瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 斑竹,高手请教了··碰到难缠的了
810626 - 2005-11-13 20:41:00
小弟今IE中标了(QQ大盗也中了一个(··没当回事,找了几个修复软件装上,杀了被改的主页,以为没事了··谁想到,IE收藏夹里多了个有毒的网站连接,我用右键想去直接删除,但只要右键一点,就显示Explorer该程序执行了非法操作,即将关闭。看来注册表给该了··不让删。气人啊。这该怎么办才好啊
飞跃迷离 - 2005-11-13 20:48:00
建议您下载并使用HijackThis1.99.1

HijackThis下载地址请参考:
【必读】本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

HijackThis的使用方法-----请参考--瑞星HijackThis专题
http://it.rising.com.cn/newSite/Channels/anti_virus/Antivirus_Faq/TopicExplorerPagePackage/hijackthis.htm

运行HijackThis,先点[扫描]或[Scan]按钮,扫描完成后,[扫描]或[Scan]按钮会变为[保存Log]或[Save Log]按钮,点击它,LOG将会在记事本中显示,再从记事本里复制/粘贴到贴子里。
如果LOG比较长,一贴发不完,你可以分成几个部分发在回贴里。
810626 - 2005-11-13 22:01:00
StartupList report, 05-11-13, 21:59:00
StartupList version: 1.52
Started from : E:\123\HIJACKTHIS.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\RISING\RAV\RAVTIMER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\北京通信\宽带E线—ADSL\APP\ENTERNET.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
E:\123\HIJACKTHIS.EXE

--------------------------------------------------
810626 - 2005-11-13 22:02:00
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = scanregw.exe/autorun
helper.dll = C:\WINDOWS\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
internat.exe = internat.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
LoadQM = loadqm.exe
RavTimer = C:\PROGRAM FILES\RISING\RAV\RavTimer.exe
SystemTray = SysTray.Exe
TaskMonitor = C:\WINDOWS\taskmon.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

[MmoptPreferredAudioDevices] *
StubPath = rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,@0,SMODEMWAVE\______________\ROOT&MDMGEN&COM1

[PerUser_LinkBar_URLs] *
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exeadvpack.dll

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------
810626 - 2005-11-13 22:03:00
C:\WINDOWS\WININIT.INI listing:
(Created 13/11/2005, 19:52:16)

[Rename]
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.FWC=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.COM
NUL=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.COM
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.FWD=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.DLL
NUL=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.FWE=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.EXE
NUL=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.FWL=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.LIB
NUL=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.LIB
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.FWO=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.OCX
NUL=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.OCX
C:\WINDOWS\1.FWC=C:\WINDOWS\1.COM
NUL=C:\WINDOWS\1.COM
C:\WINDOWS\1.FWD=C:\WINDOWS\1.DLL
NUL=C:\WINDOWS\1.DLL
C:\WINDOWS\1.FWE=C:\WINDOWS\1.EXE
NUL=C:\WINDOWS\1.EXE
C:\WINDOWS\1.FWL=C:\WINDOWS\1.LIB
NUL=C:\WINDOWS\1.LIB
C:\WINDOWS\1.FWO=C:\WINDOWS\1.OCX
NUL=C:\WINDOWS\1.OCX
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.FWC=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.COM
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.COM
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.FWD=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.DLL
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.DLL
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.FWE=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.EXE
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.FWL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.LIB
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.LIB
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.FWO=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.OCX
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.OCX
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.FWC=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.COM
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.COM
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.FWD=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.DLL
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.DLL
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.FWE=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.EXE
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.FWL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.LIB
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.LIB
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.FWO=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.OCX
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.OCX
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.FWC=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.COM
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.COM
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.FWD=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.DLL
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.DLL
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.FWE=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.EXE
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.FWL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.LIB
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.LIB
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.FWO=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.OCX
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.OCX
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.FWC=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.COM
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.COM
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.FWD=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.DLL
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.DLL
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.FWE=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.EXE
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.FWL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.LIB
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.LIB
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.FWO=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.OCX
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.OCX
C:\WINDOWS\HOSTS.FWC=C:\WINDOWS\HOSTS.COM
NUL=C:\WINDOWS\HOSTS.COM
C:\WINDOWS\HOSTS.FWD=C:\WINDOWS\HOSTS.DLL
NUL=C:\WINDOWS\HOSTS.DLL
C:\WINDOWS\HOSTS.FWE=C:\WINDOWS\HOSTS.EXE
NUL=C:\WINDOWS\HOSTS.EXE
C:\WINDOWS\HOSTS.FWL=C:\WINDOWS\HOSTS.LIB
NUL=C:\WINDOWS\HOSTS.LIB
C:\WINDOWS\HOSTS.FWO=C:\WINDOWS\HOSTS.OCX
NUL=C:\WINDOWS\HOSTS.OCX
C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.FWC=C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.COM
NUL=C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.COM
C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.FWD=C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.DLL
NUL=C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.DLL
C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.FWE=C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.EXE
NUL=C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.EXE
C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.FWL=C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.LIB
NUL=C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.LIB
C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.FWO=C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.OCX
NUL=C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.OCX
C:\WINDOWS\SYSTEM\CTXMA.FWC=C:\WINDOWS\SYSTEM\CTXMA.COM
NUL=C:\WINDOWS\SYSTEM\CTXMA.COM
C:\WINDOWS\SYSTEM\CTXMA.FWD=C:\WINDOWS\SYSTEM\CTXMA.DLL
NUL=C:\WINDOWS\SYSTEM\CTXMA.DLL
C:\WINDOWS\SYSTEM\CTXMA.FWE=C:\WINDOWS\SYSTEM\CTXMA.EXE
NUL=C:\WINDOWS\SYSTEM\CTXMA.EXE
C:\WINDOWS\SYSTEM\CTXMA.FWL=C:\WINDOWS\SYSTEM\CTXMA.LIB
NUL=C:\WINDOWS\SYSTEM\CTXMA.LIB
C:\WINDOWS\SYSTEM\CTXMA.FWO=C:\WINDOWS\SYSTEM\CTXMA.OCX
NUL=C:\WINDOWS\SYSTEM\CTXMA.OCX
C:\WINDOWS\SYSTEM\DOFFNC.FWC=C:\WINDOWS\SYSTEM\DOFFNC.COM
NUL=C:\WINDOWS\SYSTEM\DOFFNC.COM
C:\WINDOWS\SYSTEM\DOFFNC.FWD=C:\WINDOWS\SYSTEM\DOFFNC.DLL
NUL=C:\WINDOWS\SYSTEM\DOFFNC.DLL
C:\WINDOWS\SYSTEM\DOFFNC.FWE=C:\WINDOWS\SYSTEM\DOFFNC.EXE
NUL=C:\WINDOWS\SYSTEM\DOFFNC.EXE
C:\WINDOWS\SYSTEM\DOFFNC.FWL=C:\WINDOWS\SYSTEM\DOFFNC.LIB
NUL=C:\WINDOWS\SYSTEM\DOFFNC.LIB
C:\WINDOWS\SYSTEM\DOFFNC.FWO=C:\WINDOWS\SYSTEM\DOFFNC.OCX
NUL=C:\WINDOWS\SYSTEM\DOFFNC.OCX
C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.FWC=C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.COM
NUL=C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.COM
C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.FWD=C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.DLL
NUL=C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.DLL
C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.FWE=C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.EXE
NUL=C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.EXE
C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.FWL=C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.LIB
NUL=C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.LIB
C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.FWO=C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.OCX
NUL=C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.OCX
C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.FWS=C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.SYS
NUL=C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.SYS
C:\WINDOWS\SYSTEM\JFOFA.FWC=C:\WINDOWS\SYSTEM\JFOFA.COM
NUL=C:\WINDOWS\SYSTEM\JFOFA.COM
C:\WINDOWS\SYSTEM\JFOFA.FWD=C:\WINDOWS\SYSTEM\JFOFA.DLL
NUL=C:\WINDOWS\SYSTEM\JFOFA.DLL
C:\WINDOWS\SYSTEM\JFOFA.FWE=C:\WINDOWS\SYSTEM\JFOFA.EXE
NUL=C:\WINDOWS\SYSTEM\JFOFA.EXE
C:\WINDOWS\SYSTEM\JFOFA.FWL=C:\WINDOWS\SYSTEM\JFOFA.LIB
NUL=C:\WINDOWS\SYSTEM\JFOFA.LIB
C:\WINDOWS\SYSTEM\JFOFA.FWO=C:\WINDOWS\SYSTEM\JFOFA.OCX
NUL=C:\WINDOWS\SYSTEM\JFOFA.OCX
C:\WINDOWS\SYSTEM\MSAPI.FWC=C:\WINDOWS\SYSTEM\MSAPI.COM
NUL=C:\WINDOWS\SYSTEM\MSAPI.COM
C:\WINDOWS\SYSTEM\MSAPI.FWD=C:\WINDOWS\SYSTEM\MSAPI.DLL
NUL=C:\WINDOWS\SYSTEM\MSAPI.DLL
C:\WINDOWS\SYSTEM\MSAPI.FWE=C:\WINDOWS\SYSTEM\MSAPI.EXE
NUL=C:\WINDOWS\SYSTEM\MSAPI.EXE
C:\WINDOWS\SYSTEM\MSAPI.FWL=C:\WINDOWS\SYSTEM\MSAPI.LIB
NUL=C:\WINDOWS\SYSTEM\MSAPI.LIB
C:\WINDOWS\SYSTEM\MSAPI.FWO=C:\WINDOWS\SYSTEM\MSAPI.OCX
NUL=C:\WINDOWS\SYSTEM\MSAPI.OCX
C:\WINDOWS\SYSTEM\MSASMSN7.FWC=C:\WINDOWS\SYSTEM\MSASMSN7.COM
NUL=C:\WINDOWS\SYSTEM\MSASMSN7.COM
C:\WINDOWS\SYSTEM\MSASMSN7.FWD=C:\WINDOWS\SYSTEM\MSASMSN7.DLL
NUL=C:\WINDOWS\SYSTEM\MSASMSN7.DLL
C:\WINDOWS\SYSTEM\MSASMSN7.FWE=C:\WINDOWS\SYSTEM\MSASMSN7.EXE
NUL=C:\WINDOWS\SYSTEM\MSASMSN7.EXE
C:\WINDOWS\SYSTEM\MSASMSN7.FWL=C:\WINDOWS\SYSTEM\MSASMSN7.LIB
NUL=C:\WINDOWS\SYSTEM\MSASMSN7.LIB
C:\WINDOWS\SYSTEM\MSASMSN7.FWO=C:\WINDOWS\SYSTEM\MSASMSN7.OCX
NUL=C:\WINDOWS\SYSTEM\MSASMSN7.OCX
C:\WINDOWS\SYSTEM\RUNDLL32.FWC=C:\WINDOWS\SYSTEM\RUNDLL32.COM
NUL=C:\WINDOWS\SYSTEM\RUNDLL32.COM
C:\WINDOWS\SYSTEM\RUNDLL32.FWD=C:\WINDOWS\SYSTEM\RUNDLL32.DLL
NUL=C:\WINDOWS\SYSTEM\RUNDLL32.DLL
C:\WINDOWS\SYSTEM\RUNDLL32.FWE=C:\WINDOWS\SYSTEM\RUNDLL32.EXE
NUL=C:\WINDOWS\SYSTEM\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RUNDLL32.FWL=C:\WINDOWS\SYSTEM\RUNDLL32.LIB
NUL=C:\WINDOWS\SYSTEM\RUNDLL32.LIB
C:\WINDOWS\SYSTEM\RUNDLL32.FWO=C:\WINDOWS\SYSTEM\RUNDLL32.OCX
NUL=C:\WINDOWS\SYSTEM\RUNDLL32.OCX
C:\WINDOWS\SYSTEM\TWAIN_16.FWC=C:\WINDOWS\SYSTEM\TWAIN_16.COM
NUL=C:\WINDOWS\SYSTEM\TWAIN_16.COM
C:\WINDOWS\SYSTEM\TWAIN_16.FWD=C:\WINDOWS\SYSTEM\TWAIN_16.DLL
NUL=C:\WINDOWS\SYSTEM\TWAIN_16.DLL
810626 - 2005-11-13 22:04:00
C:\WINDOWS\SYSTEM\TWAIN_16.FWE=C:\WINDOWS\SYSTEM\TWAIN_16.EXE
NUL=C:\WINDOWS\SYSTEM\TWAIN_16.EXE
C:\WINDOWS\SYSTEM\TWAIN_16.FWL=C:\WINDOWS\SYSTEM\TWAIN_16.LIB
NUL=C:\WINDOWS\SYSTEM\TWAIN_16.LIB
C:\WINDOWS\SYSTEM\TWAIN_16.FWO=C:\WINDOWS\SYSTEM\TWAIN_16.OCX
NUL=C:\WINDOWS\SYSTEM\TWAIN_16.OCX
C:\WINDOWS\SYSTEM\WHBOY.FWC=C:\WINDOWS\SYSTEM\WHBOY.COM
NUL=C:\WINDOWS\SYSTEM\WHBOY.COM
C:\WINDOWS\SYSTEM\WHBOY.FWD=C:\WINDOWS\SYSTEM\WHBOY.DLL
NUL=C:\WINDOWS\SYSTEM\WHBOY.DLL
C:\WINDOWS\SYSTEM\WHBOY.FWE=C:\WINDOWS\SYSTEM\WHBOY.EXE
NUL=C:\WINDOWS\SYSTEM\WHBOY.EXE
C:\WINDOWS\SYSTEM\WHBOY.FWL=C:\WINDOWS\SYSTEM\WHBOY.LIB
NUL=C:\WINDOWS\SYSTEM\WHBOY.LIB
C:\WINDOWS\SYSTEM\WHBOY.FWO=C:\WINDOWS\SYSTEM\WHBOY.OCX
NUL=C:\WINDOWS\SYSTEM\WHBOY.OCX
C:\WINDOWS\SYSTEM\WMIMGR.FWC=C:\WINDOWS\SYSTEM\WMIMGR.COM
NUL=C:\WINDOWS\SYSTEM\WMIMGR.COM
C:\WINDOWS\SYSTEM\WMIMGR.FWD=C:\WINDOWS\SYSTEM\WMIMGR.DLL
NUL=C:\WINDOWS\SYSTEM\WMIMGR.DLL
C:\WINDOWS\SYSTEM\WMIMGR.FWE=C:\WINDOWS\SYSTEM\WMIMGR.EXE
NUL=C:\WINDOWS\SYSTEM\WMIMGR.EXE
C:\WINDOWS\SYSTEM\WMIMGR.FWL=C:\WINDOWS\SYSTEM\WMIMGR.LIB
NUL=C:\WINDOWS\SYSTEM\WMIMGR.LIB
C:\WINDOWS\SYSTEM\WMIMGR.FWO=C:\WINDOWS\SYSTEM\WMIMGR.OCX
NUL=C:\WINDOWS\SYSTEM\WMIMGR.OCX
C:\WINDOWS\SYSTEM\WUCXT.FWC=C:\WINDOWS\SYSTEM\WUCXT.COM
NUL=C:\WINDOWS\SYSTEM\WUCXT.COM
C:\WINDOWS\SYSTEM\WUCXT.FWD=C:\WINDOWS\SYSTEM\WUCXT.DLL
NUL=C:\WINDOWS\SYSTEM\WUCXT.DLL
C:\WINDOWS\SYSTEM\WUCXT.FWE=C:\WINDOWS\SYSTEM\WUCXT.EXE
NUL=C:\WINDOWS\SYSTEM\WUCXT.EXE
C:\WINDOWS\SYSTEM\WUCXT.FWL=C:\WINDOWS\SYSTEM\WUCXT.LIB
NUL=C:\WINDOWS\SYSTEM\WUCXT.LIB
C:\WINDOWS\SYSTEM\WUCXT.FWO=C:\WINDOWS\SYSTEM\WUCXT.OCX
NUL=C:\WINDOWS\SYSTEM\WUCXT.OCX
C:\WINDOWS\TEMP\SE.FWC=C:\WINDOWS\TEMP\SE.COM
NUL=C:\WINDOWS\TEMP\SE.COM
C:\WINDOWS\TEMP\SE.FWD=C:\WINDOWS\TEMP\SE.DLL
NUL=C:\WINDOWS\TEMP\SE.DLL
C:\WINDOWS\TEMP\SE.FWE=C:\WINDOWS\TEMP\SE.EXE
NUL=C:\WINDOWS\TEMP\SE.EXE
C:\WINDOWS\TEMP\SE.FWL=C:\WINDOWS\TEMP\SE.LIB
NUL=C:\WINDOWS\TEMP\SE.LIB
C:\WINDOWS\TEMP\SE.FWO=C:\WINDOWS\TEMP\SE.OCX
NUL=C:\WINDOWS\TEMP\SE.OCX

