我中了Trojan.Win32.Pakes.c病毒，怎么办？

显示全部楼层 · 发表于 2007-6-7 17:56:22

我中了Trojan.Win32.Pakes.c病毒，怎么办？exe文件全崩溃了！！

显示全部楼层 · 发表于 2007-6-7 19:16:21

楼主先关闭系统还原清理临时文件！！！
然后下载个SRENG 改名扫描个报告打包发上来！！！

显示全部楼层 · 发表于 2007-6-7 19:32:09

显示全部楼层 · 发表于 2007-6-8 14:49:07

2007-06-07,20:48:20
System Repair Engineer 2.3.13.690
Smallfrogs ([url]http://www.KZTechs.com[/url])
Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<XDeskShow2><; D:\应用程序\鱼鱼桌面秀2\XDeskShow2.exe> [N/A]
<swg><C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe> [(Verified)Google Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<switch><c:\windows\system32\壁纸自动换.exe> [N/A]
<RTHDCPL><RTHDCPL.EXE> [(Verified)Realtek Semiconductor Corp.]
<SkyTel><SkyTel.EXE> [(Verified)Realtek Semiconductor Corp.]
<Alcmtr><ALCMTR.EXE> [(Verified)Realtek Semiconductor Corp.]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)NVIDIA Corporation]
<nwiz><; nwiz.exe /install> [N/A]
<NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)NVIDIA Corporation]
<SystemSafer.exe><F:\工具\软件\杀毒\SystemSafer\SystemSafer.exe -Hide> [N/A]
<WebThunder><D:\软件\WebThunder.exe> [N/A]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [N/A]
<XDeskCal><F:\工具\应用程序\XDeskCal\XDeskCal.exe> [CFishSoft]
<AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"> [Kaspersky Lab]
<AVG7_CC><C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP> [GRISOFT, s.r.o.]
<TrojanScanner><F:\工具\软件\杀毒\Trojan Remover\Trjscan.exe> [(Verified)Simply Super Software]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\system32\星夜焰火.SCR> [N/A]
==================================
启动文件夹
[QQ游戏启动加速程序]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\备用工具\启动\QQ游戏启动加速程序.lnk --> C:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><H>
[新编全医药学大词典]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\备用工具\启动\新编全医药学大词典.lnk --> E:\小工具\保存的\MedDic\MedDic.exe [Kingyee]><N>
==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[AVG7 Alert Manager Server / Avg7Alrt][Running/Auto Start]
<C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe><GRISOFT, s.r.o.>
[AVG7 Update Service / Avg7UpdSvc][Running/Auto Start]
<C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe><GRISOFT, s.r.o.>
[AVG E-mail Scanner / AVGEMS][Running/Auto Start]
<C:\PROGRA~1\Grisoft\AVG7\avgemc.exe><GRISOFT, s.r.o.>
[卡巴斯基互联网安全套装6.0个人版 / AVP][Running/Auto Start]
<"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[MazeSvr / MazeSvr][Running/Auto Start]
<F:\影视\天网Maze\MazeSvr.exe><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[SolidPDFConverterReadSpool / ScReadSpool][Running/Auto Start]
<E:\小工具\保存的\pdf转word\SCPDF\SolidPdfService.exe><VoyagerSoft, LLC>
[TupCaptureService / TupCaptureService][Running/Auto Start]
<C:\Program Files\Tupsoft\BigMother\Engine\ArServerDaemon.exe><N/A>
==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
<System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[AVG7 Kernel / Avg7Core][Running/System Start]
<\SystemRoot\System32\Drivers\avg7core.sys><GRISOFT, s.r.o.>
[AVG7 Wrap Driver / Avg7RsW][Running/System Start]
<\SystemRoot\System32\Drivers\avg7rsw.sys><GRISOFT, s.r.o.>
[AVG7 Resident Driver XP / Avg7RsXP][Running/System Start]
<\SystemRoot\System32\Drivers\avg7rsxp.sys><GRISOFT, s.r.o.>
[AVG7 Clean Driver / AvgClean][Running/System Start]
<\SystemRoot\System32\Drivers\avgclean.sys><GRISOFT, s.r.o.>
[AVG Network Redirector / AvgTdi][Running/Auto Start]
<\SystemRoot\System32\Drivers\avgtdi.sys><GRISOFT, s.r.o.>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\QIP\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nvata / nvata][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\nvata.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
==================================
浏览器加载项
[Solid Converter PDF]
{259F616C-A300-44F5-B04A-ED001A26C85C} <E:\小工具\保存的\pdf转word\SCPDF\ExploreExtPDF.dll, VoyagerSoft, LLC>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <F:\工具\软件\浩方\GameClient.exe, 上海浩方在线信息技术有限公司>
[Web反病毒统计]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <[url]http://my.xunlei.com[/url], N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\games\QQ-IP\珊瑚虫\QQ\QQIEHelper.dll, N/A>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, N/A>
[BitCometBar]
{3F1ABCDB-A875-46c1-8345-B72A4567E486} <D:\软件\BitComet\BitCometBar\BitCometBar0.3.dll, N/A>
[Solid Converter PDF]
{259F616C-A300-44F5-B04A-ED001A26C85C} <E:\小工具\保存的\pdf转word\SCPDF\ExploreExtPDF.dll, VoyagerSoft, LLC>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\软件\WebThunderBHO_016.dll, N/A>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Solid Converter PDF]
{259F616C-A300-44F5-B04A-ED001A26C85C} <E:\小工具\保存的\pdf转word\SCPDF\ExploreExtPDF.dll, VoyagerSoft, LLC>
[BitCometBar]
{3F1ABCDB-A875-46C1-8345-B72A4567E486} <D:\软件\BitComet\BitCometBar\BitCometBar0.3.dll, N/A>
[Microsoft 外壳 UI 帮助程序]
{64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, N/A>
[BDHlprObj Class]
{CA92B524-BC8A-4610-BD2C-6BD3E28155D0} <C:\WINDOWS\DOWNLO~1\BDHelper.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
<C:\Program Files\QQ2007\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
<D:\软件\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
<D:\软件\GetAllUrl.htm, N/A>
[使用迅雷下载]
<C:\Program Files\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
<C:\Program Files\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<C:\Program Files\QQ2007\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\QQ2007\AddEmotion.htm, N/A>
[添加到反广告黑名单]
<C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\QQ2007\SendMMS.htm, N/A>
==================================
正在运行的进程
[PID: 552][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 608][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 632][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.2.621]
[PID: 676][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 688][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 836][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 884][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 948][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.2.621]
[PID: 1000][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1104][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1272][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1552][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scrchpg.dll] [Kaspersky Lab, 6.0.2.621]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.9371]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.9371]
[C:\WINDOWS\system32\nvapi.dll] [N/A, N/A]
[C:\WINDOWS\system32\nvshell.dll] [N/A, N/A]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[F:\工具\软件\杀毒\TROJAN~1\Trshlex.dll] [Simply Super Software, 1.0.8.46]
[E:\小工具\保存的\pdf转word\SCPDF\ExploreExtPDF.dll] [VoyagerSoft, LLC, 3.0.268.0]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll] [Kaspersky Lab, 6.0.2.621]
[C:\Program Files\Grisoft\AVG7\avgse.dll] [GRISOFT, s.r.o., 7.5.0.409]
[PID: 1600][C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe] [GRISOFT, s.r.o., 7.5.0.453]
[C:\PROGRA~1\Grisoft\AVG7\avgklib.dll] [GRISOFT, s.r.o., 7.5.0.458]
[C:\PROGRA~1\Grisoft\AVG7\avglog.dll] [GRISOFT, s.r.o., 7.5.0.429]
[C:\Program Files\Grisoft\AVG7\avgcfg.dll] [GRISOFT, s.r.o., 7.5.0.460]
[C:\Program Files\Grisoft\AVG7\avglng.dll] [GRISOFT, s.r.o., 7.5.0.429]
[C:\Program Files\Grisoft\AVG7\avgamint.dll] [GRISOFT, s.r.o., 7.5.0.435]
[C:\Program Files\Grisoft\AVG7\avgamsps.dll] [GRISOFT, s.r.o., 7.5.0.407]
[PID: 1648][C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe] [GRISOFT, s.r.o., 7.5.0.420]
[PID: 1688][C:\PROGRA~1\Grisoft\AVG7\avgemc.exe] [GRISOFT, s.r.o., 7.5.0.460]
[C:\PROGRA~1\Grisoft\AVG7\libsasl.dll] [GRISOFT, s.r.o., 7.5.0.407]
[C:\PROGRA~1\Grisoft\AVG7\avglog.dll] [GRISOFT, s.r.o., 7.5.0.429]
[C:\Program Files\Grisoft\AVG7\avgcfg.dll] [GRISOFT, s.r.o., 7.5.0.460]
[C:\Program Files\Grisoft\AVG7\avgklib.dll] [GRISOFT, s.r.o., 7.5.0.458]
[C:\Program Files\Grisoft\AVG7\avglng.dll] [GRISOFT, s.r.o., 7.5.0.429]
[C:\Program Files\Grisoft\AVG7\avgscan.dll] [GRISOFT, s.r.o., 7.5.0.458]
[C:\Program Files\Grisoft\AVG7\avgunarc.dll] [GRISOFT, s.r.o., 7.5.0.449]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.2.621]
[C:\PROGRA~1\Grisoft\AVG7\sasllogin.dll] [GRISOFT, s.r.o., 7.5.0.407]
[C:\PROGRA~1\Grisoft\AVG7\saslplain.dll] [GRISOFT, s.r.o., 7.5.0.407]
[C:\PROGRA~1\Grisoft\AVG7\saslcrammd5.dll] [GRISOFT, s.r.o., 7.5.0.407]
[C:\PROGRA~1\Grisoft\AVG7\sasldigestmd5.dll] [GRISOFT, s.r.o., 7.5.0.407]
[C:\Program Files\Grisoft\AVG7\avgmail.dll] [GRISOFT, s.r.o., 7.5.0.429]
[PID: 1824][C:\WINDOWS\RTHDCPL.EXE] [Realtek Semiconductor Corp., 2.0.8.0]
[PID: 1856][F:\工具\应用程序\XDeskCal\XDeskCal.exe] [CFishSoft, 2.6.1.312]
[PID: 1920][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1928][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.2.621]
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
[PID: 2020][F:\影视\天网Maze\MazeSvr.exe] [N/A, N/A]
[PID: 580][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.9371]
[C:\WINDOWS\system32\nvapi.dll] [N/A, N/A]
[PID: 932][E:\小工具\保存的\pdf转word\SCPDF\SolidPdfService.exe] [VoyagerSoft, LLC, 3.0.268.0]
[PID: 1072][C:\Program Files\Tupsoft\BigMother\Engine\ArServerDaemon.exe] [N/A, N/A]
[PID: 1232][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 792][C:\Program Files\Tupsoft\BigMother\Engine\ArServer.exe] [Tup Software Ltd., 1, 0, 0, 1]
[C:\Program Files\Tupsoft\BigMother\Engine\ArValidate.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tupsoft\BigMother\Engine\ArsDbClient.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tupsoft\BigMother\Engine\ArComm.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tupsoft\BigMother\Engine\ArNet.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tupsoft\BigMother\Engine\ArsDb.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tupsoft\BigMother\Engine\ArLib.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tupsoft\BigMother\Engine\zlib.dll] [N/A, N/A]
[C:\Program Files\Tupsoft\BigMother\Engine\WdmAdo.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tupsoft\BigMother\Engine\ArsCapture.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tupsoft\BigMother\Engine\ArPacket.dll] [, 1, 0, 0, 1]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.2.621]
[C:\Program Files\Tupsoft\BigMother\Engine\ArsFile.dll] [, 1, 0, 0, 1]
[PID: 2752][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2000][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 2848][C:\WINDOWS\system32\msiexec.exe] [Microsoft Corporation, 3.1.4000.1823]
[PID: 424][F:\工具\软件\杀毒\sreng\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.2.621]
==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
API HOOK
警告！System Repair Engineer 提醒
你下面的函数内容与预期值不符，他
们可能被一些恶意的软件所修改：
RVA 错误： LoadLibraryA
RVA 错误： LoadLibraryExA
RVA 错误： LoadLibraryExW
RVA 错误： LoadLibraryW
==================================

复制代码

显示全部楼层 · 发表于 2007-6-8 14:49:59

大侠帮我看一下吧，先谢了！！

显示全部楼层 · 发表于 2007-6-8 15:08:16

晕你的报告没问题啊。。。。。。。。。
除了你的机器上有百度搜霸谷歌工具条外其它没什么啊！！！
你是不是用卡巴扫描病毒然后删除了。。。。。。

我没在你的报告上看出问题也许是我水平不行。。。。。。。

显示全部楼层 · 发表于 2007-6-8 15:19:19

我的E,F盘的几个exe文件中招了，删不掉！！！

显示全部楼层 · 发表于 2007-6-8 15:20:27

显示全部楼层 · 发表于 2007-6-8 15:23:39

大侠还有没有好办法???我好像把c盘的一个删了，

显示全部楼层 · 发表于 2007-6-8 15:41:37

网上说这个病毒是威金的一个变种你试试这个可以修复你的EXE文件不！！
要是不能。。。。。。。。

我中了Trojan.Win32.Pakes.c病毒，怎么办？

我试试吧～！先谢了！

不好意思，我想自己搞定，但还是不行！！郁呀！下面是扫描报告！！

回复 #2 zhaonimm 的帖子

回复 #6 zhaonimm 的帖子

不是删不掉，是清除不了！！

大侠还有没有好办法

浏览过的版块