瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 举报:http://www.123wa.com/index5.htm
清风九笑 - 2006-11-17 9:54:00
我的浏览器和桌面被这个网站修改:http://www.123wa.com/index5.htm

但是安全卫士和瑞星卡卡都没有发现有问题。
红夜鬼1 - 2006-11-17 10:32:00
请下载SREng2(最新版) ,使用“智能扫描”,按下“扫描”按钮进行扫描,
扫描完成后按下“保存报告”按钮保存报告日志文件(SREng.LOG),把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完,分次粘完,请不要修改。

下载地址
http://www.kztechs.com/sreng/sreng2.zip

鼠鼠动人 - 2006-11-17 11:27:00
2006-11-17,11:14:07

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <wallpaper><c:\windows\system32\壁纸自动换.exe>  [N/A]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <HP Software Update><C:\Program Files\HP\HP Software Update\HPWuSchd2.exe>  [Hewlett-Packard Co.]
    <ScannerFinder><C:\Program Files\Microtek\ScanWizard DI\ScannerFinder.exe>  [N/A]
    <nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE>  [Eset ]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [N/A]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [N/A]

==================================
启动文件夹
[HP Digital Imaging Monitor]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\HP Digital Imaging Monitor.lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>
[AutoCAD 启动加速器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk --> C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [Autodesk, Inc]><N>
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>

==================================
服务
[ASP.NET State Service / aspnet_state]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Autodesk Licensing Service / Autodesk Licensing Service]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk, Inc.>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NOD32 Kernel Service / NOD32krn]
  <"C:\Program Files\Eset\nod32krn.exe"><Eset>
[Servicex / Servicex]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\jempren.dll><>

==================================
驱动程序
[0000367d / 0000367d]
  <\SystemRoot\system32\drivers\0000367d.SYS><N/A>
[abp480n5 / abp480n5]
  <C:\WINDOWS\SYSTEM32\DRIVERS\abp480n5.SYS><Microsoft Corporation>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[aic78u2 / aic78u2]
  <C:\WINDOWS\SYSTEM32\DRIVERS\aic78u2.SYS><Microsoft Corporation>
[aic78xx / aic78xx]
  <C:\WINDOWS\SYSTEM32\DRIVERS\aic78xx.SYS><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde]
  <C:\WINDOWS\SYSTEM32\DRIVERS\AliIde.SYS><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[AMON / AMON]
  <\??\C:\WINDOWS\system32\drivers\amon.sys><Eset>
[cd20xrnt / cd20xrnt]
  <C:\WINDOWS\SYSTEM32\DRIVERS\cd20xrnt.SYS><Microsoft Corporation>
[CmdIde / CmdIde]
  <C:\WINDOWS\SYSTEM32\DRIVERS\CmdIde.SYS><CMD Technology, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[ialm / ialm]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[mraid35x / mraid35x]
  <C:\WINDOWS\SYSTEM32\DRIVERS\mraid35x.SYS><American Megatrends Inc.>
[npkcrypt / npkcrypt]
  <\??\D:\windows\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080]
  <C:\WINDOWS\SYSTEM32\DRIVERS\ql1080.SYS><QLogic Corporation>
[Ql10wnt / Ql10wnt]
  <C:\WINDOWS\SYSTEM32\DRIVERS\Ql10wnt.SYS><Microsoft Corporation>
[ql12160 / ql12160]
  <C:\WINDOWS\SYSTEM32\DRIVERS\ql12160.SYS><QLogic Corporation>
[ql1280 / ql1280]
  <C:\WINDOWS\SYSTEM32\DRIVERS\ql1280.SYS><QLogic Corporation>
[RsAntiSpyware / RsAntiSpyware]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[Sparrow / Sparrow]
  <C:\WINDOWS\SYSTEM32\DRIVERS\Sparrow.SYS><Adaptec, Inc.>
[symc810 / symc810]
  <C:\WINDOWS\SYSTEM32\DRIVERS\symc810.SYS><Symbios Logic Inc.>
[symc8xx / symc8xx]
  <C:\WINDOWS\SYSTEM32\DRIVERS\symc8xx.SYS><LSI Logic>
[sym_hi / sym_hi]
  <C:\WINDOWS\SYSTEM32\DRIVERS\sym_hi.SYS><LSI Logic>
[sym_u3 / sym_u3]
  <C:\WINDOWS\SYSTEM32\DRIVERS\sym_u3.SYS><LSI Logic>
[TCP/IP Protocol Driver / Tcpip]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TosIde / TosIde]
  <C:\WINDOWS\SYSTEM32\DRIVERS\TosIde.SYS><Microsoft Corporation>
[ultra / ultra]
  <C:\WINDOWS\SYSTEM32\DRIVERS\ultra.SYS><Promise Technology, Inc.>
[ViaIde / ViaIde]
  <C:\WINDOWS\SYSTEM32\DRIVERS\ViaIde.SYS><Microsoft Corporation>
鼠鼠动人 - 2006-11-17 11:30:00
==================================
浏览器加载项
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[启动迅雷]
  {0062C9BD-B349-40DE-91A0-755F37ACD559} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[卡卡上网安全助手]
  {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
wanderpuppy - 2006-11-17 11:30:00
我也是身受其害,现在好了!Windows清理,SERng修复.然后就删除掉了
鼠鼠动人 - 2006-11-17 11:30:00
正在运行的进程
[PID: 436][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 504][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 528][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 572][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 584][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, N/A]
[PID: 740][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 800][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, N/A]
[PID: 872][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, N/A]
    [c:\windows\system32\jempren.dll]  [, 1, 0, 0, 1]
[PID: 964][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, N/A]
[PID: 1020][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, N/A]
[PID: 1180][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\hpzll3xu.dll]  [Hewlett-Packard Company, 60.051.641.00]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp3xu.dll]  [Hewlett-Packard Corporation, 60.051.641.00]
[PID: 1412][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.1.63.0]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.1.63.0]
    [C:\WINDOWS\TEMP\expri.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, N/A]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\Eset\nodshex.dll]  [N/A, N/A]
    [C:\!WNM\WNMKEY.DLL]  [N/A, N/A]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
[PID: 1496][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 52]
[PID: 1512][C:\Program Files\HP\HP Software Update\HPWuSchd2.exe]  [Hewlett-Packard Co., 53.0.13.000]
[PID: 1520][C:\Program Files\Microtek\ScanWizard DI\ScannerFinder.exe]  [, 1, 0, 0, 1]
    [C:\Program Files\Microtek\ScanWizard DI\SFRes.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Microtek\ScanWizard DI\scanners\Msmgr32.dll]  [Microtek International Inc., 4.0]
    [C:\Program Files\Microtek\ScanWizard DI\scanners\MS32RES.DLL]  [N/A, N/A]
    [C:\Program Files\Microtek\ScanWizard DI\scanners\MPHASE32.DLL]  [N/A, N/A]
    [C:\Program Files\Microtek\ScanWizard DI\scanners\SMD432.DLL]  [Microtek, 3, 1, 0, 0]
[PID: 1544][C:\Program Files\Eset\nod32kui.exe]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\nod32rui.dll]  [N/A, N/A]
    [C:\Program Files\Eset\pu_amon.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pr_amon.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pu_dmon.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pr_dmon.dll]  [N/A, N/A]
    [C:\Program Files\Eset\pu_emon.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pr_emon.dll]  [N/A, N/A]
    [C:\Program Files\Eset\pu_imon.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, N/A]
    [C:\Program Files\Eset\pu_mirr.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pr_mirr.dll]  [N/A, N/A]
    [C:\Program Files\Eset\pu_nod32.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pr_nod32.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pu_upd.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pr_upd.dll]  [N/A, N/A]
[PID: 1552][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1564][C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpftra01.dll]  [Hewlett-Packard, 1, 0, 0, 2]
    [C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpodvd09.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpoddcomm09.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll]  [Hewlett-Packard Co., 50.0.165.000]
[PID: 1904][C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqmfc09.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.rsc]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqstv08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll]  [Hewlett-Packard Co., 50.0.125.000]
[PID: 1916][C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbutil.dll]  [Hewlett-Packard Co., 53.0.13.000]
[PID: 208][C:\Program Files\Eset\nod32krn.exe]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\nod32krr.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\ps_amon.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pr_amon.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\ps_dmon.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pr_dmon.dll]  [N/A, N/A]
    [C:\Program Files\Eset\ps_emon.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pr_emon.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, N/A]
    [C:\Program Files\Eset\ps_mirr.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pr_mirr.dll]  [N/A, N/A]
    [C:\Program Files\Eset\ps_nod32.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pr_nod32.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\ps_upd.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pr_upd.dll]  [N/A, N/A]
[PID: 260][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MSMUSD7.DLL]  [Microtek International Inc., 1.2.0.0]
[PID: 424][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1660][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, N/A]
[PID: 2412][C:\!WNM\wnb.exe]  [N/A, N/A]
    [C:\!WNM\WNMKEY.DLL]  [N/A, N/A]
[PID: 2184][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.1.63.0]
    [C:\WINDOWS\system32\kakatool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 0]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
    [C:\!WNM\WNMKEY.DLL]  [N/A, N/A]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.1.63.0]
[PID: 3936][E:\setup\新建文件夹 (2)\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\!WNM\WNMKEY.DLL]  [N/A, N/A]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 51, 22 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, N/A]
鼠鼠动人 - 2006-11-17 11:31:00
==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
NOD32 protected [MSAFD Tcpip [TCP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [UDP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
红夜鬼1 - 2006-11-17 11:40:00
引用:
【wanderpuppy的贴子】我也是身受其害,现在好了!Windows清理,SERng修复.然后就删除掉了
………………


运行(双击)SRENG2,点“启动项目,服务,点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
Servicex
,选择“删除服务”
点“设置”选择“否”
运行(双击)SRENG2,点“启动项目,服务,点“驱动程序”
勾选“隐藏微软服务”选中病毒服务
0000367d
,选择“删除服务”
点“设置”选择“否”
运行SREng2,使用“启动项目”--启动文件夹--删除
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>

运行SREng2,使用“系统修复”--Winsock 提供者--删除
NOD32 protected [MSAFD Tcpip [TCP/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [UDP/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)


重启按F8进入安全模式下
显示隐藏文件
删除:
C:\WINDOWS\system32\jempren.dll
SystemRoot\system32\drivers\0000367d.SYS
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
C:\!WNM\WNMKEY.DLL
C:\WINDOWS\system32\imon.dll
leeves - 2006-11-17 14:27:00
浏览器加载项
[Vision]
  {6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[ST]
  {9394EDE7-C8B5-483E-8773-474BF36AF6E4} <C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation>
[MSNToolBandBHO]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll, Microsoft Corporation>
[MMSAssistMenu]
  {6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[MSN]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll, Microsoft Corporation>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[>>彩信发送<<]
  <res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 640][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 696][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 720][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1557 (xpsp2_gdr.040517-1325)]
    [C:\WINDOWS\System32\NavLogon.dll]  [N/A, N/A]
[PID: 764][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 776][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 968][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1060][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1192][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1224][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1384][C:\WINDOWS\System32\brsvc01a.exe]  [brother Industries Ltd, 1, 0, 0, 3]
[PID: 1408][C:\WINDOWS\System32\brss01a.exe]  [brother Industries Ltd, 1.004]
[PID: 1416][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533)]
    [C:\WINDOWS\system32\hpbmmon.dll]  [Hewlett-Packard, 10.00.16]
    [C:\WINDOWS\system32\hppamon0.dll]  [HP, 7, 0, 5, 0]
    [C:\WINDOWS\system32\hpdomon.dll]  [Hewlett-Packard, 03.42.00]
    [C:\WINDOWS\system32\HPBHealr.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\hptcpmon.dll]  [Hewlett Packard, 2.43.01.004]
    [C:\WINDOWS\system32\HPZJSN01.dll]  [Hewlett Packard Company, 1, 0, 0, 3]
    [C:\WINDOWS\system32\hpzjfw01.dll]  [Hewlett-Packard, 4.02.009.0]
    [C:\WINDOWS\system32\hptcpmib.dll]  [Hewlett Packard, 2.41.01.021]
    [C:\WINDOWS\System32\pxc25pm.dll]  [Tracker Software, 2.50.0002]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\brmfpp1.dll]  [Brother Industries ,Ltd , 1.10]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpprn05.dll]  [Hewlett-Packard Corporation, 60.05.72.21]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp042.dll]  [Hewlett-Packard Corporation, 60.042.108.11]
    [C:\WINDOWS\system32\hppadt40.dll]  [HP, 7, 0, 5, 0]
    [C:\WINDOWS\system32\HPZidr12.dll]  [HP, 7, 0, 5, 0]
[PID: 1780][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[PID: 1836][C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE]  [C-Dilla Ltd, 3.24.010]
[PID: 1908][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[PID: 1924][C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe]  [Symantec Corporation, 8.1.0.821]
[PID: 1968][C:\WINDOWS\System32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\MMSASS~1\MMSSVER.DLL]  [, 1, 2, 0, 6]
[PID: 2040][C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe]  [Symantec Corporation, 8.1.0.821]
    [C:\WINDOWS\System32\CBA.DLL]  [Intel? Corporation, 6.12.0.105 E]
    [C:\WINDOWS\System32\MsgSys.dll]  [Intel? Corporation, 6.12.0.105 E]
    [C:\WINDOWS\System32\NTS.dll]  [Intel? Corporation, 6.12.0.105 E]
    [C:\WINDOWS\System32\PDS.DLL]  [Intel? Corporation, 6.12.0.105 E]
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll]  [Symantec Corporation, 8.1.0.821]
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  [Symantec/Peter Norton Group, 1, 0, 0, 1]
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll]  [Symantec Corporation, 8.1.0.821]
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL]  [Symantec Corp., 4.2.0.7]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061115.018\NAVEX32a.DLL]  [Symantec Corporation, 20061.3.0.12]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061115.018\NAVENG32.DLL]  [Symantec Corporation, 20061.3.0.12]
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL]  [Symantec Corporation, 9.1.0.26]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SSC\Scandlgs.dll]  [Symantec Corporation, 8.1.0.821]
[PID: 276][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe]  [Symantec Corporation, 8.1.0.821]
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll]  [Symantec Corporation, 8.1.0.821]
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  [Symantec/Peter Norton Group, 1, 0, 0, 1]
[PID: 324][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 360][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.2010]
    [C:\WINDOWS\System32\msdmo.dll]  [N/A, N/A]
[PID: 456][C:\WINDOWS\System32\nutsrv4.exe]  [DataFocus, Inc., 4.50.0000]
    [C:\WINDOWS\System32\nutmsg4.dll]  [DataFocus, Inc., 4.50.0000]
[PID: 292][C:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 548][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\PROGRA~1\MMSASS~1\mmsass~1.dll]  [, 1, 2, 0, 6]
    [C:\PROGRA~1\MMSASS~1\albus.dll]  [Albus, 1, 0, 0, 2]
    [C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll]  [Microsoft Corporation, 01.02.3000.1001]
    [C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll]  [Microsoft Corporation, 01.02.5000.1021]
    [C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\mtbres.dll]  [Microsoft Corporation, 01.02.5000.1021]
    [C:\WINDOWS\System32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\WINDOWS\System32\upengine.dll]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\WINDOWS\System32\msdmo.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
[PID: 2492][C:\Program Files\WinRAR\WinRAR.exe]  [Eugene Roshal, 3.30]
[PID: 2776][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.844\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  Error. [AutoCADScriptFile]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
leeves - 2006-11-17 14:29:00
我也被该网站劫持了,我的检测结果见下面,请帮忙如何处理?