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 13/11/2005, 19:50:0)

[Rename]
C:\PROGRAM FILES\LTUCX\1002\C0.FWD=C:\PROGRAM FILES\LTUCX\1002\C0.DLL
NUL=C:\PROGRAM FILES\LTUCX\1002\C0.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.FWC=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.COM
NUL=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.COM
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.FWD=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.DLL
NUL=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.FWE=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.EXE
NUL=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.FWL=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.LIB
NUL=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.LIB
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.FWO=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.OCX
NUL=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.OCX
C:\WINDOWS\1.FWC=C:\WINDOWS\1.COM
NUL=C:\WINDOWS\1.COM
C:\WINDOWS\1.FWD=C:\WINDOWS\1.DLL
NUL=C:\WINDOWS\1.DLL
C:\WINDOWS\1.FWE=C:\WINDOWS\1.EXE
NUL=C:\WINDOWS\1.EXE
C:\WINDOWS\1.FWL=C:\WINDOWS\1.LIB
NUL=C:\WINDOWS\1.LIB
C:\WINDOWS\1.FWO=C:\WINDOWS\1.OCX
NUL=C:\WINDOWS\1.OCX
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.FWC=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.COM
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.COM
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.FWD=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.DLL
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.DLL
810626 - 2005-11-13 22:05:00
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.FWE=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.EXE
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.FWL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.LIB
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.LIB
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.FWO=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.OCX
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_ISC.OCX
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.FWC=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.COM
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.COM
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.FWD=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.DLL
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.DLL
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.FWE=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.EXE
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.FWL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.LIB
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.LIB
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.FWO=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.OCX
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_0518\_IS_WEBH.OCX
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.FWC=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.COM
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.COM
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.FWD=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.DLL
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.DLL
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.FWE=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.EXE
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.FWL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.LIB
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.LIB
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.FWO=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.OCX
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_ISC.OCX
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.FWC=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.COM
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.COM
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.FWD=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.DLL
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.DLL
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.FWE=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.EXE
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.FWL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.LIB
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.LIB
C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.FWO=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.OCX
NUL=C:\WINDOWS\DOWNLOADED PROGRAM FILES\_IS_WEBH.OCX
C:\WINDOWS\HOSTS.FWC=C:\WINDOWS\HOSTS.COM
NUL=C:\WINDOWS\HOSTS.COM
C:\WINDOWS\HOSTS.FWD=C:\WINDOWS\HOSTS.DLL
NUL=C:\WINDOWS\HOSTS.DLL
C:\WINDOWS\HOSTS.FWE=C:\WINDOWS\HOSTS.EXE
NUL=C:\WINDOWS\HOSTS.EXE
C:\WINDOWS\HOSTS.FWL=C:\WINDOWS\HOSTS.LIB
NUL=C:\WINDOWS\HOSTS.LIB
C:\WINDOWS\HOSTS.FWO=C:\WINDOWS\HOSTS.OCX
NUL=C:\WINDOWS\HOSTS.OCX
C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.FWC=C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.COM
NUL=C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.COM
C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.FWD=C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.DLL
NUL=C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.DLL
C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.FWE=C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.EXE
NUL=C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.EXE
C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.FWL=C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.LIB
NUL=C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.LIB
C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.FWO=C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.OCX
NUL=C:\WINDOWS\LOCAL SETTINGS\TEMP\SE.OCX
C:\WINDOWS\SYSTEM\CTXMA.FWC=C:\WINDOWS\SYSTEM\CTXMA.COM
NUL=C:\WINDOWS\SYSTEM\CTXMA.COM
C:\WINDOWS\SYSTEM\CTXMA.FWD=C:\WINDOWS\SYSTEM\CTXMA.DLL
NUL=C:\WINDOWS\SYSTEM\CTXMA.DLL
C:\WINDOWS\SYSTEM\CTXMA.FWE=C:\WINDOWS\SYSTEM\CTXMA.EXE
NUL=C:\WINDOWS\SYSTEM\CTXMA.EXE
C:\WINDOWS\SYSTEM\CTXMA.FWL=C:\WINDOWS\SYSTEM\CTXMA.LIB
NUL=C:\WINDOWS\SYSTEM\CTXMA.LIB
C:\WINDOWS\SYSTEM\CTXMA.FWO=C:\WINDOWS\SYSTEM\CTXMA.OCX
NUL=C:\WINDOWS\SYSTEM\CTXMA.OCX
C:\WINDOWS\SYSTEM\DOFFNC.FWC=C:\WINDOWS\SYSTEM\DOFFNC.COM
NUL=C:\WINDOWS\SYSTEM\DOFFNC.COM
C:\WINDOWS\SYSTEM\DOFFNC.FWD=C:\WINDOWS\SYSTEM\DOFFNC.DLL
NUL=C:\WINDOWS\SYSTEM\DOFFNC.DLL
C:\WINDOWS\SYSTEM\DOFFNC.FWE=C:\WINDOWS\SYSTEM\DOFFNC.EXE
NUL=C:\WINDOWS\SYSTEM\DOFFNC.EXE
C:\WINDOWS\SYSTEM\DOFFNC.FWL=C:\WINDOWS\SYSTEM\DOFFNC.LIB
NUL=C:\WINDOWS\SYSTEM\DOFFNC.LIB
C:\WINDOWS\SYSTEM\DOFFNC.FWO=C:\WINDOWS\SYSTEM\DOFFNC.OCX
NUL=C:\WINDOWS\SYSTEM\DOFFNC.OCX
C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.FWC=C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.COM
NUL=C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.COM
C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.FWD=C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.DLL
NUL=C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.DLL
C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.FWE=C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.EXE
NUL=C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.EXE
C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.FWL=C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.LIB
NUL=C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.LIB
C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.FWO=C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.OCX
NUL=C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.OCX
C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.FWS=C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.SYS
NUL=C:\WINDOWS\SYSTEM\DRIVERS\BOOTCOM.SYS
C:\WINDOWS\SYSTEM\JFOFA.FWC=C:\WINDOWS\SYSTEM\JFOFA.COM
NUL=C:\WINDOWS\SYSTEM\JFOFA.COM
C:\WINDOWS\SYSTEM\JFOFA.FWD=C:\WINDOWS\SYSTEM\JFOFA.DLL
NUL=C:\WINDOWS\SYSTEM\JFOFA.DLL
C:\WINDOWS\SYSTEM\JFOFA.FWE=C:\WINDOWS\SYSTEM\JFOFA.EXE
NUL=C:\WINDOWS\SYSTEM\JFOFA.EXE
C:\WINDOWS\SYSTEM\JFOFA.FWL=C:\WINDOWS\SYSTEM\JFOFA.LIB
NUL=C:\WINDOWS\SYSTEM\JFOFA.LIB
C:\WINDOWS\SYSTEM\JFOFA.FWO=C:\WINDOWS\SYSTEM\JFOFA.OCX
NUL=C:\WINDOWS\SYSTEM\JFOFA.OCX
C:\WINDOWS\SYSTEM\MSAPI.FWC=C:\WINDOWS\SYSTEM\MSAPI.COM
NUL=C:\WINDOWS\SYSTEM\MSAPI.COM
C:\WINDOWS\SYSTEM\MSAPI.FWD=C:\WINDOWS\SYSTEM\MSAPI.DLL
NUL=C:\WINDOWS\SYSTEM\MSAPI.DLL
C:\WINDOWS\SYSTEM\MSAPI.FWE=C:\WINDOWS\SYSTEM\MSAPI.EXE
NUL=C:\WINDOWS\SYSTEM\MSAPI.EXE
C:\WINDOWS\SYSTEM\MSAPI.FWL=C:\WINDOWS\SYSTEM\MSAPI.LIB
NUL=C:\WINDOWS\SYSTEM\MSAPI.LIB
C:\WINDOWS\SYSTEM\MSAPI.FWO=C:\WINDOWS\SYSTEM\MSAPI.OCX
NUL=C:\WINDOWS\SYSTEM\MSAPI.OCX
C:\WINDOWS\SYSTEM\MSASMSN7.FWC=C:\WINDOWS\SYSTEM\MSASMSN7.COM
NUL=C:\WINDOWS\SYSTEM\MSASMSN7.COM
C:\WINDOWS\SYSTEM\MSASMSN7.FWD=C:\WINDOWS\SYSTEM\MSASMSN7.DLL
NUL=C:\WINDOWS\SYSTEM\MSASMSN7.DLL
C:\WINDOWS\SYSTEM\MSASMSN7.FWE=C:\WINDOWS\SYSTEM\MSASMSN7.EXE
NUL=C:\WINDOWS\SYSTEM\MSASMSN7.EXE
C:\WINDOWS\SYSTEM\MSASMSN7.FWL=C:\WINDOWS\SYSTEM\MSASMSN7.LIB
NUL=C:\WINDOWS\SYSTEM\MSASMSN7.LIB
C:\WINDOWS\SYSTEM\MSASMSN7.FWO=C:\WINDOWS\SYSTEM\MSASMSN7.OCX
NUL=C:\WINDOWS\SYSTEM\MSASMSN7.OCX
C:\WINDOWS\SYSTEM\RUNDLL32.FWC=C:\WINDOWS\SYSTEM\RUNDLL32.COM
NUL=C:\WINDOWS\SYSTEM\RUNDLL32.COM
C:\WINDOWS\SYSTEM\RUNDLL32.FWD=C:\WINDOWS\SYSTEM\RUNDLL32.DLL
NUL=C:\WINDOWS\SYSTEM\RUNDLL32.DLL
C:\WINDOWS\SYSTEM\RUNDLL32.FWE=C:\WINDOWS\SYSTEM\RUNDLL32.EXE
NUL=C:\WINDOWS\SYSTEM\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RUNDLL32.FWL=C:\WINDOWS\SYSTEM\RUNDLL32.LIB
NUL=C:\WINDOWS\SYSTEM\RUNDLL32.LIB
C:\WINDOWS\SYSTEM\RUNDLL32.FWO=C:\WINDOWS\SYSTEM\RUNDLL32.OCX
NUL=C:\WINDOWS\SYSTEM\RUNDLL32.OCX
C:\WINDOWS\SYSTEM\TWAIN_16.FWC=C:\WINDOWS\SYSTEM\TWAIN_16.COM
NUL=C:\WINDOWS\SYSTEM\TWAIN_16.COM
C:\WINDOWS\SYSTEM\TWAIN_16.FWD=C:\WINDOWS\SYSTEM\TWAIN_16.DLL
NUL=C:\WINDOWS\SYSTEM\TWAIN_16.DLL
C:\WINDOWS\SYSTEM\TWAIN_16.FWE=C:\WINDOWS\SYSTEM\TWAIN_16.EXE
NUL=C:\WINDOWS\SYSTEM\TWAIN_16.EXE
810626 - 2005-11-13 22:05:00
C:\WINDOWS\SYSTEM\TWAIN_16.FWL=C:\WINDOWS\SYSTEM\TWAIN_16.LIB
NUL=C:\WINDOWS\SYSTEM\TWAIN_16.LIB
C:\WINDOWS\SYSTEM\TWAIN_16.FWO=C:\WINDOWS\SYSTEM\TWAIN_16.OCX
NUL=C:\WINDOWS\SYSTEM\TWAIN_16.OCX
C:\WINDOWS\SYSTEM\WHBOY.FWC=C:\WINDOWS\SYSTEM\WHBOY.COM
NUL=C:\WINDOWS\SYSTEM\WHBOY.COM
C:\WINDOWS\SYSTEM\WHBOY.FWD=C:\WINDOWS\SYSTEM\WHBOY.DLL
NUL=C:\WINDOWS\SYSTEM\WHBOY.DLL
C:\WINDOWS\SYSTEM\WHBOY.FWE=C:\WINDOWS\SYSTEM\WHBOY.EXE
NUL=C:\WINDOWS\SYSTEM\WHBOY.EXE
C:\WINDOWS\SYSTEM\WHBOY.FWL=C:\WINDOWS\SYSTEM\WHBOY.LIB
NUL=C:\WINDOWS\SYSTEM\WHBOY.LIB
C:\WINDOWS\SYSTEM\WHBOY.FWO=C:\WINDOWS\SYSTEM\WHBOY.OCX
NUL=C:\WINDOWS\SYSTEM\WHBOY.OCX
C:\WINDOWS\SYSTEM\WMIMGR.FWC=C:\WINDOWS\SYSTEM\WMIMGR.COM
NUL=C:\WINDOWS\SYSTEM\WMIMGR.COM
C:\WINDOWS\SYSTEM\WMIMGR.FWD=C:\WINDOWS\SYSTEM\WMIMGR.DLL
NUL=C:\WINDOWS\SYSTEM\WMIMGR.DLL
C:\WINDOWS\SYSTEM\WMIMGR.FWE=C:\WINDOWS\SYSTEM\WMIMGR.EXE
NUL=C:\WINDOWS\SYSTEM\WMIMGR.EXE
C:\WINDOWS\SYSTEM\WMIMGR.FWL=C:\WINDOWS\SYSTEM\WMIMGR.LIB
NUL=C:\WINDOWS\SYSTEM\WMIMGR.LIB
C:\WINDOWS\SYSTEM\WMIMGR.FWO=C:\WINDOWS\SYSTEM\WMIMGR.OCX
NUL=C:\WINDOWS\SYSTEM\WMIMGR.OCX
C:\WINDOWS\SYSTEM\WUCXT.FWC=C:\WINDOWS\SYSTEM\WUCXT.COM
NUL=C:\WINDOWS\SYSTEM\WUCXT.COM
C:\WINDOWS\SYSTEM\WUCXT.FWD=C:\WINDOWS\SYSTEM\WUCXT.DLL
NUL=C:\WINDOWS\SYSTEM\WUCXT.DLL
C:\WINDOWS\SYSTEM\WUCXT.FWE=C:\WINDOWS\SYSTEM\WUCXT.EXE
NUL=C:\WINDOWS\SYSTEM\WUCXT.EXE
C:\WINDOWS\SYSTEM\WUCXT.FWL=C:\WINDOWS\SYSTEM\WUCXT.LIB
NUL=C:\WINDOWS\SYSTEM\WUCXT.LIB
C:\WINDOWS\SYSTEM\WUCXT.FWO=C:\WINDOWS\SYSTEM\WUCXT.OCX
NUL=C:\WINDOWS\SYSTEM\WUCXT.OCX
C:\WINDOWS\TEMP\SE.FWC=C:\WINDOWS\TEMP\SE.COM
NUL=C:\WINDOWS\TEMP\SE.COM
C:\WINDOWS\TEMP\SE.FWD=C:\WINDOWS\TEMP\SE.DLL
NUL=C:\WINDOWS\TEMP\SE.DLL
C:\WINDOWS\TEMP\SE.FWE=C:\WINDOWS\TEMP\SE.EXE
NUL=C:\WINDOWS\TEMP\SE.EXE
C:\WINDOWS\TEMP\SE.FWL=C:\WINDOWS\TEMP\SE.LIB
NUL=C:\WINDOWS\TEMP\SE.LIB
C:\WINDOWS\TEMP\SE.FWO=C:\WINDOWS\TEMP\SE.OCX
NUL=C:\WINDOWS\TEMP\SE.OCX

--------------------------------------------------
810626 - 2005-11-13 22:06:00
Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL - {A5366673-E8CA-11D3-9CD9-0090271D075B}
IE - C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSHOOK.DLL - {D157330A-9EF3-49F8-9A67-4141AC41ADD4}

--------------------------------------------------

Enumerating Task Scheduler jobs:

启用 Application Start.job

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 27,905 bytes
Report generated in 0.156 seconds

Command line options:
  /verbose  - to add additional info on each section
  /complete - to include empty sections and unsuspicious data
  /full    - to include several rarely-important sections
  /force9x  - to include Win9x-only startups even if running on WinNT
  /forcent  - to include WinNT-only startups even if running on Win9x
  /forceall - to include all Win9x and WinNT startups, regardless of platform
  /history  - to list version history only
810626 - 2005-11-13 22:08:00
贴完了··拜请高手献身讲解啊··另,我今用过美萍IE清理专家和黄山IE修复专家杀过
魔法学徒 - 2005-11-13 22:32:00
运行HijackThis,先点[扫描]或[Scan]按钮,扫描完成后,[扫描]或[Scan]按钮会变为[保存Log]或[Save Log]按钮,点击它,LOG将会在记事本中显示,再从记事本里复制/粘贴到贴子里。
如果LOG比较长,一贴发不完,你可以分成几个部分发在回贴里。
810626 - 2005-11-13 22:50:00
晕,楼上的斑竹,我已经贴了啊
魔法学徒 - 2005-11-13 22:52:00
您使用的是HijackThis1.99.1 吗?
810626 - 2005-11-13 23:07:00
1.97  那个非法连接这么显示的

C:\WINDOWS\Favorites\免费电影下载 天下无贼,天天电影下载 在线电影欣赏 免费在线电影 天天影院、免费功夫,可可西里、2046、王家卫、新警察故事、鬼武者3、,免费 宽频娱乐最新大片、经典大片、电影、电影下载、在线电影、VOD、影视、连续剧、免费电影,电影,动画片,韩剧,.ur

[InternetShortcut]
URL=http://film.jiajia-e.com/movies/index.asp
Modified=A01F7EFA8174C501F2

魔法学徒 - 2005-11-13 23:15:00
引用:
【飞跃迷离的贴子】建议您下载并使用HijackThis1.99.1

HijackThis下载地址请参考:
【必读】本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

HijackThis的使用方法-----请参考--瑞星HijackThis专题
http://it.rising.com.cn/newSite/Channels/anti_virus/Antivirus_Faq/TopicExplorerPagePackage/hijackthis.htm

运行HijackThis,先点[扫描]或[Scan]按钮,扫描完成后,[扫描]或[Scan]按钮会变为[保存Log]或[Save Log]按钮,点击它,LOG将会在记事本中显示,再从记事本里复制/粘贴到贴子里。
如果LOG比较长,一贴发不完,你可以分成几个部分发在回贴里。

...........................
810626 - 2005-11-14 0:27:00
我下了个1.99版的 但还是一保存LOG文件就出现一个“辅助工具向导”的提示框。说“当运行辅助工具向导并加载某个特定文件时,出现错误”
这个时怎么回事啊
810626 - 2005-11-14 8:33:00
收藏夹那个网站连接太讨厌了,用右键一点,马上IE死掉,别的到没事,能不能用改注册表的方法删掉???
810626 - 2005-11-14 9:22:00
怎么办啊,斑竹救命啊
wo1400 - 2005-11-14 9:28:00
.
810626 - 2005-11-14 10:15:00
快了,救命啊···在线等
810626 - 2005-11-14 10:18:00
是不是1.98版有问题啊?装上1。99版是不是要先删前版本
飞跃迷离 - 2005-11-14 11:20:00
请用新版HijackThis1.99.1 扫个日志

下载地址请参考1楼回复,先卸载旧版本的再安装新版!
810626 - 2005-11-14 12:14:00
好的,晚上回家在从装
810626 - 2005-11-14 20:28:00
大哥啊,我删了1。97版了··可1。99版还是不保存文件,甚至点立即修复都不起作用,修完了··在扫描还有那项···这是怎么回事啊
飞跃迷离 - 2005-11-14 20:53:00
打开IE浏览器——工具——internet选项——删除cookies、删除文件,把“删除所有脱机内容”选上

问题仍在请到安全模式试试!
810626 - 2005-11-14 21:04:00
多谢,我试试啊
810626 - 2005-11-15 0:00:00
还是不成,http://film.jiajia-e.com/movies/index.asp  这个就是那个带毒网站,哪位牛人1去哪看看啊
魔法学徒 - 2005-11-15 0:16:00
网站本身没问题,您的安全模式下也不能运行hj吗?
810626 - 2005-11-15 13:25:00
安全模式按F8进不去啊
飞跃迷离 - 2005-11-15 13:35:00
【回复“810626”的帖子】
您是98的系统,请在开机时按住CTRL键不放直到弹出启动菜单为止。
12
查看完整版本: 斑竹,高手请教了··碰到难缠的了
© 2000 - 2026 Rising Corp. Ltd.