大侠们，救命啊，我中了47个病毒，但是用瑞星杀不掉，希望大家帮小妹个忙 bbs.ikaka.com

我叫林若 - 2006-10-6 20:53:00

病毒名称
Worm.UsbSpy.a
Worm.Wukill.a
Exploit.ActiveXComponent.a
Trojan.DL.Agent.lwz
Trojan.DL.Agent.lwz
Trojan.Scamp.a
Worm.Wukill.a
Trojan.DL.Agent.lwa
Trojan.Scamp.a
Trojan.DL.Agent.lwz
Trojan.DL.Agent.wpf
Worm.UsbSpy.a
未知Windows病毒
未知Windows病毒
未知Windows病毒
Worm.Wukill.a
Trojan.StartPage.tbe
Trojan.StartPage.tbe
Trojan.StartPage.tbe
Exploit.ActiveXComponent.a
Worm.Wukill.a
Exploit.ActiveXComponent.a
Backdoor.Agent.cfl
Dropper.Agent.bha
Trojan.DL.Agent.hqe
Worm.Wukill.a
Script.VBS.Starter.a
Worm.Wukill.a
Worm.Wukill.a
Exploit.ActiveXComponent.a
Trojan.DL.LMir.jl
Trojan.DL.LMir.jl
Trojan.DL.LMir.jl
Trojan.DL.LMir.jl
Backdoor.Agent.cfl
Trojan.DL.QQHelper.ep
Backdoor.PcClient.ixy
Backdoor.PcClient.ixy
Worm.Logo.b
Worm.Logo.b
Worm.Logo.b
Worm.Logo.b
Worm.Logo.b
Worm.Logo.b
Worm.Logo.b
Worm.Logo.b
Trojan.DL.Agent.ifh
Exploit.ActiveXComponent.a

水树雨下 - 2006-10-6 20:55:00

去下个威金专杀，全盘杀毒，杀不干净只能格全盘

爬围墙上青天 - 2006-10-6 21:07:00

哇`病毒好多啊```日志让我看看``

我叫林若 - 2006-10-6 21:29:00

病毒名称路径
Worm.UsbSpy.a wincfgs.exe>>C:\windows\system32\wincfgs.exe
Worm.Wukill.a Mstray.exe>>C:\WINDOWS\Mstray.exe
Exploit.ActiveXComponent.a C:
Trojan.DL.Agent.lwz C:\Documents and Settings\黄权俊`\Templates\ba5f887
Trojan.DL.Agent.lwz C:\Program Files\Common Files\IE-Bar
Trojan.Scamp.a C:\Program Files\Common Files\IE-Bar
Worm.Wukill.a C:\WINDOWS
Trojan.DL.Agent.lwa C:\WINDOWS\system
Trojan.Scamp.a C:\WINDOWS\system
Trojan.DL.Agent.lwz C:\WINDOWS\system\e415f783
Trojan.DL.Agent.wpf C:\WINDOWS\system32
Worm.UsbSpy.a C:\WINDOWS\system32
未知Windows病毒 C:\WINDOWS\Temp
未知Windows病毒 C:\WINDOWS\Temp
未知Windows病毒 C:\WINDOWS\Temp
Worm.Wukill.a c:
Trojan.StartPage.tbe D:\System Volume Information\_restore{39FFCF4A-9327-44C0-A7D8-D66820552D3E}\RP7
Trojan.StartPage.tbe D:\System Volume Information\_restore{39FFCF4A-9327-44C0-A7D8-D66820552D3E}\RP7
Trojan.StartPage.tbe D:\System Volume Information\_restore{39FFCF4A-9327-44C0-A7D8-D66820552D3E}\RP7
Exploit.ActiveXComponent.a D:
Worm.Wukill.a D:\系统的错误
Exploit.ActiveXComponent.a E:
Backdoor.Agent.cfl F:\System Volume Information\_restore{5F10E6E9-01F2-40FE-B499-4C8CB872FCF3}\RP15
Dropper.Agent.bha F:\System Volume Information\_restore{A16994B4-28AA-49BD-B0E8-016F307691EE}\RP12
Trojan.DL.Agent.hqe F:\System Volume Information\_restore{A16994B4-28AA-49BD-B0E8-016F307691EE}\RP12
Worm.Wukill.a F:\FOUND.011
Script.VBS.Starter.a F:\FOUND.011
Worm.Wukill.a F:\FOUND.011
Worm.Wukill.a F:\FOUND.011
Exploit.ActiveXComponent.a F:
Trojan.DL.LMir.jl F:\游戏\梦幻国度\外挂
Trojan.DL.LMir.jl F:\游戏\梦幻国度\外挂
Trojan.DL.LMir.jl F:\游戏\梦幻国度\外挂
Trojan.DL.LMir.jl F:\游戏\梦幻国度\外挂
Backdoor.Agent.cfl F:\游戏\红色警戒\c&c2Yuri
Trojan.DL.QQHelper.ep F:\游戏\浩方对战平台\浩方对战平台
Backdoor.PcClient.ixy F:\QQ\QQ游戏
Backdoor.PcClient.ixy F:\QQ\QQ游戏\2005103109215215903
Worm.Logo.b F:\QQ\最新版的QQ\QQFileCache
Worm.Logo.b F:\QQ\最新版的QQ\QQFileCache
Worm.Logo.b F:\QQ\最新版的QQ\QQFileCache
Worm.Logo.b F:\QQ\最新版的QQ\QQFileCache
Worm.Logo.b F:\QQ\最新版的QQ\QQFileCache
Worm.Logo.b F:\QQ\最新版的QQ\QQFileCache
Worm.Logo.b F:\QQ\最新版的QQ\QQFileCache
Worm.Logo.b F:\QQ\最新版的QQ\QQFileCache
Trojan.DL.Agent.ifh F:\QQ
Exploit.ActiveXComponent.a G:

newcenturymoon - 2006-10-6 21:43:00

关闭系统还原右击我的电脑属性系统还原把在所有驱动器上关闭系统还原的钩挑上然后确定
然后下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

我叫林若 - 2006-10-6 21:54:00

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<MsWind><F:\白猫清洁工\白猫清理工\MsWind.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><C:\windows\system32\wincfgs.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [(Verified)Realtek Semiconductor Corp.]
<ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<MsWind><F:\白猫清洁工\白猫清理工\MsWind.exe> [N/A]
<YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [Yahoo! China]
<yassistse><"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"> [Yahoo! China]
<CnsMin><Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32> [北京三七二一科技有限公司]
<EyeTel><D:\EyeTel\EyeTel\EyeTel.exe -a> [N/A]
<Update><C:\Program Files\Common Files\UPDAT\Update.exe> [N/A]
<1029666><C:\WINDOWS\system32\1029666.exe> [N/A]
<RavTask><"F:\10月5日\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<RavStub><"F:\10月5日\Rising\Rav\ravstub.exe" /RUNONCE> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll> [Yahoo! China]
<{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\downlo~1\CnsHook.dll> [北京三七二一科技有限公司]
<{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll> [YAHOO Corporation Limited]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<DelayRun><C:\WINDOWS\system\a58d6680.dll> [N/A]

==================================
启动文件夹
[-14045]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\-14045.lnk --> C:\WINDOWS\system32\-14045.exe [N/A]><N>
[-14213]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\-14213.lnk --> C:\WINDOWS\system32\-14213.exe [N/A]><N>
[IE-Bar]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\IE-Bar.lnk --> C:\PROGRA~1\COMMON~1\IE-Bar\iebar.exe [N/A]><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\system32\Ati2evxx.exe><N/A>
[ATI Smart / ATI Smart]
<C:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[JMediaService / JMediaService]
<C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service><Microsoft Corporation>
[NT Data Provider / Mercha2]
<C:\WINDOWS\SYSTEM32\RUNDLL.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter]
<"F:\10月5日\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"F:\10月5日\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Tech / Tech]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\spted.dll><Microsoft Corporation>

我叫林若 - 2006-10-6 21:56:00

驱动程序
[325687 / 325687]
<\SystemRoot\System32\drivers\325687.sys><N/A>
[a0 / a0]
<\SystemRoot\\SystemRoot\System32\drivers\325687.sys><N/A>
[Albus / Albus]
<\SystemRoot\system32\drivers\Albus.SYS><N/A>
[Service for WDM 3D Audio Driver / ALCXSENS]
<system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[BaseTDI / BaseTDI]
<\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[CnsMinKP / CnsMinKP]
<\SystemRoot\system32\drivers\CnsMinKP.sys><Copyright (C) 3721 Corporation.>
[ExpScaner / ExpScaner]
<\??\F:\10月5日\Rising\Rav\ExpScan.sys><>
[fsprot / fsprot]
<system32\drivers\fsprot.sys><Microsoft Corporation>
[HookCont / HookCont]
<\??\F:\10月5日\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
<\??\F:\10月5日\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
<\??\F:\10月5日\Rising\Rav\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN]
<\??\F:\10月5日\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[moprot / moprot]
<system32\drivers\moprot.sys><Windows System Internal>
[Netgroup Packet Filter / NPF]
<system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt]
<\??\F:\QQ\外来人QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[SVKP / SVKP]
<\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>
[VIA AGP Filter / viaagp1]
<\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[ViaIde / ViaIde]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>

我叫林若 - 2006-10-6 21:57:00

浏览器加载项
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v8.dll, Thunder Networking Technologies,LTD>
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll, yahoo! china>
[]
{3D898C55-74CC-4B7C-B5F1-45913F368388} <F:\白猫清洁工\白猫清理工\MsWind.DLL, N/A>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <F:\QQ\最新版的QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, yahoo! china>
[Vision]
{6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\downlo~1\CnsHook.dll, 北京三七二一科技有限公司>
[BHelper Class]
{F2E37336-BFDB-409B-8D0E-6F013C438B20} <C:\WINDOWS\system\a58o6680.dll, N/A>
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yassist.dll, Yahoo! China>
[]
{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
[Yahoo 3.5G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
{59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[雅虎WIDGET]
{6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <F:\QQ\最新版的QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll, yahoo! china>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Filetran Control]
{88734439-46D0-42C0-A13F-7E881EE550CF} <C:\PROGRA~1\Bluesky\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v8.dll, Thunder Networking Technologies,LTD>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Recorder Control]
{2423AB16-9F42-457B-A337-FE3B11964DB0} <C:\PROGRA~1\Bluesky\BLUESK~1\recorder.ocx, Bluesky Studio (http://www.bluesky.cn)>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[BlueskyVideo Control]
{2EA6D939-4445-43F1-A12B-8CB3DDA8B855} <C:\PROGRA~1\Bluesky\BLUESK~1\v2.ocx, 蓝天工作室(http://www.bluesky.cn)>
[Share Control]
{3072B1F1-0C4D-4E76-A7C6-FBAF129DBCC9} <C:\PROGRA~1\Bluesky\BLUESK~1\share.ocx, http://www.bluesky.cn>
[Yahoo!Photo]
{33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll, yahoo! china>
[]
{3D898C55-74CC-4B7C-B5F1-45913F368388} <F:\白猫清洁工\白猫清理工\MsWind.DLL, N/A>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll, yahoo! china>
[HHCtrl Object]
{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <F:\QQ\最新版的QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Yahoo!Live]
{57421194-58FB-49AE-9B4F-FD48869B9AD4} <C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll, yahoo! china>
[PP Control]
{616DACC1-C5E6-4646-B36A-3FA4FC726BAD} <C:\PROGRA~1\Bluesky\BLUESK~1\ppc.ocx, Bluesky Studio (http://www.bluesky.cn)>
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, yahoo! china>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Vision]
{6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[PP Control]
{7005341F-8E42-47E3-987B-3DBE6288048C} <C:\PROGRA~1\Bluesky\BLUESK~1\pp.ocx, Bluesky Studio (http://www.bluesky.cn)>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[Videohelp Control]
{75B75D86-D88B-4BEA-BC59-BFD9D7300518} <C:\PROGRA~1\Bluesky\BLUESK~1\VIDEOH~1.OCX, Bluesky Studio(http://www.bluesky.cn)>
[Filetran Control]
{88734439-46D0-42C0-A13F-7E881EE550CF} <C:\PROGRA~1\Bluesky\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[Chat Control]
{94EFE58C-E678-4808-AD65-24CE4B94C1FE} <C:\PROGRA~1\Bluesky\BLUESK~1\chat.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Blueskyvoice Control]
{991481A7-4669-4e15-8C24-100404E1F5CB} <C:\PROGRA~1\Bluesky\BLUESK~1\BLUESK~2.OCX, 蓝天工作室(http://www.bluesky.cn)>
[Display Control]
{A1D97DB3-E564-4743-B2E7-6F5182CBF406} <C:\PROGRA~1\Bluesky\BLUESK~1\display.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Tracechat Control]
{A40335C4-D3D1-4E7B-9130-039CDA5B603C} <C:\PROGRA~1\Bluesky\BLUESK~1\TRACEC~1.OCX, bluesky studio>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[3721]
{B83FC273-3522-4CC6-92EC-75CC86678DA4} <C:\WINDOWS\downlo~1\CnsMin.dll, 北京三七二一科技有限公司>
[Blueskyvoice Control]
{BA0F088C-72C1-475a-92F8-42391DEF6961} <C:\PROGRA~1\Bluesky\BLUESK~1\BLUESK~1.OCX, 蓝天工作室(http://www.bluesky.cn)>
[Client Control]
{C7B0C764-5D4E-433E-A854-591F28520577} <C:\PROGRA~1\Bluesky\BLUESK~1\client.ocx, >
[Play Control]
{CC20DDA1-9A21-4DEC-B5BE-E61E0351FCA9} <C:\PROGRA~1\Bluesky\BLUESK~1\play.ocx, Bluesky Studio (http://www.bluesky.cn)>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\downlo~1\CnsHook.dll, 北京三七二一科技有限公司>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[BHelper Class]
{F2E37336-BFDB-409B-8D0E-6F013C438B20} <C:\WINDOWS\system\a58o6680.dll, N/A>
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yassist.dll, Yahoo! China>
[ >> 彩信发送 <<]
<res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A>
[&使用迅雷下载]
<F:\网络工具\迅雷\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<F:\网络工具\迅雷\getallurl.htm, N/A>
[>>彩信发送<<]
<res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm, N/A>
[Google 搜索(&G)]
<res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
[上传到QQ网络硬盘]
<F:\QQ\qq2005\AddToNetDisk.htm, N/A>
[反向链接]
<res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html, N/A>
[添加到QQ自定义面板]
<F:\QQ\qq2005\AddPanel.htm, N/A>
[添加到QQ表情]
<F:\QQ\qq2005\AddEmotion.htm, N/A>
[添加到雅虎订阅(&Y)]
<res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll/YRSSMENUEXT, N/A>
[用QQ彩信发送该图片]
<F:\QQ\qq2005\SendMMS.htm, N/A>
[类似网页]
<res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html, N/A>
[缓存的网页快照]
<res://c:\program files\google\GoogleToolbar2.dll/cmcache.html, N/A>
[翻译英文字词(&T)]
<res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html, N/A>
[雅虎搜索]
<res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/203, N/A>

我叫林若 - 2006-10-6 21:58:00

文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================

枫枫神话 - 2006-10-6 22:41:00

学习喽。

我叫林若 - 2006-10-6 23:25:00

大哥们：帮帮忙吧

蓝色孔雀花 - 2006-10-7 0:29:00

中毒不浅,帮你顶一下!

我叫林若 - 2006-10-7 9:45:00

大侠们：来帮我看看啊

金色港湾 - 2006-10-7 10:19:00

楼主的电脑是公用的吧,太惨了.你应该请懂电脑的帮你杀了,杀度软件只杀不帮你打扫战场的,要不就冲装系统吧,同情ING.

我叫林若 - 2006-10-7 12:43:00

大侠们：求命了啊

无比上上狼 - 2006-10-7 13:05:00

帮你顶~LZ给newcenturymoon发个短信息请他来帮忙好了~

瑞星卡卡安全论坛