1   1  /  1  页   跳转

[求助] c:\windows\system32\mpmyfapi.dll

收藏
laov
头像
拙长孩提狮
  • 帖子:154
  • 注册: 2006-08-15
  • 来自:
发表于: 2008-06-17 17:09 | 只看楼主 短消息 资料
字号: 1楼

c:\windows\system32\mpmyfapi.dll

这个项目怎么也删除不了,应该怎么弄?

[复制到剪贴板]
CODE:
2008-06-17,07:59:31
System Repair Engineer 2.5.16.900 Emergency Scan Mode
Smallfrogs ([url]http://www.KZTechs.com[/url])
Windows XP Professional Service Pack 2 (Build 2600)
以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <H/PC Connection Agent><"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE">  [Microsoft Corporation]
    <ctfmon.exe><C:\windows\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <kav><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\windows\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{6629FF4F-ACDB-5C90-A098-FACB3456A266}><C:\windows\system32\mpmyfapi.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]

==================================
启动文件夹
N/A
==================================
服务
[卡巴斯基反病毒6.0 / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[Cmb WebProtect Support / CMBWPS][Running/Auto Start]
  <C:\Program Files\CMBCHINA\WebProtect\WPService.exe /start><China Merchants Bank>
[MSSQLSERVER / MSSQLSERVER][Stopped/Disabled]
  <C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -sMSSQLSERVER><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -i MSSQLSERVER><Microsoft Corporation>

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[标准 IDE/ESDI 硬盘控制器 / atapi][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\atapi.sys><N/A>
[CMB8100 / CMB8100][Running/Auto Start]
  <\??\C:\windows\system32\Drivers\CertClient.dat><N/A>
[CMBProtector / CMBProtector][Running/Auto Start]
  <\??\C:\windows\system32\Drivers\CMBProtector.dat><N/A>
[d346bus / d346bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d346bus.sys><>
[d346prt / d346prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d346prt.sys><>
[dtscsi / dtscsi][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\dtscsi.sys><DT Soft Ltd.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[ISO DVD/CD-ROM Device Driver / ISODrive][Running/System Start]
  <\??\C:\Program Files\UltraISO\drivers\ISODrive.sys><EZB Systems, Inc.>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Klmc / Klmc][Running/System Start]
  <System32\drivers\klmc.sys><Kaspersky Lab>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Feitian ROCKEY4 Device Service / ROCKEYNT][Running/Manual Start]
  <system32\DRIVERS\Rockey4.sys><Feitian Technologies Co., Ltd.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver / RTL8023][Running/Manual Start]
  <system32\DRIVERS\Rtlnic51.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SiS315 / SiS315][Running/Manual Start]
  <system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiS AGP Filter / SISAGP][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp][Running/System Start]
  <system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[vaxscsi / vaxscsi][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\vaxscsi.sys><Alcohol Soft Co., Ltd.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>

