【求助】升级卡卡后，还是删不掉IE加载项21fe,并绑定http://www.45so.com/ bbs.ikaka.com

我要绿茶 - 2007-5-16 4:40:00

本次中毒经过为：打开网页，杀毒软件报警发现木马，之后C:\Documents and Settings\XXX\Local Settings\Temporary Internet Files下的病毒随机更改系统时间，导致杀毒软件和防火墙暂时失去保护作用，同时IE被捆绑指定网站并锁死，桌面IE快捷方式的路径指向还被添加另一网址“www.haol123.com/as?--”(仿好123网站，实际为另一病毒网站)。

现在，流氓软件，广告软件，木马三位一体，对付起来实在力不从心。系统首先被流氓，修改IE并锁死，之后开始后台下载广告软件，而广告软件的安装程序中就藏有病毒。

无论进入安全模式还是正常进入，使用卡巴斯基和卡卡都无法删掉进程为21fe、4ae9ntos.dll的加载项，绑定的http://www.45so.com/还会自动下载各类广告插件和流氓插件(最新一次查杀还发现了病毒)，每隔几分钟使用卡卡扫描，都能发现新安装进来的恶意插件

附件: 876269200751643056.jpg

我要绿茶 - 2007-5-16 4:42:00

多图：

附件: 876269200751643211.jpg

我要绿茶 - 2007-5-16 4:42:00

03 绑定的http://www.45so.com/在卡卡下，也无法修复。

附件: 876269200751643525.jpg

我要绿茶 - 2007-5-16 4:43:00

这软件还真牛！！！

附件: 876269200751643344.jpg

我无邪 - 2007-5-16 11:45:00

鄙视这样的流氓
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

我要绿茶 - 2007-5-16 13:51:00

[CODE]

2007-05-16,04:38:20

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<KKDelay><C:\Program Files\Rising\KakaToolBar\RunOnce.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe asp.exe> [N/A]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [Kaspersky Lab]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><; "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"> [Nero AG]
<bgswitch><; C:\WINDOWS\system32\bgswitch.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<CdnCtr><; C:\Program Files\CNNIC\Cdn\cdnup.exe> [N/A]
<Cmaudio><; RunDll32 cmicnfg.cpl,CMICtrlWnd> [N/A]
<cmdbcs><; > [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<DAEMON Tools-2052><; "C:\Program Files\D-Tools\daemon.exe" -lang 2052> [DAEMON'S HOME]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<H/PC Connection Agent><; "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<load><; > [N/A]
<msccrt><; > [N/A]
<NeroFilterCheck><; C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe> [Nero AG]
<NexusServer><; "C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch> [N/A]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)NVIDIA Corporation]
<NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)NVIDIA Corporation]
<nwiz><; nwiz.exe /install> [N/A]
<QuickTime Task><; "C:\Program Files\Ringz Studio\Storm Codec\qttask.exe" -atboottime> [Apple Computer, Inc.]
<SOUNDM><; win32smd.exe> [N/A]
<StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [N/A]
<System><; C:\Program Files\Common Files\system\Updaterun.exe> [N/A]
<wsttrs><; > [N/A]

==================================
启动文件夹
N/A

==================================
服务
[107B4A8 / 107B4A8][Stopped/Auto Start]
<C:\WINDOWS\system32\82C57C40.EXE -g><N/A>
[Adobe LM Service / Adobe LM Service][Stopped/Disabled]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[卡巴斯基互联网安全套装 6.0 / AVP][Running/Manual Start]
<"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Disabled]
<><N/A>
[NVIDIA Display Driver Service / NVSvc][Stopped/Disabled]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Portable Equipment Service / Relations][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\ekkgr.dll><Microsoft Corporation>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[athena / athena][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\athena.sys><Microsoft Corporation>
[cdrblock / cdrblock][Running/System Start]
<system32\DRIVERS\cdrblock.sys><Canopus Co,. Ltd.>
[cdrport / cdrport][Running/System Start]
<system32\DRIVERS\cdrport.sys><Canopus Co,. Ltd.>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
<system32\drivers\cmuda.sys><C-Media Inc>
[d347bus / d347bus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
<\SystemRoot\System32\Drivers\d347prt.sys><>
[darycq2 / darycq22][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\darycq22.sys><N/A>
[Sundance ST201 based Adapter NT Driver / DLH5X][Running/Manual Start]
<system32\DRIVERS\DLH5XND5.sys><D-Link Corporation>
[efgpzf0 / efgpzf03][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\efgpzf03.sys><N/A>
[ElbyCDFL / ElbyCDFL][Running/Manual Start]
<System32\Drivers\ElbyCDFL.sys><SlySoft, Inc.>
[ElbyCDIO Driver / ElbyCDIO][Running/Auto Start]
<System32\Drivers\ElbyCDIO.sys><Elaborate Bytes AG>
[fvwelk8 / fvwelk81][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\fvwelk81.sys><N/A>
[gacdjadg / gacdjadg][Stopped/Boot Start]
<\SystemRoot\system32\drivers\gacdjadg.sys><N/A>
[Hardlock / Hardlock][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\hardlock.sys><Aladdin Knowledge Systems Ltd.>
[Haspnt / Haspnt][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\Haspnt.sys><Aladdin Knowledge Systems>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[mlxgsw1 / mlxgsw17][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\mlxgsw17.sys><N/A>
[mrdjtz47 / mrdjtz47][Stopped/Boot Start]
<\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
[NetGroup Packet Filter Driver / Npf][Running/Auto Start]
<system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[ofyrez8 / ofyrez81][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ofyrez81.sys><Microsoft Corporation>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[predn / prednn][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\prednn.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[qbvw / qbvwk][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\qbvwk.sys><N/A>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[MUSTEK 1200 UB Still Image Device Service / S6U12BScanner][Stopped/Manual Start]
<system32\drivers\usbscan.sys><Microsoft Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[shiji / shiji][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\wincab.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TSP / TSP][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[vbmcrd / vbmcrd][Running/Boot Start]
<\SystemRoot\system32\drivers\vbmcrd.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[USB PC Camera 301P / ZSMC301b][Running/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[]
{238f4c78-21fe-4ae9-ae2b-1b294ae19f4f} <C:\WINDOWS\system32\4ae9ntos.dll, N/A>
[21fe]
{DFCB34B6-902D-426E-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\4ae9ntos.dll, N/A>
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, >
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[KvScanOnline Control]
{EF6205C1-3F17-4829-BCB5-1336ED89E356} <C:\WINDOWS\system32\KvDown.ocx, dreamersoft>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, >
[]
{238F4C78-21FE-4AE9-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\4ae9ntos.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[WangWangObj Class]
{6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <C:\Program Files\淘宝网\淘宝旺旺\WangWangX4.dll, 阿里软件（中国）有限公司>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[21fe]
{DFCB34B6-902D-426E-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\4ae9ntos.dll, N/A>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>

附件: 8762692007516134143.jpg

我要绿茶 - 2007-5-16 13:52:00

正在运行的进程
[PID: 496][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 576][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 604][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 656][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 668][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 836][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 904][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 940][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 984][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1008][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1168][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\ZLhp1020.DLL] [Zenographics, Inc., 5, 53, 3723, 0]
[C:\WINDOWS\system32\ZLM.dll] [Zenographics, Inc., 5, 50, 1416, 0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL] [Zenographics, Inc., 5, 54, 330, 0]
[C:\WINDOWS\system32\Imf32.dll] [Zenographics, Inc., 5, 60, 1204, 0]
[C:\WINDOWS\system32\ZTAG32.dll] [Zenographics, Inc., 5, 60, 1210, 0]
[C:\WINDOWS\system32\ZSPOOL.dll] [Zenographics, Inc., 5, 51, 709, 0]
[PID: 1416][C:\WINDOWS\Explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\vxxcq.dll] [N/A, N/A]
[C:\WINDOWS\system32\prednn.dll] [N/A, N/A]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\ofyrez81.dll] [, 1, 1, 1, 1014]
[C:\WINDOWS\system32\javascript.dll] [, 1.1.1.245]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.8198]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.304]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
[PID: 1500][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1544][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1828][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1960][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ofyrez81.dll] [, 1, 1, 1, 1014]
[PID: 2252][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ofyrez81.dll] [, 1, 1, 1, 1014]
[C:\WINDOWS\system32\4ae9ntos.dll] [N/A, N/A]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\winrez81.dll] [, 1, 1, 1, 1039]
[C:\Program Files\Common Files\Ahead\lib\MediaLibraryNSE.dll] [Nero AG, 1, 0, 2, 12]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.304]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx] [Adobe Systems, Inc., 9,0,45,0]
[PID: 3788][C:\Program Files\淘宝网\淘宝旺旺\WangWang.exe] [淘宝（中国）软件有限公司, 1, 9, 6, 1221]
[C:\Program Files\淘宝网\淘宝旺旺\AliViewCtrl.dll] [vline, 1, 0, 0, 1]
[C:\Program Files\淘宝网\淘宝旺旺\VLNetwork.dll] [, 1, 0, 0, 6]
[C:\Program Files\淘宝网\淘宝旺旺\AliViewMedia.dll] [vline, 1, 0, 0, 1]
[C:\Program Files\淘宝网\淘宝旺旺\VideoCAP.dll] [, 1, 0, 0, 4]
[C:\Program Files\淘宝网\淘宝旺旺\VLAudio.dll] [, 1, 0, 0, 4]
[C:\Program Files\淘宝网\淘宝旺旺\JsmShow.dll] [, 1, 0, 0, 3]
[C:\Program Files\淘宝网\淘宝旺旺\ww_network.dll] [N/A, 1, 0, 1, 18]
[C:\WINDOWS\system32\ofyrez81.dll] [, 1, 1, 1, 1014]
[C:\Program Files\淘宝网\淘宝旺旺\Ali_Res.DLL] [N/A, N/A]
[C:\Program Files\淘宝网\淘宝旺旺\WangWangX4.dll] [阿里软件（中国）有限公司, 1, 0, 0, 1]
[C:\Program Files\淘宝网\淘宝旺旺\RichOne.dll] [淘宝(中国)软件有限公司, 1.0.0.1]
[C:\Program Files\淘宝网\淘宝旺旺\TBProgress.dll] [淘宝(中国)软件有限公司, 1.0.0.1]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.304]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[C:\Program Files\淘宝网\淘宝旺旺\CapScr.dll] [阿里软件(中国)有限公司, 1, 1, 8, 1]
[PID: 2944][C:\Program Files\WinRAR\WinRAR.exe] [N/A, N/A]
[C:\WINDOWS\system32\ofyrez81.dll] [, 1, 1, 1, 1014]
[PID: 3036][C:\DOCUME~1\SEGA\LOCALS~1\Temp\Rar$EX00.453\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\WINDOWS\system32\ofyrez81.dll] [, 1, 1, 1, 1014]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]

==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
警告！System Repair Engineer 提醒
你下面的函数内容与预期值不符，他
们可能被一些恶意的软件所修改：
RVA 错误： LoadLibraryA
RVA 错误： LoadLibraryExA
RVA 错误： LoadLibraryExW
RVA 错误： LoadLibraryW

==================================

[/CODE]

HTTLOVEWLB - 2007-5-16 17:15:00

我给你个软件,可以清除掉的.软件名是avgas-setup-7.5.0.50,可惜的是只有30天的试用期限的.去http://httlovewlb.blog.xunlei.com的资源博课的流行软件中下载!你用它看可以不?这款软件是真的很好的.特别是对付象你这种情况的.它会让你看到希望的.

我要绿茶 - 2007-5-16 18:44:00

【回复“HTTLOVEWLB”的帖子】楼上的软件我用了，英文版的。不稳定啊，在SCAN的时候，两次出现非法操作，关闭软件了。而且，在发现21FE之后也无法关闭掉，提示重起电脑，操作后加载项还存在。

瑞星卡卡安全论坛