瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】BW.dll,已经把我的筋疲力尽了~大家救我吧

1   1  /  1  页   跳转

【求助】BW.dll,已经把我的筋疲力尽了~大家救我吧

收藏
472715
头像
初生襁褓狮
  • 帖子:21
  • 注册: 2006-12-31
  • 来自:
发表于: 2006-12-31 18:09 | 只看楼主 短消息 资料
字号: 1楼

【求助】BW.dll,已经把我的筋疲力尽了~大家救我吧

直接上图



就是这个BW.DLL木马病毒,卡巴也删除不了~说是启动是删除,可是还是不行。安全模式下扫描根本就没有病毒。。。。。。。。






用ICESWORD强行删除,确实是删除了~可是卡巴却说文件无法找到,不能删除~晕~而且EXPLORER.EXE/BW.DLL是怎么回事啊?后来用了尔木马强删工具勾选防止再次生成,也无效,启动以后照样有~



启动项正常:
==========================================================================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
==========================================================================
Kaspersky Anti-Virus GUI Part----------D:\应用软件\kabasiji\Kaspersky Anti-Virus Personal\kav.exe

WinPatrol 系统监控器----------C:\Program Files\WinPatrol\Winpatrol.EXE


==========================================================================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce
==========================================================================

==========================================================================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
==========================================================================

==========================================================================
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
==========================================================================
ctfmon.exe----------C:\WINDOWS\System32\ctfmon.exe


==========================================================================
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce
==========================================================================

==========================================================================
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
==========================================================================

==========================================================================
常用注册表关联项目
==========================================================================
EXE文件关联----------正常
COM文件关联----------正常
BAT文件关联----------正常
PIF文件关联----------正常
SCR文件关联----------正常
REG文件关联----------正常
TXT文件关联----------正常

==========================================================================
启动组
==========================================================================
[C:\Documents and Settings\ZC\「开始」菜单\程序\启动]

[C:\Documents and Settings\All Users\「开始」菜单\程序\启动]

==========================================================================
WIN.INI
==========================================================================
load =
run =

==========================================================================
SYSTEM.INI
==========================================================================
shell = explorer.exe


================================文档结束==================================
用HIJACK扫描结果如下:

HijackThis(zww3008汉化版)V1.99.1
保存于      14:41:17, 日期 2006-12-31
操作系统:  Windows XP  (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 (6.00.2600.0000)

当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinPatrol\Winpatrol.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
D:\应用软件\HijackThis1991.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: AntiFish Class - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O2 - BHO: 3721中文邮 - {6231D512-E4A4-4DF2-BE62-5B8F0EE348EF} - (no file)
O3 - IE工具栏增项: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O4 - 启动项HKLM\\Run: [Kaspersky Anti-Virus GUI Part] D:\应用软件\kabasiji\Kaspersky Anti-Virus Personal\kav.exe
O4 - 启动项HKLM\\Run: [WinPatrol 系统监控器] C:\Program Files\WinPatrol\Winpatrol.EXE
O4 - 启动项HKCU\\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\应用软件\未安装\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\应用软件\未安装\Thunder\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - 浏览器额外的按钮: 3721中文邮 - {5D73EE86-05F1-49ed-B850-E423120EC329} - http://cmail.3721.com?fb=client (file missing)
O9 - 浏览器额外的按钮: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: 百万图库 - {6713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/p (file missing) (HKCU)
O9 - 浏览器额外的按钮: 铃声图片下载 - {7713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/sms/index.htm (file missing) (HKCU)
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} (photo_uploader Control) - http://upload.photo.163.com/photoup.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FD41409-3265-4B45-BC98-0A0F0ACBF86A}: NameServer = 202.101.172.46 202.101.172.47
O18 - 列举现有的协议: dynascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - 列举现有的协议: mbox - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\System32\mbprot.dll
O23 - NT 服务: kavsvc - Kaspersky Lab - D:\应用软件\kabasiji\Kaspersky Anti-Virus Personal\kavsvc.exe

大家帮忙看看呀!!!!!!
最后编辑2007-01-01 13:58:59
分享到:
gototop
 
还是不懂啊
头像
初生襁褓狮
  • 帖子:54
  • 注册: 2006-12-24
  • 来自:
发表于: 2006-12-31 18:15 | 短消息 资料
字号: 2楼

先下个SRENG日志工具
卸了Yahoo,3721等流氓
重启后扫个SRENG日志发上来(为了少开程序)

地址: http://www.kztechs.com/sreng
gototop
 
还是不懂啊
头像
初生襁褓狮
  • 帖子:54
  • 注册: 2006-12-24
  • 来自:
发表于: 2006-12-31 18:16 | 短消息 资料
字号: 3楼

先下个SRENG日志工具
卸了Yahoo,3721等流氓
重启后扫个SRENG日志发上来(为了少开程序)

地址: http://www.kztechs.com/sreng
gototop
 
472715
头像
初生襁褓狮
  • 帖子:21
  • 注册: 2006-12-31
  • 来自:
发表于: 2006-12-31 19:21 | 只看楼主 短消息 资料
字号: 4楼



[复制到剪贴板]
CODE:


2006-12-31,18:35:14

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional  (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Kaspersky Anti-Virus GUI Part><; D:\应用软件\kabasiji\Kaspersky Anti-Virus Personal\kav.exe>  [Kaspersky Lab]
    <WinPatrol 系统监控器><; C:\Program Files\WinPatrol\Winpatrol.EXE>  [BillP 工作室]
    <Kavrun><; >  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <IceSword><C:\WINDOWS\System32\ipocnfig.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\System32\userinit.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Disabled]
  <C:\WINDOWS\System32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Disabled]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService][Stopped/Manual Start]
  <C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[Jaguar / Jaguar][Stopped/Auto Start]
  <><N/A>
[kavsvc / kavsvc][Running/Manual Start]
  <"D:\应用软件\kabasiji\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>

==================================
驱动程序
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[atitray / atitray][Running/System Start]
  <\??\D:\ati\atitray.sys><N/A>
[basic2 / basic2][Stopped/Manual Start]
  <System32\DRIVERS\HSF_BSC2.sys><Conexant>
[CnsMinKP / CnsMinKP][Running/Boot Start]
  <\SystemRoot\System32\drivers\CnsMinKP.sys><Copyright (C) 3721 Corporation.>
[dtscsi / dtscsi][Running/Manual Start]
  <\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Running/Manual Start]
  <system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[Fallback / Fallback][Running/Auto Start]
  <System32\DRIVERS\HSF_FALL.sys><Conexant>
[FindHideProc / FindHideProc][Stopped/Manual Start]
  <\??\D:\应用软件\Processjudger1.701p\FindHideProc.sys><N/A>
[Fsks / Fsks][Running/Auto Start]
  <System32\DRIVERS\HSF_FSKS.sys><Conexant>
[hsf_msft / hsf_msft][Stopped/Manual Start]
  <System32\DRIVERS\HSF_MSFT.sys><Conexant>
[IsDrv120 / IsDrv120][Running/Boot Start]
  <2 - 系统找不到指定的文件。
><N/A>
[K56 / K56][Running/Auto Start]
  <System32\DRIVERS\HSF_K56K.sys><Conexant>
[Kl1 / Kl1][Running/Boot Start]
  <\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
[Klif / Klif][Running/System Start]
  <System32\drivers\klif.sys><Kaspersky Labs>
[Klmc / Klmc][Running/System Start]
  <System32\drivers\klmc.sys><Kaspersky Lab>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\drivers\kmsinput.sys><N/A>
[KWatch3 / KWatch3][Running/System Start]
  <\??\C:\WINDOWS\System32\drivers\KWatch3.SYS><Kingsoft Corporation>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <System32\DRIVERS\npf.sys><NetGroup - Politecnico di Torino>
[pacdcacm / pacdcacm][Stopped/Manual Start]
  <System32\DRIVERS\pacdcacm.sys><Panasonic>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[Rksample / Rksample][Stopped/Manual Start]
  <System32\DRIVERS\HSF_SAMP.sys><Conexant>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[SiS315 / SiS315][Stopped/Manual Start]
  <System32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[Service for AC'97 Sample Driver (WDM) / SiS7012][Stopped/Manual Start]
  <system32\drivers\sis7012.sys><Silicon Integrated Systems Corporation>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp][Running/System Start]
  <system32\drivers\srvkp.sys><N/A>
[SoftFax / SoftFax][Running/Auto Start]
  <System32\DRIVERS\HSF_FAXX.sys><Conexant>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[Tones / Tones][Running/Auto Start]
  <System32\DRIVERS\HSF_TONE.sys><Conexant>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Labs>
[USB to Serial Bridge Controller / usb2vcom][Stopped/Manual Start]
  <System32\DRIVERS\usb2vcom.sys><Ark Pioneer Microelectronics Ltd.>
[V124 / V124][Running/Auto Start]
  <System32\DRIVERS\HSF_V124.sys><Conexant>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\C:\WINDOWS\Downloaded Program Files\winio.sys><N/A>
[Logitech WingMan Digital Devices Driver / WmAdiHid][Stopped/Manual Start]
  <system32\drivers\WmAdiHid.sys><Logitech Inc.>
[Logitech Virtual Bus Enumerator Driver / WmBEnum][Running/Manual Start]
  <system32\drivers\WmBEnum.sys><Logitech Inc.>
[Logitech WingMan HID Filter Driver / WmFilter][Stopped/Manual Start]
  <system32\drivers\WmFilter.sys><Logitech Inc.>
[Logitech Virtual Hid Device Driver / WmVirHid][Stopped/Manual Start]
  <system32\drivers\WmVirHid.sys><Logitech Inc.>
[Logitech WingMan Translation Layer Driver / WmXlCore][Running/Manual Start]
  <system32\drivers\WmXlCore.sys><Logitech Inc.>
[XPROTECTOR / XPROTECTOR][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\Oreans.sys><N/A>

==================================
浏览器加载项
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll, Yahoo.>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Yahoo 1G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.mail.yahoo.com/promo/rd1, N/A>
[上网助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://assistant.3721.com/index.htm?fb=Cns, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://assistant.3721.com/security1.htm?fb=Cns, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://assistant.3721.com/clean1.htm?fb=Cns, N/A>
[百万图库]
  {6713E8D2-850A-101B-AFC0-4210102A8DA7} <http://www.26-3.com/p, N/A>
[铃声图片下载]
  {7713E8D2-850A-101B-AFC0-4210102A8DA7} <http://www.26-3.com/sms/index.htm, N/A>
[&Radio]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, N/A>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[photo_uploader Control]
  {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} <C:\WINDOWS\DOWNLO~1\PHOTO_~1.OCX, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <D:\应用软件\未安装\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\应用软件\未安装\Thunder\Program\GetAllUrl.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\qq\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 540][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 596][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 624][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\httppai.dll]  [N/A, N/A]
[PID: 672][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 684][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 844][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 896][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 948][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 960][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1380][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\bdscheca100.dll]  [N/A, N/A]
[PID: 1448][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\httppai.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\config\Bw.DLL]  [N/A, N/A]
    [D:\adobe reader\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\system32\bdscheca100.dll]  [N/A, N/A]
[PID: 1632][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1712][D:\sreng2_PConline\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\WINDOWS\system32\bdscheca100.dll]  [N/A, N/A]
    [D:\sreng2_PConline\Plugins\SRECXTMG.SRE]  [Smallfrogs Studio, 1, 5, 0, 55]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
警告!System Repair Engineer 提醒
你下面的函数内容与预期值不符,他
们可能被一些恶意的软件所修改:
RVA  错误: LoadLibraryA
RVA  错误: LoadLibraryExA
RVA  错误: LoadLibraryExW
RVA  错误: LoadLibraryW

==================================





好了~
又来了这么个问题,不知道什么意思~

附件附件:

下载次数:397
文件类型:image/pjpeg
文件大小:
上传时间:2006-12-31 19:21:59
描述:
gototop
 
高歌猛进
头像
初生襁褓狮
  • 帖子:2377
  • 注册: 2006-10-09
  • 来自:
发表于: 2006-12-31 19:52 | 短消息 资料
字号: 5楼

置顶下载Killbox,删除:
C:\WINDOWS\System32\config\Bw.DLL
C:\WINDOWS\system32\bdscheca100.dll
C:\WINDOWS\System32\DRIVERS\npf.sys

运行regedit,查找删除下列值:
[Jaguar / Jaguar][Stopped/Auto Start]
<><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<System32\DRIVERS\npf.sys><NetGroup - Politecnico di Torino>
gototop
 
472715
头像
初生襁褓狮
  • 帖子:21
  • 注册: 2006-12-31
  • 来自:
发表于: 2006-12-31 21:56 | 只看楼主 短消息 资料
字号: 6楼

照您说的做了~那个BW.DLL重新启动以后还是会出现~还是杀不掉!
gototop
 
472715
头像
初生襁褓狮
  • 帖子:21
  • 注册: 2006-12-31
  • 来自:
发表于: 2007-01-01 00:41 | 只看楼主 短消息 资料
字号: 7楼

我自己顶~要崩溃了~
gototop
 
472715
头像
初生襁褓狮
  • 帖子:21
  • 注册: 2006-12-31
  • 来自:
发表于: 2007-01-01 13:50 | 只看楼主 短消息 资料
字号: 8楼

我再顶!!!!!!!!!!!!!我没有系统驱动盘~不能重装啊!
gototop
 
不言放弃
头像
社区嘉宾
  • 帖子:30678
  • 注册: 2004-09-17
  • 来自:蓝色星球
发表于: 2007-01-01 14:07 | 短消息 资料
字号: 9楼

【回复“472715”的帖子】
修复如下自启动项
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<IceSword><C:\WINDOWS\System32\ipocnfig.exe> [N/A]

==========

修复如下服务项
[Jaguar / Jaguar][Stopped/Auto Start]
<><N/A>

===========

修复如下驱动项
[WINIO / WINIO][Stopped/Manual Start]
<\??\C:\WINDOWS\Downloaded Program Files\winio.sys><N/A>

[XPROTECTOR / XPROTECTOR][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\Oreans.sys><N/A>

[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<System32\DRIVERS\npf.sys><NetGroup - Politecnico di Torino>

============

开始--运行
输入regedit
确定
进入注册表
依次展开
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00X\Services](X代表1,2,3,4....)
找到后删除如下文件夹:
Jaguar
WINIO
XPROTECTOR
NPF

依次展开
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00X\Enum\Root\](X代表1,2,3,4....)
删除如下文件夹:
LEGACY_Jaguar
LEGACY_WINIO
LEGACY_XPROTECTOR
LEGACY_NPF

提示:
若上述文件夹在注册表中无法删除
请修改上述文件夹的权限为“完全控制”
然后再删除试试

==========

删除
C:\WINDOWS\System32\ipocnfig.exe
C:\WINDOWS\Downloaded Program Files\winio.sys
C:\WINDOWS\system32\drivers\Oreans.sys
C:\WINDOWS\System32\DRIVERS\npf.sys

用KILLBOX的“重启后删除”功能删除如下文件
C:\WINDOWS\system32\bdscheca100.dll
C:\WINDOWS\System32\httppai.dll
C:\WINDOWS\System32\config\Bw.DLL
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT