【求助】续贴，附上日志，请高手帮忙看是否有毒 bbs.ikaka.com

葡萄眼睛 - 2007-5-19 0:05:00

先解释一下，因为是法语系统的电脑所以日志有小部分乱码但不影响整体，万分感谢！！

[CODE]

2007-05-18,17:46:36

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - ?????? - ????

???????:
???????(???????????????)
??????
???????(????????)
????
Winsock ???
Autorun.inf
HOSTS ??

????
???
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<msnmsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation]
<VoipStunt><; "E:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized> [(Verified)Finarea SA]
<MSMSGS><"C:\Program Files\Messenger\MSMSGS.EXE" /background> [(Verified)Microsoft Corporation]
<VoipBuster><; "E:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<High Definition Audio Property Page Shortcut><HDAShCut.exe> [(Verified)Microsoft Windows XP Publisher]
<SkyTel><SkyTel.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<Alcmtr><ALCMTR.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<IntelZeroConfig><"C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"> [Intel Corporation]
<IntelWireless><"C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless> [Intel Corporation]
<EOUApp><"C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"> [Intel Corporation]
<CHotkey><mHotkey.exe> [Chicony]
<SMSERIAL><sm56hlpr.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<KTPWare><C:\Program Files\Elantech\ktp.exe> []
<RemoteControl><"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"> [Cyberlink Corp.]
<NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<InCD><C:\Program Files\Ahead\InCD\InCD.exe> [Nero AG]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<IMSCMIG40W><C:\PROGRA~1\FICHIE~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log> [Microsoft Corporation]
<Logitech Hardware Abstraction Layer><KHALMNPR.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<Kernel and Hardware Abstraction Layer><KHALMNPR.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe> []
<Google IME Autoupdater><"C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"> [(Verified)Google Inc]
<ShStatEXE><"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE> [Network Associates, Inc.]
<McAfeeUpdaterUI><"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey> [Network Associates, Inc.]
<Network Associates Error Reporting Service><"C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"> [Network Associates, Inc.]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
<wosa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\woso.exe> [N/A]
<ztsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\ztso.exe> []
<mhsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\mhso.exe> []
<fysa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\fyso.exe> []
<jtsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\jtso.exe> []
<wlsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wlso.exe> []
<wgsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wgso.exe> []
<wmsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wmso.exe> []
<qjsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\qjso.exe> []
<rxsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\rxso.exe> []
<wdsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wdso.exe> []
<tlsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\tlso.exe> []
<dasa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\daso.exe> []
<igfxpers><; C:\WINDOWS\system32\igfxpers.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<igfxtray><; C:\WINDOWS\system32\igfxtray.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<PrevxOne><; "C:\Program Files\Prevx1\PXConsole.exe"> [Prevx]
<RTHDCPL><; RTHDCPL.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<GinaDLL><IWPDGINA.DLL> [Intel Corporation]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{01F6EB6F-AB5C-1FDD-6E5B-FB6EE3CC6CD6}><C:\Program Files\Internet Explorer\HiJack.dll> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
<WinlogonNotify: igfxcui><igfxdev.dll> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]

葡萄眼睛 - 2007-5-19 0:06:00

【回复“葡萄眼睛”的帖子】

==================================
?????
[Lancement rapide d'Adobe Reader]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[Logitech SetPoint]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk --> C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [Logitech Inc.]><N>

