发表于: 2006-12-12 19:39 | 显示全部 短消息 资料
字号: 1楼

我的帖子都发了三遍了也没人帮忙解决一下啊,高手都去哪了,ie被劫持了

机器很慢,而且从打开电脑开始主机就吱吱的响,打开程序时也响,有时打开电脑电脑没响应(就象死机一样),主页也改不了,总是www.37021.net,高手帮忙看看日志,多谢了

System Repair Engineer 2.2.6.605

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<><regedit -s c:\windows\system\syst.dll> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<internat.exe><internat.exe> [Microsoft Corporation]
<SystemTray><SysTray.Exe> [Microsoft Corporation]
<LoadPowerProfile><Rundll32.exe powrprof.dll,LoadCurrentPwrScheme> [Microsoft Corporation]
<Kernel32><C:\WINDOWS\SYSTEM\Kernel.dll> [N/A]
<winwin><regedit -s c:\windows\system\systell.dll> [N/A]
<WIN32><regedit -s c:\windows\system\syst.dll> [N/A]
<KAVRUN><C:\KAV\KAVRUN.EXE> [kingsoft]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<kvw3000><C:\KVW3000\kvplus.exe /tray> [Beijing Jiangmin New Tech. & Sci. Co.Ltd.]
<syste><regedit -s c:\windows\system\syst.dll> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<LoadPowerProfile><Rundll32.exe powrprof.dll,LoadCurrentPwrScheme> [Microsoft Corporation]
<SchedulingAgent><C:\WINDOWS\SYSTEM\mstask.exe> [Microsoft Corporation]
<KVSrv><C:\KVW3000\KVSRVX.EXE -Service> [LANK Soft.]

==================================
启动文件夹
[FOLDER]
<C:\WINDOWS\Start Menu\Programs\启动\FOLDER.HTT --> [N/A]><H>

==================================
驱动程序
N/A

==================================
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX, (>
[3721中文邮]
{6231D512-E4A4-4DF2-BE62-5B8F0EE348EF} <C:\PROGRAM FILES\3721\CES\CESWEB.DLL, N/A>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[酷站大全]
{8FBA04EE-3024-11D2-8F1F-0000F87ABD16} <http://www.37021.com, N/A>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH9B.OCX, Adobe Systems, Inc.>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\SYSTEM\SUBMIT~1.DLL, ,>
[RootCertInstall Class]
{D1056C7C-E30B-4234-9A4B-7E1038B167A7} <C:\WINDOWS\DOWNLO~1\ROOTCERT.DLL, $>
[PowerPlayer Control]
{5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\WINDOWS\DOWNLO~1\POWERP~1.DLL, PPStream Inc.>
[添加QQ网络收藏夹]
<C:\PROGRAM FILES\TENCENT\NAF.htm, N/A

==================================
正在运行的进程
[PID: 4294941993][C:\WINDOWS\SYSTEM\SPOOL32.EXE] [Microsoft Corporation, 4.10.1998]
[PID: 4294948077][C:\WINDOWS\SYSTEM\MPREXE.EXE] [Microsoft Corporation, 4.10.1998]
[PID: 4294839917][C:\WINDOWS\SYSTEM\MSTASK.EXE] [Microsoft Corporation, 4.71.1959.1]
[PID: 4294849501][C:\KVW3000\KVSRVX.EXE] [LANK Soft., 6, 6, 0, 131]
[C:\KVW3000\KVENHXS.DLL] [JiangMin Ltd., 6, 6, 0, 133]
[C:\KVW3000\KVENHUS.DLL] [LANK Soft., 6, 6, 0, 131]
[C:\WINDOWS\SYSTEM\KVWSP.DLL] [JiangMin Ltd., 6, 6, 0, 135]
[PID: 4294875385][C:\WINDOWS\SYSTEM\RPCSS.EXE] [Microsoft Corporation, 4.71.2900]
[C:\KAV\KAVEXT.DLL] [Kingsoft Corp., 2001, 5, 30, 4]
[C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB 文件夹\MSONSEXT.DLL] [N/A, N/A]
[C:\PROGRAM FILES\WINZIP\WZSHLSTB.DLL] [WinZip Computing, Inc., 3.0 (32-bit)]
[C:\PROGRAM FILES\WINRAR\RAREXT.DLL] [N/A, N/A]
[C:\KVW3000\KVSHELLX.DLL] [北京江民新科技术有限公司., 5, 0, 0, 100]
[C:\WINDOWS\SYSTEM\KVWSP.DLL] [JiangMin Ltd., 6, 6, 0, 135]
[C:\WINDOWS\SYSTEM\NETBIOS.DLL] [N/A, N/A]
[C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.DLL] [N/A, N/A]
[PID: 4294869377][C:\WINDOWS\EXPLORER.EXE] [Microsoft Corporation, 4.72.3110.1]
[PID: 4294822397][C:\WINDOWS\SYSTEM\INTERNAT.EXE] [Microsoft Corporation, 4.10.2222]
[PID: 4294832953][C:\WINDOWS\SYSTEM\SYSTRAY.EXE] [Microsoft Corporation, 4.10.2222]
[PID: 4294709681][C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE] [RealNetworks, Inc., 0.1.0.1622]
[C:\WINDOWS\SYSTEM\KVWSP.DLL] [JiangMin Ltd., 6, 6, 0, 135]
[C:\PROGRAM FILES\COMMON FILES\REAL\PLUGINS\HTTP3260.DLL] [RealNetworks, Inc., 6.0.7.4097]
[C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNMS3270.DLL] [RealNetworks, Inc., 7.0.0.1452]
[C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNAD3201.DLL] [RealNetworks, Inc., 0.1.0.1622]
[C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\FAUS3270.DLL] [RealNetworks, Inc., 7.0.0.1307]
[C:\PROGRAM FILES\COMMON FILES\REAL\COMMON\PNRS3260.DLL] [RealNetworks, Inc., 6.0.9.2068]
[C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\TWEBBROWSE.DLL] [RealNetworks, Inc., 1.0.2.311]
[C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNUP3270.DLL] [RealNetworks, Inc., 7.0.0.1052]
[C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNQU3270.DLL] [RealNetworks, Inc., 7.0.0.1685]
[C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\SETU3270.DLL] [RealNetworks, Inc., 7.0.0.2311]
[C:\PROGRAM FILES\COMMON FILES\REAL\COMMON\OBJB3201.DLL] [RealNetworks, Inc., 0.1.0.3389]
[C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\UPGR3270.DLL] [RealNetworks, Inc., 7.0.0.1675]
[PID: 4294754813][C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALEVENT.EXE] [RealNetworks, Inc., 0.1.0.1622]
[C:\WINDOWS\SYSTEM\PNCRT.DLL] [Real Networks, Inc, 6.0.0.0]
[C:\PROGRAM FILES\COMMON FILES\REAL\RCAPLUGINS\GEMC3201.DLL] [RealNetworks, Inc., 0.1.0.3395]
[C:\PROGRAM FILES\COMMON FILES\REAL\COMMON\PNRS3260.DLL] [RealNetworks, Inc., 6.0.9.2068]
[C:\PROGRAM FILES\COMMON FILES\REAL\PLUGINS\PXCB3210.DLL] [RealNetworks, Inc., 1.0.0.2128]
[C:\PROGRAM FILES\COMMON FILES\REAL\PLUGINS\IMGR3260.DLL] [RealNetworks, Inc., 6.0.7.3735]
[C:\PROGRAM FILES\COMMON FILES\REAL\PLUGINS\ZIPF3260.DLL] [RealNetworks, 6.0.7.2536]
[C:\PROGRAM FILES\COMMON FILES\REAL\PLUGINS\HTTP3260.DLL] [RealNetworks, Inc., 6.0.7.4097]
[C:\WINDOWS\SYSTEM\KVWSP.DLL] [JiangMin Ltd., 6, 6, 0, 135]
[C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\SETU3270.DLL] [RealNetworks, Inc., 7.0.0.2311]
[C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNQU3270.DLL] [RealNetworks, Inc., 7.0.0.1685]
[C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNAD3201.DLL] [RealNetworks, Inc., 0.1.0.1622]
[C:\PROGRAM FILES\COMMON FILES\REAL\RCAPLUGINS\UISY3201.DLL] [RealNetworks, Inc., 0.1.0.1760]
[C:\PROGRAM FILES\COMMON FILES\REAL\COMMON\OBJB3201.DLL] [RealNetworks, Inc., 0.1.0.3389]
[C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNMS3270.DLL] [RealNetworks, Inc., 7.0.0.1452]
[PID: 4294742381][C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALEVENT.EXE] [RealNetworks, Inc., 0.1.0.1622]
[C:\WINDOWS\SYSTEM\PNCRT.DLL] [Real Networks, Inc, 6.0.0.0]
[PID: 4294758949][C:\WINDOWS\SYSTEM\WMIEXE.EXE] [Microsoft Corporation, 5.00.1755.1]
[C:\WINDOWS\SYSTEM\KVWSP.DLL] [JiangMin Ltd., 6, 6, 0, 135]
[PID: 4294748105][C:\WINDOWS\DESKTOP\SRENG.EXE] [Smallfrogs Studio, 2.2.6.605]


文件关联
.TXT OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [C:\WINDOWS\winhlp32.exe %1]
.INI OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS OK. [C:\WINDOWS\WScript.exe "%1" %*]
.JS OK. [C:\WINDOWS\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
KVWSP over [MS.w95.spi.tcp]
C:\WINDOWS\SYSTEM\KVWSP.DLL(JiangMin Ltd., KVWSP)
KVWSP over [MS.w95.spi.udp]
C:\WINDOWS\SYSTEM\KVWSP.DLL(JiangMin Ltd., KVWSP)
MS.w95.spi.osp
C:\WINDOWS\SYSTEM\mswsosp.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MS.w95.spi.tcp
C:\WINDOWS\SYSTEM\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MS.w95.spi.udp
C:\WINDOWS\SYSTEM\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MS.w95.spi.raw
C:\WINDOWS\SYSTEM\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MS.w95.spi.rsvptcp
C:\WINDOWS\SYSTEM\rsvpsp.dll(Microsoft Corporation, Microsoft Windows Rsvp 1.0 Service Provider)
MS.w95.spi.rsvpudp
C:\WINDOWS\SYSTEM\rsvpsp.dll(Microsoft Corporation, Microsoft Windows Rsvp 1.0 Service Provider)
KVWSP
C:\WINDOWS\SYSTEM\KVWSP.DLL(JiangMin Ltd., KVWSP)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A


最后编辑2006-12-12 19:39:03.187000000