用尽网络上所有办法都不能解决。开机自动运行IE却没有IE窗口（有报告） bbs.ikaka.com

germa - 2006-10-2 17:35:00

刚刚装了系统。。。就中毒了。。。哭死。。。

由于我默认浏览器是TT，所以开机以后有网页要弹出时会有对话提示说IE不是默认的，是否要设为默认等等。。。

现象就是进程中有IEXPLORE.EXE（大写）但是没有网页出现。。。关闭进程后也没有发生什么事情，也不会再出现。。。安全模式下用卡巴斯基和EWIDO查杀有坏人但是也能杀光。。。用兔子修复IE，用卡卡修复IE,用卡卡还发现启动项也有坏人关闭以后重启还是一样。。。

啊啊啊啊啊。。。谁来救救偶啦。。。

下面是卡卡报告

germa - 2006-10-2 17:36:00

Logfile of Kaka v2. 0. 0. 9 Scan Module v2. 0. 0. 1
Scan saved at 17:13:51, on 2006-10-02
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))

Running processes:
[smss.exe]
CommandLine =

[csrss.exe]
CommandLine = C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[winlogon.exe]
CommandLine = winlogon.exe

[services.exe]
CommandLine = C:\WINDOWS\system32\services.exe

[lsass.exe]
CommandLine = C:\WINDOWS\system32\lsass.exe

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k DcomLaunch

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k rpcss

[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k netsvcs

[S24EvMon.exe]
CommandLine = C:\WINDOWS\system32\S24EvMon.exe

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k NetworkService

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k LocalService

[ZCfgSvc.exe]
CommandLine = ZCfgSvc.exe

[spoolsv.exe]
CommandLine = C:\WINDOWS\system32\spoolsv.exe

[explorer.exe]
CommandLine = C:\WINDOWS\Explorer.EXE

[ewido.exe]
CommandLine = "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

[PRONoMgr.exe]
CommandLine = "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"

[hkcmd.exe]
CommandLine = "C:\WINDOWS\system32\hkcmd.exe"

[AGRSMMSG.exe]
CommandLine = "C:\WINDOWS\AGRSMMSG.exe"

[ctfmon.exe]
CommandLine = "C:\WINDOWS\system32\ctfmon.exe"

[jiajiasr.exe]
CommandLine = "C:\Program Files\jj\jj4\jiajiasr.exe"

[RegSrvc.exe]
CommandLine = C:\WINDOWS\system32\RegSrvc.exe

[RoamMgr.exe]
CommandLine = C:\WINDOWS\system32\RoamMgr.exe

[1XConfig.exe]
CommandLine = C:\WINDOWS\system32\1XConfig.exe -Embedding

[alg.exe]
CommandLine = C:\WINDOWS\System32\alg.exe

[taskmgr.exe]
CommandLine = C:\WINDOWS\system32\taskmgr.exe

[wuauclt.exe]
CommandLine = "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[4e8]SUSDSed8979bebb635045a2f8f88f7f55354d

[IEXPLORE.EXE]
CommandLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE"

[KkScan.exe]
CommandLine = "C:\Program Files\Rising\KakaToolBar\KkScan.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [jiajiasr] C:\Program Files\jj\jj4\jiajiasr.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IntelFile] C:\WINDOWS\system32\IntelFile.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O20 - Winlogon Notify: igfxcui
O20 - Winlogon Notify: Sebring
O23 - Service: Security Machine Manager (DATEING) - - C:\WINDOWS\system32\rundll.exe c:\windows\system32\wbem\smtpconfs.dll,export 1087
O23 - Service: ewido anti-spyware 4.0 guard (ewido anti-spyware 4.0 guard) - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Human Interface Device Access (HidServ) - - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: kavsvc (kavsvc) - Kaspersky Lab - "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc (RegSrvc) - Intel Corporation - C:\WINDOWS\system32\regsrvc.exe
O23 - Service: RoamMgr (RoamMgr) - Intel Corporation - C:\WINDOWS\system32\roammgr.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\s24evmon.exe

germa - 2006-10-2 17:40:00

网上都没有好的解决办法。。。希望高手们出来主持正义打击坏人。。。哇咔咔咔。。。

秋日里的蓝天 - 2006-10-2 20:46:00

控制面板－－管理工具－－服务－－查找--Security Machine Manager --启动类型－－设置为已禁止--服务类型－－设置为停止

显示隐藏文件删除
c:\windows\system32\wbem\smtpconfs.dll

修复后,重启,还有异常,请下载SREng2 ，使用“智能扫描”，按下“扫描”按钮进行扫描，
扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。

下载地址
http://www.kztechs.com/sreng/sreng2.zip
http://free5.ys168.com/?ufwihgu168

germa - 2006-10-2 23:38:00

我停制服务了。但是找不到那个隐藏的文件。。。
重启之后刚开始挺好。。。过了一会它又出来了～～静悄悄的……可恶。。。
报告如下

2006-10-02,23:22:07

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<jiajiasr><C:\Program Files\jj\jj4\jiajiasr.exe> [加加开发组]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize> [Kaspersky Lab]
<!ewido><"C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized> [Anti-Malware Development a.s.]
<PRONoMgr.exe><C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe> [Intel(R) Corporation]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<IntelFile><C:\WINDOWS\system32\IntelFile.exe> [N/A]
<IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [(Verified)Intel Corporation]
<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Intel Corporation]
<AGRSMMSG><AGRSMMSG.exe> [(Verified)Agere Systems]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
<WinlogonNotify: Sebring><C:\WINDOWS\system32\LgNotify.dll> [Intel Corporation]

==================================

germa - 2006-10-2 23:39:00

启动文件夹
N/A

==================================
服务
[Security Machine Manager / DATEING]
<C:\WINDOWS\SYSTEM32\RUNDLL.EXE C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL,Export 1087><Microsoft Corporation>
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard]
<C:\Program Files\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[kavsvc / kavsvc]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"><Kaspersky Lab>
[Intel NCS NetService / NetSvc]
<C:\Program Files\Intel\NCS\Sync\NetSvc.exe><Intel(R) Corporation>
[RegSrvc / RegSrvc]
<C:\WINDOWS\system32\RegSrvc.exe><Intel Corporation>
[RoamMgr / RoamMgr]
<C:\WINDOWS\system32\RoamMgr.exe><Intel Corporation>
[Spectrum24 Event Monitor / S24EventMonitor]
<C:\WINDOWS\system32\S24EvMon.exe><Intel Corporation>

==================================
驱动程序
[Agere Systems Soft Modem / AgereSoftModem]
<system32\DRIVERS\AGRSM.sys><Agere Systems>
[Service for WDM 3D Audio Driver / ALCXSENS]
<system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Alps Pointing-device Filter Driver / ApfiltrService]
<system32\DRIVERS\Apfiltr.sys><Alps Electric Co., Ltd.>
[ewido anti-spyware 4.0 driver / ewido anti-spyware 4.0 driver]
<\??\C:\Program Files\ewido anti-spyware 4.0\guard.sys><N/A>
[GROWELL GW1031C MODEM / gwbxpc]
<system32\DRIVERS\gwbxpc.sys><N/A>
[ialm / ialm]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Kl1 / Kl1]
<\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
[Klif / Klif]
<System32\drivers\klif.sys><Kaspersky Labs>
[Klmc / Klmc]
<System32\drivers\klmc.sys><Kaspersky Lab>
[AEGIS Protocol (IEEE 802.1x) v2.2.1.0 / MDC8021X]
<system32\DRIVERS\mdc8021x.sys><Meetinghouse Data Communications>
[npkcrypt / npkcrypt]
<\??\C:\Program Files\Tencent\QQ2006\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp]
<\??\C:\Program Files\Tencent\QQ2006\npkycryp.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver / RTL8023]
<system32\DRIVERS\Rtlnic51.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[WLAN Transport / s24trans]
<system32\DRIVERS\s24trans.sys><Intel Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[TSP / TSP]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Labs>
[Intel(R) PRO/Wireless 7100 Adapter 驱动程序 / w70n51]
<system32\DRIVERS\w70n51.sys><Intel? Corporation>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}]
<system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}]
<system32\drivers\ialmkchw.sys><Intel Corporation>

==================================
浏览器加载项
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>

germa - 2006-10-2 23:40:00

==================================
正在运行的进程
[PID: 696][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 744][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 780][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\LgNotify.dll] [Intel Corporation, 4, 1, 0, 0]
[PID: 824][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 836][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1000][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1080][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1220][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1280][C:\WINDOWS\system32\S24EvMon.exe] [Intel Corporation , 4, 1, 0, 3]
[PID: 1320][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1388][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1728][C:\WINDOWS\system32\ZCfgSvc.exe] [Intel Corporation, 4, 1, 0, 53]
[C:\WINDOWS\system32\PfMgrApi.dll] [Intel Corporation, 4, 1, 0, 0]
[C:\WINDOWS\system32\PsRegApi.dll] [Intel Corporation, 4, 1, 0, 0]
[C:\WINDOWS\system32\WConfig.DLL] [Intel Corporation, 4, 1, 0, 1]
[C:\WINDOWS\system32\WiFiAdap.DLL] [Intel Corporation, 4, 1, 0, 0]
[C:\WINDOWS\system32\C1XStngs.dll] [, 4, 1, 0, 1]
[C:\Program Files\Intel\PROSet\CHS\ZcSvcCHS.dll] [Intel Corporation, 4, 1, 0, 53]
[C:\Program Files\Intel\PROSet\CHS\PmApiCHS.dll] [Intel Corporation, 4, 1, 0, 0]
[C:\WINDOWS\system32\S24MUDLL.dll] [Intel Corporation, 4, 1, 0, 3]
[C:\Program Files\Intel\PROSet\CHS\C1XStCHS.dll] [, 4, 1, 0, 1]
[PID: 1820][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SystemInput.dll] [N/A, N/A]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\Program Files\ewido anti-spyware 4.0\context.dll] [Anti-Malware Development a.s., 4, 0, 0, 172]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\shellex.dll] [Kaspersky Lab, 5.0.388.1]
[PID: 1968][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 512][C:\Program Files\ewido anti-spyware 4.0\ewido.exe] [Anti-Malware Development a.s., 4, 0, 0, 172]
[C:\Program Files\ewido anti-spyware 4.0\engine.dll] [Anti-Malware Development a.s., 4, 0, 0, 172]
[PID: 524][C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe] [Intel(R) Corporation, 6.1.303.0]
[C:\Program Files\Intel\NCS\PROSet\CHSPGUIR.dll] [Intel(R) Corporation, 6.1.303.0]
[C:\WINDOWS\system32\Pn802_11.dll] [Intel Corporation., 4, 1, 0, 0]
[C:\WINDOWS\system32\PfMgrApi.dll] [Intel Corporation, 4, 1, 0, 0]
[C:\WINDOWS\system32\PsRegApi.dll] [Intel Corporation, 4, 1, 0, 0]
[C:\WINDOWS\system32\WConfig.DLL] [Intel Corporation, 4, 1, 0, 1]
[C:\WINDOWS\system32\WiFiAdap.DLL] [Intel Corporation, 4, 1, 0, 0]
[C:\Program Files\Intel\PROSet\CHS\PNC11CHS.dll] [Intel Corporation., 4, 1, 0, 0]
[C:\WINDOWS\system32\S24MUDLL.dll] [Intel Corporation, 4, 1, 0, 3]
[C:\Program Files\Intel\PROSet\CHS\PmApiCHS.dll] [Intel Corporation, 4, 1, 0, 0]
[PID: 1032][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3,0,0,2104]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3,0,0,2104]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3,0,0,2104]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3,0,0,2104]
[C:\WINDOWS\system32\igfxhk.dll] [Intel Corporation, 3,0,0,2104]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3,0,0,2104]
[PID: 1152][C:\WINDOWS\AGRSMMSG.exe] [Agere Systems, 2.1.23 2.1.23 01/22/2003 17:47:39]
[PID: 1184][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1204][C:\Program Files\jj\jj4\jiajiasr.exe] [加加开发组, 4.0.1.28]
[PID: 1468][C:\WINDOWS\system32\RegSrvc.exe] [Intel Corporation, 4, 1, 0, 0]
[PID: 1524][C:\WINDOWS\system32\RoamMgr.exe] [Intel Corporation, 1, 0, 0, 2]
[C:\WINDOWS\system32\WiFiAdap.DLL] [Intel Corporation, 4, 1, 0, 0]
[C:\WINDOWS\system32\WConfig.DLL] [Intel Corporation, 4, 1, 0, 1]
[C:\WINDOWS\system32\PfMgrApi.dll] [Intel Corporation, 4, 1, 0, 0]
[C:\WINDOWS\system32\PsRegApi.dll] [Intel Corporation, 4, 1, 0, 0]
[C:\WINDOWS\system32\VPN.dll] [Intel Corporation, 4, 1, 0, 0]
[PID: 1840][C:\WINDOWS\system32\taskmgr.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 336][C:\WINDOWS\system32\1XConfig.exe] [Intel, 4, 1, 0, 3]
[C:\WINDOWS\system32\IntelAE5.dll] [Meetinghouse Data Communications, 1, 5, 1, 91]
[C:\WINDOWS\system32\SSLEAY32.dll] [N/A, N/A]
[C:\WINDOWS\system32\LIBEAY32.dll] [N/A, N/A]
[C:\WINDOWS\system32\PsRegApi.dll] [Intel Corporation, 4, 1, 0, 0]
[PID: 736][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3688][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2556][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SystemInput.dll] [N/A, N/A]
[PID: 2360][D:\软件安装包\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT Error. [notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. [hh.exe %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [notepad.exe %1]
.INF Error. [notepad.exe %1]
.VBS Error. [wscript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================

germa - 2006-10-2 23:44:00

对了。。。它米有占用CPU啊。。。但是占用10，XXX的内存。。。

值得一提的是。。。它会静悄悄出来以后如果我不关闭这个进程，一会儿它又静悄悄走了。。。

让我对这个问题百思不得其解。。。

germa - 2006-10-2 23:46:00

要郑重感谢秋日里的蓝天。。。世上还是很多好人哒！

秋日里的蓝天 - 2006-10-2 23:49:00

运行(双击)SRENG2，点“启动项目，服务，点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务Security Machine Manager ，选择“删除服务”
点“设置”选择“否”

运行SREng2,使用“启动项目”－－注册表－－选中以下的项删除
C:\WINDOWS\system32\IntelFile.exe

删除
C:\WINDOWS\system32\IntelFile.exe
C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL
C:\WINDOWS\system32\SystemInput.dll
C:\WINDOWS\system32\IntelAE5.dll
[C:\WINDOWS\system32\SSLEAY32.dll
[C:\WINDOWS\system32\LIBEAY32.dll
[C:\WINDOWS\system32\PsRegApi.dll

运行SREng2,使用：系统修复－－文件关联－－全选－－修复

germa - 2006-10-3 12:14:00

【回复“秋日里的蓝天”的帖子】

我深刻感受到“迎刃而解”这个成语的意义所在啊～～～

感谢您，好人～

瑞星卡卡安全论坛