瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 求助,被7333.5009.cn劫持
一剑飞天下 - 2006-12-3 16:19:00
下了瑞星卡卡上网安全助手,查不出来,每次开机启动之后,主页都被自动修改成7333.5009.cn,上的网是www.9505.com网络导航,下了专杀工具,重新启动之后主页还是被修改,该怎么办呢,除了重新安装系统外,多谢了
一剑飞天下 - 2006-12-3 16:38:00
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <KAV50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe" -run -n Workstation -v 5.0.0.0 -chkss>  [Kaspersky Lab]
    <SKYNET Personal FireWall><C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe>  [天网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
一剑飞天下 - 2006-12-3 16:39:00
==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><N/A>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IBM PM Service / IBMPMSVC]
  <C:\WINDOWS\system32\ibmpmsvc.exe><N/A>
[KLBLMain / KLBLMain]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kavmm.exe" -run bl -n Workstation -v 5.0.0.0 -ttsr 10000000><Kaspersky Lab>
[Medie Sariel Number Service / Medie Sariel Number Service]
  <C:\WINDOWS\system32\moviemk.exe><N/A>
[Medie Sariel Number Services / Medie Sariel Number Services]
  <C:\WINDOWS\system32\notaped.exe><N/A>
[Remote Procedure Call System(RPCS) / RpcS]
  <C:\WINDOWS\system32\RpcS.exe><Microsoft Corporation>
[RPCS2 / RPCS2]
  <C:\WINDOWS\system32\RPCS2><N/A>
[Windows Management Controllor / WinMgct]
  <><N/A>

==================================
一剑飞天下 - 2006-12-3 16:39:00
==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[ati2mtag / ati2mtag]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[d347bus / d347bus]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[Intel(R) PRO Adapter Driver / E100B]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[ewido anti-spyware 4.0 driver / ewido anti-spyware 4.0 driver]
  <\??\C:\Program Files\ewido anti-spyware 4.0\guard.sys><N/A>
[flukwrtb / flukwrtb]
  <\SystemRoot\system32\drivers\flukwrtb.sys><N/A>
[IBMPMDRV / IBMPMDRV]
  <system32\DRIVERS\ibmpmdrv.sys><N/A>
[Klif / Klif]
  <\??\C:\WINDOWS\system32\Drivers\klif.sys><Kaspersky Labs>
[Klmc / Klmc]
  <\SystemRoot\system32\Drivers\klmc.sys><Kaspersky Lab>
[kmsinput / kmsinput]
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[LT Modem Driver / ltmodem5]
  <system32\DRIVERS\ltmdmnt.sys><LT>
[Netgroup Packet Filter / NPF]
  <system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[NSC Infrared Device Driver / NSCIRDA]
  <system32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[Padus ASPI Shell / pfc]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[SKNFW / SKNFW]
  <\??\C:\WINDOWS\system32\Drivers\SKNFW.sys><N/A>
[Smapint / Smapint]
  <System32\drivers\Smapint.sys><Microsoft Corporation>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[TDSMAPI / TDSMAPI]
  <System32\Drivers\TDSMAPI.SYS><N/A>
[IBM PS/2 TrackPoint Driver / Tp4Track]
  <system32\DRIVERS\tp4track.sys><IBM Corporation>
[TPPWR / TPPWR]
  <System32\drivers\Tppwr.sys><IBM Corp.>
[TSP / TSP]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Labs>
[IBM PS/2 TrackPoint Filter Driver / TwoTrack]
  <system32\DRIVERS\TwoTrack.sys><IBM Corporation>

==================================
一剑飞天下 - 2006-12-3 16:40:00
==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[卡卡上网安全助手]
  {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[导出当前页到超星阅览器(&A)]
  <C:\Program Files\SSREADER36\ss_all.htm, N/A>
[导出选中部分到超星阅览器(&S)]
  <C:\Program Files\SSREADER36\ss_select.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
一剑飞天下 - 2006-12-3 16:42:00
==================================
正在运行的进程
[PID: 740][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 812][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 836][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\JJN.IME]  [加加在线, 3.11.0.0]
[PID: 880][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 892][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1048][C:\WINDOWS\system32\ibmpmsvc.exe]  [N/A, N/A]
[PID: 1064][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1128][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1224][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1304][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1516][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1932][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1968][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\JJN.IME]  [加加在线, 3.11.0.0]
    [C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll]  [Anti-Malware Development a.s., 4, 0, 0, 172]
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.1.2003110300]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\ShellEx.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\ewido anti-spyware 4.0\context.dll]  [Anti-Malware Development a.s., 4, 0, 0, 172]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
[PID: 2044][C:\Program Files\JJOL\IME\JJSvr.EXE]  [加加在线, 3.11.0.1]
    [C:\WINDOWS\system32\JJN.IME]  [加加在线, 3.11.0.0]
[PID: 308][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\KCAStub.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kltrace.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\WINDOWS\system32\MSVCP61.dll]  [Sample Corporation, 6.00.0000]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\klcsc.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\FSSync.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\qbstorage.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\pr_remote.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\prloader.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\prkernel.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\prstring.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\report.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\nfio.ppl]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsploc.dll]  [Kaspersky Labs, 5.0.177.0]
    [C:\WINDOWS\system32\JJN.IME]  [加加在线, 3.11.0.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\klsecur.dll]  [Kaspersky Lab, 5.0.177.0]
[PID: 316][C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe]  [天网, 2.7.1.1101]
    [C:\PROGRA~1\SKYNET\FIREWALL\IMSEC.DLL]  [N/A, N/A]
    [C:\PROGRA~1\SKYNET\FIREWALL\SKYMISC.DLL]  [N/A, N/A]
    [C:\WINDOWS\system32\JJN.IME]  [加加在线, 3.11.0.0]
[PID: 324][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\JJN.IME]  [加加在线, 3.11.0.0]
一剑飞天下 - 2006-12-3 16:43:00
[PID: 624][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kavmm.exe]  [Kaspersky Lab, 5.0.177.0]
    [C:\WINDOWS\system32\MSVCP61.dll]  [Sample Corporation, 6.00.0000]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kltrace.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\FSSync.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\klcsc.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\klcsa.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\klsecur.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsbl.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\pr_remote.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\prloader.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\prkernel.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\xorio_ex.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\startups.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\prstring.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\pr_server.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\pr_client.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\l_llio.ppl]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\avp_iont.dll]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\avpmgr.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\wdiskio.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\avlib.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\arj.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\arjpack.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\avp1.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\avpgs.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\btdisk.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\buffer.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\cab.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\deflate.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\dmap.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\dtreg.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\explode.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\hashcont.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\hashmd5.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\hccmp.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\ichk2.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\ichstrms.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\inflate.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\klonacci.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\klondemi.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\mailmsg.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\mdb.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\mdmap.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\memmodsc.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\memscan.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\minizip.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\msoe.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\nfio.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\ntfsstrm.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\passdmap.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\prseqio.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\prutil.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\rar.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\report.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\sfdb.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\stdcomp.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\stored.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\superio.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\tempfile.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\unarj.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\uniarc.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\unlzx.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\unreduce.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\unshrink.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\unstored.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\winreg.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\xorio.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\zcompare.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\mchk.ppl]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\AVS.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\CheckTool.DLL]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\xmlparse.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\xmltok.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsbloc.dll]  [Kaspersky Labs, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\OnDemand.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsblp.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\QBackup.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\qbstorage.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\OnAccess.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\scrch_ag.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\mcproxy.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\mailapplayer.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\MchkBL.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\SubjPlugin.dll]  [Kaspersky Lab, 5.0.177.0]
一剑飞天下 - 2006-12-3 16:43:00
[PID: 1500][C:\WINDOWS\system32\RpcS.exe]  [Microsoft Corporation, 5.2.3790.1830]
    [C:\WINDOWS\system32\RPCS2]  [N/A, N/A]
[PID: 1692][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\JJN.IME]  [加加在线, 3.11.0.0]
    [C:\WINDOWS\system32\kakatool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 4]
    [C:\WINDOWS\system32\RpcS.dll]  [N/A, N/A]
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.1.2003110300]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
[PID: 548][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2360][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2008][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\JJN.IME]  [加加在线, 3.11.0.0]
    [C:\WINDOWS\system32\kakatool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 4]
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.1.2003110300]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\scr_ch_pg.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\scrch_ag.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kltrace.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\WINDOWS\system32\MSVCP61.dll]  [Sample Corporation, 6.00.0000]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\klcsc.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\FSSync.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\pr_remote.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\prloader.dll]  [Kaspersky Lab, 5.0.177.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\prkernel.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\prstring.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\pr_server.ppl]  [Kaspersky Lab, 5.0.177.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\tempfile.ppl]  [Kaspersky Lab, 5.0.177.0]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
[PID: 4028][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, N/A]
    [C:\WINDOWS\system32\JJN.IME]  [加加在线, 3.11.0.0]
[PID: 3636][C:\DOCUME~1\IBM\LOCALS~1\Temp\Rar$EX00.415\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINDOWS\system32\JJN.IME]  [加加在线, 3.11.0.0]

==================================
一剑飞天下 - 2006-12-3 16:43:00
==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      219.139.58.97
127.0.0.1      ads.520fantong.com
127.0.0.1      www.520fantong.com
127.0.0.1      w2.520fantong.com
127.0.0.1      125.91.1.20
127.0.0.1      61.162.230.31
127.0.0.1      61.141.31.11
127.0.0.1      bd.jacai.com
127.0.0.1      www.9505.com
127.0.0.1      www.4199.com
127.0.0.1      update.ssdlh.com
127.0.0.1      down.ssdlh.com
127.0.0.1      file.checkthisdoor.com
127.0.0.1      count.checkthisdoor.com

==================================
红夜鬼1 - 2006-12-3 17:05:00
运行(双击)SRENG2,点“启动项目,服务,点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
Remote Procedure Call System(RPCS)
RPCS2
,选择“删除服务”
点“设置”选择“否”

运行(双击)SRENG2,点“启动项目,服务,点“驱动程序”
勾选“隐藏微软服务”选中病毒服务
d347bus
d347prt
flukwrtb /

,选择“删除服务”
点“设置”选择“否”

重启按F8进入安全模式下
显示隐藏文件
删除:
\SystemRoot\system32\drivers\flukwrtb.sys
C:\WINDOWS\system32\RpcS.exe
\SystemRoot\system32\DRIVERS\d347bus.sys
SystemRoot\System32\Drivers\d347prt.sys
C:\WINDOWS\system32\RPCS2

删除QQ,专杀杀一下
一剑飞天下 - 2006-12-3 18:06:00
好了,删除了,多谢了,谢谢啊,还有一个问题,在进程里老出现notepad.exe这个进程是干嘛的呢?
秋日里的蓝天 - 2006-12-3 19:41:00
引用:
【一剑飞天下的贴子】好了,删除了,多谢了,谢谢啊,还有一个问题,在进程里老出现notepad.exe这个进程是干嘛的呢?
………………





这个是记事本的进程.
netfly2007 - 2006-12-6 15:02:00
引用:
【红夜鬼1的贴子】运行(双击)SRENG2,点“启动项目,服务,点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
Remote Procedure Call System(RPCS)
RPCS2
,选择“删除服务”
点“设置”选择“否”

运行(双击)SRENG2,点“启动项目,服务,点“驱动程序”
勾选“隐藏微软服务”选中病毒服务
d347bus
d347prt
flukwrtb /

,选择“删除服务”
点“设置”选择“否”

重启按F8进入安全模式下
显示隐藏文件
删除:
\SystemRoot\system32\drivers\flukwrtb.sys
C:\WINDOWS\system32\RpcS.exe
\SystemRoot\system32\DRIVERS\d347bus.sys
SystemRoot\System32\Drivers\d347prt.sys
C:\WINDOWS\system32\RPCS2

删除QQ,专杀杀一下
………………

这也是这种情况但没有你所说的这几个服务啊.请出手相助.
红夜鬼1 - 2006-12-6 15:20:00
【回复“netfly2007”的帖子】
各有各的不同,你是什么情况

扫描日志上来
netfly2007 - 2006-12-6 16:56:00
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <kav><"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <CnsAssecblk><regsvr32.exe /s C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YASSEC~1.DLL>  [N/A]
    <YahooC:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll144307><regsvr32 /s C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\Userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll>  [N/A]
    <{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Kaspersky Anti-Virus 6.0 / AVP]
  <"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Visual Studio Analyzer RPC bridge / Visual Studio Analyzer RPC bridge]
  <C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe><Microsoft Corporation>

==================================
驱动程序
[000024a4 / 000024a4]
  <\SystemRoot\system32\drivers\000024a4.SYS><N/A>
[Apaidi / Apaidi]
  <\??\C:\WINDOWS\system32\drivers\Apaidi.sys><N/A>
[Aspi32 / Aspi32]
  <C:\WINDOWS\SYSTEM32\DRIVERS\Aspi32.SYS><Adaptec>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ICatch (VI) PC Camera / CA561]
  <System32\Drivers\SPCA561.SYS><SP>
[Cisco Systems VPN Adapter / CVirtA]
  <system32\DRIVERS\CVirtA.sys><Cisco Systems, Inc.>
[University of South Florida IPsec Driver / CVPNDRVA]
  <\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys><Cisco Systems, Inc.>
[Deterministic Network Enhancer Miniport / DNE]
  <system32\DRIVERS\dne2000.sys><Deterministic Networks, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HOOKAPI / HOOKAPI]
  <\??\D:\PROGRAM FILES\RISING\RAV\HookApi.Sys><N/A>
[jqeiqdab / jqeiqdab]
  <\SystemRoot\system32\drivers\jqeiqdab.sys><N/A>
[kl1 / kl1]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[npkcrypt / npkcrypt]
  <\??\d:\Program Files\Tencent\qq\npkcrypt.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[S3Psddr / S3Psddr]
  <system32\DRIVERS\s3gnbm.sys><S3 Graphics, Inc.>
[S3SavageNB / S3SavageNB]
  <system32\DRIVERS\s3gnbm.sys><S3 Graphics, Inc.>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01]
  <\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02]
  <\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver (version 2.x) / sfsync02]
  <\SystemRoot\System32\drivers\sfsync02.sys><Protection Technology>
[CP210x USB Composite Device driver (WDM) / slabbus]
  <system32\DRIVERS\slabbus.sys><MCCI>
[CP210x USB to UART Bridge Controller Drivers / slabser]
  <system32\DRIVERS\slabser.sys><MCCI>
[TCP/IP Protocol Driver / Tcpip]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TrojanFindDriverNT / TrojanFindDriverNT]
  <\??\C:\WINDOWS\system32\NtDriver.sys><N/A>
[TSP / TSP]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[VCD VNC Virtual Network Adapter / vcddev]
  <system32\DRIVERS\vcdvnic.sys><VNN B.J.>
[VIA AGP Filter / viaagp1]
  <\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[ViaIde / ViaIde]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[VIA AC'97 Audio Controller (WDM) / VIAudio]
  <system32\drivers\viaudios.sys><VIA Technologies, Inc.>
[vsdatant / vsdatant]
  <\??\C:\WINDOWS\system32\vsdatant.sys><Zone Labs LLC>
netfly2007 - 2006-12-6 16:57:00
==================================
浏览器加载项
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[TDServer Control]
  {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} <C:\WINDOWS\DOWNLO~1\tdserver.ocx, Bitstream, Inc.>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[DjVuCtl Class]
  {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} <d:\Program Files\LizardTech\Lizardtech DjVu Control\DjVuCntl.dll, LizardTech>
[XDownload Class]
  {165D83D3-359C-4783-9BF0-6FA6DC42A3F1} <C:\WINDOWS\system32\SSDownload.dll, 北京世纪超星>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[CSClientManager Class]
  {250587D2-6704-4479-8718-3C7E163BCD75} <C:\WINDOWS\Downloaded Program Files\CSClientManagerPrj.dll, >
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[SSReaderPlug Control]
  {3359C0B1-2363-40B3-AFCA-1ABC799AC486} <C:\WINDOWS\system32\SSREAD~1.OCX, CX>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[Microsoft Office Control]
  {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <D:\PROGRA~1\MICROS~2\OFFICE11\AUTHZAX.DLL, Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[SSCtv Control]
  {611DD271-1D62-40AF-8DA0-A9C8513F9CB7} <C:\WINDOWS\system32\ssctv.ocx, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MofileUploadX Control]
  {7260569F-1D40-4E7F-B95B-2E68D35668B9} <C:\WINDOWS\system32\MoUpload.ocx, >
[PDG_Plug Class]
  {80CA289E-5844-4E7F-A225-1FA91E58A53E} <C:\WINDOWS\system32\ssieplug.dll, >
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[IEAnimBehaviorFactory Class]
  {A4639D2F-774E-11D3-A490-00C04F6843FB} <C:\PROGRA~1\COMMON~1\MICROS~1\MSORUN\MSORUN.DLL, Microsoft Corporation>
[PRBHO.HTMLDocumentCtrl]
  {AAC73F50-03DD-47E5-AD18-FDD65BF29E3D} <C:\WINDOWS\system32\ZComBHO.dll, zcom>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Microsoft DirectAnimation Control]
  {B6FFC24C-7E13-11D0-9B47-00C04FC2F51D} <C:\WINDOWS\system32\danim.dll, Microsoft Corporation>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\system\msadc\msadco.dll, Microsoft Corporation>
[OWSClientMiscApis Class]
  {BDEADE3F-C265-11D0-BCED-00A0C90AB50F} <D:\PROGRA~1\MICROS~2\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[refer_obj Class]
  {D4500D36-B642-4161-AFFC-5F924A2DD14D} <, N/A>
[TencentVmpCtl Class]
  {D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>
[VqqSpeedDlProxy Class]
  {F138084D-84D7-48CD-BEA8-04772457516E} <C:\WINDOWS\vqqsdl.dll, Tencent>
[IERPCtl Class]
  {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} <d:\Program Files\Real\RealPlayer\rpplugins\ierpplug.dll, RealNetworks, Inc.>

==================================
正在运行的进程
[PID: 924][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1052][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1076][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1120][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1132][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009)]
[PID: 1284][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1500][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1544][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1764][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 272][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [N/A, N/A]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 4, 1022]
[PID: 348][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\AdobePDF.dll]  [Adobe Systems Incorporated., 7.0.0.00]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\Adobe\Acrobat 7.0\Distillr\AdistRes.CHS]  [N/A, N/A]
[PID: 476][C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe]  [Yahoo! China, 3, 1, 7, 1023]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [N/A, N/A]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 4, 1022]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll]  [yahoo! china, 3,4,9,1100]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 2, 1011]
    [C:\Program Files\Yahoo!\Assistant\yNotifier.dll]  [yahoo! china, 3, 0, 2, 1002]
[PID: 816][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
    [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll]  [Microsoft Corporation, 7.00.9466]
[PID: 912][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1244][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 976][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2724][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 4, 1022]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll]  [Yahoo! China, 3, 0, 2, 1003]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\macromed\Flash\Flash8.ocx]  [Macromedia, Inc., 8,0,22,0]
    [C:\WINDOWS\system32\WINWB98.IME]  [Microsoft Corporation, 4.00.950]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
[PID: 632][C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.906\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 4, 1022]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
红夜鬼1 - 2006-12-6 18:54:00
【回复“netfly2007”的帖子】

运行(双击)SRENG2,点“启动项目,服务,点“驱动程序”
勾选“隐藏微软服务”选中病毒服务
000024a4
Apaidi
jqeiqdab
,选择“删除服务”
点“设置”选择“否”
重启按F8进入安全模式下
显示隐藏文件
删除:   
\SystemRoot\system32\drivers\jqeiqdab.sys
C:\WINDOWS\system32\drivers\Apaidi.sys 
\SystemRoot\system32\drivers\000024a4.SYS

推荐使用360安全卫士清理一下流氓

.360下载地址:
http://www.360safe.com/
http://www.xdowns.com/soft/8/9/2006/Soft_31554.html
使用后删除360安全卫士
netfly2007 - 2006-12-6 20:03:00
楼上的兄弟真神人也,果然是手到病除!!!
兄弟我佩服得是五体投地.
1
查看完整版本: 求助,被7333.5009.cn劫持
© 2000 - 2026 Rising Corp. Ltd.