刚装好的系统，又着病毒!！！！ bbs.ikaka.com

lawrendc - 2006-10-29 9:53:00

前天刚装好的系统，也将系统做了更新，可是昨天又着病毒了，老是弹出一些莫名的网页而且进程有些奇怪的进程还弹出这个页面，打开我的电脑或其他程序慢得不行，到底我要怎样做？？？？

千禧鸟ST - 2006-10-29 9:56:00

我替版主提醒你一下，要解决问题，先做以下几步：

下载SREng，下载地址：http://free5.ys168.com/?ljs3509,在反病毒及安全工具区。
文件名：Sreng2.zip。

下载SREng用户手册，下载地址：http://free5.ys168.com/?ljs3509,在反病毒及安全工具区。
文件名：SREngHelp2.chm。

使用方法：扫描前请关闭所有手工打开的软件和窗口.运行软件，点击智能扫描――> 扫描，完成后点击保存报告，将日志文件全部内容复制-粘贴到论坛上。日志一次粘不完，分次粘完. 请勿修改日志内容！

lawrendc - 2006-10-29 10:11:00

2006-10-29,09:56:45

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<bgswitch><C:\WINDOWS\system32\bgswitch.exe> [N/A]
<updatereal><C:\WINDOWS\realupdate.exe other> [N/A]
<KavPFW><"C:\KAV2006\KPFW32.EXE"> [Kingsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<{9C41D71E-069D-2052-0324-030818030056}><"C:\Program Files\Common Files\{9C41D71E-069D-2052-0324-030818030056}\Update.exe" te-110-12-0000057> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe> [N/A]
<System><C:\WINDOWS\system32\hc.exe> []
<KavStart><"C:\KAV2006\KAVStart.exe" -startup> [Kingsoft Corporation]
<RichMedia><C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows> [Shanghai Henbang Technology Co., Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<221.exe><; C:\DOCUME~1\dengcong\LOCALS~1\Temp\221.exe Auto> [N/A]
<KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
<Load><; C:\WINDOWS\system\tpkIM32.exe> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<msnnt><; C:\WINDOWS\winamph.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<RichMedia><; C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows> [Shanghai Henbang Technology Co., Ltd]
<spoolsv><; C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer> [N/A]
<StormCodec_Helper><; "d:\Pro\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [N/A]
<System><; C:\WINDOWS\system32\hc.exe> []
<winla><; c:\winla\winla.exe> []

lawrendc - 2006-10-29 10:12:00

==================================
启动文件夹
N/A

==================================
服务
[ASP.NET State Service / aspnet_state]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Personal Firewall Service / KPfwSvc]
<"C:\KAV2006\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc]
<C:\KAV2006\KWatch.EXE><Kingsoft Corporation>
[Machine Debug Manager / MDM]
<"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"><Microsoft Corporation>
[Distributed Link Tracking Server / TrkWks]
<C:\WINDOWS\system32\svchost.exe -k netsvsc-->%SystemRoot%\system32\est.dll><Microsoft Corporation>
[Windows Media Connect Service / WMConnectCDS]
<C:\Program Files\Windows Media Connect 2\wmccds.exe><Microsoft Corporation>

==================================
驱动程序
[Service for Avance AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[cdnprot / cdnprot]
<\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[KNetWch / KNetWch]
<\??\C:\KAV2006\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3]
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[New0 / New0]
<\??\C:\WINDOWS\system32\new.sys><N/A>
[npkcrypt / npkcrypt]
<\??\d:\Pro\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>

newcenturymoon - 2006-10-29 10:13:00

<System><; C:\WINDOWS\system32\hc.exe> []
<winla><; c:\winla\winla.exe> []<msnnt>
<; C:\WINDOWS\winamph.exe> []
<Load><; C:\WINDOWS\system\tpkIM32.exe> [N/A]

<221.exe><; C:\DOCUME~1\dengcong\LOCALS~1\Temp\221.exe Auto> [N/A]
<System><C:\WINDOWS\system32\hc.exe> []
updatereal><C:\WINDOWS\realupdate.exe other> [N/A]
<{9C41D71E-069D-2052-0324-030818030056}><"C:\Program Files\Common Files\{9C41D71E-069D-2052-0324-030818030056}\Update.exe" te-110-12-0000057> [N/A]
都是病毒

lawrendc - 2006-10-29 10:16:00

==================================
正在运行的进程
[PID: 440][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 492][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 516][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 560][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 572][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 824][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 892][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 972][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1060][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1156][C:\KAV2006\KWatch.EXE] [Kingsoft Corporation, 2005, 9, 27, 51]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2006\KAVIPC2.DLL] [Kingsoft Corporation, 2004, 12, 28, 20]
[C:\KAV2006\KAEPlat.DLL] [Kingsoft Corp., 2005, 12, 29, 56]
[C:\KAV2006\KAEMem.DAT] [Kingsoft, 2006, 4, 12, 13]
[C:\KAV2006\KAEUnpack.DAT] [Kingsoft Corp., 2006, 3, 21, 17]
[PID: 1188][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1340][C:\WINDOWS\system32\inetsrv\inetinfo.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[PID: 1364][C:\KAV2006\KPfwSvc.EXE] [Kingsoft Corporation, 2005, 9, 5, 28]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1392][C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe] [Microsoft Corporation, 7.10.3077]
[C:\Program Files\Common Files\Microsoft Shared\VS7Debug\2052\mdmui.dll] [Microsoft Corporation, 7.10.3077]
[C:\Program Files\Common Files\Microsoft Shared\VS7Debug\csm.dll] [Microsoft Corporation, 7.10.3077]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll] [Microsoft Corporation, 7.10.3077]
[PID: 1468][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\est.dll] [Microsoft Corporation, 5.2.2600.2180]
[PID: 1936][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 0]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\Program Files\DeskAdTop\fshook.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\ATIDEMGREDEM.dll] [N/A, N/A]
[d:\Pro\Thunder Network\Thunder\ComDlls\XunLeiBHO_004.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
[C:\WINDOWS\articleder.dll] [N/A, N/A]
[D:\Pro\KuGoo3\KuGoo3DownXControl.ocx] [N/A, N/A]
[PID: 164][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1020][C:\WINDOWS\system32\ad1.exe] [Microsoft Corporation, 5.380.0690]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2006\KAScript.DLL] [Kingsoft Corporation, 2006, 2, 10, 60]
[C:\KAV2006\KAEPlat.DLL] [Kingsoft Corp., 2005, 12, 29, 56]
[C:\KAV2006\KAEMem.DAT] [Kingsoft, 2006, 4, 12, 13]
[C:\KAV2006\KAEUnpack.DAT] [Kingsoft Corp., 2006, 3, 21, 17]
[PID: 1408][C:\Program Files\CNNIC\Cdn\cdnup.exe] [, 2, 4, 0, 3]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 0]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1644][C:\KAV2006\KAVStart.exe] [Kingsoft Corporation, 2006, 4, 10, 196]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 0]
[C:\KAV2006\KAVIPC2.DLL] [Kingsoft Corporation, 2004, 12, 28, 20]
[C:\KAV2006\PopSprt3.dll] [Kingsoft Corporation, 2005, 12, 6, 30]
[C:\KAV2006\KAVPassp.dll] [Kingsoft Corporation, 2006, 4, 19, 233]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1904][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\pcast\hbcast.dll] [Shanghai Henbang Technology Co., Ltd, 1, 1, 3, 8]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 0]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1464][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 0]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 2060][C:\KAV2006\KMailMon.EXE] [Kingsoft Corporation, 2005, 10, 8, 85]
[C:\KAV2006\KAntiSpm.dll] [N/A, 1, 0, 0, 2]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\KAV2006\KAVIPC2.DLL] [Kingsoft Corporation, 2004, 12, 28, 20]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 0]
[C:\KAV2006\KAECall2.DLL] [Kingsoft Corporation, 2004, 12, 28, 7]
[C:\KAV2006\KAEPlat.DLL] [Kingsoft Corp., 2005, 12, 29, 56]
[C:\KAV2006\KAEMem.DAT] [Kingsoft, 2006, 4, 12, 13]
[C:\KAV2006\KAEUnpack.DAT] [Kingsoft Corp., 2006, 3, 21, 17]
[C:\KAV2006\KAConfig.DLL] [Kingsoft Corporation, 2005, 3, 23, 30]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 2072][C:\KAV2006\KPFW32.EXE] [Kingsoft Corporation, 2006, 4, 3, 611]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 0]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\KAV2006\KAVIPC2.DLL] [Kingsoft Corporation, 2004, 12, 28, 20]
[C:\KAV2006\KAConfig.DLL] [Kingsoft Corporation, 2005, 3, 23, 30]
[C:\KAV2006\FiltList.dll] [N/A, N/A]
[C:\KAV2006\KAVPassp.DLL] [Kingsoft Corporation, 2006, 4, 19, 233]
[C:\KAV2006\KAEPlat.DLL] [Kingsoft Corp., 2005, 12, 29, 56]
[C:\KAV2006\KAEMem.DAT] [Kingsoft, 2006, 4, 12, 13]
[C:\KAV2006\KAEUnpack.DAT] [Kingsoft Corp., 2006, 3, 21, 17]
[C:\KAV2006\KAScript.DLL] [Kingsoft Corporation, 2006, 2, 10, 60]
[C:\Program Files\DeskAdTop\fshook.dll] [, 1, 0, 0, 1]
[PID: 2332][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\DeskAdTop\Run.dll] [, 1, 0, 0, 1]
[C:\Program Files\DeskAdTop\fshook.dll] [, 1, 0, 0, 1]
[PID: 2444][D:\常用软件\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 0]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\Program Files\DeskAdTop\fshook.dll] [, 1, 0, 0, 1]

lawrendc - 2006-10-29 10:17:00

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP Error. [winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
61.135.150.114 www.8000qq.com
61.135.150.114 www.800f.net
61.135.150.114 www.1000sf.cn
61.135.150.114 jfengsha.comfb
61.135.150.114 www.1000yf.net
61.135.150.114 www.159sifu.com
61.135.150.114 www.9s5.cn
61.135.150.114 www.spbuy.net
61.135.150.114 www.wym.cn
61.135.150.114 www.cc4f.cn
61.135.150.114 mafan.net
61.135.150.114 www.6688qn.net
61.135.150.114 www.177z.com
61.135.150.114 www.131sf.net
61.135.150.114 tj.cntg.cn
61.135.150.114 www.spbuy.net
61.135.150.114 www.china45.net
61.135.150.114 www.ok22.com
61.135.150.114 www.17mi.net
61.135.150.114 www.sf8.com.cn
61.135.150.114 www.13177.com
61.135.150.114 ip94.fd4f.com
61.135.150.114 www.521it.net
61.135.150.114 www.ytdj.cn
61.135.150.114 www.fwoool.cn
61.135.150.114 www.5u37.net
61.135.150.114 www.87sf.com
61.135.150.114 ww1.swoool.com
61.135.150.114 wooljsz.cn
61.135.150.114 www.57wool.com
61.135.150.114 www.58816.com
61.135.150.114 www.spbuy.net
61.135.150.114 chuanqisjsf.blwool.com
61.135.150.114 www.woool188.com
61.135.150.114 www.sf1260.com
61.135.150.114 linf23.b12.cnwg.cn
61.135.150.114 www.wooolweb.com
61.135.150.114 www.yq520.net
61.135.150.114 www.cs222.com
61.135.150.114 www.ok22.com
61.135.150.114 www.7100sf.com
61.135.150.114 www.1352sf.com
61.135.150.114 www.458wool.cn
61.135.150.114 www.555woool.cn
61.135.150.114 www.kaosf.com
61.135.150.114 www.siyuwl.com
61.135.150.114 www.csjsz.cn
61.135.150.114 www.13177.com
61.135.150.114 www.458cs.com
61.135.150.114 www.5573.com
61.135.150.114 www.02945.com
61.135.150.114 www.pkchina.net
61.135.150.114 www.5181314.com
61.135.150.114 www.fknf2.com
61.135.150.114 www2.yoursf.com
61.135.150.114 www.paocs.com
61.135.150.114 www.sfboke.com
61.135.150.114 www.tt878.com
61.135.150.114 ww1.woool188.com
61.135.150.114 www.cs119.com
61.135.150.114 www.xdwoool.net
61.135.150.114 www.tt515.com
61.135.150.114 www.cs176.com
61.135.150.114 www.552sf.com
61.135.150.114 www.ipmir.com
61.135.150.114 www.898woool.com
61.135.150.114 www.qqks.com
61.135.150.114 www.368idc.com
61.135.150.114 www.csbaba.com
61.135.150.114 www.4745.cn
61.135.150.114 www.636400.com
61.135.150.114 www.oursf.cn
61.135.150.114 www.laiba173.com
61.135.150.114 www.14455.com
61.135.150.114 www.zheshan.net
61.135.150.114 zt.aaaaasf.cn
61.135.150.114 www.zt1314.cn
61.135.150.114 www.zt4f.net
61.135.150.114 www.zt002.com
61.135.150.114 www.amir3.com
61.135.150.114 www.sf1717.com
61.135.150.114 www.cq333.cn
61.135.150.114 www.3316.cn
61.135.150.114 www.sosmir3.com
61.135.150.114 www.95279.com
61.135.150.114 www.sf1788.com
61.135.150.114 www.4fboss.com
61.135.150.114 www.45net.net
61.135.150.114 www.ytdj.cn
61.135.150.114 www.laiba173.com
61.135.150.114 www.wow1314.com
61.135.150.114 www.zgwow.com
61.135.150.114 www.1000wow.net
61.135.150.114 www.gowowsf.com
61.135.150.114 www.wowsf.com
61.135.150.114 www.wxwow.com
61.135.150.114 520.xinwow.com
61.135.150.114 www.wowhelp.cn
61.135.150.114 www.800wow.com
61.135.150.114 www.56wow.com
61.135.150.114 www.45wow.com
61.135.150.114 www.sfhao123.net
61.135.150.114 www.lian2.cn
61.135.150.114 www.14455.com
61.135.150.114 www.sfgoogle.cn
61.135.150.114 www.45top.com
61.135.150.114 www.915mu.com
61.135.150.114 www.gm911.net
61.135.150.114 www.4000mu.com
61.135.150.114 www.99musf.com
61.135.150.114 www.mu45.com
61.135.150.114 www.369mu.com
61.135.150.114 www.525sf.com
61.135.150.114 www.2345w.com
61.135.150.114 www.3jsf.net
61.135.150.114 www.ttfsf.com
61.135.150.114 www.521ee.com
61.135.150.114 www.997j.com
61.135.150.114 www.wz4f.net
61.135.150.114 www.hott2.com
61.135.150.114 www.398q.com
61.135.150.114 www.tt1314.com
61.135.150.114 www.tt2sf.net
61.135.150.114 www.sifu114.com
61.135.150.114 www.2z2.cn
61.135.150.114 www.haosf.com
61.135.150.114 www.cqsf999.com
61.135.150.114 www.zhaosf.com
61.135.150.114 www.920666.com
61.135.150.114 www.450666.com
61.135.150.114 www.3000ok.com
61.135.150.114 www.3000ok.net
61.135.150.114 www.sf001.com
61.135.150.114 www.92045.com
61.135.150.114 www.45bang.com
61.135.150.114 www.30ok.com
61.135.150.114 www.cqsf999.com
61.135.150.114 www.sf123.com
61.135.150.114 www.sf920.com
61.135.150.114 www.99945.com
61.135.150.114 www.176sf.com
61.135.150.114 www.mir2mir2.com
61.135.150.114 www.33520.com
61.135.150.114 www.xp13.com
61.135.150.114 www.45yes.com
61.135.150.114 www.920666.com
61.135.150.114 www.450666.com
61.135.150.114 www.92095.com
61.135.150.114 www.17ww.com
61.135.150.114 www.4000sf.com
61.135.150.114 www.haouc.com
61.135.150.114 www.921uc.com
61.135.150.114 17126.uc999.com
61.135.150.114 www.45pao.com
61.135.150.114 www.177g.com
61.135.150.114 www.95217.com
61.135.150.114 www.2345sf.com

==================================

lawrendc - 2006-10-29 10:17:00

谁能帮我看看，怎么处理？？？谢谢~~~`

lawrendc - 2006-10-29 10:20:00

版主呢？？怎么没人来帮我解决啊？？？线上等~~~~`

lawrendc - 2006-10-29 10:21:00

高手呢？？？救救我~~```

baohe - 2006-10-29 10:21:00

【回复“lawrendc”的帖子】
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<updatereal><C:\WINDOWS\realupdate.exe other> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<{9C41D71E-069D-2052-0324-030818030056}><"C:\Program Files\Common Files\{9C41D71E-069D-2052-0324-030818030056}\Update.exe" te-110-12-0000057> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe> [N/A]
<System><C:\WINDOWS\system32\hc.exe> []
<RichMedia><C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows> [Shanghai Henbang Technology Co., Ltd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<221.exe><; C:\DOCUME~1\dengcong\LOCALS~1\Temp\221.exe Auto> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
<Load><; C:\WINDOWS\system\tpkIM32.exe> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<msnnt><; C:\WINDOWS\winamph.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<RichMedia><; C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows> [Shanghai Henbang Technology Co., Ltd]
<System><; C:\WINDOWS\system32\hc.exe> []
<winla><; c:\winla\winla.exe> []

删除这些启动项。
重启。
显示隐藏文件。
删除上述启动项指向的文件。
修复hosts文件（只保留其中的127.0.0.1 localhost）

newcenturymoon - 2006-10-29 10:22:00

打开sreng 启动项注册表删除
<System><; C:\WINDOWS\system32\hc.exe> []
<winla><; c:\winla\winla.exe> []<msnnt>
<; C:\WINDOWS\winamph.exe> []
<Load><; C:\WINDOWS\system\tpkIM32.exe> [N/A]

<221.exe><; C:\DOCUME~1\dengcong\LOCALS~1\Temp\221.exe Auto> [N/A]
<System><C:\WINDOWS\system32\hc.exe> []
updatereal><C:\WINDOWS\realupdate.exe other> [N/A]
<{9C41D71E-069D-2052-0324-030818030056}><"C:\Program Files\Common Files\{9C41D71E-069D-2052-0324-030818030056}\Update.exe" te-110-12-0000057> [N/A]
重启计算机删除上述对应文件
然后用记事本打开C:\windows\system32\etc\hosts
删除61.135.150.114 www.8000qq.com
61.135.150.114 www.800f.net
61.135.150.114 www.1000sf.cn
61.135.150.114 jfengsha.comfb
61.135.150.114 www.1000yf.net
61.135.150.114 www.159sifu.com
61.135.150.114 www.9s5.cn
61.135.150.114 www.spbuy.net
61.135.150.114 www.wym.cn
61.135.150.114 www.cc4f.cn
61.135.150.114 mafan.net
61.135.150.114 www.6688qn.net
61.135.150.114 www.177z.com
61.135.150.114 www.131sf.net
61.135.150.114 tj.cntg.cn
61.135.150.114 www.spbuy.net
61.135.150.114 www.china45.net
61.135.150.114 www.ok22.com
61.135.150.114 www.17mi.net
61.135.150.114 www.sf8.com.cn
61.135.150.114 www.13177.com
61.135.150.114 ip94.fd4f.com
61.135.150.114 www.521it.net
61.135.150.114 www.ytdj.cn
61.135.150.114 www.fwoool.cn
61.135.150.114 www.5u37.net
61.135.150.114 www.87sf.com
61.135.150.114 ww1.swoool.com
61.135.150.114 wooljsz.cn
61.135.150.114 www.57wool.com
61.135.150.114 www.58816.com
61.135.150.114 www.spbuy.net
61.135.150.114 chuanqisjsf.blwool.com
61.135.150.114 www.woool188.com
61.135.150.114 www.sf1260.com
61.135.150.114 linf23.b12.cnwg.cn
61.135.150.114 www.wooolweb.com
61.135.150.114 www.yq520.net
61.135.150.114 www.cs222.com
61.135.150.114 www.ok22.com
61.135.150.114 www.7100sf.com
61.135.150.114 www.1352sf.com
61.135.150.114 www.458wool.cn
61.135.150.114 www.555woool.cn
61.135.150.114 www.kaosf.com
61.135.150.114 www.siyuwl.com
61.135.150.114 www.csjsz.cn
61.135.150.114 www.13177.com
61.135.150.114 www.458cs.com
61.135.150.114 www.5573.com
61.135.150.114 www.02945.com
61.135.150.114 www.pkchina.net
61.135.150.114 www.5181314.com
61.135.150.114 www.fknf2.com
61.135.150.114 www2.yoursf.com
61.135.150.114 www.paocs.com
61.135.150.114 www.sfboke.com
61.135.150.114 www.tt878.com
61.135.150.114 ww1.woool188.com
61.135.150.114 www.cs119.com
61.135.150.114 www.xdwoool.net
61.135.150.114 www.tt515.com
61.135.150.114 www.cs176.com
61.135.150.114 www.552sf.com
61.135.150.114 www.ipmir.com
61.135.150.114 www.898woool.com
61.135.150.114 www.qqks.com
61.135.150.114 www.368idc.com
61.135.150.114 www.csbaba.com
61.135.150.114 www.4745.cn
61.135.150.114 www.636400.com
61.135.150.114 www.oursf.cn
61.135.150.114 www.laiba173.com
61.135.150.114 www.14455.com
61.135.150.114 www.zheshan.net
61.135.150.114 zt.aaaaasf.cn
61.135.150.114 www.zt1314.cn
61.135.150.114 www.zt4f.net
61.135.150.114 www.zt002.com
61.135.150.114 www.amir3.com
61.135.150.114 www.sf1717.com
61.135.150.114 www.cq333.cn
61.135.150.114 www.3316.cn
61.135.150.114 www.sosmir3.com
61.135.150.114 www.95279.com
61.135.150.114 www.sf1788.com
61.135.150.114 www.4fboss.com
61.135.150.114 www.45net.net
61.135.150.114 www.ytdj.cn
61.135.150.114 www.laiba173.com
61.135.150.114 www.wow1314.com
61.135.150.114 www.zgwow.com
61.135.150.114 www.1000wow.net
61.135.150.114 www.gowowsf.com
61.135.150.114 www.wowsf.com
61.135.150.114 www.wxwow.com
61.135.150.114 520.xinwow.com
61.135.150.114 www.wowhelp.cn
61.135.150.114 www.800wow.com
61.135.150.114 www.56wow.com
61.135.150.114 www.45wow.com
61.135.150.114 www.sfhao123.net
61.135.150.114 www.lian2.cn
61.135.150.114 www.14455.com
61.135.150.114 www.sfgoogle.cn
61.135.150.114 www.45top.com
61.135.150.114 www.915mu.com
61.135.150.114 www.gm911.net
61.135.150.114 www.4000mu.com
61.135.150.114 www.99musf.com
61.135.150.114 www.mu45.com
61.135.150.114 www.369mu.com
61.135.150.114 www.525sf.com
61.135.150.114 www.2345w.com
61.135.150.114 www.3jsf.net
61.135.150.114 www.ttfsf.com
61.135.150.114 www.521ee.com
61.135.150.114 www.997j.com
61.135.150.114 www.wz4f.net
61.135.150.114 www.hott2.com
61.135.150.114 www.398q.com
61.135.150.114 www.tt1314.com
61.135.150.114 www.tt2sf.net
61.135.150.114 www.sifu114.com
61.135.150.114 www.2z2.cn
61.135.150.114 www.haosf.com
61.135.150.114 www.cqsf999.com
61.135.150.114 www.zhaosf.com
61.135.150.114 www.920666.com
61.135.150.114 www.450666.com
61.135.150.114 www.3000ok.com
61.135.150.114 www.3000ok.net
61.135.150.114 www.sf001.com
61.135.150.114 www.92045.com
61.135.150.114 www.45bang.com
61.135.150.114 www.30ok.com
61.135.150.114 www.cqsf999.com
61.135.150.114 www.sf123.com
61.135.150.114 www.sf920.com
61.135.150.114 www.99945.com
61.135.150.114 www.176sf.com
61.135.150.114 www.mir2mir2.com
61.135.150.114 www.33520.com
61.135.150.114 www.xp13.com
61.135.150.114 www.45yes.com
61.135.150.114 www.920666.com
61.135.150.114 www.450666.com
61.135.150.114 www.92095.com
61.135.150.114 www.17ww.com
61.135.150.114 www.4000sf.com
61.135.150.114 www.haouc.com
61.135.150.114 www.921uc.com
61.135.150.114 17126.uc999.com
61.135.150.114 www.45pao.com
61.135.150.114 www.177g.com
61.135.150.114 www.95217.com
61.135.150.114 www.2345sf.com
下载超级兔子清理流氓软件

lawrendc - 2006-10-29 10:23:00

就这样就ok了吗？？？

newcenturymoon - 2006-10-29 10:24:00

这样的步骤已经很复杂了
你中了很多病毒

lawrendc - 2006-10-29 10:41:00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe> [N/A]

这个怎么都删不掉~~~ 怎么处理

newcenturymoon - 2006-10-29 10:41:00

C:\Program Files\CNNIC\Cdn\cdnup.exe>
超级兔子卸载是网络实名软件

高歌猛进 - 2006-10-29 10:52:00

[PID: 1020][C:\WINDOWS\system32\ad1.exe] [Microsoft Corporation, 5.380.0690]
还有马儿↑

千禧鸟ST - 2006-10-29 10:53:00

C:\Program Files\Common Files\{9C41D71E-069D-2052-0324-030818030056}\Update.exe
这个病毒在Internet临时文件夹里，最好先清空临时文件夹，否则删除后又来了！！！
打开IE，“工具”－“Internet选项”－“常规”点击删除文件，然后勾选删除脱机内容

lawrendc - 2006-10-29 11:09:00

<221.exe><; C:\DOCUME~1\dengcong\LOCALS~1\Temp\221.exe Auto> [N/A]
这个没有找到？在哪儿呢？？

然后用记事本打开C:\windows\system32\etc\hosts 这个位置下我没看见etc文件夹，我打开了显示隐藏文件的

另外哪个木马怎么处理？？ad1.exe 进程里没有系统文件夹下也没找到

lawrendc - 2006-10-29 11:13:00

另外,我的系统在启动后报错: 加载 c:windows\system32\xggjpf68.dll时出错,另一程序正在使用,进程无法访问.
这又怎么处理???谢谢~~~~`

lawrendc - 2006-10-29 11:21:00

怎么没人搭理了???进程有个wuauclt.exe 进程关不掉关了后又自动打开,用sreng又没看见在启动中有

高歌猛进 - 2006-10-29 11:25:00

用Icesword试试看,这么多,晕

高歌猛进 - 2006-10-29 11:27:00

把自动更新给关了

lawrendc - 2006-10-29 11:30:00

帮帮忙嘛~~~~~ 谢谢了~~~~

lawrendc - 2006-10-29 11:47:00

<RichMedia><C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows> [Shanghai Henbang Technology Co., Ltd]
这里边的dll文件也要一并删除吗?? 怎么没人理了????

瑞星卡卡安全论坛