瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » loadms.exe IEXPLOERS.EXE木马解决方法,求助
哦的的 - 2006-5-23 20:40:00
loadms.exe IEXPLOERS.EXE,求助该木马的解决方法!!

在百度里搜了一下,有很多朋友中了该木马,我也按他们说的方法去试着杀,可是还不能彻底的解决,用瑞星2006查了后,在重启机子后会说有一个程序出现了问题,而且启动速度会慢好多,
轩辕小聪 - 2006-5-23 20:41:00
重启机子后的提示说清楚一点。
哦的的 - 2006-5-23 20:45:00
重启机子后,按了CTRL+ALT+DEL后要很久才能进入桌面,而后说:有一个程序出现了问题
轩辕小聪 - 2006-5-23 20:48:00
晕倒,“有一个程序”是哪一个程序??
我无邪 - 2006-5-23 20:49:00
请下载 System Repair Engineer,使用“智能扫描”,按下“扫描”按钮进行扫描,扫描完成后按下“保存报告”按钮保存报告日志文件(SREng.LOG),把保存的报告日志文件内容复制-粘贴上来
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完,分次粘完,请不要修改。
哦的的 - 2006-5-23 20:59:00
2006-05-23,20:56:33

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows 2000 Server Service Pack 4 - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <Internat.exe><internat.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <Ntcheck><C:\WINNT\mapserver.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  <Cmpnt><c:\winnt\system\mainsv.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <run><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <SoundMan><SOUNDMAN.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <NvCplDaemon><RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <nwiz><nwiz.exe /install>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <NvMediaCenter><RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Cmpnt><C:\WINNT\system\cmpku.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
  <Shell><c:\winnt\system\mainsv.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINNT\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>
哦的的 - 2006-5-23 20:59:00
==================================
启动文件夹
[Service Manager]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Service Manager.lnk><N>

==================================
服务
[Apache / Apache]
  <"c:\Thunder\Apache\Apache.exe"><N/A>
[Network IPSEC Connections / BARCASE]
  <C:\WINNT\SYSTEM32\RUNDLL32.EXE C:\WINNT\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[DataBase Assistant / DataBase Assistant]
  <C:\thunder\ktv\ktvsvr\DBAss.exe><SinoSoft WorkGroup>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[kfsvr / kfsvr]
  <c:\Thunder\system\kfserver\kfsvr.exe><N/A>
[ktvserver / ktvserver]
  <c:\Thunder\ktv\ktvsvr\ktvserver.exe><N/A>
[MainKtvServer / MainKtvServer]
  <c:\thunder\ktv\ktvsvr\MainKtvServer.exe><SinoSoft Workgroup>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[RecordServer / RecordServer]
  <c:\Thunder\ktv\ktvsvr\RecordServer.exe><N/A>
[videoserver / videoserver]
  <c:\Thunder\ktv\ktvsvr\videoserver.exe><N/A>
[VoiceServer / VoiceServer]
  <c:\Thunder\ktv\ktvsvr\VoiceServer.exe><N/A>

==================================
浏览器加载项
[相关站点]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <c:\thunder\system\ocx\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
哦的的 - 2006-5-23 21:00:00
==================================
正在运行的进程
[PID: 180][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 204][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 224][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6898>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 260][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.6700>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 280][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.6902>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 480][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 512][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.6659>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 548][c:\Thunder\Apache\Apache.exe]  <N/A><N/A>
    [c:\Thunder\Apache\ApacheCore.dll]  <N/A><N/A>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 564][C:\WINNT\SYSTEM32\RUNDLL32.EXE]  <Microsoft Corporation><5.00.2134.1>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 588][c:\Thunder\Apache\Apache.exe]  <N/A><N/A>
    [c:\Thunder\Apache\ApacheCore.dll]  <N/A><N/A>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 816][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 844][c:\Thunder\system\kfserver\kfsvr.exe]  <N/A><N/A>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 868][c:\Thunder\ktv\ktvsvr\ktvserver.exe]  <N/A><N/A>
    [c:\Thunder\ktv\ktvsvr\BasicUtil.dll]  <N/A><N/A>
    [c:\Thunder\ktv\ktvsvr\SocketUtil.dll]  <N/A><N/A>
    [c:\Thunder\ktv\ktvsvr\ktvdb.dll]  <N/A><N/A>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 908][C:\WINNT\System32\llssrv.exe]  <Microsoft Corporation><5.00.2195.6697>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 952][C:\MSSQL7\binn\sqlservr.exe]  <Microsoft Corporation><1998.11.13>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
    [C:\MSSQL7\binn\SQLRGSTR.DLL]  <N/A><N/A>
[PID: 1044][C:\WINNT\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.5672>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 1072][c:\Thunder\ktv\ktvsvr\RecordServer.exe]  <N/A><N/A>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 1088][C:\WINNT\system32\regsvc.exe]  <Microsoft Corporation><5.00.2195.6701>
[PID: 1104][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6704>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 1140][C:\WINNT\System32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 1204][c:\Thunder\ktv\ktvsvr\VoiceServer.exe]  <N/A><N/A>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
    [c:\Thunder\ktv\ktvsvr\VoiceOrder.dll]  <><1, 0, 0, 1>
    [c:\Thunder\ktv\ktvsvr\SMAPI.dll]  <IBM Corporation><8.0.0.40>
[PID: 1260][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 1280][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 1316][C:\WINNT\system32\Dfssvc.exe]  <Microsoft Corporation><5.00.2195.6664>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 1340][C:\WINNT\system32\inetsrv\inetinfo.exe]  <Microsoft Corporation><5.00.0984>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 1544][C:\thunder\ktv\ktvsvr\DBAss.exe]  <SinoSoft WorkGroup><8, 0, 0, 0>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 1636][C:\MSSQL7\binn\sqlagent.exe]  <Microsoft Corporation><1998.11.13>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 1664][c:\Thunder\ktv\ktvsvr\videoserver.exe]  <N/A><N/A>
    [c:\Thunder\ktv\ktvsvr\ktvdb.dll]  <N/A><N/A>
    [c:\Thunder\ktv\ktvsvr\BasicUtil.dll]  <N/A><N/A>
    [c:\Thunder\ktv\ktvsvr\vp.dll]  <N/A><N/A>
    [c:\Thunder\ktv\ktvsvr\SocketUtil.dll]  <N/A><N/A>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 1920][C:\WINNT\SOUNDMAN.EXE]  <Realtek Semiconductor Corp.><5.1.0.30>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 1904][C:\WINNT\system\ntdllf.exe]  <N/A><N/A>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 2008][C:\WINNT\system32\internat.exe]  <Microsoft Corporation><5.00.2920.0000>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 1896][C:\MSSQL7\Binn\sqlmangr.exe]  <Microsoft Corporation><1998.11.13>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 2124][C:\WINNT\explorer.exe]  <Microsoft Corporation><5.00.3700.6690>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
    [C:\WINNT\system32\cacb.dll]  <><1, 0, 1, 0>
    [C:\WINNT\system32\HttpReq.dll]  <N/A><N/A>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\WINNT\system32\nvshell.dll]  <NVIDIA Corporation><6.14.10.5672>
    [C:\WINNT\system32\NVWRSZHC.DLL]  <NVIDIA Corporation><6.14.10.5672>
    [C:\WINNT\system32\JPWB.IME]  <常诚研制><4.00.950>
    [C:\WINNT\system32\WBJJU.IME]  <北京六合源软件技术有限公司><2, 5, 0, 0>
    [C:\WINNT\system32\WbCodeU.dll]  <><2, 5, 0, 0>
    [C:\WINNT\system32\wbjju.dll]  <N/A><N/A>
[PID: 2096][C:\WINNT\system32\taskmgr.exe]  <Microsoft Corporation><5.00.2195.6620>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
[PID: 416][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2800.1106>
    [C:\WINNT\KB494002.LOG]  <N/A><N/A>
    [C:\WINNT\system32\cacb.dll]  <><1, 0, 1, 0>
    [C:\WINNT\system32\HttpReq.dll]  <N/A><N/A>
    [C:\WINNT\system32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
    [C:\WINNT\system32\JPWB.IME]  <常诚研制><4.00.950>
    [C:\WINNT\system32\WBJJU.IME]  <北京六合源软件技术有限公司><2, 5, 0, 0>
    [C:\WINNT\system32\WbCodeU.dll]  <><2, 5, 0, 0>
    [C:\WINNT\system32\wbjju.dll]  <N/A><N/A>
    [C:\WINNT\system32\WNWBIO.IME]  <深圳市世强电脑科技有限公司 www.wnwb.com ><2004, 10, 21, 1>
[PID: 2168][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.843\SREng.exe]  <Smallfrogs Studio><2.0.12.350>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
我无邪 - 2006-5-23 21:12:00
运行System Repair Engineer,点“启动项目,服务,勾选“隐藏微软服务”选中病毒服务Network IPSEC Connections,选择“删除所选服务”“否”最后重启
运行System Repair Engineer,使用“启动项目,注册表”来删除以下选项。
(如果在注册表里无法识别那一下,可以选中一项后,点“编辑”这样会有很明细的路径)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Ntcheck><C:\WINNT\mapserver.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<Cmpnt><c:\winnt\system\mainsv.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Cmpnt><C:\WINNT\system\cmpku.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Shell><c:\winnt\system\mainsv.exe>
双击我的电脑--工具---文件夹选项--查看--单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件(推荐)"复选框。在提示您确定更改时,单击“是”
删除
C:\WINNT\SYSTEM32\WBEM\IRJIT.DLL
c:\winnt\system\mainsv.exe
C:\WINNT\system\cmpku.exe
C:\WINNT\mapserver.exe
C:\WINNT\KB494002.LOG(这个似乎很难解决)
修复后,请重启。
烦再扫份报告粘上来。
哦的的 - 2006-5-23 21:36:00
在第一步服务里没有那些程序,在最后一步删不掉IRJIT.DLL,删时说无法删除IRJIT.DLL,该文件正被WINDOWS使用
我无邪 - 2006-5-23 21:44:00
拜托看仔细些
IRJIT.DLL是个很常见的病毒。
轩辕小聪 - 2006-5-23 21:53:00
C:\WINNT\KB494002.LOG一般是在这个位置的:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><KB494002.LOG>