谢谢
2006-11-17,14:02:46

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <igfxtray><C:\WINDOWS\System32\igfxtray.exe>  [(Verified)Intel Corporation]
    <vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe>  [Symantec Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll>  [N/A]
    <{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Intel Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINDOWS\System32\NavLogon.dll>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[ASP.NET State Service / aspnet_state]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[aucup / aucup]
  <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincup\wincup.exe -R><N/A>
[aukld / aukld]
  <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aukld\aukld.exe -R><N/A>
[aumms / aumms]
  <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mmsup124\mmsup.exe -R><N/A>
[BrSplService / Brother XP spl Service]
  <C:\WINDOWS\System32\brsvc01a.exe><brother Industries Ltd>
[C-DillaSrv / C-DillaSrv]
  <C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[COM+ System Services / COM+ System Services]
  <C:\WINDOWS\DCOM.exe><N/A>
[DefWatch / DefWatch]
  <C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>
[Logical Disk Manager / dmserver]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%ProgramFiles%\cszkkchz.dll><N/A>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Sony SPTI Service for DVE / ICDSPTSV]
  <C:\WINDOWS\system32\IcdSptSv.exe><Sony Corporation>
[InstallDriver Table Manager / IDriverT]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[JMediaService / JMediaService]
  <C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service><Microsoft Corporation>
[Symantec AntiVirus Client / Norton AntiVirus Server]
  <C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>
[NuTCRACKERService / NuTCRACKERService]
  <C:\WINDOWS\System32\nutsrv4.exe><DataFocus, Inc.>
[Pml Driver HPZ12 / Pml Driver HPZ12]
  <C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe><HP>
[qq update / qq update]
  <C:\WINDOWS\qq update.exe><N/A>
[winaua / winaua]
  <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aua\aua.exe -R><N/A>
[WinkldUP / WinkldUP]
  <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wz\wz.exe -R><N/A>
[winmum / winmum]
  <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mum\mum.exe -R><N/A>
[winmus / winmus]
  <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\muz\muz.exe -R><N/A>
[WintUPp / WintUPp]
  <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wt\wt.exe -R><N/A>
[winyok / winyok]
  <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\yok\yok.exe -R><N/A>
leeves - 2006-11-17 14:30:00
==================================
驱动程序
[aeaudio / aeaudio]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[Albus / Albus]
  <\SystemRoot\System32\drivers\Albus.SYS><N/A>
[C-Dilla / C-Dilla]
  <\??\C:\WINDOWS\System32\drivers\CDANT.SYS><Macrovision>
[cszkkchz / cszkkchz]
  <\??\C:\Program Files\cszkkchz.sys><N/A>
[d347bus / d347bus]
  <\SystemRoot\System32\DRIVERS\d347bus.sys><>
[d347prt / d347prt]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[Intel(R) PRO/1000 Adapter Driver / E1000]
  <System32\DRIVERS\e1000325.sys><Intel Corporation>
[ialm / ialm]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Sony IC Recorder (SX) / ICDSX]
  <System32\Drivers\ICDSX.sys><Sony Corporation>
[NAVAP / NAVAP]
  <\??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys><Symantec Corporation>
[NAVAPEL / NAVAPEL]
  <\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS><Symantec Corporation>
[NAVENG / NAVENG]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061115.018\NAVENG.sys><Symantec Corporation>
[NAVEX15 / NAVEX15]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061115.018\NAVEX15.sys><Symantec Corporation>
[npkcrypt / npkcrypt]
  <\??\C:\Program Files\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[OMCI / OMCI]
  <\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS><Dell Computer Corporation>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[SymEvent / SymEvent]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[U3sHlpDr / U3sHlpDr]
  <\??\C:\WINDOWS\System32\Drivers\U3sHlpDr.sys><N/A>

