继续求助！十分讨厌的掌门网，依然无法去除 bbs.ikaka.com

飞侠119 - 2006-6-7 11:46:00

用了N多方法依然不能制止他弹出。以下是小弟的日志。
Logfile of HijackThis v1.99.1
Scan saved at 11:30:11, on 2006-06-07
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\KAV2005\KWatch.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\DigitalPersona\UareUPro\DpHost.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\KAV2005\KPfwSvc.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\jj4\jjsvr4.exe
C:\KAV2005\KPFW32.EXE
C:\Program Files\Activesoft\Active Messenger\Msger.exe
C:\WINDOWS\System32\conime.exe
C:\KAV2005\KMailMon.EXE
C:\KAV2005\KAVStart.EXE
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Thunder Network\Thunder\Thunder.exe
C:\Program Files\Thunder Network\Thunder\MediaIssue\Issue.exe
D:\soft\程序扫描汉化\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\KakaTool.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Super Rabbit SRRestore] C:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [pyjj] C:\Program Files\jj4\jjsvr4.exe
O4 - HKCU\..\Run: [KavPFW] "C:\KAV2005\KPFW32.EXE"
O4 - Startup: Active Messenger.lnk = ?
O4 - Startup: 快捷方式到 KAV32.lnk = C:\KAV2005\KAV32.EXE
O4 - Global Startup: microsoft office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getAllurl.htm
O10 - Broken Internet access because of LSP provider 'w2pxdrv.dll' missing
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O17 - HKLM\System\CCS\Services\Tcpip\..\{7ACC7428-51AF-41EB-9356-07B4234FAC42}: NameServer = 202.102.152.3,202.102.154.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{7ACC7428-51AF-41EB-9356-07B4234FAC42}: NameServer = 202.102.152.3,202.102.154.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{7ACC7428-51AF-41EB-9356-07B4234FAC42}: NameServer = 202.102.152.3,202.102.154.3
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: User Authentication Manager (DpHost) - Digital Persona, Inc. - C:\Program Files\DigitalPersona\UareUPro\DpHost.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\KAV2005\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\KAV2005\KWatch.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

zq77 - 2006-6-7 12:04:00

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
修复

飞侠119 - 2006-6-7 12:16:00

谢谢。我试试。

飞侠119 - 2006-6-7 12:52:00

没有用，依然再弹。

zq77 - 2006-6-7 13:26:00

【回复“飞侠119”的帖子】
下载 System Repair Engineer 导出全部日志
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完分次粘完请不要修改

飞侠119 - 2006-6-7 13:30:00

Logfile of HijackThis v1.99.1
Scan saved at 13:28:06, on 2006-06-07
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\KAV2005\KWatch.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\DigitalPersona\UareUPro\DpHost.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\KAV2005\KPfwSvc.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\jj4\jjsvr4.exe
C:\KAV2005\KPFW32.EXE
C:\Program Files\Activesoft\Active Messenger\Msger.exe
C:\WINDOWS\System32\conime.exe
C:\KAV2005\KMailMon.EXE
C:\KAV2005\KAVStart.EXE
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\PPLive\PPLive.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\soft\程序扫描汉化\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\KakaTool.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Super Rabbit SRRestore] C:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [pyjj] C:\Program Files\jj4\jjsvr4.exe
O4 - HKCU\..\Run: [KavPFW] "C:\KAV2005\KPFW32.EXE"
O4 - Startup: Active Messenger.lnk = ?
O4 - Startup: 快捷方式到 KAV32.lnk = C:\KAV2005\KAV32.EXE
O4 - Global Startup: microsoft office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getAllurl.htm
O10 - Broken Internet access because of LSP provider 'w2pxdrv.dll' missing
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O17 - HKLM\System\CCS\Services\Tcpip\..\{7ACC7428-51AF-41EB-9356-07B4234FAC42}: NameServer = 202.102.152.3,202.102.154.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{7ACC7428-51AF-41EB-9356-07B4234FAC42}: NameServer = 202.102.152.3,202.102.154.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{7ACC7428-51AF-41EB-9356-07B4234FAC42}: NameServer = 202.102.152.3,202.102.154.3
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: User Authentication Manager (DpHost) - Digital Persona, Inc. - C:\Program Files\DigitalPersona\UareUPro\DpHost.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\KAV2005\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\KAV2005\KWatch.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

楼上的大哥请看这个新的扫描。

zq77 - 2006-6-7 13:34:00

【回复“飞侠119”的帖子】
HijackThis看不出问题
下载 System Repair Engineer 导出全部日志
这里下
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

飞侠119 - 2006-6-7 13:36:00

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<pyjj><C:\Program Files\jj4\jjsvr4.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<KavPFW><"C:\KAV2005\KPFW32.EXE">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Super Rabbit SRRestore><C:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<CNETHELPER><rundll32.exe C:\PROGRA~1\COMMON~1\system\msdc32.dll,_S1>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><userinit.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>