==================================
浏览器加载项
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, [url]www.flashget.com[/url]>
[]
  {6629FF4F-ACDB-5C90-A098-FACB3456A266} <C:\windows\system32\mpmyfapi.dll, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[快车]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\Program Files\FlashGet\flashget.exe, FlashGet.com>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\windows\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[MeadCo ScriptX]
  {1663ed61-23eb-11d2-b92f-008048fdd814} <C:\windows\system32\MCScripX.dll, Mead & Co Limited>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\windows\system32\aliedit\pta.dll, >
[JWAXRemoteCtrl Class]
  {2CF25C09-486E-4A1E-892B-F6B3EB676ACF} <C:\WINDOWS\system32\JWAXRemote.ax, >
[BOARDOCX Control]
  {2D00CB73-BF43-4AC1-9535-11E281A91BA3} <C:\windows\system32\BOARDOCX.ocx, hikvision>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\windows\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[StreamOcx Control]
  {43E171F5-0392-4AE2-9A14-437618A25412} <C:\windows\system32\STREAM~1.OCX, >
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\windows\system32\aliedit\aliedit.dll, >
[MSN Photo Upload Tool]
  {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[UploadControl Control]
  {52FF336D-A05D-4A14-A3A1-7B6B4B427F88} <C:\windows\system32\UPLOAD~1.OCX, 广州网易互动娱乐有限公司>
[InfoSecNetSign Class]
  {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINDOWS\system32\NetSign.dll, Infosec Technologies Co., Ltd.>
[HikMP4NetVideo Control]
  {7326059D-0357-4239-8537-69EA428A232D} <C:\windows\system32\HIKMP4~1.OCX, >
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[JBNVOCX Control]
  {97197A3A-091E-488D-B5BA-58EAD9819B4C} <C:\windows\system32\JBNVOCX.ocx, >
[WebDigiNet Control]
  {9E265649-6E0E-4EEA-9F49-DAE0801440CF} <C:\WINDOWS\system32\WEBDIG~1.OCX, Kodicom>
[Hanmail Upload Control]
  {A00B2A53-60D9-4477-ADA3-60490770C5E0} <, N/A>
[ICBCQPKCom_HH Class]
  {B219E31C-E110-4638-AF01-7BDD5ACA552C} <C:\windows\system32\ICBCQP~1.DLL, >
[cardctl Class]
  {B753331A-9543-41D2-83B2-492E5ADB7911} <C:\WINDOWS\system32\ICCARD~1.DLL, Infosec Technologies Co., Ltd.>
[Daum ActiveX manager Class]
  {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} <C:\WINDOWS\system32\xman.dll, (c) Daum Communications.>
[KooPlayer Control]
  {C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\DOWNLO~1\CCTVKO~1.OCX, Koos>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\windows\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[PhotoUploadCtrlMini Control]
  {D9306BD1-2325-4C28-8632-B02330C1BB02} <C:\windows\system32\PHOTOU~1.OCX, 广州网易互动娱乐有限公司>
[AxUSBKey Class]
  {DA215190-98B2-47DE-AE24-DA95481DFFBA} <C:\WINDOWS\system32\USBKey.dll, >
[JITSecurityTool Control]
  {F1FDD7D2-0192-4F66-A015-4FC6235E8B74} <C:\WINDOWS\DOWNLO~1\CONFLICT.1\JITSEC~1.OCX, SDCA>
[PBActiveX40 Control]
  {F2EB8999-766E-4BF6-AAAD-188D398C0D0B} <C:\windows\system32\PersonalBankMain.ocx, China Merchants Bank>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, [url]www.flashget.com[/url]>
[]
  {3D698451-2015-6358-9871-2015987452D3} <C:\windows\system32\apzhctde.dll, N/A>
[]
  {6629FF4F-ACDB-5C90-A098-FACB3456A266} <C:\windows\system32\mpmyfapi.dll, N/A>
[]
  {6FD45A54-9875-698F-E56E-65102358FDF6} <C:\windows\system32\apsgfjba.dll, N/A>
[BLin IeDoor Class]
  {A7934164-66CE-4B01-AD28-A42F734E448D} <C:\Documents and Settings\Admin\blin\blinplug.dll, BLin Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\windows\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, [url]www.flashget.com[/url]>
[&使用快车(FlashGet)下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[&使用比邻下载(&B)]
  <C:\Documents and Settings\Admin\blin\ctxmenu.htm, N/A>
[导出到 Microsoft Excel(&x)]
  <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <F:\11\AddEmotion.htm, N/A>
[添加到我的网易博客]
  <C:\windows\system32\NetEase.html, N/A>

==================================
正在运行的进程
[PID: 368 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 448 / SYSTEM][\??\C:\windows\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 472 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 516 / SYSTEM][C:\windows\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 528 / SYSTEM][C:\windows\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 672 / SYSTEM][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 732 / NETWORK SERVICE][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 772 / SYSTEM][C:\windows\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 840 / NETWORK SERVICE][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 904 / LOCAL SERVICE][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 964 / SYSTEM][C:\windows\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\EBPMON2.DLL]  [SEIKO EPSON CORPORATION, 2, 38, 0, 0]
    [C:\windows\system32\fppmon3.dll]  [FinePrint Software, LLC, 3.15]
    [C:\windows\system32\fppr332.dll]  [FinePrint Software, LLC, 3.15]
    [C:\windows\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\windows\system32\sa4bLMON.DLL]  [SHARP, 1.0.0.3]
    [C:\windows\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\windows\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 1000 / LOCAL SERVICE][C:\windows\System32\SCardSvr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1124 / SYSTEM][C:\Program Files\CMBCHINA\WebProtect\WPService.exe]  [China Merchants Bank, 1, 0, 0, 1]
    [C:\Program Files\CMBCHINA\WebProtect\WebProtectPlus.dll]  [China Merchants Bank, 1, 0, 0, 1]
[PID: 1248 / SYSTEM][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1476 / LOCAL SERVICE][C:\windows\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1432 / Admin][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\mpmyfapi.dll]  [N/A, ]
[PID: 1188 / Admin][C:\Documents and Settings\Admin\桌面\病毒处理\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\windows\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      update.cpushpop.com
127.0.0.1      image.yahoo550.com
127.0.0.1      gs.chnsystem.com
127.0.0.1      msl.chnsystem.com
127.0.0.1      ssl.chnsystem.com
127.0.0.1      [url]www.gagagaga.cn[/url]
127.0.0.1      down.1024tb.com
127.0.0.1      xconf.coopen.cn
127.0.0.1      log.xplayer.coopen.cn
127.0.0.1      xfile.coopen.cn
127.0.0.1      loader.smartpv.cn
127.0.0.1      alerts.xiaoi.com
127.0.0.1      sports.yahoo550.com
127.0.0.1      update.cnnic.cn
127.0.0.1      jump.cnnic.cn
127.0.0.1      login.zuoyoukongjian.com
127.0.0.1      adfirefox.cn
127.0.0.1      3.wornm.cn
127.0.0.1      5.haokandi.cn
127.0.0.1      b.downadown.cn
127.0.0.1      update.iesuper.com
127.0.0.1      888.843call.cn
127.0.0.1      122.770304123.cn
127.0.0.1      110.770304123.cn
127.0.0.1      343.boolans.com
127.0.0.1      update.smartpv.cn
127.0.0.1      update146.smartpv.cn
127.0.0.1      js4.all4ad.net
127.0.0.1      click2.ad4all.net
127.0.0.1      [url]www.papaop.com[/url]
127.0.0.1      realname.webbrowser.smartpv.cn
127.0.0.1      login.webbrowser.smartpv.cn
127.0.0.1      [url]www.cnphp5.com[/url]
127.0.0.1      [url]www.133c.cn[/url]
127.0.0.1      zhoupk256.3322.org
127.0.0.1      udp.hjob123.com
127.0.0.1      d4.kkads.cn
127.0.0.1      [url]www.zhaoyou8.com[/url]
127.0.0.1      [url]www.kkads.cn[/url]
127.0.0.1      travel.yahoo550.com
127.0.0.1      soft.16990.com
127.0.0.1      livenews.265.com
127.0.0.1      bak.hjob123.com
127.0.0.1      [url]www.jesuser.cn[/url]
127.0.0.1      class.caiyi8.com
127.0.0.1      ownload.baofeng.com
127.0.0.1      [url]www.177i.com[/url]
127.0.0.1      [url]www.81891111.com[/url]
127.0.0.1      33.xingaide8.cn
127.0.0.1      444.916kk.com
127.0.0.1      [url]www.916kk.com[/url]
127.0.0.1      soft2.86sifu.com
127.0.0.1      google.netcdn.com
127.0.0.1      lm.9cdn.com
127.0.0.1      [url]www.z88.com.cn[/url]
127.0.0.1      adswin.unet.hk
127.0.0.1      [url]www.borlander.com.cn[/url]
127.0.0.1      cab.borlander.com.cn
127.0.0.1      [url]www.333292.com[/url]
127.0.0.1      net.jnnic.com
127.0.0.1      [url]www.plunix.org[/url]
127.0.0.1      ip.9cdn.com
127.0.0.1      test8.b190.west263.cn
127.0.0.1      yz.jz173.com
127.0.0.1      [url]www.yy17173.cn[/url]
127.0.0.1      [url]www.daydayshop.cn[/url]
127.0.0.1      [url]www.yahoo550.com[/url]
127.0.0.1      wifayy.51vip.biz
127.0.0.1      sss.969222.com
127.0.0.1      stats.ucantv.com
127.0.0.1      node1.ucantv.com
127.0.0.1      x5.ioeruwu.com
127.0.0.1      p.jfglass.net
127.0.0.1      x4.ioeruwu.com
127.0.0.1      [url]www.tyw10.cn[/url]
127.0.0.1      push.cpushpop.com
127.0.0.1      axcx.3322.org
127.0.0.1      xxx.eh7.biz
127.0.0.1      [url]www.3448.com[/url]
127.0.0.1      [url]www.4199.com[/url]
127.0.0.1      [url]www.7255.com[/url]
127.0.0.1      [url]www.allxun.com[/url]
127.0.0.1      [url]www.feixue.net[/url]
127.0.0.1      4199.com
127.0.0.1      [url]www.4199.com[/url]
127.0.0.1      06.jacai.com
127.0.0.1      [url]www.my123.com[/url]
127.0.0.1      [url]www.piaoxue.com[/url]
127.0.0.1      about-blank.cc
127.0.0.1      [url]www.ooooos.com[/url]
127.0.0.1      8749.com
127.0.0.1      [url]www.8749.com[/url]

==================================
进程特权扫描
N/A
==================================
API HOOK
RVA  错误: LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误: LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误: LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误: LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)

==================================
隐藏进程
N/A


用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Poco 0.31; .NET CLR 2.0.50727)
分享到:
gototop
 
豪斯登堡新郎
头像
社区嘉宾
  • 帖子:4234
  • 注册: 2007-11-09
  • 来自:
发表于: 2008-06-17 18:24 | 短消息 资料
字号: 2楼

回复:c:\windows\system32\mpmyfapi.dll

1.这里官网下载费尔木马强力清除助手,勾选“清除,并抑制文件再次生成”后删除以下文件:
(不管文件是否存在,删一次没坏处,如果提示文件不存在,不管他,直接继续下面的修复)。
http://dl.filseclab.com/down/powerrmv.zip

c:\windows\system32\mpmyfapi.dll
c:\windows\system32\apsgfjba.dll
c:\windows\system32\apzhctde.dll

2.删除重启后使用SREng修复下面各项:

    启动项目 -- 注册表之如下项删除:
[{6629FF4F-ACDB-5C90-A098-FACB3456A266}] 

    系统修复-- 浏览器加载项之如下项删除:
[]    <C:\windows\system32\apsgfjba.dll>
[]    <C:\windows\system32\mpmyfapi.dll>
[]    <C:\windows\system32\apzhctde.dll>
[]    <C:\windows\system32\mpmyfapi.dll>
不认识我没关系,因为我也不认识你。
gototop
 
laov
头像
拙长孩提狮
  • 帖子:154
  • 注册: 2006-08-15
  • 来自:
发表于: 2008-06-18 09:19 | 只看楼主 短消息 资料
字号: 3楼

回复:c:\windows\system32\mpmyfapi.dll

谢谢了,最后用360给清除了。
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT