中毒症状:每次系统启动或启动IE就会自动跳出若干网页,然后自动关闭,其他没有什么特别异常.
诺顿杀不出.该病毒更改了SHELL,伴随EXPLORE.EXE一起启动,即便找到WINCOM.EXE在安全模式下用ICESWORD也杀不掉,另外安全模式下想把SHELL值也改不掉.


2007-04-26,10:35:00

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <MsnMsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <NAV Agent><C:\PROGRA~1\NORTON~1\navapw32.exe>  [(Verified)Symantec Corporation, L=Santa Monica, S=California, C=US]
    <ATIModeChange><; Ati2mdxx.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <ATIPTA><; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <PCTVOICE><; pctspk.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe wincom.exe>  []
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\KAV6\KaScrScn.scr>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Microsoft Security Manager Center / MscnMgr][Running/Auto Start]
  <C:\WINDOWS\system32\wbem\svchost.exe><Microsoft Corporation>
[Norton AntiVirus 自动防护服务 / navapsvc][Running/Auto Start]
  <C:\Program Files\Norton AntiVirus\navapsvc.exe><Symantec Corporation>
[PPRich Server / PPRich][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k ppsvcs-->C:\Program Files\PPGou Soft\PPRich\PPRich.dll><www.pprich.com>
[ScriptBlocking Service / SBService][Stopped/Auto Start]
  <C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe><Symantec Corporation>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[3Com 3C90X-BC Family PCI EtherLink Adapter / EL90XBC][Running/Manual Start]
  <system32\DRIVERS\el90xbc5.sys><3Com Corporation>
[NAVAP / NAVAP][Running/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\NAVAP.SYS><N/A>
[NAVENG / NAVENG][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070425.033\NAVENG.Sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070425.033\NavEx15.Sys><Symantec Corporation>
[nfpekgl / nfpekgl][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\nfpekgl.sys><N/A>
[PCAMPR5 NDIS Protocol Driver / PCAMPR5][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\PCAMPR5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[Padus ASPI Shell / pfc][Running/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[PProtect / PProtect][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\PProtect.sys><Jiangmin Co. Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[W2K Pctel Serial Device Driver / Ptserial][Running/Manual Start]
  <system32\DRIVERS\ptserial.sys><PCTEL, INC.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SymEvent / SymEvent][Running/Manual Start]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Running/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\SYMTDI.SYS><Symantec Corporation>
[W2k Vmodem / Vmodem][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\vmodem.sys><PCTEL, INC.>
[W2k Vpctcom / Vpctcom][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\vpctcom.sys><PCtel, Inc.>
[W2k Vvoice / Vvoice][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\vvoice.sys><PCtel, Inc.>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[CNavExtBho Class]
  {BDF3E430-B101-42AD-A544-FADC6B084872} <C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[MSN 工具栏]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Toolbar\01.01.2607.0\zh-cn\msntb.dll, Microsoft Corporation>
[Norton AntiVirus]
  {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} <C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\Program Files\Sogou PXP\MMCShell.dll, Sohu.com Inc.>
[Java Plug-in 1.4.2_10]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll, JavaSoft / Sun Microsystems, Inc.>
[Java Plug-in 1.4.2_10]
  {CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll, JavaSoft / Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\Program Files\Sogou PXP\MMCShell.dll, Sohu.com Inc.>
[IeHelper Class]
  {0D42E1BD-09DD-4873-A826-9C7E793EB7B6} <C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DSIeHelper.dll, N/A>
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[Norton AntiVirus]
  {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} <C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Java Plug-in 1.4.2_10]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll, JavaSoft / Sun Microsystems, Inc.>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\Mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[MSN 工具栏]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Toolbar\01.01.2607.0\zh-cn\msntb.dll, Microsoft Corporation>
[CNavExtBho Class]
  {BDF3E430-B101-42AD-A544-FADC6B084872} <C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 440][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 496][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 520][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 564][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 1260][C:\WINDOWS\Explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\inetcom.dll]  [, 1.5.2.141]
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 17]
    [C:\Program Files\Norton AntiVirus\NavShExt.dll]  [Symantec Corporation, 8.00.58]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 1448][C:\PROGRA~1\NORTON~1\navapw32.exe]  [Symantec Corporation, 8.00.58]
    [C:\PROGRA~1\NORTON~1\apwutil.dll]  [Symantec Corporation, 8.00.58]
    [C:\PROGRA~1\NORTON~1\apwcmdnt.dll]  [Symantec Corporation, 8.00.58]
    [C:\PROGRA~1\NORTON~1\NAVProxy.dll]  [Symantec Corporation, 8.00.58]
    [C:\WINDOWS\system32\SYMREDIR.dll]  [Symantec Corporation, 4.0.0.66]
    [C:\PROGRA~1\NORTON~1\DefAlert.dll]  [Symantec Corporation, 8.00.58]
[PID: 1476][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1700][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1228][C:\Documents and Settings\c640\桌面\手动杀毒\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

望高手予以解答,真诚的谢谢了

Windows Shell Menus Manager
========================================
Created by Smallfrogs
http://www.KZTechs.com
========================================
2007-04-26 13:08:56

CLSID: {85BBD920-42A0-1069-A2E4-08002B30309D}. ExtName: BriefcaseMenu                                    . Publisher: Microsoft Corporation                  . Path: syncui.dll.
CLSID: {750fdf0e-2a26-11d1-a3ea-080036587f03}. ExtName: Offline Files                                    . Publisher: Microsoft Corporation                  . Path: %SystemRoot%\System32\cscui.dll.
CLSID: {09799AFB-AD67-11d1-ABCD-00C04FC30936}. ExtName: Open With                                        . Publisher: Microsoft Corporation                  . Path: %SystemRoot%\system32\SHELL32.dll.
CLSID: {A470F8CF-A1E8-4f65-8335-227475AA5C46}. ExtName: Open With EncryptionMenu                          . Publisher: Microsoft Corporation                  . Path: %SystemRoot%\system32\SHELL32.dll.
CLSID: {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}. ExtName: Symantec.Norton.Antivirus.IEContextMenu          . Publisher: Symantec Corporation                    . Path: C:\Program Files\Norton AntiVirus\NavShExt.dll.
CLSID: {B41DB860-8EE4-11D2-9906-E49FADC173CA}. ExtName: WinRAR                                            . Publisher: N/A                                    . Path: C:\Program Files\WinRAR\rarext.dll.
CLSID: {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}. ExtName: 附到「开始」菜单                                  . Publisher: Microsoft Corporation                  . Path: %SystemRoot%\system32\SHELL32.dll.
CLSID: {85BBD920-42A0-1069-A2E4-08002B30309D}. ExtName: BriefcasePage                                    . Publisher: Microsoft Corporation                  . Path: syncui.dll.
CLSID: {7444C719-39BF-11D1-8CD9-00C04FC29D45}. ExtName: CryptoSignMenu                                    . Publisher: Microsoft Corporation                  . Path: C:\WINDOWS\system32\cryptext.dll.
CLSID: {1F2E5C40-9550-11CE-99D2-00AA006E086C}. ExtName: Security Shell Extension                          . Publisher: Microsoft Corporation                  . Path: rshx32.dll.
CLSID: {3EA48300-8CF6-101B-84FB-666CCB9BCD32}. ExtName: OLE 文档属性页                                    . Publisher: Microsoft Corporation                  . Path: docprop.dll.
CLSID: {883373C3-BF89-11D1-BE35-080036B11A03}. ExtName: Microsoft DocProp Shell Ext                      . Publisher: Microsoft Corporation                  . Path: C:\WINDOWS\system32\docprop2.dll.
CLSID: {0D2E74C4-3C34-11d2-A27E-00C04FC30871}. ExtName:                                                  . Publisher: Microsoft Corporation                  . Path: %SystemRoot%\system32\SHELL32.dll.
CLSID: {BD472F60-27FA-11cf-B8B4-444553540000}. ExtName: Compressed (zipped) Folder Right Drag Handler    . Publisher: Microsoft Corporation                  . Path: %SystemRoot%\system32\zipfldr.dll.
CLSID: {A470F8CF-A1E8-4f65-8335-227475AA5C46}. ExtName: EncryptionMenu                                    . Publisher: Microsoft Corporation                  . Path: %SystemRoot%\system32\SHELL32.dll.
CLSID: {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}. ExtName: Sharing                                          . Publisher: Microsoft Corporation                  . Path: ntshrui.dll.
CLSID: {596AB062-B4D2-4215-9F74-E9109B0A8153}. ExtName: 以前的版本属性页                                  . Publisher: Microsoft Corporation                  . Path: %SystemRoot%\system32\twext.dll.
CLSID: {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}. ExtName: DfsShell Class                                    . Publisher: Microsoft Corporation                  . Path: C:\WINDOWS\system32\dfsshlex.dll.
CLSID: {ef43ecfe-2ab9-4632-bf21-58909dd177f0}. ExtName: 自定义文件夹选项卡                                . Publisher: Microsoft Corporation                  . Path: %SystemRoot%\system32\SHELL32.dll.
CLSID: {59099400-57FF-11CE-BD94-0020AF85B590}. ExtName: 磁盘复制扩展                                      . Publisher: Microsoft Corporation                  . Path: diskcopy.dll.
CLSID: {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}. ExtName: Portable Devices Menu                            . Publisher: Microsoft Corporation                  . Path: %SystemRoot%\system32\wpdshext.dll.
CLSID: {fbeb8a05-beee-4442-804e-409d6c4515e9}. ExtName: 烧 CD 的 ShellFolder                              . Publisher: Microsoft Corporation                  . Path: %SystemRoot%\system32\SHELL32.dll.
CLSID: {7988B573-EC89-11cf-9C00-00AA00A14F56}. ExtName: Microsoft Disk Quota UI                          . Publisher: Microsoft Corporation                  . Path: dskquoui.dll.
CLSID: {D969A300-E7FF-11d0-A93B-00A0C90F2719}. ExtName: New                                              . Publisher: Microsoft Corporation                  . Path: %SystemRoot%\system32\SHELL32.dll.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe wincom.exe> []

PPRich Server / PPRich][Running/Auto Start]
<C:\WINDOWS\system32\svchost.exe -k ppsvcs-->C:\Program Files\PPGou Soft\PPRich\PPRich.dll><www.pprich.com>

[nfpekgl / nfpekgl][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\nfpekgl.sys><N/A>

问题是怎么删掉呢，我实在删不掉啊

你是怎么删删不掉??

在安全模式下用ICESWORD删了它会自动重建,SHELL值改了它自己立马恢复.

先强制结束进程式exploer
然后再删除WINCOM.EXE所在路径

先谢谢 桃子了，可是强制结束进程EXPLORE.exe后系统不是会重新自动再加载的么？而且结束explore，我到哪去删wincom呢

还有这个有什么不对劲么，高手能不能详细解释一下哦
[nfpekgl / nfpekgl][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\nfpekgl.sys><N/A>