求帮忙(截止7月18日下午3点,问题仍然没解决,求大家帮忙) bbs.ikaka.com

huaxue05 - 2006-7-16 21:17:00

Logfile of HijackThis v1.99.1
Scan saved at 21:07:05, on 2006-7-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Symantec Client Firewall\NISUM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Symantec Client Firewall\SymPxSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Symantec Client Firewall\NISSERV.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\SYMANT~1\IAMAPP.EXE
C:\WINDOWS\system\vfp104.exe
C:\Program Files\ChinaNet\VnetClient.exe
D:\mcombocn\Maxthon\Maxthon.exe
D:\Symantec Client Firewall\ATRACK.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
D:\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R3 - URLSearchHook: 全能助手广告拦截专家 - {ED51E9A3-16C5-4236-99E0-9F093B021433} - D:\WINDOW~1\AssistIEBar.dll
R3 - URLSearchHook: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\fjjedc.exe
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - (no file)
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4675.dll
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\QQ\QQIEHelper.dll
O2 - BHO: IEHlprObj Class - {999ADFA2-8AD1-47ff-97FC-69FB847458F4} - C:\Progra~1\NetMeeting\nmview.dll
O2 - BHO: NewWeb Controller - {9ACEEE30-143F-471A-AA45-72B061FE7D60} - C:\WINDOWS\system32\WinSC.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: shdocvwhlp Class - {BE442802-3911-46E0-B227-076B15A4EAD3} - C:\WINDOWS\system32\shdocvw2.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\NetTransport\NTIEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: 全能助手广告拦截专家 - {ED51E9A3-16C5-4236-99E0-9F093B021433} - D:\WINDOW~1\AssistIEBar.dll
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iamapp] D:\SYMANT~1\IAMAPP.EXE
O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - HKLM\..\Run: [MSService_v1.0] C:\WINDOWS\system\vfp104.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用影音传送带下载 - D:\NetTransport\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - D:\NetTransport\NTAddList.html
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\qq\SendMMS.htm
O9 - Extra button: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\QQ\QQIEHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094285144061
O16 - DPF: {9BBD100C-E820-4930-9937-E8F3AA40E584} (DFVSScanFile Control) - http://antivirus3.sunv.com/dfvsolDown/dfvsol.cab
O16 - DPF: {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} (Kingsoft DUBA OnlineScan) - http://211.152.52.102/duba/antiscan/update/OCX/KAVClean.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{0728C570-A8DF-4FEC-B273-364ADB4FDEE6}: NameServer = 210.34.240.100,202.101.107.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{88E7A528-48DB-4E86-902F-20808E774B3E}: NameServer = 61.147.37.1 61.177.7.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0728C570-A8DF-4FEC-B273-364ADB4FDEE6}: NameServer = 210.34.240.100,202.101.107.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{0728C570-A8DF-4FEC-B273-364ADB4FDEE6}: NameServer = 210.34.240.100,202.101.107.55
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - D:\Symantec Client Firewall\NISSERV.EXE
O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - D:\Symantec Client Firewall\NISUM.EXE
O23 - Service: dds (sdasdsd) - Unknown owner - C:\WINDOWS\system32\com\com
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - D:\Symantec Client Firewall\SymPxSvc.exe

魔法学徒 - 2006-7-16 21:36:00

开始→控制面板→性能和维护→管理工具→服务→查找dds (sdasdsd)→右击→属性→启动类型→禁止→应用→停止→确定。

修复

R3 - URLSearchHook: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\fjjedc.exe
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - (no file)
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4675.dll
O2 - BHO: IEHlprObj Class - {999ADFA2-8AD1-47ff-97FC-69FB847458F4} - C:\Progra~1\NetMeeting\nmview.dll
O2 - BHO: NewWeb Controller - {9ACEEE30-143F-471A-AA45-72B061FE7D60} - C:\WINDOWS\system32\WinSC.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: shdocvwhlp Class - {BE442802-3911-46E0-B227-076B15A4EAD3} - C:\WINDOWS\system32\shdocvw2.dll
O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - HKLM\..\Run: [MSService_v1.0] C:\WINDOWS\system\vfp104.exe

重启后删除

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\fjjedc.exe
C:\WINDOWS\system32\wmpdrm.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4675.dll
C:\Progra~1\NetMeeting\nmview.dll
C:\WINDOWS\system32\WinSC.dll
C:\WINDOWS\system32\shdocvw2.dll
C:\WINDOWS\system32\spoolsv\
C:\WINDOWS\system\vfp104.exe
C:\WINDOWS\system32\com\com
C:\WINDOWS\system32\bakcfs\
C:\WINDOWS\system32\msicn\

天使之剑 - 2006-7-16 21:38:00

【回复“huaxue05”的帖子】

请楼主使用下面的两个多引擎扫描器扫描下列文件：
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\fjjedc.exe
C:\WINDOWS\system32\WinSC.dll
C:\WINDOWS\system32\shdocvw2.dll
C:\WINDOWS\system\vfp104.exe
C:\WINDOWS\system32\com\com
多引擎扫描之Virustotal

http://www.virustotal.com/
多引擎扫描之Jotti

http://virusscan.jotti.org/

请务必将报告贴全。
使用方法请参考：
【推荐】多引擎扫描器的使用方法

http://forum.ikaka.com/topic.asp?board=67&artid=7957175
如果还有问题，请跟帖说明。

huaxue05 - 2006-7-16 21:48:00

请教楼上
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\fjjedc.exe有时候存在有时不存在
因为卡巴一发现就说他是病毒,,但是按删除后虽说显示无法删除,但是文件夹里是看不见了

天使之剑 - 2006-7-16 21:51:00

引用:

【huaxue05的贴子】请教楼上
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\fjjedc.exe有时候存在有时不存在
因为卡巴一发现就说他是病毒,,但是按删除后虽说显示无法删除,但是文件夹里是看不见了
...........................

请将“C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\fjjedc.exe”（不包括引号）复制并粘贴到上述两个多引擎扫描器的文本输入框中并进行扫描。如果要查看它，请确认已经显示隐藏文件和系统文件。

我无邪 - 2006-7-16 21:52:00

这一项用常规没法解决问题
看以下的帖子
http://forum.ikaka.com/topic.asp?board=28&artid=8122808

你按楼上的修复后，最后再修复这个
修复后完后，重启。
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

huaxue05 - 2006-7-16 22:12:00

File: shdocvw2.dll
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 e68ef9762f40985df547f83448442d7f
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found Adware.Baidu
F-Prot Antivirus Found nothing
Fortinet Found Proxy.H!tr
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
-------------------------------------------
File: vfp104.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 4c21e328c2d2bfc87f22151aa91fe753
Packers detected: -
Scanner results
AntiVir Found Trojan/Dldr.BCB
ArcaVir Found Adware.Newweb.G
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Downloader.BCB
ClamAV Found nothing
Dr.Web Found Trojan.DownLoader.9889
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.NewWeb.g
NOD32 Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control Found W32/Newweb.L
UNA Found nothing
VirusBuster Found nothing
VBA32 Found Trojan.DownLoader.9889
-------------------------------------------------
com文件被认为是空文件
-------------------------------
File: WinSC.dll
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 e94a96327684f4c34037f524332796ee
Packers detected: UPX
Scanner results
AntiVir Found Trojan/Multidro.FG.32.E
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Generic.NWA
BitDefender Found nothing
ClamAV Found Trojan.Spy.DeskAd-2
Dr.Web Found Adware.Newweb
F-Prot Antivirus Found nothing
Fortinet Found Adware/NewWeb
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.NewWeb.c
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing

huaxue05 - 2006-7-16 22:12:00

STATUS: FINISHEDComplete scanning result of "shdocvw2.dll", received in VirusTotal at 07.16.2006, 15:52:11 (CET).

Antivirus Version Update Result
AntiVir 6.35.0.21 07.15.2006 no virus found
Authentium 4.93.8 07.14.2006 no virus found
Avast 4.7.844.0 07.14.2006 no virus found
AVG 386 07.14.2006 no virus found
BitDefender 7.2 07.16.2006 no virus found
CAT-QuickHeal 8.00 07.13.2006 no virus found
ClamAV devel-20060426 07.15.2006 no virus found
DrWeb 4.33 07.16.2006 Adware.Baidu
eTrust-InoculateIT 23.72.69 07.14.2006 no virus found
eTrust-Vet 12.6.2297 07.14.2006 no virus found
Ewido 4.0 07.16.2006 Adware.Baidu
Fortinet 2.77.0.0 07.16.2006 Proxy.H!tr
F-Prot 3.16f 07.14.2006 no virus found
F-Prot4 4.2.1.29 07.14.2006 no virus found
Ikarus 0.2.65.0 07.14.2006 no virus found
Kaspersky 4.0.2.24 07.16.2006 no virus found
McAfee 4807 07.14.2006 Generic Proxy.h
Microsoft 1.1508 07.16.2006 no virus found
NOD32v2 1.1663 07.16.2006 no virus found
Norman 5.90.23 07.14.2006 no virus found
Panda 9.0.0.4 07.16.2006 no virus found
Sophos 4.07.0 07.16.2006 no virus found
Symantec 8.0 07.16.2006 no virus found
TheHacker 5.9.8.176 07.15.2006 no virus found
UNA 1.83 07.14.2006 no virus found
VBA32 3.11.0 07.15.2006 no virus found
VirusBuster 4.3.7:9 07.15.2006 no virus found
-----------------------------------------
STATUS: FINISHEDComplete scanning result of "vfp104.exe", received in VirusTotal at 07.16.2006, 15:53:57 (CET).

Antivirus Version Update Result
AntiVir 6.35.0.21 07.15.2006 TR/Dldr.BCB
Authentium 4.93.8 07.14.2006 no virus found
Avast 4.7.844.0 07.14.2006 no virus found
AVG 386 07.14.2006 no virus found
BitDefender 7.2 07.16.2006 Trojan.Downloader.BCB
CAT-QuickHeal 8.00 07.13.2006 no virus found
ClamAV devel-20060426 07.15.2006 no virus found
DrWeb 4.33 07.16.2006 Trojan.DownLoader.9889
eTrust-InoculateIT 23.72.69 07.14.2006 Win32/SillyDl.AOO!Trojan
eTrust-Vet 12.6.2297 07.14.2006 Win32/Mygulp.A
Ewido 4.0 07.16.2006 Downloader.Small
Fortinet 2.77.0.0 07.16.2006 no virus found
F-Prot 3.16f 07.14.2006 no virus found
F-Prot4 4.2.1.29 07.14.2006 no virus found
Ikarus 0.2.65.0 07.14.2006 no virus found
Kaspersky 4.0.2.24 07.16.2006 not-a-virus:AdWare.Win32.NewWeb.g
McAfee 4807 07.14.2006 no virus found
Microsoft 1.1508 07.16.2006 no virus found
NOD32v2 1.1663 07.16.2006 probably unknown NewHeur_PE virus
Norman 5.90.23 07.14.2006 W32/Newweb.L
Panda 9.0.0.4 07.16.2006 no virus found
Sophos 4.07.0 07.16.2006 no virus found
Symantec 8.0 07.16.2006 no virus found
TheHacker 5.9.8.176 07.15.2006 Adware/NewWeb.g
UNA 1.83 07.14.2006 no virus found
VBA32 3.11.0 07.15.2006 Trojan.DownLoader.9889
VirusBuster 4.3.7:9 07.15.2006 no virus found
-------------------------------------------------
STATUS: FINISHEDComplete scanning result of "com", received in VirusTotal at 07.16.2006, 15:56:22 (CET).

Antivirus Version Update Result
AntiVir n - no virus found
Authentium n - no virus found
Avast n - no virus found
AVG n - no virus found
BitDefender n - no virus found
CAT-QuickHeal n - no virus found
ClamAV n - no virus found
DrWeb n - no virus found
eTrust-InoculateIT n - no virus found
eTrust-Vet n - no virus found
Ewido n - no virus found
Fortinet n - no virus found
F-Prot n - no virus found
F-Prot4 n - no virus found
Ikarus n - no virus found
Kaspersky n - no virus found
McAfee n - no virus found
Microsoft n - no virus found
NOD32v2 n - no virus found
Norman n - no virus found
Panda n - no virus found
Sophos n - no virus found
Symantec n - no virus found
TheHacker n - no virus found
UNA n - no virus found
VBA32 n - no virus found
VirusBuster n - no virus found
--------------------------------------------
STATUS: FINISHEDComplete scanning result of "WinSC.dll", received in VirusTotal at 07.16.2006, 15:57:42 (CET).

Antivirus Version Update Result
AntiVir 6.35.0.21 07.15.2006 TR/Multidro.FG.32.E
Authentium 4.93.8 07.14.2006 no virus found
Avast 4.7.844.0 07.14.2006 no virus found
AVG 386 07.14.2006 Adware Generic.NWA
BitDefender 7.2 07.16.2006 Adware.NewWeb.D
CAT-QuickHeal 8.00 07.13.2006 AdWare.NewWeb.c (Not a Virus)
ClamAV devel-20060426 07.15.2006 Trojan.Spy.DeskAd-2
DrWeb 4.33 07.16.2006 Adware.Newweb
eTrust-InoculateIT 23.72.70 07.16.2006 no virus found
eTrust-Vet 12.6.2297 07.14.2006 Win32/Malum.JOP
Ewido 4.0 07.16.2006 Adware.NewWeb
Fortinet 2.77.0.0 07.16.2006 Adware/NewWeb
F-Prot 3.16f 07.14.2006 no virus found
F-Prot4 4.2.1.29 07.14.2006 no virus found
Ikarus 0.2.65.0 07.14.2006 no virus found
Kaspersky 4.0.2.24 07.16.2006 not-a-virus:AdWare.Win32.NewWeb.c
McAfee 4807 07.14.2006 potentially unwanted program Adware-Newweb
Microsoft 1.1508 07.16.2006 no virus found
NOD32v2 1.1663 07.16.2006 Win32/Adware.NewWeb
Norman 5.90.23 07.14.2006 no virus found
Panda 9.0.0.4 07.16.2006 Adware/NewWeb
Sophos 4.07.0 07.16.2006 no virus found
Symantec 8.0 07.16.2006 no virus found
TheHacker 5.9.8.176 07.15.2006 no virus found
UNA 1.83 07.14.2006 Adware.NewWeb
VBA32 3.11.0 07.15.2006 no virus found
VirusBuster 4.3.7:9 07.15.2006 no virus found

天使之剑 - 2006-7-16 22:24:00

【回复“huaxue05”的帖子】
请按魔法版主和我无邪朋友的建议进行修复。

huaxue05 - 2006-7-16 22:44:00

回魔法学徒
C:\WINDOWS\system32\msicn\
还是删不了

huaxue05 - 2006-7-16 22:52:00

请我无邪老大看看
2006-07-16,22:41:03

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<Any To-Do List><; "D:\备忘小纸条\AnyToDo.exe"> [Any Utils]
<Kugoo><; > []
<STYLEXP><; C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide> []
<Super Rabbit IEPro><; > []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KAVPersonal50><C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize> [Kaspersky Lab]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> []
<iamapp><D:\SYMANT~1\IAMAPP.EXE> [Symantec Corporation]
<spoolsv><C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer> [广州傲讯信息科技有限公司]
<ATIPTA><; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
<DAEMON Tools><; "d:\DAEMON Tools\daemon.exe" -lang 1033> [DT Soft Ltd.]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<Mirabilis ICQ><; D:\ICQ\ICQNet.exe> []
<MSPY2002><; C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC> []
<NeroFilterCheck><; ; C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<PHIME2002A><; ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<PHIME2002ASync><; ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<snpstd3><; C:\WINDOWS\vsnpstd3.exe> [Sonix]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> []
<vcdplayx><; "C:\WINDOWS\vcdplayx.exe"> [Far Stone Technology Inc.]
<Zone Labs Client><; > []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\SYSTEM32\Userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><C:\Program Files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
<WinlogonNotify: AtiExtEvent><Ati2evxx.dll> [ATI Technologies Inc.]

==================================
启动文件夹
服务
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Bluetooth Service / btwdins]
<D:\Bluetooth Software\bin\btwdins.exe><Broadcom Corporation.>
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[kavsvc / kavsvc]
<C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe><Kaspersky Lab>
[Macromedia Licensing Service / Macromedia Licensing Service]
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[Symantec Client Firewall Service / NISSERV]
<"D:\Symantec Client Firewall\NISSERV.EXE"><Symantec Corporation>
[Symantec Client Firewall Accounts Manager / NISUM]
<"D:\Symantec Client Firewall\NISUM.EXE"><Symantec Corporation>
[dds / sdasdsd]
<C:\WINDOWS\system32\com\com><N/A>
[StyleXPService / StyleXPService]
<"C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"><>
[Symantec Client Firewall Proxy Service / SymPxSvc]
<"D:\Symantec Client Firewall\SymPxSvc.exe"><Symantec Corporation>

==================================
浏览器加载项
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, Allsum Info. Tech. Ltd.>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <D:\NetTransport\NTIEHelper.dll, Xi>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <d:\QQ\QQIEHelper.dll, N/A>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <, N/A>
[全能助手广告拦截专家]
{ED51E9A3-16C5-4236-99E0-9F093B021433} <D:\WINDOW~1\AssistIEBar.dll, 全能助手工作室>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[DFVSScanFile Control]
{9BBD100C-E820-4930-9937-E8F3AA40E584} <C:\WINDOWS\system32\dfvs\dfvsol\DFVSSFOL.ocx, >
[Kingsoft DUBA OnlineScan]
{C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} <C:\WINDOWS\System32\kingsoft\ONLINE~1\kavclean.ocx, kingsoft>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, Allsum Info. Tech. Ltd.>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <, N/A>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <D:\NetTransport\NTIEHelper.dll, Xi>
[]
{D24CF84E-46D7-4479-A4D8-D7E06E91FAC5} <C:\WINDOWS\system32\weatherdll.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[全能助手广告拦截专家]
{ED51E9A3-16C5-4236-99E0-9F093B021433} <D:\WINDOW~1\AssistIEBar.dll, 全能助手工作室>
[&Google Search]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html, N/A>
[上传到QQ网络硬盘]
<D:\qq\AddToNetDisk.htm, N/A>
[使用影音传送带下载]
<D:\NetTransport\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
<D:\NetTransport\NTAddList.html, N/A>
[使用网际快车下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<D:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\qq\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 504][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 552][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 576][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\Ati2evxx.dll] <ATI Technologies Inc.><6.14.10.4114>
[PID: 624][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 644][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 792][C:\WINDOWS\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4114>
[C:\WINDOWS\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2496>
[PID: 804][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 876][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 952][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 984][C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe] <><0, 20, 0, 3000>
[PID: 1076][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1140][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1252][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[C:\WINDOWS\system32\bthcrp.dll] <Broadcom Corporation.><4.0.1.2601>
[C:\WINDOWS\system32\WidcommSdk.dll] <Broadcom Corporation.><4.0.1.2601>
[C:\WINDOWS\system32\wbtapi.dll] <Broadcom Corporation.><4.0.1.2601>
[PID: 1384][D:\Bluetooth Software\bin\btwdins.exe] <Broadcom Corporation.><4.0.1.2601>
[PID: 1420][C:\WINDOWS\system32\inetsrv\inetinfo.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1496][D:\Symantec Client Firewall\NISUM.EXE] <Symantec Corporation><5.0.0.375>
[C:\WINDOWS\system32\SYMSTORE.dll] <Symantec Corporation><4.6.0.53>
[D:\Symantec Client Firewall\NISUMPS.DLL] <Symantec Corporation><5.0.0.375>
[PID: 1716][C:\WINDOWS\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4114>
[C:\WINDOWS\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2496>
[PID: 1804][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\msicn\msibm.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\msicn\plugins\bse.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\msicn\plugins\lup.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\msicn\plugins\bm.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\msicn\plugins\as.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>

huaxue05 - 2006-7-16 22:53:00

接上面
[D:\NetTransport\NTIEHelper.dll] <Xi><1.91.12>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.142.1>
[C:\WINDOWS\system32\vdshell.dll] <FarStone Technology Inc.><1, 5, 0, 0>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\WINDOWS\system32\btncopy.dll] <Broadcom Corporation.><4.0.1.2601>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.142.342>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.142.3>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.0.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.142.0>
[PID: 1856][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\msicn\msibm.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[PID: 2000][D:\SYMANT~1\IAMAPP.EXE] <Symantec Corporation><5.0.0.375>
[D:\SYMANT~1\iamevent.dll] <Symantec Corporation><5.0.0.375>
[D:\SYMANT~1\NISRES.DLL] <N/A><N/A>
[C:\WINDOWS\system32\SYMSTORE.dll] <Symantec Corporation><4.6.0.53>
[D:\SYMANT~1\IAMLOG.dll] <Symantec Corporation><5.0.0.375>
[D:\SYMANT~1\N32USERL.DLL] <Symantec Corporation><5.0.0.375>
[D:\SYMANT~1\UMCBK.DLL] <Symantec Corporation><5.0.0.375>
[D:\SYMANT~1\NISALERT.DLL] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\NISUMPS.DLL] <Symantec Corporation><5.0.0.375>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[D:\SYMANT~1\IAMCPL.CPL] <Symantec Corporation><5.0.0.375>
[D:\SYMANT~1\tlevel.dll] <Symantec Corporation><5.0.0.375>
[D:\SYMANT~1\NAVAPI32.DLL] <Symantec Corp.><4.1.0.15>
[C:\Program Files\Common Files\Symantec Shared\BRUNOALE.DLL] <Symantec Corporation><5.0.0.375>
[C:\Program Files\Common Files\Symantec Shared\PProfile.dll] <Symantec Corporation><5.0.0.375>
[PID: 228][D:\Symantec Client Firewall\SymPxSvc.exe] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\SymProxy.dll] <Symantec Corporation><5.0.0.375>
[C:\WINDOWS\system32\SYMREDIR.dll] <Symantec Corporation><4.6.0.53>
[C:\WINDOWS\system32\SYMSTORE.dll] <Symantec Corporation><4.6.0.53>
[D:\Symantec Client Firewall\NISALERT.DLL] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\NISRES.DLL] <N/A><N/A>
[D:\Symantec Client Firewall\ProxyIM.DLL] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\StrmFilt.dll] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\SymIConv.dll] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\SymPxAlt.dll] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\SymURL.dll] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\iamevent.dll] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\PrxyNNTP.DLL] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\PrxyHTTP.dll] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\NISUMPS.DLL] <Symantec Corporation><5.0.0.375>
[PID: 380][D:\Symantec Client Firewall\NISSERV.EXE] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\IAMLOG.dll] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\iamevent.dll] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\NISRES.DLL] <N/A><N/A>
[C:\WINDOWS\system32\SYMSTORE.dll] <Symantec Corporation><4.6.0.53>
[D:\Symantec Client Firewall\NISUMPS.DLL] <Symantec Corporation><5.0.0.375>
[PID: 1796][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2404][D:\Symantec Client Firewall\ATRACK.EXE] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\iamevent.dll] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\NISRES.DLL] <N/A><N/A>
[C:\WINDOWS\system32\SYMSTORE.dll] <Symantec Corporation><4.6.0.53>
[D:\Symantec Client Firewall\NISUMPS.DLL] <Symantec Corporation><5.0.0.375>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[D:\Symantec Client Firewall\tdit_msg.dll] <Symantec Corporation><5.0.0.375>
[PID: 3300][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3356][C:\WINDOWS\system32\NOTEPAD.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[PID: 3544][C:\Program Files\ChinaNet\VnetClient.exe] <><2005, 3, 7, 1>
[C:\Program Files\ChinaNet\Communicate.dll] <0><2005, 3, 3, 1>
[C:\Program Files\ChinaNet\DialModule.dll] <><2005, 1, 18, 1>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1>
[C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX] <><2005, 3, 7, 1>
[C:\PROGRA~1\ChinaNet\sign.dll] <0><2004, 12, 1, 1>
[C:\PROGRA~1\ChinaNet\WEBPLU~1.DLL] <><2005, 2, 17, 1>
[C:\PROGRA~1\ChinaNet\PostPlug.dll] <><2004, 12, 16, 2>
[C:\PROGRA~1\ChinaNet\ADVERT~1.OCX] <><2004, 12, 30, 0>
[C:\PROGRA~1\ChinaNet\VnetBs.ocx] <><2004, 11, 18, 1>
[C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL] <><2005, 3, 3, 1>
[C:\PROGRA~1\ChinaNet\AccountMgr.dll] <><2005, 3, 7, 2>
[C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX] <><2005, 2, 24, 1>
[C:\PROGRA~1\ChinaNet\NEWMES~1.DLL] <><2004, 11, 25, 0>
[C:\PROGRA~1\ChinaNet\PassCtrl.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\wpcap.dll] <Politecnico di Torino><3, 0, 0, 18>
[C:\WINDOWS\system32\pthreadVC.dll] <N/A><N/A>
[C:\WINDOWS\system32\packet.dll] <Politecnico di Torino><3, 0, 0, 18>
[C:\PROGRA~1\ChinaNet\PlugPush.dll] <><2004, 12, 21, 1>
[C:\PROGRA~1\ChinaNet\ALLINT~1.DLL] <><2004, 11, 23, 1>
[C:\PROGRA~1\ChinaNet\VNetLog.ocx] <><2005, 10, 9, 1>
[C:\PROGRA~1\ChinaNet\StatNum.dll] <><2004, 11, 18, 1>
[C:\PROGRA~1\ChinaNet\VNETON~1.OCX] <><2005, 3, 2, 1>
[C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL] <><2005, 3, 9, 1>
[C:\PROGRA~1\ChinaNet\VnetOptLog.dll] <><2004, 11, 23, 1>
[C:\PROGRA~1\ChinaNet\DialogStyle.dll] <><1, 0, 0, 1>
[C:\PROGRA~1\ChinaNet\Timer.ocx] <><2004, 11, 25, 1>
[C:\PROGRA~1\ChinaNet\VnetSkin.ocx] <GDDC><1, 0, 0, 1>
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.142.342>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.142.3>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.0.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.142.0>
[C:\PROGRA~1\ChinaNet\DlgSkin.ocx] <><1, 0, 0, 1>
[PID: 1488][D:\mcombocn\Maxthon\Maxthon.exe] <MY Soft Technology><1, 5, 0, 95>
[D:\mcombocn\Maxthon\maxzlib.dll] < ><1, 0, 0, 2>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[C:\WINDOWS\system32\wmpdrm.dll] <Allsum Info. Tech. Ltd.><2, 0, 0, 1>
[D:\mcombocn\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\msicn\msibm.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.142.342>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.142.3>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.0.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.142.0>
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\upengine.dll] <北京清华紫光软件股份有限公司><3.0.0.3045>
[PID: 3388][E:\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

我无邪 - 2006-7-16 23:18:00

运行(双击)System Repair Engineer，点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务dds ，选择“删除服务”点“设置”选择“否”最后重启。
重启后删除
C:\WINDOWS\system32\com
其它的都是流氓软件
下载超级兔子。
http://www.pctutu.com/srmsdown.asp
安装好后，打开“超级兔子清理王”“专业卸载,卸载所有提示的垃圾软件，卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载。
卸载完后，重启，请再扫份日志粘上来。

huaxue05 - 2006-7-17 9:47:00

Logfile of HijackThis v1.99.1
Scan saved at 9:37:37, on 2006-7-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Symantec Client Firewall\NISUM.EXE
D:\Symantec Client Firewall\SymPxSvc.exe
D:\Symantec Client Firewall\NISSERV.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\SYMANT~1\IAMAPP.EXE
D:\Symantec Client Firewall\ATRACK.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ChinaNet\VnetClient.exe
D:\mcombocn\Maxthon\Maxthon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\Explorer.exe
D:\HijackThis.exe

R3 - URLSearchHook: 全能助手广告拦截专家 - {ED51E9A3-16C5-4236-99E0-9F093B021433} - D:\WINDOW~1\AssistIEBar.dll
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\NetTransport\NTIEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: 全能助手广告拦截专家 - {ED51E9A3-16C5-4236-99E0-9F093B021433} - D:\WINDOW~1\AssistIEBar.dll
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iamapp] D:\SYMANT~1\IAMAPP.EXE
O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - HKLM\..\Run: [ATIPTA] ; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] ; "d:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMSCMig] ; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [Mirabilis ICQ] ; D:\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [MSPY2002] ; C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [NeroFilterCheck] ; ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PHIME2002A] ; ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] ; ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [snpstd3] ; C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vcdplayx] ; "C:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [Zone Labs Client] ;
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Any To-Do List] ; "D:\备忘小纸条\AnyToDo.exe"
O4 - HKCU\..\Run: [Kugoo] ;
O4 - HKCU\..\Run: [STYLEXP] ; C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Super Rabbit IEPro] ;
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用影音传送带下载 - D:\NetTransport\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - D:\NetTransport\NTAddList.html
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\qq\SendMMS.htm
O9 - Extra button: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\QQ\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\QQ\QQIEHelper.dll (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094285144061
O16 - DPF: {9BBD100C-E820-4930-9937-E8F3AA40E584} (DFVSScanFile Control) - http://antivirus3.sunv.com/dfvsolDown/dfvsol.cab
O16 - DPF: {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} (Kingsoft DUBA OnlineScan) - http://211.152.52.102/duba/antiscan/update/OCX/KAVClean.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{0728C570-A8DF-4FEC-B273-364ADB4FDEE6}: NameServer = 210.34.240.100,202.101.107.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{88E7A528-48DB-4E86-902F-20808E774B3E}: NameServer = 61.147.37.1 61.177.7.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0728C570-A8DF-4FEC-B273-364ADB4FDEE6}: NameServer = 210.34.240.100,202.101.107.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{0728C570-A8DF-4FEC-B273-364ADB4FDEE6}: NameServer = 210.34.240.100,202.101.107.55
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - D:\Symantec Client Firewall\NISSERV.EXE
O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - D:\Symantec Client Firewall\NISUM.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - D:\Symantec Client Firewall\SymPxSvc.exe

这是最新日志,帮忙看看~~

魔法学徒 - 2006-7-17 10:07:00

试试恶意软件清理助手

huaxue05 - 2006-7-18 8:51:00

Logfile of HijackThis v1.99.1
Scan saved at 8:42:10, on 2006-7-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Symantec Client Firewall\NISUM.EXE
D:\Symantec Client Firewall\SymPxSvc.exe
D:\Symantec Client Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\SYMANT~1\IAMAPP.EXE
D:\Symantec Client Firewall\ATRACK.EXE
C:\Program Files\ChinaNet\VnetClient.exe
D:\mcombocn\Maxthon\Maxthon.exe
D:\HijackThis.exe

R3 - URLSearchHook: 全能助手广告拦截专家 - {ED51E9A3-16C5-4236-99E0-9F093B021433} - D:\WINDOW~1\AssistIEBar.dll
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\NetTransport\NTIEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: 全能助手广告拦截专家 - {ED51E9A3-16C5-4236-99E0-9F093B021433} - D:\WINDOW~1\AssistIEBar.dll
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iamapp] D:\SYMANT~1\IAMAPP.EXE
O4 - HKLM\..\Run: [ATIPTA] ; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] ; "d:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMSCMig] ; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [Mirabilis ICQ] ; D:\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [MSPY2002] ; C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [NeroFilterCheck] ; ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PHIME2002A] ; ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] ; ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] ;
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Any To-Do List] ; "D:\备忘小纸条\AnyToDo.exe"
O4 - HKCU\..\Run: [Kugoo] ;
O4 - HKCU\..\Run: [STYLEXP] ; C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Super Rabbit IEPro] ;
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用影音传送带下载 - D:\NetTransport\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - D:\NetTransport\NTAddList.html
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\qq\SendMMS.htm
O9 - Extra button: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\QQ\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\QQ\QQIEHelper.dll (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094285144061
O16 - DPF: {9BBD100C-E820-4930-9937-E8F3AA40E584} (DFVSScanFile Control) - http://antivirus3.sunv.com/dfvsolDown/dfvsol.cab
O16 - DPF: {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} (Kingsoft DUBA OnlineScan) - http://211.152.52.102/duba/antiscan/update/OCX/KAVClean.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{0728C570-A8DF-4FEC-B273-364ADB4FDEE6}: NameServer = 210.34.240.100,202.101.107.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{88E7A528-48DB-4E86-902F-20808E774B3E}: NameServer = 61.147.37.1 61.177.7.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0728C570-A8DF-4FEC-B273-364ADB4FDEE6}: NameServer = 210.34.240.100,202.101.107.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{0728C570-A8DF-4FEC-B273-364ADB4FDEE6}: NameServer = 210.34.240.100,202.101.107.55
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - D:\Symantec Client Firewall\NISSERV.EXE
O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - D:\Symantec Client Firewall\NISUM.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - D:\Symantec Client Firewall\SymPxSvc.exe

最新日志,还是不行啊,大虾帮忙

我无邪 - 2006-7-18 13:18:00

请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

huaxue05 - 2006-7-18 13:57:00

2006-07-18,13:45:39

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<Any To-Do List><; "D:\备忘小纸条\AnyToDo.exe"> [Any Utils]
<STYLEXP><; C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide> []
<Super Rabbit IEPro><; > []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KAVPersonal50><C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize> [Kaspersky Lab]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> []
<iamapp><D:\SYMANT~1\IAMAPP.EXE> [Symantec Corporation]
<ATIPTA><; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
<DAEMON Tools><; "d:\DAEMON Tools\daemon.exe" -lang 1033> [DT Soft Ltd.]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<Mirabilis ICQ><; D:\ICQ\ICQNet.exe> []
<MSPY2002><; C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC> []
<NeroFilterCheck><; ; C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<PHIME2002A><; ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<PHIME2002ASync><; ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> []
<Zone Labs Client><; > []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\SYSTEM32\Userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><C:\Program Files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE> []

==================================
启动文件夹
服务
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Bluetooth Service / btwdins]
<D:\Bluetooth Software\bin\btwdins.exe><Broadcom Corporation.>
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[kavsvc / kavsvc]
<C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe><Kaspersky Lab>
[Macromedia Licensing Service / Macromedia Licensing Service]
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[Symantec Client Firewall Service / NISSERV]
<"D:\Symantec Client Firewall\NISSERV.EXE"><Symantec Corporation>
[Symantec Client Firewall Accounts Manager / NISUM]
<"D:\Symantec Client Firewall\NISUM.EXE"><Symantec Corporation>
[StyleXPService / StyleXPService]
<"C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"><>
[Symantec Client Firewall Proxy Service / SymPxSvc]
<"D:\Symantec Client Firewall\SymPxSvc.exe"><Symantec Corporation>

==================================
浏览器加载项
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <D:\NetTransport\NTIEHelper.dll, Xi>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <, N/A>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[DFVSScanFile Control]
{9BBD100C-E820-4930-9937-E8F3AA40E584} <C:\WINDOWS\system32\dfvs\dfvsol\DFVSSFOL.ocx, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <, N/A>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <D:\NetTransport\NTIEHelper.dll, Xi>
[]
{D24CF84E-46D7-4479-A4D8-D7E06E91FAC5} <C:\WINDOWS\system32\weatherdll.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[全能助手广告拦截专家]
{ED51E9A3-16C5-4236-99E0-9F093B021433} <D:\WINDOW~1\AssistIEBar.dll, 全能助手工作室>
[&Google Search]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html, N/A>
[使用影音传送带下载]
<D:\NetTransport\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
<D:\NetTransport\NTAddList.html, N/A>
[使用网际快车下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<D:\qq\AddPanel.htm, N/A>

huaxue05 - 2006-7-18 13:59:00

正在运行的进程
[PID: 512][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 560][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 584][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 632][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 652][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 784][C:\WINDOWS\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4114>
[C:\WINDOWS\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2496>
[PID: 808][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 876][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 928][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 964][C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe] <><0, 20, 0, 3000>
[PID: 1040][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1084][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1196][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[C:\WINDOWS\system32\bthcrp.dll] <Broadcom Corporation.><4.0.1.2601>
[C:\WINDOWS\system32\WidcommSdk.dll] <Broadcom Corporation.><4.0.1.2601>
[C:\WINDOWS\system32\wbtapi.dll] <Broadcom Corporation.><4.0.1.2601>
[PID: 1312][D:\Bluetooth Software\bin\btwdins.exe] <Broadcom Corporation.><4.0.1.2601>
[PID: 1340][C:\WINDOWS\system32\inetsrv\inetinfo.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1416][D:\Symantec Client Firewall\NISUM.EXE] <Symantec Corporation><5.0.0.375>
[C:\WINDOWS\system32\SYMSTORE.dll] <Symantec Corporation><4.6.0.53>
[D:\Symantec Client Firewall\NISUMPS.DLL] <Symantec Corporation><5.0.0.375>
[PID: 1500][D:\Symantec Client Firewall\SymPxSvc.exe] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\SymProxy.dll] <Symantec Corporation><5.0.0.375>
[C:\WINDOWS\system32\SYMREDIR.dll] <Symantec Corporation><4.6.0.53>
[C:\WINDOWS\system32\SYMSTORE.dll] <Symantec Corporation><4.6.0.53>
[D:\Symantec Client Firewall\NISALERT.DLL] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\NISRES.DLL] <N/A><N/A>
[D:\Symantec Client Firewall\ProxyIM.DLL] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\StrmFilt.dll] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\SymIConv.dll] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\SymPxAlt.dll] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\SymURL.dll] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\iamevent.dll] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\PrxyNNTP.DLL] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\PrxyHTTP.dll] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\NISUMPS.DLL] <Symantec Corporation><5.0.0.375>
[PID: 1552][D:\Symantec Client Firewall\NISSERV.EXE] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\IAMLOG.dll] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\iamevent.dll] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\NISRES.DLL] <N/A><N/A>
[C:\WINDOWS\system32\SYMSTORE.dll] <Symantec Corporation><4.6.0.53>
[D:\Symantec Client Firewall\NISUMPS.DLL] <Symantec Corporation><5.0.0.375>
[PID: 1948][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1116][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[C:\WINDOWS\system32\l3codeca.acm] <Fraunhofer Institut Integrierte Schaltungen IIS><1, 9, 0, 0305>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[D:\NetTransport\NTIEHelper.dll] <Xi><1.91.12>
[PID: 1408][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[PID: 2096][D:\SYMANT~1\IAMAPP.EXE] <Symantec Corporation><5.0.0.375>
[D:\SYMANT~1\iamevent.dll] <Symantec Corporation><5.0.0.375>
[D:\SYMANT~1\NISRES.DLL] <N/A><N/A>
[C:\WINDOWS\system32\SYMSTORE.dll] <Symantec Corporation><4.6.0.53>
[D:\SYMANT~1\IAMLOG.dll] <Symantec Corporation><5.0.0.375>
[D:\SYMANT~1\N32USERL.DLL] <Symantec Corporation><5.0.0.375>
[D:\SYMANT~1\UMCBK.DLL] <Symantec Corporation><5.0.0.375>
[D:\SYMANT~1\NISALERT.DLL] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\NISUMPS.DLL] <Symantec Corporation><5.0.0.375>
[D:\SYMANT~1\IAMCPL.CPL] <Symantec Corporation><5.0.0.375>
[D:\SYMANT~1\tlevel.dll] <Symantec Corporation><5.0.0.375>
[D:\SYMANT~1\NAVAPI32.DLL] <Symantec Corp.><4.1.0.15>
[C:\Program Files\Common Files\Symantec Shared\BRUNOALE.DLL] <Symantec Corporation><5.0.0.375>
[C:\Program Files\Common Files\Symantec Shared\PProfile.dll] <Symantec Corporation><5.0.0.375>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[PID: 2324][D:\Symantec Client Firewall\ATRACK.EXE] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\iamevent.dll] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\NISRES.DLL] <N/A><N/A>
[C:\WINDOWS\system32\SYMSTORE.dll] <Symantec Corporation><4.6.0.53>
[D:\Symantec Client Firewall\NISUMPS.DLL] <Symantec Corporation><5.0.0.375>
[D:\Symantec Client Firewall\tdit_msg.dll] <Symantec Corporation><5.0.0.375>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[PID: 3276][C:\Program Files\ChinaNet\VnetClient.exe] <><2005, 3, 7, 1>
[C:\Program Files\ChinaNet\Communicate.dll] <0><2005, 3, 3, 1>
[C:\Program Files\ChinaNet\DialModule.dll] <><2005, 1, 18, 1>
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1>
[C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX] <><2005, 3, 7, 1>
[C:\PROGRA~1\ChinaNet\sign.dll] <0><2004, 12, 1, 1>
[C:\PROGRA~1\ChinaNet\WEBPLU~1.DLL] <><2005, 2, 17, 1>
[C:\PROGRA~1\ChinaNet\PostPlug.dll] <><2004, 12, 16, 2>
[C:\PROGRA~1\ChinaNet\ADVERT~1.OCX] <><2004, 12, 30, 0>
[C:\PROGRA~1\ChinaNet\VnetBs.ocx] <><2004, 11, 18, 1>
[C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL] <><2005, 3, 3, 1>
[C:\PROGRA~1\ChinaNet\AccountMgr.dll] <><2005, 3, 7, 2>
[C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX] <><2005, 2, 24, 1>
[C:\PROGRA~1\ChinaNet\NEWMES~1.DLL] <><2004, 11, 25, 0>
[C:\PROGRA~1\ChinaNet\PassCtrl.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\wpcap.dll] <Politecnico di Torino><3, 0, 0, 18>
[C:\WINDOWS\system32\pthreadVC.dll] <N/A><N/A>
[C:\WINDOWS\system32\packet.dll] <Politecnico di Torino><3, 0, 0, 18>
[C:\PROGRA~1\ChinaNet\PlugPush.dll] <><2004, 12, 21, 1>
[C:\PROGRA~1\ChinaNet\ALLINT~1.DLL] <><2004, 11, 23, 1>
[C:\PROGRA~1\ChinaNet\VNetLog.ocx] <><2005, 10, 9, 1>
[C:\PROGRA~1\ChinaNet\StatNum.dll] <><2004, 11, 18, 1>
[C:\PROGRA~1\ChinaNet\VNETON~1.OCX] <><2005, 3, 2, 1>
[C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL] <><2005, 3, 9, 1>
[C:\PROGRA~1\ChinaNet\VnetOptLog.dll] <><2004, 11, 23, 1>
[C:\PROGRA~1\ChinaNet\DialogStyle.dll] <><1, 0, 0, 1>
[C:\PROGRA~1\ChinaNet\Timer.ocx] <><2004, 11, 25, 1>
[C:\PROGRA~1\ChinaNet\VnetSkin.ocx] <GDDC><1, 0, 0, 1>
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.142.342>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.142.3>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.0.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.142.0>
[C:\PROGRA~1\ChinaNet\DlgSkin.ocx] <><1, 0, 0, 1>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[PID: 2732][D:\qq\QQ.exe] <TENCENT><0, 0, 0, 0>
[D:\qq\CoralAssist.DLL] <N/A><4.0.0 Build 20051112>
[D:\qq\CoralQQ.DLL] <Coral Team><4.2.1 Build 20060127>
[D:\qq\IPSearcher.dll] <N/A><1.0.0.4>
[D:\qq\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[D:\qq\QQHelperDll.dll] <><1, 0, 0, 1>

huaxue05 - 2006-7-18 14:00:00

[D:\qq\BasicCtrlDll.dll] <Tencent><5, 0, 200, 14>
[D:\qq\QQAPI.dll] <><1, 0, 0, 1>
[d:\QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[D:\qq\LoginCtrl.dll] <><1, 0, 0, 1>
[D:\qq\npkcntc.dll] <INCA Internet Co., Ltd.><2005, 9, 1, 1>
[D:\qq\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[D:\qq\QQRes.dll] <tencent><1, 0, 0, 1>
[D:\qq\QQMainFrame.dll] <N/A><N/A>
[D:\qq\CQQApplication.dll] <N/A><N/A>
[D:\qq\NewSkin.dll] <><1, 0, 0, 1>
[D:\qq\HostingMgr.dll] <><1, 0, 0, 1>
[D:\qq\CameraDll.dll] <><1, 0, 0, 1>
[D:\qq\MailSummary.dll] <><1, 0, 0, 1>
[D:\qq\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[D:\qq\QQGroupMng.dll] <><1, 0, 0, 1>
[D:\qq\QQConfigPlugin.dll] <><1, 0, 0, 1>
[D:\qq\UserDefinedHead.dll] <><1, 0, 0, 1>
[D:\qq\QRingMng.dll] <N/A><N/A>
[D:\qq\PhoneAPI.dll] <><1, 0, 0, 1>
[D:\qq\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[D:\qq\QQAllInOne.dll] <N/A><N/A>
[D:\qq\SCCore.dll] <N/A><N/A>
[D:\qq\QQCustomFace.dll] <N/A><N/A>
[D:\qq\FlashAvatarDll.dll] <><1, 4, 0, 1>
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0>
[D:\qq\ImageOle.dll] <TODO: <Company name>><1.0.0.1>
[D:\qq\QQAvatar.dll] <N/A><N/A>
[D:\qq\QQSceneMng.dll] <N/A><N/A>
[D:\qq\LongConnection.dll] <tencent><0, 3, 3, 8>
[D:\qq\QQPet.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[D:\qq\QQPlugin.dll] <N/A><N/A>
[D:\qq\BQQApplication.dll] <N/A><N/A>
[D:\qq\CommercesMng.dll] <><1, 0, 0, 1>
[D:\qq\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
[D:\qq\QQUdpGetFileLib.dll] <tencent><0, 2, 2, 3>
[D:\qq\QQAddr.dll] <深圳市腾讯计算机系统有限公司><5, 0, 101, 141>
[D:\qq\QQPhoneHelper.dll] <腾讯科技（深圳）有限公司><2, 0, 4, 40>
[D:\qq\QQSysMsgMng.dll] <N/A><N/A>
[D:\qq\GroupConnection.dll] <Tencent><5, 0, 202, 30>
[D:\qq\ShareFiles.dll] <N/A><N/A>
[D:\qq\QQZip.dll] <tencent><0, 3, 2, 4>
[D:\qq\qqgroupdisk.dll] <深圳腾讯科技><2, 7, 0, 1022>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.142.342>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.142.3>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.0.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.142.0>
[D:\qq\QQFileTransfer.dll] <Tencent><5, 0, 202, 40>
[C:\WINDOWS\system32\upengine.dll] <北京清华紫光软件股份有限公司><3.0.0.3045>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[D:\qq\QQMagicFace.dll] <><1, 0, 0, 1>
[PID: 2808][D:\qq\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[d:\QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 2672][D:\本本常用\mobmeter.exe] <hexmagic><0, 3, 1, 0>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[PID: 3544][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 656][D:\mcombocn\Maxthon\Maxthon.exe] <MY Soft Technology><1, 5, 0, 95>
[D:\mcombocn\Maxthon\maxzlib.dll] < ><1, 0, 0, 2>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[D:\mcombocn\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.142.342>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.142.3>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.0.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.142.0>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\upengine.dll] <北京清华紫光软件股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0>
[PID: 2800][E:\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>

huaxue05 - 2006-7-18 14:00:00

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

我无邪 - 2006-7-18 14:07:00

看不出问题了，有异常请描述一下。
关闭所有浏览窗口以及一些不必要的程序
运行(双击)System Repair Engineer，使用“系统修复，浏览器加载项”来删除以下选项。
C:\WINDOWS\system32\weatherdll.dll
重启的后删除
C:\WINDOWS\system32\weatherdll.dll

huaxue05 - 2006-7-18 14:26:00

回楼上大哥~我刚才重启了,重启后暂时未发现weatherdll.dll

我无邪 - 2006-7-18 14:28:00

没有关系，你的系统如果没有异常的话，就这么罢了。

huaxue05 - 2006-7-18 14:28:00

另外.以前系统进程总共总是25-27现在为什么开机就30呢?

huaxue05 - 2006-7-18 14:33:00

引用:

【我无邪的贴子】没有关系，你的系统如果没有异常的话，就这么罢了。

...........................

555555555555555555555555555555
还是异常啊!!!!!还是莫名其妙弹出广告比如刚刚弹的这个:http://ad.aaahaatv.com/sz.html?classid=4914¶m=ADdXNuMj1GODU3RUU4MDQzNzZCQ0JDRUEzQjFFNzU3MDQ0ODExNyZwcm92aW5jZWlkPTE2JmNpdHlpZD04JnVzZXJpcD0yMTguMi44Ny44NyZjbGFzc2lkPTQ5MTQmc291cmNldXJsPXd3dy55YWhvby5jb20uY24v

huaxue05 - 2006-7-18 14:36:00

最新的hijackthis日志
Logfile of HijackThis v1.99.1
Scan saved at 14:26:17, on 2006-7-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Symantec Client Firewall\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\SYMANT~1\IAMAPP.EXE
D:\Symantec Client Firewall\SymPxSvc.exe
D:\Symantec Client Firewall\NISSERV.EXE
D:\Symantec Client Firewall\ATRACK.EXE
C:\Program Files\ChinaNet\VnetClient.exe
D:\mcombocn\Maxthon\Maxthon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
D:\HijackThis.exe

O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} -

c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} -

D:\NetTransport\NTIEHelper.dll
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky

Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iamapp] D:\SYMANT~1\IAMAPP.EXE
O4 - HKLM\..\Run: [ATIPTA] ; C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] ; "d:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil

/RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMSCMig] ; C:\PROGRA~1\COMMON~1\MICROS~1

\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [Mirabilis ICQ] ; D:\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [MSPY2002] ; C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

/SYNC
O4 - HKLM\..\Run: [NeroFilterCheck] ; ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PHIME2002A] ; ; C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] ; ; C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] ;
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Any To-Do List] ; "D:\备忘小纸条\AnyToDo.exe"
O4 - HKCU\..\Run: [STYLEXP] ; C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -

Hide
O4 - HKCU\..\Run: [Super Rabbit IEPro] ;
O8 - Extra context menu item: 使用影音传送带下载 -

D:\NetTransport\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 -

D:\NetTransport\NTAddList.html
O8 - Extra context menu item: 使用网际快车下载 - C:\Program

Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program

Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\qq\AddPanel.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuwe

b_site.cab?1094285144061
O16 - DPF: {9BBD100C-E820-4930-9937-E8F3AA40E584} (DFVSScanFile Control) -

http://antivirus3.sunv.com/dfvsolDown/dfvsol.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0728C570-A8DF-4FEC-B273-

364ADB4FDEE6}: NameServer = 210.34.240.100,202.101.107.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{88E7A528-48DB-4E86-902F-

20808E774B3E}: NameServer = 61.147.37.1 61.177.7.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0728C570-A8DF-4FEC-B273-

364ADB4FDEE6}: NameServer = 210.34.240.100,202.101.107.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{0728C570-A8DF-4FEC-B273-

364ADB4FDEE6}: NameServer = 210.34.240.100,202.101.107.55
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1

\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. -

D:\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel

32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky

Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program

Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec

Corporation - D:\Symantec Client Firewall\NISSERV.EXE
O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec

Corporation - D:\Symantec Client Firewall\NISUM.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program

Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec

Corporation - D:\Symantec Client Firewall\SymPxSvc.exe

瑞星卡卡安全论坛