12   1  /  2  页   跳转

求救!!!995!!!helpme!!!

收藏
haof3000
头像
初生襁褓狮
  • 帖子:62
  • 注册: 2006-07-26
  • 来自:
发表于: 2006-08-22 19:10 | 只看楼主 短消息 资料
字号: 1楼

求救!!!995!!!helpme!!!

我不知道中了什么病毒,开机后在C:\WINDOWS\TEMP文件夹里老是会出现很多很多垃圾文件,占空间。我查了N次毒也杀了N次毒,但没多长时间病毒就又重生了。我哭~~~
Logfile of HijackThis v1.99.1
Scan saved at 19:00:58, on 2006-8-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
D:\KAV6\KAVPFW.EXE
C:\Program Files\racer-henan-cnc\racer.exe
d:\KAV6\KWatchUI.EXE
d:\KAV6\KAVPlus.EXE
C:\Program Files\racer-henan-cnc\RacerKp.exe
d:\KAV6\KAVSvc.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
F:\系统反间谍\HijackThis.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll (file missing)
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll (file missing)
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - d:\Thunder\ComDlls\XunLeiBHO_002.dll
O2 - BHO: EastAliveObj Class - {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} - C:\WINDOWS\estAlive.dll
O3 - Toolbar: 金山毒霸 - {A9BE2902-C447-420A-BB7F-A5DE921E6138} - d:\KAV6\KAIEPlus.DLL
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll
O4 - HKLM\..\Run: [KAVRun] d:\KAV6\KAVRun.EXE
O4 - HKLM\..\Run: [iDuba Personal FireWall] D:\KAV6\KAVPFW.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKCU\..\Run: [iDuba Personal FireWall] D:\KAV6\KAVPFW.EXE
O4 - Global Startup: 河南网通宽带用户客户端.lnk = C:\Program Files\racer-henan-cnc\racer.exe
O8 - Extra context menu item: &使用迅雷下载 - d:\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - d:\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Tencent\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Tencent\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Tencent\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Tencent\SendMMS.htm
O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - d:\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - d:\Thunder\Thunder.exe
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - G:\浩方对战平台\GameClient.exe
O9 - Extra button: 比较购物搜索 - {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\YayaBands.dll
O9 - Extra 'Tools' menuitem: The AskYaya VerticalBar - {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\YayaBands.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {52DF16E3-6C4F-4B22-8BAF-09263E463B48} (金山毒霸安全助手) - http://zs.kingsoft.com/KOSInit.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122450793134
O16 - DPF: {A927C078-E82F-471B-83F5-3D1504F7D01B} (estInsObj Class) - http://info.askyaya.com/estAlive.cab
O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\system32\mbprot.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kingsoft AntiVirus Service (KAVSvc) - kingsoft Antivirus - d:\KAV6\KAVSvc.EXE

最后编辑2006-08-23 22:56:13
分享到:
gototop
 
haof3000
头像
初生襁褓狮
  • 帖子:62
  • 注册: 2006-07-26
  • 来自:
发表于: 2006-08-22 19:41 | 只看楼主 短消息 资料
字号: 2楼

995
gototop
 
我无邪
头像
高贵耄耋狮
  • 帖子:20720
  • 注册: 2004-06-10
  • 来自:广西玉林
发表于: 2006-08-22 21:02 | 短消息 资料
字号: 3楼

那个文件夹是系统的临时文件夹,有东东是正常的,但不知道你所说的量到底有多大,它们都是什么扩展名的文件
你描述一下
关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis,扫描结束后在下列选项前打上勾,然后选"修复"
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll (file missing)
O2 - BHO: EastAliveObj Class - {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} - C:\WINDOWS\estAlive.dll
O16 - DPF: {A927C078-E82F-471B-83F5-3D1504F7D01B} (estInsObj Class) - http://info.askyaya.com/estAlive.cab
O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\system32\mbprot.dll (file missing)
重启后删除
C:\WINDOWS\estAlive.dll
请下载 System Repair Engineer,使用“智能扫描”,按下“扫描”按钮进行扫描,扫描完成后按下“保存报告”按钮保存报告日志文件(SREng.LOG),把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完,分次粘完,请不要修改。
gototop
 
haof3000
头像
初生襁褓狮
  • 帖子:62
  • 注册: 2006-07-26
  • 来自:
发表于: 2006-08-23 20:36 | 只看楼主 短消息 资料
字号: 4楼

C:\WINDOWS\estAlive.dll
这个文件没有啊?
我已经扫描了,给你看下
2006-08-23,20:23:28

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <iDuba Personal FireWall><D:\KAV6\KAVPFW.EXE>  [Kingsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <KAVRun><d:\KAV6\KAVRun.EXE>  [kingsoft]
    <iDuba Personal FireWall><D:\KAV6\KAVPFW.EXE>  [Kingsoft Corporation]
    <C-Media Mixer><Mixer.exe /startup>  [C-Media Electronic Inc. (www.cmedia.com.tw)]
    <yassistse><"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  [Yahoo! China]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{7AED4686-F3AB-44EC-A118-D70ADF6CCE21}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat>  []
    <{288BD9BD-F0DC-46B1-81B5-2B61DF8077CE}><C:\WINDOWS\system32\ztt2.dLl>  []
    <{CF49F9F2-A8D3-464F-83EC-6AFC6573C267}><C:\WINDOWS\system32\jhcmd2.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <BCUpdate><; >  []
    <CdnCtr><; >  []
    <CertificateRegistration><; SafeSignCertReg.exe>  [A.E.T. Europe B.V.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <DAEMON Tools><; "D:\D-Tools\DAEMON Tools\daemon.exe" -lang 1033 -noicon>  [DT Soft Ltd.]
    <DAEMON Tools-1033><; >  []
    <Desktop><; C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll>  []
    <ExFilter><; Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll,ExecFilter solo">  []
    <gemstrmw><; C:\WINDOWS\system32\gemstrmw.exe /r>  [Gemplus]
    <hbpassport><; >  []
    <helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <iDuba Personal FireWall><; D:\KAV6\KAVPFW.EXE>  [Kingsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <IMEKRMIG6.1><; C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>  [Microsoft Corporation]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [Microsoft Corporation]
    <jib3j><; >  []
    <Knight V><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  []
    <Kulansyn><; d:\KAV6\Kulansyn.EXE>  [Kingsoft Corp.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    <Load><; C:\WINDOWS\rundl132.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <magbox><; >  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MSPY2002><; C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  []
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <nwiz><; nwiz.exe /install>  [NVIDIA Corporation]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <QuickTime Task><; "D:\QuickTime\qttask.exe" -atboottime>  [Apple Computer, Inc.]
    <renewup><; >  []
    <Rundll><; C:\WINDOWS\Rundll.exe>  []
    <spoolsv><; >  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Stamp><; >  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <supdate2.dll><; RUNDLL32.EXE C:\WINDOWS\system32\supdate2.dll,Run>  []
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <UserFaultCheck><; %systemroot%\system32\dumprep 0 -u>  []
    <win32tip><; >  []
    <WinampAgent><; "d:\Winamp\Winampa.exe">  []
    <yassistse><; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  [Yahoo! China]
    <YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [Yahoo! China]
gototop
 
haof3000
头像
初生襁褓狮
  • 帖子:62
  • 注册: 2006-07-26
  • 来自:
发表于: 2006-08-23 20:37 | 只看楼主 短消息 资料
字号: 5楼

==================================
启动文件夹
[河南网通宽带用户客户端]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\河南网通宽带用户客户端.lnk><N>

==================================
服务
[InstallDriver Table Manager / IDriverT]
  <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Kingsoft AntiVirus Service / KAVSvc]
  <d:\KAV6\KAVSvc.EXE><kingsoft Antivirus>
[P4P Service / P4P Service]
  <C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, N/A>
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, yahoo! china>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[启动迅雷]
  {0062C9BD-B349-40DE-91A0-755F37ACD559} <d:\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <G:\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[比较购物搜索(&C)]
  {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} <C:\WINDOWS\YayaBands.dll, Eastday Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[金山毒霸]
  {A9BE2902-C447-420A-BB7F-A5DE921E6138} <d:\KAV6\KAIEPlus.DLL, >
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll, yahoo! china>
[金山毒霸安全助手]
  {52DF16E3-6C4F-4B22-8BAF-09263E463B48} <C:\WINDOWS\system32\kingsoft\KOS\KOSInit.ocx, 金山软件股份有限公司>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, N/A>
[QuickTime Object]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <d:\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[虎翼DIY吧!]
  {0A00D11E-B1E7-44B5-AD88-C9190876AAC4} <C:\WINDOWS\system32\diybar2\diybar2.dll, N/A>
[ChajianHelper Class]
  {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} <C:\WINDOWS\system32\SYSREA~1.DLL, N/A>
[wmpdrm]
  {0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, N/A>
[InfosecCertInstall Class]
  {0EB487C8-E9AC-43A6-8C4C-083999B0622F} <C:\WINDOWS\system32\certInStall.dll, >
[CEnroll Class]
  {127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\system32\xenroll.dll, Microsoft Corporation>
[MeadCo ScriptX]
  {1663ED61-23EB-11D2-B92F-008048FDD814} <C:\WINDOWS\system32\MCScripX.dll, Mead & Co Limited>
[Shockwave ActiveX Control]
  {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\SYSTEM32\MACROMED\DIRECTOR\SWDIR.DLL, Macromedia, Inc.>
[MyIEHelper Class]
  {16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4603.dll, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[EWA Control]
  {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\COMMON~1\Synacast\SynaLive\SYNACA~1.OCX, Synacast>
[RealPlayer SMIL Download Handler]
  {224E833B-2CC6-42D9-AE39-90B6A38A4FA2} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Menu Class]
  {27D784D7-9217-4227-B43B-E06E4781E0CB} <C:\WINDOWS\system32\AlxTB1.dll, Alexa Internet>
[Installer Class]
  {28E0FA88-ABA8-4937-A247-3031F1A11165} <C:\WINDOWS\system32\diybar2\diybar2.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[Yahoo!Photo]
  {33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, yahoo! china>
[CaiShowBH Class]
  {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, N/A>
[LinkFilter Class]
  {4022F902-ABC7-4C79-924F-BB26F1D355A2} <C:\WINDOWS\system32\diybar2\diybar2.dll, N/A>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll, yahoo! china>
[CopySo拷贝搜]
  {40987A5C-6AB8-4977-8BE9-A8889DE2EDCC} <C:\Program Files\Copyso\CopysoIE.dll, N/A>
[UDPlayerCtl Control]
  {42B6F90A-9B1F-458F-BD6B-03478935A65E} <C:\WINDOWS\DOWNLO~1\UDPLAY~1.OCX, TODO: <上海优度宽带科技有限公司>>
[KmediaHelper Class]
  {42D25F15-CF07-4A72-B191-DB0792BF310C} <C:\WINDOWS\system32\Kmedia.dll, Kmedia>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\Super Rabbit\MagicSet\haokanbar.dll, N/A>
[博采]
  {4DA2EE61-6399-4C39-AEB9-0D990E610D29} <C:\WINDOWS\system32\BOCAIT~1.DLL, N/A>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[金山毒霸安全助手]
  {52DF16E3-6C4F-4B22-8BAF-09263E463B48} <C:\WINDOWS\system32\kingsoft\KOS\KOSInit.ocx, 金山软件股份有限公司>
[CMCBooter Object]
  {53AF6E02-F18F-4228-AC13-3E79773FBE50} <C:\WINDOWS\system32\Booter.ocx, 北京高维视讯科技有限公司>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Tencent\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NetAccelerate Class]
  {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, N/A>
[天下搜索]
  {56A7DC70-E102-4408-A34A-AE06FEF01586} <, N/A>
[Yahoo!Live]
  {57421194-58FB-49AE-9B4F-FD48869B9AD4} <C:\Program Files\Yahoo!\Assistant\yaLive.dll, yahoo! china>
[Macrosoft Class]
  {58DB541D-F15A-4E95-A5D9-5DF5EE13920C} <C:\WINDOWS\system32\winlogin.dll, Macrosoft>
[Router Layer]
  {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} <C:\WINDOWS\System32\aclayer.dll, N/A>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\DOCUME~1\haof\APPLIC~1\ppStream\100~1.103\POWERP~1.DLL, PPStream Inc.>
[XBTP03129 Class]
  {6029B367-250A-4696-925C-641709CA7381} <C:\WINDOWS\DOWNLO~1\Kuaiso.dll, N/A>
[DragSearch BHO]
  {62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[MMSAssist BHO]
  {6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL, N/A>
[BrowserProxy4 Class]
  {69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3} <C:\WINDOWS\system32\AlxTB1.dll, Alexa Internet>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[超级兔子上网精灵]
gototop
 
haof3000
头像
初生襁褓狮
  • 帖子:62
  • 注册: 2006-07-26
  • 来自:
发表于: 2006-08-23 20:37 | 只看楼主 短消息 资料
字号: 6楼

{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\Super Rabbit\MagicSet\haokanbar.dll, N/A>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[Windows Media Services DRM Storage object]
  {760C4B83-E211-11D2-BF3E-00805FBE84A6} <C:\WINDOWS\system32\drmstor.dll, Microsoft Corporation>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <d:\Thunder\Components\InMedia\MediaAddin07.dll, Thunder Networking Technologies,LTD>
[CMCLoader Object]
  {779769CA-82F1-4973-BBA7-515E6C7BFD0E} <C:\Program Files\GAOV\Mysee2\MycLive.dll, N/A>
[Web800 Control]
  {7A818607-0D4D-4C09-AB73-E4FC105FD9C3} <C:\WINDOWS\DOWNLO~1\CONFLICT.1\web800.ocx, >
[AutoLive]
  {7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <C:\Program Files\3721\autolive.dll, N/A>
[ViewSource Class]
  {85810C93-C14C-11D5-BC4B-0050BA28E4FE} <, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SUBMIT~1.DLL, >
[LoaderCore Class]
  {98A62E3F-A8C5-4EF0-8A00-C70CF9D18A89} <C:\WINDOWS\Downloaded Program Files\DLLoader.dll, sohu.com>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL, N/A>
[金山毒霸]
  {A9BE2902-C447-420A-BB7F-A5DE921E6138} <d:\KAV6\KAIEPlus.DLL, >
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[BrowserHAP Class]
  {AEF6F648-78D8-4456-BEE7-5ADE23D209FD} <C:\PROGRA~1\HBClient\hapast.dll, N/A>
[T2BHO Class]
  {B1D147E7-873E-4909-8127-695D9BB78728} <C:\WINDOWS\DOWNLOADED PROGRAM FILES\BARHELP22.0.DLL, N/A>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Messenger Object]
  {B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[Microsoft DirectAnimation Control]
  {B6FFC24C-7E13-11D0-9B47-00C04FC2F51D} <C:\WINDOWS\system32\danim.dll, Microsoft Corporation>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[IEHlprObj Class]
  {C5E5DB7E-46B1-47E6-8447-2E517F269925} <e:\Xplus\GETIE.dll, N/A>
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[IEDown Class]
  {D0A29C6C-AA71-4423-8C4A-5998B774C448} <C:\WINDOWS\system32\GLIEDown2.dll, 联众公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL, N/A>
[]
  {E1FC9760-7B95-49CD-80B9-8C9E41017B93} <d:\KAV6\KAVEXT.DLL, Kingsoft Corp.>
[IcbcSslCacheCleanerCtrl Class]
  {E9707834-5BF7-4CFF-A639-398427DE1991} <C:\WINDOWS\Downloaded Program Files\IcbcSslCacheCleaner.dll, 中国工商银行>
[bho Class]
  {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} <C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll, N/A>
[Hbact.HbactObject]
  {EF248BC9-F17D-4024-8868-71A5D22C667C} <C:\WINDOWS\DOWNLO~1\hbact.dll, N/A>
[Msp Class]
  {EF9F1C48-1A63-495A-9317-B7B71B34A9CF} <C:\WINDOWS\Downloaded Program Files\dddmsp.dll, >
[AlxTB BHO Class]
  {F1FABE79-25FC-46DE-8C5A-2C6DB9D64333} <C:\WINDOWS\system32\AlxTB1.dll, Alexa Internet>
[Encoder Control]
  {F787B0DD-FB0D-416C-AD49-585E9669D535} <C:\WINDOWS\DOWNLO~1\ENCODE~1.OCX, N/A>
[Windows Script Host Shell Object]
  {F935DC22-1CF0-11D0-ADB9-00C04FD58A0B} <C:\WINDOWS\system32\wshom.ocx, Microsoft Corporation>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll, Yahoo! China>
[pCastPanel Class]
  {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <C:\WINDOWS\Downloaded Program Files\pCastCtl.dll, >
[&使用迅雷下载]
  <d:\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <d:\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\Tencent\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\Tencent\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Tencent\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Tencent\SendMMS.htm, N/A>

==================================
gototop
 
haof3000
头像
初生襁褓狮
  • 帖子:62
  • 注册: 2006-07-26
  • 来自:
发表于: 2006-08-23 20:38 | 只看楼主 短消息 资料
字号: 7楼

正在运行的进程
[PID: 332][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 380][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 404][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 448][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 460][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 612][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 660][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 700][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 740][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 812][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 996][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1100][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\jhcmd2.dll]  <N/A><N/A>
    [d:\Thunder\ComDlls\XunLeiBHO_002.dll]  <Thunder Networking Technologies,LTD><5, 0, 0, 2>
    [D:\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll]  <yahoo! china><3, 1, 9, 1057>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  <Yahoo! China><3, 0, 1, 1010>
    [C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll]  <Yahoo! China><3, 0, 0, 1000>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  <yahoo! china><3, 0, 0, 1000>
[PID: 1112][C:\WINDOWS\System32\SCardSvr.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1204][C:\WINDOWS\Mixer.exe]  <C-Media Electronic Inc. (www.cmedia.com.tw)><1.58>
    [C:\WINDOWS\System32\cmnprop.dll]  <C-Media Corporation><5.00.2195.12>
    [C:\WINDOWS\system32\jhcmd2.dll]  <N/A><N/A>
[PID: 1212][C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe]  <Yahoo! China><3, 0, 0, 1001>
    [C:\PROGRA~1\Yahoo!\Assistant\shell\yAsMenu.dll]  <Yahoo! China><3, 0, 0, 1001>
    [C:\PROGRA~1\Yahoo!\Assistant\shell\yAssecblk.dll]  <Yahoo! China><3, 0, 0, 1002>
    [C:\PROGRA~1\Yahoo!\Assistant\shell\yIEAngel.dll]  <Yahoo! China><3, 0, 0, 1000>
    [C:\PROGRA~1\Yahoo!\Assistant\shell\yMenuInfo.dll]  <Yahoo! China><3, 0, 0, 1000>
    [C:\WINDOWS\system32\jhcmd2.dll]  <N/A><N/A>
[PID: 1232][D:\KAV6\KAVPFW.EXE]  <Kingsoft Corporation><2004, 8, 16, 295>
    [D:\KAV6\KAVMLM.DLL]  <Kingsoft Corporation><2003.11.12.10>
    [D:\KAV6\PFWScanC.dll]  <KingSoft><2002, 4, 12, 3>
    [D:\KAV6\KAMsgBox.dll]  <><2002.9.27.30>
    [D:\KAV6\NetShare.dll]  <Kingsoft Antivirus><2004, 2, 20, 67>
    [D:\KAV6\KAEPlat.DLL]  <Kingsoft Corp.><2005, 12, 29, 56>
    [D:\KAV6\KAEMem.DAT]  <Kingsoft><2006, 4, 12, 13>
    [D:\KAV6\KAEUnpack.DAT]  <Kingsoft Corp.><2006, 6, 15, 44>
    [C:\WINDOWS\system32\jhcmd2.dll]  <N/A><N/A>
    [D:\KAV6\KAEQSCAN.DLL]  <Kingsoft Corp><2004, 3, 26, 69>
    [D:\KAV6\KAVLogFn.dll]  <N/A><2003, 11, 26, 16>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
[PID: 1292][C:\Program Files\racer-henan-cnc\racer.exe]  <Putian Runway><2, 0, 49, 90>
    [C:\Program Files\racer-henan-cnc\rwxre.dll]  <Mozilla Foundation><1.7.3: 2005040616>
    [C:\Program Files\racer-henan-cnc\nspr4.dll]  <Netscape Communications Corporation><4.5 Beta>
    [C:\Program Files\racer-henan-cnc\xpcom.dll]  <Mozilla Foundation><1.7.3: 2005040616>
    [C:\Program Files\racer-henan-cnc\nss3.dll]  <Netscape Communications Corporation><3.9.1>
    [C:\Program Files\racer-henan-cnc\softokn3.dll]  <Netscape Communications Corporation><3.9.1>
    [C:\Program Files\racer-henan-cnc\gkgfx.dll]  <Mozilla Foundation><1.7.3: 2005040616>
    [C:\Program Files\racer-henan-cnc\js3250.dll]  <Netscape Communications Corporation><4.0>
    [C:\Program Files\racer-henan-cnc\components\racer_base_comp.dll]  <Putian Runway><2,0,47,87>
    [C:\Program Files\racer-henan-cnc\xpcom_compat.dll]  <Mozilla Foundation><1.7.3: 2005040616>
    [C:\Program Files\racer-henan-cnc\racer_base.dll]  <Putian Runway><2,0,47,87>
    [C:\Program Files\racer-henan-cnc\components\pipnss.dll]  <Mozilla Foundation><1.7.3: 2005040616>
    [C:\Program Files\racer-henan-cnc\components\gklayout.dll]  <Mozilla Foundation><1.7.3: 2005040616>
    [C:\Program Files\racer-henan-cnc\components\jar50.dll]  <Mozilla Foundation><1.7.3: 2005040616>
    [C:\WINDOWS\system32\jhcmd2.dll]  <N/A><N/A>
    [C:\Program Files\racer-henan-cnc\components\xpcom_compat_c.dll]  <Mozilla Foundation><1.7.3: 2005040616>
    [C:\Program Files\racer-henan-cnc\components\racer_ad_comp.dll]  <Putian Runway><2,0,47,87>
    [C:\Program Files\racer-henan-cnc\components\racer_access_dhcpplus.dll]  <Putian Runway><2,0,47,87>
    [C:\Program Files\racer-henan-cnc\dhcpplus.dll]  <北京润汇科技有限公司><0, 12, 20, 44>
    [C:\Program Files\racer-henan-cnc\components\racer_nss4_comp.dll]  <Putian Runway><2,0,47,87>
    [C:\Program Files\racer-henan-cnc\nss4.dll]  <北京普天润汇科技有限公司><1, 0, 0, 3>
    [C:\Program Files\racer-henan-cnc\wpcap.dll]  <Politecnico di Torino><3, 0, 0, 18>
    [C:\Program Files\racer-henan-cnc\pthreadVC.dll]  <N/A><N/A>
    [C:\Program Files\racer-henan-cnc\packet.dll]  <Politecnico di Torino><3, 0, 0, 18>
[PID: 1304][d:\KAV6\KWatchUI.EXE]  <><2004.1.6.119>
    [d:\KAV6\kavcomm.dll]  <Kingsoft Corporation><2003, 11, 12, 66>
    [d:\KAV6\kavdlg.dll]  <><2004.7.20.81>
    [d:\KAV6\KAVMLM.DLL]  <Kingsoft Corporation><2003.11.12.10>
    [C:\WINDOWS\system32\jhcmd2.dll]  <N/A><N/A>
    [d:\KAV6\RpcBrge.DLL]  <kingsoft><2003, 11, 12, 64>
[PID: 1480][d:\KAV6\KAVPlus.EXE]  <><2004, 3, 3, 71>
    [C:\WINDOWS\system32\jhcmd2.dll]  <N/A><N/A>
[PID: 1552][C:\Program Files\racer-henan-cnc\RacerKp.exe]  <北京润汇科技有限公司><1, 0, 0, 1>
    [C:\WINDOWS\system32\jhcmd2.dll]  <N/A><N/A>
[PID: 1644][C:\WINDOWS\system32\NOTEPAD.EXE]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\jhcmd2.dll]  <N/A><N/A>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
[PID: 1712][d:\KAV6\KAVSvc.EXE]  <kingsoft Antivirus><2003, 11, 12, 70>
    [d:\KAV6\SvcComm.dll]  <kingsoft Antivirus><2004, 7, 28, 1>
    [d:\KAV6\SvcTimer.DLL]  <Kingsoft><2004.4.29.79>
    [d:\KAV6\KavComm.dll]  <Kingsoft Corporation><2003, 11, 12, 66>
    [d:\KAV6\RpcBrge.DLL]  <kingsoft><2003, 11, 12, 64>
    [d:\KAV6\KWatchFn2.dll]  <kingsoft Corporation><2004, 8, 24, 25>
    [d:\KAV6\KAEPlat.DLL]  <Kingsoft Corp.><2005, 12, 29, 56>
    [d:\KAV6\KAEMem.DAT]  <Kingsoft><2006, 4, 12, 13>
    [d:\KAV6\KAEUnpack.DAT]  <Kingsoft Corp.><2006, 6, 15, 44>
    [d:\KAV6\KAVUtils.dll]  <Kingsoft Corp><2004, 2, 12, 69>
    [d:\KAV6\KAVDlg.DLL]  <><2004.7.20.81>
    [d:\KAV6\KAVLogFn.dll]  <N/A><2003, 11, 26, 16>
[PID: 1728][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  <Microsoft Corporation><7.00.9466>
[PID: 732][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2364][C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe]  <Yahoo! China><3, 0, 1, 1007>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll]  <yahoo! china><3, 1, 9, 1057>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  <Yahoo! China><3, 0, 1, 1010>
    [C:\WINDOWS\system32\jhcmd2.dll]  <N/A><N/A>
    [C:\Program Files\Yahoo!\Assistant\yNotifier.dll]  <yahoo! china><3, 0, 0, 1000>
[PID: 2508][F:\系统反间谍\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [C:\WINDOWS\system32\jhcmd2.dll]  <N/A><N/A>
[PID: 2544][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll]  <Yahoo! China><3, 0, 0, 1000>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll]  <yahoo! china><3, 1, 9, 1057>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  <Yahoo! China><3, 0, 1, 1010>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll]  <yahoo! china><3, 0, 2, 1036>
    [C:\Program Files\Yahoo!\Assistant\Assist\ysearch.dll]  <Yahoo! China><3, 0, 0, 1000>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasnoad.dll]  <yahoo! china><3, 0, 0, 1002>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yzsNetProto.dll]  <Yahoo! China><3, 0, 0, 1000>
    [C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll]  <Yahoo! China><3, 0, 0, 1000>
    [C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll]  <Yahoo! China><3, 0, 0, 1000>
    [C:\Program Files\Yahoo!\Assistant\Assist\yaswiper.dll]  <Yahoo! China><3, 0, 0, 1000>
    [C:\Program Files\Yahoo!\Assistant\Assist\yasiesec.dll]  <Yahoo! China><3, 0, 0, 1000>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ysettings.dll]  <yahoo! china><3, 0, 1, 1001>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ymailp.dll]  <Yahoo! China><3.0.0.1006>
    [C:\WINDOWS\system32\jhcmd2.dll]  <N/A><N/A>
    [C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll]  <yahoo! china><3, 0, 0, 1001>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  <yahoo! china><3, 0, 0, 1000>
    [d:\Thunder\ComDlls\XunLeiBHO_002.dll]  <Thunder Networking Technologies,LTD><5, 0, 0, 2>
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
    [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll]  <Macromedia, Inc.><8.0r196>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
gototop
 
我无邪
头像
高贵耄耋狮
  • 帖子:20720
  • 注册: 2004-06-10
  • 来自:广西玉林
发表于: 2006-08-23 20:55 | 短消息 资料
字号: 8楼

请到www.27814939.ys168.com,点“我的软件”下载KillBox.exe
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
双击打开KillBox.exe,分别删除
C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat
C:\WINDOWS\system32\ztt2.dLl
C:\WINDOWS\system32\jhcmd2.dll
C:\WINDOWS\rundl132.exe
C:\WINDOWS\Rundll.exe
(删除时勾选“删除前先结束Explorer.EXE进程”不行再试着勾选"删除DLL文件前反注册此文件"

运行(双击)System Repair Engineer,使用“启动项目,注册表”来删除以下选项。
C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat
C:\WINDOWS\system32\ztt2.dLl
C:\WINDOWS\system32\jhcmd2.dll
C:\WINDOWS\rundl132.exe
C:\WINDOWS\Rundll.exe

完后重启,再扫份日志粘上来。
gototop
 
我无邪
头像
高贵耄耋狮
  • 帖子:20720
  • 注册: 2004-06-10
  • 来自:广西玉林
发表于: 2006-08-23 20:56 | 短消息 资料
字号: 9楼

忘了一步,
下载超级兔子。
http://www.pctutu.com/srmsdown.asp
安装好后,打开“超级兔子清理王”“专业卸载,卸载所有提示的垃圾软件,卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载。
卸载完后,再扫份日志粘上来。
gototop
 
haof3000
头像
初生襁褓狮
  • 帖子:62
  • 注册: 2006-07-26
  • 来自:
发表于: 2006-08-23 21:40 | 只看楼主 短消息 资料
字号: 10楼

2006-08-23,21:31:29

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <iDuba Personal FireWall><D:\KAV6\KAVPFW.EXE>  [Kingsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <KAVRun><d:\KAV6\KAVRun.EXE>  [kingsoft]
    <iDuba Personal FireWall><D:\KAV6\KAVPFW.EXE>  [Kingsoft Corporation]
    <C-Media Mixer><Mixer.exe /startup>  [C-Media Electronic Inc. (www.cmedia.com.tw)]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]

==================================
启动文件夹
[河南网通宽带用户客户端]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\河南网通宽带用户客户端.lnk><N>

==================================
服务
[InstallDriver Table Manager / IDriverT]
  <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Kingsoft AntiVirus Service / KAVSvc]
  <d:\KAV6\KAVSvc.EXE><kingsoft Antivirus>
[P4P Service / P4P Service]
  <2 - 系统找不到指定的文件。
><N/A>

==================================
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT