万恶的中文上网居然无耻到和病毒勾结.........
进安全模式卸载了,可是没过多久就又自己装上了....重复如此....知道是中病毒了,可杀毒软件查不出了.....手动杀掉了RUNDLL32和RUNDLL2000,现在C:\Program Files\Common Files总有一个WanSo文件夹,里面有个player.dll,删掉了还会自己出来......无奈..还有定期打开个网页...是什么QQ的..
日志:
[code]
2007-03-13,11:49:53
System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600)
- Administrative User - Completed Functions Allowed
Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PCTVOICE><pctspk.exe> [(Verified)]
<PRONoMgr.exe><C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe> [Intel(R) Corporation]
<IgfxTray><C:\WINDOWS\System32\igfxtray.exe> [(Verified)Intel Corporation]
<HotKeysCmds><C:\WINDOWS\System32\hkcmd.exe> [(Verified)Intel Corporation]
<IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<OfficeScanNT Monitor><"C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow> [Trend Micro Inc.]
<rundll32><C:\Program Files\Common Files\rundll32.exe> [N/A]
<CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe> [N/A]
<UserFaultCheck><%systemroot%\system32\dumprep 0 -u> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<kcaci><%systemroot%\system32\Rundll32.exe %systemroot%\system32\kcaci.dll,DllUnregisterServer> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll> [(Verified)YAHOO Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
<WinlogonNotify: Sebring><C:\WINDOWS\System32\LgNotify.dll> [Intel Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Apoint><; C:\Program Files\Apoint\Apoint.exe> [(Verified)Alps Electric Co., Ltd.]
<Dell QuickSet><; C:\Program Files\Dell\QuickSet\quickset.exe> [N/A]
<IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSPY2002><; C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC> [(Verified)N/A]
<PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<rundll32><; > [N/A]
<System><; C:\Program Files\Common Files\System\Updaterun.exe> [N/A]
==================================
Startup Folders
[WanSo]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WanSo.lnk --> C:\WINDOWS\system32\RunDll32.exe [N/A]><N>
==================================
Services
[Application Accelerator / AtHome][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\vlryz.dll><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Adapter Switching / IntelRoam][Running/Auto Start]
<C:\Program Files\Intel\Switching\User\RoamSvc.exe><Intel Corporation>
[Intel NCS NetService / NetSvc][Stopped/Manual Start]
<C:\Program Files\Intel\NCS\Sync\NetSvc.exe><Intel(R) Corporation>
[OfficeScanNT RealTime Scan / ntrtscan][Running/Auto Start]
<C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe><Trend Micro Inc.>
[RegSrvc / RegSrvc][Running/Auto Start]
<C:\WINDOWS\System32\RegSrvc.exe><Intel Corporation>
[RoamMgr / RoamMgr][Running/Auto Start]
<C:\WINDOWS\System32\RoamMgr.exe><Intel Corporation>
[Spectrum24 Event Monitor / S24EventMonitor][Running/Auto Start]
<C:\WINDOWS\System32\S24EvMon.exe><Intel Corporation>
[ClipManage / WIDETS][Stopped/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\VKYQI.DLL,Export 1087><N/A>
==================================
Drivers
[Alps Touch Pad Filter Driver for Windows 2000/XP / ApfiltrService][Running/Manual Start]
<System32\DRIVERS\Apfiltr.sys><Alps Electric Co., Ltd.>
[cdnprot / cdnprot][Running/Boot Start]
<\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
<System32\DRIVERS\e100b325.sys><Intel Corporation>
[fkwld / fkwld][Running/System Start]
<system32\drivers\fkwld.sys><Microsoft Corporation>
[ialm / ialm][Running/Manual Start]
<System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Intel Adapter Switching Driver / Intel_MIPMNMP][Running/Manual Start]
<System32\DRIVERS\mipmnxp.sys><Intel Corporation>
[kvmp / kvmpg][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\kvmpg.sys><N/A>
[msqmx / msqmx][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\msqmx.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\D:\Tencent\npkcrypt.sys><INCA Internet Co., Ltd.>
[OMCI WDM Device Driver / OMCI][Running/System Start]
<System32\DRIVERS\omci.sys><Dell Computer Corporation>
[OrangeWare USB 2.0 Root Hub Support / ousb2hub][Running/Manual Start]
<System32\DRIVERS\ousb2hub.sys><OrangeWare Corporation>
[NEC PCI to USB Enhanced Host Controller / ousbehci][Running/Auto Start]
<System32\Drivers\ousbehci.sys><OrangeWare Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[W2K Pctel Serial Device Driver / Ptserial][Running/Manual Start]
<System32\DRIVERS\ptserial.sys><PCTEL, INC.>
[WLAN Transport / s24trans][Running/Auto Start]
<System32\DRIVERS\s24trans.sys><Intel Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[Audio Driver (WDM) - SigmaTel CODEC / STAC97][Running/Manual Start]
<system32\drivers\STAC97.sys><SigmaTel, Inc.>
[Trend Micro Filter / TmFilter][Running/Auto Start]
<\??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys><Trend Micro Inc.>
[Trend Micro PreFilter / TmPreFilter][Running/Auto Start]
<\??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys><Trend Micro Inc.>
[W2k Vmodem / Vmodem][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\vmodem.sys><PCTEL, INC.>
[W2k Vpctcom / Vpctcom][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\vpctcom.sys><PCtel, Inc.>
[Trend Micro VSAPI NT / VSApiNt][Running/Auto Start]
<\??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys><Trend Micro Inc.>
[W2k Vvoice / Vvoice][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\vvoice.sys><PCtel, Inc.>
[Intel(R) PRO/Wireless 7100 Adapter Driver / w70n51][Running/Manual Start]
<System32\DRIVERS\w70n51.sys><Intel? Corporation>
[wlzgqnlf / wlzgqnlf][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\wlzgqnlf.sys><Yahoo! China Corporation>
[yaskp / yaskp][Stopped/Boot Start]
<\SystemRoot\system32\drivers\yaskp.sys><N/A>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
<system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
<system32\drivers\ialmkchw.sys><Intel Corporation>
[AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011 / {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}][Running/Manual Start]
<system32\drivers\wA301a.sys><Intel Corporation>
[AIM 3.0 Part 01 Codec Driver CH-7009-B / {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55}][Running/Manual Start]
<system32\drivers\wA301b.sys><Intel Corporation>
==================================
Browser Add-ons
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, yahoo! china>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[实用搜索]
{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, N/A>
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll, Yahoo! China>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/start.htm?source=yzs_icon&btn=yassistnew, N/A>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[实用搜索工具条2.0]
{03465FF5-00AE-411a-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, N/A>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, yahoo! china>
[ObjWinNTCheck Class]
{00134F72-5284-44F7-95A8-52A619F70751} <C:\WINDOWS\Downloaded Program Files\WinNTChk.dll, Trend Micro Inc.>
[OfficeScan Corp Edition Web-Deployment SetupINICtrl Class]
{08D75BB0-D2B5-11D1-88FC-0080C859833B} <C:\WINDOWS\Downloaded Program Files\OfficeScanSetupINI.dll, Trend Micro Inc.>
[OfficeScan Corp Edition Web-Deployment SetupCtrl Class]
{08D75BC1-D2B5-11D1-88FC-0080C859833B} <C:\WINDOWS\Downloaded Program Files\OfficeScanSetup.dll, Trend Micro Inc.>
[Encrypt Class]
{35C3D91E-401A-4E45-88A5-F3B32CD72DF4} <C:\WINDOWS\Downloaded Program Files\AtxEnc.dll, Trend Micro Inc.>
[OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class]
{5EFE8CB1-D095-11D1-88FC-0080C859833B} <C:\WINDOWS\Downloaded Program Files\OfficeScanRemoveCtrl.dll, Trend Micro Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[实用搜索工具条2.0]
{03465FF5-00AE-411A-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, N/A>
[Yahoo!Photo]
{33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, yahoo! china>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, yahoo! china>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[实用搜索]
{6CFD436C-7AAD-4E50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll, Yahoo! China>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到雅虎订阅(&Y)]
<res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT, N/A>
[访问通用网址]
<C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>
[雅虎搜索]
<res://C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll/203, N/A>
==================================
Running Processes
[PID: 1124][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1172][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1196][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\LgNotify.dll] [Intel Corporation, 1, 0, 0, 1]
[PID: 1240][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1252][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1424][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1512][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1552][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1644][C:\WINDOWS\System32\S24EvMon.exe] [Intel Corporation , 3.1.8.0]
[PID: 1772][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1836][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 360][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 464][C:\WINDOWS\system32\ZCfgSvc.exe] [Intel Corporation, 1, 0, 0, 1]
[C:\WINDOWS\system32\PfMgrApi.dll] [Intel Corporation, 1, 0, 0, 1]
[C:\WINDOWS\system32\PsRegApi.dll] [Intel Corporation, 4, 0, 0, 1]
[C:\WINDOWS\system32\WConfig.DLL] [Intel Corporation, 1, 0, 0, 2]
[C:\WINDOWS\system32\WiFiAdap.DLL] [Intel Corporation, 1, 0, 0, 1]
[C:\WINDOWS\system32\S24MUDLL.dll] [Intel Corporation, 5.0.1.0]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[PID: 864][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll] [YAHOO Corporation Limited, 3, 0, 3, 1004]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll] [Yahoo! China, 3, 0, 8, 1010]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] [yahoo! china, 3, 0, 3, 1003]
[C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll] [Yahoo! China, 3, 1, 7, 1022]
[PID: 884][C:\Program Files\CNNIC\Cdn\cdnup.exe] [, 2, 4, 0, 6]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[PID: 1600][C:\WINDOWS\system32\pctspk.exe] [, 1, 0, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[PID: 1672][C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe] [Intel(R) Corporation, 6.1.113.0]
[C:\Program Files\Intel\NCS\PROSet\ENUPGUIR.dll] [Intel(R) Corporation, 6.1.113.0]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\PROGRA~1\Intel\SWITCH~1\User\PNotASM.dll] [Intel Corporation, 2.0.80.0]
[C:\WINDOWS\System32\Pn802_11.dll] [Intel Corporation., 1, 0, 0, 1]
[C:\WINDOWS\System32\PfMgrApi.dll] [Intel Corporation, 1, 0, 0, 1]
[C:\WINDOWS\System32\PsRegApi.dll] [Intel Corporation, 4, 0, 0, 1]
[C:\WINDOWS\System32\WConfig.DLL] [Intel Corporation, 1, 0, 0, 2]
[C:\WINDOWS\System32\WiFiAdap.DLL] [Intel Corporation, 1, 0, 0, 1]
[C:\WINDOWS\system32\S24MUDLL.dll] [Intel Corporation, 5.0.1.0]
[C:\Program Files\Intel\NCS\PROSet\8023\PNC802_3.dll] [Intel(R) Corporation, 6.1.113.0]
[C:\Program Files\Intel\NCS\PROSet\8023\ENUPCMRs.dll] [Intel(R) Corporation, 6.1.113.0]
[PID: 1764][C:\WINDOWS\System32\hkcmd.exe] [Intel Corporation, 3,0,0,2039]
[C:\WINDOWS\System32\hccutils.DLL] [Intel Corporation, 3,0,0,2039]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\WINDOWS\System32\igfxdev.dll] [Intel Corporation, 3,0,0,2039]
[C:\WINDOWS\System32\igfxsrvc.dll] [Intel Corporation, 3,0,0,2039]
[C:\WINDOWS\System32\igfxres.dll] [Intel Corporation, 3,0,0,2039]
[C:\WINDOWS\System32\igfxhk.dll] [Intel Corporation, 3,0,0,2039]
[PID: 1788][C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe] [Trend Micro Inc., 6.0.0.1250]
[C:\Program Files\Trend Micro\OfficeScan Client\loadhttp.dll] [Trend Micro Inc., 5.5.0.1052]
[C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll] [Trend Micro Inc., 6.0.0.1250]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll] [Trend Micro Inc., 6.0.0.1250]
[C:\Program Files\Trend Micro\OfficeScan Client\ntmonres.dll] [Trend Micro Inc., 6.0.0.1250]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll] [Trend Micro Inc., 6.0.0.1250]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll] [Trend Micro Inc., 6.0.0.1250]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[PID: 1920][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[PID: 172][C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe] [Trend Micro Inc., 6.0.0.1250]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcDog.dll] [Trend Micro Inc., 6.0.0.1250]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll] [Trend Micro Inc., 6.0.0.1250]
[C:\Program Files\Trend Micro\OfficeScan Client\TimeString.dll] [N/A, N/A]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll] [Trend Micro Inc., 6.0.0.1250]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll] [Trend Micro Inc., 6.0.0.1250]
[PID: 540][C:\WINDOWS\System32\RegSrvc.exe] [Intel Corporation, 4, 0, 0, 1]
[PID: 684][C:\WINDOWS\System32\RoamMgr.exe] [Intel Corporation, 1, 0, 0, 2]
[C:\WINDOWS\System32\WiFiAdap.DLL] [Intel Corporation, 1, 0, 0, 1]
[C:\WINDOWS\System32\WConfig.DLL] [Intel Corporation, 1, 0, 0, 2]
[C:\WINDOWS\System32\PfMgrApi.dll] [Intel Corporation, 1, 0, 0, 1]
[C:\WINDOWS\System32\PsRegApi.dll] [Intel Corporation, 4, 0, 0, 1]
[C:\WINDOWS\System32\VPN.dll] [Intel Corporation, 1, 0, 0, 7]
[C:\WINDOWS\System32\S24MUDLL.dll] [Intel Corporation, 5.0.1.0]
[PID: 940][C:\Program Files\Intel\Switching\User\RoamSvc.exe] [Intel Corporation, 2.0.80.0]
[C:\PROGRA~1\Intel\SWITCH~1\User\MSMIPVPN.dll] [Intel Corporation, 2.0.80.0]
[C:\PROGRA~1\Intel\SWITCH~1\User\CPMIPVPN.dll] [Intel Corporation, 2.0.80.0]
[C:\PROGRA~1\Intel\SWITCH~1\User\CSMIPVPN.dll] [Intel Corporation, 2.0.80.0]
[C:\PROGRA~1\Intel\SWITCH~1\User\NSMIPVPN.dll] [Intel Corporation, 2.0.80.0]
[PID: 2008][C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe] [Trend Micro Inc., 6.0.0.1250]
[PID: 2288][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2972][D:\MyIE.Apple\MyIE.exe] [Abloxo.com (WAYHOME Studio), 0, 1, 0, 004]
[D:\MyIE.Apple\languages\English\MyIEENG.dll] [Abloxo.com (WAYHOME Studio), 0, 1, 0, 004]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[PID: 3540][C:\WINDOWS\System32\wbem\wmiapsrv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3632][C:\WINDOWS\System32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3960][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 3600][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[PID: 2860][C:\Program Files\7-Zip\7zFM.exe] [N/A, N/A]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\Program Files\7-Zip\7-zip.dll] [N/A, N/A]
[C:\Program Files\7-Zip\Formats\zip.dll] [N/A, N/A]
[PID: 2868][C:\Program Files\7-Zip\7zFM.exe] [N/A, N/A]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\Program Files\7-Zip\7-zip.dll] [N/A, N/A]
[C:\Program Files\7-Zip\Formats\zip.dll] [N/A, N/A]
[PID: 3092][D:\tools\System Repair Engineer\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock Provider
N/A
==================================
Autorun.Inf
N/A
==================================
HOSTS File
127.0.0.1 localhost
==================================
API HOOK
N/A
==================================
[/code] 你可以试试这个方法 就是先删除病毒 而后在相同位置自己创建一个同名文件
设置只读 隐藏 如果是NTFS的话 把所有权限都去掉
现在的病毒都这样 太难杀了 讨厌病毒啊
太难杀了
我们网管的苦啊
给人重新装系统还被人说:你们就知道重新装系统,一点技术含量都没有 呵呵。好多病毒感染太BT了。如果不重做系统,我还真想不到有什么杀软可以杀掉它。
明明看着毒就是杀不掉。。系统进程一个个找。郁闷啊。 看不懂。 [quote]原帖由 [i]redshoe[/i] 于 2007-4-11 13:12 发表 [url=http://bbs.bitscn.com/redirect.php?goto=findpost&pid=628676&ptid=86265][img]http://bbs.bitscn.com/images/common/back.gif[/img][/url]
你可以试试这个方法 就是先删除病毒 而后在相同位置自己创建一个同名文件
设置只读 隐藏 如果是NTFS的话 把所有权限都去掉
现在的病毒都这样 太难杀了 [/quote]
同意这种讲法 同意以上同僚的意见 无奈作为小虾米的我实在帮不上什么,那我就只能帮你祝福中文上网的软件开发者快快乐乐的给车撞扁吧。 感谢楼主分享! 是啊....真是太郁闷了.... 是不是autorun允许的结果啊? 网管们 努力寻求好方法!!! 同意四楼的说法
三楼的我们太有同感了
不用就好了。。 万恶的中文上网居然无耻到和病毒勾结 o(∩_∩)o...哈哈 [quote]原帖由 [i]迪亚[/i] 于 2007-7-17 20:48 发表 [url=http://bbs.bitscn.com/redirect.php?goto=findpost&pid=862193&ptid=86265][img]http://bbs.bitscn.com/images/common/back.gif[/img][/url]无奈作为小虾米的我实在帮不上什么,那我就只能帮你祝福中文上网的软件开发者快快乐乐的给车撞扁吧。 [/quote]
真逗!
页:
[1]