mssys.exe,cdsdf.exe,是不是恶意软件进程 bbs.ikaka.com

邀月无缺 - 2007-3-17 19:45:00

这个是我的扫描日志

2007-03-17,19:30:57

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<KavPFW><"C:\KAV2007\KPFW32.EXE"> [Kingsoft Corporation]
<STYLEXP><; C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide> [N/A]
<Vagaa><; "D:\Program Files\Vagaa\Vagaa.exe" -tray> [Vagaa Development Team]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SiS Windows KeyHook><; C:\WINDOWS\system32\keyhook.exe> [Silicon Integrated Systems Corporation]
<KavStart><"C:\KAV2007\KAVStart.exe" -startup> [Kingsoft Corporation]
<AGRSMMSG><; AGRSMMSG.exe> [(Verified)Agere Systems]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<iTunesHelper><; "C:\Program Files\iTunes\iTunesHelper.exe"> [Apple Computer, Inc.]
<mhs2><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhs2.exe> [N/A]
<ms><; C:\Program Files\Microsoft\svhost32.exe> [N/A]
<OrderReminder><; C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe> [Hewlett-Packard]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<QkOnBtn><; C:\Program Files\QBU\QkOnBtn.EXE> [Dritek System Inc.]
<SiSPower><; Rundll32.exe SiSPower.dll,ModeAgent> [Silicon Integrated Systems Corporation]
<SoundMan><; SOUNDMAN.EXE> [(Verified)Realtek Semiconductor Corp.]
<StormCodec_Helper><; "d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [N/A]
<WebThunder><; d:\Program Files\Thunder Network\WebThunder\WebThunder.exe> [深圳市迅雷网络技术有限公司]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<360Safe><Rundll32.exe C:\PROGRA~1\360safe\AntiAdwa.dll,KillAdware> [360Safe.com]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<Nice><C:\Program Files\Common Files\Microsoft Shared\MSINFO\LSASS.EXE> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe realshed.exe> [N/A]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
<UIHost><LogonUI.EXE> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{06A48AD9-FF57-4E73-937B-B493E72F4226}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk> [N/A]
<{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<sydr><C:\PROGRA~1\yxcq\sydr.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg]
<WinlogonNotify: cryptimg><cryptimg.dll> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{623D33B3-1E70-4705-88E9-649522AF6268}><C:\WINDOWS\system32\wbem\cbzcsvrl.dll> [N/A]

==================================
启动文件夹
[QQ游戏启动加速程序]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> D:\PROGRA~1\Tencent\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[3B71FD46 / 3B71FD46]
<C:\WINDOWS\system32\3B71FD46.EXE -service><N/A>
[ASP.NET State Service / aspnet_state]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Autodesk Licensing Service / Autodesk Licensing Service]
<"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[Std baft Service / baft]
<C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\wvxl\gfkv.dll,Service -s><Microsoft Corporation>
[C50908D4 / C50908D4]
<C:\WINDOWS\system32\C50908D4.EXE -service><Microsoft Corporation>
[sdhcvs / edfscv]
<C:\WINDOWS\system32\fgdfsdf.exe -service><Microsoft Corporation>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPodService / iPodService]
<C:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[Kingsoft Personal Firewall Service / KPfwSvc]
<"C:\KAV2007\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc]
<C:\KAV2007\KWatch.EXE><Kingsoft Corporation>
[Messenger / Messenger]
<C:\WINDOWS\System32\svchost -k DcomLaunch-->C:\WINDOWS\system32\msgsvc.dll><Microsoft Corporation>
[Navoct / Navoct]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\Program Files\iesnap\navoct.dll>< >
[Net Event / Net Event]
<C:\WINDOWS\system32\netevent.exe><N/A>
[System Administrator / Popular]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\hrwjd.dll><Microsoft Corporation>
[REM0TE REGISTRY / REM0TEREGISTRY]
<C:\WINDOWS\system\REM0REG.EXE><N/A>
[RestoreService / RestoreService]
<C:\WINDOWS\system32\Svchost.exe -k RestoreService-->C:\WINDOWS\system32\drivers\restore.dll><Microsoft Corporation All rights reserved>
[sqlserver support for winnt / sqlservech]
<C:\WINDOWS\System32\svchost.exe -k sqlservech-->c:\windows\system32\sqlservech.dll><Microsoft Corporation>
[NT Data Provider / WalALET]
<C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\VLHPV.DLL,Export 1087><Microsoft Corporation>
[Windows Login / Windows Login]
<C:\WINDOWS\system32\mslogin.exe><N/A>

邀月无缺 - 2007-3-17 19:45:00

驱动程序
[acpidisk / acpidisk]
<2 - 系统找不到指定的文件。
><N/A>
[Agere Systems Soft Modem / AgereSoftModem]
<system32\DRIVERS\AGRSM.sys><Agere Systems>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[bjdcjhee / bjdcjhee]
<\SystemRoot\system32\drivers\bjdcjhee.sys><N/A>
[Dritek HotKey Keyboard Filter Driver / DKbFltr]
<System32\Drivers\DKbFltr.sys><Dritek System Inc.>
[fkwld / fkwld]
<system32\drivers\fkwld.sys><Microsoft Corporation>
[GEARAspiWDM / GEARAspiWDM]
<System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[hidproc / hidproc]
<\??\C:\WINDOWS\system32\drivers\hidproc.sys><N/A>
[i82440bx / i82440bx]
<\??\C:\WINDOWS\system32\drivers\i82440bx.sys><Microsoft Corporation>
[jmoyex3 / jmoyex39]
<\SystemRoot\System32\DRIVERS\jmoyex39.sys><N/A>
[kmsinput / kmsinput]
<\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[KNetWch / KNetWch]
<\??\C:\KAV2007\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3]
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[lanfs / lanfs]
<\??\C:\WINDOWS\system32\drivers\lanfs.sys><Microsoft Corporation>
[ndcia / ndcia]
<\??\C:\WINDOWS\system32\drivers\ndcia.sys><Microsoft Corporation>
[Netgroup Packet Filter / NPF]
<system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt]
<\??\d:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[ofmjnq0 / ofmjnq01]
<\SystemRoot\System32\DRIVERS\ofmjnq01.sys><N/A>
[pmrxyn0 / pmrxyn05]
<\SystemRoot\System32\DRIVERS\pmrxyn05.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[romman / romman]
<\??\C:\WINDOWS\system32\drivers\romman.sys><Microsoft Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[SiS315 / SiS315]
<system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp]
<system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC]
<system32\DRIVERS\sisnic.sys><SiS Corporation>
[SiS PCI Fast Ethernet Adapter Driver for NDIS51 / SISNICXP]
<system32\DRIVERS\sisnicxp.sys><SiS Corporation>
[TCP/IP Protocol Driver / Tcpip]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[uzwnza8 / uzwnza86]
<\SystemRoot\System32\DRIVERS\uzwnza86.sys><Microsoft Corporation>

==================================
浏览器加载项
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <d:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
{09325ac6-3579-437c-8b0d-4e03f37a8dbf} <C:\WINDOWS\system32\437ccfsb.dll, N/A>
[]
{1a4bedef-9bb9-4e87-ae2b-1b294ae19f4f} <C:\WINDOWS\system32\4e87ntos.dll, N/A>
[Info cache]
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\Program Files\BitComet_0.77\tools\BitCometBHO.dll, BitComet>
[CBrowseStakeout Class]
{55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2007\KAVAFish.DLL, Kingsoft Corporation>
[HrefRedirect Class]
{74BC093A-540E-4340-897B-4653A8EB2F47} <C:\WINDOWS\system32\mslink\mslink.dll, >
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <C:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[联想]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[CaiFuCOM Class]
{C1F0024B-8278-4999-B7E6-2718426D9FE6} <C:\Program Files\财富通\fcai.dll, N/A>
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <d:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
{09325AC6-3579-437C-8B0D-4E03F37A8DBF} <C:\WINDOWS\system32\437ccfsb.dll, N/A>
[]
{1A4BEDEF-9BB9-4E87-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\4e87ntos.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\Program Files\BitComet_0.77\tools\BitCometBHO.dll, BitComet>
[CBrowseStakeout Class]
{55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2007\KAVAFish.DLL, Kingsoft Corporation>
[IEExt Class]
{634539A8-7FA8-45E2-8DC3-253AF98548A1} <C:\WINDOWS\system\MFS0FT.DLL, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[HrefRedirect Class]
{74BC093A-540E-4340-897B-4653A8EB2F47} <C:\WINDOWS\system32\mslink\mslink.dll, >
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&V使用Vagaa哇嘎下载]
<D:\Program Files\Vagaa\Data\vg.htm, N/A>
[&使用BitComet下载]
<res://D:\Program Files\BitComet_0.77\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
<res://D:\Program Files\BitComet_0.77\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
<res://D:\Program Files\BitComet_0.77\BitComet.exe/AddVideo.htm, N/A>
[&使用迅雷下载]
<d:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<d:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
<d:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
<d:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[导入当前页到超星阅览器(&A)]
<d:\Program Files\SSREADER36\ss_all.htm, N/A>
[导入选中部分到超星阅览器(&S)]
<d:\Program Files\SSREADER36\ss_select.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[金山毒霸反钓鱼...]
<C:\KAV2007\KAF\ShowSet.htm, N/A>

邀月无缺 - 2007-3-17 19:49:00

正在运行的进程
[PID: 432][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 492][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 516][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\winlib .dll] [N/A, N/A]
[C:\WINDOWS\system32\bdrrdf.dll] [Microsoft Corporation, N/A]
[PID: 560][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 572][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 720][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 852][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 916][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\iesnap\navoct.dll] [ , 1, 0, 1, 1]
[C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[PID: 968][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1068][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1268][C:\KAV2007\KWatch.EXE] [Kingsoft Corporation, 2007, 2, 12, 84]
[C:\KAV2007\KAVIPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30]
[C:\KAV2007\KAEPlat.DLL] [Kingsoft Corp., 2006, 8, 29, 60]
[C:\KAV2007\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16]
[C:\KAV2007\KAEUnpack.DAT] [Kingsoft Corp., 2007, 1, 16, 104]
[C:\KAV2007\KAVQuara.DLL] [Kingsoft Corporation, 2007, 1, 25, 1]
[PID: 1360][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\ZLhp1020.DLL] [Zenographics, Inc., 5, 53, 2714, 0]
[C:\WINDOWS\system32\ZLM.dll] [Zenographics, Inc., 5, 50, 1416, 0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL] [Zenographics, Inc., 5, 54, 330, 0]
[C:\WINDOWS\system32\Imf32.dll] [Zenographics, Inc., 5, 60, 1204, 0]
[C:\WINDOWS\system32\ZTAG32.dll] [Zenographics, Inc., 5, 60, 1210, 0]
[C:\WINDOWS\system32\ZSPOOL.dll] [Zenographics, Inc., 5, 51, 709, 0]
[PID: 1444][C:\WINDOWS\Explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0]
[C:\WINDOWS\system32\trtbc.dll] [, 5, 3, 1, 120]
[C:\WINDOWS\system32\ntd11.dll] [, 1.1.1.134]
[C:\Program Files\yxcq\sydr.nls] [N/A, N/A]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.2.54.0]
[C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6]
[C:\WINDOWS\system32\bdrrdf.dll] [Microsoft Corporation, N/A]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003]
[C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002]
[PID: 1548][C:\WINDOWS\system32\RUNDLL32.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kbnaxp.dll] [Microsoft Corporation, 5.1.1800.2813]
[C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002]
[C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003]
[PID: 1636][C:\KAV2007\KAVStart.exe] [Kingsoft Corporation, 2007, 3, 5, 263]
[C:\KAV2007\KAVIPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30]
[C:\KAV2007\SvcTimer.DLL] [Kingsoft Corporation, 2006.12.22.84]
[C:\KAV2007\PopSprt3.dll] [Kingsoft Corporation, 2007, 1, 16, 45]
[C:\KAV2007\KAVPassp.dll] [Kingsoft Corporation, 2006, 9, 7, 270]
[C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003]
[C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002]
[PID: 1652][C:\Program Files\Common Files\System\Updaterun.exe] [N/A, N/A]
[PID: 1692][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6]
[PID: 1708][C:\KAV2007\KPFW32.EXE] [Kingsoft Corporation, 2007, 2, 2, 687]
[C:\KAV2007\KAVIPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30]
[C:\KAV2007\KAConfig.DLL] [Kingsoft Corporation, 2007, 1, 11, 41]
[C:\KAV2007\FiltList.dll] [N/A, N/A]
[C:\KAV2007\KAVPassp.DLL] [Kingsoft Corporation, 2006, 9, 7, 270]
[C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0]
[C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002]
[C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003]
[PID: 1772][C:\WINDOWS\system32\RunDll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\COMMON~1\WANSO\Player.dll] [ , 1, 0, 0, 1]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6]
[C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002]
[C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003]
[C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[PID: 1848][C:\KAV2007\KMailMon.EXE] [Kingsoft Corporation, 2007, 2, 25, 948]
[C:\KAV2007\KAntiSpm.dll] [Kingsoft Corporation, 2007, 2, 25, 129]
[C:\KAV2007\KAVIPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30]
[C:\KAV2007\KAECall2.DLL] [Kingsoft Corporation, 2004, 12, 28, 7]
[C:\KAV2007\KAEPlat.DLL] [Kingsoft Corp., 2006, 8, 29, 60]
[C:\KAV2007\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16]
[C:\KAV2007\KAEUnpack.DAT] [Kingsoft Corp., 2007, 1, 16, 104]
[C:\KAV2007\KAConfig.DLL] [Kingsoft Corporation, 2007, 1, 11, 41]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002]
[PID: 1980][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

邀月无缺 - 2007-3-17 19:50:00

[C:\PROGRA~1\wvxl\gfkv.dll] [ , 4, 1, 0, 4]
[C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6]
[C:\PROGRA~1\wvxl\lkpa.dll] [ , 1, 0, 0, 6]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[PID: 368][C:\KAV2007\KPfwSvc.EXE] [Kingsoft Corporation, 2007, 2, 2, 31]
[PID: 760][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[PID: 956][C:\WINDOWS\system32\cdsdf.exe] [N/A, N/A]
[C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6]
[PID: 616][C:\WINDOWS\system32\netevent.exe] [N/A, N/A]
[PID: 1112][C:\WINDOWS\system\REM0REG.EXE] [N/A, N/A]
[PID: 1492][C:\WINDOWS\system32\Svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\drivers\restore.dll] [Microsoft Corporation All rights reserved, 1, 0, 0, 1]
[PID: 1520][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6]
[PID: 2060][C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE] [Microsoft Corporation, 5.00.2134.1]
[PID: 2176][C:\WINDOWS\system32\mslogin.exe] [N/A, N/A]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6]
[PID: 2220][C:\WINDOWS\system32\svcmost.exe] [N/A, N/A]
[PID: 2232][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2252][C:\WINDOWS\system32\scvhost.exe] [N/A, N/A]
[PID: 3088][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4076][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1012][D:\Program Files\TotalCmd\TOTALCMD.EXE] [C. Ghisler & Co., 6.53]
[C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002]
[C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003]
[C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0]
[C:\WINDOWS\system32\trtbc.dll] [, 5, 3, 1, 120]
[D:\Program Files\TotalCmd\unRAR.dll] [N/A, N/A]
[PID: 3344][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002]
[C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003]
[C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6]
[PID: 2692][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system\AV1CAP.dll] [mcsoft, 1, 0, 0, 0]
[C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002]
[C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003]
[C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6]
[PID: 252][C:\Program Files\360safe\360Safe.exe] [奇虎网, 3, 2, 0, 1001]
[C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002]
[C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003]
[C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6]
[C:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 3, 2, 0, 1001]
[C:\Program Files\360safe\AntiEng.dll] [360Safe.com, 3, 0, 2, 2000]
[C:\Program Files\360safe\Antispy.dll] [奇虎网, 1, 0, 0, 1002]
[C:\Program Files\360safe\CleanHis.dll] [奇虎网, 3, 0, 2, 1000]
[C:\Program Files\360safe\AntiActi.dll] [360Safe.com, 2, 0, 0, 3000]
[C:\Program Files\360safe\live.dll] [360safe.COM, 1, 0, 0, 1011]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0]
[C:\Program Files\360safe\LeakCheck.dll] [360Safe.com, 2, 0, 0, 3001]
[PID: 6608][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0]
[d:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll] [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
[C:\WINDOWS\system32\xunleibho_v14.dll] [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
[D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.0.2003051500]
[C:\WINDOWS\system32\4e87ntos.dll] [N/A, N/A]
[D:\Program Files\BitComet_0.77\tools\BitCometBHO.dll] [BitComet, 20061116]
[C:\KAV2007\KAVAFish.DLL] [Kingsoft Corporation, 2006, 10, 25, 27]
[C:\WINDOWS\system32\mslink\mslink.dll] [, 1, 0, 0, 1]
[PID: 7712][c:\PROGRA~1\iesnap\navplay.exe] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002]
[C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003]
[C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6]
[PID: 7984][D:\Program Files\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002]
[C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003]
[C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6]
[PID: 6380][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

邀月无缺 - 2007-3-17 19:50:00

[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0]
[d:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll] [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
[C:\WINDOWS\system32\xunleibho_v14.dll] [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
[D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.0.2003051500]
[C:\WINDOWS\system32\4e87ntos.dll] [N/A, N/A]
[C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll] [金泰丰(广州)科技有限公司, 2, 3, 0, 0]
[D:\Program Files\BitComet_0.77\tools\BitCometBHO.dll] [BitComet, 20061116]
[C:\KAV2007\KAVAFish.DLL] [Kingsoft Corporation, 2006, 10, 25, 27]
[C:\WINDOWS\system32\mslink\mslink.dll] [, 1, 0, 0, 1]
[PID: 7348][D:\Program Files\Maxthon\Maxthon.exe] [Maxthon International Ltd., 1, 5, 9, 30]
[D:\Program Files\Maxthon\maxzlib.dll] [ , 1, 0, 0, 2]
[C:\WINDOWS\system32\jmoyex39.dll] [, 1, 1, 1, 1002]
[C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003]
[C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[C:\PROGRA~1\wvxl\jiny.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\wvxl\onsd.dll] [ , 1, 0, 0, 6]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0]
[c:\PROGRA~1\iesnap\navpref.dll] [, 1, 0, 1, 1]
[c:\PROGRA~1\iesnap\navseg.dll] [, 1, 0, 1, 1]
[c:\PROGRA~1\iesnap\navneg.dll] [, 1, 0, 1, 1]
[D:\Program Files\Maxthon\Services\RealTime\real_time.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\winyex39.dll] [, 1, 1, 1, 1004]
[C:\WINDOWS\system32\winnza86.dll] [, 1, 1, 1, 1009]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

邀月无缺 - 2007-3-17 19:51:00

谢谢大家哈

笨蛋12345 - 2007-3-17 20:05:00

关闭以下进程:

关闭RUNDLL32.EXE、spoolsv.exe

用IceSword强制移除于所有进程中的
winlib .dll
bdrrdf.dll
trtbc.dll
ntd11.dll
sydr.nls
jiny.dll
onsd.dll
bdrrdf.dll
uzwnza86.dll
jmoyex39.dll

删除以下启动项:

<mhs2><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhs2.exe> [N/A]

<ms><; C:\Program Files\Microsoft\svhost32.exe> [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe realshed.exe> [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{06A48AD9-FF57-4E73-937B-B493E72F4226}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk> [N/A]
<{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}><> [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<sydr><C:\PROGRA~1\yxcq\sydr.dll> [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg]
<WinlogonNotify: cryptimg><cryptimg.dll> [Microsoft Corporation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{623D33B3-1E70-4705-88E9-649522AF6268}><C:\WINDOWS\system32\wbem\cbzcsvrl.dll> [N/A]

删除以下服务:

[3B71FD46 / 3B71FD46]
<C:\WINDOWS\system32\3B71FD46.EXE -service><N/A>

[Std baft Service / baft]
<C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\wvxl\gfkv.dll,Service -s><Microsoft Corporation>

[C50908D4 / C50908D4]
<C:\WINDOWS\system32\C50908D4.EXE -service><Microsoft Corporation>

[sdhcvs / edfscv]
<C:\WINDOWS\system32\fgdfsdf.exe -service><Microsoft Corporation>

[Net Event / Net Event]
<C:\WINDOWS\system32\netevent.exe><N/A>

[System Administrator / Popular]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\hrwjd.dll><Microsoft Corporation>

[REM0TE REGISTRY / REM0TEREGISTRY]
<C:\WINDOWS\system\REM0REG.EXE><N/A>

[RestoreService / RestoreService]
<C:\WINDOWS\system32\Svchost.exe -k RestoreService-->C:\WINDOWS\system32\drivers\restore.dll><Microsoft Corporation All rights reserved>

[sqlserver support for winnt / sqlservech]
<C:\WINDOWS\System32\svchost.exe -k sqlservech-->c:\windows\system32\sqlservech.dll><Microsoft Corporation>

[NT Data Provider / WalALET]
<C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\VLHPV.DLL,Export 1087><Microsoft Corporation>

[Windows Login / Windows Login]
<C:\WINDOWS\system32\mslogin.exe><N/A>

删除以下驱动:

[acpidisk / acpidisk]
<2 - 系统找不到指定的文件。
><N/A>

[bjdcjhee / bjdcjhee]
<\SystemRoot\system32\drivers\bjdcjhee.sys><N/A>

[fkwld / fkwld]
<system32\drivers\fkwld.sys><Microsoft Corporation>

[hidproc / hidproc]
<\??\C:\WINDOWS\system32\drivers\hidproc.sys><N/A>

[jmoyex3 / jmoyex39]
<\SystemRoot\System32\DRIVERS\jmoyex39.sys><N/A>

[kmsinput / kmsinput]
<\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>

[lanfs / lanfs]
<\??\C:\WINDOWS\system32\drivers\lanfs.sys><Microsoft Corporation>

[ndcia / ndcia]
<\??\C:\WINDOWS\system32\drivers\ndcia.sys><Microsoft Corporation>

[ofmjnq0 / ofmjnq01]
<\SystemRoot\System32\DRIVERS\ofmjnq01.sys><N/A>

[pmrxyn0 / pmrxyn05]
<\SystemRoot\System32\DRIVERS\pmrxyn05.sys><N/A>

[romman / romman]
<\??\C:\WINDOWS\system32\drivers\romman.sys><Microsoft Corporation>

[uzwnza8 / uzwnza86]
<\SystemRoot\System32\DRIVERS\uzwnza86.sys><Microsoft Corporation>

删除以下文件:
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhs2.exe
C:\Program Files\Microsoft\svhost32.exe
C:\WINDOWS\system32\realshed.exe
C:\WINDOWS\realshed.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk
C:\Program Files\yxcq\sydr.dll
C:\WINDOWS\cryptimg.dll
C:\WINDOWS\system32\wbem\cbzcsvrl.dll
C:\WINDOWS\system32\3B71FD46.EXE
C:\Program Files\wvxl\gfkv.dll
C:\WINDOWS\system32\fgdfsdf.exe
C:\WINDOWS\system32\netevent.exe
C:\WINDOWS\system32\C50908D4.EXE
C:\WINDOWS\system32\hrwjd.dll
C:\WINDOWS\system\REM0REG.EXE
c:\windows\system32\sqlservech.dll
C:\WINDOWS\system32\drivers\restore.dll
C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE
C:\WINDOWS\system32\mslogin.exe
C:\WINDOWS\system32\drivers\bjdcjhee.sys
C:\WINDOWS\system32\drivers\fkwld.sys
C:\WINDOWS\system32\drivers\hidproc.sys
C:\WINDOWS\System32\DRIVERS\jmoyex39.sys
C:\WINDOWS\system32\drivers\kmsinput.sys
C:\WINDOWS\system32\drivers\lanfs.sys
C:\WINDOWS\system32\drivers\ndcia.sys
C:\WINDOWS\System32\DRIVERS\ofmjnq01.sys
C:\WINDOWS\System32\DRIVERS\pmrxyn05.sys
C:\WINDOWS\system32\drivers\romman.sys
C:\WINDOWS\System32\DRIVERS\uzwnza86.sys

删除以下IE加载项:

菜鸟玩病毒 - 2007-3-17 20:09:00

看的头晕,一大堆的病毒木马 - -! 进行以下操作
安全模式下
删除注册表项:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<mhs2><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhs2.exe> [N/A]
<ms><; C:\Program Files\Microsoft\svhost32.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<Nice><C:\Program Files\Common Files\Microsoft Shared\MSINFO\LSASS.EXE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{06A48AD9-FF57-4E73-937B-B493E72F4226}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk> [N/A]
<{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<sydr><C:\PROGRA~1\yxcq\sydr.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{623D33B3-1E70-4705-88E9-649522AF6268}><C:\WINDOWS\system32\wbem\cbzcsvrl.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg]
<WinlogonNotify: cryptimg><cryptimg.dll> [Microsoft Corporation]
编辑
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe realshed.exe> [N/A]
shell的键值为Explorer.exe
删除服务:
[3B71FD46 / 3B71FD46]
<C:\WINDOWS\system32\3B71FD46.EXE -service><N/A>
[Std baft Service / baft]
<C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\wvxl\gfkv.dll,Service -s><Microsoft Corporation>
[C50908D4 / C50908D4]
<C:\WINDOWS\system32\C50908D4.EXE -service><Microsoft Corporation>
[Net Event / Net Event]
<C:\WINDOWS\system32\netevent.exe><N/A>
[System Administrator / Popular]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\hrwjd.dll><Microsoft Corporation>
[sqlserver support for winnt / sqlservech]
<C:\WINDOWS\System32\svchost.exe -k sqlservech-->c:\windows\system32\sqlservech.dll><Microsoft Corporation>
[NT Data Provider / WalALET]
<C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\VLHPV.DLL,Export 1087><Microsoft Corporation>
[Windows Login / Windows Login]
<C:\WINDOWS\system32\mslogin.exe><N/A>
[REM0TE REGISTRY / REM0TEREGISTRY]
<C:\WINDOWS\system\REM0REG.EXE><N/A>
[RestoreService / RestoreService]
<C:\WINDOWS\system32\Svchost.exe -k RestoreService-->C:\WINDOWS\system32\drivers\restore.dll><Microsoft Corporation All rights reserved>
[sqlserver support
删除驱动:
[acpidisk / acpidisk]
<2 - 系统找不到指定的文件。
><N/A>
[bjdcjhee / bjdcjhee]
<\SystemRoot\system32\drivers\bjdcjhee.sys><N/A>
[hidproc / hidproc]
<\??\C:\WINDOWS\system32\drivers\hidproc.sys><N/A>
[jmoyex3 / jmoyex39]
<\SystemRoot\System32\DRIVERS\jmoyex39.sys><N/A>
[ofmjnq0 / ofmjnq01]
<\SystemRoot\System32\DRIVERS\ofmjnq01.sys><N/A>
[pmrxyn0 / pmrxyn05]
<\SystemRoot\System32\DRIVERS\pmrxyn05.sys><N/A>
[uzwnza8 / uzwnza86]
<\SystemRoot\System32\DRIVERS\uzwnza86.sys><Microsoft Corporation>
重起机器之后删除相应的文件

邀月无缺 - 2007-3-18 0:28:00

谢谢各位大虾了，问题已经基本上解决了，还想麻烦各位在看下还有什么问题没有
2007-03-02,00:14:56

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<KavPFW><"C:\KAV2007\KPFW32.EXE"> [Kingsoft Corporation]
<STYLEXP><; C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide> [N/A]
<Vagaa><; "D:\Program Files\Vagaa\Vagaa.exe" -tray> [Vagaa Development Team]
<mssys><C:\WINDOWS\inf\mssys.exe> [Microsoft Corporation]
<mshtmll><regsvr32 /s C:\WINDOWS\inf\mshtmll.dll> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SiS Windows KeyHook><; C:\WINDOWS\system32\keyhook.exe> [Silicon Integrated Systems Corporation]
<KavStart><"C:\KAV2007\KAVStart.exe" -startup> [Kingsoft Corporation]
<AGRSMMSG><; AGRSMMSG.exe> [(Verified)Agere Systems]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<iTunesHelper><; "C:\Program Files\iTunes\iTunesHelper.exe"> [Apple Computer, Inc.]
<OrderReminder><; C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe> [Hewlett-Packard]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<QkOnBtn><; C:\Program Files\QBU\QkOnBtn.EXE> [Dritek System Inc.]
<SiSPower><; Rundll32.exe SiSPower.dll,ModeAgent> [Silicon Integrated Systems Corporation]
<SoundMan><; SOUNDMAN.EXE> [(Verified)Realtek Semiconductor Corp.]
<StormCodec_Helper><; "d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [N/A]
<WebThunder><; d:\Program Files\Thunder Network\WebThunder\WebThunder.exe> [深圳市迅雷网络技术有限公司]
<System><C:\Program Files\Common Files\System\Updaterun.exe> [N/A]
<11741394669.exe><C:\WINDOWS\system32\11741394669.exe Auto> [N/A]
<CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe> [CNNIC]
<11741411079.exe><C:\WINDOWS\system32\11741411079.exe Auto> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070314.dll start> [N/A]
<UIHost><LogonUI.EXE> [(Verified)Microsoft Corporation]

==================================
启动文件夹
[QQ游戏启动加速程序]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> D:\PROGRA~1\Tencent\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[ASP.NET State Service / aspnet_state]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Autodesk Licensing Service / Autodesk Licensing Service]
<"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPodService / iPodService]
<C:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[Kingsoft Personal Firewall Service / KPfwSvc]
<"C:\KAV2007\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc]
<C:\KAV2007\KWatch.EXE><Kingsoft Corporation>
[Messenger / Messenger]
<C:\WINDOWS\System32\svchost -k DcomLaunch-->C:\WINDOWS\system32\msgsvc.dll><Microsoft Corporation>
[Navoct / Navoct]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\Program Files\iesnap\navoct.dll>< >
[WindowsNt Workstation / NTWorkStan]
<C:\WINDOWS\System32\svchost.exe -k NTWorkStan-->c:\windows\system32\ntworkstan.dll><Microsoft Corporation>
[sqlserver support for winnt / sqlservech]
<C:\WINDOWS\System32\svchost.exe -k sqlservech-->c:\windows\system32\sqlservech.dll><Microsoft Corporation>
[WindowsNt Network Engine / wnttech]
<C:\WINDOWS\System32\svchost.exe -k wnttech-->c:\windows\system32\wnttech.dll><Microsoft Corporation>

==================================
驱动程序
[acpidisk / acpidisk]
<\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
[adcagdhb / adcagdhb]
<\SystemRoot\system32\drivers\adcagdhb.sys><N/A>
[Agere Systems Soft Modem / AgereSoftModem]
<system32\DRIVERS\AGRSM.sys><Agere Systems>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[bjdcjhee / bjdcjhee]
<\SystemRoot\system32\drivers\bjdcjhee.sys><N/A>
[cdnprot / cdnprot]
<\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[Dritek HotKey Keyboard Filter Driver / DKbFltr]
<System32\Drivers\DKbFltr.sys><Dritek System Inc.>
[fceiwp32 / fceiwp32]
<\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
[fkwld / fkwld]
<system32\drivers\fkwld.sys><Microsoft Corporation>
[GEARAspiWDM / GEARAspiWDM]
<System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[hfdhbchb / hfdhbchb]
<\SystemRoot\system32\drivers\hfdhbchb.sys><中国互联网络信息中心(CNNIC)>
[hfnncv2 / hfnncv24]
<\SystemRoot\System32\DRIVERS\hfnncv24.sys><N/A>
[hidproc / hidproc]
<\??\C:\WINDOWS\system32\drivers\hidproc.sys><N/A>
[i82440bx / i82440bx]
<\??\C:\WINDOWS\system32\drivers\i82440bx.sys><N/A>
[jmoyex3 / jmoyex39]
<\SystemRoot\System32\DRIVERS\jmoyex39.sys><N/A>
[kmsinput / kmsinput]
<\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[KNetWch / KNetWch]
<\??\C:\KAV2007\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3]
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[lanfs / lanfs]
<\??\C:\WINDOWS\system32\drivers\lanfs.sys><N/A>
[ndcia / ndcia]
<\??\C:\WINDOWS\system32\drivers\ndcia.sys><N/A>
[Netgroup Packet Filter / NPF]
<system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt]
<\??\d:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[ofmjnq0 / ofmjnq01]
<\SystemRoot\System32\DRIVERS\ofmjnq01.sys><N/A>
[pmrxyn0 / pmrxyn05]
<\SystemRoot\System32\DRIVERS\pmrxyn05.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[romman / romman]
<\??\C:\WINDOWS\system32\drivers\romman.sys><N/A>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[SiS315 / SiS315]
<system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp]
<system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC]
<system32\DRIVERS\sisnic.sys><SiS Corporation>
[SiS PCI Fast Ethernet Adapter Driver for NDIS51 / SISNICXP]
<system32\DRIVERS\sisnicxp.sys><SiS Corporation>
[TCP/IP Protocol Driver / Tcpip]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[uzwnza8 / uzwnza86]
<\SystemRoot\System32\DRIVERS\uzwnza86.sys><N/A>
[xdewlr13 / xdewlr13]
<\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>

邀月无缺 - 2007-3-18 0:29:00

浏览器加载项
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <d:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
{09325ac6-3579-437c-8b0d-4e03f37a8dbf} <C:\WINDOWS\system32\437ccfsb.dll, N/A>
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, N/A>
[]
{1a4bedef-9bb9-4e87-ae2b-1b294ae19f4f} <C:\WINDOWS\system32\4e87ntos.dll, N/A>
[]
{1D9B3FA1-DF9F-E3C3-B1E8-A458F984B01A} <C:\WINDOWS\inf\mshtmll.dll, N/A>
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\Program Files\BitComet_0.77\tools\BitCometBHO.dll, BitComet>
[CBrowseStakeout Class]
{55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2007\KAVAFish.DLL, Kingsoft Corporation>
[WinMyFavor Class]
{5537AA9F-7FE5-40E1-AEC7-D3B7E01FCA73} <C:\WINDOWS\system32\MyFavor64.dll, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[实用搜索]
{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[HrefRedirect Class]
{74BC093A-540E-4340-897B-4653A8EB2F47} <C:\WINDOWS\system32\mslink\mslink.dll, >
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <C:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[联想]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[CaiFuCOM Class]
{C1F0024B-8278-4999-B7E6-2718426D9FE6} <C:\Program Files\财富通\fcai.dll, N/A>
[实用搜索工具条2.0]
{03465FF5-00AE-411a-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <d:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[实用搜索工具条2.0]
{03465FF5-00AE-411A-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
{09325AC6-3579-437C-8B0D-4E03F37A8DBF} <C:\WINDOWS\system32\437ccfsb.dll, N/A>
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, N/A>
[]
{1A4BEDEF-9BB9-4E87-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\4e87ntos.dll, N/A>
[]
{1D9B3FA1-DF9F-E3C3-B1E8-A458F984B01A} <C:\WINDOWS\inf\mshtmll.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\Program Files\BitComet_0.77\tools\BitCometBHO.dll, BitComet>
[CBrowseStakeout Class]
{55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2007\KAVAFish.DLL, Kingsoft Corporation>
[WinMyFavor Class]
{5537AA9F-7FE5-40E1-AEC7-D3B7E01FCA73} <C:\WINDOWS\system32\MyFavor64.dll, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[IEExt Class]
{634539A8-7FA8-45E2-8DC3-253AF98548A1} <C:\WINDOWS\system\MFS0FT.DLL, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[实用搜索]
{6CFD436C-7AAD-4E50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[HrefRedirect Class]
{74BC093A-540E-4340-897B-4653A8EB2F47} <C:\WINDOWS\system32\mslink\mslink.dll, >
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&V使用Vagaa哇嘎下载]
<D:\Program Files\Vagaa\Data\vg.htm, N/A>
[&使用BitComet下载]
<res://D:\Program Files\BitComet_0.77\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
<res://D:\Program Files\BitComet_0.77\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
<res://D:\Program Files\BitComet_0.77\BitComet.exe/AddVideo.htm, N/A>
[&使用迅雷下载]
<d:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<d:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
<d:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
<d:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[导入当前页到超星阅览器(&A)]
<d:\Program Files\SSREADER36\ss_all.htm, N/A>
[导入选中部分到超星阅览器(&S)]
<d:\Program Files\SSREADER36\ss_select.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[访问通用网址]
<C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>
[金山毒霸反钓鱼...]
<C:\KAV2007\KAF\ShowSet.htm, N/A>

邀月无缺 - 2007-3-18 0:31:00

正在运行的进程
[PID: 428][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 488][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 512][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\winlib .dll] [N/A, N/A]
[PID: 556][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 568][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 796][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 860][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\iesnap\navoct.dll] [ , 1, 0, 1, 1]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[PID: 904][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 972][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1164][C:\KAV2007\KWatch.EXE] [Kingsoft Corporation, 2007, 2, 12, 84]
[C:\KAV2007\KAVIPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30]
[C:\KAV2007\KAEPlat.DLL] [Kingsoft Corp., 2006, 8, 29, 60]
[C:\KAV2007\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16]
[C:\KAV2007\KAEUnpack.DAT] [Kingsoft Corp., 2007, 1, 16, 104]
[C:\KAV2007\KAVQuara.DLL] [Kingsoft Corporation, 2007, 1, 25, 1]
[PID: 1240][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\ZLhp1020.DLL] [Zenographics, Inc., 5, 53, 2714, 0]
[C:\WINDOWS\system32\ZLM.dll] [Zenographics, Inc., 5, 50, 1416, 0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL] [Zenographics, Inc., 5, 54, 330, 0]
[C:\WINDOWS\system32\Imf32.dll] [Zenographics, Inc., 5, 60, 1204, 0]
[C:\WINDOWS\system32\ZTAG32.dll] [Zenographics, Inc., 5, 60, 1210, 0]
[C:\WINDOWS\system32\ZSPOOL.dll] [Zenographics, Inc., 5, 51, 709, 0]
[PID: 1468][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 3]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.2.54.0]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\ykioux32.dll] [, 1, 1, 1, 1002]
[C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003]
[PID: 1528][C:\program files\internet explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 3]
[C:\Program Files\CNNIC\Cdn\cdnuplib.dll] [CNNIC, 2, 5, 0, 5]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0]
[C:\Program Files\superutilbar\superutilbar.dll] [www.shiyongsousuo.com, 2, 1, 8, 24]
[d:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll] [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
[C:\WINDOWS\system32\xunleibho_v14.dll] [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
[D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.0.2003051500]
[C:\Program Files\Common Files\CPUSH\cpush0.dll] [N/A, 1.0.2.5]
[C:\WINDOWS\system32\4e87ntos.dll] [N/A, N/A]
[C:\WINDOWS\inf\mshtmll.dll] [N/A, N/A]
[D:\Program Files\BitComet_0.77\tools\BitCometBHO.dll] [BitComet, 20061116]
[C:\KAV2007\KAVAFish.DLL] [Kingsoft Corporation, 2006, 10, 25, 27]
[C:\WINDOWS\system32\MyFavor64.dll] [N/A, N/A]
[C:\WINDOWS\system32\mslink\mslink.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003]
[C:\WINDOWS\system32\ykioux32.dll] [, 1, 1, 1, 1002]
[c:\PROGRA~1\iesnap\navpref.dll] [, 1, 0, 1, 1]
[c:\PROGRA~1\iesnap\navseg.dll] [, 1, 0, 1, 1]
[c:\PROGRA~1\iesnap\navneg.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[PID: 1584][C:\KAV2007\KAVStart.exe] [Kingsoft Corporation, 2007, 3, 5, 263]
[C:\KAV2007\KAVIPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30]
[C:\KAV2007\SvcTimer.DLL] [Kingsoft Corporation, 2006.12.22.84]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 3]
[C:\KAV2007\PopSprt3.dll] [Kingsoft Corporation, 2007, 1, 16, 45]
[C:\KAV2007\KAVPassp.dll] [Kingsoft Corporation, 2006, 9, 7, 270]
[C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003]
[C:\WINDOWS\system32\ykioux32.dll] [, 1, 1, 1, 1002]
[PID: 1592][C:\Program Files\Common Files\System\Updaterun.exe] [N/A, N/A]
[PID: 1600][C:\Program Files\CNNIC\Cdn\cdnup.exe] [CNNIC, 2, 5, 0, 6]
[C:\Program Files\CNNIC\Cdn\cdnuplib.dll] [CNNIC, 2, 5, 0, 5]
[C:\Program Files\CNNIC\Cdn\cdnprh.dll] [CNNIC, 2, 4, 0, 3]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 3]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[PID: 1624][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[PID: 1636][C:\KAV2007\KPFW32.EXE] [Kingsoft Corporation, 2007, 2, 2, 687]
[C:\KAV2007\KAVIPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30]
[C:\KAV2007\KAConfig.DLL] [Kingsoft Corporation, 2007, 1, 11, 41]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 3]
[C:\KAV2007\FiltList.dll] [N/A, N/A]
[C:\KAV2007\KAVPassp.DLL] [Kingsoft Corporation, 2006, 9, 7, 270]
[C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003]
[C:\WINDOWS\system32\ykioux32.dll] [, 1, 1, 1, 1002]
[PID: 1832][C:\KAV2007\KMailMon.EXE] [Kingsoft Corporation, 2007, 2, 25, 948]
[C:\KAV2007\KAntiSpm.dll] [Kingsoft Corporation, 2007, 2, 25, 129]
[C:\KAV2007\KAVIPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30]
[C:\KAV2007\KAECall2.DLL] [Kingsoft Corporation, 2004, 12, 28, 7]
[C:\KAV2007\KAEPlat.DLL] [Kingsoft Corp., 2006, 8, 29, 60]
[C:\KAV2007\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16]
[C:\KAV2007\KAEUnpack.DAT] [Kingsoft Corp., 2007, 1, 16, 104]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 3]
[C:\KAV2007\KAConfig.DLL] [Kingsoft Corporation, 2007, 1, 11, 41]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[PID: 1868][C:\KAV2007\KPfwSvc.EXE] [Kingsoft Corporation, 2007, 2, 2, 31]
[PID: 1908][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[PID: 188][C:\WINDOWS\inf\mssys.exe] [Microsoft Corporation, 5.1.2600.2180]
[PID: 208][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[PID: 392][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

邀月无缺 - 2007-3-18 0:32:00

[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[PID: 120][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2200][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2668][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2764][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2776][c:\PROGRA~1\iesnap\navplay.exe] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003]
[C:\WINDOWS\system32\ykioux32.dll] [, 1, 1, 1, 1002]
[C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 3]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[PID: 3036][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 3360][D:\Program Files\Maxthon\Maxthon.exe] [Maxthon International Ltd., 1, 5, 9, 30]
[D:\Program Files\Maxthon\maxzlib.dll] [ , 1, 0, 0, 2]
[C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003]
[C:\WINDOWS\system32\ykioux32.dll] [, 1, 1, 1, 1002]
[C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 3]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0]
[c:\PROGRA~1\iesnap\navpref.dll] [, 1, 0, 1, 1]
[c:\PROGRA~1\iesnap\navseg.dll] [, 1, 0, 1, 1]
[c:\PROGRA~1\iesnap\navneg.dll] [, 1, 0, 1, 1]
[D:\Program Files\Maxthon\Services\RealTime\real_time.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091]
[PID: 2868][D:\Program Files\TotalCmd\TOTALCMD.EXE] [C. Ghisler & Co., 6.53]
[C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003]
[C:\WINDOWS\system32\ykioux32.dll] [, 1, 1, 1, 1002]
[C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 3]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0]
[PID: 3104][D:\Program Files\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\WINDOWS\system32\uzwnza86.dll] [, 1, 1, 1, 1003]
[C:\WINDOWS\system32\ykioux32.dll] [, 1, 1, 1, 1002]
[C:\KAV2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 3]
[C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2006, 12, 21, 241]
[c:\PROGRA~1\iesnap\navstub.dll] [, 1, 0, 1, 1]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP Error. [winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

笨蛋12345 - 2007-3-18 15:04:00

关闭以下进程:
iexplore.exe
KAVStart.exe
KMailMon.EXE
cdnup.exe
KPFW32.EXE
mssys.exe

使用IceSword强制移除存在于svchost.exe进程中的:
c:\windows\system32\ntworkstan.dll
c:\windows\system32\sqlservech.dll
c:\windows\system32\wnttech.dll

使用IceSword强制移除存在于Explorer.EXE进程中的:
C:\Program Files\CNNIC\Cdn\cdnforie.dll
C:\WINDOWS\system32\ykioux32.dll
C:\WINDOWS\system32\uzwnza86.dll

使用IceSword强制移除存在于winlogon.exe进程中的:
C:\WINDOWS\system32\winlib .dll
c:\windows\system32\sqlservech.dll
c:\windows\system32\wnttech.dll

删除以下启动项目:

<mssys><C:\WINDOWS\inf\mssys.exe> [Microsoft Corporation]

<mshtmll><regsvr32 /s C:\WINDOWS\inf\mshtmll.dll> [N/A]

<System><C:\Program Files\Common Files\System\Updaterun.exe> [N/A]

<11741394669.exe><C:\WINDOWS\system32\11741394669.exe Auto> [N/A]

<CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe> [CNNIC]

<11741411079.exe><C:\WINDOWS\system32\11741411079.exe Auto> [N/A]

修改启动项中的内容:

<Userinit>将其内容改为:C:\WINDOWS\system32\userinit.exe,

删除以下服务:

[WindowsNt Workstation / NTWorkStan]
<C:\WINDOWS\System32\svchost.exe -k NTWorkStan-->c:\windows\system32\ntworkstan.dll><Microsoft Corporation>

[sqlserver support for winnt / sqlservech]
<C:\WINDOWS\System32\svchost.exe -k sqlservech-->c:\windows\system32\sqlservech.dll><Microsoft Corporation>

[WindowsNt Network Engine / wnttech]
<C:\WINDOWS\System32\svchost.exe -k wnttech-->c:\windows\system32\wnttech.dll><Microsoft Corporation>

删除以下驱动:

[acpidisk / acpidisk]
<\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>

[adcagdhb / adcagdhb]
<\SystemRoot\system32\drivers\adcagdhb.sys><N/A>

[bjdcjhee / bjdcjhee]
<\SystemRoot\system32\drivers\bjdcjhee.sys><N/A>

[cdnprot / cdnprot]
<\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>

[fceiwp32 / fceiwp32]
<\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>

[fkwld / fkwld]
<system32\drivers\fkwld.sys><Microsoft Corporation>

[hfdhbchb / hfdhbchb]
<\SystemRoot\system32\drivers\hfdhbchb.sys><中国互联网络信息中心(CNNIC)>

[hfnncv2 / hfnncv24]
<\SystemRoot\System32\DRIVERS\hfnncv24.sys><N/A>

[hidproc / hidproc]
<\??\C:\WINDOWS\system32\drivers\hidproc.sys><N/A>

[i82440bx / i82440bx]
<\??\C:\WINDOWS\system32\drivers\i82440bx.sys><N/A>

[jmoyex3 / jmoyex39]
<\SystemRoot\System32\DRIVERS\jmoyex39.sys><N/A>

[kmsinput / kmsinput]
<\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>

[lanfs / lanfs]
<\??\C:\WINDOWS\system32\drivers\lanfs.sys><N/A>

[ndcia / ndcia]
<\??\C:\WINDOWS\system32\drivers\ndcia.sys><N/A>

[ofmjnq0 / ofmjnq01]
<\SystemRoot\System32\DRIVERS\ofmjnq01.sys><N/A>

[pmrxyn0 / pmrxyn05]
<\SystemRoot\System32\DRIVERS\pmrxyn05.sys><N/A>

[uzwnza8 / uzwnza86]
<\SystemRoot\System32\DRIVERS\uzwnza86.sys><N/A>

[xdewlr13 / xdewlr13]
<\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>

删除以下文件：

C:\WINDOWS\inf\mssys.exe
C:\Program Files\Common Files\System\Updaterun.exe
C:\WINDOWS\system32\11741394669.exe

使用IceSword强制删除:
C:\WINDOWS\inf\mshtmll.dll
C:\WINDOWS\system32\ntworkstan.dll
C:\WINDOWS\system32\sqlservech.dll
C:\WINDOWS\system32\wnttech.dll
C:\WINDOWS\system32\drivers\acpidisk.sys
C:\WINDOWS\system32\drivers\adcagdhb.sys
C:\WINDOWS\system32\drivers\bjdcjhee.sys
C:\WINDOWS\system32\drivers\cdnprot.sys
C:\WINDOWS\system32\drivers\system32\drivers\%s.sys.sys
C:\WINDOWS\system32\drivers\%s.sys.sys
C:\WINDOWS\system32\drivers\s.sys
C:\WINDOWS\system32\drivers\fkwld.sys
C:\WINDOWS\system32\drivers\hfdhbchb.sys
C:\WINDOWS\System32\DRIVERS\hfnncv24.sys
C:\WINDOWS\system32\drivers\hidproc.sys
C:\WINDOWS\system32\drivers\i82440bx.sys
C:\WINDOWS\System32\DRIVERS\jmoyex39.sys
C:\WINDOWS\system32\drivers\kmsinput.sys
C:\WINDOWS\system32\drivers\lanfs.sys
C:\WINDOWS\system32\drivers\ndcia.sys
C:\WINDOWS\System32\DRIVERS\ofmjnq01.sys
C:\WINDOWS\System32\DRIVERS\pmrxyn05.sys
C:\WINDOWS\System32\DRIVERS\uzwnza86.sys

删除IE加载项(若使用360安全卫士,可跳过):

{1a4bedef-9bb9-4e87-ae2b-1b294ae19f4f} <C:\WINDOWS\system32\4e87ntos.dll, N/A>

[WinMyFavor Class]
{5537AA9F-7FE5-40E1-AEC7-D3B7E01FCA73} <C:\WINDOWS\system32\MyFavor64.dll, N/A>

[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>

[实用搜索]
{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>

[HrefRedirect Class]
{74BC093A-540E-4340-897B-4653A8EB2F47} <C:\WINDOWS\system32\mslink\mslink.dll, >

[CaiFuCOM Class]
{C1F0024B-8278-4999-B7E6-2718426D9FE6} <C:\Program Files\财富通\fcai.dll, N/A>

[实用搜索工具条2.0]
{03465FF5-00AE-411a-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>

[实用搜索工具条2.0]
{03465FF5-00AE-411A-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>

[实用搜索]
{6CFD436C-7AAD-4E50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>

[访问通用网址]
<C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

重新启动后再次检查上述项目

瑞星卡卡安全论坛