中了这两个病毒,在普通模式下瑞星不能动,只有在安全模式下杀出了四个病毒.

新问题:还是没有找到tcpsv.exe,只找到C:\WINDOWS\tcpsvc_Hook.DLL和tcpsvc及C:\WINDOWS\system32\tcpsvc.都是2001年创建的,应该不是吧?

重启后重新贴的日志.

各位帮帮忙!多谢了!

请下载Hijackthis1.99.1汉化包扫描后粘贴上来
到我的网络E盘绿色软件下载：
http://free5.ys168.com/?ufwihgu168

我有下载System Repair Engineer 2.0.21.505（RC2).可是一打开全是文件,还要解压缩文件.实在不知道要怎么弄.

好,我现在去下载你那个.

已经下载了,要先杀毒再运行吗?
就存在桌面可以吗?

一开始运行就有warning,可以点确定运行吗?

体谅一下,我真的是很菜~~~

引用:

【cassidy1228的贴子】一开始运行就有warning,可以点确定运行吗? 体谅一下,我真的是很菜~~~ ………………

如图:

Logfile of HijackThis v1.99.1
Scan saved at 23:54:34, on 2006-8-15
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.047\HijackThis.exe

R3 - URLSearchHook: (no name) - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\System32\Launcher.exe
O2 - BHO: TuoTuHelper.LDown - {0BECAB3A-E1F8-45E6-8332-38DD750EBA01} - D:\Tuotu\TuoTuHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\KakaTool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] ; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] ; C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [pbmini] "I:\PodcastbarMini\PodcastBarMini.exe" -hide
O4 - HKLM\..\Run: [NTdhcp] C:\WINDOWS\System32\NTdhcp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\QQ\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\QQ\QQIEHelper.dll (file missing)
O9 - Extra button: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn (file missing)
O9 - Extra button: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com (file missing)
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04854f779c3b4ebe4805/netzip/RdxIE601_cn.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33427AD0-82AF-4984-ABC6-B6BE0DEAD84A}: NameServer = 61.234.254.5,61.234.254.6
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - Service: System Event Notification Logs - Unknown owner - C:\WINDOWS\system32\drivers\lsass.exe
O23 - Service: Tcpsvc Server (Tcpsvc) - Unknown owner - C:\WINDOWS\tcpsvc.exe

就是这个日志吧?只有这么多.

运行Hijackthis，扫描结束后在下列选项前打上勾，然后选"修复
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\System32\Launcher.exe
O2 - BHO: TuoTuHelper.LDown - {0BECAB3A-E1F8-45E6-8332-38DD750EBA01} - D:\Tuotu\TuoTuHelper.dll

开始→运行→输入services.msc，打开“服务”→查找 System Event Notification Logs , Tcpsvc Server →
双击→启动类型→禁止→停止→应用→确定。禁止System Event Notification Logs , Tcpsvc Server 这个两个服务,用逗号已分开

重启到安全模式下删除
C:\WINDOWS\tcpsvc.exe
C:\WINDOWS\system32\drivers
C:\WINDOWS\System32\Launcher.exe

O4 - HKLM\..\Run: [NTdhcp] C:\WINDOWS\System32\NTdhcp.exe这项一并修复