瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 usp10.dll病毒的删除按照论坛置顶帖子的办法仍然没办法彻底解决

12   1  /  2  页   跳转

[已解决] usp10.dll病毒的删除按照论坛置顶帖子的办法仍然没办法彻底解决

usp10.dll病毒的删除按照论坛置顶帖子的办法仍然没办法彻底解决

由于中了usp10.dll病毒,昨天已按照论坛置顶帖子http://bbs.ikaka.com/showtopic-8589597.aspx中二楼第二个方法杀毒重装再清理了一次病毒。但是过了大概四五个小时,毒霸(我用的金山)和360安全卫士全部突然自动关了,之后无法再次打开。

今天上午,我又按照那个方法重新杀毒重装,然后再按照该帖子一楼的方法杀毒,在使用“wsyscheck工具”内的工具搜索出usp10.dll来,删除之后,上IE的时候出现提示说“找不到usp10.dll无法打开”,确定之后可以照常使用,但每次开IE都提示相同的内容。之后由于毒霸更新需要重启,重启之后又出现蓝屏现象,无法开机,不过与上次蓝屏不同,这次整个屏幕只出现“stop c0000135 unknow hard error”。

之后又重装,杀毒,还是相同的步骤,用“wsyscheck工具”搜索usp10.dll之后,还是出现那两个选项,现在纠结是否要删除。附图

另外为什么我昨天按那方法删除之后过了一段时间病毒又出现了。另外,当时几乎没上网,只开了Q和游戏。


用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
最后编辑Dan児 最后编辑于 2009-02-10 11:35:33
分享到:
gototop
 

回复:usp10.dll病毒的删除按照论坛置顶帖子的办法仍然没办法彻底解决

另外其他盘也用wsyscheck工具查过了,不存在usp10.dll文件
gototop
 

回复: usp10.dll病毒的删除按照论坛置顶帖子的办法仍然没办法彻底解决

刚扫描的

附件: SREngLOG.log (2009-2-9 17:00:30, 34.30 K)
该附件被下载次数 233

gototop
 

回复:usp10.dll病毒的删除按照论坛置顶帖子的办法仍然没办法彻底解决

要下载。。。我把内容贴下吧,不过很长。。。我也不知道要挑哪些贴

汗~不让我贴全。。。太长了,贴不到
gototop
 

回复:usp10.dll病毒的删除按照论坛置顶帖子的办法仍然没办法彻底解决

分两部分贴吧

[CODE]

2009-02-09,17:00:53

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <KavPFW><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPFW32.EXE" -startup>  [(Verified)"Zhuhai  Kingsoft Software Co.,Ltd"]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <360Safetray><C:\Program Files\360\360Safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup>  [(Verified)"Zhuhai  Kingsoft Software Co.,Ltd"]
    <QQDoctorRTP><"D:\Program Files\Tencent\QQDoctor\QQDoctorRtp.exe">  [(Verified)Tencent Technology(Shenzhen) Company Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [Intel Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\bubbles.scr>  [Microsoft Corporation]

==================================
启动文件夹
[星空极速]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\星空极速.lnk --> C:\PROGRA~1\ChinaNet\VNETCL~1.EXE []><N>

==================================
服务
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Basic Service / kaccore][Stopped/Manual Start]
  <"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe"><Kingsoft Corporation>
[Kingsoft Internet Security Common Service / KISSvc][Running/Auto Start]
  <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
  <"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
  <"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>

==================================
驱动程序
[360procmon / 360procmon][Running/Manual Start]
  <\??\C:\Program Files\360\360Safe\safemon\360procmon.sys><>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[AMD Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\drivers\amdk8.sys><Advanced Micro Devices>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\igxpmp32.sys><Intel Corporation>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[JMicron Hot-Plug Driver / JGOGO][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\JGOGO.sys><JMicron>
[KAVBase / KAVBase][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
[KAVBootC / KAVBootC][Running/Boot Start]
  <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KAVSafe / KAVSafe][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
[KNetWch / KNetWch][Running/System Start]
  <\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[mv61xx / mv61xx][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\mv61xx.sys><Marvell Semiconductor, Inc.>
[Netgroup Packet Filter / NPF][Running/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\safeboxkrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SATALink driver accelerator / SiFilter][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[TSKSP / TSKSP][Running/Manual Start]
  <\??\D:\Program Files\Tencent\QQDoctor\TSKSP.sys><Tencent>
[viamraid / viamraid][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
gototop
 

回复:usp10.dll病毒的删除按照论坛置顶帖子的办法仍然没办法彻底解决

续上

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360\360Safe\safemon\safemon.dll, (Signed) 360.CN>
[kingsoft browser shield]
  {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, (Signed) Kingsoft Corporation>
[IEBuddyExtControl Class]
  {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, (Signed) Kingsoft Corporation>
[深度技术论坛]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://bbs.deepin.org, N/A>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[IEBuddyExtControl Class]
  {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, (Signed) Kingsoft Corporation>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <, >
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360\360Safe\safemon\safemon.dll, (Signed) 360.CN>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx, (Signed) Adobe Systems, Inc.>
[kingsoft browser shield]
  {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, (Signed) Kingsoft Corporation>
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder\Program\getallurl.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ2008\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 640 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 696 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\sxs.dll]  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
[PID: 728 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\sxs.dll]  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 772 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 784 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 948 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1028 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1140 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\SXS.DLL]  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
    [C:\WINDOWS\System32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1252 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1340 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1604 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1808 / Administrator][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\FreeLaunchBar\flb.dll]  [TrueSoft, 1.0.0.0]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,02,5]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,11,18,676]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1005]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\ktaskbar.dll]  [Kingsoft Corporation, 2009,01,13,731]
    [C:\WINDOWS\system32\SXS.DLL]  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
    [C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 55]
    [C:\Program Files\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 12]
    [C:\Program Files\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL]  [Kingsoft Corporation, 2008,07,09,459]
    [C:\Program Files\Imagine\Imagine.DLL]  [nyam's Laboratory, 0.9.7.0]
    [C:\Program Files\Imagine\Plugin\J2K.DLL]  [N/A, ]
    [C:\Program Files\Imagine\Plugin\JBIG.DLL]  [N/A, ]
    [C:\WINDOWS\system32\WMASF.DLL]  [Microsoft Corporation, 10.00.00.4060 built by: Microsoft]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
[PID: 1960 / Administrator][D:\Program Files\Tencent\QQDoctor\QQDoctorRtp.exe]  [Copyright Tencent 2008. All Rights Reserved, 2, 0, 9, 401]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\Tencent\QQDoctor\TSFSEngine.dat]  [Tencent, 2008, 12, 1, 4]
    [D:\Program Files\Tencent\QQDoctor\TSFileFilter.dat]  [tencent, 2007, 12, 5, 01]
    [D:\Program Files\Tencent\QQDoctor\TSKSPLIB.dat]  [Tencent, 2009, 1, 13, 14]
    [D:\Program Files\Tencent\QQDoctor\TSVulMon.DAT]  [Tencent, 2008, 12, 25, 10]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1005]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,02,5]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,11,18,676]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]
[PID: 1968 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 152 / Administrator][C:\Program Files\ChinaNet\VnetClient.exe]  [, 2006, 6, 30, 11]
    [C:\Program Files\ChinaNet\Communicate.dll]  [GDCN, 2006, 2, 15, 1]
    [C:\Program Files\ChinaNet\DialModule.dll]  [GDCN, 2006, 6, 26, 10]
    [C:\Program Files\ChinaNet\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1005]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,02,5]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,11,18,676]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX]  [, 2006, 6, 2, 14]
    [C:\PROGRA~1\ChinaNet\sign.dll]  [0, 2004, 12, 1, 1]
    [C:\PROGRA~1\ChinaNet\ADVERT~1.OCX]  [, 2005, 10, 13, 1]
    [C:\PROGRA~1\ChinaNet\Gif89a.dll]  [, 2005, 6, 21, 1]
    [C:\WINDOWS\system32\SXS.DLL]  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
    [C:\PROGRA~1\ChinaNet\VnetBs.ocx]  [, 2004, 11, 18, 1]
    [C:\PROGRA~1\ChinaNet\VnetSkin.ocx]  [GDDC, 2005, 12, 21, 1]
    [C:\PROGRA~1\ChinaNet\DialogStyle.dll]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\ChinaNet\BDSearch.ocx]  [gdcn, 2005, 12, 22, 1]
    [C:\PROGRA~1\ChinaNet\PageFram.ocx]  [Workgroup, 2006, 6, 23, 17]
    [C:\PROGRA~1\ChinaNet\AccPage.ocx]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\ChinaNet\AccountMgr.dll]  [, 2006, 6, 20, 16]
    [C:\PROGRA~1\ChinaNet\Timer.ocx]  [, 2006, 7, 21, 9]
    [C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX]  [, 2006, 4, 4, 1]
    [C:\PROGRA~1\ChinaNet\NEWMES~1.DLL]  [, 2006, 7, 4, 16]
    [C:\PROGRA~1\ChinaNet\PassCtrl.dll]  [GDCN, 2006, 3, 1, 16]
    [C:\WINDOWS\system32\wpcap.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\WINDOWS\system32\pthreadVC.dll]  [N/A, ]
    [C:\WINDOWS\system32\packet.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\PROGRA~1\ChinaNet\PlugPush.dll]  [, 2004, 12, 21, 1]
    [C:\PROGRA~1\ChinaNet\ALLINT~1.DLL]  [, 2006, 7, 19, 14]
    [C:\PROGRA~1\ChinaNet\VNETLO~1.OCX]  [, 2005, 10, 9, 1]
    [C:\PROGRA~1\ChinaNet\StatNum.dll]  [, 2006, 3, 1, 1]
    [C:\PROGRA~1\ChinaNet\VNETON~1.OCX]  [, 2005, 3, 2, 1]
    [C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL]  [GDCN, 2006, 7, 20, 9]
    [C:\PROGRA~1\ChinaNet\VnetOptLog.dll]  [ , 2006, 5, 10, 14]
    [C:\PROGRA~1\ChinaNet\Favorite.ocx]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\ChinaNet\DlgSkin.ocx]  [, 2005, 11, 14, 1]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx]  [Adobe Systems, Inc., 10,0,12,36]
[PID: 1660 / SYSTEM][C:\Program Files\StormII\stormliv.exe]  [北京暴风网际科技有限公司, 3, 8, 3, 15]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2572 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3272 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1005]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,02,5]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,11,18,676]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
    [c:\PROGRA~1\chinanet\VNETTR~1.DLL]  [, 2005, 4, 6, 1]
    [c:\PROGRA~1\chinanet\Communicate.dll]  [GDCN, 2006, 2, 15, 1]
    [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 55]
    [C:\Program Files\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 12]
    [C:\Program Files\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
    [C:\WINDOWS\system32\SXS.DLL]  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL]  [Kingsoft Corporation, 2008,06,26,421]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll]  [Kingsoft Corporation, 2008,12,12,694]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL]  [Kingsoft Corporation, 2008,12,12,694]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll]  [Kingsoft Corporation, 2008,06,26,421]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL]  [Kingsoft Corporation, 2008,06,26,421]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kisfree.dll]  [Kingsoft Corporation, 2009,01,05,716]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\360\360Safe\safemon\urlproc.dll]  [360.CN, 1, 0, 0, 1002]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx]  [Adobe Systems, Inc., 10,0,12,36]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
    [C:\Program Files\SogouInput\ZipLib.dll]  [Sogou.com Inc., 3.2.0.0]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
[PID: 552 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1005]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,02,5]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,11,18,676]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
    [c:\PROGRA~1\chinanet\VNETTR~1.DLL]  [, 2005, 4, 6, 1]
    [c:\PROGRA~1\chinanet\Communicate.dll]  [GDCN, 2006, 2, 15, 1]
    [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 55]
    [C:\Program Files\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 12]
    [C:\Program Files\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
    [C:\WINDOWS\system32\SXS.DLL]  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL]  [Kingsoft Corporation, 2008,06,26,421]
gototop
 

回复:usp10.dll病毒的删除按照论坛置顶帖子的办法仍然没办法彻底解决

续上3 两部分也贴不完



  [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll]  [Kingsoft Corporation, 2008,12,12,694]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL]  [Kingsoft Corporation, 2008,12,12,694]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll]  [Kingsoft Corporation, 2008,06,26,421]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL]  [Kingsoft Corporation, 2008,06,26,421]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kisfree.dll]  [Kingsoft Corporation, 2009,01,05,716]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\360\360Safe\safemon\urlproc.dll]  [360.CN, 1, 0, 0, 1002]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx]  [Adobe Systems, Inc., 10,0,12,36]
[PID: 2532 / Administrator][C:\WINDOWS\system32\NOTEPAD.EXE]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1005]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,02,5]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,11,18,676]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]
[PID: 2528 / Administrator][F:\87放的2[1].7.0.1210(附删除顽固文件工具插件)\释放的2.7.0.1210.exe]  [Smallfrogs Studio, 2.7.0.1210]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1005]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,02,5]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,11,18,676]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
gototop
 

回复 7F backway 的帖子

截图的那个就是用wsyscheck在C盘查出来的usp10.dll
刚查了C:\Windows\system32,没有usp10.dll
gototop
 

回复:usp10.dll病毒的删除按照论坛置顶帖子的办法仍然没办法彻底解决

刚又用wsyscheck查了下C盘,居然原来搜索出来的usp10.dll都没有了,汗
gototop
 

回复:usp10.dll病毒的删除按照论坛置顶帖子的办法仍然没办法彻底解决

对不起,刚没有把时间限制去掉,刚去掉重新搜索了,在C:\WINDOWS\system32\下存在usp10.dll
gototop
 
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT