中毒了，请求帮助！

显示全部楼层 · 发表于 2007-12-17 21:40:08

刚装了系统，上网下了两软件，中毒了。
2000的系统，首先是系统时间被改为2002.02.02了，kav 7 显示过期，自己手动删除了c:\winnt\0.exe c:\winnt\1.exe,还有个c:\winnt\firefoxupdater.exe也删除了，然后改了系统时间，好，没问题了。刚才又发现了c:\winnt\firefoxupdater.exe
没办法，请高手指点下怎么弄。谢谢！

sreng2  扫描报告：
[CODE]
2007-12-17,21:19:26
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<TrackPointSrv><tp4serv.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<LTWinModem1><ltmsg.exe 9>  [N/A]
<SoundFusion><RunDll32 cwcprops.cpl,CrystalControlWnd>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
<TpHotkey><C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe>  []
<PRPCMonitor><PRPCUI.exe>  [Intel Corporation]
<TP4EX><tp4ex.exe>  [Lenovo Group Limited]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
<AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe">  [(Verified)Kaspersky Lab]
<googletalk><C:\Program Files\Google\Google Talk\googletalk.exe /autostart>  [Google]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINNT\system32\klogon.dll>  [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\mplayer2.inf,PerUserStub.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
<CRLUpdate><%SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl>  [N/A]
==================================
启动文件夹
[AUTOCHK]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AUTOCHK.LNK --> C:\CFGSAFE\AUTOCHK.EXE [imagine LAN, Inc.]><N>
[快捷方式 net]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\快捷方式 net.lnk --> C:\WINNT\system32\ras\net.bat [N/A]><N>
==================================
服务
[卡巴斯基反病毒软件 7.0 / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r><Kaspersky Lab>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[IBM PM Service / IBMPMSVC][Running/Auto Start]
  <C:\WINNT\System32\ibmpmsvc.exe><IBM Corp.>
==================================
驱动程序
[Crystal SoundFusion(tm) Driver / cwcspud][Running/Manual Start]
  <system32\drivers\cwcspud.sys><Cirrus Logic>
[Crystal SoundFusion(tm) WDM Driver / cwcwdm][Running/Manual Start]
  <system32\drivers\cwcwdm.sys><Cirrus Logic>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Stopped/Disabled]
  <System32\drivers\dmload.sys><VERITAS Software Corp.>
[3Com Megahertz 10/100 LAN CardBus PC Card Driver / el575nd5][Running/Manual Start]
  <System32\DRIVERS\el575nd5.sys><3Com Corporation>
[IBMPMDRV / IBMPMDRV][Running/Manual Start]
  <System32\DRIVERS\ibmpmdrv.sys><IBM Corp.>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
  <system32\DRIVERS\klim5.sys><Kaspersky Lab>
[Lucent Modem Driver / ltmodem5][Running/Manual Start]
  <System32\DRIVERS\ltmdmnt.sys><LT>
[NSC Infrared Device Driver / NSCIRDA][Running/Manual Start]
  <System32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[Pcdr CPU Helper Driver / PCDRDRV][Stopped/Manual Start]
  <system32\drivers\PCDRDRV.sys><N/A>
[PcdrNt / PcdrNt][Stopped/Manual Start]
  <\SystemRoot\System32\drivers\PcdrNt.sys><PC-Doctor Inc.>
[PMEM / PMEM][Running/Auto Start]
  <\??\C:\WINNT\System32\Drivers\pmemnt.sys><Microsoft Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RIM Virtual Serial Port v2 / RimVSerPort][Running/Manual Start]
  <system32\DRIVERS\RimSerial.sys><Research in Motion Ltd>
[WAN 微型端口 (PPP over Ethernet 协议) / RMSPPPOE][Running/Manual Start]
  <System32\DRIVERS\RMSPPPOE.SYS><Robert Schlabbach>
[S3SavageMX / S3SavageMX][Running/Manual Start]
  <System32\DRIVERS\s3savmxm.sys><S3 Incorporated>
[Smapint / Smapint][Running/System Start]
  <System32\drivers\Smapint.sys><Microsoft Corporation>
[TDSMAPI / TDSMAPI][Running/System Start]
  <System32\Drivers\TDSMAPI.SYS><N/A>
[IBM PS/2 TrackPoint Driver / Tp4Track][Running/Manual Start]
  <System32\DRIVERS\tp4track.sys><IBM Corporation>
[TPPWR / TPPWR][Running/System Start]
  <System32\drivers\Tppwr.sys><IBM Corp.>
[V7 / V7][Running/Auto Start]
  <\??\C:\WINNT\system32\Drivers\V7.SYS><IBM Corporation>
==================================
浏览器加载项
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINNT\system32\aliedit\aliedit.dll, >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\System32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\System32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder\Program\getallurl.htm, N/A>

显示全部楼层 · 发表于 2007-12-17 21:40:39

==================================
正在运行的进程
[PID: 176][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 204][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 200][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
[C:\WINNT\system32\klogon.dll]  [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 252][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
[PID: 264][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 380][C:\WINNT\System32\ibmpmsvc.exe]  [IBM Corp., 1, 0, 0, 0]
[PID: 432][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 476][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 528][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
[C:\WINNT\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
[C:\WINNT\system32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
[PID: 604][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 624][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6972]
[PID: 660][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 700][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 860][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[C:\WINNT\system32\msctf.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.125]
[C:\WINNT\system32\msimtf.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll]  [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\2052\nsextint.dll]  [, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prremote.dll]  [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prloader.dll]  [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\klscav.dll]  [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prkernel.ppl]  [Kaspersky Lab, 7.0.0.125]
[c:\program files\kaspersky lab\kaspersky anti-virus 7.0\params.ppl]  [Kaspersky Lab, 7.0.0.125]
[c:\program files\kaspersky lab\kaspersky anti-virus 7.0\pxstub.ppl]  [Kaspersky Lab, 7.0.0.125]
[c:\program files\kaspersky lab\kaspersky anti-virus 7.0\tempfile.ppl]  [Kaspersky Lab, 7.0.0.125]
[c:\program files\kaspersky lab\kaspersky anti-virus 7.0\nfio.ppl]  [Kaspersky Lab, 7.0.0.125]
[c:\program files\kaspersky lab\kaspersky anti-virus 7.0\fsdrvplg.ppl]  [Kaspersky Lab, 7.0.0.125]
[c:\program files\kaspersky lab\kaspersky anti-virus 7.0\basegui.ppl]  [Kaspersky Lab, 7.0.0.125]
[c:\program files\kaspersky lab\kaspersky anti-virus 7.0\thpimpl.ppl]  [Kaspersky Lab, 7.0.0.125]
[c:\program files\kaspersky lab\kaspersky anti-virus 7.0\FSSync.dll]  [Kaspersky Lab, 7.0.5.125]
[c:\program files\kaspersky lab\kaspersky anti-virus 7.0\winreg.ppl]  [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
[C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 44]
[PID: 1016][C:\WINNT\system32\tp4serv.exe]  [IBM Corporation, 2.10]
[C:\WINNT\system32\tp4uires.dll]  [N/A, ]
[C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[PID: 1028][C:\WINNT\system32\ltmsg.exe]  [LUCENT TECHNOLOGIES, 1, 0, 1, 12]
[C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[PID: 1052][C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe]  [N/A, ]
[C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[PID: 1060][C:\WINNT\system32\PRPCUI.exe]  [Intel Corporation, 1.1.0.0]
[C:\WINNT\system32\PRPCUI.dll]  [Intel Corporation, 1.1.1.0]
[C:\WINNT\system32\PRPCLANG.DLL]  [Intel Corp., 1.0.0.0]
[C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[PID: 1092][C:\Program Files\Google\Google Talk\googletalk.exe]  [Google, 1,0,0,104]
[C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[C:\WINNT\system32\msimtf.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\klscav.dll]  [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prremote.dll]  [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prloader.dll]  [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prkernel.ppl]  [Kaspersky Lab, 7.0.0.125]
[c:\program files\kaspersky lab\kaspersky anti-virus 7.0\params.ppl]  [Kaspersky Lab, 7.0.0.125]
[c:\program files\kaspersky lab\kaspersky anti-virus 7.0\pxstub.ppl]  [Kaspersky Lab, 7.0.0.125]
[c:\program files\kaspersky lab\kaspersky anti-virus 7.0\tempfile.ppl]  [Kaspersky Lab, 7.0.0.125]
[PID: 1100][C:\WINNT\system32\ctfmon.exe]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\WINNT\system32\MSUTB.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msutb.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 1120][C:\CFGSAFE\AUTOCHK.EXE]  [imagine LAN, Inc., 1.99.07]
[C:\CFGSAFE\cw3220.DLL]  [Borland International, 2.0]
[C:\CFGSAFE\CHSCS32.DLL]  [N/A, ]
[C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[PID: 1188][C:\WINNT\system32\conime.exe]  [Microsoft Corporation, 5.00.2195.6655]
[C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 1332][C:\Program Files\Opera\Opera.exe]  [Opera Software, 8776]
[C:\Program Files\Opera\Opera.dll]  [Opera Software, 8776]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll]  [Kaspersky Lab, 7.0.0.125]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
[PID: 15800][C:\Program Files\TTOD\CAJViewer 6.0\CAJViewer.exe]  [Tsinghua Tongfang Optical Disc Co., Ltd., 6, 0, 96, 1]
[C:\Program Files\TTOD\CAJViewer 6.0\ReaderEx.dll]  [Tsinghua Tongfang Optical Disc Co.,Ltd., 2, 0, 2152, 0]
[C:\Program Files\TTOD\CAJViewer 6.0\TToolkit.dll]  [Tsinghua Tongfang Optical Disc Co.,LTD., 4, 0, 135, 0]
[C:\Program Files\TTOD\CAJViewer 6.0\ft.dll]  [TTOD, 2, 1, 9, 1]
[C:\Program Files\TTOD\CAJViewer 6.0\ijl15.dll]  [Intel Corporation, 1,51,12,44]
[C:\Program Files\TTOD\CAJViewer 6.0\sysinfo.dll]  [清华同方光盘股份有限公司, 1.0.0.1]
[C:\Program Files\TTOD\CAJViewer 6.0\WordSegmentor.dll]  [N/A, ]
[C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[PID: 20860][D:\Temp\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
[C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[D:\Temp\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
[D:\Temp\sreng2\Plugins\NTFSTREAM.SRE]  [Smallfrogs Studio, 1, 0, 0, 5]
==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1    localhost
==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1052, C:\PROGRA~1\THINKPAD\UTILIT~1\TPHKMGR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1060, C:\WINNT\SYSTEM32\PRPCUI.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1092, C:\PROGRAM FILES\GOOGLE\GOOGLE TALK\GOOGLETALK.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1100, C:\WINNT\SYSTEM32\CTFMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1332, C:\PROGRAM FILES\OPERA\OPERA.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 15800, C:\PROGRAM FILES\TTOD\CAJVIEWER 6.0\CAJVIEWER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 18736, D:\TEMP\XDELBOX1.6\XDELBOX.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================

[/CODE]

显示全部楼层 · 发表于 2007-12-17 22:03:31

第八个问题
你参考一下http://bbs.kafan.cn/viewthread.php?tid=119550&extra=page%3D1

显示全部楼层 · 发表于 2007-12-17 22:12:08

这就去看看，谢谢楼上的朋友了！

显示全部楼层 · 发表于 2007-12-17 22:14:35

不行啊，我想杀毒哇，问题是杀了又有。全盘扫描，什么都没发现

显示全部楼层 · 发表于 2007-12-18 09:04:33

用别的试试 ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

显示全部楼层 · 发表于 2007-12-18 11:58:57

初步建议,试试本区的专杀工具
http://bbs.kafan.cn/viewthread.php?tid=160832&extra=page%3D2

显示全部楼层 · 发表于 2007-12-18 14:09:48

c:\winnt\ 下建立一个名字为firefoxupdater.exe的文件夹。

显示全部楼层 · 发表于 2007-12-18 14:12:43

原帖由 shuipao 于 2007-12-18 14:09 发表
c:\winnt\ 下建立一个名字为firefoxupdater.exe的文件夹。

抢先注册？？

中毒了，请求帮助！

评分