT\magicset746onlinedown.exe infected with Win32.HLLW.Gavir.17 - will be cured after reboot

[Scan path] D:\WINNT\system32\regsvc.exe
[Scan path] C:\工具\cureit\_start.exe
[Scan path] C:\工具\cureit\cureit.exe
[Scan path] D:\WINNT\system32\mobsync.exe
[Scan path] D:\WINNT\command\rundll32.exe
[Scan path] D:\WINNT\system32\mswdm.exe
D:\WINNT\system32\mswdm.exe infected with Trojan.PWS.Gamania - incurable - moved

[Scan path] d:\program files\internet explorer\connection wizard\icwconn1.exe
[Scan path] D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[Scan path] D:\Program Files\Microsoft Office\Office\OSA9.EXE
[Scan path] D:\WINNT\system32\mmsys.cpl
[Scan path] D:\WINNT\system32\icmui.dll
[Scan path] D:\WINNT\system32\rshx32.dll
[Scan path] D:\WINNT\system32\docprop.dll
[Scan path] D:\WINNT\system32\ntshrui.dll
[Scan path] D:\WINNT\system32\plustab.dll
[Scan path] D:\WINNT\system32\deskadp.dll
[Scan path] D:\WINNT\system32\deskmon.dll
[Scan path] D:\WINNT\system32\dssec.dll
[Scan path] D:\WINNT\system32\shscrap.dll
[Scan path] D:\WINNT\system32\diskcopy.dll
[Scan path] D:\WINNT\system32\ntlanui2.dll
[Scan path] D:\WINNT\system32\printui.dll
[Scan path] D:\WINNT\system32\dskquoui.dll
[Scan path] D:\WINNT\system32\syncui.dll
[Scan path] D:\WINNT\system32\hticons.dll
[Scan path] D:\WINNT\system32\fontext.dll
[Scan path] D:\WINNT\system32\deskperf.dll
[Scan path] D:\WINNT\system32\wshext.dll
[Scan path] D:\WINNT\system32\cryptext.dll
[Scan path] D:\WINNT\system32\NETSHELL.dll
[Scan path] D:\WINNT\system32\shdocvw.dll
[Scan path] D:\WINNT\system32\mstask.dll
[Scan path] D:\WINNT\system32\shell32.dll
[Scan path] D:\WINNT\system32\browseui.dll
[Scan path] D:\WINNT\system32\sendmail.dll
[Scan path] D:\WINNT\system32\occache.dll
[Scan path] D:\WINNT\system32\webcheck.dll
[Scan path] D:\WINNT\system32\thumbvw.dll
[Scan path] D:\WINNT\system32\appwiz.cpl
[Scan path] D:\WINNT\system32\dsfolder.dll
[Scan path] D:\WINNT\system32\dsquery.dll
[Scan path] D:\WINNT\system32\dsuiext.dll
[Scan path] D:\WINNT\system32\mydocs.dll
[Scan path] D:\WINNT\system32\cscui.dll
[Scan path] D:\WINNT\system32\mmcshext.dll
[Scan path] D:\WINNT\system32\cabview.dll
[Scan path] D:\WINNT\system32\dllcache\wabfind.dll
[Scan path] D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
[Scan path] D:\WINNT\system32\cdfview.dll
[Scan path] D:\Program Files\Real\RealPlayer\rpshell.dll
[Scan path] D:\Program Files\WinRAR\rarext.dll
[Scan path] D:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
[Scan path] D:\WINNT\system32\stobject.dll
[Scan path] D:\WINNT\system32\crypt32.dll
[Scan path] D:\WINNT\system32\cryptnet.dll
[Scan path] D:\WINNT\system32\cscdll.dll
[Scan path] D:\WINNT\system32\igfxsrvc.dll
[Scan path] D:\WINNT\system32\NavLogon.dll
[Scan path] D:\WINNT\system32\sclgntfy.dll
[Scan path] D:\WINNT\system32\WlNotify.dll
[Scan path] D:\WINNT\system32\wzcdlg.dll
[Scan path] D:\WINNT\system32\DRIVERS\ACPI.sys
[Scan path] D:\WINNT\System32\drivers\afd.sys
[Scan path] D:\WINNT\system32\DRIVERS\asyncmac.sys
[Scan path] D:\WINNT\system32\DRIVERS\atapi.sys
[Scan path] D:\WINNT\system32\DRIVERS\atmarpc.sys
[Scan path] D:\WINNT\system32\DRIVERS\audstub.sys
[Scan path] d:\winnt\system32\svchost.exe
[Scan path] D:\WINNT\system32\DRIVERS\CCDECODE.sys
[Scan path] D:\WINNT\system32\DRIVERS\cdrom.sys
[Scan path] D:\WINNT\system32\cisvc.exe
[Scan path] D:\WINNT\system32\clipsrv.exe
[Scan path] D:\WINNT\system32\DRIVERS\disk.sys
[Scan path] d:\winnt\system32\dmadmin.exe
[Scan path] D:\WINNT\System32\drivers\dmboot.sys
[Scan path] D:\WINNT\System32\drivers\dmio.sys
[Scan path] D:\WINNT\System32\drivers\dmload.sys
[Scan path] D:\WINNT\system32\drivers\DMusic.sys
[Scan path] D:\WINNT\system32\DRIVERS\e100bnt5.sys
[Scan path] D:\WINNT\system32\faxsvc.exe
[Scan path] D:\WINNT\system32\DRIVERS\fdc.sys
[Scan path] D:\WINNT\system32\DRIVERS\flpydisk.sys
[Scan path] D:\WINNT\system32\drivers\fltmgr.sys
[Scan path] D:\WINNT\system32\DRIVERS\fsvga.sys
[Scan path] D:\WINNT\system32\DRIVERS\ftdisk.sys
[Scan path] D:\WINNT\system32\DRIVERS\msgpc.sys
[Scan path] D:\WINNT\system32\DRIVERS\i8042prt.sys
[Scan path] D:\WINNT\system32\DRIVERS\ialmnt5.sys
[Scan path] D:\WINNT\system32\DRIVERS\intelide.sys
[Scan path] D:\WINNT\System32\DRIVERS\ipfltdrv.sys
[Scan path] D:\WINNT\system32\DRIVERS\ipinip.sys
[Scan path] D:\WINNT\system32\DRIVERS\ipnat.sys
[Scan path] D:\WINNT\system32\DRIVERS\ipsec.sys
[Scan path] D:\WINNT\System32\DRIVERS\irenum.sys
[Scan path] D:\WINNT\system32\DRIVERS\isapnp.sys
[Scan path] D:\WINNT\system32\DRIVERS\kbdclass.sys
[Scan path] D:\WINNT\system32\drivers\kmixer.sys
[Scan path] D:\WINNT\system32\drivers\kmsinput.sys
[Scan path] D:\WINNT\system32\mnmsrvc.exe
[Scan path] D:\WINNT\system32\DRIVERS\mouclass.sys
[Scan path] D:\WINNT\system32\DRIVERS\MPE.sys
[Scan path] D:\WINNT\system32\DRIVERS\mrxsmb.sys
[Scan path] D:\WINNT\system32\msdtc.exe
[Scan path] d:\winnt\system32\msiexec.exe
[Scan path] D:\WINNT\system32\drivers\MSKSSRV.sys
[Scan path] D:\WINNT\system32\drivers\MSPCLOCK.sys
[Scan path] D:\WINNT\system32\drivers\MSPQM.sys
[Scan path] D:\WINNT\system32\drivers\MSTEE.sys
[Scan path] D:\WINNT\system32\DRIVERS\NABTSFEC.sys
[Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
[Scan path] C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPEL.SYS
[Scan path] D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG.sys
[Scan path] D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX15.sys
[Scan path] D:\WINNT\system32\DRIVERS\ndistapi.sys
[Scan path] D:\WINNT\system32\DRIVERS\ndisuio.sys
[Scan path] D:\WINNT\system32\DRIVERS\ndiswan.sys
[Scan path] D:\WINNT\system32\DRIVERS\netbios.sys
[Scan path] D:\WINNT\system32\DRIVERS\netbt.sys
[Scan path] D:\WINNT\system32\netdde.exe
[Scan path] D:\WINNT\system32\drivers\netdtect.sys
[Scan path] D:\WINNT\system32\DRIVERS\nwlnkflt.sys
[Scan path] D:\WINNT\system32\DRIVERS\nwlnkfwd.sys
[Scan path] D:\WINNT\system32\DRIVERS\parallel.sys
[Scan path] D:\WINNT\system32\DRIVERS\parport.sys
[Scan path] D:\WINNT\system32\DRIVERS\pci.sys
[Scan path] D:\WINNT\system32\DRIVERS\pciide.sys
[Scan path] D:\WINNT\system32\DRIVERS\raspptp.sys
[Scan path] D:\WINNT\system32\DRIVERS\ptilink.sys
[Scan path] D:\WINNT\system32\DRIVERS\rasacd.sys
[Scan path] D:\WINNT\system32\DRIVERS\rasl2tp.sys
[Scan path] D:\WINNT\system32\DRIVERS\raspti.sys
[Scan path] D:\WINNT\system32\drivers\RCA.sys
[Scan path] D:\WINNT\system32\DRIVERS\rdbss.sys
[Scan path] D:\WINNT\system32\DRIVERS\redbook.sys
[Scan path] D:\WINNT\system32\locator.exe
[Scan path] d:\winnt\system32\rsvp.exe
[Scan path] D:\WINNT\System32\SCardSvr.exe
[Scan path] D:\WINNT\system32\DRIVERS\serenum.sys
[Scan path] D:\WINNT\system32\DRIVERS\serial.sys
[Scan path] D:\WINNT\system32\DRIVERS\SLIP.sys
[Scan path] D:\WINNT\system32\drivers\smwdm.sys
[Scan path] D:\WINNT\system32\DRIVERS\srv.sys
[Scan path] D:\WINNT\system32\DRIVERS\StreamIP.sys
[Scan path] D:\WINNT\system32\DRIVERS\swenum.sys
[Scan path] D:\WINNT\system32\drivers\swmidi.sys
[Scan path] D:\Program Files\Symantec\SYMEVENT.SYS
[Scan path] D:\WINNT\system32\drivers\sysaudio.sys
[Scan path] D:\WINNT\system32\smlogsvc.exe
[Scan path] D:\WINNT\system32\DRIVERS\tcpip.sys
[Scan path] D:\WINNT\system32\tlntsvr.exe
[Scan path] D:\WINNT\system32\DRIVERS\uhcd.sys
[Scan path] D:\WINNT\system32\DRIVERS\update.sys
[Scan path] D:\WINNT\System32\ups.exe
[Scan path] D:\WINNT\system32\DRIVERS\usbehci.sys
[Scan path] D:\WINNT\system32\DRIVERS\usbhub.sys
[Scan path] D:\WINNT\system32\DRIVERS\usbhub20.sys
[Scan path] D:\WINNT\system32\DRIVERS\USBSTOR.SYS
[Scan path] D:\WINNT\System32\UtilMan.exe
[Scan path] D:\WINNT\System32\drivers\vga.sys
[Scan path] D:\WINNT\system32\DRIVERS\wanarp.sys
[Scan path] D:\WINNT\system32\drivers\wdmaud.sys
[Scan path] D:\WINNT\system32\DRIVERS\WSTCODEC.SYS
[Scan path] D:\WINNT\system32\drivers\ialmsbw.sys
[Scan path] D:\WINNT\system32\ntsd.exe
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 185
Infected objects found: 2
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 1
Objects ignored: 0
Scan speed: 361 Kb/s
Scan time: 00:01:25
-----------------------------------------------------------------------------

[Scan path] C:\
C:\IBMTOOLS\APPS\ACCESS\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\APPS\ACROBAT\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\APPS\NORTONAV\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\APPS\NORTONAV\NAV\MSSHLIB\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\APPS\NORTONAV\NAV\RESCUE\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SMAXWDM\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SMAXWDM\W2K_XP\INSTALL.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Control Panel\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Sensaura 3D\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Synthesizer\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\CHIPSET\INTEL\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\IBMTOOLS\DRIVERS\VIDEO\INTEL\WXP\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\power65bak\PB6\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Analog Devices\SoundMAX\install.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Analog Devices\SoundMAX WDM Driver\install.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\MSN Messenger\msnmsgr.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Outlook Express\msimn.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\Setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Real\RealOne Player\realplay.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\Real\RealPlayer\realplay.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\TTPlayer\TTPlayer.exe infected with Win32.HLLW.Gavir.17 - cured
C:\Program Files\UltraEdit\uedit32.exe infected with Win32.HLLW.Gavir.17 - cured
C:\RECYCLER\S-1-5-21-583907252-1364589140-682003330-500\Dc16.4\Setup.exe infected with Win32.HLLW.Gavir.17 - cured
C:\RECYCLER\S-1-5-21-583907252-1364589140-682003330-500\Dc19\APPS\SNMP\AGENT\W2K-WS32\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\wbzx9801\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured
C:\writeIC備份\ICsetup\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured

[Scan path] D:\
D:\WINNT\Dll.dll infected with Win32.HLLW.Gavir.17 - will be cured after reboot
D:\WINNT\rundl132.exe infected with Win32.HLLW.Gavir.17 - cured
D:\WINNT\magicset746onlinedown.exe.delete_on_reboot infected with Win32.HLLW.Gavir.17 - will be cured after reboot
D:\WINNT\system32\config\software.LOG - read error
D:\WINNT\system32\config\default.LOG - read error
D:\WINNT\system32\config\SECURITY - read error
D:\WINNT\system32\config\SECURITY.LOG - read error
D:\WINNT\system32\config\SYSTEM.ALT - read error
D:\WINNT\system32\config\SAM - read error
D:\WINNT\system32\config\SAM.LOG - read error
D:\WINNT\system32\config\SYSTEM - read error
D:\WINNT\system32\config\SOFTWARE - read error
D:\WINNT\system32\config\DEFAULT - read error
D:\Documents and Settings\Administrator\NTUSER.DAT - read error
D:\Documents and Settings\Administrator\NTUSER~1.LOG - read error
>D:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\J6WRJTKD\icast[1].txtD:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\STIBCDUN\mhxy[1].exe infected with Trojan.PWS.Gamania - incurable - moved
D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLASS.DAT - read error
D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
D:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe infected with Win32.HLLW.Gavir.17 - cured
D:\Program Files\WinRAR\WinRAR.exe infected with Win32.HLLW.Gavir.17 - cured
D:\Program Files\Analog Devices\SoundMAX WDM Driver\install.exe infected with Win32.HLLW.Gavir.17 - cured
D:\Program Files\Microsoft Office\Office\EXCEL.EXE infected with Win32.HLLW.Gavir.17 - cured
D:\Program Files\Microsoft Office\Office\WINWORD.EXE infected with Win32.HLLW.Gavir.17 - cured
D:\Program Files\Real\RealPlayer\realplay.exe infected with Win32.HLLW.Gavir.17 - cured

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 123413
Infected objects found: 37
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 34
Objects deleted: 0
Objects renamed: 0
Objects moved: 1
Objects ignored: 0
Scan speed: 663 Kb/s
Scan time: 01:41:25
-----------------------------------------------------------------------------
2006-09-04,13:45:20

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><Internat.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation]
<IgfxTray><; D:\WINNT\system32\igfxtray.exe> [Intel Corporation]
<HotKeysCmds><D:\WINNT\system32\hkcmd.exe> [Intel Corporation]
<Smapp><D:\Program Files\Analog Devices\SoundMAX\Smtray.exe> [Analog Devices, Inc.]
<vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation]
<TkBellExe><; "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<Tray><D:\WINNT\command\rundll32.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><D:\WINNT\system32\userinit.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><D:\WINNT\system32\NavLogon.dll> []
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><D:\WINNT\system32\MAT2.scr> []

==================================
啟動資料夾
[Adobe Gamma Loader]
<D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Adobe Gamma Loader.lnk><H>
[Microsoft Office]
<D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Microsoft Office.lnk><N>

==================================
服務
[DefWatch / DefWatch]
<"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
<D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Kingsoft Personal Firewall Service / KPfwSvc]
<"D:\KAV2005\KPfwSvc.EXE"><N/A>
[Messenger / Messenger]
<\SystemRoot\D:\WINNT\system32\services.exe><N/A>
[Symantec AntiVirus Client / Norton AntiVirus Server]
<"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>

==================================
瀏覽器載入項
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <c:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[@msdxmLC.dll,-1@2052,電台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <D:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll, N/A>
[MeadCo ScriptX]
{1663ed61-23eb-11d2-b92f-008048fdd814} <D:\WINNT\system32\MCScripX.dll, Mead & Co Limited>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <D:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[上傳到QQ網路硬碟]
<C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[新增到QQ自定義面板]
<C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[新增到QQ表情]
<C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信發送該圖片]
<C:\Program Files\Tencent\qq\SendMMS.htm, N/A>

==================================
正在執行的工作行程
[PID: 144][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 172][\??\D:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 192][\??\D:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6997>
[D:\WINNT\system32\NavLogon.dll] <N/A><N/A>
[PID: 220][D:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.7035>
[D:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3>
[PID: 232][D:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.7011>
[PID: 404][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 428][D:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.7059>
[PID: 456][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe] <Symantec Corporation><8.00.00.9374>
[PID: 476][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 508][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe] <Symantec Corporation><8.00.00.9374>
[D:\WINNT\system32\CBA.DLL] <Intel? Corporation><6.12.0.71 E>
[D:\WINNT\system32\MsgSys.dll] <Intel? Corporation><6.12.0.71 E>
[D:\WINNT\system32\NTS.dll] <Intel? Corporation><6.12.0.71 E>
[D:\WINNT\system32\PDS.DLL] <Intel? Corporation><6.12.0.71 E>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVLU.dll] <Symantec Corporation><8.00.00.9374>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\i2ldvp3.dll] <Symantec Corporation><8.00.00.9374>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPI32.DLL] <Symantec Corp.><4.1.0.15>
[D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX32a.DLL] <Symantec Corporation><20061.2.0.26>
[D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG32.DLL] <Symantec Corporation><20061.2.0.26>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP32.DLL] <Symantec Corporation><9.0.0.14>
[D:\PROGRA~1\COMMON~1\SYMANT~1\SSC\Scandlgs.dll] <Symantec Corporation><8.00.00.9374>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\DecSDK.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2ID.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2UUE.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2AMG.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2ARJ.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2CAB.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2EXE.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2GZIP.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2HQX.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2LHA.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2LZ.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2MIME.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2SS.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2RTF.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2TAR.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2TNEF.dll] <Symantec Corporation><3.02.07.19>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2ZIP.dll] <Symantec Corporation><3.02.07.19>
[PID: 624][D:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6972>
[PID: 656][D:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100>
[PID: 720][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 868][D:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690>
[D:\WINNT\system32\igfxcpl.cpl] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxress.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3,0,0,1517>
[D:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><8.00.00.9374>
[D:\WINNT\system32\igfxpph.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxdev.dll] <Intel Corporation><3,0,0,1517>
[PID: 412][D:\WINNT\system32\hkcmd.exe] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxdev.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxhk.dll] <Intel Corporation><3,0,0,1517>
[D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517>
[PID: 1104][D:\Program Files\Analog Devices\SoundMAX\Smtray.exe] <Analog Devices, Inc.><3, 0, 205, 0>
[PID: 1144][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] <Symantec Corporation><8.00.00.9374>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll] <Symantec Corporation><8.00.00.9374>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><8.00.00.9374>
[PID: 1168][D:\WINNT\system32\Internat.exe] <Microsoft Corporation><5.00.2920.0000>
[PID: 1284][D:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655>
[PID: 536][D:\WINNT\magicset746onlinedown.exe] <N/A><N/A>
[PID: 1236][D:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701>
[PID: 1384][C:\工具\cureit\_start.exe] <Doctor Web, Ltd.><2.44>
[PID: 1356][C:\工具\cureit\cureit.exe] <Doctor Web, Ltd.><4, 33, 2, 6080>
[C:\工具\cureit\dwebllio.dll] <Doctor Web Ltd.><4, 32, 0, 0>
[D:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL] <N/A><N/A>
[PID: 1348][D:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106>
[D:\WINNT\system32\PWBX3245.IME] <Beijing WangMa Computer General Company.><5.00.000>
[D:\WINNT\system\WBX3245.dll] <N/A><N/A>
[D:\WINNT\system\WMW3245.dll] <N/A><N/A>
[D:\WINNT\system\WMSYS32.dll] <N/A><N/A>
[PID: 1480][C:\工具\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP Error. [winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

A:






<Tray><D:\WINNT\command\rundll32.exe> [] 刪除此啟動項


D:\WINNT\command\rundll32.exe 刪除這個文件



請樓主檢查一下,局域網內其他電腦是否也中了這個毒? Win32.HLLW.Gavir.17 Viking病毒會通過網路傳播的

Windows 2000系統沒有自帶防火牆,因此對網路上面的病毒沒有防禦能力

建議裝一個防火牆軟件,如ZoneAlarm 6.0 Free 版。同時用殺毒軟件清理本機上的病毒

psac 2006-09-04 05:56 PM

Q:

【求助】IE被修改~怎麼也改不回來,求救
2006-09-04,14:55:45

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit> [NVIDIA Corporation]
<Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
<Realplayer.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
<Messager.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><nwiz.exe /install> [NVIDIA Corporation]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
<Realplayer.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
<Messager.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]

==================================
啟動資料夾
服務
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
瀏覽器載入項
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Recorder Control]
{2423AB16-9F42-457B-A337-FE3B11964DB0} <C:\PROGRA~1\bluesky\BLUESK~1\recorder.ocx, Bluesky Studio (http://www.bluesky.cn)>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[BlueskyVideo Control]
{2EA6D939-4445-43F1-A12B-8CB3DDA8B855} <C:\PROGRA~1\bluesky\BLUESK~1\v2.ocx, 藍天工作室(http://www.bluesky.cn)>
[Share Control]
{3072B1F1-0C4D-4E76-A7C6-FBAF129DBCC9} <C:\PROGRA~1\bluesky\BLUESK~1\share.ocx, http://www.bluesky.cn>
[HHCtrl Object]
{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[PP Control]
{7005341F-8E42-47E3-987B-3DBE6288048C} <C:\PROGRA~1\bluesky\BLUESK~1\pp.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Videohelp Control]
{75B75D86-D88B-4BEA-BC59-BFD9D7300518} <C:\PROGRA~1\bluesky\BLUESK~1\VIDEOH~1.OCX, Bluesky Studio(http://www.bluesky.cn)>
[Microsoft Web 瀏覽器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Filetran Control]
{88734439-46D0-42C0-A13F-7E881EE550CF} <C:\PROGRA~1\bluesky\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Chat Control]
{94EFE58C-E678-4808-AD65-24CE4B94C1FE} <C:\PROGRA~1\bluesky\BLUESK~1\chat.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Blueskyvoice Control]
{991481A7-4669-4e15-8C24-100404E1F5CB} <C:\PROGRA~1\bluesky\BLUESK~1\BLUESK~1.OCX, 藍天工作室(http://www.bluesky.cn)>
[Display Control]
{A1D97DB3-E564-4743-B2E7-6F5182CBF406} <C:\PROGRA~1\bluesky\BLUESK~1\display.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Tracechat Control]
{A40335C4-D3D1-4E7B-9130-039CDA5B603C} <C:\PROGRA~1\bluesky\BLUESK~1\TRACEC~1.OCX, bluesky studio>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Blueskyvoice Control]
{BA0F088C-72C1-475a-92F8-42391DEF6961} <C:\PROGRA~1\bluesky\BLUESK~1\BLUESK~2.OCX, 藍天工作室(http://www.bluesky.cn)>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Client Control]
{C7B0C764-5D4E-433E-A854-591F28520577} <C:\PROGRA~1\bluesky\BLUESK~1\client.ocx, >
[Play Control]
{CC20DDA1-9A21-4DEC-B5BE-E61E0351FCA9} <C:\PROGRA~1\bluesky\BLUESK~1\play.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下載]
<F:\迅雷\Thunder\geturl.htm, N/A>
[&使用迅雷下載全部鏈接]
<F:\迅雷\Thunder\getallurl.htm, N/A>
[使用網際快車下載]
<F:\FlashGet\jc_link.htm, N/A>
[使用網際快車下載全部鏈接]
<F:\FlashGet\jc_all.htm, N/A>

==================================
正在執行的工作行程
[PID: 444][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 508][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 532][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 576][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 588][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 740][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 796][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 856][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 904][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 952][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1240][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Tencent\QQ\RTraveler.dll] <N/A><N/A>
[C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.7776>
[C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7776>
[C:\WINDOWS\system32\nvshell.dll] <NVIDIA Corporation><6.14.10.10530>
[C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[PID: 1280][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1412][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.10>
[PID: 1524][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1552][C:\WINDOWS\system32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\NVMCTRAY.DLL] <NVIDIA Corporation><6.14.10.7776>
[C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7776>
[PID: 1568][C:\Program Files\Tencent\QQ\Messenger.exe] <N/A><N/A>
[PID: 1828][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.7776>
[PID: 1880][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 780][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 988][C:\WINDOWS\system32\wscntfy.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 224][E:\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[E:\sreng2\SREng2\Plugins\SREngPluginDemo.SRE] <Smallfrogs Studio><1, 1, 1, 0>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================


A:

先問一下,IE的主頁被修改為什麼網址???

1. 可以的話,把以下檔案壓縮好,上傳到樣本區
C:\Program Files\Tencent\QQ\RTraveler.dll
C:\Program Files\Tencent\QQ\Messenger.exe

2. 按 [Copy to clipboard] 複製以下所有文字

CODE:
OptionStatusOn
OptionSetStatus Terminating processes...
ProcessKill \Messenger.exe|1
ProcessKill \explorer.exe|1

OptionSetStatus Deleting files...
OptionOnDeleteFailUseReboot
FileDelete C:\Program Files\Tencent\QQ\RTraveler.dll
FileDelete C:\Program Files\Tencent\QQ\Messenger.exe

OptionSetStatus Cleaning Registry...
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Realplayer.exe
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Messenger.exe
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Messager.exe
RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Realplayer.exe
RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Messenger.exe
RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Messager.exe

OptionSetStatus Setting IE Start Page to about:blank
RegSetStringValue HKCU\Software\Microsoft\Internet Explorer\Main|Start Page|about:blank

OptionSetStatus Emptying the Temp folder...
SystemEmptyTempFolder

SystemRun %WINDIR%\explorer.exe

SystemRestart Some files cannot be deleted now.Please reboot your computer!|1
[Copy to clipboard]


a) 開始---->所有程式---->附屬應用程式---->記事本
b) 按 Ctrl + V/右click貼上剛才複製的內容,按 檔案 ----> 儲存
c) 改 檔案類型:所有檔案 ,檔案名稱為 delete.bfu ,儲存到桌面

3.
a)下載 Brute Force Uninstaller ,解壓到桌面,執行bfu.exe
b) 按一下 黃色資料夾,選取剛才的delete.bfu
c) 按 Execute ,之後會提示你重新啟動電腦,按 Y / 是 重新啟動電腦
d) 重新啟動後,掃瞄一個新的SREng log上黎



Q:


[url]http://7b.com.cn/[url]
這個網址`~還有另一個的`現在不記得了~


A:

好的~先跟著步驟做一次看看


把它上傳樣本區..專門==偵毒往網掃掃看....



Q:


2006-09-04,15:22:12

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit> [NVIDIA Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><nwiz.exe /install> [NVIDIA Corporation]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]

==================================
啟動資料夾
服務
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
瀏覽器載入項
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Recorder Control]
{2423AB16-9F42-457B-A337-FE3B11964DB0} <C:\PROGRA~1\bluesky\BLUESK~1\recorder.ocx, Bluesky Studio (http://www.bluesky.cn)>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[BlueskyVideo Control]
{2EA6D939-4445-43F1-A12B-8CB3DDA8B855} <C:\PROGRA~1\bluesky\BLUESK~1\v2.ocx, 藍天工作室(http://www.bluesky.cn)>
[Share Control]
{3072B1F1-0C4D-4E76-A7C6-FBAF129DBCC9} <C:\PROGRA~1\bluesky\BLUESK~1\share.ocx, http://www.bluesky.cn>
[HHCtrl Object]
{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[PP Control]
{7005341F-8E42-47E3-987B-3DBE6288048C} <C:\PROGRA~1\bluesky\BLUESK~1\pp.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Videohelp Control]
{75B75D86-D88B-4BEA-BC59-BFD9D7300518} <C:\PROGRA~1\bluesky\BLUESK~1\VIDEOH~1.OCX, Bluesky Studio(http://www.bluesky.cn)>
[Microsoft Web 瀏覽器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Filetran Control]
{88734439-46D0-42C0-A13F-7E881EE550CF} <C:\PROGRA~1\bluesky\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Chat Control]
{94EFE58C-E678-4808-AD65-24CE4B94C1FE} <C:\PROGRA~1\bluesky\BLUESK~1\chat.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Blueskyvoice Control]
{991481A7-4669-4e15-8C24-100404E1F5CB} <C:\PROGRA~1\bluesky\BLUESK~1\BLUESK~1.OCX, 藍天工作室(http://www.bluesky.cn)>
[Display Control]
{A1D97DB3-E564-4743-B2E7-6F5182CBF406} <C:\PROGRA~1\bluesky\BLUESK~1\display.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Tracechat Control]
{A40335C4-D3D1-4E7B-9130-039CDA5B603C} <C:\PROGRA~1\bluesky\BLUESK~1\TRACEC~1.OCX, bluesky studio>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Blueskyvoice Control]
{BA0F088C-72C1-475a-92F8-42391DEF6961} <C:\PROGRA~1\bluesky\BLUESK~1\BLUESK~2.OCX, 藍天工作室(http://www.bluesky.cn)>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Client Control]
{C7B0C764-5D4E-433E-A854-591F28520577} <C:\PROGRA~1\bluesky\BLUESK~1\client.ocx, >
[Play Control]
{CC20DDA1-9A21-4DEC-B5BE-E61E0351FCA9} <C:\PROGRA~1\bluesky\BLUESK~1\play.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下載]
<F:\迅雷\Thunder\geturl.htm, N/A>
[&使用迅雷下載全部鏈接]
<F:\迅雷\Thunder\getallurl.htm, N/A>
[使用網際快車下載]
<F:\FlashGet\jc_link.htm, N/A>
[使用網際快車下載全部鏈接]
<F:\FlashGet\jc_all.htm, N/A>

==================================
正在執行的工作行程
[PID: 444][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 508][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 532][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 576][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 588][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 740][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 796][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 856][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 908][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1004][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1236][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.7776>
[C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7776>
[C:\WINDOWS\system32\nvshell.dll] <NVIDIA Corporation><6.14.10.10530>
[C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[PID: 1272][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1408][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.10>
[PID: 1432][C:\WINDOWS\system32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\NvMcTray.dll] <NVIDIA Corporation><6.14.10.7776>
[C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7776>
[PID: 1440][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1712][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.7776>
[PID: 1760][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 400][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 852][C:\WINDOWS\system32\wscntfy.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1488][E:\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================


A:

log沒問題~
問題解決了

psac 2006-09-04 05:58 PM

Q:
【求助】不知為什麼我的電腦用著用著,就會自動當機!!!

不知為什麼我的電腦用著用著,就會自動當機!!!
請各位幫我看看是什麼回事??
2006-09-03,12:10:58

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation]
<iDuba Personal FireWall><C:\KAV6\Kavpfw.EXE> [Kingsoft Corporation]
<Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
<Realplayer.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
<Messager.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<iDuba Personal FireWall><C:\KAV6\Kavpfw.EXE> [Kingsoft Corporation]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<iparmor><rem C:\Program Files\Iparmor\Iparmor.exe mini> []
<KAVRun><C:\KAV6\KAVRun.EXE> [kingsoft]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
<SOUNDM><winsmd.exe> []
<Realplayer.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
<Messager.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\updown.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\KAV6\KaScrScn.scr> []

==================================
啟動資料夾
服務
[Autodesk Licensing Service / Autodesk Licensing Service]
<"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk, Inc.>
[C-DillaCdaC11BA / C-DillaCdaC11BA]
<C:\WINDOWS\System32\drivers\CDAC11BA.EXE><Macrovision>
[DirectX Graphics / dxdmain]
<C:\WINDOWS\System32\dxdmain.exe><N/A>
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[JMediaService / JMediaService]
<C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service><N/A>
[Local Security Authority Server / LSA Server]
<C:\WINDOWS\System32\lsasrv.exe><N/A>
[Local Security Authority Subsystem Service / lsass]
<"C:\WINDOWS\lsass.exe"><N/A>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[VKTServ / VKTServ]
<C:\WINDOWS\System32\VKTServ.exe><N/A>
[wint / wint]
<C:\WINDOWS\System32\RunDLL32.exe "C:\WINDOWS\System32\wint\wint.dll",Run -r><N/A>

==================================
瀏覽器載入項
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\System32\xunleibho_v4.dll, >
[KAVIEHelper Class]
{1B2F92A1-CDAF-4511-9382-91E3F5CE0880} <C:\Program Files\KOS\KOSIEBar.dll, 金山軟件股份有限公司>
[Router Layer]
{5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} <C:\WINDOWS\System32\aclayer.dll, N/A>
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[浩方對戰平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <C:\Program Files\浩方對戰平台\GameClient.exe, 上海浩方線上訊息技術有限公司>
[金山毒霸安全助手]
{EF72500A-C234-46C4-BF0A-9AA6913DDF34} <C:\Program Files\KOS\KOSIEBar.dll, 金山軟件股份有限公司>
[系統標準按鍵(&E)]
{6B2455FD-3669-4555-8DF8-69FD5BC846F8} <C:\WINDOWS\system32\SystemToolbar.dll, N/A>
[使用網際快車下載]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用網際快車下載全部鏈接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[新增到QQ自定義面板]
<C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[新增到QQ表情]
<C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>

==================================
正在執行的工作行程
[PID: 552][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 620][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 644][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 688][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 700][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 872][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 972][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1108][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1120][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1332][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.1699 (xpsp2.050610-1533)>
[PID: 1612][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
[C:\WINDOWS\System32\AcSignIcon.dll] <Autodesk><16.1.63.0>
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.1.63.0>
[C:\Program Files\Tencent\QQ\RTraveler.dll] <N/A><N/A>
[C:\WINDOWS\System32\KB4553736.LOG] <N/A><N/A>
[C:\WINDOWS\System32\xunleibho_v4.dll] <><4, 3, 2, 29>
[C:\PROGRA~1\FLASHGET\jccatch.dll] <Amaze Soft><1, 1, 4, 0>
[PID: 248][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.1622>
[PID: 288][C:\Program Files\Tencent\QQ\Messenger.exe] <N/A><N/A>
[PID: 344][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 956][C:\WINDOWS\System32\drivers\CDAC11BA.EXE] <Macrovision><4.20.030>
[PID: 1048][C:\WINDOWS\System32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.5303>
[PID: 224][C:\Program Files\SkyNet\FireWall\PFW.exe] <廣州眾達天網技術有限公司><2.7.7.1004>
[C:\Program Files\SkyNet\FireWall\SKYMISC.DLL] <N/A><N/A>
[C:\Program Files\SkyNet\FireWall\COMPRESSWRAP.DLL] <N/A><N/A>
[PID: 472][C:\Program Files\Vnet\VnetClient.exe] <><1, 0, 0, 1>
[C:\WINDOWS\system32\Maxthonz.dll] <N/A><N/A>
[C:\WINDOWS\System32\Macromed\Flash\FLASH.OCX] <Macromedia, Inc.><7,0,19,0>
[PID: 768][C:\Program Files\Common Files\Real\Update_OB\realevent.exe] <RealNetworks, Inc.><0.1.0.1622>
[C:\WINDOWS\System32\PNCRT.dll] <Real Networks, Inc><6.0.0.0>
[C:\Program Files\Common Files\Real\Update_OB\rnms3270.dll] <RealNetworks, Inc.><7.0.0.1452>
[C:\Program Files\Common Files\Real\Common\objb3201.dll] <RealNetworks, Inc.><0.1.0.3389>
[C:\Program Files\Common Files\Real\RCAPlugins\uisy3201.dll] <RealNetworks, Inc.><0.1.0.1760>
[C:\Program Files\Common Files\Real\Update_OB\rnad3201.dll] <RealNetworks, Inc.><0.1.0.1622>
[C:\Program Files\Common Files\Real\Update_OB\rnqu3270.dll] <RealNetworks, Inc.><7.0.0.1685>
[C:\Program Files\Common Files\Real\Update_OB\setu3270.dll] <RealNetworks, Inc.><7.0.0.2311>
[C:\Program Files\Common Files\Real\Plugins\http3260.dll] <RealNetworks, Inc.><6.0.7.4278>
[PID: 848][C:\Program Files\Common Files\Real\Update_OB\realevent.exe] <RealNetworks, Inc.><0.1.0.1622>
[C:\WINDOWS\System32\PNCRT.dll] <Real Networks, Inc><6.0.0.0>
[C:\Program Files\Common Files\Real\Update_OB\upgr3270.dll] <RealNetworks, Inc.><7.0.0.1675>
[C:\Program Files\Common Files\Real\Common\objb3201.dll] <RealNetworks, Inc.><0.1.0.3389>
[C:\Program Files\Common Files\Real\Update_OB\setu3270.dll] <RealNetworks, Inc.><7.0.0.2311>
[C:\Program Files\Common Files\Real\Update_OB\rnqu3270.dll] <RealNetworks, Inc.><7.0.0.1685>
[C:\Program Files\Common Files\Real\Update_OB\rnup3270.dll] <RealNetworks, Inc.><7.0.0.1052>
[C:\Program Files\Common Files\Real\Update_OB\twebbrowse.dll] <RealNetworks, Inc.><1.0.2.311>
[C:\Program Files\Common Files\Real\Update_OB\faus3270.dll] <RealNetworks, Inc.><7.0.0.1362>
[C:\Program Files\Common Files\Real\Common\pnrs3260.dll] <RealNetworks, Inc.><6.0.9.2068>
[C:\Program Files\Common Files\Real\Update_OB\rnad3201.dll] <RealNetworks, Inc.><0.1.0.1622>
[C:\Program Files\Common Files\Real\Update_OB\rnms3270.dll] <RealNetworks, Inc.><7.0.0.1452>
[C:\Program Files\Common Files\Real\Plugins\http3260.dll] <RealNetworks, Inc.><6.0.7.4278>
[PID: 1884][C:\Program Files\FlashGet\flashget.exe] <Amaze Soft><1, 6, 5, 0>
[C:\WINDOWS\system32\Maxthonz.dll] <N/A><N/A>
[C:\WINDOWS\System32\Macromed\Flash\FLASH.OCX] <Macromedia, Inc.><7,0,19,0>
[PID: 1956][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A>
[C:\WINDOWS\System32\AcSignIcon.dll] <Autodesk><16.1.63.0>
[PID: 492][C:\DOCUME~1\Naquan\LOCALS~1\Temp\Rar$EX02.625\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件關聯
.TXT Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. [C:\WINDOWS\hh.exe %1]
.HLP Error. [C:\WINDOWS\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================


;
A:

很多LJ....

1. 用 GMER 做個Rootkit Scan
a) 下載 GMER 並解壓gmer.zip
b) 執行gmer.exe ----> Rootkit
c) 確認選取了所有專案 ( Show All 除外), 按 Scan
d) 掃瞄完成後, 按 Copy複製掃瞄結果,在這裡貼上你的掃瞄結果

2. 使用SREng (相關操作說明)
-刪除以下的啟動項
<Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
<Realplayer.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
<Messager.exe><C:\Program Files\Tencent\QQ\Messenger.exe> []
<SOUNDM><winsmd.exe> []

-修改Userinit的數值為
C:\WINDOWS\System32\userinit.exe,

-刪除以下的服務
[DirectX Graphics / dxdmain]
<C:\WINDOWS\System32\dxdmain.exe><N/A>
[JMediaService / JMediaService]
<C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service><N/A>
[Local Security Authority Server / LSA Server]
<C:\WINDOWS\System32\lsasrv.exe><N/A>
[Local Security Authority Subsystem Service / lsass]
<"C:\WINDOWS\lsass.exe"><N/A>
[wint / wint]
<C:\WINDOWS\System32\RunDLL32.exe "C:\WINDOWS\System32\wint\wint.dll",Run -r><N/A>

-刪除以下瀏覽器載入項
[Router Layer]
{5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} <C:\WINDOWS\System32\aclayer.dll, N/A>
[系統標準按鍵(&E)]
{6B2455FD-3669-4555-8DF8-69FD5BC846F8} <C:\WINDOWS\system32\SystemToolbar.dll, N/A>

-修復以下文件關聯
.TXT Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.CHM Error. [C:\WINDOWS\hh.exe %1]
.HLP Error. [C:\WINDOWS\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF Error. [C:\WINDOWS\NOTEPAD.EXE %1]

3.
a) 下載 Pocket KillBox 並儲存到桌面
b) 按 [Copy to clipboard] 複製以下所有文字

CODE:
C:\WINDOWS\system32\Maxthonz.dll
C:\WINDOWS\System32\KB4553736.LOG
C:\WINDOWS\System32\wint\wint.dll
C:\WINDOWS\System32\dxdmain.exe
C:\WINDOWS\System32\lsasrv.exe
C:\WINDOWS\lsass.exe
[Copy to clipboard]

c) 執行 killbox.exe ,選 Delete on Reboot,再選 All Files
d) 按 File ---> Paste from Clipboard
e) 再按 紅色交叉(Delete File) , 當有提示時,按 Yes,另一個再按 No

電腦會自動重新啟動,如果沒有,請自行重新啟動電腦

4. 掃瞄新的SREng log上來



Q:


問當機了還開的了幾嗎?
我還要斷電源才可以開機



A:

請參考 - SREng常用操作說明 刪除給你的建議。如果不能刪除,說明具體遇到的問題。

建議在安全模式下嘗試刪除

下載老九 WinPE 最終修改版
http://laomaotao.u.winzheng.com/

用虛擬光碟載入BootCD.ISO 或者直接用WinRAR解壓縮。執行 WINPE安裝 資料夾中的可執行程式 安裝.EXE。直接按照提示操作即可。


重啟電腦,進入WinPE 工具箱,在WinPE環境下刪除C硬碟中存在的木馬、病毒文件。注意文件的路徑,別把系統文件誤刪了

psac 2006-09-22 12:27 PM

Q:
【求助】老大,我電腦裡有不明飛行物(有DOS視窗不斷跳出又立即消失),995那可憐的電腦啊!!

我只是打開一個瀏覽器,以下是掃瞄結果:



2006-09-20,20:25:45

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<caishowmanage><C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE> []
<Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<rx><C:\WINDOWS\system32\explore.exe> []
<wow><C:\WINDOWS\system32\Launcher.exe> []
<zz><C:\WINDOWS\system32\intenet.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<nwiz><nwiz.exe /install> []
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
<stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe> [Tencent]
<DesktopMemo><"C:\Program Files\DeskMemo\Deskmemo.exe"> []
<Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe> []
<CnsMin><8V?> []
<Torjan Program><C:\WINDOWS\WINLOGON.EXE> [wa1vTRVHCVJwSh8Xf92t]
<ToP><C:\WINDOWS\LSASS.exe> []
<softbox><C:\WINDOWS\system32\softbox.exe> [bcnet]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> []
<RichMedia><C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows> [Shanghai Henbang Technology Co., Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<kokv><C:\WINDOWS\system32\019i8e1.exe> []
<Alexa><C:\WINDOWS\system32\qproecss.exe> []
<Ver><2006.07.20> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe 1> []
<Userinit><userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<DelayRun><C:\WINDOWS\019d8e10.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> []
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> []
<StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []

==================================

啟動資料夾
[IE-Bar]
<C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\IE-Bar.lnk><N>

==================================
服務
[Performance Moniter / MOBILL]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL,Export 1087><N/A>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Corporation Limited>
[Rising Process Communication Center / RsCCenter]
<C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SVCHAST / SystemInspect]
<C:\Program Files\SystemInspect\SVCHAST.exe><N/A>


瀏覽器載入項
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v13.dll, Thunder Networking Technologies,LTD>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5025.dll, N/A>
[Adobe-Plugins Manager]
{2AFA7CEC-26D9-4256-AF57-497A13180BA5} <C:\WINDOWS\System32\Agm.dll, AdoBeSoft Co.>
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, yahoo! china>
[CaiShowBH Class]
{3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>>
[]
{3D898C55-74CC-4B7C-B5F1-45913F368388} <C:\PROGRA~1\SYSTEM~1\SYSTEM~1.DLL, N/A>
[raObject Class]
{46F194EB-B7DB-4B7A-BD42-5FF39FD17664} <C:\PROGRA~1\pcast\hbcast.dll, Shanghai Henbang Technology Co., Ltd>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <F:\應用軟件\聊天軟件\QQ2006BETA2SP1 雙顯IP版\azcx\Tencent\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[NetAccelerate Class]
{5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\wuwebex.dll, Microsoft Corporation>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[]
{669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\ssup.dll, TENCENT>
[CpapView Class]
{77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\Rundl132.dll, N/A>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Schedule Class]
{8B316DA1-9950-4926-B9EA-1AEC124AFA45} <C:\WINDOWS\system32\sscli.dll, >
[]
{958E3537-7E8D-4B4F-BF80-A39E6FEEF27B} <C:\WINDOWS\system32\Dgit.dll, N/A>
[perfdp]
{995FF616-7583-4D6B-9675-EED24EDC93BB} <C:\WINDOWS\system32\perfidp.dll, >
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[]
{9C082F6C-91E4-4FC4-9280-186674ACCF83} <C:\WINDOWS\system32\Jkpl.dll, N/A>
[Spoolsv Class]
{9C363D55-07D7-433d-A13E-D9C105202F6F} <C:\WINDOWS\system32\drivers\spoolsv.dll, >
[DDOC]
{A64E86D2-203D-4145-AA9B-2425BAF568E9} <C:\WINDOWS\system32\henroer.dll, >
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Macromedia. Flash8 Object]
{C61A70F3-505E-4B90-916F-627A8706B4BC} <c:\WINDOWS\system32\FlashPlayer8OCX.dll, N/A>
[QuickBtn]
{D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} <C:\Program Files\kuzhan\kuzhan.dll, Fengcent>
[51響導]
{D271A289-57EB-4D0E-9131-A0CD25D4D1F8} <C:\WINDOWS\system32\browsewmzero.dll, N/A>
[Windows ToyClass]
{E3DB85B5-C559-4894-B474-42E89FAA1EFD} <C:\WINDOWS\system32\wlbs.dll, N/A>
[BHelper Class]
{F2E37336-BFDB-409B-8D0E-6F013C438B20} <C:\WINDOWS\system\019o8e11.dll, N/A>
[XBTP01967 Class]
{F3E19DD9-6D5B-4867-A057-1EFFFC62322E} <C:\WINDOWS\Temp\tbu1A\Toolbar.dll, N/A>
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll, Yahoo! China>
[啟動迅雷]
{0062C9BD-B349-40DE-91A0-755F37ACD559} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[QuickBtn]
{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\kuzhan\kuzhan.dll, Fengcent>
[上網助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://assistant.3721.com/index.htm, N/A>
[手機短信]
{5DA5CC16-90A8-4c78-AB5E-596BAEDD1289} <http://sms.3721.com/ie/index.htm, N/A>
[微軟]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.microsoft.com/china/index.htm, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\QQ2005\QQ.EXE, N/A>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <F:\應用軟件\聊天軟件\QQ2006BETA2SP1 雙顯IP版\azcx\Tencent\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Yahoo! Messenger]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <F:\應用軟件\聊天軟件\雅虎通\安裝程式\Messenger\YahooMessenger.exe, Yahoo! Inc.>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://assistant.3721.com/security1.htm, N/A>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://assistant.3721.com/clean1.htm, N/A>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[TT33定向搜索]
{D940F380-49C7-4A05-9E33-53930AF5768F} <C:\WINDOWS\Temp\tbu1A\Toolbar.dll, N/A>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, yahoo! china>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft? Corporation>
[WebActivater Control]
{3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\system32\WEBACT~1.OCX, QQ>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v13.dll, Thunder Networking Technologies,LTD>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[IEMonitor Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\Program Files\DeskAdTop\deskipn.dll, N/A>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5025.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Adobe-Plugins Manager]
{2AFA7CEC-26D9-4256-AF57-497A13180BA5} <C:\WINDOWS\System32\Agm.dll, AdoBeSoft Co.>
[Yahoo!Photo]
{33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, yahoo! china>
[CaiShowBH Class]
{3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>>
[]
{3D898C55-74CC-4B7C-B5F1-45913F368388} <C:\PROGRA~1\SYSTEM~1\SYSTEM~1.DLL, N/A>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, yahoo! china>
[raObject Class]
{46F194EB-B7DB-4B7A-BD42-5FF39FD17664} <C:\PROGRA~1\pcast\hbcast.dll, Shanghai Henbang Technology Co., Ltd>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <F:\應用軟件\聊天軟件\QQ2006BETA2SP1 雙顯IP版\azcx\Tencent\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[NetAccelerate Class]
{5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\wuwebex.dll, Microsoft Corporation>
[Yahoo!Live]
{57421194-58FB-49AE-9B4F-FD48869B9AD4} <C:\Program Files\Yahoo!\Assistant\yaLive.dll, yahoo! china>
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[]
{669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\ssup.dll, TENCENT>
[CpapView Class]
{77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\Rundl132.dll, N/A>
[Microsoft Web 瀏覽器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Schedule Class]
{8B316DA1-9950-4926-B9EA-1AEC124AFA45} <C:\WINDOWS\system32\sscli.dll, >
[]
{958E3537-7E8D-4B4F-BF80-A39E6FEEF27B} <C:\WINDOWS\system32\Dgit.dll, N/A>
[perfdp]
{995FF616-7583-4D6B-9675-EED24EDC93BB} <C:\WINDOWS\system32\perfidp.dll, >
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[]
{9C082F6C-91E4-4FC4-9280-186674ACCF83} <C:\WINDOWS\system32\Jkpl.dll, N/A>
[Spoolsv Class]
{9C363D55-07D7-433D-A13E-D9C105202F6F} <C:\WINDOWS\system32\drivers\spoolsv.dll, >
[DDOC]
{A64E86D2-203D-4145-AA9B-2425BAF568E9} <C:\WINDOWS\system32\henroer.dll, >
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Macromedia. Flash8 Object]
{C61A70F3-505E-4B90-916F-627A8706B4BC} <c:\WINDOWS\system32\FlashPlayer8OCX.dll, N/A>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[QuickBtn]
{D1BB7CF4-4463-4E91-88D7-ECC3CE0A13B7} <C:\Program Files\kuzhan\kuzhan.dll, Fengcent>
[51響導]
{D271A289-57EB-4D0E-9131-A0CD25D4D1F8} <C:\WINDOWS\system32\browsewmzero.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[TT33定向搜索]
{D940F380-49C7-4A05-9E33-53930AF5768F} <C:\WINDOWS\Temp\tbu1A\Toolbar.dll, N/A>
[Windows ToyClass]
{E3DB85B5-C559-4894-B474-42E89FAA1EFD} <C:\WINDOWS\system32\wlbs.dll, N/A>
[Messenger Class]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <, N/A>
[BHelper Class]
{F2E37336-BFDB-409B-8D0E-6F013C438B20} <C:\WINDOWS\system\019o8e11.dll, N/A>
[XBTP01967 Class]
{F3E19DD9-6D5B-4867-A057-1EFFFC62322E} <C:\WINDOWS\Temp\tbu1A\Toolbar.dll, N/A>
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll, Yahoo! China>
[&使用迅雷下載]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下載全部鏈接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[Google 搜索(&G)]
<res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
[上傳到QQ網路硬碟]
<C:\Program Files\QQ2005\AddToNetDisk.htm, N/A>
[使用影音傳送帶下載]
<C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音傳送帶下載全部鏈接]
<C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>
[反向鏈接]
<res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[新增到QQ自定義面板]
<C:\Program Files\QQ2005\AddPanel.htm, N/A>
[新增到QQ表情]
<C:\Program Files\QQ2005\AddEmotion.htm, N/A>
[新增到雅虎訂閱(&Y)]
<res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT, N/A>
[用QQ彩信發送該圖片]
<C:\Program Files\QQ2005\SendMMS.htm, N/A>
[用比特精靈下載(&B)]
<F:\應用軟件\下載工具\比特精靈 v3.0.0.087 穩定版\azcx\BitSpirit\bsurl.htm, N/A>
[用炫彩圖鈴發送該圖片]
<C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm, N/A>
[類似網頁]
<res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html, N/A>
[快取記憶體的網頁快照]
<res://c:\program files\google\GoogleToolbar2.dll/cmcache.html, N/A>
[翻譯英文字詞(&T)]
<res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html, N/A>
[雅虎搜索]
<res://C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll/203, N/A>

==================================

正在运行的进程
[PID: 568][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 620][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 644][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 688][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 700][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 856][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 920][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[PID: 1060][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[PID: 1144][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1268][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1692][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1828][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5, 1, 0, 48>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[PID: 1904][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[PID: 1920][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3427>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[PID: 1984][C:\Program Files\DeskMemo\Deskmemo.exe] <><1, 0, 0, 1>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[PID: 132][C:\WINDOWS\system32\SVOHOST.exe] <N/A><N/A>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020>
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[PID: 472][C:\WINDOWS\WINLOGON.EXE] <wa1vTRVHCVJwSh8Xf92t><0.00.0109>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[PID: 1180][C:\WINDOWS\system32\softbox.exe] <bcnet><1.00>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[PID: 1868][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\pcast\hbcast.dll] <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 8>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020>
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015>
[PID: 332][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020>
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015>
[PID: 1260][C:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\DOCUME~1\new\TEMPLA~1\ba3e3f5\1.dll] <千橡互联><3, 0, 2, 0>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\DOCUME~1\new\TEMPLA~1\ba3e3f5\3.dll] <千橡互联><3, 0, 2, 8>
[C:\DOCUME~1\new\TEMPLA~1\ba3e3f5\4.dll] <千橡互联><3, 0, 2, 8>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020>
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015>
[PID: 588][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[c:\WINDOWS\system32\urlmons32.dll] <N/A><N/A>
[PID: 612][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 592][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1544][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.8195>
[PID: 1936][C:\Program Files\SystemInspect\SVCHAST.exe] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[PID: 864][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1552][C:\WINDOWS\system32\wscntfy.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[PID: 1640][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[PID: 3876][c:\windows\system32\inetsrv\csrss.exe] <Microsoft><1.0.0.0>
[PID: 2772][C:\Program Files\ChinaNet\VnetClient.exe] <><2005, 11, 14, 1>
[C:\Program Files\ChinaNet\Communicate.dll] <0><2005, 3, 3, 1>
[C:\Program Files\ChinaNet\DialModule.dll] <GDCN><2006, 6, 26, 1>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1>
[C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX] <><2005, 7, 27, 1>
[C:\PROGRA~1\ChinaNet\sign.dll] <0><2004, 12, 1, 1>
[C:\PROGRA~1\ChinaNet\WEBPLU~1.DLL] <><2005, 8, 18, 1>
[C:\PROGRA~1\ChinaNet\PostPlug.dll] <><2004, 12, 16, 2>
[C:\PROGRA~1\ChinaNet\ADVERT~1.OCX] <><2005, 10, 13, 1>
[C:\PROGRA~1\ChinaNet\Gif89a.dll] <><2005, 6, 21, 1>
[C:\PROGRA~1\ChinaNet\VnetBs.ocx] <><2004, 11, 18, 1>
[C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL] <><2005, 11, 14, 1>
[C:\PROGRA~1\ChinaNet\AccountMgr.dll] <><2005, 11, 14, 17>
[C:\PROGRA~1\ChinaNet\VnetSkin.ocx] <GDDC><2005, 11, 14, 1>
[C:\PROGRA~1\ChinaNet\DialogStyle.dll] <><1, 0, 0, 1>
[C:\PROGRA~1\ChinaNet\Timer.ocx] <><2005, 10, 9, 14>
[C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX] <><2005, 2, 24, 1>
[C:\PROGRA~1\ChinaNet\NEWMES~1.DLL] <><2005, 8, 26, 1>
[C:\PROGRA~1\ChinaNet\PassCtrl.dll] <><1, 0, 0, 1>
[C:\PROGRA~1\ChinaNet\PlugPush.dll] <><2004, 12, 21, 1>
[C:\PROGRA~1\ChinaNet\ALLINT~1.DLL] <><2004, 11, 23, 1>
[C:\PROGRA~1\ChinaNet\VNetLog.ocx] <><2005, 10, 9, 1>
[C:\PROGRA~1\ChinaNet\StatNum.dll] <><2004, 11, 18, 1>
[C:\PROGRA~1\ChinaNet\VNETON~1.OCX] <><2005, 3, 2, 1>
[C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL] <GDCN><2005, 11, 1, 17>
[C:\PROGRA~1\ChinaNet\VnetOptLog.dll] <><2005, 9, 13, 9>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\PROGRA~1\ChinaNet\DlgSkin.ocx] <><2005, 11, 14, 1>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020>
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015>
[PID: 3364][F:\网络浏览及播放器\网络及电视浏览器\Maxthon v1.1.090 增强版\azcx\Maxthon\Maxthon.exe] <MY Soft Technology><1, 1, 0, 90>
[F:\网络浏览及播放器\网络及电视浏览器\Maxthon v1.1.090 增强版\azcx\Maxthon\zlib.dll] <N/A><N/A>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020>
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015>
[F:\网络浏览及播放器\网络及电视浏览器\Maxthon v1.1.090 增强版\azcx\Maxthon\Plugin\FloatBar\FloatBar.dll] <><1, 8, 0, 0>
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[F:\网络浏览及播放器\网络及电视浏览器\Maxthon v1.1.090 增强版\azcx\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 3424][C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe] <Yahoo! China><3, 0, 9, 1015>
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll] <yahoo! china><3, 3, 5, 1086>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] <Yahoo! China><3, 0, 1, 1010>
[C:\Program Files\Yahoo!\Assistant\yNotifier.dll] <yahoo! china><3, 0, 0, 1000>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[PID: 3580][C:\PROGRA~1\PPRich\MINIPP~1.EXE] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[PID: 4040][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\xunleibho_v13.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 48>
[C:\Program Files\TENCENT\Adplus\SSAddr.dll] <Tencent><4, 2, 4, 43>
[C:\WINDOWS\System32\Agm.dll] <AdoBeSoft Co.><4, 4, 26, 1>
[C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll] <Yahoo! China><3, 0, 4, 1006>
[C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll] <yahoo! china><3, 0, 2, 1003>
[C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll] <TODO: <公司名>><1.0.0.1>
[C:\PROGRA~1\SYSTEM~1\SYSTEM~1.DLL] <N/A><N/A>
[C:\PROGRA~1\pcast\hbcast.dll] <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 8>
[c:\PROGRA~1\chinanet\VNETTR~1.DLL] <><2005, 4, 6, 1>
[c:\PROGRA~1\chinanet\Communicate.dll] <0><2005, 3, 3, 1>
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1>
[F:\应用软件\聊天软件\QQ2006BETA2SP1 双显IP版\azcx\Tencent\QQIEHelper.dll] <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] <yahoo! china><3, 0, 1, 1001>
[C:\WINDOWS\system32\ssup.dll] <TENCENT><4, 2, 4, 43>
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[C:\WINDOWS\system32\sscli.dll] <><5, 0, 2195, 6696>
[C:\WINDOWS\system32\Dgit.dll] <N/A><N/A>
[C:\WINDOWS\system32\perfidp.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[C:\WINDOWS\system32\Jkpl.dll] <N/A><N/A>
[C:\WINDOWS\system32\drivers\spoolsv.dll] <><1, 0, 1, 1>
[C:\WINDOWS\system32\henroer.dll] <><1, 0, 0, 1>
[c:\program files\google\googletoolbar2.dll] <Google Inc.><3, 0, 131, 0>
[c:\WINDOWS\system32\FlashPlayer8OCX.dll] <N/A><N/A>
[C:\Program Files\kuzhan\kuzhan.dll] <Fengcent><1, 0, 0, 2>
[C:\WINDOWS\system\019o8e11.dll] <N/A><N/A>
[C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll] <Yahoo! China><3, 0, 9, 1014>
[C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll] <yahoo! china><3, 1, 2, 1057>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ysearch.dll] <Yahoo! China><3, 0, 5, 1005>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasnoad.dll] <yahoo! china><3, 0, 2, 1004>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yzsNetProto.dll] <Yahoo! China><3, 0, 0, 1000>
[C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll] <Yahoo! China><3, 0, 1, 1001>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yaswiper.dll] <Yahoo! China><3, 0, 2, 1002>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasiesec.dll] <Yahoo! China><3, 0, 3, 1003>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YSETTI~1.DLL] <yahoo! china><3, 0, 5, 1010>
[C:\Program Files\Yahoo!\Assistant\Assist\ymailp.dll] <Yahoo! China><3.0.0.1006>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[c:\WINDOWS\system32\urlmons32.dll] <N/A><N/A>
[PID: 3480][C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 4084][c:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Corporation Limited><3, 1, 0, 36>
[c:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Corporation Limited><3, 0, 1, 5>
[c:\program files\rising\rfw\rfwrule.dll] <Beijing Rising Technology Corporation Limited><3, 1, 0, 0>
[c:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Corporation Limited><3, 1, 0, 2>
[PID: 2936][F:\系统安全\System Repair Engineer\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020>
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[PID: 2216][C:\WINDOWS\Explorer.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020>
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
對了,電腦出問題後跳出視窗原來也有,不過它把殺毒軟件關閉後就沒有了,今天我用服務把殺毒打開後就不斷跳出來,影響在電腦上進行的一切活動。





A:



1.
江民發佈「落雪」(GamePass)木馬專殺1.1
http://www.jiangmin.com/download/TrojanKiller.rar
由C.I.S.R.T. 幸福的獅子編寫的「落雪」木馬專殺工具
http://www.cisrt.org/avtools/MiscKiller.rar


2.再次執行 System Repair Engineer 在「啟動專案」->「註冊表」中刪除下面專案
<Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe> []
<rx><C:\WINDOWS\system32\explore.exe> []
<wow><C:\WINDOWS\system32\Launcher.exe> []
<zz><C:\WINDOWS\system32\intenet.exe> []
<Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe> []
<CnsMin><8V?> []
<Torjan Program><C:\WINDOWS\WINLOGON.EXE> [wa1vTRVHCVJwSh8Xf92t]
<ToP><C:\WINDOWS\LSASS.exe> []
<softbox><C:\WINDOWS\system32\softbox.exe> [bcnet]
<kokv><C:\WINDOWS\system32\019i8e1.exe> []
<Alexa><C:\WINDOWS\system32\qproecss.exe> []
<Ver><2006.07.20> []
<DelayRun><C:\WINDOWS\019d8e10.dll> []



再次執行 System Repair Engineer 在"啟動專案->服務->"Win32服務應用程式"選中"隱藏微軟服務" 然後將下面名稱的服務
[Performance Moniter / MOBILL]
[SVCHAST / SystemInspect]
"修改啟動類型"->"disable"->"設置"
"刪除服務"->"設置"->"否" (注意: 按"否"是確認刪除服務,按"是"為取消操作)



3.重啟電腦,顯示所有文件和資料夾(隱含及系統保護)
打開「我的電腦-->工具-->資料夾選項-->檢視

去掉下面選項前面的鉤
「隱藏受保護系統文件(推薦)」
「隱藏已知文件類型的延伸名」
選中顯示所有文件和資料夾-->儲存設置

刪除下面文件


Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe
C:\WINDOWS\system32\explore.exe
C:\WINDOWS\system32\Launcher.exe
C:\WINDOWS\system32\intenet.exe
C:\WINDOWS\WINLOGON.EXE
C:\WINDOWS\LSASS.exe
C:\WINDOWS\system32\softbox.ex
C:\WINDOWS\system32\019i8e1.exe
C:\WINDOWS\system32\qproecss.exe
C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL
C:\Program Files\SystemInspect\SVCHAST.exe
C:\WINDOWS\019d8e10.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5025.dll



4.下載Dr.Web CureIT! 免費掃瞄器,包含最新病毒庫,可以檢測清除病毒、木馬、後門、流氓惡意軟件,不和已裝殺毒軟件衝突
直接下載位址: ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
自解壓格式,下載後直接執行cureit.exe,或者滑鼠右鍵,解壓到目標資料夾,然後執行該資料夾裡面的「_start.exe」殺毒
先按「確定」進行「Start Express Scan」快速殺毒,先會自動掃瞄記憶體工作行程和啟動項,等快速掃瞄結束後,再用滑鼠左鍵選中硬碟分區的圖示,被選中的分區上會出現紅點標記,再次殺毒.Dr.Web界面左下角的5個按鍵分別是"全選" "清除" "重命名" "隔離" "刪除".可以先把殺毒報告發上來等待確認後再進行操作,或者Select all(全選) Cure ->Move incurable(將清除失敗的文件移動到隔離區)
最後把殺毒報告發上來,從"我的電腦"打開 %USERPROFILE%\DoctorWeb\ 打開下面文件CureIt.log複製其中內容到帖子裡

Dr.Web 使用圖解



Q:


已經按照以上執行,不過在執行「刪除下面文件」的過程中出現下面問題:


Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe(成功刪除)
C:\WINDOWS\system32\explore.exe「沒有找到文件」
C:\WINDOWS\system32\Launcher.exe「沒有找到文件」
C:\WINDOWS\system32\intenet.exe「沒有找到文件」
C:\WINDOWS\WINLOGON.EXE「沒有找到文件」
C:\WINDOWS\LSASS.exe「沒有找到文件」
C:\WINDOWS\system32\softbox.ex(成功刪除)
C:\WINDOWS\system32\019i8e1.exe「沒有找到文件」
C:\WINDOWS\system32\qproecss.exe(刪除後3秒又出現)
C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL「沒有找到文件」
C:\Program Files\SystemInspect\SVCHAST.exe「沒有找到文件」
C:\WINDOWS\019d8e10.dll「沒有找到文件」
C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5025.dll「沒有找到文件」

最後結果:沒有解決任何問題,暈死了
對了,在安全模式下殺出22種381個病毒,不過今天殺明天又出來.





A:


><C:\WINDOWS\system32\019i8e1.exe> []
這個文件肯定是病毒,你在帶命令提示字元的安全模式下,把系統受保護的文件都打開,或者查找,刪除掉~

Q:



可我找不到這個文件呀,為什麼?C:\WINDOWS\system32\019i8e1.exe> []

A:


顯示所有文件和資料夾(隱含及系統保護) 了嗎?

把Dr.Web的殺毒報告發上來

psac 2006-09-22 12:31 PM

Q:

求助】先是報錯user.dll文件丟失~~後來有朋友說是中毒了~~~特來求救~~謝謝了~~

開機後就出現了這個提示,系統還算能正常執行~~


可是打開QQ交談視窗的時候出現了這個提示~~

http://bbs.crsky.com/1128632305/Mon_0609/64_164278_63b4bf1a1b5772d.jpg
http://bbs.crsky.com/1128632305/Mon_0609/64_164278_c14e188755041f7.jpg

為什麼會這樣~?~?應該如何解決呢~?~?~
向壇友求助~~~謝謝大家啦~~~ 附上 hijackthis的掃瞄文檔



Logfile of HijackThis v1.99.1
Scan saved at 11:52:43, on 2006-9-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\download\ACDSee\ACDSee.exe
E:\系統工具\檢測系統工具\HijackThis\HijackThis.exe