==================================
启动文件夹
[microsoft office]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\microsoft office.lnk><N>
[Active Messenger]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\Active Messenger.lnk><N>
[快捷方式到 KAV32]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\快捷方式到 KAV32.lnk><N>

==================================
服务
[.Net Boot Service / .Net Boot Service]
<C:\WINDOWS\System32\big5_gb2312.exe><N/A>
[pcAnywhere Host Service / awhost32]
<C:\Program Files\Symantec\pcAnywhere\awhost32.exe><Symantec Corporation>
[Microsoft Update Service / BKMARKS]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[C-DillaCdaC11BA / C-DillaCdaC11BA]
<C:\WINDOWS\System32\drivers\CDAC11BA.EXE><Macrovision>
[User Authentication Manager / DpHost]
<C:\Program Files\DigitalPersona\UareUPro\DpHost.exe><Digital Persona, Inc.>
[Kingsoft Personal Firewall Service / KPfwSvc]
<"C:\KAV2005\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc]
<C:\KAV2005\KWatch.EXE><Kingsoft Corporation>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd]
<"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[ServiceLayer / ServiceLayer]
<"C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"><Nokia.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[Windows Print Controller / Universal Disk Manager]
<C:\Program Files\Common Files\COMM\qqfaceclient.exe><COMENET TECHNOLOGY>

==================================
浏览器加载项
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\getAllurl.htm, N/A>

飞侠119 - 2006-6-7 13:38:00

正在运行的进程
[PID: 468][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 524][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 548][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 592][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 604][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[C:\WINDOWS\system32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[PID: 780][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\WINDOWS\system32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[PID: 828][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\WINDOWS\System32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[PID: 924][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\WINDOWS\System32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[PID: 960][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\WINDOWS\System32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[PID: 1060][C:\KAV2005\KWatch.EXE] <Kingsoft Corporation><2005, 9, 27, 51>
[C:\KAV2005\KAVIPC2.DLL] <Kingsoft Corporation><2004, 12, 28, 20>
[C:\KAV2005\KAEPlat.DLL] <Kingsoft Corp.><2005, 12, 29, 56>
[C:\KAV2005\KAEMem.DAT] <Kingsoft><2006, 4, 12, 13>
[C:\KAV2005\KAEUnpack.DAT] <Kingsoft Corp.><2006, 3, 21, 17>
[PID: 1120][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.1699 (xpsp2.050610-1533)>
[C:\WINDOWS\System32\AdobePDF.dll] <Adobe Systems Incorporated.><7.0.0.00>
[C:\Program Files\Adobe\Acrobat 7.0\Distillr\AdistRes.CHS] <N/A><N/A>
[C:\WINDOWS\system32\awmon.dll] <Symantec Corporation><9.2.1>
[PID: 1236][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1264][C:\WINDOWS\System32\drivers\CDAC11BA.EXE] <Macrovision><4.20.020>
[PID: 1292][C:\Program Files\DigitalPersona\UareUPro\DpHost.exe] <Digital Persona, Inc.><1.1.0.0>
[C:\Program Files\DigitalPersona\UareUPro\DPPS.dll] <Digital Persona, Inc.><1.1.0.0>
[C:\Program Files\DigitalPersona\UareUPro\DpCmpMgt.dll] <Digital Persona, Inc.><1.1.0.0>
[C:\Program Files\DigitalPersona\UareUPro\DpDtObjs.dll] <Digital Persona, Inc.><1.1.0.0>
[C:\Program Files\DigitalPersona\UareUPro\DPDevAgt.dll] <Digital Persona, Inc.><1.1.0.0>
[C:\WINDOWS\System32\dpDevCtl.dll] <DigitalPersona, Inc.><2.1.1.499>
[PID: 1340][C:\WINDOWS\System32\inetsrv\inetinfo.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\WINDOWS\System32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[PID: 1368][C:\KAV2005\KPfwSvc.EXE] <Kingsoft Corporation><2005, 9, 5, 28>
[PID: 1384][C:\WINDOWS\System32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.5672>
[PID: 1480][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] <Analog Devices, Inc.><3, 2, 6, 0>
[PID: 1500][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\WINDOWS\System32\hpwx3770.dll] <Hewlett-Packard><3.2.2.674>
[C:\WINDOWS\System32\hpgt3770.dll] <Hewlett-Packard><1.0.2.682>
[PID: 1532][C:\WINDOWS\System32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[PID: 136][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
[C:\WINDOWS\System32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.0.0.86>
[C:\PROGRA~1\COMMON~1\system\msdc32.dll] <C1NETHELPER><1, 0, 0, 1>
[C:\PROGRA~1\COMMON~1\system\mod\ca.dll] <N/A><N/A>
[C:\PROGRA~1\COMMON~1\system\mod\ca32.dll] <N/A><N/A>
[C:\WINDOWS\System32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[C:\KAV2005\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS] <Adobe Systems, Inc.><7.0.0.0>
[C:\WINDOWS\System32\nvcpl.dll] <NVIDIA Corporation><6.14.10.5672>
[C:\WINDOWS\System32\nvshell.dll] <NVIDIA Corporation><6.14.10.5672>
[C:\WINDOWS\System32\NVWRSZHC.DLL] <NVIDIA Corporation><6.14.10.5672>
[C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.chs] <Adobe Systems Inc.><7.0.0.2004121400\0>
[C:\PROGRA~1\Nokia\NOKIAP~1\Lang\ConnectionManager_chi-sc.nlr] <Nokia><6, 80, 26, 0>
[C:\WINDOWS\System32\HOOKLFp.dll] <N/A><N/A>

飞侠119 - 2006-6-7 13:38:00

[C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll] <Nokia><6, 80, 37, 4>
[C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll] <Nokia><6, 80, 66, 0>
[C:\WINDOWS\System32\ConnAPI.DLL] <Nokia.><6, 80, 55, 5>
[C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_chi-sc.nlr] <Nokia><6, 80, 26, 0>
[C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr] <Nokia><6, 80, 8, 0>
[C:\KAV2005\KAScript.DLL] <Kingsoft Corporation><2006, 2, 10, 60>
[C:\KAV2005\KAEPlat.DLL] <Kingsoft Corp.><2005, 12, 29, 56>
[C:\KAV2005\KAEMem.DAT] <Kingsoft><2006, 4, 12, 13>
[C:\KAV2005\KAEUnpack.DAT] <Kingsoft Corp.><2006, 3, 21, 17>
[C:\WINDOWS\System32\l3codeca.acm] <Fraunhofer Institut Integrierte Schaltungen IIS><1, 9, 0, 0305>
[C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx] <Macromedia, Inc.><8,0,24,0>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\KAV2005\KAVEXT.DLL] <Kingsoft Corporation><2005, 8, 5, 16>
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ywiper.dll] <N/A><1, 0, 1, 1014>
[C:\Program Files\Activesoft\Active Messenger\EasySend.dll] <ActiveSoft.com.cn><2, 0, 0, 1>
[C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll] <Adobe Systems Inc.><7.0.0.2004121400\0>
[PID: 988][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[C:\KAV2005\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 956][C:\Program Files\MSN Messenger\msnmsgr.exe] <Microsoft Corporation><7.5.0324>
[C:\WINDOWS\System32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[C:\WINDOWS\System32\msdmo.dll] <N/A><N/A>
[C:\KAV2005\KAScript.DLL] <Kingsoft Corporation><2006, 2, 10, 60>
[C:\KAV2005\KAEPlat.DLL] <Kingsoft Corp.><2005, 12, 29, 56>
[C:\KAV2005\KAEMem.DAT] <Kingsoft><2006, 4, 12, 13>
[C:\KAV2005\KAEUnpack.DAT] <Kingsoft Corp.><2006, 3, 21, 17>
[C:\KAV2005\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\WINDOWS\System32\PYJJ4.IME] <加加工作组><4.0.0.21>
[PID: 1012][C:\Program Files\jj4\jjsvr4.exe] <加加开发组><4.0.0.20>
[C:\KAV2005\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 1028][C:\KAV2005\KPFW32.EXE] <Kingsoft Corporation><2006, 1, 17, 609>
[C:\KAV2005\KAVIPC2.DLL] <Kingsoft Corporation><2004, 12, 28, 20>
[C:\KAV2005\KAConfig.DLL] <Kingsoft Corporation><2005, 3, 23, 30>
[C:\KAV2005\FiltList.dll] <N/A><N/A>
[C:\KAV2005\KAVPassp.DLL] <Kingsoft Corporation><2006, 5, 26, 246>
[C:\WINDOWS\System32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[C:\KAV2005\KAEPlat.DLL] <Kingsoft Corp.><2005, 12, 29, 56>
[C:\KAV2005\KAEMem.DAT] <Kingsoft><2006, 4, 12, 13>
[C:\KAV2005\KAEUnpack.DAT] <Kingsoft Corp.><2006, 3, 21, 17>
[C:\WINDOWS\System32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[C:\KAV2005\KAScript.DLL] <Kingsoft Corporation><2006, 2, 10, 60>
[C:\KAV2005\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 1308][C:\Program Files\Activesoft\Active Messenger\Msger.exe] <Activesoft><3, 0, 6, 1>
[C:\WINDOWS\System32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[C:\KAV2005\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\WINDOWS\System32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.0.0.86>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS] <Adobe Systems, Inc.><7.0.0.0>
[C:\WINDOWS\System32\PYJJ4.IME] <加加工作组><4.0.0.21>
[PID: 1792][C:\WINDOWS\System32\conime.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[C:\KAV2005\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 3748][C:\KAV2005\KMailMon.EXE] <Kingsoft Corporation><2005, 10, 8, 85>
[C:\KAV2005\KAntiSpm.dll] <N/A><1, 0, 0, 2>
[C:\KAV2005\KAVIPC2.DLL] <Kingsoft Corporation><2004, 12, 28, 20>
[C:\KAV2005\KAECall2.DLL] <Kingsoft Corporation><2004, 12, 28, 7>
[C:\KAV2005\KAEPlat.DLL] <Kingsoft Corp.><2005, 12, 29, 56>
[C:\KAV2005\KAEMem.DAT] <Kingsoft><2006, 4, 12, 13>
[C:\KAV2005\KAEUnpack.DAT] <Kingsoft Corp.><2006, 3, 21, 17>
[C:\KAV2005\KAConfig.DLL] <Kingsoft Corporation><2005, 3, 23, 30>
[C:\KAV2005\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\WINDOWS\System32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[PID: 3800][C:\KAV2005\KAVStart.EXE] <Kingsoft Corporation><2006, 4, 10, 196>
[C:\KAV2005\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\KAV2005\KAVIPC2.DLL] <Kingsoft Corporation><2004, 12, 28, 20>
[C:\KAV2005\KAVPassp.dll] <Kingsoft Corporation><2006, 5, 26, 246>
[C:\KAV2005\PopSprt3.dll] <Kingsoft Corporation><2005, 12, 6, 30>
[C:\WINDOWS\System32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[PID: 3332][C:\Program Files\Tencent\QQ\QQ.exe] <TENCENT><0, 0, 0, 0>
[C:\Program Files\Tencent\QQ\CoralAssist.DLL] <Coral Team><4.5.0 build 20060515>
[C:\Program Files\Tencent\QQ\CoralQQ.DLL] <Coral Team><4.5 Build 20060515>
[C:\Program Files\Tencent\QQ\ipsearcher.dll] <N/A><1.0.0.4>
[C:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[C:\Program Files\Tencent\QQ\QQHelperDll.dll] <><1, 0, 0, 1>
[C:\Program Files\Tencent\QQ\BasicCtrlDll.dll] <Tencent><5, 0, 200, 160>
[C:\KAV2005\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\Program Files\Tencent\QQ\QQAPI.dll] <><1, 0, 0, 1>
[C:\Program Files\Tencent\QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[C:\Program Files\Tencent\QQ\LoginCtrl.dll] <><1, 0, 0, 1>
[C:\Program Files\Tencent\QQ\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 3, 2, 1>
[C:\Program Files\Tencent\QQ\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[C:\Program Files\Tencent\QQ\QQRes.dll] <tencent><1, 0, 0, 1>
[C:\Program Files\Tencent\QQ\QQMainFrame.dll] <N/A><N/A>
[C:\Program Files\Tencent\QQ\CQQApplication.dll] <N/A><N/A>
[C:\WINDOWS\System32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[C:\Program Files\Tencent\QQ\NewSkin.dll] <><1, 0, 0, 1>
[C:\Program Files\Tencent\QQ\HostingMgr.dll] <><1, 0, 0, 1>
[C:\Program Files\Tencent\QQ\CameraDll.dll] <><1, 0, 0, 1>
[C:\Program Files\Tencent\QQ\MailSummary.dll] <><1, 0, 0, 1>
[C:\Program Files\Tencent\QQ\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINDOWS\System32\msdmo.dll] <N/A><N/A>
[C:\Program Files\Tencent\QQ\QQGroupMng.dll] <><1, 0, 0, 1>
[C:\Program Files\Tencent\QQ\GroupLive.dll] <N/A><N/A>
[C:\Program Files\Tencent\QQ\QQAllInOne.dll] <N/A><N/A>
[C:\Program Files\Tencent\QQ\SCCore.dll] <N/A><N/A>
[C:\Program Files\Tencent\QQ\QQCustomFace.dll] <N/A><N/A>
[C:\Program Files\Tencent\QQ\UserDefinedHead.dll] <><1, 0, 0, 1>
[C:\Program Files\Tencent\QQ\QQPlugin.dll] <N/A><N/A>
[C:\Program Files\Tencent\QQ\QQConfigPlugin.dll] <><1, 0, 0, 1>
[C:\Program Files\Tencent\QQ\QQPet.dll] <><1, 0, 0, 1>
[C:\Program Files\Tencent\QQ\QQSysMsgMng.dll] <N/A><N/A>
[C:\Program Files\Tencent\QQ\QRingMng.dll] <N/A><N/A>
[C:\Program Files\Tencent\QQ\PhoneAPI.dll] <><1, 0, 0, 1>
[C:\Program Files\Tencent\QQ\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[C:\Program Files\Tencent\QQ\QQAvatar.dll] <N/A><N/A>
[C:\Program Files\Tencent\QQ\FlashAvatarDll.dll] <><1, 4, 0, 1>
[C:\Program Files\Tencent\QQ\LongConnection.dll] <tencent><5, 0, 200, 160>
[C:\Program Files\Tencent\QQ\BQQApplication.dll] <N/A><N/A>

飞侠119 - 2006-6-7 13:39:00

[C:\Program Files\Tencent\QQ\CommercesMng.dll] <><1, 0, 0, 1>
[C:\Program Files\Tencent\QQ\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
[C:\Program Files\Tencent\QQ\QQUdpGetFileLib.dll] <tencent><0, 2, 2, 3>
[C:\Program Files\Tencent\QQ\QQAddr.dll] <深圳市腾讯计算机系统有限公司><5, 0, 101, 200>
[C:\Program Files\Tencent\QQ\QQSceneMng.dll] <N/A><N/A>
[C:\Program Files\Tencent\QQ\QQPhoneHelper.dll] <腾讯科技（深圳）有限公司><2, 0, 3, 30>
[C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx] <Macromedia, Inc.><8,0,24,0>
[C:\Program Files\Tencent\QQ\GroupConnection.dll] <Tencent><5, 0, 202, 170>
[C:\Program Files\Tencent\QQ\ImageOle.dll] <TODO: <Company name>><1.0.0.1>
[C:\Program Files\Tencent\QQ\QQZip.dll] <tencent><0, 3, 2, 4>
[C:\WINDOWS\System32\PYJJ4.IME] <加加工作组><4.0.0.21>
[C:\Program Files\Tencent\QQ\QQMagicFace.dll] <><1, 0, 0, 1>
[C:\Program Files\Tencent\QQ\ShareFiles.dll] <N/A><N/A>
[C:\Program Files\Tencent\QQ\videodevice.dll] <Tencent><1.5.0.0>
[C:\Program Files\Tencent\QQ\inplus.dll] <Tencent><1.5.0.0>
[C:\WINDOWS\System32\l3codeca.acm] <Fraunhofer Institut Integrierte Schaltungen IIS><1, 9, 0, 0305>
[PID: 3420][C:\Program Files\Tencent\QQ\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[C:\KAV2005\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\Program Files\Tencent\QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 3552][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
[C:\KAV2005\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\WINDOWS\System32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[C:\WINDOWS\System32\KakaTool.dll] <Beijing Rising Technology Co., Ltd.><2, 0, 0, 8>
[C:\WINDOWS\System32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[C:\KAV2005\KAScript.DLL] <Kingsoft Corporation><2006, 2, 10, 60>
[C:\KAV2005\KAEPlat.DLL] <Kingsoft Corp.><2005, 12, 29, 56>
[C:\KAV2005\KAEMem.DAT] <Kingsoft><2006, 4, 12, 13>
[C:\KAV2005\KAEUnpack.DAT] <Kingsoft Corp.><2006, 3, 21, 17>
[C:\WINDOWS\System32\PYJJ4.IME] <加加工作组><4.0.0.21>
[C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx] <Macromedia, Inc.><8,0,24,0>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS] <Adobe Systems, Inc.><7.0.0.0>
[C:\Program Files\PowerInfo\DreamPlayer\DreamWMFin.dll] <PowerInfo><4, 0, 0, 0>
[C:\WINDOWS\System32\DreamNetworks.dll] <PowerInfo><4, 0, 0, 0>
[C:\WINDOWS\System32\DreamPublic.dll] <PowerInfo><4, 0, 0, 0>
[C:\WINDOWS\System32\DreamOptions.dll] <PowerInfo><4, 0, 0, 0>
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.0.0.86>
[PID: 2884][C:\Program Files\PPLive\PPLive.exe] <><1, 0, 0, 1>
[C:\PROGRA~1\COMMON~1\Synacast\SynaLive\common.dll] <><1, 0, 0, 1>
[C:\KAV2005\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\PROGRA~1\COMMON~1\Synacast\SynaLive\SYNACA~2.OCX] <Synacast><2, 2, 33, 0>
[C:\PROGRA~1\COMMON~1\Synacast\SynaLive\SYNACA~1.OCX] <><1, 0, 0, 0>
[C:\PROGRA~1\COMMON~1\Synacast\SynaLive\FWUpnp.dll] <N/A><N/A>
[C:\WINDOWS\System32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[C:\KAV2005\KAScript.DLL] <Kingsoft Corporation><2006, 2, 10, 60>
[C:\KAV2005\KAEPlat.DLL] <Kingsoft Corp.><2005, 12, 29, 56>
[C:\KAV2005\KAEMem.DAT] <Kingsoft><2006, 4, 12, 13>
[C:\KAV2005\KAEUnpack.DAT] <Kingsoft Corp.><2006, 3, 21, 17>
[C:\PROGRA~1\COMMON~1\Synacast\SynaLive\PP\kom.dll] <Synacast Corp.><1, 1, 0, 8>
[C:\PROGRA~1\COMMON~1\Synacast\SynaLive\PP\EROC.DLL] <Synacast Corp.><1, 1, 9, 4>
[C:\PROGRA~1\COMMON~1\Synacast\SynaLive\PP\TEN.DLL] <Synacast><1, 1, 0, 8>
[C:\PROGRA~1\COMMON~1\Synacast\SynaLive\PP\GAL.DLL] <Synacast><1, 1, 0, 8>
[C:\PROGRA~1\COMMON~1\Synacast\SynaLive\PP\MIR.DLL] <N/A><N/A>
[C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx] <Macromedia, Inc.><8,0,24,0>
[C:\Program Files\PowerInfo\DreamPlayer\DreamWMFin.dll] <PowerInfo><4, 0, 0, 0>
[C:\WINDOWS\System32\DreamNetworks.dll] <PowerInfo><4, 0, 0, 0>
[C:\WINDOWS\System32\DreamPublic.dll] <PowerInfo><4, 0, 0, 0>
[C:\WINDOWS\System32\DreamOptions.dll] <PowerInfo><4, 0, 0, 0>
[C:\WINDOWS\System32\msdmo.dll] <N/A><N/A>
[C:\WINDOWS\System32\ffdshow.ax] <N/A><1.0.2.24>
[C:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll] <Gabest><1, 0, 0, 9>
[PID: 2684][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
[C:\KAV2005\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\WINDOWS\System32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[C:\WINDOWS\System32\KakaTool.dll] <Beijing Rising Technology Co., Ltd.><2, 0, 0, 8>
[C:\WINDOWS\System32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[C:\KAV2005\KAScript.DLL] <Kingsoft Corporation><2006, 2, 10, 60>
[C:\KAV2005\KAEPlat.DLL] <Kingsoft Corp.><2005, 12, 29, 56>
[C:\KAV2005\KAEMem.DAT] <Kingsoft><2006, 4, 12, 13>
[C:\KAV2005\KAEUnpack.DAT] <Kingsoft Corp.><2006, 3, 21, 17>
[C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx] <Macromedia, Inc.><8,0,24,0>
[C:\WINDOWS\System32\PYJJ4.IME] <加加工作组><4.0.0.21>
[PID: 3208][E:\game\sreng2\SREng.exe] <Smallfrogs Studio><2.0.12.350>
[C:\KAV2005\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\WINDOWS\System32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>

==================================
文件关联
.TXT Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. [C:\WINDOWS\hh.exe %1]
.HLP Error. [C:\WINDOWS\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS Error. [wscript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

我无邪 - 2006-6-7 13:49:00

运行System Repair Engineer，使用“系统修复，文件关联，勾选“全选”点“修复”使所有扩展名都恢复正常。
双击我的电脑--工具---文件夹选项--查看--单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”

Windows Print Controller / Universal Disk Manager]
<C:\Program Files\Common Files\COMM\qqfaceclient.exe><COMENET TECHNOLOGY>这一项是多多表情，建议卸载
运行System Repair Engineer，点“启动项目，服务，勾选“隐藏微软服务”选中病毒服务Microsoft Update Service ，Windows Print Controller，.Net Boot Service 选择“删除所选服务”“否”最后重启。（每一个逗号隔开的就是一个病毒的服务，请逐一删除
重启

ALT+CTRL+DELETE调出任务管理器,终止所有RUNDLL32.EXE 的进程
运行System Repair Engineer，使用“启动项目，注册表”来删除以下选项。
（如果在注册表里无法识别那一下，可以选中一项后，点“编辑”这样会有很明细的路径）
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<CNETHELPER><rundll32.exe C:\PROGRA~1\COMMON~1\system\msdc32.dll,_S1>
删除
C:\Program Files\Common Files\COMM
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL
C:\WINDOWS\System32\big5_gb2312.exe
C:\PROGRA~1\COMMON~1\system\msdc32.dll

zq77 - 2006-6-7 13:50:00

C:\PROGRA~1\COMMON~1\system\msdc32.dll
删除
C:\WINDOWS\System32\big5_gb2312.exe
进入注册表查找删除big5_gb2312.exe
重起删除C:\WINDOWS\System32\big5_gb2312.exe
C:\WINDOWS\System32\HOOKLFp.dll
删除

另外
C:\Program Files\Common Files\COMM\qqfaceclient.exe
QQ表情有后门程序的嫌疑建议直接删除qqfaceclient.exe

我无邪 - 2006-6-7 13:52:00

C:\WINDOWS\System32\w2pxdrv.dll
关于这一项，有些麻烦
请到http://forum.ikaka.com/topic.asp?board=67&artid=5188931，下载，LSPFix.exe，WinsockXPFix这两个软件。
运行LSPFix.exe
删除
w2pxdrv.dll
附说明一份
LSPFix.exe这个软件主要用来辅助修复HijackThis扫描发现的O10项。
使用时，请关闭所有IE界面和文件夹界面后运行LSPFix，运行后，把要修复的那一个O10项从左边转到右边，点“Finish”即可。（不过这之前，需要在“I know what I`m doing”前面打勾。）
删除C:\WINDOWS\System32\w2pxdrv.dll
修复后，如果无法上网，请运行WinsockXPFix，让它修复一下。

飞侠119 - 2006-6-7 13:53:00

娘来，这么多毛病，我一个一个弄。

飞侠119 - 2006-6-7 14:21:00

C:\WINDOWS\System32\big5_gb2312.exe
C:\PROGRA~1\COMMON~1\system\msdc32.dll
这两项找不到，没有文件。

飞侠119 - 2006-6-7 14:25:00

???????????各位老大的留贴我怎么找不到了？

我无邪 - 2006-6-7 14:27:00

我无邪 - 2006-6-7 14:29:00

请重启后，再扫份 System Repair Engineer的报告粘上来。

飞侠119 - 2006-6-7 14:38:00

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<pyjj><C:\Program Files\jj4\jjsvr4.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<KavPFW><"C:\KAV2005\KPFW32.EXE">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Super Rabbit SRRestore><C:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<CNETHELPER><rundll32.exe C:\PROGRA~1\COMMON~1\system\msdc32.dll,_S1>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>

==================================
启动文件夹
[microsoft office]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\microsoft office.lnk><N>
[Active Messenger]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\Active Messenger.lnk><N>
[快捷方式到 KAV32]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\快捷方式到 KAV32.lnk><N>

==================================
服务
[pcAnywhere Host Service / awhost32]
<C:\Program Files\Symantec\pcAnywhere\awhost32.exe><Symantec Corporation>
[C-DillaCdaC11BA / C-DillaCdaC11BA]
<C:\WINDOWS\System32\drivers\CDAC11BA.EXE><Macrovision>
[User Authentication Manager / DpHost]
<C:\Program Files\DigitalPersona\UareUPro\DpHost.exe><Digital Persona, Inc.>
[Kingsoft Personal Firewall Service / KPfwSvc]
<"C:\KAV2005\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc]
<C:\KAV2005\KWatch.EXE><Kingsoft Corporation>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd]
<"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[ServiceLayer / ServiceLayer]
<"C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"><Nokia.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>

==================================
浏览器加载项
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\getAllurl.htm, N/A>

飞侠119 - 2006-6-7 14:39:00

正在运行的进程
[PID: 468][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 524][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 548][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 592][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 604][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[C:\WINDOWS\system32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[PID: 784][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\WINDOWS\system32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[PID: 832][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\WINDOWS\System32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[PID: 928][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\WINDOWS\System32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[PID: 972][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\WINDOWS\System32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[PID: 1064][C:\KAV2005\KWatch.EXE] <Kingsoft Corporation><2005, 9, 27, 51>
[C:\KAV2005\KAVIPC2.DLL] <Kingsoft Corporation><2004, 12, 28, 20>
[C:\KAV2005\KAEPlat.DLL] <Kingsoft Corp.><2005, 12, 29, 56>
[C:\KAV2005\KAEMem.DAT] <Kingsoft><2006, 4, 12, 13>
[C:\KAV2005\KAEUnpack.DAT] <Kingsoft Corp.><2006, 3, 21, 17>
[PID: 1120][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.1699 (xpsp2.050610-1533)>
[C:\WINDOWS\System32\AdobePDF.dll] <Adobe Systems Incorporated.><7.0.0.00>
[C:\Program Files\Adobe\Acrobat 7.0\Distillr\AdistRes.CHS] <N/A><N/A>
[C:\WINDOWS\system32\awmon.dll] <Symantec Corporation><9.2.1>
[PID: 1392][C:\WINDOWS\System32\drivers\CDAC11BA.EXE] <Macrovision><4.20.020>
[PID: 1416][C:\Program Files\DigitalPersona\UareUPro\DpHost.exe] <Digital Persona, Inc.><1.1.0.0>
[C:\Program Files\DigitalPersona\UareUPro\DPPS.dll] <Digital Persona, Inc.><1.1.0.0>
[C:\Program Files\DigitalPersona\UareUPro\DpCmpMgt.dll] <Digital Persona, Inc.><1.1.0.0>
[C:\Program Files\DigitalPersona\UareUPro\DpDtObjs.dll] <Digital Persona, Inc.><1.1.0.0>
[C:\Program Files\DigitalPersona\UareUPro\DPDevAgt.dll] <Digital Persona, Inc.><1.1.0.0>
[C:\WINDOWS\System32\dpDevCtl.dll] <DigitalPersona, Inc.><2.1.1.499>
[PID: 1480][C:\WINDOWS\System32\inetsrv\inetinfo.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\WINDOWS\System32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[PID: 1500][C:\KAV2005\KPfwSvc.EXE] <Kingsoft Corporation><2005, 9, 5, 28>
[PID: 1524][C:\WINDOWS\System32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.5672>
[PID: 1592][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] <Analog Devices, Inc.><3, 2, 6, 0>
[PID: 1744][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
[C:\WINDOWS\System32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.0.0.86>
[C:\PROGRA~1\COMMON~1\system\msdc32.dll] <C1NETHELPER><1, 0, 0, 1>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS] <Adobe Systems, Inc.><7.0.0.0>
[C:\WINDOWS\System32\nvcpl.dll] <NVIDIA Corporation><6.14.10.5672>
[C:\WINDOWS\System32\nvshell.dll] <NVIDIA Corporation><6.14.10.5672>
[C:\WINDOWS\System32\NVWRSZHC.DLL] <NVIDIA Corporation><6.14.10.5672>
[PID: 1884][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 1908][C:\Program Files\MSN Messenger\msnmsgr.exe] <Microsoft Corporation><7.5.0324>
[C:\WINDOWS\System32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[C:\WINDOWS\System32\msdmo.dll] <N/A><N/A>
[C:\KAV2005\KAScript.DLL] <Kingsoft Corporation><2006, 2, 10, 60>
[C:\KAV2005\KAEPlat.DLL] <Kingsoft Corp.><2005, 12, 29, 56>
[C:\KAV2005\KAEMem.DAT] <Kingsoft><2006, 4, 12, 13>
[C:\KAV2005\KAEUnpack.DAT] <Kingsoft Corp.><2006, 3, 21, 17>
[PID: 1916][C:\Program Files\jj4\jjsvr4.exe] <加加开发组><4.0.0.20>
[PID: 1932][C:\KAV2005\KPFW32.EXE] <Kingsoft Corporation><2006, 1, 17, 609>
[C:\KAV2005\KAVIPC2.DLL] <Kingsoft Corporation><2004, 12, 28, 20>
[C:\KAV2005\KAConfig.DLL] <Kingsoft Corporation><2005, 3, 23, 30>
[C:\KAV2005\FiltList.dll] <N/A><N/A>
[C:\KAV2005\KAVPassp.DLL] <Kingsoft Corporation><2006, 5, 26, 246>
[C:\WINDOWS\System32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[C:\KAV2005\KAEPlat.DLL] <Kingsoft Corp.><2005, 12, 29, 56>
[C:\KAV2005\KAEMem.DAT] <Kingsoft><2006, 4, 12, 13>
[C:\KAV2005\KAEUnpack.DAT] <Kingsoft Corp.><2006, 3, 21, 17>
[C:\WINDOWS\System32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[C:\KAV2005\KAScript.DLL] <Kingsoft Corporation><2006, 2, 10, 60>
[PID: 2000][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>

飞侠119 - 2006-6-7 14:40:00

[C:\WINDOWS\System32\hpwx3770.dll] <Hewlett-Packard><3.2.2.674>
[C:\WINDOWS\System32\hpgt3770.dll] <Hewlett-Packard><1.0.2.682>
[PID: 2036][C:\WINDOWS\System32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[PID: 264][C:\Program Files\Activesoft\Active Messenger\Msger.exe] <Activesoft><3, 0, 6, 1>
[C:\WINDOWS\System32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>
[PID: 2836][E:\game\sreng2\SREng.exe] <Smallfrogs Studio><2.0.12.350>
[C:\WINDOWS\System32\w2pxdrv.dll] <Proxy Labs><2, 0, 1, 1>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
PROXYCAP MSAFD Tcpip [TCP/IP]
w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP MSAFD Tcpip [UDP/IP]
w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP MSAFD Tcpip [RAW/IP]
w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP RSVP UDP Service Provider
w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP RSVP TCP Service Provider
w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP LSP
w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)

==================================

瑞星卡卡安全论坛