==================================
浏览器加载项
[Vision]
  {6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[ST]
  {9394EDE7-C8B5-483E-8773-474BF36AF6E4} <C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation>
[MSNToolBandBHO]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll, Microsoft Corporation>
[MMSAssistMenu]
  {6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[MSN]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll, Microsoft Corporation>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[>>彩信发送<<]
  <res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 640][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 696][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 720][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1557 (xpsp2_gdr.040517-1325)]
    [C:\WINDOWS\System32\NavLogon.dll]  [N/A, N/A]
[PID: 764][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 776][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 968][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1060][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1192][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1224][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1384][C:\WINDOWS\System32\brsvc01a.exe]  [brother Industries Ltd, 1, 0, 0, 3]
[PID: 1408][C:\WINDOWS\System32\brss01a.exe]  [brother Industries Ltd, 1.004]
[PID: 1416][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533)]
    [C:\WINDOWS\system32\hpbmmon.dll]  [Hewlett-Packard, 10.00.16]
    [C:\WINDOWS\system32\hppamon0.dll]  [HP, 7, 0, 5, 0]
    [C:\WINDOWS\system32\hpdomon.dll]  [Hewlett-Packard, 03.42.00]
    [C:\WINDOWS\system32\HPBHealr.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\hptcpmon.dll]  [Hewlett Packard, 2.43.01.004]
    [C:\WINDOWS\system32\HPZJSN01.dll]  [Hewlett Packard Company, 1, 0, 0, 3]
    [C:\WINDOWS\system32\hpzjfw01.dll]  [Hewlett-Packard, 4.02.009.0]
    [C:\WINDOWS\system32\hptcpmib.dll]  [Hewlett Packard, 2.41.01.021]
    [C:\WINDOWS\System32\pxc25pm.dll]  [Tracker Software, 2.50.0002]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\brmfpp1.dll]  [Brother Industries ,Ltd , 1.10]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpprn05.dll]  [Hewlett-Packard Corporation, 60.05.72.21]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp042.dll]  [Hewlett-Packard Corporation, 60.042.108.11]
    [C:\WINDOWS\system32\hppadt40.dll]  [HP, 7, 0, 5, 0]
    [C:\WINDOWS\system32\HPZidr12.dll]  [HP, 7, 0, 5, 0]
[PID: 1780][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[PID: 1836][C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE]  [C-Dilla Ltd, 3.24.010]
[PID: 1908][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[PID: 1924][C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe]  [Symantec Corporation, 8.1.0.821]
[PID: 1968][C:\WINDOWS\System32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\MMSASS~1\MMSSVER.DLL]  [, 1, 2, 0, 6]
[PID: 2040][C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe]  [Symantec Corporation, 8.1.0.821]
    [C:\WINDOWS\System32\CBA.DLL]  [Intel? Corporation, 6.12.0.105 E]
    [C:\WINDOWS\System32\MsgSys.dll]  [Intel? Corporation, 6.12.0.105 E]
    [C:\WINDOWS\System32\NTS.dll]  [Intel? Corporation, 6.12.0.105 E]
    [C:\WINDOWS\System32\PDS.DLL]  [Intel? Corporation, 6.12.0.105 E]
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll]  [Symantec Corporation, 8.1.0.821]
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  [Symantec/Peter Norton Group, 1, 0, 0, 1]
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll]  [Symantec Corporation, 8.1.0.821]
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL]  [Symantec Corp., 4.2.0.7]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061115.018\NAVEX32a.DLL]  [Symantec Corporation, 20061.3.0.12]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061115.018\NAVENG32.DLL]  [Symantec Corporation, 20061.3.0.12]
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL]  [Symantec Corporation, 9.1.0.26]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SSC\Scandlgs.dll]  [Symantec Corporation, 8.1.0.821]
[PID: 276][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe]  [Symantec Corporation, 8.1.0.821]
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll]  [Symantec Corporation, 8.1.0.821]
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  [Symantec/Peter Norton Group, 1, 0, 0, 1]
[PID: 324][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 360][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.2010]
    [C:\WINDOWS\System32\msdmo.dll]  [N/A, N/A]
[PID: 456][C:\WINDOWS\System32\nutsrv4.exe]  [DataFocus, Inc., 4.50.0000]
    [C:\WINDOWS\System32\nutmsg4.dll]  [DataFocus, Inc., 4.50.0000]
[PID: 292][C:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 548][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\PROGRA~1\MMSASS~1\mmsass~1.dll]  [, 1, 2, 0, 6]
    [C:\PROGRA~1\MMSASS~1\albus.dll]  [Albus, 1, 0, 0, 2]
    [C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll]  [Microsoft Corporation, 01.02.3000.1001]
    [C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll]  [Microsoft Corporation, 01.02.5000.1021]
    [C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\mtbres.dll]  [Microsoft Corporation, 01.02.5000.1021]
    [C:\WINDOWS\System32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\WINDOWS\System32\upengine.dll]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\WINDOWS\System32\msdmo.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
[PID: 2492][C:\Program Files\WinRAR\WinRAR.exe]  [Eugene Roshal, 3.30]
[PID: 2776][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.844\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  Error. [AutoCADScriptFile]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
红夜鬼1 - 2006-11-17 14:36:00
【回复“leeves”的帖子】
运行(双击)SRENG2,点“启动项目,服务,点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
aucup
aukld
aumms
Logical Disk Manager
JMediaService
winaua
WinkldUP
winmum
winmus
WintUPp
winyok
qq update
,选择“删除服务”
点“设置”选择“否”
重启按F8进入安全模式下
显示隐藏文件
删除:
C:\PROGRA~1\MMSASS~1\MMSSVER.DLL
ProgramFiles%\cszkkchz.dll
C:\WINDOWS\qq update.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\清空文件夹

鼠鼠动人 - 2006-11-17 14:40:00
我还是用GHOST还原吧!
leeves - 2006-11-17 15:18:00
我照做了,还是不行啊,红兄

谢谢
广州出发的机票 - 2006-11-17 17:53:00
请将你桌面上的所有浏览器(包括快速起动栏里的浏览器)丢到回收站里,然后清空,再从开始按钮里,把浏览器发到桌面上,这样就可以去掉那该死的123了,哈哈哈哈,误打误撞居然就成了,哈哈哈
1
查看完整版本: 举报:http://www.123wa.com/index5.htm
© 2000 - 2026 Rising Corp. Ltd.