QQ迷你首页病毒！我头都大了！ bbs.ikaka.com

laov - 2006-11-15 13:05:00

开机的时候每次都自动弹出来，卡巴斯基报毒sys.exe和syste.exe，sys.exe在进程里删不了，自己手动删除，下次还有，郁闷。
2006-11-15,12:39:57

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<kis><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"> [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]

==================================
启动文件夹
[服务器管理]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务器管理.lnk><N>
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk><N>

==================================
服务
[卡巴斯基互联网安全套装 6.0 / AVP]
<"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
[COM+ System User / COMSysUser]
<><N/A>
[MRTServ / MRTServ]
<><N/A>
[ninetowns_iCSP_sm / ninetowns_iCSP_sm]
<c:\program files\ninetowns corp\icsp_sm\icsp.remoteservice.exe><九城口岸软件科技有限公司>
[Rising Proxy Service / RfwProxySrv]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd]
<"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>

==================================
浏览器加载项
[Web反病毒保护]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
[雅虎WIDGET]
{6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[ToolBar888]
{C004DEC2-2623-438e-9CA2-C9043AB28508} <C:\Program Files\Common Files\{34CCBE23-0B75-2052-1212-050220040056}\MyToolBar.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[byna &BHO]
{00000011-04FA-11D1-B7DA-00A0C9010000} <F:\MOVIE\BiGet\bigetband.dll, N/A>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v8.dll, >
[DwHlper Class]
{00C56AB9-175C-4D7D-AA94-0352B8A9FD16} <d:\Program Files\LONGMAN6250 PCSYNC\DwMGrLM6250.dll, N/A>
[MeadCo ScriptX]
{1663ED61-23EB-11D2-B92F-008048FDD814} <C:\WINDOWS\system32\MCScripX.dll, Mead & Co Limited>
[UserCpuCard Control]
{16F2448E-8C16-11D1-9A11-0080C8E1561F} <C:\WINDOWS\system32\USERCP~1.OCX, EPort>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Abobe Flash Play9]
{BD328E49-38AB-42CB-8EEA-73AA4CD2A6FD} <C:\Program Files\Abobe Flash Play9\0602323.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[ToolBar888]
{C004DEC2-2623-438E-9CA2-C9043AB28508} <C:\Program Files\Common Files\{34CCBE23-0B75-2052-1212-050220040056}\MyToolBar.dll, N/A>
[CIEHelper Object]
{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} <C:\WINDOWS\system32\ms.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[LiteHtmlInstall Class]
{F6119B33-74FB-42C8-862E-FA3A5AAB9F5A} <F:\MOVIE\BiGet\webinstall.dll, Shenzhen Byna Networking Technology Co.,Ltd.>
[Byna 搜索(&B)]
<res://F:\MOVIE\BiGet\bigetcatch.dll/bigetsearch.html, N/A>
[使用BiGet下载]
<res://F:\MOVIE\BiGet\bigetcatch.dll/bigethttp.html, N/A>

laov - 2006-11-15 13:07:00

==================================
正在运行的进程
[PID: 464][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 536][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 568][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 612][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 624][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 768][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 836][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 904][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] <Kaspersky Lab><6.0.0.299>
[C:\olite\bin\oci.dll] <Oracle Corporation><8.0.5.0.1>
[C:\olite\bin\ORA805.dll] <Oracle Corporation><8.0.5.0.0>
[C:\olite\bin\CORE40.dll] <Oracle Corporation><4.0.5.0.0>
[C:\olite\bin\NLSRTL33.dll] <Oracle Corporation><3.3.2.0.0>
[C:\olite\bin\NL80.dll] <Oracle Corporation><8.0.4.0.0 Production>
[C:\olite\bin\OTRACE80.dll] <Oracle Corporation><8.0.4.0.0>
[C:\olite\bin\NS80.dll] <Oracle Corporation><8.0.4.0.2 Production>
[C:\olite\bin\nasns80.dll] <Oracle Corporation><8.0.4.0.0 Production>
[C:\olite\bin\nz80.dll] <Oracle Corporation><8.0.4.0.0 Production>
[C:\olite\bin\NNFG80.dll] <Oracle Corporation><8.0.4.0.1 Production>
[C:\olite\bin\NNCI80.dll] <Oracle Corporation><8.0.4.0.0 Production>
[C:\olite\bin\NNG80.dll] <Oracle Corporation><8.0.4.0.2 Production>
[C:\olite\bin\NMP80.dll] <Oracle Corporation><8.0.4.0.0 Production>
[C:\olite\bin\NPL80.dll] <Oracle Corporation><8.0.4.0.0 Production>
[C:\olite\bin\NR80.dll] <Oracle Corporation><8.0.4.0.0 Production>
[C:\olite\bin\NT80.dll] <Oracle Corporation><8.0.4.0.1 Production>
[C:\olite\bin\NCR80.dll] <Oracle Corporation><8.0.4.0.0 Production>
[C:\olite\bin\NMS80.dll] <Oracle Corporation><8.0.4.0.0 Production>
[C:\olite\bin\NNFD80.dll] <Oracle Corporation><8.0.4.0.0 Production>
[C:\olite\bin\NNFN80.dll] <Oracle Corporation><8.0.4.0.0 Production>
[C:\olite\bin\NI80.dll] <Oracle Corporation><8.0.4.0.0 Production>
[C:\olite\bin\PLS805.dll] <Oracle Corporation><8.0.5.0.0>
[C:\olite\bin\NDWSI80.DLL] <N/A><N/A>
[C:\olite\bin\SQLLib80.dll] <Oracle Corporation><8.0.5.0.0>
[C:\olite\bin\xa80.dll] <Oracle Corporation><8.0.5.0.0>
[PID: 988][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1116][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1168][c:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 30>
[c:\program files\rising\rfw\RfwRule.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 12>
[c:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
[c:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 20>
[c:\program files\rising\rfw\MonDrv.dll] <rs><1, 0, 0, 4>
[c:\program files\rising\rfw\ProcLib.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[PID: 1388][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[C:\WINDOWS\system32\hpzll3xu.dll] <Hewlett-Packard Company><60.051.641.00>
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp3xu.dll] <Hewlett-Packard Corporation><60.051.641.00>
[PID: 1484][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\zxjrjn89.dll] <N/A><N/A>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll] <Kaspersky Lab><6.0.0.299>
[PID: 1632][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.34>
[PID: 1656][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1668][C:\Program Files\Ninetowns Corp\iCSP_SM\iProcessAgent.exe] < ><1.0.2246.29914>
[c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a434c54b\mscorlib.dll] <N/A><N/A>
[c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_5b47296f\system.windows.forms.dll] <N/A><N/A>
[c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_0e7e01ed\system.dll] <N/A><N/A>
[c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_84c8a948\system.drawing.dll] <N/A><N/A>
[PID: 164][c:\program files\ninetowns corp\icsp_sm\icsp.remoteservice.exe] <九城口岸软件科技有限公司><1.0.3725.476>
[c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a434c54b\mscorlib.dll] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\userservice.mod] <N/A><N/A>
[c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_0e7e01ed\system.dll] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\icsp.enterprisemanagement.dll] < ><1.0.2253.17110>
[c:\program files\ninetowns corp\icsp_sm\messagemonitor.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\icsp.resumablefiletransfer.dll] < ><1.0.2253.17121>
[c:\program files\ninetowns corp\icsp_sm\transfertaskmonitoritemsegment.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\servicebuyermanager.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\iservicebuyermanagement.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\organizationdistributorservicebuyer.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\bizrelationappl.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\buyerinfo.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\icsp.serviceupdate.dll] < ><1.0.2265.27562>
[c:\program files\ninetowns corp\icsp_sm\smversionsynchronizer.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\icsp.log.dll] <Neoworks Limited><1.2.0.30714>
[c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_8620a1e2\system.xml.dll] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\icsp.commonutil.dll] < ><1.0.3725.476>
[c:\program files\ninetowns corp\icsp_sm\stringutil.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\icsp.sessionmanagement.dll] < ><1.0.2253.17106>
[c:\program files\ninetowns corp\icsp_sm\serversessionmanager.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\iserversessionmanagement.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\session.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\smserviceinstaller.mod] <N/A><N/A>

laov - 2006-11-15 13:08:00

[c:\program files\ninetowns corp\icsp_sm\icsp.priceandordermanagement.dll] < ><0.0.0.0>
[c:\program files\ninetowns corp\icsp_sm\ordermsglistener.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\transfermanager.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\itransfer.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\pmservicemanager.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\iservermanagement.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\servicemodule.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\serviceresumeappl.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\serviceprivilege.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\serviceadapter.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\icsp.ormapping.dll] < ><1.0.3725.476>
[c:\program files\ninetowns corp\icsp_sm\serviceinstance.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\smupdatemanager.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\ismserviceupdate.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\updateinfo.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\unprocessedtaskinfo.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\stubmanager.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\messagequeimpl.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\transfermanagerimpl.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\transfertask.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\icsp.commonfunction.dll] < ><1.0.3725.476>
[c:\program files\ninetowns corp\icsp_sm\generator.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\localloader.mod] <N/A><N/A>
[PID: 164][c:\documents and settings\localservice\local settings\application data\assembly\dl2\lv3nm01y.gt5\y5l6jz4e.3d5\e29d3e4e\00d58b20_58d1c601\es3000ent.framework.mp1.exe] < ><1.0.0.1>
[c:\documents and settings\localservice\local settings\application data\assembly\dl2\lv3nm01y.gt5\y5l6jz4e.3d5\653a1fb7\00d58b20_58d1c601\es3000ent.framework.interfacempi.dll] < ><1.0.0.0>
[c:\documents and settings\localservice\local settings\application data\assembly\dl2\lv3nm01y.gt5\y5l6jz4e.3d5\e869ad57\00d58b20_58d1c601\es3000ent.commoncomponents.ormapping.dll] < ><1.0.0.0>
[c:\program files\ninetowns corp\icsp_sm\log4net.dll] <Neoworks Limited><1.2.0.30714>
[c:\program files\ninetowns corp\icsp_sm\dbinfo.mod] <N/A><N/A>
[c:\documents and settings\localservice\local settings\application data\assembly\dl2\lv3nm01y.gt5\y5l6jz4e.3d5\4296eae7\00d58b20_58d1c601\es3000ent.businessrule.dll] < ><1.0.2392.23953>
[c:\program files\ninetowns corp\icsp_sm\irdexclient.dll] <Ninetowns Inc.><3.1.2252.26297>
[c:\program files\ninetowns corp\icsp_sm\interop.jro.dll] < ><2.6.0.0>
[c:\program files\ninetowns corp\icsp_sm\sax.dll] < ><0.9.7.1>
[c:\program files\ninetowns corp\icsp_sm\aelfred.dll] < ><1.0.1721.27620>
[c:\program files\ninetowns corp\icsp_sm\icsp.b2bmessagemanagement.dll] < ><1.0.2253.17112>
[c:\program files\ninetowns corp\icsp_sm\localxmppmessagemanager.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\icsp.apiinvoker.dll] < ><1.0.3725.476>
[c:\program files\ninetowns corp\icsp_sm\remoteprotocol.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\remoteaccessmanager.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\iremoteaccess.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\icsp.security.dll] < ><1.0.2253.17101>
[c:\program files\ninetowns corp\icsp_sm\rc4.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\remoteaccessors.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\messagewrapper.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\receiverecord.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\hdinfo.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\scsi.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\ide.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\atapidevice.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\systeminfo.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\icspproxy.mod] <N/A><N/A>
[c:\program files\ninetowns corp\icsp_sm\icsp.permissionmanagement.dll] < ><1.0.2253.17117>
[c:\program files\ninetowns corp\icsp_sm\smpermissionmanager.mod] <N/A><N/A>

laov - 2006-11-15 13:08:00

[PID: 1912][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2172][C:\WINDOWS\system32\wbem\wmiapsrv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2532][C:\WINDOWS\system32\wbem\wmiprvse.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 392][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~2.DLL] <N/A><N/A>
[C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopAPI2.dll] <N/A><N/A>
[C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopResources_zh_cn.dll] <N/A><N/A>
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] <Kaspersky Lab><6.0.0.299>
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll] <Kaspersky Lab><1.0.6.299>
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll] <Kaspersky Lab><6.0.0.299>
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\pr_remote.dll] <Kaspersky Lab><6.0.0.299>
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll] <Kaspersky Lab><6.0.0.299>
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl] <Kaspersky Lab><6.0.0.299>
[c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl] <Kaspersky Lab><6.0.0.299>
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[PID: 3588][G:\反病毒工具\系统修复\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] <Kaspersky Lab><6.0.0.299>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

laov - 2006-11-15 13:09:00

从那里加载进去的

laov - 2006-11-15 13:34:00

大家快来帮忙呀。

laov - 2006-11-15 13:53:00

沉了

laov - 2006-11-16 8:06:00

沉的太快了

laov - 2006-11-16 12:17:00

有谁知道，解决办法告诉我

laov - 2006-11-16 12:58:00

快来人亚。终于到100了

素面青衣 - 2006-11-16 14:30:00

顶上去！！！该死的东西,ad1.exe、sys.exe、syste.exe!!!

0冰仔仔0 - 2006-11-16 14:32:00

帮你顶一下
我也中了这毒，用了kaka 3.0现在好像好了，lz不妨试试看。

素面青衣 - 2006-11-16 14:33:00

kaka3.0是什么东西?是"瑞星卡卡上网安全助手"吗?我也用过的,没有用呀!!!

0冰仔仔0 - 2006-11-16 14:41:00

是瑞星卡卡上网安全助手。当然还要自己手动把那些.exe去掉。

电脑迷途菜鸟 - 2006-11-16 15:00:00

瑞星卡卡不行的话.就用安全卫士360...
.准确网址自己找吧

laov - 2006-11-16 16:22:00

我也想用卡卡3.0可机子死活装不进去。

魑魅恋儿 - 2006-11-16 16:31:00

下载卡卡3.0不要点保存~直接点打开~就能下载了~

laov - 2006-11-16 17:09:00

不是不能下载，是下了装不进去

laov - 2006-11-17 8:25:00

原来已经有解决办法了。
http://forum.ikaka.com/topic.asp?board=28&artid=8203566

小不点ketty旭 - 2006-11-17 10:32:00

不会装不进去吧!我都可以,我买的是正版的瑞星杀毒软件.2006版

小不点ketty旭 - 2006-11-17 10:34:00

最好还是买一个吧!保证能安装!!!

瑞星卡卡安全论坛