【求助】跪求！！高手帮帮我呀 bbs.ikaka.com

yinzhibao - 2006-7-15 10:48:00

我的电脑里有一个文件_desktop.ini,在每一个文件夹里都有,删不掉,删了就又有了,机器的速度特别慢,简直快没法用了,用各种杀毒软件都查不出来,不知道是怎么回事,我该怎么办,求高手帮忙!!我用过"维金"专杀,不管用.
昨天又中了一个QQ病毒,一打开聊天窗口就自动发送消息,内容如下:

帮我妹妹投个票啦!她竞选QQ小姐,她最近扫描到QQ空间上的照片,谢谢啦……

http://WWW.QQ.C0M.%33%39%73%6D%73%2E%6F%72%67/QQzone/Cgi-bin\Cgi_client_entry.Cgiuin=1088903

求求帮忙了

闪电风暴 - 2006-7-15 11:15:00

这个不是QZONE,那些unicode码其实是一些字符

闪电风暴 - 2006-7-15 11:15:00

请用HijackThis扫描日志上来

我无邪 - 2006-7-15 11:23:00

请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

yinzhibao - 2006-7-15 11:25:00

怎么做呀,我不知道,告诉我好吗?

我无邪 - 2006-7-15 11:51:00

就按上面的做，很简单啊
你很可能是中了病毒了
建议你到瑞星主页上下载欢乐时光病毒专杀。
你试试看能否杀到病毒
请快上传日志粘上来。

yinzhibao - 2006-7-15 12:02:00

2006-07-15,11:40:48

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<bgswitch><C:\WINDOWS\system32\bgswitch.exe> []
<恢复BOOT菜单><c:\windows\BOOT-hf.exe> []
<KavPFW><"C:\KAV2006\KAVPFW.exe"> [Kingsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><C:\windows\rundl132.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<SysExplr><C:\HEROSOFT\Hero3000\SYSEXPLR.EXE> []
<shoket><C:\WINDOWS\system32\SHELLEXT\svchs0t.exe> []
<_rx><C:\WINDOWS\rundll32.exe> []
<ms><C:\Program Files\Microsoft\svhost32.exe> []
<KavStart><"C:\KAV2006\KAVStart.exe" -startup> [Kingsoft Corporation]
<stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe> [Tencent]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\windows\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{BA8C2B95-A7E9-464B-A0A5-FFE9B8A1C030}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\xiaran.dat> []
<{C9953583-932E-4EA1-A04B-4523AAB72C30}><C:\Program Files\Internet Explorer\PLUGINS\system.sys> []
<{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys> []
<{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat> []

==================================
启动文件夹
服务
[Kingsoft Personal Firewall Service / KPfwSvc]
<"C:\KAV2006\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc]
<C:\KAV2006\KWatch.EXE><Kingsoft Corporation>
[User Profile Hive Cleanup / UPHClean]
<C:\Program Files\UPHClean\uphclean.exe><Microsoft Corporation>

==================================
浏览器加载项
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[解霸]
{367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\HEROSOFT\Hero3000\MPLAYER.EXE, N/A>
[微软]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.microsoft.com/china/index.htm, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <d:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[HHCtrl Object]
{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&Google Search]
<res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
[&Translate English Word]
<res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html, N/A>
[Backward Links]
<res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html, N/A>
[Cached Snapshot of Page]
<res://c:\program files\google\GoogleToolbar2.dll/cmcache.html, N/A>
[Similar Pages]
<res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html, N/A>
[Translate Page into English]
<res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html, N/A>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>

yinzhibao - 2006-7-15 12:04:00

[使用影音传送带下载]
<C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
<C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[解霸实时播放]
<C:\HEROSOFT\Hero3000\MPURLGET.HTM, N/A>

==================================
正在运行的进程
[PID: 300][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 356][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 380][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 424][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 436][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 584][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 632][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 680][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 744][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 800][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 984][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Internet Explorer\PLUGINS\system.sys] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\Program Files\TENCENT\Adplus\Adplus.dll] <Tencent><4, 1, 5, 51>
[C:\KAV2006\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\KAV2006\KMailOEBand.dll] <N/A><2006, 5, 19, 118>
[C:\Program Files\TENCENT\Adplus\SSAddr.dll] <Tencent><4, 1, 5, 51>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\KAV2006\KAVEXT.DLL] <Kingsoft Corporation><2005, 8, 5, 16>
[PID: 1008][C:\KAV2006\KWatch.EXE] <Kingsoft Corporation><2005, 9, 27, 51>
[C:\KAV2006\KAVIPC2.DLL] <Kingsoft Corporation><2004, 12, 28, 20>
[C:\KAV2006\KAEPlat.DLL] <Kingsoft Corp.><2005, 12, 29, 56>
[C:\KAV2006\KAEMem.DAT] <Kingsoft><2006, 4, 12, 13>
[C:\KAV2006\KAEUnpack.DAT] <Kingsoft Corp.><2006, 6, 15, 44>
[PID: 1068][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1400][C:\KAV2006\KPfwSvc.EXE] <Kingsoft Corporation><2005, 9, 5, 28>
[PID: 1452][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1512][C:\Program Files\UPHClean\uphclean.exe] <Microsoft Corporation><1.5.5.21>
[PID: 2040][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 116][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3275>
[C:\Program Files\Internet Explorer\PLUGINS\system.sys] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[PID: 164][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.34>
[C:\Program Files\Internet Explorer\PLUGINS\system.sys] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[PID: 180][C:\HEROSOFT\Hero3000\SYSEXPLR.EXE] <N/A><N/A>
[C:\HEROSOFT\Hero3000\AVCDROM.dll] <N/A><N/A>
[C:\HEROSOFT\Hero3000\CoolMenu.dll] <N/A><N/A>
[C:\Program Files\Internet Explorer\PLUGINS\system.sys] <N/A><N/A>
[C:\HEROSOFT\Hero3000\Sys936.DLL] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[C:\KAV2006\KMailOEBand.dll] <N/A><2006, 5, 19, 118>
[C:\Program Files\TENCENT\Adplus\Adplus.dll] <Tencent><4, 1, 5, 51>
[C:\KAV2006\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 188][C:\windows\system32\SHELLEXT\svchs0t.exe] <N/A><N/A>
[C:\Program Files\Internet Explorer\PLUGINS\system.sys] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\Program Files\TENCENT\Adplus\Adplus.dll] <Tencent><4, 1, 5, 51>
[C:\KAV2006\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\KAV2006\KMailOEBand.dll] <N/A><2006, 5, 19, 118>
[PID: 200][C:\WINDOWS\rundll32.exe] <N/A><N/A>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\Program Files\Internet Explorer\PLUGINS\system.sys] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[PID: 172][C:\Program Files\Microsoft\svhost32.exe] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\Program Files\Internet Explorer\PLUGINS\system.sys] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[PID: 348][C:\KAV2006\KAVStart.exe] <Kingsoft Corporation><2006, 4, 10, 196>
[C:\Program Files\Internet Explorer\PLUGINS\system.sys] <N/A><N/A>
[C:\KAV2006\KAVIPC2.DLL] <Kingsoft Corporation><2004, 12, 28, 20>
[C:\KAV2006\PopSprt3.dll] <Kingsoft Corporation><2005, 12, 6, 30>
[C:\KAV2006\KAVPassp.dll] <Kingsoft Corporation><2006, 6, 7, 252>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>

yinzhibao - 2006-7-15 12:05:00

[C:\KAV2006\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\Program Files\TENCENT\Adplus\Adplus.dll] <Tencent><4, 1, 5, 51>
[C:\KAV2006\KMailOEBand.dll] <N/A><2006, 5, 19, 118>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[PID: 704][C:\windows\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\TENCENT\Adplus\Adplus.dll] <Tencent><4, 1, 5, 51>
[C:\Program Files\Internet Explorer\PLUGINS\system.sys] <N/A><N/A>
[C:\KAV2006\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\KAV2006\KMailOEBand.dll] <N/A><2006, 5, 19, 118>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[PID: 1288][C:\KAV2006\KMailMon.EXE] <Kingsoft Corporation><2006, 4, 12, 106>
[C:\KAV2006\KAntiSpm.dll] <N/A><1, 0, 0, 2>
[C:\KAV2006\KAVIPC2.DLL] <Kingsoft Corporation><2004, 12, 28, 20>
[C:\Program Files\TENCENT\Adplus\Adplus.dll] <Tencent><4, 1, 5, 51>
[C:\Program Files\Internet Explorer\PLUGINS\system.sys] <N/A><N/A>
[C:\KAV2006\KAECall2.DLL] <Kingsoft Corporation><2004, 12, 28, 7>
[C:\KAV2006\KAEPlat.DLL] <Kingsoft Corp.><2005, 12, 29, 56>
[C:\KAV2006\KAEMem.DAT] <Kingsoft><2006, 4, 12, 13>
[C:\KAV2006\KAEUnpack.DAT] <Kingsoft Corp.><2006, 6, 15, 44>
[C:\KAV2006\KAConfig.DLL] <Kingsoft Corporation><2005, 3, 23, 30>
[C:\KAV2006\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\KAV2006\KMailOEBand.dll] <N/A><2006, 5, 19, 118>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[PID: 1376][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 1832][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[C:\KAV2006\KMailOEBand.dll] <N/A><2006, 5, 19, 118>
[C:\Program Files\TENCENT\Adplus\Adplus.dll] <Tencent><4, 1, 5, 51>
[C:\KAV2006\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\Program Files\Internet Explorer\PLUGINS\system.sys] <N/A><N/A>
[PID: 2096][C:\KAV2006\KAV32.EXE] <Kingsoft Corporation><2006, 6, 8, 2036>
[C:\KAV2006\KMailOEBand.dll] <N/A><2006, 5, 19, 118>
[C:\Program Files\TENCENT\Adplus\Adplus.dll] <Tencent><4, 1, 5, 51>
[C:\KAV2006\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\Program Files\Internet Explorer\PLUGINS\system.sys] <N/A><N/A>
[C:\KAV2006\KAV32Res.dll] <Kingsoft Corporation><2006, 6, 6, 46>
[C:\KAV2006\KAEPlat.DLL] <Kingsoft Corp.><2005, 12, 29, 56>
[C:\KAV2006\KAEMem.DAT] <Kingsoft><2006, 4, 12, 13>
[C:\KAV2006\KAEUnpack.DAT] <Kingsoft Corp.><2006, 6, 15, 44>
[C:\KAV2006\KAConfig.DLL] <Kingsoft Corporation><2005, 3, 23, 30>
[C:\KAV2006\KAVIPC2.DLL] <Kingsoft Corporation><2004, 12, 28, 20>
[C:\KAV2006\KAVPassp.DLL] <Kingsoft Corporation><2006, 6, 7, 252>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[C:\KAV2006\DBAgent.DLL] <Kingsoft Corporation><2005, 10, 27, 9>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\KAV2006\KWindUp.DLL] <Kingsoft Corp.><2005, 7, 7, 7>
[C:\KAV2006\KAScript.DLL] <Kingsoft Corporation><2006, 2, 10, 60>
[PID: 2340][C:\DOCUME~1\new\LOCALS~1\Temp\Rar$EX19.672\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\KAV2006\KMailOEBand.dll] <N/A><2006, 5, 19, 118>
[C:\Program Files\TENCENT\Adplus\Adplus.dll] <Tencent><4, 1, 5, 51>
[C:\KAV2006\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\Program Files\Internet Explorer\PLUGINS\system.sys] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP Error. [winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS Error. [超级解霸3000]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

我无邪 - 2006-7-15 12:49:00

运行(双击)System Repair Engineer，使用“系统修复，文件关联，勾选“全选”点“修复”使所有扩展名都恢复正常。
请到www.27814939.ys168.com,点“我的软件”下载诺顿进程管理器，终止所有RUNDLL32.EXE 的进程
运行(双击)System Repair Engineer，使用“启动项目，注册表”来删除以下选项。
C:\windows\rundl132.exe
C:\WINDOWS\rundll32.exe

到www.27814939.ys168.com,点“我的软件”下载KillBox.exe

重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
双击打开KillBox.exe，分别删除
C:\Program Files\Common Files\Microsoft Shared\MSINFO\xiaran.dat
C:\Program Files\Internet Explorer\PLUGINS\system.sys
C:\Program Files\Internet Explorer\IEXPLORE.Sys
C:\Program Files\Internet Explorer\IEXPLORE.Dat
（删除时勾选“删除前先结束Explorer.EXE进程”
运行(双击)System Repair Engineer，使用“启动项目，注册表”来删除以下选项。
C:\WINDOWS\system32\SHELLEXT\svchs0t.exe
C:\Program Files\Microsoft\svhost32.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\xiaran.dat
C:\Program Files\Internet Explorer\PLUGINS\system.sys
C:\Program Files\Internet Explorer\IEXPLORE.Sys
C:\Program Files\Internet Explorer\IEXPLORE.Dat
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
删除
C:\WINDOWS\system32\SHELLEXT\svchs0t.exe
C:\WINDOWS\rundll32.exe
C:\Program Files\Microsoft\svhost32.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\xiaran.dat
C:\Program Files\Internet Explorer\PLUGINS\system.sys
C:\Program Files\Internet Explorer\IEXPLORE.Sys
C:\Program Files\Internet Explorer\IEXPLORE.Dat
C:\WINDOWS\system32\dllz.dll
完成回到正常模式，请再扫份日志粘上来。

一起爱网 - 2006-7-15 21:35:00

这样能清嘛？
我要受不了，我这是网吧的计费服务器这样会影响网吧的

我无邪 - 2006-7-15 21:57:00

这样的病毒我见了好多次，都是以这种方法解决的，我认为没有问题。
你是网吧的，我建议你用GHOST备份一个镜像后，再按我说的去做
另外，如果你早就有GHOST的备份，我建议你直接还原。

瑞星卡卡安全论坛