收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 原创工具区 Trojan-PSW.Win32.Small.br杀不掉,紧急!!!!!
返回列表 发新帖
查看: 2038|回复: 4
收起左侧

Trojan-PSW.Win32.Small.br杀不掉,紧急!!!!!

[复制链接]
easetang
发表于 2007-3-9 22:41:48 | 显示全部楼层 |阅读模式

  2. 2007-03-09,15:20:23
  3. System Repair Engineer 2.3.13.690
  4. Smallfrogs (http://www.KZTechs.com)
  5. Windows XP Professional Service Pack 1 (Build 2600)
  6. - 管理权限用户 - 完整功能
  7. 以下内容被选中:
  8.     所有的启动项目(包括注册表、启动文件夹、服务等)
  9.     浏览器加载项
  10.     正在运行的进程(包括进程模块信息)
  11.     文件关联
  12.     Winsock 提供者
  13.     Autorun.inf
  14.     HOSTS 文件

  16. 启动项目
  17. 注册表
  18. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  19.     <ctfmon.exe><; D:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
  20.     <updateMgr><; D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0>  [N/A]
  21. [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  22.     <load><>  [N/A]
  23. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  24.     <kis><"D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe">  [Kaspersky Lab]
  25.     <TkBellExe><; "D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
  26.     <ccApp><; "D:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [N/A]
  27.     <Device Detector><; "D:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun>  [ACD Systems, Ltd.]
  28.     <IMSCMig><; D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
  29.     <Load><; D:\WINDOWS\uninstall\rundl132.exe>  [N/A]
  30.     <mhs2><; D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhs2.exe>  [N/A]
  31.     <Symantec NetDriver Monitor><; D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer>  [(Verified)Symantec Corporation]
  32.     <wlzs2><; D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wlzs2.exe>  [N/A]
  33.     <zts2><; D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zts2.exe>  [N/A]
  34. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  35.     <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
  36.     <Userinit><D:\WINDOWS\System32\userinit.exe,>  [(Verified)Microsoft Corporation]
  37. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  38.     <AppInit_DLLs><>  [N/A]
  39. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  40.     <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
  41. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  42.     <{5A15D2F4-A6FF-11E0-9A84-00C04FD8DBD8}><D:\WINDOWS\System32\hA15D2F4.log>  [N/A]
  43. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
  44.     <WinlogonNotify: klogon><D:\WINDOWS\System32\klogon.dll>  [Kaspersky Lab]
  45. ==================================
  46. 启动文件夹
  47. N/A
  48. ==================================
  49. 服务
  50. [ArcGIS License Manager / ArcGIS License Manager][Running/Auto Start]
  51.   <D:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe><N/A>
  52. [Ati HotKey Poller / Ati HotKey Poller][Stopped/Disabled]
  53.   <D:\WINDOWS\System32\Ati2evxx.exe><N/A>
  54. [ATI Smart / ATI Smart][Stopped/Disabled]
  55.   <D:\WINDOWS\system32\ati2sgag.exe><>
  56. [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Stopped/Disabled]
  57.   <D:\Documents and Settings\Administrator\桌面\AVG Anti-Spyware 7.5\guard.exe><N/A>
  58. [卡巴斯基互联网安全套装 6.0 / AVP][Stopped/Auto Start]
  59.   <D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe -r><Kaspersky Lab>
  60. [DriveHealth / DriveHealth][Running/Auto Start]
  61.   <F:\tang Tools\反病毒类\DriveHealth\Drive Health\dhcore.exe><Helexis Software Development>
  62. [Human Interface Device Access / HidServ][Stopped/Disabled]
  63.   <D:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
  64. [Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start]
  65.   <D:\WINDOWS\System32\HPZipm12.exe><HP>
  66. [Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
  67.   <D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe><N/A>
  68. [Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  69.   <D:\WINDOWS\System32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>
  70. ==================================
  71. 驱动程序
  72. [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  73.   <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
  74. [ati2mtag / ati2mtag][Running/Manual Start]
  75.   <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
  76. [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Stopped/System Start]
  77.   <\??\D:\Documents and Settings\Administrator\桌面\AVG Anti-Spyware 7.5\guard.sys><N/A>
  78. [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  79.   <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
  80. [Sundance ST201 based Adapter NT Driver / DLH5X][Running/Manual Start]
  81.   <System32\DRIVERS\DLH5XND5.sys><D-Link Corporation>
  82. [GMSIPCI / GMSIPCI][Stopped/Manual Start]
  83.   <\??\G:\INSTALL\GMSIPCI.SYS><N/A>
  84. [kl1 / kl1][Running/Boot Start]
  85.   <\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
  86. [klif / klif][Running/System Start]
  87.   <\??\D:\WINDOWS\System32\drivers\klif.sys><Kaspersky Lab>
  88. [npkcrypt / npkcrypt][Stopped/Auto Start]
  89.   <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
  90. [PCAlertDriver / PCAlertDriver][Stopped/Manual Start]
  91.   <\??\D:\Program Files\MSI\PC Alert 4\NTGLM7X.sys><MICRO-STAR INT'L CO., LTD.>
  92. [Padus ASPI Shell / pfc][Running/Manual Start]
  93.   <system32\drivers\pfc.sys><Padus, Inc.>
  94. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  95.   <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
  96. [PxHelp20 / PxHelp20][Running/Boot Start]
  97.   <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
  98. [ROCKEYNT / ROCKEYNT][Running/Auto Start]
  99.   <\??\D:\WINDOWS\System32\drivers\Rockeynt.sys><FeiTian Tech Co.,Ltd>
  100. [Secdrv / Secdrv][Stopped/Manual Start]
  101.   <System32\DRIVERS\secdrv.sys><N/A>
  102. [Sentinel / Sentinel][Running/Auto Start]
  103.   <\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
  104. [SymEvent / SymEvent][Running/Manual Start]
  105.   <\??\D:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
  106. [SYMTDI / SYMTDI][Running/System Start]
  107.   <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
  108. [TSP / TSP][Stopped/Manual Start]
  109.   <\??\D:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
  110. [WINIO / WINIO][Stopped/Manual Start]
  111.   <\??\G:\winio.sys><N/A>
  112. [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  113.   <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
  114. [VIMICRO USB PC Camera (ZC0301PLH) / ZSMC303][Stopped/Manual Start]
  115.   <System32\Drivers\usbVM303.sys><Vimicro Corporation>
  116. ==================================
  117. 浏览器加载项
  118. [WebThunder Browser Helper]
  119.   {00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\迅雷\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
  120. [Adobe PDF Reader Link Helper]
  121.   {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
  122. [BitComet Helper]
  123.   {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\Program Files\BitComet\tools\BitCometBHO.dll, BitComet>
  124. [QQBrowserHelperObject Class]
  125.   {54EBD53A-9BC1-480B-966A-843A333CA162} <, N/A>
  126. [ThunderMini Browser Helper]
  127.   {8E6C1C49-F9CE-4311-9FB4-D70E8B0AEAEB} <, N/A>
  128. [Adobe PDF Conversion Toolbar Helper]
  129.   {AE7CD045-E861-484f-8273-0445EE161910} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
  130. [Web反病毒保护]
  131.   {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
  132. [信息检索(&R)]
  133.   {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
  134. [启动Web迅雷]
  135.   {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
  136. [金山词霸]
  137.   {9A687CA6-D585-4947-9ED9-BE96071F5CD9} <D:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll, 金山软件股份有限公司>
  138. [QQ]
  139.   {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
  140. [电台(&R)]
  141.   {8E718888-423F-11D2-876E-00A0C9082467} <D:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
  142. [Adobe PDF]
  143.   {47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
  144. [Shockwave Flash Object]
  145.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
  146. [&使用迷你迅雷下载]
  147.   <D:\Program Files\Thunder Network\ThunderMini\Program\GetUrl.htm, N/A>
  148. [上传到QQ网络硬盘]
  149.   <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
  150. [使用Web迅雷下载]
  151.   <D:\迅雷\GetUrl.htm, N/A>
  152. [使用Web迅雷下载全部链接]
  153.   <D:\迅雷\GetAllUrl.htm, N/A>
  154. [导出到 Microsoft Office Excel(&X)]
  155.   <res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
  156. [添加到QQ自定义面板]
  157.   <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
  158. [添加到QQ表情]
  159.   <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
  160. [用QQ彩信发送该图片]
  161.   <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
  162. [转换为 Adobe PDF]
  163.   <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
  164. [转换为现有 PDF]
  165.   <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
  166. [转换选定的链接为 Adobe PDF]
  167.   <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
  168. [转换选定的链接为现有 PDF]
  169.   <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
  170. [转换选项为 Adobe PDF]
  171.   <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
  172. [转换选项为现有 PDF]
  173.   <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
  174. [转换链接目标为 Adobe PDF]
  175.   <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
  176. [转换链接目标为现有 PDF]
  177.   <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
  178. ==================================
  179. 正在运行的进程
  180. [PID: 740][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
  181. [PID: 808][\??\D:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  182. [PID: 832][\??\D:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
  183.     [D:\WINDOWS\System32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
  184.     [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
  185. [PID: 876][D:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  186. [PID: 888][D:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
  187. [PID: 1064][D:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  188. [PID: 1112][D:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  189.     [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
  190. [PID: 1188][D:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  191. [PID: 1312][D:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  192. [PID: 1452][D:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
  193.     [D:\WINDOWS\System32\AdobePDF.dll]  [Adobe Systems Incorporated., 7.0.0.00]
  194.     [D:\Program Files\Adobe\Acrobat 7.0\Distillr\AdistRes.CHS]  [N/A, N/A]
  195.     [D:\WINDOWS\system32\HPBMMON.DLL]  [Hewlett-Packard, 10.00.16]
  196.     [D:\WINDOWS\system32\hppamon0.dll]  [HP, 5, 0, 5, 0]
  197.     [D:\WINDOWS\system32\hpdomon.dll]  [Hewlett-Packard, 03.42.00]
  198.     [D:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL]  [Zenographics, Inc., 5, 54, 330, 0]
  199.     [D:\WINDOWS\system32\Imf32.dll]  [Zenographics, Inc., 5, 60, 1204, 0]
  200.     [D:\WINDOWS\system32\ZTAG32.dll]  [Zenographics, Inc., 5, 60, 1210, 0]
  201.     [D:\WINDOWS\system32\ZSPOOL.dll]  [Zenographics, Inc., 5, 51, 709, 0]
  202.     [D:\WINDOWS\system32\hppadt40.dll]  [HP, 5, 0, 5, 0]
  203.     [D:\WINDOWS\system32\HPZidr12.dll]  [HP, 5, 0, 5, 0]
  204.     [D:\WINDOWS\system32\hpbmmjno.dll]  [Hewlett-Packard, 00.01.00]
  205. [PID: 1644][D:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe]  [N/A, N/A]
  206. [PID: 1700][F:\tang Tools\反病毒类\DriveHealth\Drive Health\dhcore.exe]  [Helexis Software Development, 2.3.0.110]
  207. [PID: 1732][D:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.EXE]  [N/A, N/A]
  208. [PID: 1848][D:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  209. [PID: 796][D:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
  210.     [D:\WINDOWS\System32\hA15D2F4.log]  [N/A, N/A]
  211.     [D:\Program Files\5A15D2F4\4837C9ED.DLL]  [N/A, N/A]
  212.     [D:\Program Files\Common Files\ESRI\esriShellExt.dll]  [ESRI , 9.0]
  213.     [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
  214.     [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 7.0.0.0]
  215.     [D:\Program Files\BitComet\tools\BitCometBHO.dll]  [BitComet, 20061129]
  216.     [D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.chs]  [Adobe Systems Inc., 7.0.5.2005092300\0]
  217.     [D:\迅雷\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
  218.     [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.9.2006121800]
  219.     [D:\Program Files\Unlocker\UnlockerCOM.dll]  [N/A, N/A]
  220.     [D:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
  221.     [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
  222.     [D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll]  [Adobe Systems Inc., 7.0.7.2006011200\0]
  223. [PID: 1168][D:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  224.     [D:\Program Files\Common Files\System\MS5A15D2.DLL]  [N/A, N/A]
  225.     [D:\Program Files\5A15D2F4\4837C9ED.DLL]  [N/A, N/A]
  226.     [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
  227. [PID: 1328][D:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
  228.     [D:\Program Files\5A15D2F4\4837C9ED.DLL]  [N/A, N/A]
  229. [PID: 772][D:\Program Files\MSN Messenger\msnmsgr.exe]  [Microsoft Corporation, 8.1.0178.00]
  230.     [D:\Program Files\5A15D2F4\4837C9ED.DLL]  [N/A, N/A]
  231.     [D:\WINDOWS\System32\msdmo.dll]  [N/A, N/A]
  232.     [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
  233.     [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
  234.     [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
  235.     [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
  236. [PID: 2272][D:\Program Files\Maxthon\Maxthon.exe]  [Maxthon International Ltd., 1, 5, 9, 80]
  237.     [D:\Program Files\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
  238.     [D:\Program Files\5A15D2F4\4837C9ED.DLL]  [N/A, N/A]
  239.     [D:\迅雷\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
  240.     [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
  241.     [D:\Program Files\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
  242.     [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
  243.     [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
  244.     [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
  245.     [D:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
  246.     [D:\WINDOWS\System32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5076]
  247.     [D:\WINDOWS\System32\msdmo.dll]  [N/A, N/A]
  248.     [D:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll]  [Gabest, 1, 0, 1, 3]
  249.     [D:\Program Files\Ringz Studio\Storm Codec\Codecs\PmpSplt.ax]  [cooleyes, 1, 0, 0, 8]
  250.     [D:\Program Files\Ringz Studio\Storm Codec\Codecs\RMSplt.ax]  [Gabest, 1, 0, 1, 1]
  251.     [D:\WINDOWS\System32\ffdshow.ax]  [N/A, 1.0.2.2028]
  252. [PID: 3288][D:\Program Files\MSN Messenger\usnsvc.exe]  [Microsoft Corporation, 8.1.0178.00]
  253. [PID: 2408][D:\Documents and Settings\Administrator\桌面\SREng.exe]  [Smallfrogs Studio, 2.3.13.690]
  254.     [D:\Program Files\5A15D2F4\4837C9ED.DLL]  [N/A, N/A]
  255.     [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
  256. ==================================
  257. 文件关联
  258. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  259. .EXE  OK. ["%1" %*]
  260. .COM  OK. ["%1" %*]
  261. .PIF  OK. ["%1" %*]
  262. .REG  OK. [regedit.exe "%1"]
  263. .BAT  OK. ["%1" %*]
  264. .SCR  OK. ["%1" /S]
  265. .CHM  Error. ["hh.exe" %1]
  266. .HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
  267. .INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
  268. .INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
  269. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  270. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  271. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]
  272. ==================================
  273. Winsock 提供者
  274. N/A
  275. ==================================
  276. Autorun.inf
  277. N/A
  278. ==================================
  279. HOSTS 文件
  280. 127.0.0.1       localhost
  281. 172.31.186.6    erpapp.gyig.arp.cn
  282. 172.31.186.7    iasapp.gyig.arp.cn
  283. 172.31.186.8    iasdb.gyig.arp.cn
  284. ==================================
  285. API HOOK
  286. 警告!System Repair Engineer 提醒
  287. 你下面的函数内容与预期值不符,他
  288. 们可能被一些恶意的软件所修改:
  289. RVA  错误: LoadLibraryA
  290. RVA  错误: LoadLibraryExA
  291. RVA  错误: LoadLibraryExW
  292. RVA  错误: LoadLibraryW
  293. ==================================
复制代码
回复

举报

wangjay1980
发表于 2007-3-9 23:01:01 | 显示全部楼层
<Load><; D:\WINDOWS\uninstall\rundl132.exe>  [N/A]
    <mhs2><; D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhs2.exe>  [N/A]
<wlzs2><; D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wlzs2.exe>  [N/A]
    <zts2><; D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zts2.exe>  [N/A]
<{5A15D2F4-A6FF-11E0-9A84-00C04FD8DBD8}><D:\WINDOWS\System32\hA15D2F4.log>  [N/A]
这些启动项删除

[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <D:\WINDOWS\System32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>
这个服务设置为disabled的

D:\WINDOWS\System32\hA15D2F4.log
D:\Program Files\5A15D2F4\4837C9ED.DLL
D:\Program Files\Common Files\System\MS5A15D2.DLL
这几个文件按路径删除

最后用这个清理一下

arswp_1[1].6.0.rar

516.92 KB, 下载次数: 62
回复

举报

easetang
 楼主| 发表于 2007-3-9 23:36:25 | 显示全部楼层

大侠请看

其实我中的只是D:\Program Files\5A15D2F4\4837C9ED.DLL,别的都被清理过了的
这个文件无法删,删完立即出现
回复

举报

wangjay1980
发表于 2007-3-10 11:29:33 | 显示全部楼层
用这个删除

xyz_PowerRmv.rar

87.06 KB, 下载次数: 64
回复

举报

风雪
发表于 2007-3-10 16:51:02 | 显示全部楼层
文件关联
CHM  Error. ["hh.exe" %1]修复一下。
HOSTS 文件

172.31.186.6    erpapp.gyig.arp.cn
172.31.186.7    iasapp.gyig.arp.cn
172.31.186.8    iasdb.gyig.arp.cn
上面这些如果不是你写入的删除。
D:\WINDOWS\uninstall\rundl123
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhs2.exe32.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wlzs2.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zts2.exe
D:\WINDOWS\system32\windhcp.ocx,或者D:\WINDOWS\windhcp.ocx删除。
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-22 16:16 , Processed in 0.139169 second(s), 20 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表