IE主页是乱码 bbs.ikaka.com

慕容小燕 - 2006-12-19 22:55:00

IE主页是乱码 http://%77%77%77%2e%68%75%6e%64%75%6e%2e%62%69%7a/%68/
收藏夹也自动添加几个网页
一打开杀毒软件就跳出“winlogon.exe应用程序错误”，无论点确定和取消都马上关机

下面是扫描日志

2006-12-19,22:21:39

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Corporation]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<EPSON Stylus C63 Series><C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C63 Series" /O6 "USB001" /M "Stylus C63"> [SEIKO EPSON CORPORATION]
<PPHIDPAD><C:\WINPENJR\Win32\pphidpad.exe> [N/A]
<iamapp><C:\PROGRA~1\SYMANT~1\SYMANT~1\IAMAPP.EXE> [(Verified)Symantec Corporation]
<NeroCheck><C:\WINDOWS\System32\\NeroCheck.exe> [Ahead Software Gmbh]
<KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize> [Kaspersky Lab]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
<在线安装><C:\DOCUME~1\hongtuo\LOCALS~1\Temp\QGG\ylzs.exe> [N/A]
<Alitalk><C:\PROGRA~1\阿里巴巴\贸易通\AliTalk.EXE -hideframe> [Alibaba]
<Install Alitalk><C:\WINDOWS\temp\alitalk\alitalk.exe -hideframe> [N/A]
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,rundll32.exe C:\WINDOWS\System32\winsys16_061218.dll start> [N/A]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]

附件: 31067620061220190520.jpg

慕容小燕 - 2006-12-19 22:57:00

==================================
启动文件夹
[Microsoft Office]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>
[腾讯QQ]
<C:\Documents and Settings\hongtuo\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\陈守桓\QQ文件\QQ.exe [TENCENT]><N>
[腾讯TM]
<C:\Documents and Settings\hongtuo\「开始」菜单\程序\启动\腾讯TM.lnk --> C:\PROGRA~1\Tencent\QQ\TMShell.exe [腾讯公司]><N>

==================================
服务
[QoS Service / BRGNS]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[Volume Optimization / ClipArt]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\spted.dll><Microsoft Corporation>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[kavsvc / kavsvc]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[Symantec Client Firewall Service / NISSERV]
<C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE><Symantec Corporation>
[Symantec Client Firewall Accounts Manager / NISUM]
<C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE><Symantec Corporation>
[Symantec Client Firewall Proxy Service / SymPxSvc]
<C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe><Symantec Corporation>

==================================
驱动程序
[ids00026 / ids00026]
<\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys><N/A>
[ids00118 / ids00118]
<\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys><N/A>
[ids0014f / ids0014f]
<\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys><N/A>
[ids0015d / ids0015d]
<\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0015d.sys><Kaspersky Lab>
[Klick / Klick]
<\SystemRoot\System32\drivers\klick.sys><Kaspersky Lab>
[Klif / Klif]
<System32\drivers\klif.sys><Kaspersky Labs>
[Klin / Klin]
<\SystemRoot\System32\drivers\klin.sys><Kaspersky Lab>
[Klmc / Klmc]
<System32\drivers\klmc.sys><Kaspersky Lab>
[klstm / klstm]
<\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys><Kaspersky Lab>
[PNP21406 / PNP21406]
<\SystemRoot\System32\Drivers\pnp21406.sys><Anti Driver>
[ppmoucls / ppmoucls]
<System32\DRIVERS\ppmoucls.sys><N/A>
[PenPower Touchpad / pptchpad]
<System32\DRIVERS\pptchpd5.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<System32\DRIVERS\secdrv.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1]
<System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[SYMDNS / SYMDNS]
<\??\C:\WINDOWS\System32\Drivers\SYMDNS.SYS><Symantec Corporation>
[SYMFW / SYMFW]
<\??\C:\WINDOWS\System32\Drivers\SYMFW.SYS><Symantec Corporation>
[SYMIDS / SYMIDS]
<\??\C:\WINDOWS\System32\Drivers\SYMIDS.SYS><Symantec Corporation>
[SYMIDSCO / SYMIDSCO]
<\??\C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS><Symantec Corporation>
[SYMNDIS / SYMNDIS]
<\??\C:\WINDOWS\System32\Drivers\SYMNDIS.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV]
<\??\C:\WINDOWS\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI]
<\??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[TSP / TSP]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Labs>

慕容小燕 - 2006-12-19 23:00:00

浏览器加载项
[迅彩图铃通]
{1D8E8710-88F8-4d6e-AD7C-1437937E82A9} <C:\Program Files\FLISoft\Capture Studio\xuncaiie.dll, 迅彩科技>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[迅彩图铃通]
{1D8E8710-88F8-4d6e-AD7C-1437937E82A9} <C:\Program Files\FLISoft\Capture Studio\xuncaiie.dll, 迅彩科技>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll, Kaspersky Lab>
[DownLoad Class]
{276BF72D-CA22-4237-9BCF-593B4E490DE9} <C:\WINDOWS\Downloaded Program Files\AliTalk_WebUpdate.dll, >
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[ 发送到手机<迅彩图铃通>]
<C:\WINDOWS\System32\xuncaiie.htm, N/A>
[Download All by FlashGet]
<E:\flashget\jc_all.htm, N/A>
[Download using FlashGet]
<E:\flashget\jc_link.htm, N/A>
[上传到QQ网络硬盘]
<D:\陈守桓\QQ文件\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<D:\陈守桓\QQ文件\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\陈守桓\QQ文件\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\陈守桓\QQ文件\SendMMS.htm, N/A>
=================================
正在运行的进程
[PID: 484][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 532][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 556][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 600][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 612][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 772][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 824][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 900][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 936][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1240][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] [Kaspersky Lab, 5.0.227.1]
[PID: 1368][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\system32\EBPMON24.DLL] [SEIKO EPSON CORPORATION, 1, 4, 0, 0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll] [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 1476][C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE] [SEIKO EPSON CORPORATION, 3.08]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 1484][C:\WINPENJR\Win32\pphidpad.exe] [N/A, N/A]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 1496][C:\PROGRA~1\SYMANT~1\SYMANT~1\IAMAPP.EXE] [Symantec Corporation, 5.0.0.375]
[C:\PROGRA~1\SYMANT~1\SYMANT~1\iamevent.dll] [Symantec Corporation, 5.0.0.375]
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NISRES.DLL] [N/A, N/A]
[C:\WINDOWS\System32\SYMSTORE.dll] [Symantec Corporation, 4.6.0.53]
[C:\PROGRA~1\SYMANT~1\SYMANT~1\IAMLOG.dll] [Symantec Corporation, 5.0.0.375]
[C:\PROGRA~1\SYMANT~1\SYMANT~1\N32USERL.DLL] [Symantec Corporation, 5.0.0.375]
[C:\PROGRA~1\SYMANT~1\SYMANT~1\UMCBK.DLL] [Symantec Corporation, 5.0.0.375]
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NISALERT.DLL] [Symantec Corporation, 5.0.0.375]
[C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUMPS.DLL] [Symantec Corporation, 5.0.0.375]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[C:\PROGRA~1\SYMANT~1\SYMANT~1\IAMCPL.CPL] [Symantec Corporation, 5.0.0.375]
[C:\PROGRA~1\SYMANT~1\SYMANT~1\tlevel.dll] [Symantec Corporation, 5.0.0.375]
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL] [Symantec Corp., 4.1.0.15]
[C:\Program Files\Common Files\Symantec Shared\BRUNOALE.DLL] [Symantec Corporation, 5.0.0.375]
[C:\Program Files\Common Files\Symantec Shared\PProfile.dll] [Symantec Corporation, 5.0.0.375]
[PID: 1572][C:\DOCUME~1\hongtuo\LOCALS~1\Temp\QGG\ylzs.exe] [N/A, N/A]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 1628][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 3]
[C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 1648][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3536]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 1672][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 1732][D:\陈守桓\QQ文件\QQ.exe] [TENCENT, 0, 0, 0, 0]
[D:\陈守桓\QQ文件\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\QQHelperDll.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\BasicCtrlDll.dll] [Tencent, 5, 0, 200, 160]
[D:\陈守桓\QQ文件\QQAPI.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[D:\陈守桓\QQ文件\LoginCtrl.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 3, 2, 1]
[D:\陈守桓\QQ文件\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]
[D:\陈守桓\QQ文件\QQRes.dll] [tencent, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\QQMainFrame.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\CQQApplication.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\NewSkin.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\HostingMgr.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\CameraDll.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\MailSummary.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\QQSpace.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\System32\msdmo.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\QQGroupMng.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\GroupLive.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\UserDefinedHead.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\QQPlugin.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\QQConfigPlugin.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\QQSysMsgMng.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\QQAllInOne.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\SCCore.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\QQCustomFace.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\LongConnection.dll] [tencent, 5, 0, 200, 160]
[D:\陈守桓\QQ文件\QRingMng.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\PhoneAPI.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[D:\陈守桓\QQ文件\QQPet.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\QQAvatar.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[D:\陈守桓\QQ文件\ImageOle.dll] [TODO: <Company name>, 1.0.0.1]
[C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx] [Macromedia, Inc., 8,0,22,0]
[D:\陈守桓\QQ文件\QQSceneMng.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\BQQApplication.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\GroupConnection.dll] [Tencent, 5, 0, 202, 170]
[D:\陈守桓\QQ文件\QQPhoneHelper.dll] [腾讯科技（深圳）有限公司, 2, 1, 1, 12]
[D:\陈守桓\QQ文件\CommercesMng.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[D:\陈守桓\QQ文件\QQUdpGetFileLib.dll] [tencent, 0, 2, 2, 3]
[D:\陈守桓\QQ文件\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 200]
[PID: 1888][D:\陈守桓\QQ文件\TIMPlatform.exe] [tencent, 0, 3, 1, 8]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[D:\陈守桓\QQ文件\TIMProxy.dll] [tencent, 0, 3, 2, 4]

慕容小燕 - 2006-12-19 23:02:00

[PID: 1984][C:\WINDOWS\System32\cmd.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2024][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 2044][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 264][C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE] [Symantec Corporation, 5.0.0.375]
[C:\WINDOWS\System32\SYMSTORE.dll] [Symantec Corporation, 4.6.0.53]
[C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUMPS.DLL] [Symantec Corporation, 5.0.0.375]
[PID: 444][C:\WINDOWS\System32\conime.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 868][C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE] [Symantec Corporation, 5.0.0.375]
[C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\IAMLOG.dll] [Symantec Corporation, 5.0.0.375]
[C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\iamevent.dll] [Symantec Corporation, 5.0.0.375]
[C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISRES.DLL] [N/A, N/A]
[C:\WINDOWS\System32\SYMSTORE.dll] [Symantec Corporation, 4.6.0.53]
[C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUMPS.DLL] [Symantec Corporation, 5.0.0.375]
[PID: 952][C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe] [Symantec Corporation, 5.0.0.375]
[C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymProxy.dll] [Symantec Corporation, 5.0.0.375]
[C:\WINDOWS\System32\SYMREDIR.dll] [Symantec Corporation, 4.6.0.53]
[C:\WINDOWS\System32\SYMSTORE.dll] [Symantec Corporation, 4.6.0.53]
[C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISALERT.DLL] [Symantec Corporation, 5.0.0.375]
[C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISRES.DLL] [N/A, N/A]
[C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\ProxyIM.DLL] [Symantec Corporation, 5.0.0.375]
[C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\StrmFilt.dll] [Symantec Corporation, 5.0.0.375]
[C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymIConv.dll] [Symantec Corporation, 5.0.0.375]
[C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxAlt.dll] [Symantec Corporation, 5.0.0.375]
[C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymURL.dll] [Symantec Corporation, 5.0.0.375]
[C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\iamevent.dll] [Symantec Corporation, 5.0.0.375]
[C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\PrxyNNTP.DLL] [Symantec Corporation, 5.0.0.375]
[C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\PrxyHTTP.dll] [Symantec Corporation, 5.0.0.375]
[C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUMPS.DLL] [Symantec Corporation, 5.0.0.375]
[PID: 2592][C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\ATRACK.EXE] [Symantec Corporation, 5.0.0.375]
[C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\iamevent.dll] [Symantec Corporation, 5.0.0.375]
[C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISRES.DLL] [N/A, N/A]
[C:\WINDOWS\System32\SYMSTORE.dll] [Symantec Corporation, 4.6.0.53]
[C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUMPS.DLL] [Symantec Corporation, 5.0.0.375]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\tdit_msg.dll] [Symantec Corporation, 5.0.0.375]
[PID: 2916][C:\WINDOWS\System32\wuauclt.exe] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 3524][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\Program Files\FLISoft\Capture Studio\xuncaiie.dll] [迅彩科技, 2, 0, 0, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] [Kaspersky Lab, 1.0.227.342]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] [Kaspersky Lab, 1.0.227.3]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] [Kaspersky Lab, 5.0.227.0]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] [Kaspersky Lab, 5.0.227.0]
[C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx] [Macromedia, Inc., 8,0,22,0]
[PID: 4048][D:\陈守桓\QQ文件\QQLiveUpdate.exe] [, 1, 29, 0, 1036]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 1312][D:\陈守桓\QQ文件\QQ.exe] [TENCENT, 0, 0, 0, 0]
[D:\陈守桓\QQ文件\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\QQHelperDll.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\BasicCtrlDll.dll] [Tencent, 5, 0, 200, 160]
[D:\陈守桓\QQ文件\QQAPI.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[D:\陈守桓\QQ文件\LoginCtrl.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 3, 2, 1]
[D:\陈守桓\QQ文件\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]
[D:\陈守桓\QQ文件\QQRes.dll] [tencent, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\QQMainFrame.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\CQQApplication.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\NewSkin.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\HostingMgr.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\CameraDll.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\MailSummary.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\QQSpace.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\System32\msdmo.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\QQGroupMng.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\GroupLive.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\UserDefinedHead.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\QQPlugin.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\QQAllInOne.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\SCCore.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\QQCustomFace.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\QQPet.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\QQSysMsgMng.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\QQConfigPlugin.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\QRingMng.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\PhoneAPI.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[D:\陈守桓\QQ文件\LongConnection.dll] [tencent, 5, 0, 200, 160]
[D:\陈守桓\QQ文件\QQAvatar.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[D:\陈守桓\QQ文件\BQQApplication.dll] [N/A, N/A]
[D:\陈守桓\QQ文件\CommercesMng.dll] [, 1, 0, 0, 1]
[D:\陈守桓\QQ文件\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[D:\陈守桓\QQ文件\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 200]
[D:\陈守桓\QQ文件\QQPhoneHelper.dll] [腾讯科技（深圳）有限公司, 2, 1, 1, 12]
[D:\陈守桓\QQ文件\QQSceneMng.dll] [N/A, N/A]
[C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx] [Macromedia, Inc., 8,0,22,0]
[D:\陈守桓\QQ文件\ImageOle.dll] [TODO: <Company name>, 1.0.0.1]
[D:\陈守桓\QQ文件\QQMagicFace.dll] [, 1, 0, 0, 1]
[PID: 3572][E:\flashget\flashget.exe] [Amaze Soft, 1, 7, 1, 0]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 2060][D:\程序\SREng2-v2.2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
=================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
[autorun]
open=d:\mplay.com

==================================
HOSTS 文件
127.0.0.1 localhost

==================================

秋日里的蓝天 - 2006-12-19 23:31:00

重新启动电脑，自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。）

运行(双击)SRENG2，点“启动项目，服务，点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
QoS Service
Volume Optimization
，选择“删除服务”
点“设置”选择“否”

关闭所有浏览窗口以及一些不必要的程序
运行SREng2,使用“启动项目”－－注册表－－选中以下的项删除
C:\WINPENJR\Win32\pphidpad.exe

运行SREng2,使用“启动项目”－－注册表－－选择要修改的项
C:\WINDOWS\system32\userinit.exe,rundll32.exe C:\WINDOWS\System32\winsys16_061218.dll start
，点“编辑”在“值”里删除rundll32.exe C:\WINDOWS\System32\winsys16_061218.dll start

显示隐藏文件
删除：
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL
C:\WINDOWS\System32\spted.dll
C:\WINPENJR\Win32\pphidpad.exe
C:\WINDOWS\System32\winsys16_061218.dll

慕容小燕 - 2006-12-20 14:54:00

没有发现
QoS Service
Volume Optimization

全部都按照上面的步骤操作后,电脑无法正常启动

另外,因为我这台电脑是双系统
一个C盘,一个D盘
中毒的是D盘这个
这几天用的是C盘这个系统
所以连C盘的系统也感染了
但还没出现winlogon.exe应用程序错误的情况
只是主页变成乱码和收藏夹和桌面自动添加网页

红夜鬼1 - 2006-12-20 15:04:00

http://forum.ikaka.com/topic.asp?board=28&artid=8229638
参考

慕容小燕 - 2006-12-20 15:42:00

还是不行啊
一开机又变回原样了

秋日里的蓝天 - 2006-12-20 19:07:00

引用:

【慕容小燕的贴子】没有发现
QoS Service
Volume Optimization

全部都按照上面的步骤操作后,电脑无法正常启动

另外,因为我这台电脑是双系统
一个C盘,一个D盘
中毒的是D盘这个
这几天用的是C盘这个系统
所以连C盘的系统也感染了
但还没出现winlogon.exe应用程序错误的情况
只是主页变成乱码和收藏夹和桌面自动添加网页

………………

请问你是怎么修复的,可以说一下吧!

双系统两个都扫描上来

慕容小燕 - 2006-12-20 21:06:00

引用:

【秋日里的蓝天的贴子】

请问你是怎么修复的,可以说一下吧!

双系统两个都扫描上来

………………

就是按照你上面说的那个方法
弄完之后就开不了机

现在的情况是这样的
一开机就跳出explorer.exe应用程序错误的框，两次
还有一个服务器正在运行的框
然后就是无论打开IE或其它软件就跳出winlogon.exe应用程序错误

另外请帮忙看看Explorer.EXE 这个程序是不是有问题
谢谢！！

附件: 31067620061220205749.jpg

秋日里的蓝天 - 2006-12-20 21:12:00

请重新扫描上来

秋日里的蓝天 - 2006-12-20 21:15:00

重启按F8进入安全模式下使用杀毒软件清理系统

慕容小燕 - 2006-12-20 21:31:00

2006-12-20,21:11:17

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2, v.2096 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><D:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<MsnMsgr><"D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<TQ><D:\Program Files\TQ洽谈通\TQ.exe -FrmReg> [北京商之讯]
<TkBellExe><"D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<YLive.exe><D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [Yahoo! China]
<yassistse><"D:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"> [Yahoo!]
<WebThunder><D:\Program Files\Thunder Network\WebThunder\WebThunder.exe> [深圳市迅雷网络技术有限公司]
<svchost.exe><D:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [(Verified)Realtek Semiconductor Corp.]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
<KAVPersonal50><D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize> [Kaspersky Lab]
<HotKeysCmds><; D:\WINDOWS\system32\hkcmd.exe> [(Verified)Intel Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><D:\WINDOWS\system32\Userinit.exe> [(Verified)Microsoft Corporation]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Corporation]
<{1A404685-7563-4d02-B0F6-58B308A406A9}><d:\program files\msn messenger\lzmqcnqv.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Corporation]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Corporation]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Corporation]
<SysTray><D:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Corporation]
<UPnPMonitor><D:\WINDOWS\system32\upnpui.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Corporation]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><D:\WINDOWS\System32\logon.scr> [(Verified)Microsoft Corporation]
==================================
启动文件夹
[Microsoft Office]
<D:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> D:\PROGRA~1\MICROS~2\Office10\OSA.EXE [Microsoft Corporation]><N>
[腾讯QQ]
<D:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\陈守桓\重要文件\QQ.exe [TENCENT]><N>

==================================
服务
[Registry Protector / BRGNS]
<D:\WINDOWS\SYSTEM32\RUNDLL32.EXE D:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[Remote Registry Protect / ClipArt]
<D:\WINDOWS\System32\svchost.exe -k netsvcs-->D:\WINDOWS\system32\spted.dll><N/A>
[Human Interface Device Access / HidServ]
<D:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[kavsvc / kavsvc]
<D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe><Kaspersky Lab>
[Windows DHCP Service / WinDHCPsvc]
<D:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>
[Windows_rejoice / Windows_rejoice]
<D:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice4.exe><N/A>
[WinXP DHCP Service / WinXPDHCPsvc]
<D:\WINDOWS\system32\rundll32.exe xpdhcp.dll,start><Microsoft Corporation>

==================================
驱动程序
[ADProt / ADProt]
<\SystemRoot\system32\drivers\ADProt.sys><N/A>
[aeaudio / aeaudio]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[afibcffi / afibcffi]
<\??\D:\WINDOWS\system32\drivers\afibcffi.sys><中国互联网络信息中心(CNNIC)>
[Service for WDM 3D Audio Driver / ALCXSENS]
<system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[bhcfgidc / bhcfgidc]
<\??\D:\WINDOWS\system32\drivers\bhcfgidc.sys><中国互联网络信息中心(CNNIC)>
[bjbcdgcc / bjbcdgcc]
<\??\D:\WINDOWS\system32\drivers\bjbcdgcc.sys><中国互联网络信息中心(CNNIC)>
[ccajjeec / ccajjeec]
<\??\D:\WINDOWS\system32\drivers\ccajjeec.sys><中国互联网络信息中心(CNNIC)>
[dhhfdicj / dhhfdicj]
<\??\D:\WINDOWS\system32\drivers\dhhfdicj.sys><中国互联网络信息中心(CNNIC)>
[eidbebda / eidbebda]
<\??\D:\WINDOWS\system32\drivers\eidbebda.sys><中国互联网络信息中心(CNNIC)>
[ejbjfahi / ejbjfahi]
<\??\D:\WINDOWS\system32\drivers\ejbjfahi.sys><中国互联网络信息中心(CNNIC)>
[fbfdgjdh / fbfdgjdh]
<\??\D:\WINDOWS\system32\drivers\fbfdgjdh.sys><中国互联网络信息中心(CNNIC)>
[fgcebjfc / fgcebjfc]
<\??\D:\WINDOWS\system32\drivers\fgcebjfc.sys><中国互联网络信息中心(CNNIC)>
[gbejcgfb / gbejcgfb]
<\??\D:\WINDOWS\system32\drivers\gbejcgfb.sys><中国互联网络信息中心(CNNIC)>
[ggjfggjb / ggjfggjb]
<\??\D:\WINDOWS\system32\drivers\ggjfggjb.sys><中国互联网络信息中心(CNNIC)>
[hdegeefd / hdegeefd]
<\??\D:\WINDOWS\system32\drivers\hdegeefd.sys><中国互联网络信息中心(CNNIC)>
[hjhgdehb / hjhgdehb]
<\??\D:\WINDOWS\system32\drivers\hjhgdehb.sys><中国互联网络信息中心(CNNIC)>
[ialm / ialm]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[iddbiedf / iddbiedf]
<\??\D:\WINDOWS\system32\drivers\iddbiedf.sys><中国互联网络信息中心(CNNIC)>
[jdjfadff / jdjfadff]
<\??\D:\WINDOWS\system32\drivers\jdjfadff.sys><中国互联网络信息中心(CNNIC)>
[jegjfjgc / jegjfjgc]
<\??\D:\WINDOWS\system32\drivers\jegjfjgc.sys><中国互联网络信息中心(CNNIC)>
[jfaihfaa / jfaihfaa]
<\??\D:\WINDOWS\system32\drivers\jfaihfaa.sys><中国互联网络信息中心(CNNIC)>
[KLIF / KLIF]
<\??\D:\WINDOWS\system32\drivers\klif.sys><Kaspersky Labs>
[Klmc / Klmc]
<System32\drivers\klmc.sys><Kaspersky Lab>
[kmsinput / kmsinput]
<\??\D:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[lfoemho / lfoemho]
<\SystemRoot\\SystemRoot\System32\drivers\lfoemho.sys><N/A>
[npkcrypt / npkcrypt]
<\??\D:\陈守桓\重要文件\npkcrypt.sys><N/A>
[Padus ASPI Shell / pfc]
<system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Coolpad Mobile Phone Interface (PID 3197) / qcusbmdm]
<system32\DRIVERS\qcusbmdm.sys><QUALCOMM Incorporated>
[Coolpad Diagnostic Port 3197 / qcusbser]
<system32\DRIVERS\qcusbser.sys><QUALCOMM Incorporated>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[TSP / TSP]
<\??\D:\WINDOWS\system32\drivers\klif.sys><Kaspersky Labs>

慕容小燕 - 2006-12-20 21:39:00

浏览器加载项
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\Program Files\Thunder Network\WebThunder\WebThunderBHO_015.dll, Thunder Networking Technologies,LTD>
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\陈守桓\重要文件\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <D:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, >
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <D:\WINDOWS\Downloaded Program Files\CnsHook.dll, 北京三七二一科技有限公司>
[Yahoo 3.5G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
{59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[雅虎WIDGET]
{6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\陈守桓\重要文件\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\陈守桓\重要文件\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <D:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <D:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[MsnMessengerSetupDownloadControl Class]
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <D:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <D:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\Program Files\Thunder Network\WebThunder\WebThunderBHO_015.dll, Thunder Networking Technologies,LTD>
[Microsoft Office Spreadsheet 9.0]
{0002E510-0000-0000-C000-000000000046} <D:\PROGRA~1\MICROS~2\Office10\MSOWC.DLL, N/A>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <D:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[MMCPlayer Class]
{05C1004E-2596-48E5-8E26-39362985EEB9} <D:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[assist]
{1B0E7716-898E-48CC-9690-4E338E8DE1D3} <D:\PROGRA~1\3721\Assist\assist.dll, >
[GDHidCtrl Class]
{220ED87A-CB03-45A8-A81E-1C5597E11186} <D:\WINDOWS\system32\GDHidUsr\GDHidUsr.dll, >
[RealPlayer SMIL Download Handler]
{224E833B-2CC6-42D9-AE39-90B6A38A4FA2} <D:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <D:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DownLoad Class]
{276BF72D-CA22-4237-9BCF-593B4E490DE9} <D:\WINDOWS\Downloaded Program Files\AliTalk_WebUpdate.dll, >
[RealPlayer RAM Download Handler]
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <D:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <D:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <D:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[Yahoo!Photo]
{33BBE430-0E42-4F12-B075-8D21ACB10DCB} <D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll, Yahoo! China>
[MsHelp Class]
{33C3992F-1963-49BE-88D7-974C8EE564B5} <D:\WINDOWS\system32\MsHelper.dll, Microsofts>
[{3676996C-D8C6-4356-B4BE-3A80400C606E}]
{3676996C-D8C6-4356-B4BE-3A80400C606E} <D:\WINDOWS\DOWNLO~1\44DVD_~1.OCX, 17BoBo.com>
[Microsoft DirectAnimation Structured Graphics]
{369303C2-D7AC-11D0-89D5-00A0C90833E6} <D:\WINDOWS\system32\Daxctle.ocx, Microsoft Corporation>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <D:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[HHCtrl Object]

慕容小燕 - 2006-12-20 21:40:00

{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <D:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <D:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\陈守桓\重要文件\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Yahoo!Live]
{57421194-58FB-49AE-9B4F-FD48869B9AD4} <D:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll, >
[BitSrazt Class]
{5F97431B-BAE3-50E2-AD13-D6A5BD7E5457} <D:\WINDOWS\DOWNLO~1\sfmgdu.dll, gjvkvsoft>
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <D:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, >
[AdPutHelper.AdHelper]
{631EDC67-F035-49BA-B8BC-983B474E9BB4} <D:\WINDOWS\system32\AdPutHelper.dll, chuangya>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[CCtInf Class]
{6DBB2904-082D-4DB0-944A-21C22BA121F4} <D:\WINDOWS\system32\BANKCE~1.DLL, >
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <D:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[VnetAnprIns Class]
{74447F9C-5691-4A9A-8BE4-564092E40B03} <D:\WINDOWS\Downloaded Program Files\anprins.dll, 中国电信股份有限公司>
[AutoLive]
{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <D:\PROGRA~1\3721\autolive.dll, >
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <D:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <D:\WINDOWS\system32\SUBMIT~1.DLL, >
[XZR_Activex Control]
{90F3B5B2-E796-4C8D-97D2-02790652534F} <D:\WINDOWS\DOWNLO~1\XZR_AC~1.OCX, Bol>
[LiveMediaOcx Control]
{9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} <D:\PROGRA~1\Tencent\QQLive\QQLive.ocx, N/A>
[photo_uploader Control]
{A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} <D:\PROGRA~1\Netease\000\popo2004\PHOTO_~1.OCX, N/A>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <D:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <D:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[MsnMessengerSetupDownloadControl Class]
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <D:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[]
{B69003B3-C55E-4B48-836C-BC5946FC3B28} <D:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[Microsoft DirectAnimation Control]
{B6FFC24C-7E13-11D0-9B47-00C04FC2F51D} <D:\WINDOWS\system32\danim.dll, Microsoft Corporation>
[3721]
{B83FC273-3522-4CC6-92EC-75CC86678DA4} <D:\WINDOWS\Downloaded Program Files\CnsMin.dll, 北京三七二一科技有限公司>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <D:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[i-Nav IE Install Helper]
{CE000998-A58C-4441-8938-744CD72AB27F} <, N/A>
[Ppinstall Control]
{CF051549-EDE1-40F5-B440-BCD646CF2C25} <D:\WINDOWS\DOWNLO~1\PPINST~1.OCX, 网易 NetEase>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <D:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <D:\WINDOWS\Downloaded Program Files\CnsHook.dll, 北京三七二一科技有限公司>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[VnetAnpr Class]
{E1207373-6721-4AAD-888B-C8C5A0209E17} <D:\WINDOWS\system32\.vnetplugin_\_0\anpr.dll, N/A>
[Csyshelper Object]
{E16BB625-16F1-4338-AA38-098F6873AC24} <D:\WINDOWS\system32\syshelper.dll, TODO: <公司名>>
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <D:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[IcbcSslCacheCleanerCtrl Class]
{E9707834-5BF7-4CFF-A639-398427DE1991} <D:\WINDOWS\Downloaded Program Files\IcbcSslCacheCleaner.dll, 中国工商银行>
[Msp Class]
{EF9F1C48-1A63-495A-9317-B7B71B34A9CF} <D:\WINDOWS\Downloaded Program Files\dddmsp.dll, >
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} <D:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, N/A>
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yassist.dll, Yahoo!>
[上传到QQ网络硬盘]
<D:\陈守桓\重要文件\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
<D:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
<D:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[添加到QQ自定义面板]
<D:\陈守桓\重要文件\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\陈守桓\重要文件\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\陈守桓\重要文件\SendMMS.htm, N/A>
==================================
正在运行的进程
[PID: 148][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 212][\??\D:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 236][\??\D:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[d:\program files\msn messenger\lzmqcnqv.dll] [, 1, 0, 0, 11]
[PID: 280][D:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 292][D:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 464][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 496][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 572][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 760][D:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2096 (xpsp_sp2_rc1.040311-2315)]
[D:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] [Kaspersky Lab, 5.0.142.1]
[D:\PROGRA~1\3721\assist\wiper.dll] [N/A, 1, 0, 0, 1012]
[D:\WINDOWS\DOWNLO~1\CnsMinIO.dll] [北京三七二一科技有限公司, 1, 0, 3, 7]
[d:\program files\msn messenger\lzmqcnqv.dll] [, 1, 0, 0, 11]
[PID: 888][D:\程序\SREng2-v2.2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["D:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
[autorun]
open=d:\mplay.com

==================================
HOSTS 文件
127.0.0.1 localhost

==================================

秋日里的蓝天 - 2006-12-20 22:26:00

重新启动电脑，自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。）

关闭所有浏览窗口以及一些不必要的程序
运行SREng2,使用“启动项目”－－注册表－－选中以下的项删除
D:\WINDOWS\system32\svchost.exe
d:\program files\msn messenger\lzmqcnqv.dll

运行(双击)SRENG2，点“启动项目，服务，点“驱动程序”
勾选“隐藏已认证的微软项目”选中病毒服务
lfoemho
afibcffi
bhcfgidc / bhcfgidc]
bjbcdgcc / bjbcdgcc]
ccajjeec / ccajjeec]
dhhfdicj / dhhfdicj]
eidbebda / eidbebda]
ejbjfahi / ejbjfahi]
fbfdgjdh / fbfdgjdh]
fgcebjfc / fgcebjfc]
gbejcgfb / gbejcgfb]
ggjfggjb / ggjfggjb]
hdegeefd / hdegeefd]
hjhgdehb / hjhgdehb]
iddbiedf / iddbiedf]
jdjfadff / jdjfadff]
jegjfjgc / jegjfjgc]
jfaihfaa
选择“删除服务”
点“设置”选择“否”

运行(双击)SRENG2，点“启动项目，服务，点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
Registry Protector
Remote Registry Protect
Windows DHCP Service
Windows_rejoice
WinXP DHCP Service
，选择“删除服务”
点“设置”选择“否”

显示隐藏文件
删除：
D:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL
D:\WINDOWS\system32\spted.dll
D:\WINDOWS\system32\windhcp.ocx
D:\WINDOWS\system32\xpdhcp.dll
D:\WINDOWS\System32\drivers\lfoemho.sys
d:\program files\msn messenger\lzmqcnqv.dll
d:\mplay.com
d:\Autorun.inf
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\drivers\afibcffi.sys
D:\WINDOWS\system32\drivers\bhcfgidc.sys><中国互联网络信息中心(CNNIC)>
D:\WINDOWS\system32\drivers\bjbcdgcc.sys><中国互联网络信息中心(CNNIC)>
D:\WINDOWS\system32\drivers\ccajjeec.sys><中国互联网络信息中心(CNNIC)>
D:\WINDOWS\system32\drivers\dhhfdicj.sys><中国互联网络信息中心(CNNIC)>
D:\WINDOWS\system32\drivers\eidbebda.sys><中国互联网络信息中心(CNNIC)>
D:\WINDOWS\system32\drivers\ejbjfahi.sys><中国互联网络信息中心(CNNIC)>
D:\WINDOWS\system32\drivers\fbfdgjdh.sys><中国互联网络信息中心(CNNIC)>
D:\WINDOWS\system32\drivers\fgcebjfc.sys><中国互联网络信息中心(CNNIC)>
D:\WINDOWS\system32\drivers\gbejcgfb.sys><中国互联网络信息中心(CNNIC)>
D:\WINDOWS\system32\drivers\ggjfggjb.sys><中国互联网络信息中心(CNNIC)>
D:\WINDOWS\system32\drivers\hdegeefd.sys><中国互联网络信息中心(CNNIC)>
D:\WINDOWS\system32\drivers\hjhgdehb.sys
D:\WINDOWS\system32\drivers\iddbiedf.sys><中国互联网络信息中心(CNNIC)>
D:\WINDOWS\system32\drivers\jdjfadff.sys><中国互联网络信息中心(CNNIC)>
D:\WINDOWS\system32\drivers\jegjfjgc.sys><中国互联网络信息中心(CNNIC)>
D:\WINDOWS\system32\drivers\jfaihfaa.sys

下载个奇虎360清理一下插件

瑞星卡卡安全论坛