楼主运行SREng的时候,是否程序提醒你AppInit_DLLs的值不正常,而你修复掉它了?如果是,重启后就可以删除C:\WINNT\KB494002.LOG
轩辕小聪 - 2006-5-23 21:57:00
删除不了就重启后再删。
哦的的 - 2006-5-23 22:00:00
KB494002.LOG    这个文件删时很容易,就是IRJIT.DLL删时不让,后来我结束EXPLORER后才让删,现在是重启后的日志,006-05-23,21:55:12

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows 2000 Server Service Pack 4 - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <Internat.exe><internat.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <run><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <SoundMan><SOUNDMAN.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <NvCplDaemon><RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <nwiz><nwiz.exe /install>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <NvMediaCenter><RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  <dwMyTest><LOADHW.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINNT\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
[Service Manager]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Service Manager.lnk><N>

==================================
哦的的 - 2006-5-23 22:01:00
服务
[Apache / Apache]
  <"c:\Thunder\Apache\Apache.exe"><N/A>
[Network IPSEC Connections / BARCASE]
  <C:\WINNT\SYSTEM32\RUNDLL32.EXE C:\WINNT\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[DataBase Assistant / DataBase Assistant]
  <C:\thunder\ktv\ktvsvr\DBAss.exe><SinoSoft WorkGroup>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[kfsvr / kfsvr]
  <c:\Thunder\system\kfserver\kfsvr.exe><N/A>
[ktvserver / ktvserver]
  <c:\Thunder\ktv\ktvsvr\ktvserver.exe><N/A>
[MainKtvServer / MainKtvServer]
  <c:\thunder\ktv\ktvsvr\MainKtvServer.exe><SinoSoft Workgroup>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[RecordServer / RecordServer]
  <c:\Thunder\ktv\ktvsvr\RecordServer.exe><N/A>
[videoserver / videoserver]
  <c:\Thunder\ktv\ktvsvr\videoserver.exe><N/A>
[VoiceServer / VoiceServer]
  <c:\Thunder\ktv\ktvsvr\VoiceServer.exe><N/A>

==================================
浏览器加载项
[相关站点]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <c:\thunder\system\ocx\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>

==================================
正在运行的进程
[PID: 180][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 204][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 224][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6898>
[PID: 252][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.6700>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 264][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.6902>
[PID: 456][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 484][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.6659>
[PID: 512][c:\Thunder\Apache\Apache.exe]  <N/A><N/A>
    [c:\Thunder\Apache\ApacheCore.dll]  <N/A><N/A>
[PID: 536][c:\Thunder\Apache\Apache.exe]  <N/A><N/A>
    [c:\Thunder\Apache\ApacheCore.dll]  <N/A><N/A>
[PID: 768][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
    [C:\WINNT\system32\cacb.dll]  <><1, 0, 1, 0>
    [C:\WINNT\system32\HttpReq.dll]  <N/A><N/A>
[PID: 860][C:\WINNT\SOUNDMAN.EXE]  <Realtek Semiconductor Corp.><5.1.0.30>
[PID: 900][C:\WINNT\system32\internat.exe]  <Microsoft Corporation><5.00.2920.0000>
[PID: 916][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 928][C:\MSSQL7\Binn\sqlmangr.exe]  <Microsoft Corporation><1998.11.13>
[PID: 936][c:\Thunder\system\kfserver\kfsvr.exe]  <N/A><N/A>
[PID: 956][c:\Thunder\ktv\ktvsvr\ktvserver.exe]  <N/A><N/A>
    [c:\Thunder\ktv\ktvsvr\BasicUtil.dll]  <N/A><N/A>
    [c:\Thunder\ktv\ktvsvr\SocketUtil.dll]  <N/A><N/A>
    [c:\Thunder\ktv\ktvsvr\ktvdb.dll]  <N/A><N/A>
[PID: 968][C:\WINNT\System32\llssrv.exe]  <Microsoft Corporation><5.00.2195.6697>
[PID: 1004][C:\MSSQL7\binn\sqlservr.exe]  <Microsoft Corporation><1998.11.13>
    [C:\MSSQL7\binn\SQLRGSTR.DLL]  <N/A><N/A>
[PID: 1092][C:\WINNT\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.5672>
[PID: 1112][c:\Thunder\ktv\ktvsvr\RecordServer.exe]  <N/A><N/A>
[PID: 1128][C:\WINNT\system32\regsvc.exe]  <Microsoft Corporation><5.00.2195.6701>
[PID: 1144][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6704>
[PID: 1176][C:\WINNT\System32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 1208][c:\Thunder\ktv\ktvsvr\VoiceServer.exe]  <N/A><N/A>
    [c:\Thunder\ktv\ktvsvr\VoiceOrder.dll]  <><1, 0, 0, 1>
    [c:\Thunder\ktv\ktvsvr\SMAPI.dll]  <IBM Corporation><8.0.0.40>
[PID: 1256][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 1284][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 1304][C:\WINNT\system32\Dfssvc.exe]  <Microsoft Corporation><5.00.2195.6664>
[PID: 1332][C:\WINNT\system32\inetsrv\inetinfo.exe]  <Microsoft Corporation><5.00.0984>
[PID: 1512][C:\thunder\ktv\ktvsvr\DBAss.exe]  <SinoSoft WorkGroup><8, 0, 0, 0>
[PID: 1564][C:\MSSQL7\binn\sqlagent.exe]  <Microsoft Corporation><1998.11.13>
[PID: 1580][c:\Thunder\ktv\ktvsvr\videoserver.exe]  <N/A><N/A>
    [c:\Thunder\ktv\ktvsvr\ktvdb.dll]  <N/A><N/A>
    [c:\Thunder\ktv\ktvsvr\BasicUtil.dll]  <N/A><N/A>
    [c:\Thunder\ktv\ktvsvr\vp.dll]  <N/A><N/A>
    [c:\Thunder\ktv\ktvsvr\SocketUtil.dll]  <N/A><N/A>
[PID: 1056][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2800.1106>
    [C:\WINNT\system32\cacb.dll]  <><1, 0, 1, 0>
    [C:\WINNT\system32\HttpReq.dll]  <N/A><N/A>
    [C:\WINNT\system32\kakatool.dll]  <Beijing Rising Technology Co., Ltd.><2, 0, 0, 8>
    [C:\WINNT\system32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
[PID: 1220][C:\Documents and Settings\Administrator\My Documents\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
哦的的 - 2006-5-23 22:18:00
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
我无邪 - 2006-5-23 23:28:00
运行System Repair Engineer,点“启动项目,服务,勾选“隐藏微软服务”选中病毒服务Network IPSEC Connections,选择“删除所选服务”“否”最后重启
真的没有这一项服务Network IPSEC Connections
哦的的 - 2006-5-24 2:31:00
现在病毒没了,重启机子后说,找不到LOADHW。EXE,请确认路径和文件名是否正确,而且所需的库文件是否可用,

还有在系统启动时至少有一个服务或驱动程序出现错误,详细信息请查看事件查看器,
哦的的 - 2006-5-24 2:33:00
兄弟们在线等待呀,继续呀
我无邪 - 2006-5-24 13:19:00
烦再扫份报告粘上来。
1
查看完整版本: loadms.exe IEXPLOERS.EXE木马解决方法,求助
© 2000 - 2026 Rising Corp. Ltd.