大家帮我看看我的电脑怎么啦！！！ bbs.ikaka.com

协立小许 - 2006-11-5 21:05:00

各位大侠，我的电脑出麻烦了，望大家帮我看看怎么了，谢谢啦！！！
前段实践我下载了一个破解版的“精科电脑算命”软件，下载下来后，双击没有任何反映，我以为不能用，然后就删除了。不一会，我的电脑开始重启，刚要启动起来，又自动关机，然后又是重启。。。
后来我就重装了一次系统（系统盘为c盘，我装系统只格c盘），机子不频繁重启了，但却跳网站，后来用金山毒霸杀了一次毒，发现了三十几个病毒和三十几个危险程序，然后清除。。。
总以为一切都结束了，可没想到网站一样的往外跳，而且随便打开几个程序，机子的速度完全可以和蜗牛相媲美，还不止这些，万万没有想到的是：又开始重启了。。。
没有办法，再重装一次（因为我只会重装系统），重装后结果还是和前面的一样！
没有办法了，也不知道这是被改了注册表还是怎么回事有什么问题，各位大侠，帮帮我吧！我的工作不能离开这台电脑，可这电脑这样，哎。。。
大侠们，今晚帮我分析一下并赶快回复啊！我在线等你们的回复啦！！！谢谢啦！！！

墨西哥落羽杉 - 2006-11-5 21:10:00

1、你装完系统后没有安装补丁吧，就直接上网了，一定是中标了。
2、重装系统，格不格其他盘并不重要，装完后必须先装补丁，后装最新版杀毒软件（病毒库是当天或昨天的），再装防火墙，然后连网就没事了。
3、如今的网络已不再是五年前的网络了，不装补丁就想上网是不行的。

协立小许 - 2006-11-5 21:15:00

这位大师，要装什么补丁啊？推荐一下！！！我用金山毒霸查完毒后，现在我什么都不做，毒霸还经常提醒我说发现病毒，病毒名：win32.Troj.BHO.nd.112608，这是怎么回事啊！！！谢谢啦！！！

我怕aaa病毒 - 2006-11-5 21:27:00

下个木马杀软，你的机子有木马，还有，下个ＨＪ，选择＂扫描并保存日志＂把日志贴上了

协立小许 - 2006-11-5 21:32:00

谢谢这位大侠！再提供一点线索供大师帮我分析：我经常在c盘发现一些乱七八糟的文件，其中有一个“万能下载器”，我把他们删除后，过一会又会出来。。。
这是怎么回事啊，有时在d盘也会有一个文件！

红夜鬼1 - 2006-11-5 21:32:00

请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

我怕aaa病毒 - 2006-11-5 21:38:00

那个＂万能下载器＂应该是个病毒，你找下，可能有专杀，还有，你下个超级兔子魔法设置７.８５，清理一下机子

协立小许 - 2006-11-5 21:58:00

2006-11-05,21:42:18

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<bgswitch><C:\WINDOWS\system32\bgswitch.exe> [N/A]
<KavPFW><"C:\KAV2006\KPFW32.EXE"> [Kingsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<{D0FFF541-0516-2052-0925-010225200056}><"C:\Program Files\Common Files\{D0FFF541-0516-2052-0925-010225200056}\Update.exe" te-110-12-0000114> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<KavStart><"C:\KAV2006\KAVStart.exe" -startup> [Kingsoft Corporation]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><EXPLORER.EXE> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<NetWork><C:\WINDOWS\system32\cmspl.dll> []

==================================
启动文件夹
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[Microsoft Office]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>
[腾讯QQ]
<C:\Documents and Settings\xu\「开始」菜单\程序\启动\腾讯QQ.lnk --> C:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[Local Connection Manager / BARCASE]
<C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\KWWKYT09.DLL,Export 1087><Microsoft Corporation>
[eMagUpdt / eMagUpdt]
<C:\PROGRA~1\Push\eMagUpdt.exe -R><N/A>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[JMediaService / JMediaService]
<C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service><Microsoft Corporation>
[Kingsoft Personal Firewall Service / KPfwSvc]
<"C:\KAV2006\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc]
<C:\KAV2006\KWatch.EXE><Kingsoft Corporation>
[MessageService / MessageService]
<C:\WINDOWS\system32\Svchost.exe -k MessageService-->C:\WINDOWS\system32\MsServices\svchost.dll><N/A>
[msgsat / msgsat]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\Program Files\Messenger\msnhost.dll><>
[Standard Update Net Service / stdupnet]
<C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\stdupnet.dll,Service -s><Microsoft Corporation>
[Volume Optimization / Templates]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\dgescr50.dll><Microsoft Corporation>

协立小许 - 2006-11-5 21:59:00

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
<system32\drivers\ac97intc.sys><Intel Corporation>
[Albus / Albus]
<system32\drivers\Albus.SYS><N/A>
[cdnprot / cdnprot]
<\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[cdntran / cdntran]
<system32\drivers\cdntran.sys><CNNIC>
[i81x / i81x]
<system32\DRIVERS\i81xnt5.sys><Intel(R) Corporation>
[iAimFP0 / iAimFP0]
<system32\DRIVERS\wADV01nt.sys><Intel(R) Corporation>
[iAimFP1 / iAimFP1]
<system32\DRIVERS\wADV02NT.sys><Intel(R) Corporation>
[iAimFP2 / iAimFP2]
<system32\DRIVERS\wADV05NT.sys><Intel(R) Corporation>
[iAimFP3 / iAimFP3]
<system32\DRIVERS\wSiINTxx.sys><Intel(R) Corporation>
[iAimFP4 / iAimFP4]
<system32\DRIVERS\wVchNTxx.sys><Intel(R) Corporation>
[iAimFP5 / iAimFP5]
<system32\DRIVERS\wADV07nt.sys><Intel(R) Corporation>
[iAimFP6 / iAimFP6]
<system32\DRIVERS\wADV08nt.sys><Intel(R) Corporation>
[iAimFP7 / iAimFP7]
<system32\DRIVERS\wADV09nt.sys><Intel(R) Corporation>
[iAimTV0 / iAimTV0]
<system32\DRIVERS\wATV01nt.sys><Intel(R) Corporation>
[iAimTV1 / iAimTV1]
<system32\DRIVERS\wATV02NT.sys><Intel(R) Corporation>
[iAimTV3 / iAimTV3]
<system32\DRIVERS\wATV04nt.sys><Intel(R) Corporation>
[iAimTV4 / iAimTV4]
<system32\DRIVERS\wCh7xxNT.sys><Intel(R) Corporation>
[iAimTV5 / iAimTV5]
<system32\DRIVERS\wATV10nt.sys><Intel(R) Corporation>
[iAimTV6 / iAimTV6]
<system32\DRIVERS\wATV06nt.sys><Intel(R) Corporation>
[jr / jr]
<\??\C:\WINDOWS\system32\drivers\jr.sys><N/A>
[KNetWch / KNetWch]
<\??\C:\KAV2006\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3]
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[npkcrypt / npkcrypt]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[paraudio / paraudio]
<\??\C:\WINDOWS\system32\drivers\paraudio.sys><Microsoft Corporation>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[qayneo77 / qayneo77]
<\SystemRoot\system32\drivers\qayneo77.sys><N/A>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>

==================================
浏览器加载项
[IEMonitor Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\Program Files\DeskAdTop\deskipn.dll, N/A>
[IeEventObj Class]
{0FAFD871-DFE0-496D-8953-0D5BA28E9766} <C:\Program Files\Internet Explorer\PLUGINS\AviPlayer.dll, >
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, N/A>
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5156.dll, N/A>
[raObject Class]
{46F194EB-B7DB-4B7A-BD42-5FF39FD17664} <C:\PROGRA~1\pcast\hbcast.dll, N/A>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[Vision]
{6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\SCIntruder32.dll, N/A>
[Spoolsv Class]
{9C363D55-07D7-433d-A13E-D9C105202F6F} <C:\WINDOWS\system32\drivers\spoolsv.dll, N/A>
[888Bar]
{C004DEC2-2623-438e-9CA2-C9043AB28508} <C:\Program Files\Common Files\{30FFF541-0516-2052-0925-010225200056}\888Bar.dll, N/A>
[]
{D535F734-2810-47FE-B942-2F658E866E74} <C:\WINDOWS\system32\SqlIDhelper.dll, N/A>
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[888Bar]
{C004DEC2-2623-438e-9CA2-C9043AB28508} <C:\Program Files\Common Files\{30FFF541-0516-2052-0925-010225200056}\888Bar.dll, N/A>
[IEMonitor Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\Program Files\DeskAdTop\deskipn.dll, N/A>
[IeEventObj Class]
{0FAFD871-DFE0-496D-8953-0D5BA28E9766} <C:\Program Files\Internet Explorer\PLUGINS\AviPlayer.dll, >
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, N/A>
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5156.dll, N/A>
[raObject Class]
{46F194EB-B7DB-4B7A-BD42-5FF39FD17664} <C:\PROGRA~1\pcast\hbcast.dll, N/A>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[Vision]
{6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\SCIntruder32.dll, N/A>
[Spoolsv Class]
{9C363D55-07D7-433D-A13E-D9C105202F6F} <C:\WINDOWS\system32\drivers\spoolsv.dll, N/A>
[888Bar]
{C004DEC2-2623-438E-9CA2-C9043AB28508} <C:\Program Files\Common Files\{30FFF541-0516-2052-0925-010225200056}\888Bar.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[]
{D535F734-2810-47FE-B942-2F658E866E74} <C:\WINDOWS\system32\SqlIDhelper.dll, N/A>
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[>>彩信发送<<]
<res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[访问通用网址]
<C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

协立小许 - 2006-11-5 22:03:00

==================================
正在运行的进程
[PID: 428][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 476][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 500][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 544][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 556][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 720][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 784][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[PID: 872][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\messenger\msnhost.dll] [, 1, 2, 2, 1]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[PID: 952][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1020][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1236][C:\KAV2006\KWatch.EXE] [Kingsoft Corporation, 2005, 9, 27, 51]
[C:\KAV2006\KAVIPC2.DLL] [Kingsoft Corporation, 2004, 12, 28, 20]
[C:\KAV2006\KAEPlat.DLL] [Kingsoft Corp., 2006, 5, 30, 59]
[C:\KAV2006\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16]
[C:\KAV2006\KAEUnpack.DAT] [Kingsoft Corp., 2006, 7, 27, 59]
[PID: 1312][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[PID: 1376][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\cmspl.dll] [, 1, 0, 0, 1]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\KAV2006\KMailOEBand.dll] [N/A, 2006, 5, 19, 118]
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] [, 2, 1, 0, 4]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 0]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 2, 0, 4]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[PID: 1488][C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE] [Microsoft Corporation, 5.00.2134.1]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[PID: 1540][C:\PROGRA~1\Push\eMagUpdt.exe] [N/A, N/A]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[PID: 1636][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\MMSASS~1\MMSSVER.DLL] [, 1, 2, 0, 6]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[PID: 1708][C:\KAV2006\KPfwSvc.EXE] [Kingsoft Corporation, 2005, 9, 5, 28]
[PID: 1816][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\stdupnet.dll] [ , 4, 1, 0, 3]
[PID: 1896][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 192][C:\KAV2006\KAVStart.exe] [Kingsoft Corporation, 2006, 9, 27, 210]
[C:\KAV2006\KAVIPC2.DLL] [Kingsoft Corporation, 2004, 12, 28, 20]
[C:\KAV2006\KAVPassp.dll] [Kingsoft Corporation, 2006, 6, 7, 252]
[C:\KAV2006\PopSprt3.dll] [Kingsoft Corporation, 2006, 9, 26, 38]
[C:\KAV2006\KMailOEBand.dll] [N/A, 2006, 5, 19, 118]
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] [, 2, 1, 0, 4]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 0]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 2, 0, 4]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[PID: 228][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3536]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 236][C:\Program Files\CNNIC\Cdn\cdnup.exe] [, 2, 4, 0, 3]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 2, 0, 4]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 0]
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] [, 2, 1, 0, 4]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\KAV2006\KMailOEBand.dll] [N/A, 2006, 5, 19, 118]
[PID: 304][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 296][C:\KAV2006\KPFW32.EXE] [Kingsoft Corporation, 2006, 8, 9, 615]
[C:\KAV2006\KAVIPC2.DLL] [Kingsoft Corporation, 2004, 12, 28, 20]
[C:\KAV2006\KAConfig.DLL] [Kingsoft Corporation, 2005, 3, 23, 30]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 2, 0, 4]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 0]
[C:\KAV2006\FiltList.dll] [N/A, N/A]
[C:\KAV2006\KAVPassp.DLL] [Kingsoft Corporation, 2006, 6, 7, 252]
[C:\KAV2006\KMailOEBand.dll] [N/A, 2006, 5, 19, 118]
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] [, 2, 1, 0, 4]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\KAV2006\KAEPlat.DLL] [Kingsoft Corp., 2006, 5, 30, 59]
[C:\KAV2006\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16]
[C:\KAV2006\KAEUnpack.DAT] [Kingsoft Corp., 2006, 7, 27, 59]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[PID: 896][C:\KAV2006\KMailMon.EXE] [Kingsoft Corporation, 2006, 4, 12, 106]
[C:\KAV2006\KAntiSpm.dll] [N/A, 1, 0, 0, 2]
[C:\KAV2006\KAVIPC2.DLL] [Kingsoft Corporation, 2004, 12, 28, 20]
[C:\KAV2006\KAECall2.DLL] [Kingsoft Corporation, 2004, 12, 28, 7]
[C:\KAV2006\KAEPlat.DLL] [Kingsoft Corp., 2006, 5, 30, 59]
[C:\KAV2006\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16]
[C:\KAV2006\KAEUnpack.DAT] [Kingsoft Corp., 2006, 7, 27, 59]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 2, 0, 4]
[C:\KAV2006\KAConfig.DLL] [Kingsoft Corporation, 2005, 3, 23, 30]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\KAV2006\KMailOEBand.dll] [N/A, 2006, 5, 19, 118]
[C:\PROGRA~1\Push\pushupdt.dll] [http://www.118go.com/, 1.0.0]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[PID: 2848][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2006\KMailOEBand.dll] [N/A, 2006, 5, 19, 118]
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] [, 2, 1, 0, 4]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 0]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 2, 0, 4]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\Program Files\Internet Explorer\PLUGINS\AviPlayer.dll] [, 1, 0, 0, 1]
[C:\Program Files\Common Files\CPUSH\cpush0.dll] [N/A, 1.0.1.6]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[C:\Program Files\Tencent\QQ\QQIEHelper.dll] [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
[C:\PROGRA~1\MMSASS~1\mmsass~1.dll] [, 1, 2, 0, 6]
[C:\WINDOWS\system32\SqlIDhelper.dll] [N/A, N/A]
[C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll] [CNNIC, 1, 1, 0, 0]
[C:\KAV2006\KAScript.DLL] [Kingsoft Corporation, 2006, 2, 10, 60]
[C:\KAV2006\KAEPlat.DLL] [Kingsoft Corp., 2006, 5, 30, 59]
[C:\KAV2006\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16]
[C:\KAV2006\KAEUnpack.DAT] [Kingsoft Corp., 2006, 7, 27, 59]
[C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] [Macromedia, Inc., 8,0,22,0]
[PID: 1392][C:\Documents and Settings\xu\桌面\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\KAV2006\KMailOEBand.dll] [N/A, 2006, 5, 19, 118]
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] [, 2, 1, 0, 4]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 0]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 2, 0, 4]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]

协立小许 - 2006-11-5 22:03:00

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP Error. [winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 LOCALHOST
127.0.0.1 WWW.POWERNUM123.COM
127.0.0.1 WWW.POWERNUM123.COM.CN
127.0.0.1 POWERNUM123.COM
127.0.0.1 POWERNUM123.COM.CN
127.0.0.1 WWW.CHEBL.COM
127.0.0.1 WWW.CHEBL.CN
127.0.0.1 WWW.CHEBL.COM.CN
127.0.0.1 CHEBL.COM
127.0.0.1 CHEBL.COM.CN
127.0.0.1 CHEBL.CN
127.0.0.1 WWW.CHEBULUO.COM.CN
127.0.0.1 WWW.CHEBULUO.COM
127.0.0.1 WWW.CHEBULUO.CN
127.0.0.1 CHEBULUO.COM.CN
127.0.0.1 CHEBULUO.COM
127.0.0.1 CHEBULUO.CN
127.0.0.1 WWW.17SP.COM
127.0.0.1 WWW.17SP.COM.CN
127.0.0.1 17SP.COM
127.0.0.1 17SP.COM.CN
127.0.0.1 WWW.FEIKONG.COM
127.0.0.1 WWW.FEIKONG.COM.CN
127.0.0.1 WWW.FEIKONG.CN
127.0.0.1 FEIKONG.COM
127.0.0.1 FEIKONG.COM.CN
127.0.0.1 FEIKONG.CN
127.0.0.1 WWW.HACONG.COM
127.0.0.1 HACONG.COM
127.0.0.1 WWW.XBXBXBXB.COM
127.0.0.1 WWW.SOBT.COM
127.0.0.1 WWW.SOBT.COM.CN
127.0.0.1 WWW.SOBT.CN
127.0.0.1 WWW.SOBT.NET
127.0.0.1 SOBT.COM
127.0.0.1 SOBT.COM.CN
127.0.0.1 SOBT.CN
127.0.0.1 SOBT.NET
127.0.0.1 WWW.XBXBXBXBXB.COM
127.0.0.1 XBXBXBXB.COM
127.0.0.1 XBXBXBXBXB.COM
127.0.0.1 WWW.NFSINFO.COM
127.0.0.1 NFSINFO.COM
127.0.0.1 CRMEASE.COM
127.0.0.1 HONGBANGZHU.COM
127.0.0.1 LINUX007.COM
127.0.0.1 LOSPLE.COM
127.0.0.1 LOSTEMPLE.COM
127.0.0.1 WWW.CRMEASE.COM
127.0.0.1 WWW.HONGBANGZHU.COM
127.0.0.1 WWW.LINUX007.COM
127.0.0.1 WWW.LOSPLE.COM
127.0.0.1 WWW.LOSTEMPLE.COM
127.0.0.1 SMARTALLYES.COM
127.0.0.1 51CPM.NET
127.0.0.1 51CPM.COM
127.0.0.1 YIQILAI.COM
127.0.0.1 UPDATE.SMARTALLYES.COM
127.0.0.1 MDMDMDMDMD.COM
127.0.0.1 WWW.SMARTALLYES.COM
127.0.0.1 WWW.51CPM.NET
127.0.0.1 WWW.51CPM.COM
127.0.0.1 WWW.YIQILAI.COM
127.0.0.1 WWW.MDMDMDMDMD.COM
127.0.0.1 QUANTUMBIZS.COM
127.0.0.1 WWW.QUANTUMBIZS.COM
127.0.0.1 PDSHN.COM
127.0.0.1 WWW.PDSHN.COM
127.0.0.1 PKPKPK.COM
127.0.0.1 WWW.PKPKPK.COM
127.0.0.1 PKPKPK.NET
127.0.0.1 WWW.PKPKPK.NET
127.0.0.1 OOOOOS.COM
127.0.0.1 WWW.OOOOOS.COM
127.0.0.1 CCTV06.COM
127.0.0.1 WWW.CCTV06.COM
127.0.0.1 FEIXIN.ORG
127.0.0.1 WWW.FEIXIN.ORG
127.0.0.1 PENGK.COM
127.0.0.1 WWW.PENGK.COM
127.0.0.1 QQYE.COM
127.0.0.1 WWW.QQYE.COM
127.0.0.1 XIA3.COM
127.0.0.1 WWW.XIA3.COM
127.0.0.1 XIAZAI1.COM
127.0.0.1 WWW.XIAZAI1.COM
127.0.0.1 CCWINFO.NET
127.0.0.1 WWW.CCWINFO.NET
127.0.0.1 DDPDDP.COM
127.0.0.1 WWW.DDPDDP.COM

==================================

协立小许 - 2006-11-5 22:05:00

各位大师，我把扫描的文件传上来了，大家帮我看看是怎么啦！谢谢啦！！！

红夜鬼1 - 2006-11-5 22:11:00

运行(双击)SRENG2，点“启动项目，服务，点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
Local Connection Manager
JMediaService
MessageService
msgsat
Standard Update Net Service
Volume Optimization
，选择“删除服务”
点“设置”选择“否”

运行SREng2,使用“启动项目”－－注册表－－删除
}><"C:\Program Files\Common Files\{D0FFF541-0516-2052-0925-010225200056}\Update.exe
运行SREng2,使用“启动项目”－－启动文件夹－－删除
C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
运行SREng2,使用“系统修复”－－浏览器加载项－－删除
IEMonitor Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\Program Files\DeskAdTop\deskipn.dll, N/A>
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5156.dll, N/A>
Spoolsv Class]
{9C363D55-07D7-433d-A13E-D9C105202F6F} <C:\WINDOWS\system32\drivers\spoolsv.dll, N/A
Vision]
{6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >

重启按F８进入安全模式下修复
显示隐藏文件
删除：
C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE
C:\WINDOWS\SYSTEM32\WBEM\KWWKYT09.DLL
C:\PROGRA~1\MMSASS~1\MMSSVER.DLL
C:\WINDOWS\system32\MsServices\svchost.dll
C:\Program Files\Messenger\msnhost.dll
C:\WINDOWS\system32\stdupnet.dll
C:\WINDOWS\system32\dgescr50.dll
}><"C:\Program Files\Common Files\{D0FFF541-0516-2052-0925-010225200056}\Update.exe
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
C:\Program Files\DeskAdTop\deskipn.dll
C:\WINDOWS\system32\drivers\spoolsv.dll
C:\PROGRA~1\MMSASS~1\mmsass~1.dll
C:\WINDOWS\system32\cdnns.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5156.dll这个无法删除就去http://forum.ikaka.com/topic.asp?board=28&artid=8174324

协立小许 - 2006-11-5 22:16:00

12楼大哥，我怎么在运行里打不开SRENG2啊，这个怎么打开啊？

spiritfire - 2006-11-5 22:19:00

重装完系统，肯定要先把杀软升到最新，进安全模式，才能进别的分区，不然肯定还会中招！

红夜鬼1 - 2006-11-5 22:21:00

把SRENG2.EXE改为SRENG2.COM运行后再改为SRENG2.exe
做完后,在安全模式下全面杀毒

瑞星卡卡安全论坛