O1 - Hosts: 125.91.1.20 localhost
O1 - Hosts: 125.91.1.20 www.7939.com
O1 - Hosts: 125.91.1.20 www.hao123.com
O1 - Hosts: 125.91.1.20 www.9991.com
O1 - Hosts: 125.91.1.20 www.5566.net
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 125.91.1.20 www.265.com
O1 - Hosts: 125.91.1.20 www.v111.com
O2 - BHO: (no name) - {4BBC1A4D-DD20-4980-A645-2E13F6FC286D} - C:\WINDOWS\system32\3721.1.dll (file missing)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\QQ\QQIEHelper.dll
O2 - BHO: 超級兔子上網精靈 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - D:\PROGRA~1\MagicSet\haokanbar.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX
O3 - Toolbar: 超級兔子上網精靈 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - D:\PROGRA~1\MagicSet\haokanbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] ; nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] ; RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE QQ-EYE PC Camera
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [rundll] rundll32 user.dll s
O4 - HKLM\..\Run: [Super Rabbit SRRestore] D:\Program Files\MagicSet\srrest.exe /autosave
O4 - HKCU\..\Run: [bgswitch] ; C:\WINDOWS\system32\bgswitch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: 卡巴斯基駭客防護程式.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O8 - Extra context menu item: &使用迅雷下載 - D:\Program Files\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下載全部鏈接 - D:\Program Files\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上傳到QQ網路硬碟 - D:\Program Files\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 匯出到 Microsoft Office Excel(&X) - res://E:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 新增到QQ自定義面板 - D:\Program Files\QQ\AddPanel.htm
O8 - Extra context menu item: 新增到QQ表情 - D:\Program Files\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信發送該圖片 - D:\Program Files\QQ\SendMMS.htm
O9 - Extra button: 浩方對戰平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\浩方對戰平台\GameClient.exe (file missing)
O9 - Extra button: 番茄花園 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具條設置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {045ADB92-9635-45CE-B25B-F19F825B0E39} (MSTPlayerInstaller Control) - http://www.aim99.com/QHPlayer/chs/MS...rInstaller.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DC1D374-01B7-44F6-B834-4A990F5BBE42}: NameServer = 202.100.192.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{0DC1D374-01B7-44F6-B834-4A990F5BBE42}: NameServer = 202.100.192.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{0DC1D374-01B7-44F6-B834-4A990F5BBE42}: NameServer = 202.100.192.68
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: host Service For Windows (mshost) - Unknown owner - C:\WINDOWS\mshost.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe




再附上SREng2的掃瞄~~~
2006-09-21,12:10:16

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<bgswitch><; C:\WINDOWS\system32\bgswitch.exe> []
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><; nwiz.exe /install> []
<NvMediaCenter><; RunDLL32.exe NvMCTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize> [Kaspersky Lab]
<BigDogPath><C:\WINDOWS\VM_STI.EXE QQ-EYE PC Camera> []
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> []
<rundll><rundll32 user.dll s> []
<Super Rabbit SRRestore><D:\Program Files\MagicSet\srrest.exe /autosave> [Super Rabbit Soft]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{7AED4686-F3AB-44EC-A118-D70ADF6CCE21}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat> []

==================================
啟動資料夾
[卡巴斯基駭客防護程式]
<C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\卡巴斯基駭客防護程式.lnk><N>
[CoreCenter]
<C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\CoreCenter.lnk><N>

==================================
服務
[Crypkey License / Crypkey License]
<crypserv.exe><Kenonic Controls Ltd.>
[kavsvc / kavsvc]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[host Service For Windows / mshost]
<C:\WINDOWS\mshost.exe><N/A>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
瀏覽器載入項
[]
{4BBC1A4D-DD20-4980-A645-2E13F6FC286D} <C:\WINDOWS\system32\3721.1.dll, N/A>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[超級兔子上網精靈]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\PROGRA~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX, N/A>
[浩方對戰平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <C:\Program Files\浩方對戰平台\GameClient.exe, N/A>
[番茄花園]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[超級兔子上網精靈]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\PROGRA~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
[MSTPlayerInstaller Control]
{045ADB92-9635-45CE-B25B-F19F825B0E39} <C:\WINDOWS\DOWNLO~1\MSTPLA~1.OCX, Liztech Co., Ltd>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[超級兔子上網精靈]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\PROGRA~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
[]
{4BBC1A4D-DD20-4980-A645-2E13F6FC286D} <C:\WINDOWS\system32\3721.1.dll, N/A>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[超級兔子上網精靈]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\PROGRA~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Microsoft Web 瀏覽器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[&使用迅雷下載]
<D:\Program Files\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下載全部鏈接]
<D:\Program Files\Thunder\Program\GetAllUrl.htm, N/A>
[上傳到QQ網路硬碟]
<D:\Program Files\QQ\AddToNetDisk.htm, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://E:\OFFICE~1\OFFICE11\EXCEL.EXE/3000, N/A>
[新增到QQ自定義面板]
<D:\Program Files\QQ\AddPanel.htm, N/A>
[新增到QQ表情]
<D:\Program Files\QQ\AddEmotion.htm, N/A>
[用QQ彩信發送該圖片]
<D:\Program Files\QQ\SendMMS.htm, N/A>

==================================
正在執行的工作行程
[PID: 636][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 696][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 720][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 764][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 776][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 940][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1004][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1104][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1144][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1212][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1460][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp.050610-1527)>
[PID: 1688][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[C:\WINDOWS\system32\mp3infp.dll] <win32lab.com><2.52.6.0>
[C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.9133>
[C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.9133>
[C:\WINDOWS\system32\nvshell.dll] <N/A><N/A>
[D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1>
[F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX] <N/A><N/A>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.227.1>
[PID: 1776][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5, 1, 0, 52>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[PID: 1784][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3512>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[PID: 1804][C:\WINDOWS\VM_STI.EXE] <VM.><4.2.610.4>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[PID: 1852][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[PID: 1864][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe] <Kaspersky Labs><1.7.0.130>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\BCGCB59.dll] <BCGSoft Ltd><5, 84, 0, 0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\perfiloc.dll] <Kaspersky Labs><1.5.0.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\BCGCBRes.dll] <BCGSoft Ltd><5, 84, 0, 0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\wcswmi.dll] <Kaspersky Labs><5.0.201.1>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[E:\系統工具\SPX\engine.dll] <N/A><N/A>
[PID: 1876][C:\Program Files\MSI\Core Center\CoreCenter.exe] <><1, 6, 6, 0>
[C:\Program Files\MSI\Core Center\GLM7X.dll] <MICRO-STAR INT'L CO., LTD.><3, 0, 0, 0>
[C:\Program Files\MSI\Core Center\RushTop.dll] <N/A><N/A>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[PID: 1948][C:\WINDOWS\system32\crypserv.exe] <Kenonic Controls Ltd.><5.4.0>
[PID: 2028][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.9133>
[PID: 1360][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2520][C:\WINDOWS\system32\taskmgr.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[PID: 3352][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3528][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[D:\PROGRA~1\MagicSet\haokanbar.dll] <Xiang Feng Technology><2, 2, 0, 1612>
[D:\Program Files\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5>
[D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1>
[F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX] <N/A><N/A>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.227.342>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.227.3>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.227.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.227.0>
[C:\WINDOWS\system32\UNISPIM5.IME] <北京紫光華宇軟件股份有限公司><5.0.0.5076>
[C:\WINDOWS\system32\mp3infp.dll] <win32lab.com><2.52.6.0>
[PID: 4064][F:\download\千千靜聽\TTPlayer.exe] <Alen Soft><4, 6, 8, 0>
[F:\download\千千靜聽\ttpcomm.dll] <N/A><N/A>
[F:\download\千千靜聽\ttpres.dll] <Alen Soft><4, 6, 8, 0>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[PID: 2428][E:\系統工具\檢測系統工具\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================



A:
O1 - Hosts: 125.91.1.20 www.7939.com
O1 - Hosts: 125.91.1.20 www.hao123.com
O1 - Hosts: 125.91.1.20 www.9991.com
O1 - Hosts: 125.91.1.20 www.5566.net
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 125.91.1.20 www.265.com
O1 - Hosts: 125.91.1.20 www.v111.com
O16 - DPF: {045ADB92-9635-45CE-B25B-F19F825B0E39} (MSTPlayerInstaller Control) - http://www.aim99.com/QHPlayer/chs/MSTPlayerInstaller.ocx
清除以上條目

交談視窗的解決:點開始--執行-輸入Msconfig-點確定--啟動項裡留輸入法和殺毒軟件就行了。



Q:

謝謝這位朋友~~~~
我已經用hijackthis修復這些了~~~~~
你說的啟動項,我有這些啟動項:

http://bbs.crsky.com/1128632305/Mon_0609/64_164278_ec8066eb37807aa.jpg


http://bbs.crsky.com/1128632305/Mon_0609/64_164278_de417965821cde4.jpg

除了我知道的殺軟、CPU溫度監控軟件、超級兔子的備份程式還有一個音效卡管理程式我都要關閉嗎~??~





A:
關閉所有應用程式和瀏覽器視窗,執行HijackThis,在主界面中需要修復/刪除的專案前面的正方形裡用滑鼠點擊打勾,接著按下「修復選項/Fix Checked」按鍵。會有一個安全提示,點擊「Yes」讓它繼續

O1 - Hosts: 125.91.1.20 localhost
O1 - Hosts: 125.91.1.20 www.7939.com
O1 - Hosts: 125.91.1.20 www.hao123.com
O1 - Hosts: 125.91.1.20 www.9991.com
O1 - Hosts: 125.91.1.20 www.5566.net
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 125.91.1.20 www.265.com
O1 - Hosts: 125.91.1.20 www.v111.com
O2 - BHO: (no name) - {4BBC1A4D-DD20-4980-A645-2E13F6FC286D} - C:\WINDOWS\system32\3721.1.dll (file missing)
O4 - HKLM\..\Run: [rundll] rundll32 user.dll s


再次執行 System Repair Engineer 在「啟動專案」->「註冊表」中刪除下面專案

<{7AED4686-F3AB-44EC-A118-D70ADF6CCE21}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat> []


重啟電腦,顯示所有文件和資料夾(隱含及系統保護)
打開「我的電腦-->工具-->資料夾選項-->檢視

去掉下面選項前面的鉤
「隱藏受保護系統文件(推薦)」
「隱藏已知文件類型的延伸名」
選中顯示所有文件和資料夾-->儲存設置

刪除下面文件
C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat

就用 System Repair Engineer 清一下註冊表~

A:


所有時間均為台北時間。現在的時間是 02:10 AM

Powered by vBulletin® 版本 3.6.8
版權所有 ©2000 - 2024, Jelsoft Enterprises Ltd.

『服務條款』

* 有問題不知道該怎麼解決嗎?請聯絡本站的系統管理員 *


SEO by vBSEO 3.6.1