==================================
??
[Intel(R) PROSet/Wireless Event Log / EvtEng][Running/Auto Start]
<C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation>
[Windows Presentation Foundation Font Cache 3.0.0.0 / FontCache3.0.0.0][Stopped/Manual Start]
<c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe><Microsoft Corporation>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Windows CardSpace / idsvc][Stopped/Manual Start]
<"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"><Microsoft Corporation>
[InCD Helper / InCDsrv][Running/Auto Start]
<C:\Program Files\Ahead\InCD\InCDsrv.exe><Nero AG>
[InCD Helper (read only) / InCDsrvR][Stopped/Auto Start]
<C:\Program Files\Ahead\InCD\InCDsrv.exe -r><Nero AG>
[Service Framework McAfee / McAfeeFramework][Running/Auto Start]
<C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart><Network Associates, Inc.>
[Network Associates McShield / McShield][Running/Auto Start]
<"C:\Program Files\Network Associates\VirusScan\Mcshield.exe"><Network Associates, Inc.>
[Network Associates Task Manager / McTaskManager][Running/Auto Start]
<"C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"><Network Associates, Inc.>
[Net.Tcp Port Sharing Service / NetTcpPortSharing][Stopped/Disabled]
<"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"><Microsoft Corporation>
[Prevx Agent / PREVXAgent][Running/Auto Start]
<"C:\Program Files\Prevx1\PXAgent.exe" -f><Prevx>
[Intel(R) PROSet/Wireless Registry Service / RegSrvc][Running/Auto Start]
<C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation>
[Intel(R) PROSet/Wireless Service / S24EventMonitor][Running/Auto Start]
<C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe><Intel Corporation>
[Intel(R) PROSet/Wireless SSO Service / WLANKEEPER][Running/Auto Start]
<C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe><Intel(R) Corporation>

==================================
????
[AEGIS Protocol (IEEE 802.1x) v3.4.10.0 / AegisP][Running/Auto Start]
<system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
<system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[InCDPass / InCDPass][Running/System Start]
<System32\DRIVERS\InCDPass.sys><Nero AG>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[Elantech Touchpad / Ktp][Stopped/Manual Start]
<system32\DRIVERS\Ktp.sys><ELANTECH Devices Corp.>
[Logitech SetPoint Keyboard Driver / L8042Kbd][Running/Manual Start]
<system32\DRIVERS\L8042Kbd.sys><Logitech Inc.>
[SetPoint PS/2 Mouse Filter Driver / L8042mou][Running/Manual Start]
<system32\DRIVERS\L8042mou.Sys><Logitech Inc.>
[LBeepKE / LBeepKE][Running/Auto Start]
<System32\Drivers\LBeepKE.sys><Logitech Inc.>
[SetPoint HID Mouse Filter Driver / LHidKe][Running/Manual Start]
<system32\DRIVERS\LHidKE.Sys><Logitech Inc.>
[SetPoint USB Receiver device driver / LHidUsbK][Running/Manual Start]
<System32\Drivers\LHidUsbK.Sys><Logitech Inc.>
[SetPoint Mouse Filter Driver / LMouKE][Running/Manual Start]
<system32\DRIVERS\LMouKE.Sys><Logitech Inc.>
[NaiAvFilter1 / NaiAvFilter1][Running/Manual Start]
<system32\drivers\naiavf5x.sys><Network Associates, Inc.>
[NaiAvTdi1 / NaiAvTdi1][Running/System Start]
<system32\drivers\mvstdi5x.sys><Network Associates, Inc.>
[PREVX Kernel Mode Agent / PrevxDriver][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\pxfsf.sys><Prevx Limited, http://www.prevx1.com/>
[PREVX Emulator driver / PREVXEmulator][Running/Manual Start]
<system32\DRIVERS\PxEmu.sys><Prevx Limited, http://www.prevx1.com/>
[PREVX TDI filter / PREVXTdi][Running/System Start]
<system32\DRIVERS\pxtdi.sys><Prevx Limited, http://www.prevx1.com/>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PREVX Rootkitscan driver / PXRDDriver][Running/System Start]
<system32\DRIVERS\pxrd.sys><N/A>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Transport RLAN / s24trans][Running/Auto Start]
<system32\DRIVERS\s24trans.sys><Intel Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[smserial / smserial][Running/Manual Start]
<system32\DRIVERS\smserial.sys><Motorola Inc.>
[Pilote de filtrage Sony USB (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[tifm21 / tifm21][Running/Manual Start]
<system32\drivers\tifm21.sys><Texas Instruments>
[Intel(R) PRO/Wireless 3945ABG Adapter Driver / w39n51][Running/Manual Start]
<system32\DRIVERS\w39n51.sys><Intel? Corporation>
[EntDrv51 / EntDrv51][Running/Manual Start]
<\??\C:\WINDOWS\system32\drivers\EntDrv51.sys><Network Associates, Inc>

葡萄眼睛 - 2007-5-19 0:07:00

【回复“葡萄眼睛”的帖子】

==================================
??????
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[URLDetector Class]
{55EA1964-F5E4-4D6A-B9B2-125B37655FCB} <C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll, Prevx Ltd.>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[&Rechercher]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\MSMSGS.EXE, Microsoft Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Fichiers communs\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[URLDetector Class]
{55EA1964-F5E4-4D6A-B9B2-125B37655FCB} <C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll, Prevx Ltd.>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Windows Live Sign-in Control]
{D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>

葡萄眼睛 - 2007-5-19 0:08:00

【回复“葡萄眼睛”的帖子】

==================================
???????
[PID: 888][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 948][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 972][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\IWPDGINA.DLL] [Intel Corporation, 10, 1, 1, 12]
[C:\Program Files\Intel\Wireless\Bin\SsoGnFRA.dll] [Intel Corporation, 10, 1, 1, 12]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1020][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.240]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[PID: 1032][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.240]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[PID: 1196][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.240]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[PID: 1272][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.240]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[PID: 1520][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.240]
[PID: 2288][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.240]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Internet Explorer\HiJack.dll] [Microsoft Corporation, 1. 0. 0. 1]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\ztso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\mhso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\fyso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\jtso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wlso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wgso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wmso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\qjso0.dll] [N/A, ]
[C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\Res0C\McShield.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Fichiers communs\Network Associates\Engine\mcscan32.dll] [McAfee, Inc., 5.1.00]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\rxso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wdso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\tlso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\daso0.dll] [N/A, ]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\Ahead\InCD\incdshx.dll] [Nero AG, 4, 3, 23, 2]
[C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3.0.0.4543]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4543]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4543]
[C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 3.0.0.4543]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4543]
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\PowerArchiver\PASHLEXT.DLL] [ConeXware, Inc., 9.6.1.3]
[C:\Program Files\Network Associates\VirusScan\shext.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES0c\ShExtRes.dll] [Network Associates, Inc., 8.0.0.912]
[PID: 2332][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[PID: 3196][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.4543]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4543]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4543]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4543]

葡萄眼睛 - 2007-5-19 0:10:00

【回复“葡萄眼睛”的帖子】

[PID: 3296][C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe] [Intel Corporation, 10, 1, 1, 45]
[C:\Program Files\Intel\Wireless\bin\PfMgrApi.dll] [Intel Corporation, 10, 1, 1, 48]
[C:\Program Files\Intel\Wireless\bin\TraceAPI.DLL] [Intel Corporation, 10, 1, 1, 5]
[C:\Program Files\Intel\Wireless\bin\PsRegApi.dll] [Intel Corporation, 10, 1, 1, 2]
[C:\Program Files\Intel\Wireless\bin\DbEngine.dll] [Intel Corporation, 10, 1, 1, 14]
[C:\Program Files\Intel\Wireless\bin\LIBEAY32.dll] [N/A, ]
[C:\Program Files\Intel\Wireless\bin\IntStngs.dll] [, 10, 1, 1, 3]
[C:\Program Files\Intel\Wireless\bin\MurocApi.dll] [Intel Corporation, 10, 1, 1, 39]
[C:\Program Files\Intel\Wireless\bin\S24MUDLL.dll] [Intel Corporation, 10, 1, 1, 1]
[C:\Program Files\Intel\Wireless\Bin\ZcSvcFRA.dll] [Intel Corporation, 10, 1, 1, 45]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[PID: 3312][C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe] [Intel Corporation, 10, 1, 1, 19]
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 10, 1, 1, 2]
[C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll] [N/A, ]
[C:\Program Files\Intel\Wireless\Bin\IntStngs.dll] [, 10, 1, 1, 3]
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 10, 1, 1, 5]
[C:\Program Files\Intel\Wireless\Bin\FrWrkFRA.dll] [Intel Corporation, 10, 1, 1, 19]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\Program Files\Intel\Wireless\Bin\FrameworkPlugins\ConnMgr.dll] [Intel Corporation, 10, 1, 1, 164]
[C:\Program Files\Intel\Wireless\Bin\MurocApi.dll] [Intel Corporation, 10, 1, 1, 39]
[C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll] [Intel Corporation, 10, 1, 1, 1]
[C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll] [Intel Corporation, 10, 1, 1, 48]
[C:\Program Files\Intel\Wireless\Bin\DbEngine.dll] [Intel Corporation, 10, 1, 1, 14]
[C:\Program Files\Intel\Wireless\Bin\IntWAFRA.dll] [Intel Corporation, 10, 1, 1, 164]
[PID: 3336][C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe] [Intel Corporation, 10, 1, 1, 17]
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 10, 1, 1, 2]
[C:\Program Files\Intel\Wireless\Bin\MurocApi.dll] [Intel Corporation, 10, 1, 1, 39]
[C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll] [Intel Corporation, 10, 1, 1, 1]
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 10, 1, 1, 5]
[C:\Program Files\Intel\Wireless\Bin\IntStngs.dll] [, 10, 1, 1, 3]
[C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll] [N/A, ]
[C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll] [Intel Corporation, 10, 1, 1, 48]
[C:\Program Files\Intel\Wireless\Bin\DbEngine.dll] [Intel Corporation, 10, 1, 1, 14]
[C:\Program Files\Intel\Wireless\Bin\EOUWzFRA.dll] [Intel Corporation, 10, 1, 1, 17]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[PID: 3372][C:\WINDOWS\mHotkey.exe] [Chicony, 2, 2, 1, 0]
[C:\WINDOWS\HKNTDLL.dll] [N/A, ]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3468][C:\WINDOWS\sm56hlpr.exe] [Motorola Inc., 6.11.02]
[C:\WINDOWS\sm56eng.dll] [N/A, ]
[C:\WINDOWS\sm56fra.dll] [N/A, ]
[C:\WINDOWS\sm56brz.dll] [N/A, ]
[C:\WINDOWS\sm56chs.dll] [N/A, ]
[C:\WINDOWS\sm56cht.dll] [N/A, ]
[C:\WINDOWS\sm56ger.dll] [N/A, ]
[C:\WINDOWS\sm56itl.dll] [N/A, ]
[C:\WINDOWS\sm56jpn.dll] [N/A, ]
[C:\WINDOWS\sm56spn.dll] [N/A, ]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[PID: 3540][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[PID: 3568][C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe] [Cyberlink Corp., 6.00.1027]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\Program Files\CyberLink\PowerDVD\CLRCEngine2.dll] [CyberLink Corp., 3.2.2021 ]
[PID: 3732][C:\Program Files\Ahead\InCD\InCD.exe] [Nero AG, 4, 3, 23, 2]
[C:\Program Files\Ahead\InCD\InCdApi.dll] [Nero AG, 4, 3, 23, 2]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\Program Files\Fichiers communs\Ahead\Lib\DriveLocker.dll] [Ahead Software AG, 1, 0, 0, 17]
[C:\Program Files\Ahead\InCD\incdshx.dll] [Nero AG, 4, 3, 23, 2]
[PID: 736][C:\Program Files\CNNIC\Cdn\cdnup.exe] [, 2, 4, 0, 6]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[PID: 1408][C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe] [Google Inc., 1, 0, 0, 1]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[C:\WINDOWS\system32\GooglePinyin.ime] [Google Inc., ]

葡萄眼睛 - 2007-5-19 0:11:00

【回复“葡萄眼睛”的帖子】

[PID: 404][C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\naiwmain.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES0c\shstat.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES0c\Product.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES0c\McShield.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\RES0c\Shutilrc.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\Graphics.dll] [Network Associates, Inc., 8.0.0.912]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[PID: 1680][C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\nailog.dll] [Network Associates, Inc., 3.5.0.474]
[C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] [Network Associates, Inc., 3.5.0.474]
[C:\Program Files\Network Associates\Common Framework\naXML.dll] [Network Associates, Inc., 3.5.0.474]
[C:\Program Files\Network Associates\Common Framework\040C\UpdRes.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\040C\AgentRes.dll] [Network Associates, Inc., 3.5.0.412]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] [Network Associates, Inc., 3.5.0.412]
[PID: 2104][C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe] [Network Associates, Inc., 2.0.275.0]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\Program Files\Fichiers communs\Network Associates\TalkBack\dbghelp.dll] [Microsoft Corporation, 6.0.0017.0 (DbgBuild.020528-1721)]
[PID: 2320][C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe] [Intel Corporation, 10, 1, 1, 84]
[C:\PROGRA~1\Intel\Wireless\Bin\acAuth.dll] [, 4.0.23.0 2006-03-10 14:49:28]
[C:\PROGRA~1\Intel\Wireless\Bin\C1XStngs.dll] [Intel Corporation, 10, 1, 1, 31]
[C:\PROGRA~1\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 10, 1, 1, 2]
[C:\PROGRA~1\Intel\Wireless\Bin\IntStngs.dll] [, 10, 1, 1, 3]
[C:\PROGRA~1\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 10, 1, 1, 5]
[C:\PROGRA~1\Intel\Wireless\Bin\IWMSPROV.DLL] [N/A, ]
[C:\Program Files\Intel\Wireless\Bin\C8021FRA.dll] [Intel Corporation, 10, 1, 1, 31]
[C:\PROGRA~1\Intel\Wireless\Bin\LSAWRAPI.dll] [Intel Corporation, 10, 1, 1, 1]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\PROGRA~1\Intel\Wireless\Bin\PfMgrApi.dll] [Intel Corporation, 10, 1, 1, 48]
[C:\PROGRA~1\Intel\Wireless\Bin\DbEngine.dll] [Intel Corporation, 10, 1, 1, 14]
[C:\PROGRA~1\Intel\Wireless\Bin\LIBEAY32.dll] [N/A, ]
[PID: 2056][C:\Program Files\MSN Messenger\MsnMsgr.Exe] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\MSNCore.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[C:\Program Files\MSN Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\MSN Messenger\ContactsUX.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\msgsres.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\Program Files\MSN Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\daso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\tlso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wdso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\rxso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\qjso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wmso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wgso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wlso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\jtso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\fyso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\mhso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\ztso0.dll] [N/A, ]
[C:\Program Files\MSN Messenger\lmcdata.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\contact.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\Res0C\McShield.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Fichiers communs\Network Associates\Engine\mcscan32.dll] [McAfee, Inc., 5.1.00]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[C:\Program Files\MSN Messenger\dfsr.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\abssm.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
[C:\Program Files\MSN Messenger\usnsvcps.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

葡萄眼睛 - 2007-5-19 0:12:00

【回复“葡萄眼睛”的帖子】

[PID: 2880][E:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe] [VoipStunt, 3, 0, 408, 0]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[C:\WINDOWS\system32\odbcbcp.dll] [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\Res0C\McShield.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Fichiers communs\Network Associates\Engine\mcscan32.dll] [McAfee, Inc., 5.1.00]
[C:\WINDOWS\system32\netfxperf.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\perfcounter.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CorperfmonExt.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll] [Microsoft Corporation, 1.1.4322.2032]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\FICHIE~1\SYSTEM\MSMAPI\1036\MSMAPI32.DLL] [Microsoft Corporation, 11.0.8002]
[C:\Program Files\Fichiers communs\Microsoft Shared\office11\mso.dll] [Microsoft Corporation, 11.0.8132]
[PID: 3144][C:\Program Files\Messenger\MSMSGS.EXE] [Microsoft Corporation, 4.7.2009]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.240]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[C:\Program Files\Messenger\MSGSLANG.DLL] [Microsoft Corporation, 4.7.2009]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\PROGRA~1\MESSEN~1\rtcimsp.dll] [Microsoft Corporation, 4.0.3599.0 (Lab02_N(ntvbl02).020107-1351)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[PID: 3804][C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE] [Microsoft Corporation, 11.0.8134]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.240]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[C:\Program Files\Fichiers communs\Microsoft Shared\office11\mso.dll] [Microsoft Corporation, 11.0.8132]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\Program Files\Fichiers communs\Microsoft Shared\office11\riched20.dll] [Microsoft Corporation, 5.50.99.2014]
[C:\Program Files\Microsoft Office\OFFICE11\msostyle.dll] [Microsoft Corporation, 11.0.5510]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\daso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\tlso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wdso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\rxso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\qjso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wmso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wgso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wlso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\jtso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\fyso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\mhso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\ztso0.dll] [N/A, ]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdiui.dll] [Microsoft Corporation, 11.3.2175.0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdigraph.dll] [Microsoft Corporation, 11.3.2175.0]
[C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\METCONV.DLL] [Microsoft Corporation, 11.0.6467]
[C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\INTLNAME.DLL] [Microsoft Corporation, 11.0.6467]
[C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\FNAME.DLL] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\Fichiers communs\Microsoft Shared\PROOF\MSSP3FR.DLL] [Microsoft Corporation, 5.0.6466]
[C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\1036\stintl.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\Fichiers communs\Microsoft Shared\PROOF\mslid.dll] [Microsoft Corporation, 1.0.2305]
[C:\Program Files\Fichiers communs\Microsoft Shared\PROOF\1036\MSGR3FR.DLL] [Microsoft Corporation, 5.1.3019.1]
[C:\Program Files\Microsoft Office\OFFICE11\GdiPlus.DLL] [Microsoft Corporation, 6.0.3275.0]
[C:\Program Files\Fichiers communs\Microsoft Shared\PROOF\MSSPELL3.DLL] [Microsoft Corporation, 1.1.6215]
[C:\Program Files\Fichiers communs\Microsoft Shared\PROOF\MSSp3FR.lex] [Microsoft Corporation, 5.0.6466]
[C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\FPERSON.DLL] [Microsoft Corporation, 11.0.5510]
[C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\MOFL.DLL] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSXML5.DLL] [Microsoft Corporation, 5.10.2930.0]
[C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\FDATE.DLL] [Microsoft Corporation, 11.0.5510]

葡萄眼睛 - 2007-5-19 0:12:00

【回复“葡萄眼睛”的帖子】

[PID: 2540][C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE] [Microsoft Corporation, 11.0.8135]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.240]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[C:\Program Files\Fichiers communs\Microsoft Shared\office11\mso.dll] [Microsoft Corporation, 11.0.8132]
[C:\Program Files\Microsoft Office\OFFICE11\1036\ppintl.dll] [Microsoft Corporation, 11.0.6565]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\Program Files\Microsoft Office\OFFICE11\GdiPlus.DLL] [Microsoft Corporation, 6.0.3275.0]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\daso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\tlso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wdso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\rxso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\qjso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wmso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wgso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wlso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\jtso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\fyso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\mhso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\ztso0.dll] [N/A, ]
[C:\WINDOWS\system32\icm32.dll] [Microsoft Corporation, 5.1.2600.2709 (xpsp_sp2_gdr.050628-1518)]
[C:\Program Files\Fichiers communs\Microsoft Shared\office11\riched20.dll] [Microsoft Corporation, 5.50.99.2014]
[C:\Program Files\Microsoft Office\OFFICE11\msostyle.dll] [Microsoft Corporation, 11.0.5510]
[PID: 2736][E:\Program Files\Maxthon\Maxthon.exe] [Maxthon International Ltd., 1, 5, 6, 42]
[E:\Program Files\Maxthon\maxzlib.dll] [ , 1, 0, 0, 2]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[C:\WINDOWS\system32\odbcbcp.dll] [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\Res0C\McShield.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Fichiers communs\Network Associates\Engine\mcscan32.dll] [McAfee, Inc., 5.1.00]
[E:\Program Files\Maxthon\Services\RealTime\real_time.dll] [, 1, 0, 0, 1]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\daso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\tlso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wdso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\rxso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\qjso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wmso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wgso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wlso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\jtso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\fyso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\mhso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\ztso0.dll] [N/A, ]
[C:\WINDOWS\HKNTDLL.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[PID: 2496][E:\outils\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\daso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\tlso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wdso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\rxso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\qjso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wmso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wgso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wlso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\jtso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\fyso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\mhso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\ztso0.dll] [N/A, ]
[C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\Res0C\McShield.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Fichiers communs\Network Associates\Engine\mcscan32.dll] [McAfee, Inc., 5.1.00]
[C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL] [Microsoft Corporation, 11.0.6551]

==================================
????
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock ???
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS ??
127.0.0.1 localhost

==================================
API HOOK
N/A

==================================
????
N/A

==================================

[/CODE]

agee - 2007-5-19 1:10:00

以下启动项可疑
<wosa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\woso.exe> [N/A]
<ztsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\ztso.exe> []
<mhsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\mhso.exe> []
<fysa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\fyso.exe> []
<jtsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\jtso.exe> []
<wlsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wlso.exe> []
<wgsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wgso.exe> []
<wmsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wmso.exe> []
<qjsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\qjso.exe> []
<rxsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\rxso.exe> []
<wdsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wdso.exe> []
<tlsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\tlso.exe> []
<dasa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\daso.exe> []
以下进程调用文件可疑
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\ztso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\mhso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\fyso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\jtso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wlso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wgso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wmso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\qjso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\rxso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wdso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\tlso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\daso0.dll] [N/A, ]

删除相应启动项后，清空IE缓存

loveperday - 2007-5-19 1:12:00

========Content========
注册表删除：
<wosa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\woso.exe> [N/A]
<ztsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\ztso.exe> []
<mhsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\mhso.exe> []
<fysa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\fyso.exe> []
<jtsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\jtso.exe> []
<wlsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wlso.exe> []
<wgsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wgso.exe> []
<wmsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wmso.exe> []
<qjsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\qjso.exe> []
<rxsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\rxso.exe> []
<wdsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wdso.exe> []
<tlsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\tlso.exe> []
<dasa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\daso.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{01F6EB6F-AB5C-1FDD-6E5B-FB6EE3CC6CD6}><C:\Program Files\Internet Explorer\HiJack.dll> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]

文件删除：
[C:\Program Files\Internet Explorer\HiJack.dll] [Microsoft Corporation, 1. 0. 0. 1]
以下这些是木马，但都在临时文件夹里面。所以你直接清空临时文件夹就好了。
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\daso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\tlso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wdso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\rxso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\qjso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wmso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wgso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wlso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\jtso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\fyso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\mhso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\ztso0.dll] [N/A, ]
清理完后可以自己再扫一次日志，比对一下。

葡萄眼睛 - 2007-5-19 1:30:00

谢谢楼上两位的回帖，但是我都试过了，这些dll文件都无法删除，接下来我该怎么办啊？

sanjingshou - 2007-5-19 1:38:00

引用:

【loveperday的贴子】========Content========
注册表删除：
<wosa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\woso.exe> [N/A]
<ztsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\ztso.exe> []
<mhsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\mhso.exe> []
<fysa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\fyso.exe> []
<jtsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\jtso.exe> []
<wlsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wlso.exe> []
<wgsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wgso.exe> []
<wmsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wmso.exe> []
<qjsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\qjso.exe> []
<rxsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\rxso.exe> []
<wdsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wdso.exe> []
<tlsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\tlso.exe> []
<dasa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\daso.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{01F6EB6F-AB5C-1FDD-6E5B-FB6EE3CC6CD6}><C:\Program Files\Internet Explorer\HiJack.dll> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]

文件删除：
[C:\Program Files\Internet Explorer\HiJack.dll] [Microsoft Corporation, 1. 0. 0. 1]
以下这些是木马，但都在临时文件夹里面。所以你直接清空临时文件夹就好了。
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\daso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\tlso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wdso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\rxso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\qjso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wmso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wgso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wlso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\jtso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\fyso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\mhso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\ztso0.dll] [N/A, ]
清理完后可以自己再扫一次日志，比对一下。

………………

按这个处理完注册表后，重起删除DLL文件

sanjingshou - 2007-5-19 1:39:00

重起后再不行，就要借助工具了
下载ICESWORD，置顶处有下载的联接

天傲之1 - 2007-5-22 10:36:00

我有2个文件一个清注册表启动项一个清除系统垃圾大家看看复制到文本文件后缀改成.bat 看看但是杀不料毒，我把清理垃圾设成拉开机启动项拉，

1
@echo off
echo 正在清理系统垃圾文件，请稍等......
del /f /s /q %systemdrive%\*.tmp
del /f /s /q %systemdrive%\*._mp
del /f /s /q %systemdrive%\*.log
del /f /s /q %systemdrive%\*.gid
del /f /s /q %systemdrive%\*.chk
del /f /s /q %systemdrive%\*.old
del /f /s /q %systemdrive%\recycled\*.*
del /f /s /q %windir%\*.bak
del /f /s /q %windir%\prefetch\*.*
rd /s /q %windir%\temp & md %windir%\temp
del /f /q %userprofile%\cookies\*.*
del /f /q %userprofile%\recent\*.*
del /f /s /q "%userprofile%\Local Settings\Temporary Internet Files\*.*"
del /f /s /q "%userprofile%\Local Settings\Temp\*.*"
del /f /s /q "%userprofile%\recent\*.*"
echo 清理系统垃圾完成！
echo. & pause
2
@ ECHO OFF
@ ECHO.
@ ECHO. 说明
@ ECHO --------------------------------------------------------------
@ ECHO 本批处理会自动清理所有非必要的启动项目，仅保留输入法(ctfmon)。
@ ECHO 目的是减少不必要的资源占用，使系统运行顺畅。但清理掉的项目不作
@ ECHO 备份，请小心使用。
@ ECHO --------------------------------------------------------------
PAUSE
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /va /f
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /va /f
reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v ctfmon.exe /d C:\WINDOWS\system32\ctfmon.exe
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IMJPMIG8.1"
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IMJPMIG8.1" /v command /d ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32"
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IMJPMIG8.1" /v hkey /d HKLM
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IMJPMIG8.1" /v inimapping /d 0
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IMJPMIG8.1" /v item /d IMJPMIG
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IMJPMIG8.1" /v key /d SOFTWARE\Microsoft\Windows\CurrentVersion\Run

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002A"
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002A" /v command /d "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName"
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002A" /v hkey /d HKLM
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002A" /v inimapping /d 0
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002A" /v item /d TINTSETP
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002A" /v key /d SOFTWARE\Microsoft\Windows\CurrentVersion\Run

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002ASync"
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002ASync" /v command /d ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32"
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002ASync" /v hkey /d HKLM
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002ASync" /v inimapping /d 0
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002ASync" /v item /d TINTSETP
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002ASync" /v key /d SOFTWARE\Microsoft\Windows\CurrentVersion\Run

del "C:\Documents and Settings\All Users\「开始」菜单\程序\启动\*.*" /q /f
del "C:\Documents and Settings\Default User\「开始」菜单\程序\启动\*.*" /q /f
del "%userprofile%\「开始」菜单\程序\启动\*.*" /q /f
start C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe

瑞星卡卡安全论坛