Board logo

標題: 〔求助〕NOD32發現了病毒,卻不能刪除,怎麼辦?(附圖)【已解決】 [打印本頁]

作者: kelvinau321     時間: 2007-10-6 05:55 PM    標題: 〔求助〕NOD32發現了病毒,卻不能刪除,怎麼辦?(附圖)【已解決】


圖中的
C:\WINDOWS\Temporary TegoWeb Files\Downloaded Programs\6a1ec-51870.CAB >>CAB >>svchost.exe - probably a variant of Win32/VB worm
出現了問題,但NOD32卻不能刪除它,我該怎麼辦?
曾經試過有一個svchost.exe令到我的cpu使用率常達七十%以上,
我相信就是這個病毒,
可以教我怎樣刪除它嗎?

[ Last edited by kelvinau321 on 2007-10-17 at 07:17 PM ]
作者: Smiler     時間: 2007-10-6 10:07 PM    標題: 參考看看!!

您可以試試看在安全模式下使用 NOD32 清除!!
1.在開機時,按下 <F8> 鍵,選擇<安全模式>
2.進入 Windows XP 安全模式以後,《開始》→《所有程式》→《egst》→《NOD32》
3.啟動 NOD32 以後,同時按下<Ctrl> <Alt> <Del> 三個鍵,叫出工作管理員
4.在工作管理員的<處理程序>標籤中,找到 explorer.exe,再按下右下角<結束處理程序>,將 explorer.exe 結束,這時工作列會消失,但是不用理會!!
5.回到 NOD32中,再<設定>標籤中,將<診斷的物件>和<ThreatSense掃描選項>底下所有的選項都打勾
6.按下 NOD32 下的<檢查及清除>按鍵
7.等到執行完畢,一樣按下 <Ctrl> <Alt> <Del> 鍵叫出工作管理員,再按<關機>
8.重新啟動電腦電源
作者: ucc_6     時間: 2007-10-6 10:52 PM
http://bbs.mychat.to/read.php?tid=592517

使用該網頁 介紹隻 SRENG 工具 掃份報表貼上來  
應該就知道哪裡出問題
作者: 屠狗輩     時間: 2007-10-7 12:43 AM
多謝樓上提議

已經安裝了SRENG
作者: ucc_6     時間: 2007-10-7 01:43 AM


  Quote:
Originally posted by 屠狗輩 at 2007-10-7 12:43 AM:
多謝樓上提議

已經安裝了SRENG

那個工具不是要安裝的啦   是要掃出報表   
然後判斷哪裡有問題
作者: kelvinau321     時間: 2007-10-7 09:42 AM
上面那位在冒認我嗎= =?
我使用了樓上建議的SRENG
奇怪的是,我一按到啟動專案,
就彈出圖中的字句...↓

「警告!註冊表值 AppInt_DLLs 被修改為非正常值 (預設值是空) 。請檢查你的系統中可能存在的電腦病毒。」
真的有病毒嗎?就是NOD32發現的病毒嗎?還是另一個?怎樣才能刪除它?


掃出的報表在樓下。
作者: kelvinau321     時間: 2007-10-7 09:43 AM
樓下還有...麻煩你了,幫幫忙>"<
[CODE]

2007-10-07,09:28:37

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理許可權用戶 - 完整功能

以下內容被選中:
    所有的啟動項目(包括註冊表、開機檔案夾、服務等)
    流覽器載入項
    正在運行的進程(包括進程模組資訊)
    文件關聯
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    進程特權掃描


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <PeerGuardian><C:\Program Files\PeerGuardian2\pg2.exe>  [Methlabs]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background>  [(Verified)Microsoft Corporation]
    <startup.exe><"C:\WINDOWS\startup.exe" >  [N/A]
    <BitTorrent><; >  [N/A]
    <PcSync><; C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxpers><C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <COMODO Firewall Pro><"C:\Program Files\Comodo\Firewall\CPF.exe" /background>  [(Verified)Comodo CA Limited]
    <StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE>  [Eset ]
    <Cmaudio><; RunDll32 cmicnfg.cpl,CMICtrlWnd>  [N/A]
    <DiskeeperSystray><; "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe">  [Diskeeper Corporation]
    <EPSON Stylus C41 Series><; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O5 "LPT1:" /M "Stylus C41">  [SEIKO EPSON CORPORATION]
    <PCSuiteTrayApplication><; C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup>  [N/A]
    <Sony Ericsson PC Suite><; "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions>  []
    <SunServer><; C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><firewall\wl_hook.dll>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\MAT2MD.scr>  []

==================================
開機檔案夾
[Battery Doubler]
  <C:\Documents and Settings\Kelvin\「開始」功能表\程式集\啟動\Battery Doubler.lnk --> C:\PROGRA~1\DACHSH~1\BATTER~1\BATTER~1.EXE [N/A]><N>
[Hare]
  <C:\Documents and Settings\Kelvin\「開始」功能表\程式集\啟動\Hare.lnk --> C:\PROGRA~1\DACHSH~1\Hare\Hare.exe [N/A]><N>
[Zoom]
  <C:\Documents and Settings\Kelvin\「開始」功能表\程式集\啟動\Zoom.lnk --> C:\PROGRA~1\DACHSH~1\Zoom\Zoom.exe [N/A]><N>

==================================
服務
[Comodo Application Agent / CmdAgent][Running/Auto Start]
  <C:\Program Files\Comodo\Firewall\cmdagent.exe><COMODO>
[Diskeeper / Diskeeper][Running/Auto Start]
  <"C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"><Diskeeper Corporation>
[EPSON Printer Status Agent2 / EPSONStatusAgent2][Running/Auto Start]
  <C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe><SEIKO EPSON CORPORATION>
[FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"><Macrovision Corporation>
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
  <"C:\Program Files\Eset\nod32krn.exe"><Eset>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
  <"C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"><Nokia.>
[StarWind iSCSI Service / StarWindService][Running/Auto Start]
  <C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe><Rocket Division Software>

==================================
驅動程式
[AMON / AMON][Running/Auto Start]
  <\SystemRoot\system32\drivers\amon.sys><Eset>
[Comodo Application Engine / CmdMon][Running/System Start]
  <System32\DRIVERS\cmdmon.sys><Comodo Research Lab., Inc.>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
  <system32\drivers\cmuda.sys><C-Media Inc>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Comodo Network Engine / Inspect][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\inspect.sys><COMODO>
[IPvE Adapter Driver / IPvE][Running/Manual Start]
  <system32\DRIVERS\IPvE.sys><Hongtien>
[Macronix MX987xx Family Fast Ethernet NT Driver / mxnic][Stopped/Manual Start]
  <system32\DRIVERS\mxnic.sys><Macronix International Co., Ltd.>
[nod32drv / nod32drv][Running/System Start]
  <\SystemRoot\system32\drivers\nod32drv.sys><N/A>
[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]
  <system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]
  <system32\drivers\nmwcdcm.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]
  <system32\drivers\nmwcd.sys><Nokia>
[Nokia USB Port / Nokia USB Port][Stopped/Manual Start]
  <system32\drivers\nmwcdcj.sys><Nokia>
[直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RivaTuner32 / RivaTuner32][Stopped/Manual Start]
  <\??\C:\DOCUME~1\Kelvin\LOCALS~1\Temp\Rar$EX02.516\RivaTuner 2.0 RC 15.6\RivaTuner_v20RC16\RivaTuner32.sys><N/A>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Sony Ericsson Device 046 Driver driver (WDM) / SE2Ebus][Stopped/Manual Start]
  <system32\DRIVERS\SE2Ebus.sys><MCCI>
[Sony Ericsson Device 046 USB WMC Modem Filter / SE2Emdfl][Stopped/Manual Start]
  <system32\DRIVERS\SE2Emdfl.sys><MCCI>
[Sony Ericsson Device 046 USB WMC Modem Driver / SE2Emdm][Stopped/Manual Start]
  <system32\DRIVERS\SE2Emdm.sys><MCCI>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[LGE Mobile Composite USB Device / usbbus][Stopped/Manual Start]
  <system32\DRIVERS\lgusbbus.sys><N/A>
[vaxscsi / vaxscsi][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\vaxscsi.sys><N/A>
[pgfilter / pgfilter][Running/Manual Start]
  <\??\C:\Program Files\PeerGuardian2\pgfilter.sys><N/A>

==================================
流覽器載入項
[Thunder Browser Helper]
  {02478D37-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[Yahoo! Toolbar Helper]
  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[運行迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[研究(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL, Microsoft Corporation>
[Run IMVU]
  {d9288080-1baa-4bc4-9cf8-a92d743db949} <C:\Documents and Settings\Kelvin\「開始」功能表\程式集\IMVU\Run IMVU.lnk, N/A>
[Yahoo! 工具列]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[Office Genuine Advantage Validation Tool]
  {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.DLL, >
[CKAVWebScan Object]
  {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[TegoSoft SmartLoader ActiveX Control]
  {1C960AA3-FAEE-11D0-9262-00A0243D2412} <C:\WINDOWS\DOWNLO~1\TegoLoad.OCX, TegoSoft Inc.  http://www.tegosoft.com>
[UnoCtrl Class]
  {5D6F45B3-9043-443D-A792-115447494D24} <C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll, Microsoft>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[MessengerStatsClient Class]
  {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} <C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll, Microsoft Corporation>
[NowStarter Control]
  {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} <C:\WINDOWS\DOWNLO~1\GNOWST~1.OCX, (C) NOWCOM>
[MSN Games - Installer]
  {B8BE5E93-A60C-4D26-A2DC-220313175592} <C:\WINDOWS\Downloaded Program Files\ZIntro.ocx, Microsoft Corporation>
[MessengerStatsClient Class]
  {C3F79A2B-B9B4-4A66-B012-3EE46475B072} <C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll, Microsoft Corporation>
[Office Update Installation Engine]
  {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Thunder Browser Helper]
  {02478D37-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[Yahoo! Toolbar Helper]
  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[QuickTime Object]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\Ringz Studio\Storm Codec\QTSystem\QTPlugin.ocx, Apple Computer, Inc.>
[Office Genuine Advantage Validation Tool]
  {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.DLL, >
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[CKAVWebScan Object]
  {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.dll, Microsoft Corporation>
[TegoSoft SmartLoader ActiveX Control]
  {1C960AA3-FAEE-11D0-9262-00A0243D2412} <C:\WINDOWS\DOWNLO~1\TegoLoad.OCX, TegoSoft Inc.  http://www.tegosoft.com>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[YInstStarter Class]
  {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} <C:\WINDOWS\cache\yinsthelper.dll, Yahoo! Inc.>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\SHDOCVW.DLL, N/A>
[CKAVReportCtrl Object]
  {6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\SHDOCVW.DLL, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[XML DOM Document 4.0]
  {88D969C0-F192-11D4-A65F-0040963251E5} <%SystemRoot%\system32\msxml4.dll, N/A>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[NowStarter Control]
  {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} <C:\WINDOWS\DOWNLO~1\GNOWST~1.OCX, (C) NOWCOM>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\SHDOCVW.DLL, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[OWSClientMiscApis Class]
  {BDEADE3F-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\Office12\OWSCLT.DLL, Microsoft Corporation>
[OWSBrowserUI Class]
  {BDEADE43-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\Office12\OWSCLT.DLL, Microsoft Corporation>
[Office Update Installation Engine]
  {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[Microsoft Office 12 Authorization Control]
  {C9712B19-838B-45A5-ABF2-9A315DDDED50} <C:\PROGRA~1\MICROS~2\Office12\AUTHZAX.DLL, Microsoft Corporation>
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Windows Live Sign-in Control]
  {D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Yahoo! 工具列]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[&使用BitComet下載本頁視頻]
  <res://C:\Documents and Settings\Kelvin\桌面\BitComet\BitComet.exe/AddVideo.htm, N/A>
[&使用迅雷下載]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下載全部鏈接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[使用BitComet下載全部鏈接]
  <res://C:\Documents and Settings\Kelvin\桌面\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[使用BitComet下載鏈接(&B)]
  <res://C:\Documents and Settings\Kelvin\桌面\BitComet\BitComet.exe/AddLink.htm, N/A>
[匯出至 Microsoft Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A>
[?出到 Microsoft Office Excel(&X)]
  <, N/A>

==================================
作者: kelvinau321     時間: 2007-10-7 09:45 AM
正在運行的進程
[PID: 912 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 960 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 984 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.5]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1028 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 1040 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 1192 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1252 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 1348 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1384 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\wudfsvc.dll]  [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)]
    [c:\windows\system32\WUDFPlatform.dll]  [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)]
[PID: 1468 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 1528 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 1964 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\EBPMON2.DLL]  [SEIKO EPSON CORPORATION, 2, 24, 0, 0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
[PID: 376 / Kelvin][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.0.0.0]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL]  [Adobe Systems, Incorporated, 7.0]
[PID: 744 / Kelvin][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4396]
[PID: 776 / Kelvin][C:\WINDOWS\system32\igfxpers.exe]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4396]
[PID: 816 / Kelvin][C:\Program Files\Eset\nod32kui.exe]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\nod32rui.dll]  [N/A, ]
    [C:\Program Files\Eset\pu_amon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_amon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pu_dmon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_dmon.dll]  [N/A, ]
    [C:\Program Files\Eset\pu_emon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_emon.dll]  [N/A, ]
    [C:\Program Files\Eset\pu_imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [C:\Program Files\Eset\pu_nod32.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_nod32.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pu_upd.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_upd.dll]  [N/A, ]
[PID: 840 / Kelvin][C:\Program Files\PeerGuardian2\pg2.exe]  [Methlabs, 1, 0, 6, 4]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 940 / Kelvin][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1908 / SYSTEM][C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe]  [Diskeeper Corporation, 11.0.686.0]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Diskeeper Corporation\Diskeeper\DKLib.dll]  [Diskeeper Corporation, 11.0.686.0]
    [C:\Program Files\Diskeeper Corporation\Diskeeper\PrFacade.dll]  [Diskeeper Corporation, 11.0.686.0]
    [C:\Program Files\Diskeeper Corporation\Diskeeper\Tab.dll]  [Executive Software International, Inc., 3.0.32.0]
    [C:\Program Files\Diskeeper Corporation\Diskeeper\1033\DkRes.dll]  [Diskeeper Corporation, 11.0.686.0]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [C:\Program Files\Diskeeper Corporation\Diskeeper\DkTabProvider.dll]  [Diskeeper Corporation, 11.0.686.0]
[PID: 516 / Kelvin][C:\WINDOWS\Integrator.exe]  [Dachshund Software, 1.05.0001]
    [C:\WINDOWS\system32\MAGE.DLL]  [Dachshund Software, 1.0]
    [C:\WINDOWS\system32\SYSINFO.OCX]  [Microsoft Corporation, 6.00.8169]
[PID: 524 / SYSTEM][C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe]  [SEIKO EPSON CORPORATION, 2, 2, 0, 0]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [C:\WINDOWS\system32\EBAPI2.DLL]  [SEIKO EPSON CORPORATION, 1, 4, 0, 0]
    [C:\Program Files\Common Files\EPSON\EBAPI\EBPLPT.DLL]  [SEIKO EPSON CORPORATION, 2, 23, 0, 0]
[PID: 1440 / SYSTEM][C:\Program Files\Eset\nod32krn.exe]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\nod32krr.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\ps_amon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_amon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\ps_dmon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_dmon.dll]  [N/A, ]
    [C:\Program Files\Eset\ps_emon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_emon.dll]  [N/A, ]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [C:\Program Files\Eset\ps_nod32.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_nod32.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\ps_upd.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_upd.dll]  [N/A, ]
[PID: 1708 / SYSTEM][C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe]  [Rocket Division Software, 2.6.1 Build 0x20050401]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 2028 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1724 / Kelvin][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll]  [Yahoo! Inc., 2006, 10, 26, 1]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll]  [Microsoft Corporation, 4.100.313.1]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll]  [Microsoft Corporation, 4.100.313.1]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [C:\Program Files\Yahoo!\Companion\Installs\cpn0\pubmod.dll]  [Yahoo! Inc., 2005, 12, 16, 1]
    [C:\Program Files\Yahoo!\Companion\Installs\cpn0\ypubc.dll]  [Yahoo! Inc., 2006.1.25.01]
    [C:\Program Files\Microsoft Office\Office12\msohevi.dll]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3368 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 3484 / Kelvin][C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe]  [Microsoft Corporation, 4.100.313.1]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll]  [Microsoft Corporation, 4.100.313.1]
[PID: 2292 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 2128 / Kelvin][C:\WINDOWS\system32\NOTEPAD.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4040 / Kelvin][C:\DOCUME~1\Kelvin\LOCALS~1\Temp\Rar$EX00.641\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\DOCUME~1\Kelvin\LOCALS~1\Temp\Rar$EX00.641\Lang\1028.DLL]  [System Repair Engineer, 2.5.16.900]
    [C:\DOCUME~1\Kelvin\LOCALS~1\Temp\Rar$EX00.641\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [C:\DOCUME~1\Kelvin\LOCALS~1\Temp\Rar$EX00.641\Plugins\NTFSTREAM.SRE]  [Smallfrogs Studio, 1, 0, 0, 5]

==================================
文件關聯
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
NOD32 protected [MSAFD Tcpip [TCP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [UDP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost
127.0.0.1 update.asdf.cn
127.0.0.1 msg.asdf.com

==================================
進程特權掃描
特殊特權被允許: SeLoadDriverPrivilege [PID = 816, C:\PROGRAM FILES\ESET\NOD32KUI.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 840, C:\PROGRAM FILES\PEERGUARDIAN2\PG2.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 1908, C:\PROGRAM FILES\DISKEEPER CORPORATION\DISKEEPER\DKSERVICE.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 516, C:\WINDOWS\INTEGRATOR.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 2552, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

==================================
API HOOK
N/A

==================================
隱藏進程
N/A

==================================


[/CODE]
作者: ucc_6     時間: 2007-10-7 07:22 PM
C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll  <---這是正常的檔案路徑
  <AppInit_DLLs><firewall\wl_hook.dll>  [N/A]   <-----這是不正常的檔案路徑,請用搜尋把他找出來,連同下面兩個檔案
<startup.exe><"C:\WINDOWS\startup.exe" >  [N/A]
C:\WINDOWS\Temporary TegoWeb Files\Downloaded Programs\6a1ec-51870.CAB

回報給NOD32 或卡巴回報中心
newvirus@kaspersky.com.tw
他們會給你答案
作者: kelvinau321     時間: 2007-10-10 06:44 PM


  Quote:
Originally posted by Smiler at 2007-10-6 10:07 PM:
您可以試試看在安全模式下使用 NOD32 清除!!
1.在開機時,按下 <F8> 鍵,選擇<安全模式>
2.進入 Windows XP 安全模式以後,《開始》→《所有程式》→《egst》→《NOD32》
3.啟動 NOD32 以後,同時 ...

有另一個問題,
就是我不能進入安全模式,
我發現有很多人也有這個問題...
我一選擇了要進入安全模式,
電腦就自動轉回去普通的window,
該怎樣辦呀?不能進入安全模式就不能使用你的方法!
作者: Smiler     時間: 2007-10-10 10:52 PM    標題: 參考看看!!

供 kelvinau321 大大參考,您可以試試看 BootSafe 這套軟體!!
這是一套免費而且不用安裝的軟體,執行以後,選擇 <安全模式/Safe Mode>,再重新開機,就會自動以安全模式進入 Windows,但是請注意:
如果要回到正常模式,您必須重新執行這套程式,並設定為 <正常的重新啟動/Normal Restart>,再重新開機,否則不管您重新開機多少次,它都會依您前一次指定的模式啟動 Windows 喔!!
官方網站:
http://www.superadblocker.com/bootsafe.html
中文化版本:
http://tinyurl.com/el495
作者: kelvinau321     時間: 2007-10-14 01:52 PM
本人終於能夠進入安全模式!!!
非常感謝樓上供我參考的軟體!!

我用NOD32在安全模式下真的掃瞄到有三個病毒,
有兩個是可以刪除的
有一個,我可以自己手動去刪除,但我不肯定這檔案有沒有用
它的位置是:C:\WINDOWS\Temporary TegoWeb Files\Downloaded Programs
以下是我掃瞄這個檔案彈出來的視窗↓



我不知道這個檔案是不是非常重要,若不是,我將會刪掉它
希望大家可以解答我這個問題↑
作者: ucc_6     時間: 2007-10-14 04:47 PM
NOD32 報 WORM 病毒 肯定是個病毒
處理這病毒可要小心了
看你的貼圖   NOD 現在都不敢處理  

可以去問 NOD 看看有沒有專殺工具
或是上傳到  KASPERSKY 順便問他有沒有專殺工具

這個病毒可能會去感染其他檔案   所以請小心處理
作者: Smiler     時間: 2007-10-17 12:39 AM    標題: 參考看看!!

給 kelvinau321 大大,依您的畫面來看,檔案應該是在您桌面上的 6a1ec-51870.CAB 檔,直接刪除應該沒有任何問題的!!
作者: kelvinau321     時間: 2007-10-17 07:18 PM
已經掃瞄不到病毒了,,感謝大家的幫忙!
作者: ventil     時間: 2007-10-17 07:24 PM
開啟安全模式的方法
1.[開始]~>[執行]~>輸入 "msconfig" 後,ENTER啟動[系統設定公用程式]
     ...如圖



2.點選[系統設定公用程式]的[BOOT.INI]標籤將[/SAFEBOOT]打勾(如圖),接
   著點選[關閉],系統將提示重新開機,按指示重開機後即進入[安全模式]



3.工作結束後一樣進入[系統設定公用程式]的[BOOT.INI]頁面,將[/SAFEBOOT]
   取消,重開機即回復正常啟動
作者: saab2006     時間: 2007-11-9 09:34 PM


  Quote:
Originally posted by Smiler at 2007-10-10 10:52 PM:
供 kelvinau321 大大參考,您可以試試看 BootSafe 這套軟體!!
這是一套免費而且不用安裝的軟體,執行以後,選擇 <安全模式/Safe Mode>,再重新開機,就會自動以安全模式進入 Windows,但是請注意:
如果要 ...



  Quote:
Originally posted by Smiler at 2007-10-10 10:52 PM:
供 kelvinau321 大大參考,您可以試試看 BootSafe 這套軟體!!
這是一套免費而且不用安裝的軟體,執行以後,選擇 <安全模式/Safe Mode>,再重新開機,就會自動以安全模式進入 Windows,但是請注意:
如果要回到正常模式,您必須重新執行這套程式,並設定為 <正常的重新啟動/Normal Restart>,再重新開機,否則不管您重新開機多少次,它都會依您前一次指定的模式啟動 Windows 喔!!
官方網站:
http://www.superadblocker.com/bootsafe.html
中文化版本:
http://tinyurl.com/el495

超感謝您的
讓小弟長了知識
也謝謝 ventil  大大
及回文的大大們

[ Last edited by saab2006 on 2007-11-9 at 09:37 PM ]
作者: icri     時間: 2007-11-12 10:55 PM    標題: 有這ㄇ熱心的大大,真好!

有這ㄇ多熱心的大大,台灣這個小社會將因有你們的存在而變得更美好!




歡迎光臨 網際論壇 (http://centurys.net/) Powered by Discuz! 2.5