瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 IE被www.mzcnc.com 和www.yaya999.com劫持,帮忙看看我的日志!

1   1  /  1  页   跳转

IE被www.mzcnc.com 和www.yaya999.com劫持,帮忙看看我的日志!

收藏
iwoofer
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2006-11-16
  • 来自:
发表于: 2006-11-16 20:19 | 只看楼主 短消息 资料
字号: 1楼

IE被www.mzcnc.com 和www.yaya999.com劫持,帮忙看看我的日志!

Logfile of Kaka v2. 0. 2. 0 Scan Module v1. 0. 0. 35
Scan saved at 20:06:34, on 2006-11-16
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.google.com/ie
O1 - Hosts: 127.0.0.1      localhost
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKCU\..\Run: [KavPFW] "D:\KAV2007\KPFW32.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [KavStart] "D:\KAV2007\KAVStart.exe" -startup
O4 - Startup: desktop.ini =
O4 - Global Startup: desktop.ini =
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 金山毒霸反钓鱼... - D:\KAV2007\KAF\ShowSet.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O17 - HKLM\System\CCS\Services\Tcpip\..\{E524016A-F31D-4BA2-A8C7-C6AC1D1E8238}: NameServer = 202.103.96.112
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - "D:\KAV2007\KPfwSvc.EXE"
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - D:\KAV2007\KWatch.EXE
最后编辑2006-11-18 12:18:13.640000000
分享到:
gototop
 
红夜鬼1
头像
横据古稀狮
  • 帖子:8602
  • 注册: 2006-10-18
  • 来自:
发表于: 2006-11-17 09:45 | 短消息 资料
字号: 2楼

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.google.com/ie
修复一下
请下载SREng2(最新版) ,使用“智能扫描”,按下“扫描”按钮进行扫描,
扫描完成后按下“保存报告”按钮保存报告日志文件(SREng.LOG),把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完,分次粘完,请不要修改。

下载地址
http://www.kztechs.com/sreng/sreng2.zip
gototop
 
iwoofer
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2006-11-16
  • 来自:
发表于: 2006-11-18 11:41 | 只看楼主 短消息 资料
字号: 3楼

2006-11-18,10:11:19

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <KavPFW><"D:\KAV2007\KPFW32.EXE">  [Kingsoft Corporation]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <KavStart><"D:\KAV2007\KAVStart.exe" -startup>  [Kingsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\Userinit.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ImpsSensor]
    <WinlogonNotify: ImpsSensor><ImpsSensor.dll>  [China Mobile]

==================================
启动文件夹
N/A

==================================
服务
[3F1C1859 / 3F1C1859]
  <C:\WINDOWS\system32\3F1C1859.EXE -service><Microsoft Corporation>
[EA674D70 / EA674D70]
  <C:\WINDOWS\system32\EA674D70.EXE -service><Microsoft Corporation>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Personal Firewall Service / KPfwSvc]
  <"D:\KAV2007\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc]
  <D:\KAV2007\KWatch.EXE><Kingsoft Corporation>

==================================
驱动程序
[C-Media PCI Audio Driver (WDM) / cmpci]
  <system32\drivers\cmaudio.sys><C-Media Inc>
[C-Media PCI Audio Interface / cmuda3]
  <system32\drivers\cmuda3.sys><N/A>
[KNetWch / KNetWch]
  <\??\D:\KAV2007\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3]
  <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[npkcrypt / npkcrypt]
  <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[RsAntiSpyware / RsAntiSpyware]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>

==================================
浏览器加载项
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <, N/A>
[CBrowseStakeout Class]
  {55302805-482E-470E-8A57-6795A1487F90} <D:\KAV2007\KAVAFish.DLL, Kingsoft Corporation>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <, N/A>
[卡卡上网安全助手]
  {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[金山毒霸反钓鱼...]
  <D:\KAV2007\KAF\ShowSet.htm, N/A>

==================================
gototop
 
iwoofer
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2006-11-16
  • 来自:
发表于: 2006-11-18 11:42 | 只看楼主 短消息 资料
字号: 4楼

正在运行的进程
[PID: 448][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 496][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 520][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 564][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 576][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 736][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 792][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 852][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 956][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 980][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1200][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [D:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [D:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [D:\KAV2007\KAVEXT.DLL]  [Kingsoft Corporation, 2005, 8, 5, 16]
[PID: 1284][D:\KAV2007\KWatch.EXE]  [Kingsoft Corporation, 2005, 9, 27, 51]
    [D:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [D:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2006, 8, 29, 60]
    [D:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [D:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2006, 10, 26, 69]
[PID: 1356][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1588][D:\KAV2007\KAVStart.exe]  [Kingsoft Corporation, 2006, 9, 7, 210]
    [D:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [D:\KAV2007\SvcTimer.DLL]  [Kingsoft Corporation, 2006.7.24.80]
    [D:\KAV2007\KAVPassp.dll]  [Kingsoft Corporation, 2006, 9, 7, 270]
    [D:\KAV2007\PopSprt3.dll]  [Kingsoft Corporation, 2006, 9, 26, 38]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1616][D:\KAV2007\KPFW32.EXE]  [Kingsoft Corporation, 2006, 11, 15, 659]
    [D:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [D:\KAV2007\KAConfig.DLL]  [Kingsoft Corporation, 2006, 10, 30, 39]
    [D:\KAV2007\FiltList.dll]  [N/A, N/A]
    [D:\KAV2007\KAVPassp.DLL]  [Kingsoft Corporation, 2006, 9, 7, 270]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [D:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
[PID: 1624][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1748][D:\KAV2007\KPfwSvc.EXE]  [Kingsoft Corporation, 2005, 9, 5, 28]
[PID: 1988][D:\KAV2007\KMailMon.EXE]  [Kingsoft Corporation, 2006, 9, 7, 918]
    [D:\KAV2007\KAntiSpm.dll]  [Kingsoft Corporation, 2006, 8, 19, 104]
    [D:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [D:\KAV2007\KAECall2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 7]
    [D:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2006, 8, 29, 60]
    [D:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [D:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2006, 10, 26, 69]
    [D:\KAV2007\KAConfig.DLL]  [Kingsoft Corporation, 2006, 10, 30, 39]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [D:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
[PID: 1188][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1872][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\WINDOWS\system32\KakaTool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 1]
[PID: 1880][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\WINDOWS\system32\KakaTool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 1]
[PID: 1780][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\WINDOWS\system32\KakaTool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 1]
[PID: 1700][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\WINDOWS\system32\KakaTool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 1]
[PID: 1756][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\WINDOWS\system32\KakaTool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 1]
[PID: 2044][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\WINDOWS\system32\KakaTool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 1]
[PID: 316][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\WINDOWS\system32\KakaTool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 1]
[PID: 1228][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\WINDOWS\system32\KakaTool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 1]
[PID: 2008][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\WINDOWS\system32\KakaTool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 1]
[PID: 3164][C:\Documents and Settings\woofer\桌面\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [D:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
gototop
 
红夜鬼1
头像
横据古稀狮
  • 帖子:8602
  • 注册: 2006-10-18
  • 来自:
发表于: 2006-11-18 12:18 | 短消息 资料
字号: 5楼

运行(双击)SRENG2,点“启动项目,服务,点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
3F1C1859
EA674D70 
,选择“删除服务”
点“设置”选择“否”
重启按F8进入安全模式下
显示隐藏文件
删除: 
C:\WINDOWS\system32\3F1C1859.EXE
C:\WINDOWS\system32\EA674D70.EXE
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT