紧急求救！！！ bbs.ikaka.com

liuhao199 - 2006-8-8 20:58:00

开机后每隔一段时间自动弹出www.wiki.cn vvpai 365u等网页，轮流出现，还有就是有时自动给我安装几十个流氓软件，请高手指点一下怎么解决，我快崩溃了！以下是扫描日志：
Logfile of HijackThis v1.99.1
Scan saved at 20:43:17, on 2006-8-8
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
F:\Apache2\bin\Apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
F:\Apache2\bin\Apache.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lm\netserlyer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tencent\qq\QQ.exe
C:\Program Files\Tencent\qq\TIMPlatform.exe
C:\Program Files\MYIE2\MyIE.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\spoolsv.exe
E:\ha_hijackthis_1991\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mouser.exe
O2 - BHO: Shockwave Flash Object - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - C:\WINDOWS\system32\smflash.ocx
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4558.dll (file missing)
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O3 - Toolbar: &IE修复专家 - {123249EB-F891-44C4-946F-450064F9080E} - C:\PROGRA~1\IE修复~1\IERBar.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Super Rabbit Winspeed] "C:\Program Files\Super Rabbit\MagicSet\winspeed.exe" /autokill:81
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NetCounter] c:\Program Files\NetCounter\NetCount.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\wshcon32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wshcon32.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B0E374B-FCDE-4648-8568-E318607778CE}: NameServer = 218.76.138.66 218.76.138.90
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B0E374B-FCDE-4648-8568-E318607778CE}: NameServer = 218.76.138.66 218.76.138.90
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - F:\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Network Connection100011 (Service100011) - Unknown owner - C:\WINDOWS\system32\lm\netserlyer.exe
O23 - Service: WLANKEEPER - Intel? Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

我无邪 - 2006-8-8 21:13:00

开始→运行→输入services.msc，打开“服务”→查找Network Connection100011 →双击→启动类型→禁止→停止→应用→确定。禁止Network Connection100011这个服务
请到http://forum.ikaka.com/topic.asp?board=67&artid=5188931，下载，LSPFix.exe，WinsockXPFix这两个软件
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
运行Hijackthis，扫描结束后在下列选项前打上勾，然后选"修复
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mouser.exe
O2 - BHO: Shockwave Flash Object - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - C:\WINDOWS\system32\smflash.ocx
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4558.dll (file missing)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
运行LSPFix.exe
删除
wshcon32.dll
附说明一份
LSPFix.exe这个软件主要用来辅助修复HijackThis扫描发现的O10项。
使用时，请关闭所有IE界面和文件夹界面后运行LSPFix，运行后，把要修复的那一个O10项从左边转到右边，点“Finish”即可。（不过这之前，需要在“I know what I`m doing”前面打勾。）
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
删除
c:\windows\system32\wshcon32.dll
C:\WINDOWS\system32\mouser.exe
C:\WINDOWS\system32\lm\netserlyer.exe
修复后重启，如果无法上网，请运行WinsockXPFix，让它修复一下。
回到正常模式，请再扫日志粘上来
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

liuhao199 - 2006-8-8 22:37:00

删除
c:\windows\system32\wshcon32.dll
C:\WINDOWS\system32\mouser.exe
C:\WINDOWS\system32\lm\netserlyer.exe

删除不了，是咋回事啊？

liuhao199 - 2006-8-9 10:16:00

现在光标还不停地闪烁，请高手快指点一下啊

liuhao199 - 2006-8-9 10:17:00

这是现在的扫描日志：

Logfile of HijackThis v1.99.1
Scan saved at 10:07:40, on 2006-8-9
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
F:\Apache2\bin\Apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
F:\Apache2\bin\Apache.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MYIE2\MyIE.exe
C:\WINDOWS\system32\svchost.exe
E:\ha_hijackthis_1991\HijackThis.exe
C:\WINDOWS\System32\regsvr32.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mouser.exe
O2 - BHO: (no name) - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - (no file)
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4558.dll (file missing)
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O3 - Toolbar: &IE修复专家 - {123249EB-F891-44C4-946F-450064F9080E} - C:\PROGRA~1\IE修复~1\IERBar.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Desktop] C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NetCounter] c:\Program Files\NetCounter\NetCount.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\wshcon32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wshcon32.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B0E374B-FCDE-4648-8568-E318607778CE}: NameServer = 218.76.138.66 218.76.138.90
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B0E374B-FCDE-4648-8568-E318607778CE}: NameServer = 218.76.138.66 218.76.138.90
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - F:\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel? Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

我无邪 - 2006-8-9 19:36:00

c:\windows\system32\wshcon32.dll
这一项你做了没有
请到http://forum.ikaka.com/topic.asp?board=67&artid=5188931，下载，LSPFix.exe，WinsockXPFix这两个软件
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows

运行LSPFix.exe
删除
wshcon32.dll
附说明一份
LSPFix.exe这个软件主要用来辅助修复HijackThis扫描发现的O10项。
使用时，请关闭所有IE界面和文件夹界面后运行LSPFix，运行后，把要修复的那一个O10项从左边转到右边，点“Finish”即可。（不过这之前，需要在“I know what I`m doing”前面打勾。）
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
删除
c:\windows\system32\wshcon32.dll

修复后重启，如果无法上网，请运行WinsockXPFix，让它修复一下。
回到正常模式，请再扫日志粘上来

liuhao199 - 2006-8-9 20:32:00

那一项也做了，可是就是接下来的那三个dll文件删不了啊

我无邪 - 2006-8-9 20:43:00

请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

liuhao199 - 2006-8-9 21:06:00

2006-08-09,20:54:51

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<NetCounter><c:\Program Files\NetCounter\NetCount.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> []
<dla><C:\WINDOWS\system32\dla\tfswctrl.exe> [Sonic Solutions]
<spoolsv><C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mouser.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<91cast><; > []
<bgoomain.exe><; C:\PROGRA~1\baigoo\bgoomain.exe> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<caishowmanage><; C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<CnsMin><; Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32> []
<Desktop><; C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll> []
<IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NetCounter><; c:\Program Files\NetCounter\NetCount.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<pbmini><; C:\Program Files\pcast\PodcastbarMini\PodcastBar.exe -hide> []
<svc><; C:\WINDOWS\svchost.exe> []
<sysmini><; C:\WINDOWS\system32\sysmini.exe> []
<vptray><; C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation]
<yassistse><; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"> []
<YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> []

==================================
启动文件夹
服务
[Adobe LM Service / Adobe LM Service]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><N/A>
[Apache2 / Apache2]
<"F:\Apache2\bin\Apache.exe" -k runservice><Apache Software Foundation>
[C-DillaSrv / C-DillaSrv]
<C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[DefWatch / DefWatch]
<C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>
[EvtEng / EvtEng]
<C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation>
[Symantec AntiVirus Client / Norton AntiVirus Server]
<C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>
[RegSrvc / RegSrvc]
<C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation>
[Spectrum24 Event Monitor / S24EventMonitor]
<C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe><Intel Corporation>
[Network Connection100011 / Service100011]
<C:\WINDOWS\system32\lm\netserlyer.exe><>
[WLANKEEPER / WLANKEEPER]
<C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe><Intel? Corporation>

==================================
浏览器加载项
[MyIEHelper Class]
{16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4558.dll, N/A>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[&IE修复专家]
{123249EB-F891-44C4-946F-450064F9080E} <C:\PROGRA~1\IE修复~1\IERBar.dll, N/A>
[Query Class]
{01C2F1E8-5C69-4B5C-B052-26941B6C23A6} <C:\WINDOWS\system32\iequery.dll, N/A>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[&IE修复专家]
{123249EB-F891-44C4-946F-450064F9080E} <C:\PROGRA~1\IE修复~1\IERBar.dll, N/A>
[MyIEHelper Class]
{16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4558.dll, N/A>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[FltSetUp Class]
{1D49D58D-5C84-4B50-8359-D9809BEB2B32} <C:\Program Files\Internet Explorer\Connection Wizard\icwuti1.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[PowerPlr Control]
{2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, Powerise Digital>
[IExpress]
{27E96DE0-8211-42CF-9A1E-FA6246A95B77} <C:\WINDOWS\system32\iexpress.dll, N/A>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Mini PPGou BHO]
{92FB5F8F-8254-4978-9C50-03D9B0405062} <C:\PROGRA~1\MINIPP~1\MINIPP~1.DLL, N/A>
[WAB Importer/Exporter]
{AA158CA5-93B4-4CD4-8D8C-BB6F9F515213} <C:\WINDOWS\System32\wabimp.dll, N/A>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Flash 8 ocx ]
{B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} <C:\WINDOWS\system32\flash8.dll, N/A>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Program Files\Chinagames\iGame\flash.ocx, Macromedia, Inc.>
[IEHlprObj Class]
{D424FE4E-CAF9-4FDD-BC5F-E6E6B91D53BF} <C:\Progra~1\NetMeeting\conf.dll, N/A>
[google bar]
{F651FCAA-F826-4922-8990-C6F99CC67AFC} <C:\WINDOWS\Win32ef.dll, N/A>
[google bar]
{FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A>
[AdSwpr]
{FCADDC14-BD46-408A-9842-CDBE1C6D37EB} <C:\PROGRA~1\IE修复~1\IERBar.dll, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\qq\SendMMS.htm, N/A>

liuhao199 - 2006-8-9 21:08:00

==================================
正在运行的进程
[PID: 308][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 552][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 576][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 620][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wshcon32.dll] <><4, 0, 0, 0>
[PID: 632][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 812][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 868][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wshcon32.dll] <><4, 0, 0, 0>
[PID: 992][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wshcon32.dll] <><4, 0, 0, 0>
[PID: 1136][C:\Program Files\Intel\Wireless\Bin\EvtEng.exe] <Intel Corporation><9, 0, 1, 12>
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] <Intel Corporation><9, 0, 1, 14>
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] <Intel Corporation><9, 0, 1, 22>
[PID: 1172][C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe] <Intel Corporation ><9, 0, 1, 41>
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] <Intel Corporation><9, 0, 1, 22>
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] <Intel Corporation><9, 0, 1, 14>
[PID: 1212][C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe] <Intel? Corporation><9, 0, 1, 14>
[C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll] <Intel Corporation><9, 0, 1, 45>
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] <Intel Corporation><9, 0, 1, 22>
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] <Intel Corporation><9, 0, 1, 14>
[C:\Program Files\Intel\Wireless\Bin\MurocApi.dll] <Intel Corporation><9, 0, 1, 54>
[C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll] <Intel Corporation><9, 0, 1, 7>
[C:\Program Files\Intel\Wireless\Bin\C1XStngs.dll] <Intel Corporation><9, 0, 1, 31>
[C:\Program Files\Intel\Wireless\Bin\C8021CHS.dll] <Intel Corporation><9, 0, 1, 31>
[C:\Program Files\Intel\Wireless\Bin\LSAWRAPI.dll] <Intel Corporation><9, 0, 1, 1>
[C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL] <N/A><N/A>
[PID: 1260][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1392][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1648][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1732][C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe] <Intel><9, 0, 1, 33>
[C:\PROGRA~1\Intel\Wireless\Bin\IntelAE5.dll] <Meetinghouse Data Communications><3, 0, 0, 40>
[C:\PROGRA~1\Intel\Wireless\Bin\TraceAPI.DLL] <Intel Corporation><9, 0, 1, 22>
[C:\PROGRA~1\Intel\Wireless\Bin\PsRegApi.dll] <Intel Corporation><9, 0, 1, 14>
[C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL] <N/A><N/A>
[PID: 324][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\WINDOWS\system32\wshcon32.dll] <><4, 0, 0, 0>
[C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><8.1.0.821>
[PID: 444][C:\WINDOWS\system32\dla\tfswctrl.exe] <Sonic Solutions><1.04.08a>
[C:\WINDOWS\system32\tfswapi.dll] <Sonic Solutions><1.04.08a>
[C:\WINDOWS\system32\dla\tfswcres.dll] <Sonic Solutions><1.04.08a>
[PID: 460][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1900][F:\Apache2\bin\Apache.exe] <Apache Software Foundation><2.0.52>

liuhao199 - 2006-8-9 21:09:00

[F:\Apache2\bin\libapr.dll] <Apache Software Foundation><0.0.0.0>
[F:\Apache2\bin\libaprutil.dll] <Apache Software Foundation><0.0.0.0>
[F:\Apache2\bin\libapriconv.dll] <Apache Software Foundation><0.0.0.0>
[F:\Apache2\bin\libhttpd.dll] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_access.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_actions.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_alias.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_asis.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_auth.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_autoindex.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_cgi.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_dir.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_env.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_imap.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_include.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_isapi.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_log_config.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_mime.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_negotiation.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_setenvif.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_userdir.so] <Apache Software Foundation><2.0.52>
[PID: 1996][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2004][C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE] <C-Dilla Ltd><3.24.010>
[PID: 2024][C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe] <Symantec Corporation><8.1.0.821>
[PID: 2032][F:\Apache2\bin\Apache.exe] <Apache Software Foundation><2.0.52>
[F:\Apache2\bin\libapr.dll] <Apache Software Foundation><0.0.0.0>
[F:\Apache2\bin\libaprutil.dll] <Apache Software Foundation><0.0.0.0>
[F:\Apache2\bin\libapriconv.dll] <Apache Software Foundation><0.0.0.0>
[F:\Apache2\bin\libhttpd.dll] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_access.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_actions.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_alias.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_asis.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_auth.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_autoindex.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_cgi.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_dir.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_env.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_imap.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_include.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_isapi.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_log_config.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_mime.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_negotiation.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_setenvif.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_userdir.so] <Apache Software Foundation><2.0.52>
[PID: 180][C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe] <Symantec Corporation><8.1.0.821>
[C:\WINDOWS\system32\CBA.DLL] <Intel? Corporation><6.12.0.105 E>
[C:\WINDOWS\system32\MsgSys.dll] <Intel? Corporation><6.12.0.105 E>
[C:\WINDOWS\system32\NTS.dll] <Intel? Corporation><6.12.0.105 E>
[C:\WINDOWS\system32\PDS.DLL] <Intel? Corporation><6.12.0.105 E>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll] <Symantec Corporation><8.1.0.821>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll] <Symantec Corporation><8.1.0.821>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL] <Symantec Corp.><4.2.0.7>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060520.005\NAVEX32a.DLL] <Symantec Corporation><20061.1.0.14>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060520.005\NAVENG32.DLL] <Symantec Corporation><20061.1.0.14>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL] <Symantec Corporation><9.1.0.26>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NotesExt.dll] <Symantec Corporation><8.1.0.821>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vpmsece.dll] <Symantec Corporation><8.1.0.821>
[C:\WINDOWS\system32\wshcon32.dll] <><4, 0, 0, 0>
[PID: 2536][C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe] <Intel Corporation><9, 0, 1, 10>
[PID: 3884][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2788][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wshcon32.dll] <><4, 0, 0, 0>
[PID: 1812][C:\Program Files\MYIE2\MyIE.exe] <MY Soft Technology><0, 9, 27, 68>
[C:\Program Files\MYIE2\Plugin\ViewSource\ViewSrc.dll] <><1, 0, 0, 1>
[C:\Program Files\MYIE2\Plugin\uc\uc.dll] <><1, 0, 0, 1>
[C:\Program Files\MYIE2\Services\RealTime\real_time.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\wshcon32.dll] <><4, 0, 0, 0>
[C:\Program Files\Chinagames\iGame\flash.ocx] <Macromedia, Inc.><7,0,19,0>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\upengine.dll] <北京清华紫光软件股份有限公司><3.0.0.3045>
[PID: 6708][C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE] <Microsoft Corporation><11.0.8026>
[C:\Program Files\Kingsoft\Powerword 2003\PWOffice2.dll] <Kingsoft Co, Ltd.><6, 0, 0, 0>
[C:\Program Files\Microsoft Office\OFFICE11\STARTUP\MathPage.wll] <N/A><N/A>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[PID: 15568][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wshcon32.dll] <><4, 0, 0, 0>
[PID: 33540][E:\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\system32\wshcon32.dll] <><4, 0, 0, 0>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP Error. [C:\WINDOWS\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

我无邪 - 2006-8-9 21:22:00

运行(双击)System Repair Engineer，点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务Network Connection100011，选择“删除服务”点“设置”选择“否”

下载超级兔子。
http://www.pctutu.com/srmsdown.asp
安装好后，打开“超级兔子清理王”“专业卸载,卸载所有提示的垃圾软件，卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载。
卸载完后

进入安全模式
运行(双击)System Repair Engineer，使用“启动项目，注册表”来删除以下选项。
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\sysmini.exe
运行(双击)System Repair Engineer，使用“启动项目，注册表”选中要修复的项，
C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mouser.exe
点“编辑”在“值”里删除C:\WINDOWS\system32\mouser.exe
删除
C:\WINDOWS\system32\mouser.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\sysmini.exe
C:\WINDOWS\system32\lm

直接在安全模式运行WinsockXPFix
重启后，再扫份日志粘上来。

liuhao199 - 2006-8-9 22:15:00

Logfile of HijackThis v1.99.1
Scan saved at 22:03:46, on 2006-8-9
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
F:\Apache2\bin\Apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
F:\Apache2\bin\Apache.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
E:\ha_hijackthis_1991\HijackThis.exe
C:\WINDOWS\System32\regsvr32.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mouser.exe
O2 - BHO: (no name) - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - (no file)
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4558.dll (file missing)
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O3 - Toolbar: &IE修复专家 - {123249EB-F891-44C4-946F-450064F9080E} - C:\PROGRA~1\IE修复~1\IERBar.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] ; %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dla] ; C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [91cast] ;
O4 - HKLM\..\Run: [CnsMin] ; Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [IMSCMig] ; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [pbmini] ; C:\Program Files\pcast\PodcastbarMini\PodcastBar.exe -hide
O4 - HKLM\..\Run: [CdnCtr] ; C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [MSConfig] ; C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [vptray] ; ; C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [yassistse] ; ; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ; C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NetCounter] ; c:\Program Files\NetCounter\NetCount.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O11 - Options group: [CDNCLIENT] 中文上网
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - F:\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel? Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

liuhao199 - 2006-8-9 22:17:00

在上面的步骤中，没有看到C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\sysmini.exe
删除了C:\WINDOWS\system32\mouser.exe

我无邪 - 2006-8-9 22:29:00

扫份System Repair Engineer的日志粘上来。

liuhao199 - 2006-8-9 22:34:00

2006-08-09,22:24:08

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<NetCounter><; c:\Program Files\NetCounter\NetCount.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k> []
<dla><; C:\WINDOWS\system32\dla\tfswctrl.exe> [Sonic Solutions]
<91cast><; > []
<CnsMin><; Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32> []
<IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<pbmini><; C:\Program Files\pcast\PodcastbarMini\PodcastBar.exe -hide> []
<CdnCtr><; C:\Program Files\CNNIC\Cdn\cdnup.exe> []
<MSConfig><; C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto> [Microsoft Corporation]
<vptray><; ; C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation]
<yassistse><; ; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mouser.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]

==================================
启动文件夹
服务
[Adobe LM Service / Adobe LM Service]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><N/A>
[Apache2 / Apache2]
<"F:\Apache2\bin\Apache.exe" -k runservice><Apache Software Foundation>
[C-DillaSrv / C-DillaSrv]
<C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[DefWatch / DefWatch]
<C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>
[EvtEng / EvtEng]
<C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation>
[Symantec AntiVirus Client / Norton AntiVirus Server]
<C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>
[RegSrvc / RegSrvc]
<C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation>
[Spectrum24 Event Monitor / S24EventMonitor]
<C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe><Intel Corporation>
[WLANKEEPER / WLANKEEPER]
<C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe><Intel? Corporation>

==================================
浏览器加载项
[MyIEHelper Class]
{16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4558.dll, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[&IE修复专家]
{123249EB-F891-44C4-946F-450064F9080E} <C:\PROGRA~1\IE修复~1\IERBar.dll, N/A>
[Query Class]
{01C2F1E8-5C69-4B5C-B052-26941B6C23A6} <C:\WINDOWS\system32\iequery.dll, N/A>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[&IE修复专家]
{123249EB-F891-44C4-946F-450064F9080E} <C:\PROGRA~1\IE修复~1\IERBar.dll, N/A>
[MyIEHelper Class]
{16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4558.dll, N/A>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[FltSetUp Class]
{1D49D58D-5C84-4B50-8359-D9809BEB2B32} <C:\Program Files\Internet Explorer\Connection Wizard\icwuti1.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[PowerPlr Control]
{2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, Powerise Digital>
[IExpress]
{27E96DE0-8211-42CF-9A1E-FA6246A95B77} <C:\WINDOWS\system32\iexpress.dll, N/A>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Mini PPGou BHO]
{92FB5F8F-8254-4978-9C50-03D9B0405062} <C:\PROGRA~1\MINIPP~1\MINIPP~1.DLL, N/A>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC.dll, N/A>
[WAB Importer/Exporter]
{AA158CA5-93B4-4CD4-8D8C-BB6F9F515213} <C:\WINDOWS\System32\wabimp.dll, N/A>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Flash 8 ocx ]
{B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} <C:\WINDOWS\system32\flash8.dll, N/A>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Program Files\Chinagames\iGame\flash.ocx, Macromedia, Inc.>
[IEHlprObj Class]
{D424FE4E-CAF9-4FDD-BC5F-E6E6B91D53BF} <C:\Progra~1\NetMeeting\conf.dll, N/A>
[DuiSo.com Search]
{E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINDOWS\system32\Inte32.dll, N/A>
[BHelper Class]
{F2E37336-BFDB-409B-8D0E-6F013C438B20} <C:\WINDOWS\system32\9bfo9e50.dll, N/A>
[google bar]
{F651FCAA-F826-4922-8990-C6F99CC67AFC} <C:\WINDOWS\Win32ef.dll, N/A>
[google bar]
{FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A>
[AdSwpr]
{FCADDC14-BD46-408A-9842-CDBE1C6D37EB} <C:\PROGRA~1\IE修复~1\IERBar.dll, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\qq\SendMMS.htm, N/A>

liuhao199 - 2006-8-9 22:35:00

==================================
正在运行的进程
[PID: 308][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 552][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 576][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 620][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 632][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 804][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 860][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 968][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1124][C:\Program Files\Intel\Wireless\Bin\EvtEng.exe] <Intel Corporation><9, 0, 1, 12>
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] <Intel Corporation><9, 0, 1, 14>
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] <Intel Corporation><9, 0, 1, 22>
[PID: 1168][C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe] <Intel Corporation ><9, 0, 1, 41>
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] <Intel Corporation><9, 0, 1, 22>
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] <Intel Corporation><9, 0, 1, 14>
[PID: 1228][C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe] <Intel? Corporation><9, 0, 1, 14>
[C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll] <Intel Corporation><9, 0, 1, 45>
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] <Intel Corporation><9, 0, 1, 22>
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] <Intel Corporation><9, 0, 1, 14>
[C:\Program Files\Intel\Wireless\Bin\MurocApi.dll] <Intel Corporation><9, 0, 1, 54>
[C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll] <Intel Corporation><9, 0, 1, 7>
[C:\Program Files\Intel\Wireless\Bin\C1XStngs.dll] <Intel Corporation><9, 0, 1, 31>
[C:\Program Files\Intel\Wireless\Bin\C8021CHS.dll] <Intel Corporation><9, 0, 1, 31>
[C:\Program Files\Intel\Wireless\Bin\LSAWRAPI.dll] <Intel Corporation><9, 0, 1, 1>
[C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL] <N/A><N/A>
[PID: 1292][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1416][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1620][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1728][C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe] <Intel><9, 0, 1, 33>
[C:\PROGRA~1\Intel\Wireless\Bin\IntelAE5.dll] <Meetinghouse Data Communications><3, 0, 0, 40>
[C:\PROGRA~1\Intel\Wireless\Bin\TraceAPI.DLL] <Intel Corporation><9, 0, 1, 22>
[C:\PROGRA~1\Intel\Wireless\Bin\PsRegApi.dll] <Intel Corporation><9, 0, 1, 14>
[C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL] <N/A><N/A>
[PID: 268][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1520][F:\Apache2\bin\Apache.exe] <Apache Software Foundation><2.0.52>
[F:\Apache2\bin\libapr.dll] <Apache Software Foundation><0.0.0.0>
[F:\Apache2\bin\libaprutil.dll] <Apache Software Foundation><0.0.0.0>
[F:\Apache2\bin\libapriconv.dll] <Apache Software Foundation><0.0.0.0>
[F:\Apache2\bin\libhttpd.dll] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_access.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_actions.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_alias.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_asis.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_auth.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_autoindex.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_cgi.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_dir.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_env.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_imap.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_include.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_isapi.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_log_config.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_mime.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_negotiation.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_setenvif.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_userdir.so] <Apache Software Foundation><2.0.52>
[PID: 1460][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[c:\windows\system32\tasklist.dll] <N/A><N/A>
[PID: 1604][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1664][C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE] <C-Dilla Ltd><3.24.010>
[PID: 1684][C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe] <Symantec Corporation><8.1.0.821>
[PID: 1696][F:\Apache2\bin\Apache.exe] <Apache Software Foundation><2.0.52>

liuhao199 - 2006-8-9 22:35:00

[F:\Apache2\bin\libapr.dll] <Apache Software Foundation><0.0.0.0>
[F:\Apache2\bin\libaprutil.dll] <Apache Software Foundation><0.0.0.0>
[F:\Apache2\bin\libapriconv.dll] <Apache Software Foundation><0.0.0.0>
[F:\Apache2\bin\libhttpd.dll] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_access.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_actions.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_alias.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_asis.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_auth.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_autoindex.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_cgi.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_dir.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_env.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_imap.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_include.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_isapi.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_log_config.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_mime.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_negotiation.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_setenvif.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_userdir.so] <Apache Software Foundation><2.0.52>
[PID: 2276][C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe] <Symantec Corporation><8.1.0.821>
[C:\WINDOWS\system32\CBA.DLL] <Intel? Corporation><6.12.0.105 E>
[C:\WINDOWS\system32\MsgSys.dll] <Intel? Corporation><6.12.0.105 E>
[C:\WINDOWS\system32\NTS.dll] <Intel? Corporation><6.12.0.105 E>
[C:\WINDOWS\system32\PDS.DLL] <Intel? Corporation><6.12.0.105 E>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll] <Symantec Corporation><8.1.0.821>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll] <Symantec Corporation><8.1.0.821>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL] <Symantec Corp.><4.2.0.7>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060520.005\NAVEX32a.DLL] <Symantec Corporation><20061.1.0.14>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060520.005\NAVENG32.DLL] <Symantec Corporation><20061.1.0.14>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL] <Symantec Corporation><9.1.0.26>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NotesExt.dll] <Symantec Corporation><8.1.0.821>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vpmsece.dll] <Symantec Corporation><8.1.0.821>
[PID: 2348][C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe] <Intel Corporation><9, 0, 1, 10>
[PID: 2360][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3100][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3380][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3612][C:\Program Files\MYIE2\MyIE.exe] <MY Soft Technology><0, 9, 27, 68>
[C:\Program Files\MYIE2\Plugin\ViewSource\ViewSrc.dll] <><1, 0, 0, 1>
[C:\Program Files\MYIE2\Plugin\uc\uc.dll] <><1, 0, 0, 1>
[C:\Program Files\MYIE2\Services\RealTime\real_time.dll] <><1, 0, 0, 1>
[C:\Program Files\Chinagames\iGame\flash.ocx] <Macromedia, Inc.><7,0,19,0>
[PID: 884][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2607 built by: dnsrv(wmbla)>
[PID: 4204][C:\WINDOWS\system32\wbem\wmiprvse.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 5396][E:\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP Error. [C:\WINDOWS\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

我无邪 - 2006-8-9 22:41:00

下载超级兔子。
http://www.pctutu.com/srmsdown.asp
安装好后，打开“超级兔子清理王”“专业卸载,卸载所有提示的垃圾软件，卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载。
卸载完后
重启再扫份日志粘上来。
烦把C:\WINDOWS\system32\mouser.exe这个东东用WINRAR打包发到twtxk@126.com来，谢谢

liuhao199 - 2006-8-9 22:48:00

我用了超级兔子卸载了所有软件，但是有IE插件和win survey这两个无论如何也卸载不掉，兔子提示已经卸载，但是仍然存在。
要发的东东马上给你发来。

我无邪 - 2006-8-9 22:52:00

你的兔子是今天下载的吗？
今天的兔子刚刚出了最新的版本，版本号为7.75

sunsubway1 - 2006-8-9 22:52:00

如果有兔子不能删的东东，建议用瑞星查杀一下是否有木马病毒。然后再用超级兔子卸载。

liuhao199 - 2006-8-10 8:51:00

2006-08-10,08:40:09

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k> []
<dla><; C:\WINDOWS\system32\dla\tfswctrl.exe> [Sonic Solutions]
<91cast><; > []
<CnsMin><; Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32> []
<IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<pbmini><; C:\Program Files\pcast\PodcastbarMini\PodcastBar.exe -hide> []
<CdnCtr><; C:\Program Files\CNNIC\Cdn\cdnup.exe> []
<MSConfig><; C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto> [Microsoft Corporation]
<vptray><; ; C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation]
<yassistse><; ; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]

==================================
启动文件夹
服务
[Adobe LM Service / Adobe LM Service]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><N/A>
[Apache2 / Apache2]
<"F:\Apache2\bin\Apache.exe" -k runservice><Apache Software Foundation>
[C-DillaSrv / C-DillaSrv]
<C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[DefWatch / DefWatch]
<C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>
[EvtEng / EvtEng]
<C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation>
[Symantec AntiVirus Client / Norton AntiVirus Server]
<C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>
[RegSrvc / RegSrvc]
<C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation>
[Spectrum24 Event Monitor / S24EventMonitor]
<C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe><Intel Corporation>
[WLANKEEPER / WLANKEEPER]
<C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe><Intel? Corporation>

==================================
浏览器加载项
[MyIEHelper Class]
{16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4558.dll, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[&IE修复专家]
{123249EB-F891-44C4-946F-450064F9080E} <C:\PROGRA~1\IE修复~1\IERBar.dll, N/A>
[ActiveScan Installer Class]
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[vc Control]
{E689D735-1487-420D-9049-16ED198FE411} <C:\WINDOWS\DOWNLO~1\vco.ocx, >
[Query Class]
{01C2F1E8-5C69-4B5C-B052-26941B6C23A6} <C:\WINDOWS\system32\iequery.dll, N/A>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[&IE修复专家]
{123249EB-F891-44C4-946F-450064F9080E} <C:\PROGRA~1\IE修复~1\IERBar.dll, N/A>
[MyIEHelper Class]
{16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4558.dll, N/A>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[FltSetUp Class]
{1D49D58D-5C84-4B50-8359-D9809BEB2B32} <C:\Program Files\Internet Explorer\Connection Wizard\icwuti1.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[PowerPlr Control]
{2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, Powerise Digital>
[IExpress]
{27E96DE0-8211-42CF-9A1E-FA6246A95B77} <C:\WINDOWS\system32\iexpress.dll, N/A>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Mini PPGou BHO]
{92FB5F8F-8254-4978-9C50-03D9B0405062} <C:\PROGRA~1\MINIPP~1\MINIPP~1.DLL, N/A>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC.dll, N/A>
[WAB Importer/Exporter]
{AA158CA5-93B4-4CD4-8D8C-BB6F9F515213} <C:\WINDOWS\System32\wabimp.dll, N/A>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Flash 8 ocx ]
{B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} <C:\WINDOWS\system32\flash8.dll, N/A>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Program Files\Chinagames\iGame\flash.ocx, Macromedia, Inc.>
[IEHlprObj Class]
{D424FE4E-CAF9-4FDD-BC5F-E6E6B91D53BF} <C:\Progra~1\NetMeeting\conf.dll, N/A>
[DuiSo.com Search]
{E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINDOWS\system32\Inte32.dll, N/A>
[BHelper Class]
{F2E37336-BFDB-409B-8D0E-6F013C438B20} <C:\WINDOWS\system32\9bfo9e50.dll, N/A>
[google bar]
{F651FCAA-F826-4922-8990-C6F99CC67AFC} <C:\WINDOWS\Win32ef.dll, N/A>
[google bar]
{FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A>
[AdSwpr]
{FCADDC14-BD46-408A-9842-CDBE1C6D37EB} <C:\PROGRA~1\IE修复~1\IERBar.dll, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\qq\SendMMS.htm, N/A>

liuhao199 - 2006-8-10 8:51:00

==================================
正在运行的进程
[PID: 308][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 552][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 576][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 620][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 632][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 808][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 864][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 988][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1140][C:\Program Files\Intel\Wireless\Bin\EvtEng.exe] <Intel Corporation><9, 0, 1, 12>
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] <Intel Corporation><9, 0, 1, 14>
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] <Intel Corporation><9, 0, 1, 22>
[PID: 1172][C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe] <Intel Corporation ><9, 0, 1, 41>
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] <Intel Corporation><9, 0, 1, 22>
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] <Intel Corporation><9, 0, 1, 14>
[PID: 1232][C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe] <Intel? Corporation><9, 0, 1, 14>
[C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll] <Intel Corporation><9, 0, 1, 45>
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] <Intel Corporation><9, 0, 1, 22>
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] <Intel Corporation><9, 0, 1, 14>
[C:\Program Files\Intel\Wireless\Bin\MurocApi.dll] <Intel Corporation><9, 0, 1, 54>
[C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll] <Intel Corporation><9, 0, 1, 7>
[C:\Program Files\Intel\Wireless\Bin\C1XStngs.dll] <Intel Corporation><9, 0, 1, 31>
[C:\Program Files\Intel\Wireless\Bin\C8021CHS.dll] <Intel Corporation><9, 0, 1, 31>
[C:\Program Files\Intel\Wireless\Bin\LSAWRAPI.dll] <Intel Corporation><9, 0, 1, 1>
[C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL] <N/A><N/A>
[PID: 1264][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1344][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1612][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1728][C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe] <Intel><9, 0, 1, 33>
[C:\PROGRA~1\Intel\Wireless\Bin\IntelAE5.dll] <Meetinghouse Data Communications><3, 0, 0, 40>
[C:\PROGRA~1\Intel\Wireless\Bin\TraceAPI.DLL] <Intel Corporation><9, 0, 1, 22>
[C:\PROGRA~1\Intel\Wireless\Bin\PsRegApi.dll] <Intel Corporation><9, 0, 1, 14>
[C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL] <N/A><N/A>
[PID: 188][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1388][F:\Apache2\bin\Apache.exe] <Apache Software Foundation><2.0.52>
[F:\Apache2\bin\libapr.dll] <Apache Software Foundation><0.0.0.0>
[F:\Apache2\bin\libaprutil.dll] <Apache Software Foundation><0.0.0.0>
[F:\Apache2\bin\libapriconv.dll] <Apache Software Foundation><0.0.0.0>
[F:\Apache2\bin\libhttpd.dll] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_access.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_actions.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_alias.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_asis.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_auth.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_autoindex.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_cgi.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_dir.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_env.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_imap.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_include.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_isapi.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_log_config.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_mime.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_negotiation.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_setenvif.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_userdir.so] <Apache Software Foundation><2.0.52>
[PID: 1420][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1432][C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE] <C-Dilla Ltd><3.24.010>
[PID: 1452][C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe] <Symantec Corporation><8.1.0.821>
[PID: 1460][F:\Apache2\bin\Apache.exe] <Apache Software Foundation><2.0.52>

liuhao199 - 2006-8-10 8:52:00

[F:\Apache2\bin\libapr.dll] <Apache Software Foundation><0.0.0.0>
[F:\Apache2\bin\libaprutil.dll] <Apache Software Foundation><0.0.0.0>
[F:\Apache2\bin\libapriconv.dll] <Apache Software Foundation><0.0.0.0>
[F:\Apache2\bin\libhttpd.dll] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_access.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_actions.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_alias.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_asis.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_auth.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_autoindex.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_cgi.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_dir.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_env.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_imap.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_include.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_isapi.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_log_config.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_mime.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_negotiation.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_setenvif.so] <Apache Software Foundation><2.0.52>
[F:\Apache2\modules\mod_userdir.so] <Apache Software Foundation><2.0.52>
[PID: 2216][C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe] <Symantec Corporation><8.1.0.821>
[C:\WINDOWS\system32\CBA.DLL] <Intel? Corporation><6.12.0.105 E>
[C:\WINDOWS\system32\MsgSys.dll] <Intel? Corporation><6.12.0.105 E>
[C:\WINDOWS\system32\NTS.dll] <Intel? Corporation><6.12.0.105 E>
[C:\WINDOWS\system32\PDS.DLL] <Intel? Corporation><6.12.0.105 E>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll] <Symantec Corporation><8.1.0.821>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll] <Symantec Corporation><8.1.0.821>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL] <Symantec Corp.><4.2.0.7>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060520.005\NAVEX32a.DLL] <Symantec Corporation><20061.1.0.14>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060520.005\NAVENG32.DLL] <Symantec Corporation><20061.1.0.14>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL] <Symantec Corporation><9.1.0.26>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NotesExt.dll] <Symantec Corporation><8.1.0.821>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vpmsece.dll] <Symantec Corporation><8.1.0.821>
[PID: 2332][C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe] <Intel Corporation><9, 0, 1, 10>
[PID: 2412][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 4000][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 19104][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 22688][C:\WINDOWS\system32\mdm.exe] <Microsoft Corporation><6.00.8149>
[PID: 23672][E:\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP Error. [C:\WINDOWS\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

liuhao199 - 2006-8-10 8:56:00

我用免费在线杀毒杀出了很多病毒，然后最新版本超级兔子卸载了一下，但是有win survey和IE插件中的MyIEHelper Class]这两个无论如何也卸载不掉，兔子提示已经卸载，但是仍然存在。以上是最新扫描结果。

liuhao199 - 2006-8-10 15:20:00

我的系统现在很不稳定，开机还好，每过不到半小时左右就什么程序都启动不了，运行程序就提示“系统资源不足……”，只能重启。

vivirx - 2006-8-10 16:41:00

英文国际域名域名注册只需30元/年！
详情请访问http://www.ruixun.net
联系QQ：697217

liuhao199 - 2006-8-10 17:28:00

浏览器好像已经没有弹出来了，现在就是系统不稳定，请问无邪兄，怎么把系统恢复一下啊？因为就是前面的操作造成的。扫描日志见上面的贴子。

liuhao199 - 2006-8-10 22:16:00

浏览器好像已经没有弹出来了，现在就是系统不稳定，请问无邪兄，怎么把系统恢复一下啊？因为就是前面的操作造成的。扫描日志见上面的贴子。

瑞星卡卡安全论坛