高手给看看日志谢谢！ bbs.ikaka.com

sstone - 2007-2-9 16:29:00

[CODE]

2007-02-09,16:12:32

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [(Verified)Microsoft Corporation]
<jiajiasr><D:\Program Files\jj4\jiajiasr.exe> [加加工作组]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Corporation]
<IgfxTray><C:\WINNT\system32\igfxtray.exe> [(Verified)Intel Corporation]
<HotKeysCmds><C:\WINNT\system32\hkcmd.exe> [(Verified)Intel Corporation]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<AVP><"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
<RfwMain><"d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><75976M.BMP> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINNT\system32\klogon.dll> [Kaspersky Lab]

==================================
启动文件夹
N/A

==================================
服务
[Kaspersky Anti-Virus 6.0 / AVP][Running/Auto Start]
<"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
<d:\MICROS~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
<d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
<d:\MICROS~1\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINNT\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Stopped/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[HookUrl / HookUrl][Running/Auto Start]
<\??\d:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IdeBusDr / IdeBusDr][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Stopped/Auto Start]
<\??\d:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139/810x Family Fast Etnernet NIC NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\R8139n5.SYS><Realtek Semiconductor Corporation>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
<system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
<system32\drivers\ialmkchw.sys><Intel Corporation>

==================================
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <D:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[网页]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <d:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[JatoolsPrinter Class]
{B43D3361-D975-4BE2-87FE-057188254255} <C:\WINNT\Downloaded Program Files\jatoolsP.dll, jatools software co.,ltd>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[使用网际快车下载]
<D:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<D:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
<d:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<d:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 172][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 196][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 216][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6997]
[C:\WINNT\75976M.BMP] [N/A, N/A]
[C:\WINNT\system32\klogon.dll] [Kaspersky Lab, 6.0.1.411]
[PID: 252][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.7035]
[C:\WINNT\75976M.BMP] [N/A, N/A]
[C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3]
[PID: 264][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.7011]
[C:\WINNT\75976M.BMP] [N/A, N/A]
[PID: 464][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\75976M.BMP] [N/A, N/A]
[PID: 500][C:\WINNT\system32\spoolsv.exe] [Microsoft Corporation, 5.00.2195.7059]
[C:\WINNT\75976M.BMP] [N/A, N/A]
[PID: 540][D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe] [Kaspersky Lab, 6.0.1.411]
[D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll] [Kaspersky Lab, 6.0.1.411]
[D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\FSSync.dll] [Kaspersky Lab, 6.0.5.0]
[C:\WINNT\75976M.BMP] [N/A, N/A]
[D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\AVPGS.PPL] [Kaspersky Lab, 6.0.1.411]

sstone - 2007-2-9 16:30:00

[D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.1.411]
[D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tm.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\bl.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\wmihlpr.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\ndetect.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\crpthlpr.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\schedule.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\timer.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\thpimpl.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\lic60.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\report.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\hashmd5.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\avs.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\avpmgr.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\wdiskio.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\avlib.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\avspm.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp3info.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\og.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pdm.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\mc.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\oas.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\httpscan.ppl] [Kaspersky Lab, 6.0.1.411]
[D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klaveng.dll] [N/A, N/A]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\sc.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\procmon.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\dtreg.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\prutil.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp1.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\l_llio.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\sfdb.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\ichk2.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\icheckersa.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\httpanlz.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\smtpprotocoller.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\trafficmonitor2.ppl] [Kaspersky Lab, 6.0.1.411]
[D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\CKAHUM.dll] [Kaspersky Lab, 6.0.1.1]
[D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\CKAHComm.dll] [Kaspersky Lab, 6.0.1.1]
[D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ckahrule.dll] [Kaspersky Lab, 6.0.1.1]
[D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\SSLEAY32.dll] [The OpenSSL Project, http://www.openssl.org/, 0.9.8c]
[D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\LIBEAY32.dll] [The OpenSSL Project, http://www.openssl.org/, 0.9.8c]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pop3protocoller.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\imapprotocoller.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\nntpprotocoller.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\qb.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\hashcont.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\hccmp.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\uniarc.ppl] [Kaspersky Lab, 6.0.0.16]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\minizip.ppl] [Kaspersky Lab, 6.0.0.16]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\cab.ppl] [Kaspersky Lab, 6.0.0.16]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\arj.ppl] [Kaspersky Lab, 6.0.0.16]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\rar.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\lha.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\mdb.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\msoe.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\iwgen.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\updater2005.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\productinfo.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\updater.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\diff.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\base64p.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\updateinfo.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\updatecategory.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\updateobjectinfo.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\netsession.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\socket.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\httpsession.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\ntlm.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\base64.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\updateinstaller.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\baseinstaller.ppl] [Kaspersky Lab, 6.0.1.411]
[d:\program files\kaspersky lab\kaspersky anti-virus 6.0\execinstaller.ppl] [Kaspersky Lab, 6.0.1.411]
[PID: 564][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\75976M.BMP] [N/A, N/A]
[PID: 600][c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe] [Microsoft Corporation, 2005.090.1399.00]
[C:\WINNT\75976M.BMP] [N/A, N/A]
[PID: 712][d:\MICROS~1\MSSQL\binn\sqlservr.exe] [Microsoft Corporation, 2000.080.0194.00]
[C:\WINNT\75976M.BMP] [N/A, N/A]
[PID: 788][c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe] [Microsoft Corporation, 2005.090.1399.00]
[C:\WINNT\75976M.BMP] [N/A, N/A]
[PID: 1012][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
[C:\WINNT\75976M.BMP] [N/A, N/A]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINNT\system32\hccutils.DLL] [Intel Corporation, 3,0,0,2082]
[C:\WINNT\system32\igfxres.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINNT\system32\igfxdev.dll] [Intel Corporation, 3,0,0,2082]
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
[D:\PROGRA~1\FLASHGET\jccatch.dll] [Amaze Soft, 1, 1, 4, 0]
[D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
[D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.1.411]
[D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll] [Kaspersky Lab, 6.0.1.411]

姑苏残月 - 2007-2-9 16:32:00

<AppInit_DLLs><75976M.BMP> [N/A]
就是这个东西了
不过已经被卡巴收拾掉了，放心好了，现在安全

sstone - 2007-2-9 16:50:00

谢谢
卡巴没解决掉呢吧？
卡巴的文件监控、主动防御都起不来。
病毒还在吧？？

logicl - 2007-2-9 17:00:00

1. 杀毒前关闭系统还原(Win2000系统可以忽略）：右键我的电脑，属性，系统还原，在所有驱动器上关闭系统还原打勾即可。
清除IE的临时文件：打开IE 点工具-->Internet选项 : Internet临时文件，点“删除文件”按钮，将删除所有脱机内容打勾，点确定删除。
2.修改注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><75976M.BMP>
<AppInit_DLLs><N/A>把75976M.BMP删掉
3.重新启动进安全模式(开机之后按F8)用PowerRMV删除下面文件:
[C:\WINNT\75976M.BMP]
删除下面服务
Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINNT\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

sstone - 2007-2-9 17:32:00

我昨天删过注册表，那个bmp也删过(dos下删的)，今天又有了。

logicl - 2007-2-9 17:35:00

用PowerRMV杀.勾选"抑制杀灭对象再次生成"点"杀灭"

sstone - 2007-2-9 18:04:00

75976M.bmp删了，注册表也删了，但是一重启
C:\Documents and Settings\Administrator\Local Settings\Temp
里边又出来了一个：au.exe，前两天是一个az.exe。
卡巴斯基有时候提示有程序下载木马程序:
torjan_psw.win32.onlinegame.ew
给禁止了。
现在不知道哪里还有问题...
这个病毒好顽强!!!!!!!!!!!!!!!!!!!!!!!!!

logicl - 2007-2-9 18:08:00

引用:

【logicl的贴子】1. 杀毒前关闭系统还原(Win2000系统可以忽略）：右键我的电脑，属性，系统还原，在所有驱动器上关闭系统还原打勾即可。
清除IE的临时文件：打开IE 点工具-->Internet选项 : Internet临时文件，点“删除文件”按钮，将删除所有脱机内容打勾，点确定删除。
2.修改注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><75976M.BMP>
<AppInit_DLLs><N/A>把75976M.BMP删掉
3.重新启动进安全模式(开机之后按F8)用PowerRMV删除下面文件:
[C:\WINNT\75976M.BMP]
删除下面服务
Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINNT\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>
………………

照这个做..

瑞星卡卡安全论坛