瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】中了刪不了的毒 麻煩高手幫忙看日誌~

1   1  /  1  页   跳转

【求助】中了刪不了的毒 麻煩高手幫忙看日誌~

收藏
juiceleo
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2006-10-19
  • 来自:
发表于: 2006-10-19 20:12 | 只看楼主 短消息 资料
字号: 1楼

【求助】中了刪不了的毒 麻煩高手幫忙看日誌~

2006-10-19,19:41:10

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <Super Rabbit IEPro><C:\Program Files\Super Rabbit\IEG\SRIECLI.EXE /LOAD>  [N/A]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
    <Yahoo! Pager><"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet>  [(Verified)Yahoo! Inc.]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><; nwiz.exe /install>  [NVIDIA Corporation]
    <Smapp><; C:\Program Files\Analog Devices\SoundMAX\Smtray.exe>  [Analog Devices, Inc.]
    <pccguide.exe><; "C:\Program Files\Trend Micro\PC-cillin 2004\pccguide.exe">  [Trend Micro Incorporated.]
    <PCClient.exe><; "C:\Program Files\Trend Micro\PC-cillin 2004\PCClient.exe">  [Trend Micro Incorporated.]
    <TM Outbreak Agent><; "C:\Program Files\Trend Micro\PC-cillin 2004\TMOAgent.exe" /run>  [Trend Micro Incorporated.]
    <UnlockerAssistant><"C:\Program Files\Unlocker\UnlockerAssistant.exe">  [N/A]
    <ClubBox><>  [N/A]
    <NetLimiter><C:\Program Files\NetLimiter\NetLimiter.exe /s>  [LockTime]
    <Arovax AntiSpyware><C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s>  [Arovax]
    <Arovax Shield><C:\Program Files\Arovax Shield\ArovaxShield.exe -tray>  [Arovax, LLC]
    <Super Rabbit SRRestore><C:\PROGRA~1\SUPERR~1\magicset\SRRest.exe /FIRST>  [Super Rabbit Soft]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
最后编辑2006-10-19 22:32:31
分享到:
gototop
 
juiceleo
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2006-10-19
  • 来自:
发表于: 2006-10-19 20:13 | 只看楼主 短消息 资料
字号: 2楼

Startup Folders
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><H>

==================================
Services
[Adobe LM Service / Adobe LM Service]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><N/A>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Spectrum24 Events Monitor / IPRIP]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\acss.dll><LINKMEDIA Tech>
[ELSA Driver Helper Service / NVSvc]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[NetMeeting Remote Desktop Agent / Nwsapagent]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\Nwsapagent.dll><LINKMEDIA Tech>
[Trend Micro Personal Firewall / PccPfw]
  <C:\Program Files\Trend Micro\PC-cillin 2004\PccPfw.exe><Trend Micro Incorporated.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[TabletService / TabletService]
  <C:\WINDOWS\system32\Tablet.exe><Wacom Technology, Corp.>
[Trend NT Realtime Service / Tmntsrv]
  <"C:\Program Files\Trend Micro\PC-cillin 2004\Tmntsrv.exe"><Trend Micro Incorporated.>
[Trend Micro Proxy Service / tmproxy]
  <C:\Program Files\Trend Micro\PC-cillin 2004\tmproxy.exe><Trend Micro Incorporated.>

==================================
Drivers
[aeaudio / aeaudio]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[ASUSTeK/Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp]
  <System32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[gmer / gmer]
  <System32\DRIVERS\gmer.sys><GMER>
[hfjkinu / hfjkinuq]
  <\SystemRoot\System32\DRIVERS\hfjkinuq.sys><Microsoft Corporation>
[NOWMEMDF / NOWMEMDF]
  <\??\C:\WINDOWS\system32\NOWMEMDF.sys><(c)NOWCOM>
[nv / nv]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Pen Class / PenClass]
  <\SystemRoot\System32\Drivers\PenClass.sys><Wacom Technology Corporation>
[直接平行連接埠連結驅動程式 / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Tmfilter / Tmfilter]
  <System32\drivers\TmXPFlt.sys><Trend Micro Inc.>
[Tmpreflt / Tmpreflt]
  <System32\drivers\Tmpreflt.sys><Trend Micro Inc.>
[Trend Micro TDI Driver / tmtdi]
  <\SystemRoot\System32\Drivers\tmtdi.sys><Trend Micro Inc.>
[Common Firewall Driver / tm_cfw]
  <\SystemRoot\System32\Drivers\tm_cfw.sys><Trend Micro Inc.>
[Vsapint / Vsapint]
  <System32\drivers\Vsapint.sys><Trend Micro Inc.>
gototop
 
juiceleo
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2006-10-19
  • 来自:
发表于: 2006-10-19 20:14 | 只看楼主 短消息 资料
字号: 3楼

Browser Add-ons
[超級兔子上網精靈]
  {FEDF637B-F631-4583-A210-33CC828D42DB} <C:\PROGRA~1\SUPERR~1\magicset\HAOKAN~2.DLL, 超?兔子>
[超級兔子上網精靈]
  {FEDF637B-F631-4583-A210-33CC828D42DB} <C:\PROGRA~1\SUPERR~1\magicset\HAOKAN~2.DLL, 超?兔子>
[Windows Live Toolbar]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, N/A>
[NowStarter Control]
  {072039AB-2117-4ED5-A85F-9B9EB903E021} <C:\WINDOWS\DOWNLO~1\NOWSTA~1.OCX, (C) NOWCOM>
[YInstStarter Class]
  {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\Program Files\Yahoo!\Common\yinsthelper.dll, Yahoo! Inc.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[NowStarter Control]
  {072039AB-2117-4ED5-A85F-9B9EB903E021} <C:\WINDOWS\DOWNLO~1\NOWSTA~1.OCX, (C) NOWCOM>
[&Yahoo! Messenger]
  {4528BBE0-4E08-11D5-AD55-00010333D0AD} <C:\PROGRA~1\Yahoo!\Common\yhexbmestw.dll, N/A>
[Microsoft Shell UI Helper]
  {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <%SystemRoot%\System32\shdocvw.dll, N/A>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Windows Live Toolbar]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, N/A>
[Windows Live Toolbar Helper]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[MessengerChecker Class]
  {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, TODO: <Company name>>
[超級兔子上網精靈]
  {FEDF637B-F631-4583-A210-33CC828D42DB} <C:\PROGRA~1\SUPERR~1\magicset\HAOKAN~2.DLL, 超?兔子>
[&Google Search]
  <res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html, N/A>
gototop
 
juiceleo
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2006-10-19
  • 来自:
发表于: 2006-10-19 20:16 | 只看楼主 短消息 资料
字号: 4楼

