瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助快点啊`人在的`高手们速度999

1   1  /  1  页   跳转

【求助快点啊`人在的`高手们速度999

收藏
御守WWP
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-09-03
  • 来自:
发表于: 2006-12-06 20:03 | 显示全部 短消息 资料
字号: 1楼

【求助快点啊`人在的`高手们速度999

C:\WINDOWS\919331M.BMP        Trojan.Down.Mir2.d        怎么删除掉啊`高手们教教小弟啊`先谢`
最后编辑2006-12-07 15:13:22
分享到:
gototop
 
御守WWP
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-09-03
  • 来自:
发表于: 2006-12-06 20:07 | 显示全部 短消息 资料
字号: 2楼

还有
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <KavPFW><"C:\kav2005\KPFW32.EXE">  [Kingsoft Corporation]
    <Study><; C:\Program Files\Lenovo\联想100分学校\study.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <LHotkey><LHotkey.exe>  [Chicony]
    <KavStart><"C:\kav2005\KAVStart.exe" -startup>  [Kingsoft Corporation]
    <YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [Yahoo! China]
    <yassistse><"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  [Yahoo!]
    <EagleEye><C:\Program Files\Lenovo\网络爸爸\Eaglesvr.exe>  [tuEagles]
    <wlzs2><C:\DOCUME~1\Owner\LOCALS~1\Temp\wlzs2.exe>  [N/A]
    <load><C:\WINDOWS\uninstall\rundl132.exe>  [N/A]
    <zts2><C:\DOCUME~1\Owner\LOCALS~1\Temp\zts2.exe>  [N/A]
    <iDuba Personal FireWall><; >  [N/A]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <Kavrun><; >  [N/A]
    <KsgUpdateRun><; C:\Program Files\Common Files\kingsoft\KSG\client.exe>  [N/A]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <qcsszjcz><; c:\chenhu2\chenqxms.exe>  [N/A]
    <SoundMan><; SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <VTTimer><; VTTimer.exe>  [(Verified)S3 Graphics, Inc.]
    <VTTrayp><; VTtrayp.exe>  [(Verified)S3 Graphics Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><919331M.BMP>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{1A404685-7563-4d02-B0F6-58B308A406A9}><c:\kav2005\prcnczbd.dll>  [N/A]
    <{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\System64.sys>  [N/A]
    <{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll>  [YAHOO Corporation Limited]
    <{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll>
gototop
 
御守WWP
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-09-03
  • 来自:
发表于: 2006-12-06 20:07 | 显示全部 短消息 资料
字号: 3楼

[Application Management / AppMgmt]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Personal Firewall Service / KPfwSvc]
  <"C:\kav2005\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc]
  <C:\kav2005\KWatch.EXE><Kingsoft Corporation>
[Windows DHCP Service / WinDHCPsvc]
  <C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[CnsMinKP / CnsMinKP]
  <\SystemRoot\system32\drivers\CnsMinKP.sys><Copyright (C) 3721 Corporation.>
[VIA Rhine-Family Fast Ethernet Adapter Driver Service / FETND5BV]
  <system32\DRIVERS\fetnd5bv.sys><VIA Technologies, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[FixDrv / FixDrv]
  <C:\WINDOWS\SYSTEM32\DRIVERS\FixDrv.SYS><N/A>
[HpaFilt / HpaFilt]
  <C:\WINDOWS\SYSTEM32\DRIVERS\HpaFilt.SYS><Lenovo Software inc.>
[HpaLower / HpaLower]
  <C:\WINDOWS\SYSTEM32\DRIVERS\HpaLower.SYS><N/A>
[KNetWch / KNetWch]
  <\??\C:\kav2005\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3]
  <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[npkcrypt / npkcrypt]
  <\??\d:\Program Files\QQ2006\npkcrypt.sys><N/A>
[NTSIM / NTSIM]
  <\??\C:\WINDOWS\system32\ntsim.sys><VIA Networking Technologies, Inc.>
[pciidey / pciidey]
  <C:\WINDOWS\SYSTEM32\DRIVERS\pciidey.SYS><Windows (R) 2000 DDK provider>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[viagfx / viagfx]
  <system32\DRIVERS\vtmini.sys><Copyright (C) VIA/S3 Graphics Co, Ltd.>
[ViaIde / ViaIde]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
gototop
 
御守WWP
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-09-03
  • 来自:
发表于: 2006-12-06 20:09 | 显示全部 短消息 资料
字号: 4楼

浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Acrobatchs\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.>
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[CBrowseStakeout Class]
  {55302805-482E-470E-8A57-6795A1487F90} <C:\kav2005\KAVAFish.DLL, Kingsoft Corporation>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, >
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[]
  {F79B2338-A6E7-46D4-9202-422AA6E74F43} <C:\WINDOWS\EagleFlt.dll, N/A>
[联想]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[易趣购物]
  {DE607142-AC19-422e-863A-3D70ABDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=5, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Acrobatchs\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Yahoo!Photo]
  {33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[CBrowseStakeout Class]
  {55302805-482E-470E-8A57-6795A1487F90} <C:\kav2005\KAVAFish.DLL, Kingsoft Corporation>
[DragSearch BHO]
  {62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, >
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\kav2005\Flash.OCX, Macromedia, Inc.>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[]
  {F79B2338-A6E7-46D4-9202-422AA6E74F43} <C:\WINDOWS\EagleFlt.dll, N/A>
[使用网际快车下载]
  <C:\PROGRA~1\FLASHGET\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\PROGRA~1\FLASHGET\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到雅虎订阅(&Y)]
  <res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT, N/A>
[金山毒霸反钓鱼...]
  <C:\kav2005\KAF\ShowSet.htm, N/A>
[雅虎搜索]
  <res://C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll/246, N/A>
gototop
 
御守WWP
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-09-03
  • 来自:
发表于: 2006-12-06 20:10 | 显示全部 短消息 资料
字号: 5楼

不知道有用不放多点看看
正在运行的进程
[PID: 588][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 648][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 712][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\919331M.BMP]  [N/A, N/A]
[PID: 764][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\919331M.BMP]  [N/A, N/A]
[PID: 776][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\919331M.BMP]  [N/A, N/A]
[PID: 948][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\919331M.BMP]  [N/A, N/A]
[PID: 1032][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\919331M.BMP]  [N/A, N/A]
[PID: 1128][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\919331M.BMP]  [N/A, N/A]
[PID: 1220][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\919331M.BMP]  [N/A, N/A]
[PID: 1280][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\919331M.BMP]  [N/A, N/A]
[PID: 1400][C:\kav2005\KWatch.EXE]  [Kingsoft Corporation, 2005, 11, 21, 53]
    [C:\WINDOWS\919331M.BMP]  [N/A, N/A]
    [C:\kav2005\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\kav2005\KAEPlat.DLL]  [Kingsoft Corp., 2006, 8, 29, 60]
    [C:\kav2005\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [C:\kav2005\KAEUnpack.DAT]  [Kingsoft Corp., 2006, 10, 26, 69]
[PID: 1492][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\919331M.BMP]  [N/A, N/A]
[PID: 1876][C:\kav2005\KPfwSvc.EXE]  [Kingsoft Corporation, 2005, 9, 5, 28]
    [C:\WINDOWS\919331M.BMP]  [N/A, N/A]
[PID: 1924][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [C:\WINDOWS\919331M.BMP]  [N/A, N/A]
[PID: 316][C:\kav2005\KAVStart.exe]  [Kingsoft Corporation, 2006, 11, 10, 212]
    [C:\WINDOWS\919331M.BMP]  [N/A, N/A]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 9, 1027]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 2, 0, 4, 1007]
    [C:\kav2005\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\kav2005\SvcTimer.DLL]  [Kingsoft Corporation, 2006.7.24.80]
    [C:\Program Files\Lenovo\网络爸爸\EagleH.dll]  [N/A, N/A]
    [C:\kav2005\KAVPassp.dll]  [Kingsoft Corporation, 2006, 9, 7, 270]
    [C:\kav2005\PopSprt3.dll]  [Kingsoft Corporation, 2006, 9, 26, 38]
    [C:\kav2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\kav2005\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
[PID: 348][C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe]  [Yahoo! China, 2, 0, 4, 1007]
    [C:\WINDOWS\919331M.BMP]  [N/A, N/A]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 2, 0, 4, 1007]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 9, 1027]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll]  [, 2, 1, 8, 1048]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [ , 2, 0, 1, 1007]
    [C:\Program Files\Lenovo\网络爸爸\EagleH.dll]  [N/A, N/A]
    [C:\kav2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\kav2005\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Ynotifier.dll]  [, 1, 0, 0, 5]
[PID: 356][C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe]  [Yahoo!, 1, 0, 1, 1001]
    [C:\WINDOWS\919331M.BMP]  [N/A, N/A]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 2, 0, 4, 1007]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 9, 1027]
    [C:\PROGRA~1\Yahoo!\Assistant\shell\yAssecblk.dll]  [Yahoo, 1, 0, 2, 1002]
    [C:\PROGRA~1\Yahoo!\Assistant\shell\yAsMenu.dll]  [Yahoo, 1, 0, 1, 1006]
    [C:\PROGRA~1\Yahoo!\Assistant\shell\yIEAngel.dll]  [Yahoo, 1, 0, 1, 1001]
    [C:\PROGRA~1\Yahoo!\Assistant\shell\yMenuInfo.dll]  [Yahoo, 1, 0, 0, 2]
    [C:\kav2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\Program Files\Lenovo\网络爸爸\EagleH.dll]  [N/A, N/A]
[PID: 400][C:\DOCUME~1\Owner\LOCALS~1\Temp\wlzs2.exe]  [N/A, N/A]
    [C:\WINDOWS\919331M.BMP]  [N/A, N/A]
    [C:\DOCUME~1\Owner\LOCALS~1\Temp\wlzs2.dll]  [N/A, N/A]
[PID: 424][C:\DOCUME~1\Owner\LOCALS~1\Temp\zts2.exe]  [N/A, N/A]
    [C:\WINDOWS\919331M.BMP]  [N/A, N/A]
[PID: 508][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\919331M.BMP]  [N/A, N/A]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 9, 1027]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 2, 0, 4, 1007]
    [C:\Program Files\Lenovo\网络爸爸\EagleH.dll]  [N/A, N/A]
    [C:\kav2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 684][C:\kav2005\KMailMon.EXE]  [Kingsoft Corporation, 2006, 9, 7, 918]
    [C:\WINDOWS\919331M.BMP]  [N/A, N/A]
    [C:\kav2005\KAntiSpm.dll]  [Kingsoft Corporation, 2006, 8, 19, 104]
    [C:\kav2005\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 9, 1027]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 2, 0, 4, 1007]
    [C:\Program Files\Lenovo\网络爸爸\EagleH.dll]  [N/A, N/A]
    [C:\kav2005\KAECall2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 7]
    [C:\kav2005\KAEPlat.DLL]  [Kingsoft Corp., 2006, 8, 29, 60]
    [C:\kav2005\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [C:\kav2005\KAEUnpack.DAT]  [Kingsoft Corp., 2006, 10, 26, 69]
    [C:\kav2005\KAConfig.DLL]  [Kingsoft Corporation, 2006, 10, 30, 39]
    [C:\kav2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\kav2005\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
[PID: 840][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\919331M.BMP]  [N/A, N/A]
    [C:\kav2005\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 9, 1027]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 2, 0, 4, 1007]
    [C:\kav2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\Program Files\Lenovo\网络爸爸\EagleH.dll]  [N/A, N/A]
[PID: 1120][C:\kav2005\KPFW32.EXE]  [Kingsoft Corporation, 2006, 11, 15, 659]
    [C:\WINDOWS\919331M.BMP]  [N/A, N/A]
    [C:\kav2005\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 9, 1027]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 2, 0, 4, 1007]
    [C:\kav2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\Program Files\Lenovo\网络爸爸\EagleH.dll]  [N/A, N/A]
    [C:\kav2005\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\kav2005\KAConfig.DLL]  [Kingsoft Corporation, 2006, 10, 30, 39]
    [C:\kav2005\FiltList.dll]  [N/A, N/A]
    [C:\kav2005\KAVPassp.DLL]  [Kingsoft Corporation, 2006, 9, 7, 270]
[PID: 512][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\919331M.BMP]  [N/A, N/A]
gototop
 
御守WWP
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-09-03
  • 来自:
发表于: 2006-12-06 20:10 | 显示全部 短消息 资料
字号: 6楼

[PID: 3868][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\919331M.BMP]  [N/A, N/A]
    [C:\kav2005\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 9, 1027]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 2, 0, 4, 1007]
    [C:\kav2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\Program Files\Lenovo\网络爸爸\EagleH.dll]  [N/A, N/A]
    [C:\Program Files\Acrobatchs\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll]  [, 2, 1, 8, 1048]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [ , 2, 0, 1, 1007]
    [C:\Program Files\Acrobatchs\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\WINDOWS\EagleFlt.dll]  [N/A, N/A]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll]  [YAHOO Corporation Limited, 2, 0, 1, 1002]
[PID: 3848][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\kav2005\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 9, 1027]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll]  [Yahoo, 1, 0, 2, 1002]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 2, 0, 4, 1007]
    [C:\kav2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\Program Files\Lenovo\网络爸爸\EagleH.dll]  [N/A, N/A]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll]  [, 2, 1, 8, 1048]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [ , 2, 0, 1, 1007]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll]  [Yahoo!, 2, 1, 9, 1049]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yaswiper.dll]  [Yahoo, 1, 0, 1, 1004]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasiesec.dll]  [Yahoo, 1, 0, 2, 1003]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasnoad.dll]  [, 1, 1, 4, 1006]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yzsNetProto.dll]  [Yahoo, 1, 0, 0, 1]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]  [Yahoo! China, 1, 1, 2, 1034]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll]  [Yahoo! China, 1, 0, 1, 1015]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll]  [YAHOO Corporation Limited, 2, 0, 1, 1002]
    [C:\Program Files\Acrobatchs\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll]  [Yahoo., 1, 0, 5, 1006]
    [C:\kav2005\KAVAFish.DLL]  [Kingsoft Corporation, 2006, 10, 25, 27]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  [, 1, 2, 7, 1006]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\WINDOWS\EagleFlt.dll]  [N/A, N/A]
    [C:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll]  [Gabest, 1, 0, 1, 3]
    [C:\Program Files\Ringz Studio\Storm Codec\Codecs\empgdmx.ax]  [Elecard Ltd., 1, 0, 19, 51017]
    [C:\Program Files\Ringz Studio\Storm Codec\Codecs\RMSplt.ax]  [Gabest, 1, 0, 1, 1]
    [C:\WINDOWS\system32\ffdshow.ax]  [N/A, 1.0.2.1997]
    [c:\progra~1\yahoo!\assist~1\assist\yadfil~1.dll]  [ , 1, 0, 3, 1002]
    [C:\PROGRA~1\yahoo!\assistant\Shell\yAssecblk.dll]  [Yahoo, 1, 0, 2, 1002]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yoptimum.dll]  [Yahoo, 1, 0, 1, 1001]
[PID: 208][D:\36\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\kav2005\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 9, 1027]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 2, 0, 4, 1007]
    [C:\kav2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\Program Files\Lenovo\网络爸爸\EagleH.dll]  [N/A, N/A]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
gototop
 
御守WWP
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-09-03
  • 来自:
发表于: 2006-12-07 14:55 | 显示全部 短消息 资料
字号: 7楼

没人有懂`自己摸索还快点解决
使用srng,启动项目-注册表删除
    <wlzs2><C:\DOCUME~1\Owner\LOCALS~1\Temp\wlzs2.exe>  [N/A]
    <load><C:\WINDOWS\uninstall\rundl132.exe>  [N/A]
    <zts2><C:\DOCUME~1\Owner\LOCALS~1\Temp\zts2.exe>  [N/A]
    <iDuba Personal FireWall><; >  [N/A]
    <{1A404685-7563-4d02-B0F6-58B308A406A9}><c:\kav2005\prcnczbd.dll>  [N/A]
    <{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\System64.sys>  [N/A]
编辑<AppInit_DLLs><919331M.BMP>  [N/A]删除值919331M.BMP,使之为<AppInit_DLLs><>  [N/A]
服务删除
[Application Management / AppMgmt]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
重启后删除文件
C:\WINDOWS\919331M.BMP
另外于开始-运行里面输入%temp%然后回车,将打开的文件夹内文件全部删掉。
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT