【求助】怎么清除http://caiyi8.com/ bbs.ikaka.com

chenyi1210 - 2007-4-12 21:05:00

End-User License Agreement FOR System Repair Engineer

This End-User License Agreement ("EULA") is a legal agreement between you (either an individual or a single entity) and the mentioned author (Smallfrogs Studio) of this Software for the System Repair Engineer identified above,
which includes computer software and may include associated media, printed materials, and "online" or electronic documentation ("System Repair Engineer").
By installing, copying, or otherwise using the System Repair Engineer, you agree to be bounded by the terms of this EULA.
If you do not agree to the terms of this EULA, do not install or use the System Repair Engineer.

System Repair Engineer LICENSE
------------
All versions of the System Repair Engineer are protected by copyright laws and international copyright treaties, as well as other intellectual property laws and treaties.
The sole property belongs to Smallfrogs Studio. The System Repair Engineer may not be duplicated, sold, distributed or utilized in any manner not described herein without the prior written consent of Smallfrogs Studio.
Parties interested in licensing the System Repair Engineer for other than personal use should contact Smallfrogs Studio.

1. GRANT OF LICENSE. This EULA grants you the following rights: Installation and Use. You may install and use an unlimited number of copies of the System Repair Engineer.

Reproduction and Distribution. You may reproduce and distribute an unlimited number of copies of the System Repair Engineer; provided that each copy shall be a true and complete copy, including all copyright and trademark notices, and shall be accompanied by a copy of this EULA.
Copies of the System Repair Engineer may be distributed as a standalone product or included with your own product as long as The System Repair Engineer is not sold or included in a product or package that intends to receive benefits through the inclusion of the System Repair Engineer.
The System Repair Engineer may be included in any free or non-profit packages or products.

2. DESCRIPTION OF OTHER RIGHTS AND LIMITATIONS.
Limitations on Reverse Engineering, Decompilation, Disassembly and change(add,delete or modify)the resources in the compiled the assembly. You may not reverse engineer, decompile, or disassemble the System Repair Engineer, except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation.

Separation of Components.

chenyi1210 - 2007-4-12 21:06:00

------------
The System Repair Engineer is licensed as a single product. Its component parts may not be separated for use on more than one computer.

Software Transfer.
------------
You may permanently transfer all of your rights under this EULA, provided the recipient agrees to the terms of this EULA.

Termination.
------------
Without prejudice to any other rights, the Author of this Software may terminate this EULA if you fail to comply with the terms and conditions of this EULA. In such event, you must destroy all copies of the System Repair Engineer and all of its component parts.

3. COPYRIGHT.
All title and copyrights in and to the System Repair Engineer(including but not limited to any images, photographs, animations,video, audio, music, text, and "applets" incorporated into the System Repair Engineer), the accompanying printed materials, and any copies of the System Repair Engineer are owned by the Author of this Software. The System Repair Engineer is protected by copyright laws and international treaty provisions. Therefore, you must treat the System Repair Engineer like any other copyrighted material.

LIMITED WARRANTY
------------
NO WARRANTIES.
The Author of this Software expressly disclaims any warranty for the System Repair Engineer. The System Repair Engineer and any related documentation is provided "as is" without warranty of any kind,either express or implied, including, without limitation, the implied warranties or merchantability, fitness for a particular purpose, or noninfringement. The entire risk arising out of use or performance of the System Repair Engineer remains with you.

NO LIABILITY FOR DAMAGES.
------------
In no event shall the author of this Software be liable for any special, consequential,
incidental or indirect damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or any other pecuniary loss) arising out of the use of or inability to use this product, even if the Author of this Software is aware of the possibility of such damages and known defects.

Terms of Use
------------
This software is provided "as is", without any guarantee made as to its suitability or fitness for any particular use. It may contain bugs, so use of this tool is at your own risk. We take
no responsilbity for any damage that may unintentionally be caused through its use.

By using this software, you are agreeing to the terms of this license.

chenyi1210 - 2007-4-12 21:07:00

就这些了，帮忙分析一下哦
谢谢

lxmxn - 2007-4-12 21:15:00

汗，这些不是扫描的日志啊，只是关于SREng的说明文档，你要扫描一个SREng.LOG发出来啊。

吾虾米 - 2007-4-12 21:23:00

用360安全卫士试一下 http://www.360safe.com/history.html

chenyi1210 - 2007-4-12 21:34:00

是不是这些啊

[CODE]

2007-04-12,21:18:02

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"> [(Verified)Nero AG]
<ctfm0n.exe><C:\windows\system32\mscore\mscore.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><C:\windows\system32\mscore\mscore.exe> [Microsoft Corporation]
<run><C:\windows\system32\mscore\mscore.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<SigmatelSysTrayApp><sttray.exe> [N/A]
<IntelAudioStudio><"C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT> [N/A]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<nwiz><nwiz.exe /install> []
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<ShStatEXE><"C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE> [(Verified)"McAfee, Inc."]
<McAfeeUpdaterUI><"C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey> [(Verified)"McAfee, Inc."]
<StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<KuGoo3><D:\kugoo\KuGoo3\KuGoo.exe> [N/A]
<NeroFilterCheck><C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe> [(Verified)Nero AG]
<ctfm0n.exe><C:\windows\system32\mscore\mscore.exe> [Microsoft Corporation]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<1><C:\windows\system32\mscore\mscore.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe asp.exe> [N/A]
<Userinit><C:\WINDOWS\system32\userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070411.dll start> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
[(空)]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\(空).lnk --> C:\WINDOWS\system32\mscore\mscore.exe [Microsoft Corporation]><N>
[Adobe Reader Speed Launch]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> D:\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[Adobe Reader Synchronizer]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Synchronizer.lnk --> D:\Reader\ADOBEC~1.EXE []><N>
[CAJViewer Preload]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\CAJViewer Preload.lnk --> C:\PROGRA~1\TTKN\CAJVIE~1.0\CAJVIE~1.EXE [Tsinghua Tongfang Knowledge Network Technology(Beijing) Co., Ltd.]><N>
[核新SSL通讯安全代理]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\核新SSL通讯安全代理.lnk --> C:\PROGRA~1\hexin\sslproxy\SSLCnt.exe [杭州核新软件技术有限公司]><N>

==================================
服务
[17B843DC / 17B843DC][Stopped/Auto Start]
<C:\WINDOWS\system32\17B843DC.EXE -service><Microsoft Corporation>
[Intranet Messenger / 8NASCAR][Running/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLL2KXP.EXE C:\WINDOWS\SYSTEM32\WBEM\ESMTE.DLL,Export 1087><Microsoft Corporation>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[DCOM Client / DCOMClient][Running/Auto Start]
<C:\WINDOWS\system32\DCOMSvr.EXE><N/A>
[error monitor / EmonSrv][Running/Auto Start]
<C:\WINDOWS\system32\lfrmewrk.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[McAfee Framework Service / McAfeeFramework][Running/Auto Start]
<"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart><McAfee, Inc.>
[McAfee McShield / McShield][Running/Auto Start]
<"C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe"><McAfee, Inc.>
[McAfee Task Manager / McTaskManager][Running/Auto Start]
<"C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe"><McAfee, Inc.>
[Machine Debug Manager / MDM][Running/Auto Start]
<"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"><Microsoft Corporation>
[NBService / NBService][Stopped/Manual Start]
<C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe><Nero AG>
[NMIndexingService / NMIndexingService][Running/Manual Start]
<"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"><Nero AG>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Remote Procedure Call System(RPCS) / RpcS][Stopped/Auto Start]
<C:\WINDOWS\system32\RpcS.exe><N/A>
[Selaris Frame Work / Selaris][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\system32\imjpmig\imjpmig32.dll><N/A>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
<"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>

==================================
驱动程序
[anugyf3 / anugyf36][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\anugyf36.sys><Microsoft Corporation>
[borjdb3 / borjdb30][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\borjdb30.sys><N/A>
[dhxcys0 / dhxcys08][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\dhxcys08.sys><N/A>
[Intel(R) PRO Network Connection Driver / E100B][Running/Manual Start]
<system32\DRIVERS\e100b325.sys><Intel Corporation>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HWiNFO32 Kernel Driver / HWiNFO32][Stopped/Auto Start]
<\??\H:\新建文件夹\HWiNFO32\HWiNFO32.SYS><N/A>
[McAfee Inc. / mfeapfk][Running/Manual Start]
<system32\drivers\mfeapfk.sys><McAfee, Inc.>
[McAfee Inc. / mfeavfk][Running/Manual Start]
<system32\drivers\mfeavfk.sys><McAfee, Inc.>
[McAfee Inc. / mfebopk][Running/Manual Start]
<system32\drivers\mfebopk.sys><McAfee, Inc.>
[McAfee Inc. / mfehidk][Running/Manual Start]
<system32\drivers\mfehidk.sys><McAfee, Inc.>
[VSCore mferkdk / mferkdk][Running/System Start]
<\??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys><McAfee, Inc.>
[McAfee Inc. / mfetdik][Running/System Start]
<system32\drivers\mfetdik.sys><McAfee, Inc.>
[nmevtms / nmevtmsn][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\nmevtmsn.sys><N/A>
[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]
<system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]
<system32\drivers\nmwcdcm.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]
<system32\drivers\nmwcd.sys><Nokia>
[Nokia USB Port / Nokia USB Port][Stopped/Manual Start]
<system32\drivers\nmwcdcj.sys><Nokia>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[owuzra1 / owuzra18][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\owuzra18.sys><N/A>
[profilenh / profilenh][Running/System Start]
<system32\drivers\profilenh.sys><Microsoft Corporation>
[proregnh / proregnh][Running/System Start]
<system32\drivers\proregnh.sys><Windows System Internal>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[qaexvbzi / qaexvbzi][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\qaexvbzi.sys><Yahoo! China Corporation>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[Sonic Focus Plugin for Sigmatel HDA / sfng32][Running/Manual Start]
<system32\drivers\sfng32.sys><Sonic Focus, Inc>
[SigmaTel High Definition Audio CODEC / STHDA][Running/Manual Start]
<system32\drivers\sthda.sys><SigmaTel, Inc.>
[usb8028 / usb8028][Running/System Start]
<system32\drivers\usb8028.sys><Microsoft Corporation>
[usb8028x / usb8028x][Running/System Start]
<system32\drivers\usb8028x.sys><Windows System Internal>

chenyi1210 - 2007-4-12 21:35:00

==================================
浏览器加载项
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[腾讯QQ]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\WINDOWS\QQIEHelper.dll, N/A>
[CPPIE Class]
{C6844939-C324-41E0-84D0-D42F8DA5EBAD} <C:\WINDOWS\system32\hbcmd.dll, TODO: <公司名>>
[Browser Class]
{D8C32D92-3120-4D44-B295-5D4461C6AF95} <C:\WINDOWS\system32\rasapi.DLL, TODO: <公司名>>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[Thunder Browser Helper]
{06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[腾讯QQ]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\WINDOWS\QQIEHelper.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[scriptproxy]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} <C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll, McAfee, Inc.>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[CPPIE Class]
{C6844939-C324-41E0-84D0-D42F8DA5EBAD} <C:\WINDOWS\system32\hbcmd.dll, TODO: <公司名>>
[macfed Class]
{CB7CA266-4479-4997-86AF-7554AA8A0AF4} <C:\WINDOWS\system32\atsldr.dll, >
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[okteba Class]
{CE7C3CF0-4B15-11D1-ABED-709549C16969} <C:\WINDOWS\okteba\okteba.dll, Okte.cn, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[]
{D40D01E4-0378-430A-A890-382CB46B97B1} <C:\WINDOWS\system32\ffmiiqfwtsjin.dll, N/A>
[Browser Class]
{D8C32D92-3120-4D44-B295-5D4461C6AF95} <C:\WINDOWS\system32\rasapi.DLL, TODO: <公司名>>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Excel(&x)]
<res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>

chenyi1210 - 2007-4-12 21:37:00

==================================
正在运行的进程
[PID: 692][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 740][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 764][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\17B843DC.DLL] [Microsoft Corporation, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 808][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 820][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 988][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1056][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1144][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1340][C:\WINDOWS\Explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\Goauld.dll] [N/A, ]
[C:\WINDOWS\system32\nmevtmsn.dll] [Microsoft Corporation, 5.01.2900.2180]
[C:\WINDOWS\system32\abjsubva.dll] [Microsoft Corporation, 5, 2, 2265, 3211]
[C:\WINDOWS\system32\17B843DC.DLL] [Microsoft Corporation, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\McAfee\Common Framework\JrMac.dll] [McAfee, Inc., 1.0.0.125]
[C:\WINDOWS\system32\anugyf36.dll] [, 1, 1, 1, 1006]
[C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll] [Nero AG, 2, 0, 0, 8]
[C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.0.0.0]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 8.0.0.0]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.8440]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.8440]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[C:\windows\system32\mscore\MsCoreDll.DLL] [N/A, ]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
[C:\WINDOWS\system32\hbcmd.dll] [TODO: <公司名>, 1.0.0.1]
[C:\WINDOWS\system32\rasapi.DLL] [TODO: <公司名>, 1.0.0.1]
[C:\Program Files\Microsoft Office\Office10\msohev.dll] [Microsoft Corporation, 10.0.2609]
[C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll] [Nero AG, 2, 7, 3, 2]
[C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\McAfee\VirusScan Enterprise\shext.dll] [McAfee, Inc., 8.5.0.781]
[C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll] [Nero AG, 2, 8, 3, 0]
[PID: 1992][C:\WINDOWS\system32\microsoft.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wscuiex.cpl] [mcsoft, 1, 0, 0, 0]
[C:\WINDOWS\system32\abjsubva.dll] [Microsoft Corporation, 5, 2, 2265, 3211]
[C:\WINDOWS\system32\anugyf36.dll] [, 1, 1, 1, 1006]
[PID: 2256][C:\Program Files\McAfee\Common Framework\UdaterUI.exe] [McAfee, Inc., 3.6.0.453]
[C:\Program Files\McAfee\Common Framework\nailog.dll] [McAfee, Inc., 3.6.0.453]
[C:\Program Files\McAfee\Common Framework\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\McAfee\Common Framework\naCmnLib71.dll] [McAfee, Inc., 3.6.0.453]
[C:\Program Files\McAfee\Common Framework\naXML71.dll] [N/A, ]
[C:\Program Files\McAfee\Common Framework\NaiSign.DLL] [N/A, ]
[C:\WINDOWS\system32\epoPGPSDK.dll] [PGP Corporation, 3.5.3]
[C:\Program Files\McAfee\Common Framework\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\McAfee\Common Framework\applib.dll] [McAfee, Inc., 3.6.0.453]
[C:\Program Files\McAfee\Common Framework\cmalib.dll] [McAfee, Inc., 3.6.0.453]
[C:\Program Files\McAfee\Common Framework\0409\UpdRes.dll] [McAfee, Inc., 3.6.0.453]
[C:\Program Files\McAfee\Common Framework\0409\AgentRes.dll] [McAfee, Inc., 3.6.0.453]
[C:\WINDOWS\system32\abjsubva.dll] [Microsoft Corporation, 5, 2, 2265, 3211]
[C:\Program Files\McAfee\Common Framework\SecureFrameworkFactory.dll] [McAfee, Inc., 3.6.0.453]
[PID: 2320][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\abjsubva.dll] [Microsoft Corporation, 5, 2, 2265, 3211]
[C:\WINDOWS\system32\anugyf36.dll] [, 1, 1, 1, 1006]
[C:\windows\system32\mscore\MsCoreDll.DLL] [N/A, ]
[PID: 2328][C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe] [Nero AG, 2,0,5,0]
[C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\abjsubva.dll] [Microsoft Corporation, 5, 2, 2265, 3211]
[C:\windows\system32\mscore\MsCoreDll.DLL] [N/A, ]
[C:\Program Files\Common Files\Ahead\Lib\AdvrCntr2.dll] [Nero AG, 8,6,0, 10800]
[C:\Program Files\Common Files\Ahead\Lib\NMIndexingServicePS.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll] [Nero AG, 2,0,5,0]
[PID: 2560][C:\Program Files\McAfee\Common Framework\McTray.exe] [McAfee, Inc., 1.0.0.125]
[C:\Program Files\McAfee\Common Framework\JrMac.dll] [McAfee, Inc., 1.0.0.125]
[C:\WINDOWS\system32\abjsubva.dll] [Microsoft Corporation, 5, 2, 2265, 3211]
[C:\windows\system32\mscore\MsCoreDll.DLL] [N/A, ]
[PID: 3012][C:\Program Files\hexin\sslproxy\SSLCnt.exe] [杭州核新软件技术有限公司, 1.103.2004.0218]
[C:\Program Files\hexin\sslproxy\crypteng.dll] [杭州核新软件技术有限公司, 1.44.2003.0426]
[C:\Program Files\hexin\sslproxy\sslproxy.dll] [杭州核新软件技术有限公司, 1.52.2002.326]
[C:\Program Files\hexin\sslproxy\CAsAPI.dll] [杭州核新软件技术有限公司, 1.49.2002.422]
[C:\Program Files\hexin\sslproxy\Scard.dll] [杭州核新软件技术有限公司, 1.02.2001.0529]
[C:\WINDOWS\system32\abjsubva.dll] [Microsoft Corporation, 5, 2, 2265, 3211]
[C:\windows\system32\mscore\MsCoreDll.DLL] [N/A, ]
[C:\Program Files\hexin\sslproxy\MapProxy.dll] [核新软件技术有限公司, 1.00.2003.0613]
[C:\WINDOWS\system32\anugyf36.dll] [, 1, 1, 1, 1006]
[PID: 3556][C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe] [Nero AG, 2,0,5,0]
[C:\Program Files\Common Files\Ahead\Lib\NMSQLDB.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\anugyf36.dll] [, 1, 1, 1, 1006]
[C:\WINDOWS\system32\abjsubva.dll] [Microsoft Corporation, 5, 2, 2265, 3211]
[C:\Program Files\Common Files\Ahead\Lib\NMLogCxx.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Common Files\Ahead\Lib\log4cxx.dll] [Nero AG, 1, 0, 0, 0]
[C:\Program Files\Common Files\Ahead\Lib\NMIndexingServicePS.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Common Files\Ahead\Lib\NMCoFoundation.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Common Files\Ahead\Lib\NMFullTextExtraction.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Common Files\Ahead\Lib\NMSearchPluginSimilarImages.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Common Files\Ahead\Lib\NeroIPP.dll] [Nero AG, 4,9,4,1]
[C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Common Files\System\Mapi\2052\msmapi32.dll] [Microsoft Corporation, 10.0.2625]
[C:\Program Files\Common Files\System\Mapi\2052\contab32.dll] [Microsoft Corporation, 10.0.2625]
[C:\Program Files\Common Files\Microsoft Shared\office10\mso.dll] [Microsoft Corporation, 10.0.6626]
[PID: 2536][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\anugyf36.dll] [, 1, 1, 1, 1006]
[C:\WINDOWS\system32\abjsubva.dll] [Microsoft Corporation, 5, 2, 2265, 3211]
[C:\WINDOWS\system32\KakaTool.dll] [Beijing Rising Technology Co., Ltd., 2, 0, 3, 0]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
[C:\WINDOWS\QQIEHelper.dll] [N/A, ]
[C:\WINDOWS\system32\hbcmd.dll] [TODO: <公司名>, 1.0.0.1]
[C:\WINDOWS\system32\rasapi.DLL] [TODO: <公司名>, 1.0.0.1]
[C:\Program Files\Common Files\Microsoft Shared\Ink\PENCHS.DLL] [Microsoft Corporation, 1.0.1038.0]
[C:\WINDOWS\system32\wingyf36.dll] [, 1, 1, 1, 1019]
[C:\Program Files\Microsoft Office\Office10\msohev.dll] [Microsoft Corporation, 10.0.2609]
[C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll] [McAfee, Inc., VSCORE.13.3.1.100.x86]
[C:\windows\system32\mscore\MsCoreDll.DLL] [N/A, ]
[PID: 2908][C:\WINDOWS\system32\MSRundll.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\bofang.dll] [ , 1, 0, 0, 3]
[C:\WINDOWS\system32\anugyf36.dll] [, 1, 1, 1, 1006]

chenyi1210 - 2007-4-12 21:37:00

[C:\WINDOWS\system32\abjsubva.dll] [Microsoft Corporation, 5, 2, 2265, 3211]
[PID: 3416][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\anugyf36.dll] [, 1, 1, 1, 1006]
[C:\WINDOWS\system32\abjsubva.dll] [Microsoft Corporation, 5, 2, 2265, 3211]
[C:\WINDOWS\system32\KakaTool.dll] [Beijing Rising Technology Co., Ltd., 2, 0, 3, 0]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
[C:\WINDOWS\QQIEHelper.dll] [N/A, ]
[C:\WINDOWS\system32\hbcmd.dll] [TODO: <公司名>, 1.0.0.1]
[C:\WINDOWS\system32\rasapi.DLL] [TODO: <公司名>, 1.0.0.1]
[C:\Program Files\Common Files\Microsoft Shared\Ink\PENCHS.DLL] [Microsoft Corporation, 1.0.1038.0]
[C:\WINDOWS\system32\wingyf36.dll] [, 1, 1, 1, 1019]
[C:\Program Files\Microsoft Office\Office10\msohev.dll] [Microsoft Corporation, 10.0.2609]
[C:\windows\system32\mscore\MsCoreDll.DLL] [N/A, ]
[PID: 3928][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\anugyf36.dll] [, 1, 1, 1, 1006]
[C:\WINDOWS\system32\abjsubva.dll] [Microsoft Corporation, 5, 2, 2265, 3211]
[C:\WINDOWS\system32\KakaTool.dll] [Beijing Rising Technology Co., Ltd., 2, 0, 3, 0]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
[C:\WINDOWS\QQIEHelper.dll] [N/A, ]
[C:\WINDOWS\system32\hbcmd.dll] [TODO: <公司名>, 1.0.0.1]
[C:\WINDOWS\system32\rasapi.DLL] [TODO: <公司名>, 1.0.0.1]
[C:\Program Files\Microsoft Office\Office10\msohev.dll] [Microsoft Corporation, 10.0.2609]
[C:\WINDOWS\system32\wingyf36.dll] [, 1, 1, 1, 1019]
[C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll] [McAfee, Inc., VSCORE.13.3.1.100.x86]
[C:\Program Files\Common Files\Microsoft Shared\Ink\PENCHS.DLL] [Microsoft Corporation, 1.0.1038.0]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\mscore\MsCoreDll.DLL] [N/A, ]
[PID: 1928][C:\windows\system32\mscore\MsCore.exe] [Microsoft Corporation, 8.0.50727.42]
[C:\windows\system32\mscore\MsCoreDll.DLL] [N/A, ]
[C:\WINDOWS\system32\anugyf36.dll] [, 1, 1, 1, 1006]
[C:\WINDOWS\system32\abjsubva.dll] [Microsoft Corporation, 5, 2, 2265, 3211]
[PID: 892][D:\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\WINDOWS\system32\anugyf36.dll] [, 1, 1, 1, 1006]
[C:\WINDOWS\system32\abjsubva.dll] [Microsoft Corporation, 5, 2, 2265, 3211]
[C:\windows\system32\mscore\MsCoreDll.DLL] [N/A, ]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

chenyi1210 - 2007-4-12 21:53:00

没人知道吗？

chenyi1210 - 2007-4-12 23:22:00

ding

chenyi1210 - 2007-4-12 23:23:00

DING YI XIA

我无邪 - 2007-4-12 23:59:00

========Content========
建议下载这几款流氓软件清除工具。

http://www.arswp.com/
Windows清理助手

http://www.tommsoft.com/
恶意软件清理助手

http://www.360safe.com/
360安全卫士

下载后，运行他们让其更新病毒库

请到www.27814939.ys168.com,点“我的软件”下载KillBox.exe

打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务17B843DC ,Intranet Messenger,DCOM Client,error monitor,Remote Procedure Call System(RPCS) ,Selaris Frame Work ，选择“删除服务”点“设置”选择“否”。（每一个逗号隔开的就是一个病毒的服务，请逐一删除）

打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），点“启动项目，服务，点“驱动程序”勾选“隐藏以认证的微软服务”选中病毒服务usb8028 ,usb8028x，选择“删除服务”点“设置”选择“否”。（每一个逗号隔开的就是一个病毒的服务，请逐一删除）

重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
双击打开KillBox.exe，分别删除
C:\WINDOWS\system32\winsys16_070411.dll
C:\WINDOWS\system32\17B843DC.EXE
C:\WINDOWS\SYSTEM32\WBEM\ESMTE.DLL
C:\WINDOWS\SYSTEM32\RUNDLL2KXP.EXE
C:\WINDOWS\system32\DCOMSvr.EXE
C:\WINDOWS\system32\lfrmewrk.exe
C:\WINDOWS\system32\RpcS.exe
C:\WINDOWS\system32\imjpmig\imjpmig32.dll
C:\WINDOWS\system32\drivers\usb8028.sys
C:\WINDOWS\system32\drivers\usb8028x.sys
C:\WINDOWS\system32\hbcmd.dll
C:\WINDOWS\system32\rasapi.DLL
C:\WINDOWS\system32\atsldr.dll
C:\WINDOWS\system32\17B843DC.DLL
C:\WINDOWS\Goauld.dll
C:\WINDOWS\QQIEHelper.dll
sttray.exe
asp.exe这两个用系统搜索一下。能找到删除最好。
（删除时勾选“删除前先结束Explorer.EXE进程”不行再试着勾选"删除DLL文件前反注册此文件"
给菜鸟的东东—KillBox的使用技巧
http://forum.ikaka.com/topic.asp?board=28&artid=8160799

打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），使用“系统修复，浏览器加载项”来删除以下选项。
C:\windows\system32\mscore\mscore.exe
sttray.exe
C:\windows\system32\mscore\mscore.exe
C:\windows\system32\mscore\mscore.exe

打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），使用“启动项目，注册表”选中要修复的项
Explorer.exe asp.exe
，点“编辑”在“值”里删除 asp.exe

打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），使用“启动项目，注册表”选中要修复的项
C:\WINDOWS\system32\userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070411.dll
，点“编辑”在“值”里删除 rundll32.exe C:\WINDOWS\system32\winsys16_070411.dll

打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），使用“启动项目，启动文件夹”来删除以下选项。
C:\Documents and Settings\All Users\「开始」菜单\程序\启动\(空).lnk --> C:\WINDOWS\system32\mscore\mscore.exe

打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），使用“系统修复，浏览器加载项”来删除以下选项。
C:\WINDOWS\system32\hbcmd.dll
C:\WINDOWS\system32\rasapi.DLL
C:\WINDOWS\system32\atsldr.dll
C:\WINDOWS\QQIEHelper.dll

用下载来的三个清除工具逐一清除流氓软件
打开一个IE窗口，工具，internte选项，点“删除文件”弹出一个窗口勾选“删除所有脱机内容”删除cookies,确定。
打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），使用“系统修复，Internet Explorer”“全选”“修复"看看能不能解决问题。

瑞星卡卡安全论坛