Running Processes
[PID: 544][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 628][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 652][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
[PID: 696][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
[PID: 708][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
    [C:\Program Files\NetLimiter\nl_lsp.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\nl_msgc.dll]  [N/A, N/A]
[PID: 896][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
[PID: 972][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
    [C:\Program Files\NetLimiter\nl_lsp.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\nl_msgc.dll]  [N/A, N/A]
[PID: 1068][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
    [C:\Program Files\NetLimiter\nl_lsp.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\nl_msgc.dll]  [N/A, N/A]
    [c:\windows\system32\acss.dll]  [LINKMEDIA Tech, 1, 5, 0, 4]
    [c:\windows\system32\nwsapagent.dll]  [LINKMEDIA Tech, 1, 5, 0, 4]
[PID: 1112][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
    [C:\Program Files\NetLimiter\nl_lsp.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\nl_msgc.dll]  [N/A, N/A]
[PID: 1156][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
    [C:\Program Files\NetLimiter\nl_lsp.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\nl_msgc.dll]  [N/A, N/A]
[PID: 1432][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
[PID: 1584][C:\WINDOWS\System32\nvsvc32.exe]  [NVIDIA Corporation, 6.13.10.4109]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.56-6]
[PID: 1660][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]  [Analog Devices, Inc., 3, 2, 5, 0]
[PID: 1720][C:\WINDOWS\system32\Tablet.exe]  [Wacom Technology, Corp., 4.72-4]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.56-6]
[PID: 1756][C:\Program Files\Trend Micro\PC-cillin 2004\Tmntsrv.exe]  [Trend Micro Incorporated., 11.0.0.1264]
    [C:\Program Files\Trend Micro\PC-cillin 2004\tmdbg.dll]  [N/A, N/A]
    [C:\Program Files\Trend Micro\PC-cillin 2004\pewnt2.dll]  [Trend Micro Incorporated., 11.0.0.1264]
[PID: 1792][C:\Program Files\Trend Micro\PC-cillin 2004\tmproxy.exe]  [Trend Micro Incorporated., 11.0.0.1264]
    [C:\PROGRA~1\TRENDM~1\PC-CIL~1\tmdbg.dll]  [N/A, N/A]
    [C:\PROGRA~1\TRENDM~1\PC-CIL~1\TmpxHelp.dll]  [Trend Micro Incorporated., 11.0.0.1264]
    [C:\PROGRA~1\TRENDM~1\PC-CIL~1\TmpxCfg.dll]  [Trend Micro Incorporated., 11.0.0.1264]
    [C:\Program Files\NetLimiter\nl_lsp.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\nl_msgc.dll]  [N/A, N/A]
    [C:\PROGRA~1\TRENDM~1\PC-CIL~1\tmtdi.dll]  [Trend Micro Incorporated., 11.0.0.1264]
    [C:\PROGRA~1\TRENDM~1\PC-CIL~1\TmsmHttp.dll]  [Trend Micro Incorporated., 11.0.0.1264]
    [C:\PROGRA~1\TRENDM~1\PC-CIL~1\TmpeURLF.dll]  [N/A, N/A]
    [C:\PROGRA~1\TRENDM~1\PC-CIL~1\TmphHttp.dll]  [Trend Micro Incorporated., 11.0.0.1264]
    [C:\PROGRA~1\TRENDM~1\PC-CIL~1\TmsmMail.dll]  [Trend Micro Incorporated., 11.0.0.1264]
    [C:\Program Files\Trend Micro\PC-cillin 2004\TmMsg.dll]  [Trend Micro Inc., 2.0]
    [C:\Program Files\Trend Micro\PC-cillin 2004\icuin18.dll]  [IBM Corporation and others, 1, 8, 1, 0]
    [C:\Program Files\Trend Micro\PC-cillin 2004\icuuc18.dll]  [IBM Corporation and others, 1, 8, 1, 0]
    [C:\PROGRA~1\TRENDM~1\PC-CIL~1\TmpeVS.dll]  [Trend Micro Incorporated., 11.0.0.1264]
    [C:\PROGRA~1\TRENDM~1\PC-CIL~1\vsapi32.dll]  [Trend Micro Inc., 8.310-1002]
gototop
 
juiceleo
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2006-10-19
  • 来自:
发表于: 2006-10-19 20:17 | 只看楼主 短消息 资料
字号: 5楼

[C:\PROGRA~1\TRENDM~1\PC-CIL~1\TmphPop3.dll]  [Trend Micro Incorporated., 11.0.0.1264]
    [C:\PROGRA~1\TRENDM~1\PC-CIL~1\TmphSMTP.dll]  [Trend Micro Incorporated., 11.0.0.1264]
[PID: 340][C:\Program Files\Trend Micro\PC-cillin 2004\PccPfw.exe]  [Trend Micro Incorporated., 11.0.0.1264]
    [C:\Program Files\Trend Micro\PC-cillin 2004\tmdbg.dll]  [N/A, N/A]
    [C:\Program Files\Trend Micro\PC-cillin 2004\tmCfwApi.dll]  [Trend Micro Inc., 1.2.0.1020]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.56-6]
[PID: 820][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
    [C:\Program Files\NetLimiter\nl_lsp.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\nl_msgc.dll]  [N/A, N/A]
[PID: 1712][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.56-6]
    [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, N/A]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\idle.dll]  [Yahoo! Inc., 1, 0, 0, 2]
    [C:\WINDOWS\system32\L3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\DVobSub.ax]  [Gabest, 2, 0, 23, 0]
    [C:\WINDOWS\system32\vobsub.dll]  [Gabest, 2, 0, 23, 0]
    [C:\Program Files\Theorica Divx ;-) Codecs\ffdshow.ax]  [N/A, N/A]
    [C:\WINDOWS\system32\divxdec.ax]  [DivXNetworks, Inc., 5.1.1.1031]
    [C:\Program Files\Unlocker\UnlockerCOM.dll]  [N/A, N/A]
    [C:\Program Files\Trend Micro\PC-cillin 2004\Tmdshell.dll]  [Trend Micro Incorporated., 11.0.0.1264]
    [C:\PROGRA~1\Yahoo!\Common\ymmapi.dll]  [Yahoo! Inc., 2004, 11, 23, 1]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\Real\RealPlayer\rpshell.dll]  [RealNetworks, Inc., 1.0.1.1946]
    [C:\WINDOWS\system32\PNCRT.dll]  [Real Networks, Inc, 6.0.0.0]
    [C:\WINDOWS\system32\xvid.ax]  [N/A, N/A]
[PID: 284][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
    [C:\WINDOWS\system32\sdmAgent22.dll]  [LINKMEDIA Tech, 1, 5, 0, 7]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.56-6]
    [C:\Program Files\NetLimiter\nl_lsp.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\nl_msgc.dll]  [N/A, N/A]
    [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, N/A]
[PID: 1696][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.56-6]
[PID: 2844][C:\Program Files\Unlocker\UnlockerAssistant.exe]  [N/A, N/A]
    [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.56-6]
[PID: 2856][C:\Program Files\Unlocker\UnlockerAssistant.exe]  [N/A, N/A]
    [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.56-6]
[PID: 2876][C:\Program Files\NetLimiter\NetLimiter.exe]  [LockTime, 1.29]
    [C:\WINDOWS\system32\nl_msgs.dll]  [N/A, N/A]
    [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.56-6]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\idle.dll]  [Yahoo! Inc., 1, 0, 0, 2]
[PID: 2892][C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe]  [Arovax, 2.0.0.0]
    [C:\Program Files\Arovax AntiSpyware\HTMLayout.dll]  [Terra Informatica Software, Inc., British Columbia, Canada., 3, 1, 1, 5]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
    [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.56-6]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\idle.dll]  [Yahoo! Inc., 1, 0, 0, 2]
[PID: 2908][C:\Program Files\Arovax Shield\ArovaxShield.exe]  [Arovax, LLC, 1.3]
    [C:\Program Files\Arovax Shield\HTMLayout.dll]  [Terra Informatica Software, Inc., British Columbia, Canada., 3, 1, 0, 14]
    [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.56-6]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\idle.dll]  [Yahoo! Inc., 1, 0, 0, 2]
[PID: 3124][C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE]  [Yahoo! Inc., 8,0,0,716]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\idle.dll]  [Yahoo! Inc., 1, 0, 0, 2]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\pcre.dll]  [Pcre, 3.9]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\YML.dll]  [N/A, 3, 0, 0, 2]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\YImage.dll]  [Yahoo! Inc., 1, 0, 0, 1]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\xmlparse.dll]  [N/A, N/A]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\xmltok.dll]  [N/A, N/A]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\yvoiceui.dll]  [Yahoo! inc, 1, 0, 0, 1]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\yaudiomgr.dll]  [N/A, 1, 0, 200, 1]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\GIPSVoiceEngineDLL.dll]  [Global IP Sound, 2, 0, 4, 0]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\id3lib.dll]  [http://www.id3lib.org/, 3.8.3]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\YIniDom.dll]  [N/A, 0, 1, 0, 0]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\YCPFoundation.dll]  [N/A, 1, 0, 0, 0]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\nspr4.dll]  [Netscape Communications Corporation, 4.6.1]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\YPluginRegistry.dll]  [N/A, 1, 0, 0, 0]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
    [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.56-6]
    [C:\Program Files\Yahoo!\Messenger\ft60.dll]  [Yahoo! Inc., 1.0.0.4]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\res_msgr.dll]  [Yahoo! Inc., 6, 0, 0, 1610]
    [C:\Program Files\Yahoo!\Shared\YbSkin2.dll]  [Yahoo! Inc., 2006, 7, 25, 1]
    [C:\Program Files\Yahoo!\Messenger\MyYahoo.dll]  [Yahoo! Inc., 8, 0, 0, 1]
    [C:\Program Files\Yahoo!\Messenger\D32-FW.DLL]  [Distinct Corporation, 3.4.6]
    [C:\WINDOWS\system32\icm32.dll]  [Microsoft Corporation, 5.1.2600.2709 (xpsp_sp2_gdr.050628-1518)]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [C:\Program Files\NetLimiter\nl_lsp.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\nl_msgc.dll]  [N/A, N/A]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\yvoicesm.dll]  [N/A, 1, 0, 201, 1]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\rvsip.dll]  [RADVISION, 3.1.1.30]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\rvcommon.dll]  [RADVISION, 1.0.18]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\rvads.dll]  [RADVISION, 3.1.1.30]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\rvsdp.dll]  [RADVISION, ]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\P2PCE.dll]  [N/A, 1, 0, 0, 0]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\yv_res.dll]  [Yahoo! Inc, 1, 0, 0, 1]
    [C:\Program Files\Yahoo!\Shared\YAlertCenter.dll]  [Yahoo! Inc., 2006, 7, 17, 1]
    [C:\Program Files\Yahoo!\Messenger\ypagerps.dll]  [N/A, 1, 0, 0, 1]
[PID: 3828][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.56-6]
    [C:\PROGRA~1\SUPERR~1\magicset\HAOKAN~2.DLL]  [超?兔子, 1.0.7.7]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
    [C:\Program Files\NetLimiter\nl_lsp.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\nl_msgc.dll]  [N/A, N/A]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\idle.dll]  [Yahoo! Inc., 1, 0, 0, 2]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
[PID: 4048][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
[PID: 2164][C:\WINDOWS\system32\fscagent.exe]  [Nowcom Co., Ltd., 3, 1, 1, 18]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
    [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.56-6]
    [C:\Program Files\NetLimiter\nl_lsp.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\nl_msgc.dll]  [N/A, N/A]
[PID: 2284][C:\Program Files\Real\RealPlayer\RealPlay.exe]  [RealNetworks, Inc., 6.0.12.1056]
    [C:\WINDOWS\system32\PNCRT.dll]  [Real Networks, Inc, 6.0.0.0]
    [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.56-6]
    [C:\Program Files\Common Files\Real\Common\objb3201.dll]  [RealNetworks, Inc., 0.1.0.6032]
    [C:\Program Files\Real\RealPlayer\rpplugins\rpap3260.dll]  [RealNetworks, Inc., 6.0.9.2745]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
    [C:\Program Files\Common Files\Real\Common\pnrs3260.dll]  [RealNetworks, Inc., 6.0.9.3775]
    [C:\Program Files\Real\RealPlayer\rpplugins\rpcl3260.dll]  [RealNetworks, Inc., 6.0.9.2828]
    [C:\Program Files\Common Files\Real\RCAPlugins\uisy3201.dll]  [RealNetworks, Inc., 0.1.0.3537]
    [C:\Program Files\Common Files\Real\Plugins\zipf3260.dll]  [RealNetworks, Inc., 6.0.8.2259]
    [C:\Program Files\Common Files\Real\RCAPlugins\rpcontrols1.dll]  [RealNetworks, Inc., 6.0.1.1942]
    [C:\Program Files\Common Files\Real\Plugins\pxcb3210.dll]  [RealNetworks, Inc., 1.0.0.3703]
    [C:\Program Files\Real\RealPlayer\rpplugins\rpmn3260.dll]  [RealNetworks, Inc., 6.0.9.2655]
    [C:\Program Files\Real\RealPlayer\rpplugins\rpms3260.dll]  [RealNetworks, Inc., 6.0.1.1977]
    [C:\Program Files\Real\RealPlayer\rpplugins\MPACore.dll]  [RealNetworks, Inc., 1.0.3.1995]
    [C:\Program Files\Real\RealPlayer\rpplugins\myde3260.dll]  [RealNetworks, Inc., 6.0.10.2212]
gototop
 
juiceleo
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2006-10-19
  • 来自:
发表于: 2006-10-19 20:17 | 只看楼主 短消息 资料
字号: 6楼

[C:\Program Files\Common Files\Real\Common\pngu3267.dll]  [RealNetworks, Inc., 6.7.0.2419]
    [C:\Program Files\Real\RealPlayer\rpplugins\rpds3260.dll]  [RealNetworks, Inc., 6.0.9.1996]
    [C:\Program Files\Real\RealPlayer\rpplugins\rpcomproxy.dll]  [RealNetworks, Inc., 6.0.12.695]
    [C:\WINDOWS\system32\DVobSub.ax]  [Gabest, 2, 0, 23, 0]
    [C:\WINDOWS\system32\vobsub.dll]  [Gabest, 2, 0, 23, 0]
    [C:\Program Files\Theorica Divx ;-) Codecs\ffdshow.ax]  [N/A, N/A]
    [C:\WINDOWS\system32\xvid.ax]  [N/A, N/A]
    [C:\WINDOWS\system32\divxdec.ax]  [DivXNetworks, Inc., 5.1.1.1031]
    [C:\WINDOWS\system32\mlcom.ax]  [Moonlight Cordless Ltd., 1.00]
    [C:\WINDOWS\system32\ac3filter.ax]  [, 1.01a]
    [C:\WINDOWS\system32\MMSwitch.ax]  [Morgan Multimedia, 0, 9, 9, 0]
    [C:\Program Files\Real\RealPlayer\rdsf3260.dll]  [RealNetworks, Inc., 6.0.12.933]
    [C:\Program Files\Common Files\Real\RCAPlugins\rpcontrols2.dll]  [RealNetworks, 6.0.1.1942]
    [C:\Program Files\Common Files\Real\RCAPlugins\gemx3201.dll]  [RealNetworks, Inc., 0.1.0.5576]
    [C:\Program Files\Common Files\Real\Common\rjbviz.dll]  [RealNetworks, Inc., 1.0.2.3599]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\idle.dll]  [Yahoo! Inc., 1, 0, 0, 2]
    [C:\Program Files\Common Files\Real\Update_OB\rnad3201.dll]  [RealNetworks, Inc., 0.1.0.3208]
    [C:\Program Files\Common Files\Real\Plugins\smplfsys.dll]  [RealNetworks, Inc., 10.0.0.1009]
    [C:\Program Files\Real\RealPlayer\plugins\rjrmjpln.dll]  [RealNetworks, Inc., 1.0.3.1954]
    [C:\Program Files\Common Files\Real\Common\pnen3260.dll]  [RealNetworks, Inc., 10.0.0.654]
    [C:\Program Files\Common Files\Real\Plugins\vsrlocal.dll]  [RealNetworks, Inc., 10.1.0.536]
    [C:\Program Files\Common Files\Real\Plugins\vidsite.dll]  [RealNetworks, Inc., 10.0.0.609]
    [C:\Program Files\Common Files\Real\Plugins\clntxres.dll]  [RealNetworks, Inc., 10.0.0.2358]
    [C:\Program Files\Common Files\Real\Plugins\ramfformat.dll]  [RealNetworks, Inc., 10.0.0.1454]
    [C:\Program Files\Common Files\Real\Plugins\rmfformat.dll]  [RealNetworks, Inc., 10.0.0.853]
    [C:\Program Files\Common Files\Real\Plugins\rarender.dll]  [RealNetworks, Inc., 10.0.0.613]
    [C:\Program Files\Common Files\Real\Plugins\authmgr.dll]  [RealNetworks, Inc., 10.0.0.1055]
    [C:\Program Files\Real\RealPlayer\rpplugins\rpwe3260.dll]  [RealNetworks, Inc., 6.0.1.1984]
    [C:\Program Files\Real\RealPlayer\rpplugins\rjbe3260.dll]  [RealNetworks, Inc., 6.0.4.1981]
    [C:\WINDOWS\system32\xvidcore.dll]  [N/A, N/A]
[PID: 2676][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3208]
    [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.56-6]
[PID: 3548][C:\Program Files\Trend Micro\PC-cillin 2004\pccguide.exe]  [Trend Micro Incorporated., 11.0.0.1264]
    [C:\Program Files\Trend Micro\PC-cillin 2004\tmdbg.dll]  [N/A, N/A]
    [C:\Program Files\Trend Micro\PC-cillin 2004\tmCfwApi.dll]  [Trend Micro Inc., 1.2.0.1020]
    [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.56-6]
    [C:\Program Files\Trend Micro\PC-cillin 2004\TmProxy.dll]  [Trend Micro Incorporated., 11.0.0.1264]
[PID: 2604][G:\desktop\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.56-6]
    [C:\PROGRA~1\Yahoo!\MESSEN~1\idle.dll]  [Yahoo! Inc., 1, 0, 0, 2]
    [C:\Program Files\NetLimiter\nl_lsp.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\nl_msgc.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
NL MSAFD Tcpip [TCP/IP]
    C:\Program Files\NetLimiter\nl_lsp.dll(N/A, N/A)
NL MSAFD Tcpip [UDP/IP]
    C:\Program Files\NetLimiter\nl_lsp.dll(N/A, N/A)
NL MSAFD Tcpip [RAW/IP]
    C:\Program Files\NetLimiter\nl_lsp.dll(N/A, N/A)
NL RSVP UDP Service Provider
    C:\Program Files\NetLimiter\nl_lsp.dll(N/A, N/A)
NL RSVP TCP Service Provider
    C:\Program Files\NetLimiter\nl_lsp.dll(N/A, N/A)
NL LSP
    C:\Program Files\NetLimiter\nl_lsp.dll(N/A, N/A)

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1              localhost

==================================
gototop
 
秋日里的蓝天
头像
卡卡技术团队
  • 帖子:7349
  • 注册: 2004-09-30
  • 来自:
发表于: 2006-10-19 22:40 | 短消息 资料
字号: 7楼

运行(双击)SRENG2,点“启动项目,服务,点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
Spectrum24 Events Monitor
NetMeeting Remote Desktop Agent
,选择“删除服务”
点“设置”选择“否”

运行SREng2,使用:系统修复--Winsock供应者--删除所选内容
C:\WINDOWS\system32\nl_msgc.dll


显示隐藏文件
删除:
C:\WINDOWS\System32\acss.dll
C:\WINDOWS\System32\Nwsapagent.dll
C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, N/A]
C:\WINDOWS\system32\nl_msgc.dll
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT