電腦好像中毒了(已解決)

ALEXYUI

Logfile of HijackThis v1.99.1
Scan saved at 1:03:05, on 8/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\MRTServ.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\zts2.exe
C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\wlzs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\Logo1_.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Owner.YOUR-6A15ACD7C6\桌面\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: VGOIEBHO Helper - {B6FA00D9-86EC-4158-9488-D00DFF897E86} - C:\Program Files\21cn\VGO\VGOIEBHO.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP 檢視 - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [load] C:\WINDOWS\uninstall\rundl132.exe
O4 - HKLM\..\Run: [SOUNDM] winsmd.exe
O4 - HKLM\..\Run: [zts2] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\zts2.exe
O4 - HKLM\..\Run: [run1132] C:\WINDOWS\SMSS.EXE
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\SVCHOST.EXE
O4 - HKLM\..\Run: [wsvbs] C:\WINDOWS\RUNDLL32.exe
O4 - HKLM\..\Run: [wlzs] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\wlzs.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: 49400M.BMP
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: AdobePDF - {D92D666A-0F7B-5892-A7E8-29340333F07E} - c:\program files\internet explorer\PLUGINS\nppdf.dll
O21 - SSODL: IPicture - {D9466D6A-0F7B-5892-A7E3-290F0343337E} - c:\program files\internet explorer\PLUGINS\IPictureEx.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod 服務 (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Unknown owner - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Server Advance (ServerAC) - Unknown owner - C:\WINDOWS\system32\Security.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[ 本帖最後由 ALEXYUI 於 2007-1-14 03:55 PM 編輯 ]

uhthn2002

下載並使用
http://download.rising.com.cn/zsgj/Vikingkiller.scr

之後貼上新hijackthis

ALEXYUI

Logfile of HijackThis v1.99.1
Scan saved at 20:18:26, on 8/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\MRTServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet Explorer\PLUGINS\system.jmp
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ALCMTR.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\zts2.exe
C:\WINDOWS\system32\conime.exe
C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\wlzs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Owner.YOUR-6A15ACD7C6\桌面\HijackThis.exe

ALEXYUI

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: VGOIEBHO Helper - {B6FA00D9-86EC-4158-9488-D00DFF897E86} - C:\Program Files\21cn\VGO\VGOIEBHO.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP 檢視 - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [SOUNDM] winsmd.exe
O4 - HKLM\..\Run: [zts2] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\zts2.exe
O4 - HKLM\..\Run: [run1132] C:\WINDOWS\SMSS.EXE
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\SVCHOST.EXE
O4 - HKLM\..\Run: [wsvbs] C:\WINDOWS\RUNDLL32.exe
O4 - HKLM\..\Run: [wlzs] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\wlzs.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: 49400M.BMP
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: AdobePDF - {D92D666A-0F7B-5892-A7E8-29340333F07E} - c:\program files\internet explorer\PLUGINS\nppdf.dll
O21 - SSODL: IPicture - {D9466D6A-0F7B-5892-A7E3-290F0343337E} - c:\program files\internet explorer\PLUGINS\IPictureEx.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod 服務 (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Server Advance (ServerAC) - Unknown owner - C:\WINDOWS\system32\Security.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

ALEXYUI

請問一下大大給我的程式是不是不能刪病毒的？？

uhthn2002

之前 那個 Vikingkiller.scr 是用來 修復及移除Viking病毒的

• 關閉瀏覽器,開啟HijackThis 按do a system scan only勾選以下內容:
  O4 - HKLM\..\Run: [SOUNDM] winsmd.exe
  O4 - HKLM\..\Run: [zts2] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\zts2.exe
  O4 - HKLM\..\Run: [run1132] C:\WINDOWS\SMSS.EXE
  O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\SVCHOST.EXE
  O4 - HKLM\..\Run: [wsvbs] C:\WINDOWS\RUNDLL32.exe
  O4 - HKLM\..\Run: [wlzs] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\wlzs.exe
  O20 - AppInit_DLLs: 49400M.BMP
  O21 - SSODL: AdobePDF - {D92D666A-0F7B-5892-A7E8-29340333F07E} - c:\program files\internet explorer\PLUGINS\nppdf.dll
  O21 - SSODL: IPicture - {D9466D6A-0F7B-5892-A7E3-290F0343337E} - c:\program files\internet explorer\PLUGINS\IPictureEx.dll
  O23 - Service: Server Advance (ServerAC) - Unknown owner - C:\WINDOWS\system32\Security.exe
  按 fix checked

• 下載 ATF-Cleaner:
  
  http://www.atribune.org/ccount/click.php?id=1
  
  
  
  • 關閉所有視窗及瀏覽器.
    
  • 執行 ATF-Cleaner --> Select All --> Empty Selected
    
  • 清理結束後按 Exit

• 複製以下粗黑文字
  
  Drivers to unload:
  ServerAC
  
  Files to delete:
  C:\WINDOWS\SMSS.EXE
  C:\WINDOWS\SVCHOST.EXE
  C:\WINDOWS\RUNDLL32.exe
  C:\WINDOWS\system32\49400M.BMP
  C:\WINDOWS\system32\Security.exe
  
  
• 下載 The Avenger http://swandog46.geekstogo.com/avenger.zip ,儲存到桌面並解壓出來
  
  • 執行 The Avenger , 按 Input script manually 再按 放大鏡
  • 按 Ctrl + V/右click貼上剛才複製的內容 ,按 Done ,按 綠燈 開始,當有提示彈出, 按 Yes 兩次
  • The Avenger 會重新啟動你的電腦大約一至兩次,如果重新啟動時有黑色視窗彈出,這是正常情況
  • 當重新啟動後,把 C:\avenger.txt 的內容貼上來,掃個新的HijackThis上來

ALEXYUI

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cxmddlnb
*******************
Script file located at: \??\C:\fbqwwgra.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Driver ServerAC unloaded successfully.
File C:\WINDOWS\SMSS.EXE deleted successfully.
File C:\WINDOWS\SVCHOST.EXE deleted successfully.
File C:\WINDOWS\RUNDLL32.exe deleted successfully.

File C:\WINDOWS\system32\49400M.BMP not found!
Deletion of file C:\WINDOWS\system32\49400M.BMP failed!
Could not process line:
C:\WINDOWS\system32\49400M.BMP
Status: 0xc0000034
File C:\WINDOWS\system32\Security.exe deleted successfully.
Completed script processing.
*******************
Finished!  Terminate.

ALEXYUI

Logfile of HijackThis v1.99.1
Scan saved at 23:35:44, on 8/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\MRTServ.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\system32\rundll32.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\HP_Owner.YOUR-6A15ACD7C6\桌面\HijackThis.exe

ALEXYUI

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: VGOIEBHO Helper - {B6FA00D9-86EC-4158-9488-D00DFF897E86} - C:\Program Files\21cn\VGO\VGOIEBHO.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP 檢視 - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [wlzs] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\wlzs.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SOUNDM] winsmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: 49400M.BMP
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod 服務 (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

uhthn2002

刪除
C:\Avenger

• 下載 AVG Anti-Spyware
  
  http://www.ewido.net/en/download/
  
  
  
  • 安裝完成後執行 AVG Anti-Spyware
    
  • 按 Update-->Start update(更新完成後會顯示 Update succesfful!)
    
  • 按 Scanner-->Settings
    
  • 於 How to act? 選 Recommended actions-->Quarantine
    
  • 於 Reports 勾選 Automatically generate report after every scan
    
    
  • 關閉 AVG Anti-Spyware

• 重新啟動電腦後 F8 進入安全模式，登入你使用的用戶.

• 執行 AVG Anti-Spyware
  
  
  
  • 按 Scanner--->Complete System Scan.
    
  • 完成掃瞄後選 Apply all actions .
    
  • 如果移除期間彈出視窗，按 Yes，for all
    
  • 移除完成後按 Save Report--->Save report as .
    
  • 關閉 AVG Anti-Spyware

re機
貼上 avg report

ALEXYUI

請問點解我按了　 Scanner--->Complete System Scan 在掃毒的時候點解會自動關閉??

uhthn2002

下 安全模式 到用啵
唉算

• 下載 Dr.Web CureIT!
  
  ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  
  
  • 執行 Dr.Web CureIT!
    
    
    
  • 按 Start 繼續,會提示你執行一次Express Scan (掃瞄記憶體) ,如果找到已感染的檔案,會提示你進行清除(Cure)
  • Express Scan完成後,按 Select drives ,再按右手面的 三角形/箭頭 開始掃瞄
  • 當掃瞄過程中找到已感染的檔案,按 Yes to All 去清除/移動檔案
  • 掃瞄完成後,如果找到已感染的檔案,根據圖中按 紅圈 ---> 藍圈 ---> 綠圈
  • 關閉Dr.Web CureIT並重新啟動電腦,之後,把 C:\Documents and Settings\[你的用戶名稱]\DoctorWeb\CureIT.log 內容post 上黎

ALEXYUI

=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10060)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2007-01-10, 21:11:30 [HP_Owner]
Command-line: "C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Home Edition x86 (Build 2600), Service Pack 2
=============================================================================
Engine version: 4.33 (4.33.5.10110)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - 582 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43369.cdb - 687 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43368.cdb - 1099 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43367.cdb - 1834 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43366.cdb - 4015 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43365.cdb - 1342 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43364.cdb - 1335 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43363.cdb - 1152 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43362.cdb - 1006 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43361.cdb - 879 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43360.cdb - 988 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43359.cdb - 1205 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43358.cdb - 1139 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43357.cdb - 1302 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43346.cdb - 1428 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\cwrtoday.cdb - 380 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\cwntoday.cdb - 371 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\cwn43306.cdb - 781 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\cwn43305.cdb - 752 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\cwn43301.cdb - 772 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
Total virus records: 166741
Key file: C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\cureit.key
License key number: 0000000010
Registered to: Dr.Web CureIt Project
License key activates: 2005-03-05
License key expires: 2007-03-05

ALEXYUI

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] c:\documents and settings\all users\「開(c)l」功能表\程式集\啟動\desktop.ini
[Scan path] c:\documents and settings\hp_owner.your-6a15acd7c6\local settings\temp\rarsfx0\_start.exe
[Scan path] c:\documents and settings\hp_owner.your-6a15acd7c6\local settings\temp\rarsfx0\cureit.exe
[Scan path] c:\documents and settings\hp_owner.your-6a15acd7c6\「開(c)l」功能表\程式集\啟動\desktop.ini
[Scan path] c:\documents and settings\hp_owner.your-6a15acd7c6\(R)酯崤drweb-cureit.exe
[Scan path] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
[Scan path] c:\hp\kbd\kbd.exe
[Scan path] c:\program files\21cn\vgo\vgoiebho.dll
[Scan path] c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll
[Scan path] c:\program files\common files\installshield\updateservice\issch.exe
[Scan path] c:\program files\common files\installshield\updateservice\isuspm.exe
[Scan path] c:\program files\common files\intervideo\schsvr\schsvr.exe
[Scan path] c:\program files\common files\lightscribe\lssrvc.exe
[Scan path] c:\program files\common files\real\update_ob\realsched.exe
[Scan path] c:\program files\common files\symantec shared\ccapp.exe
[Scan path] c:\program files\common files\symantec shared\ccevtmgr.exe
[Scan path] c:\program files\common files\symantec shared\ccproxy.exe
[Scan path] c:\program files\common files\symantec shared\ccpwdsvc.exe
[Scan path] c:\program files\common files\symantec shared\ccsetmgr.exe
[Scan path] c:\program files\common files\symantec shared\security center\symwsc.exe
[Scan path] c:\program files\common files\symantec shared\security center\usrprmpt.exe
[Scan path] c:\program files\common files\symantec shared\sndsrvc.exe
[Scan path] c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys
[Scan path] c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe
[Scan path] c:\program files\common files\symantec shared\virusdefs\20041117.006\naveng.sys
[Scan path] c:\program files\common files\symantec shared\virusdefs\20041117.006\navex15.sys
[Scan path] c:\program files\common files\system\ole db\oledb32.dll
[Scan path] c:\program files\flashget\jccatch.dll
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
[Scan path] c:\program files\hp\digital imaging\bin\hpdtlk02.dll
[Scan path] c:\program files\hp\digital imaging\bin\hpqtra08.exe
[Scan path] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
[Scan path] c:\program files\internet explorer\iexplore.exe
[Scan path] c:\program files\intervideo\common\bin\winremote.exe
[Scan path] c:\program files\ipod\bin\ipodservice.exe
[Scan path] c:\program files\itunes\ituneshelper.exe
[Scan path] c:\program files\itunes\itunesminiplayer.dll
[Scan path] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
[Scan path] c:\program files\messenger\msmsgs.exe
[Scan path] c:\program files\msn messenger\fsshext.8.0.0812.00.dll
[Scan path] c:\program files\msn messenger\msgrapp.8.0.0812.00.dll
[Scan path] c:\program files\msn messenger\msnmsgr.exe
[Scan path] c:\program files\norton internet security\issvc.exe
[Scan path] c:\program files\norton internet security\norton antivirus\navapsvc.exe
[Scan path] c:\program files\norton internet security\norton antivirus\navshext.dll
[Scan path] c:\program files\norton internet security\norton antivirus\savrt.sys
[Scan path] c:\program files\norton internet security\norton antivirus\savrtpel.sys
[Scan path] c:\program files\norton internet security\norton antivirus\savscan.exe
[Scan path] c:\program files\outlook express\setup50.exe
[Scan path] c:\program files\outlook express\wabfind.dll
[Scan path] c:\program files\real\realplayer\rpshell.dll
[Scan path] c:\program files\sonic recordnow!\shlext.dll
[Scan path] c:\program files\symantec\symevent.sys
[Scan path] c:\program files\updates from hp\309731\program\updates from hp.exe
[Scan path] c:\program files\windows live toolbar\msntb.dll
[Scan path] c:\program files\winrar\rarext.dll
[Scan path] c:\windows\creator\remind_xp.exe
[Scan path] c:\windows\explorer.exe
[Scan path] c:\windows\ime\imjp8_1\imjpmig.exe
[Scan path] c:\windows\ime\imkr6_1\imekrmig.exe
[Scan path] c:\windows\inf\unregmp2.exe
[Scan path] c:\windows\microsoft.net\framework\v1.1.4322\aspnet_state.exe
[Scan path] c:\windows\msagent\agentpsh.dll
[Scan path] c:\windows\sminst\recguard.exe
[Scan path] c:\windows\system32\advapi32.dll
[Scan path] c:\windows\system32\advpack.dll
[Scan path] c:\windows\system32\alg.exe
[Scan path] c:\windows\system32\appwiz.cpl
[Scan path] c:\windows\system32\autochk.exe
[Scan path] c:\windows\system32\browseui.dll
[Scan path] c:\windows\system32\cabview.dll
[Scan path] c:\windows\system32\cdfview.dll
[Scan path] c:\windows\system32\cisvc.exe
[Scan path] c:\windows\system32\clipsrv.exe
[Scan path] c:\windows\system32\cnbjmon.dll
[Scan path] c:\windows\system32\comdlg32.dll
[Scan path] c:\windows\system32\crypt32.dll
[Scan path] c:\windows\system32\cryptext.dll
[Scan path] c:\windows\system32\cryptnet.dll
[Scan path] c:\windows\system32\cscdll.dll
[Scan path] c:\windows\system32\cscui.dll
[Scan path] c:\windows\system32\csrss.exe
[Scan path] c:\windows\system32\ctfmon.exe
[Scan path] c:\windows\system32\deskadp.dll
[Scan path] c:\windows\system32\deskmon.dll
[Scan path] c:\windows\system32\deskperf.dll
[Scan path] c:\windows\system32\dfsshlex.dll
[Scan path] c:\windows\system32\diskcopy.dll
[Scan path] c:\windows\system32\dllhost.exe
[Scan path] c:\windows\system32\dmadmin.exe
[Scan path] c:\windows\system32\docprop.dll
[Scan path] c:\windows\system32\docprop2.dll
[Scan path] c:\windows\system32\drivers\acpi.sys
[Scan path] c:\windows\system32\drivers\aec.sys
[Scan path] c:\windows\system32\drivers\afd.sys
[Scan path] c:\windows\system32\drivers\arp1394.sys
[Scan path] c:\windows\system32\drivers\asyncmac.sys
[Scan path] c:\windows\system32\drivers\atapi.sys

ALEXYUI

[Scan path] c:\windows\system32\drivers\atmarpc.sys
[Scan path] c:\windows\system32\drivers\audstub.sys
[Scan path] c:\windows\system32\drivers\avgascln.sys
[Scan path] c:\windows\system32\drivers\cap7134.sys
[Scan path] c:\windows\system32\drivers\ccdecode.sys
[Scan path] c:\windows\system32\drivers\cdrom.sys
[Scan path] c:\windows\system32\drivers\disk.sys
[Scan path] c:\windows\system32\drivers\dmboot.sys
[Scan path] c:\windows\system32\drivers\dmio.sys
[Scan path] c:\windows\system32\drivers\dmload.sys
[Scan path] c:\windows\system32\drivers\dmusic.sys
[Scan path] c:\windows\system32\drivers\drmkaud.sys
[Scan path] c:\windows\system32\drivers\fdc.sys
[Scan path] c:\windows\system32\drivers\flpydisk.sys
[Scan path] c:\windows\system32\drivers\fltmgr.sys
[Scan path] c:\windows\system32\drivers\fsvga.sys
[Scan path] c:\windows\system32\drivers\ftdisk.sys
[Scan path] c:\windows\system32\drivers\gearaspiwdm.sys
[Scan path] c:\windows\system32\drivers\hdaudbus.sys
[Scan path] c:\windows\system32\drivers\hidusb.sys
[Scan path] c:\windows\system32\drivers\http.sys
[Scan path] c:\windows\system32\drivers\i8042prt.sys
[Scan path] c:\windows\system32\drivers\ialmnt5.sys
[Scan path] c:\windows\system32\drivers\imapi.sys
[Scan path] c:\windows\system32\drivers\intelide.sys
[Scan path] c:\windows\system32\drivers\intelppm.sys
[Scan path] c:\windows\system32\drivers\ip6fw.sys
[Scan path] c:\windows\system32\drivers\ipfltdrv.sys
[Scan path] c:\windows\system32\drivers\ipinip.sys
[Scan path] c:\windows\system32\drivers\ipnat.sys
[Scan path] c:\windows\system32\drivers\ipsec.sys
[Scan path] c:\windows\system32\drivers\irenum.sys
[Scan path] c:\windows\system32\drivers\isapnp.sys
[Scan path] c:\windows\system32\drivers\iviaspi.sys
[Scan path] c:\windows\system32\drivers\kbdclass.sys
[Scan path] c:\windows\system32\drivers\kbdhid.sys
[Scan path] c:\windows\system32\drivers\kmixer.sys
[Scan path] c:\windows\system32\drivers\mouclass.sys
[Scan path] c:\windows\system32\drivers\mouhid.sys
[Scan path] c:\windows\system32\drivers\mrxdav.sys
[Scan path] c:\windows\system32\drivers\mrxsmb.sys
[Scan path] c:\windows\system32\drivers\msgpc.sys
[Scan path] c:\windows\system32\drivers\mskssrv.sys
[Scan path] c:\windows\system32\drivers\mspclock.sys
[Scan path] c:\windows\system32\drivers\mspqm.sys
[Scan path] c:\windows\system32\drivers\mssmbios.sys
[Scan path] c:\windows\system32\drivers\mstee.sys
[Scan path] c:\windows\system32\drivers\nabtsfec.sys
[Scan path] c:\windows\system32\drivers\ndisip.sys
[Scan path] c:\windows\system32\drivers\ndistapi.sys
[Scan path] c:\windows\system32\drivers\ndisuio.sys
[Scan path] c:\windows\system32\drivers\ndiswan.sys
[Scan path] c:\windows\system32\drivers\netbios.sys
[Scan path] c:\windows\system32\drivers\netbt.sys
[Scan path] c:\windows\system32\drivers\nic1394.sys
[Scan path] c:\windows\system32\drivers\npf.sys
[Scan path] c:\windows\system32\drivers\nv4_mini.sys
[Scan path] c:\windows\system32\drivers\nwlnkflt.sys
[Scan path] c:\windows\system32\drivers\nwlnkfwd.sys
[Scan path] c:\windows\system32\drivers\ohci1394.sys
[Scan path] c:\windows\system32\drivers\oreans32.sys
[Scan path] c:\windows\system32\drivers\parport.sys
[Scan path] c:\windows\system32\drivers\pci.sys
[Scan path] c:\windows\system32\drivers\pciide.sys
[Scan path] c:\windows\system32\drivers\pctsapu.sys
[Scan path] c:\windows\system32\drivers\pfc.sys
[Scan path] c:\windows\system32\drivers\phtvtune.sys
[Scan path] c:\windows\system32\drivers\ps2.sys
[Scan path] c:\windows\system32\drivers\psched.sys
[Scan path] c:\windows\system32\drivers\ptilink.sys
[Scan path] c:\windows\system32\drivers\pxhelp20.sys
[Scan path] c:\windows\system32\drivers\r8139n51.sys
[Scan path] c:\windows\system32\drivers\rasacd.sys
[Scan path] c:\windows\system32\drivers\rasl2tp.sys
[Scan path] c:\windows\system32\drivers\raspppoe.sys
[Scan path] c:\windows\system32\drivers\raspptp.sys
[Scan path] c:\windows\system32\drivers\raspti.sys
[Scan path] c:\windows\system32\drivers\rdbss.sys
[Scan path] c:\windows\system32\drivers\rdpcdd.sys
[Scan path] c:\windows\system32\drivers\redbook.sys
[Scan path] c:\windows\system32\drivers\rtkhdaud.sys
[Scan path] c:\windows\system32\drivers\secdrv.sys
[Scan path] c:\windows\system32\drivers\serenum.sys
[Scan path] c:\windows\system32\drivers\serial.sys
[Scan path] c:\windows\system32\drivers\slip.sys
[Scan path] c:\windows\system32\drivers\splitter.sys
[Scan path] c:\windows\system32\drivers\sr.sys
[Scan path] c:\windows\system32\drivers\srv.sys
[Scan path] c:\windows\system32\drivers\streamip.sys
[Scan path] c:\windows\system32\drivers\swenum.sys
[Scan path] c:\windows\system32\drivers\swmidi.sys
[Scan path] c:\windows\system32\drivers\symredrv.sys
[Scan path] c:\windows\system32\drivers\symtdi.sys
[Scan path] c:\windows\system32\drivers\sysaudio.sys

ALEXYUI

[Scan path] c:\windows\system32\drivers\tcpip.sys
[Scan path] c:\windows\system32\drivers\termdd.sys
[Scan path] c:\windows\system32\drivers\update.sys
[Scan path] c:\windows\system32\drivers\usbccgp.sys
[Scan path] c:\windows\system32\drivers\usbehci.sys
[Scan path] c:\windows\system32\drivers\usbhub.sys
[Scan path] c:\windows\system32\drivers\usbstor.sys
[Scan path] c:\windows\system32\drivers\usbuhci.sys
[Scan path] c:\windows\system32\drivers\vga.sys
[Scan path] c:\windows\system32\drivers\viaide.sys
[Scan path] c:\windows\system32\drivers\wanarp.sys
[Scan path] c:\windows\system32\drivers\wdmaud.sys
[Scan path] c:\windows\system32\drivers\wstcodec.sys
[Scan path] c:\windows\system32\dskquoui.dll
[Scan path] c:\windows\system32\dsquery.dll
[Scan path] c:\windows\system32\dssec.dll
[Scan path] c:\windows\system32\dsuiext.dll
[Scan path] c:\windows\system32\dumprep.exe
[Scan path] c:\windows\system32\extmgr.dll
[Scan path] c:\windows\system32\fontext.dll
[Scan path] c:\windows\system32\gdi32.dll
[Scan path] c:\windows\system32\hphmon06.exe
[Scan path] c:\windows\system32\hticons.dll
[Scan path] c:\windows\system32\icmui.dll
[Scan path] c:\windows\system32\ie4uinit.exe
[Scan path] c:\windows\system32\igfxsrvc.dll
[Scan path] c:\windows\system32\igfxtray.exe
[Scan path] c:\windows\system32\imagehlp.dll
[Scan path] c:\windows\system32\imapi.exe
[Scan path] c:\windows\system32\ime\pintlgnt\imscinst.exe
[Scan path] c:\windows\system32\ime\tintlgnt\tintsetp.exe
[Scan path] c:\windows\system32\inetcomm.dll
[Scan path] c:\windows\system32\itss.dll
[Scan path] c:\windows\system32\kerberos.dll
[Scan path] c:\windows\system32\kernel32.dll
[Scan path] c:\windows\system32\localspl.dll
[Scan path] c:\windows\system32\locator.exe
[Scan path] c:\windows\system32\logon.scr
[Scan path] c:\windows\system32\logonui.exe
[Scan path] c:\windows\system32\lsass.exe
[Scan path] c:\windows\system32\lz32.dll
[Scan path] c:\windows\system32\mmcshext.dll
[Scan path] c:\windows\system32\mmsys.cpl
[Scan path] c:\windows\system32\mnmsrvc.exe
[Scan path] c:\windows\system32\mscoree.dll
[Scan path] c:\windows\system32\mscories.dll
[Scan path] c:\windows\system32\msdtc.exe
[Scan path] c:\windows\system32\mshtml.dll
[Scan path] c:\windows\system32\msieftp.dll
[Scan path] c:\windows\system32\msiexec.exe
[Scan path] c:\windows\system32\mstask.dll
[Scan path] c:\windows\system32\msv1_0.dll
[Scan path] c:\windows\system32\msvidctl.dll
[Scan path] c:\windows\system32\mswsock.dll
[Scan path] c:\windows\system32\mydocs.dll
[Scan path] c:\windows\system32\netdde.exe
[Scan path] c:\windows\system32\netplwiz.dll
[Scan path] c:\windows\system32\netshell.dll
[Scan path] c:\windows\system32\ntlanui2.dll
[Scan path] c:\windows\system32\ntsd.exe
[Scan path] c:\windows\system32\ntshrui.dll
[Scan path] c:\windows\system32\nvcpl.dll
[Scan path] c:\windows\system32\nvshell.dll
[Scan path] c:\windows\system32\nvsvc32.exe
[Scan path] c:\windows\system32\nwiz.exe
[Scan path] c:\windows\system32\occache.dll
[Scan path] c:\windows\system32\ole32.dll
[Scan path] c:\windows\system32\oleaut32.dll
[Scan path] c:\windows\system32\olecli32.dll
[Scan path] c:\windows\system32\olecnv32.dll
[Scan path] c:\windows\system32\olesvr32.dll
[Scan path] c:\windows\system32\olethk32.dll
[Scan path] c:\windows\system32\photowiz.dll
[Scan path] c:\windows\system32\pjlmon.dll
[Scan path] c:\windows\system32\printui.dll
[Scan path] c:\windows\system32\ps2.exe
[Scan path] c:\windows\system32\regsvr32.exe
[Scan path] c:\windows\system32\remotepg.dll
[Scan path] c:\windows\system32\rpcrt4.dll
[Scan path] c:\windows\system32\rpcss.dll
[Scan path] c:\windows\system32\rshx32.dll
[Scan path] c:\windows\system32\rsvp.exe
[Scan path] c:\windows\system32\rsvpsp.dll
[Scan path] c:\windows\system32\rundll32.exe
[Scan path] c:\windows\system32\scardsvr.exe
[Scan path] c:\windows\system32\scecli.dll
[Scan path] c:\windows\system32\schannel.dll
[Scan path] c:\windows\system32\sclgntfy.dll
[Scan path] c:\windows\system32\sendmail.dll
[Scan path] c:\windows\system32\services.exe
[Scan path] c:\windows\system32\sessmgr.exe
[Scan path] c:\windows\system32\setup\fxsocm.dll
[Scan path] c:\windows\system32\shdocvw.dll
[Scan path] c:\windows\system32\shell32.dll
[Scan path] c:\windows\system32\shellvrtf.dll
[Scan path] c:\windows\system32\shimgvw.dll
[Scan path] c:\windows\system32\shmedia.dll
[Scan path] c:\windows\system32\shmgrate.exe
[Scan path] c:\windows\system32\shscrap.dll
[Scan path] c:\windows\system32\slayerxp.dll
[Scan path] c:\windows\system32\smlogsvc.exe
[Scan path] c:\windows\system32\smss.exe
[Scan path] c:\windows\system32\spoolsv.exe
[Scan path] c:\windows\system32\stobject.dll
[Scan path] c:\windows\system32\svchost.exe
[Scan path] c:\windows\system32\syncui.dll
[Scan path] c:\windows\system32\tcpmon.dll
[Scan path] c:\windows\system32\themeui.dll
[Scan path] c:\windows\system32\twext.dll
[Scan path] c:\windows\system32\ups.exe
[Scan path] c:\windows\system32\url.dll
[Scan path] c:\windows\system32\urlmon.dll
[Scan path] c:\windows\system32\usbmon.dll
[Scan path] c:\windows\system32\user32.dll
[Scan path] c:\windows\system32\version.dll
[Scan path] c:\windows\system32\vssvc.exe
[Scan path] c:\windows\system32\wbem\wmiapsrv.exe
[Scan path] c:\windows\system32\wdigest.dll
[Scan path] c:\windows\system32\webcheck.dll
[Scan path] c:\windows\system32\wiascr.dll
[Scan path] c:\windows\system32\wiashext.dll
[Scan path] c:\windows\system32\wininet.dll
[Scan path] c:\windows\system32\winlogon.exe
[Scan path] c:\windows\system32\wldap32.dll
[Scan path] c:\windows\system32\wlnotify.dll
[Scan path] c:\windows\system32\wmpshell.dll
[Scan path] c:\windows\system32\wshext.dll
[Scan path] c:\windows\system32\wuauclt.exe
[Scan path] c:\windows\system32\wuaucpl.cpl
[Scan path] c:\windows\system32\zipfldr.dll
[Scan path] c:\windows\system\hpsysdrv.exe

ALEXYUI

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 329
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 7100 Kb/s
Scan time: 00:00:13
-----------------------------------------------------------------------------

[Scan path] C:\
C:\hiberfil.sys - read error
C:\_desktop.ini infected with Win32.HLLW.Gavir.ini - deleted
C:\Documents and Settings\HP_Owner\(R)酯崤CA0XYBCT - read error
C:\Documents and Settings\HP_Owner\(R)酯崤CAY3ODQD - read error
C:\Documents and Settings\HP_Owner\(R)酯崤CAZWH33C - read error
C:\Documents and Settings\HP_Owner.YOUR-6A15ACD7C6\ntuser.dat - read error
C:\Documents and Settings\HP_Owner.YOUR-6A15ACD7C6\NTUSER~1.LOG - read error
C:\Documents and Settings\HP_Owner.YOUR-6A15ACD7C6\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\HP_Owner.YOUR-6A15ACD7C6\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\HP_Owner.YOUR-6A15ACD7C6\(R)酯崤CrossgatePUK3\CrossgatePUK3\Cg_5006.exe probably infected with DLOADER.Trojan
C:\Documents and Settings\HP_Owner.YOUR-6A15ACD7C6\(R)酯崤CrossgatePUK3\CrossgatePUK3\qq.exe probably infected with DLOADER.Trojan
C:\Documents and Settings\HP_Owner.YOUR-6A15ACD7C6\(R)酯崤PetCalc_2006\?☆孕~1.RMV - read error
C:\Documents and Settings\LocalService\ntuser.dat - read error
C:\Documents and Settings\LocalService\NTUSER~1.LOG - read error
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
>>C:\Program Files\ESET\infected\1QIA3KAA.NQF>C:\Program Files\ESET\infected\2HVZ3QDA.NQF infected with Trojan.PWS.Lineage - deleted
>C:\Program Files\ESET\infected\2L1A25AA.NQF infected with Win32.HLLW.Gavir.54 - cured
>C:\Program Files\ESET\infected\2OOY40BA.NQF infected with Trojan.PWS.Lineage - deleted
>C:\Program Files\ESET\infected\3FK2XPCA.NQF infected with Trojan.PWS.Lineage - deleted
>C:\Program Files\ESET\infected\4XCFXODA.NQF infected with Win32.HLLW.Gavir.54 - cured
>>>C:\Program Files\ESET\infected\4YE4JKBA.NQF infected with Trojan.DownLoader.11923 - deleted
>C:\Program Files\ESET\infected\5LGWD1BA.NQF infected with Trojan.PWS.Qqpass.373 - deleted
>C:\Program Files\ESET\infected\F3DXCABA.NQF infected with Trojan.PWS.Lineage - deleted
>C:\Program Files\ESET\infected\GHGXOBDA.NQF infected with Trojan.PWS.Lineage - deleted
>C:\Program Files\ESET\infected\GKVCRLAA.NQF infected with Trojan.PWS.Wool - deleted
>C:\Program Files\ESET\infected\GOM4VGCA.NQF infected with Trojan.PWS.Lineage - deleted
>C:\Program Files\ESET\infected\IIALJTBA.NQF infected with Win32.HLLW.Gavir.54 - cured
>C:\Program Files\ESET\infected\IZDJ1QBA.NQF infected with BackDoor.Bifrost - deleted
>>C:\Program Files\ESET\infected\JCGBOBDA.NQF infected with Trojan.PWS.Lineage - deleted
>C:\Program Files\ESET\infected\KGIOEMDA.NQF infected with Win32.HLLW.Gavir.54 - cured
>C:\Program Files\ESET\infected\LG11ZUAA.NQF infected with Win32.HLLW.Gavir.54 - incurable - moved
>C:\Program Files\ESET\infected\LHUCBGAA.NQF infected with Win32.HLLW.Gavir.54 - cured
>C:\Program Files\ESET\infected\MDYDLUCA.NQF infected with Trojan.PWS.Lineage - deleted
>C:\Program Files\ESET\infected\MZEW4YCA.NQF infected with Trojan.PWS.Lineage - deleted
>C:\Program Files\ESET\infected\N23CWGAA.NQF infected with Trojan.PWS.Qqpass.373 - deleted
>C:\Program Files\ESET\infected\N2VXDRAA.NQF infected with Trojan.PWS.Legmir.681 - deleted
>>C:\Program Files\ESET\infected\O5D1C4CA.NQF>>C:\Program Files\ESET\infected\OHEPFUBA.NQF infected with Trojan.PWS.Wool - deleted
>C:\Program Files\ESET\infected\POO3W0AA.NQF infected with Trojan.PWS.Qqpass.373 - deleted
>C:\Program Files\ESET\infected\Q5PV4DAA.NQF infected with Win32.HLLW.Gavir.54 - cured
>C:\Program Files\ESET\infected\QVJ2KEBA.NQF infected with Win32.HLLW.Gavir.54 - cured
>C:\Program Files\ESET\infected\QXJK2GAA.NQF infected with BackDoor.Pigeon.775 - deleted
>C:\Program Files\ESET\infected\RH2BCCCA.NQF infected with Win32.HLLW.Gavir.54 - cured
>>C:\Program Files\ESET\infected\RISIAJAA.NQF infected with Trojan.Killer - deleted
>>C:\Program Files\ESET\infected\RWJCK2DA.NQF infected with Trojan.PWS.Wool - deleted
>>C:\Program Files\ESET\infected\TCLGFDBA.NQF infected with Trojan.PWS.Tencent - deleted
>>C:\Program Files\ESET\infected\VXOXWHBA.NQF infected with Trojan.PWS.Qqpass.373 - deleted
>>C:\Program Files\ESET\infected\WE1ZE2AA.NQF infected with Trojan.MulDrop.4194 - deleted
>C:\Program Files\ESET\infected\XABRMCCA.NQF infected with Win32.HLLW.Gavir.54 - cured
>C:\Program Files\ESET\infected\XJKPBVCA.NQF infected with Trojan.PWS.Qqpass.373 - deleted
>C:\Program Files\ESET\infected\YWNNTYBA.NQF infected with Trojan.PWS.Qqpass.373 - deleted
>C:\Program Files\Internet Explorer\9Sy.exe infected with Trojan.PWS.Legmir.805 - deleted
>>C:\Program Files\Internet Explorer\CSRSS.Vexe\data001 infected with Trojan.PWS.Legmir.730
>>C:\Program Files\Internet Explorer\CSRSS.Vexe\data002 infected with Trojan.PWS.Zhengtu
C:\Program Files\Internet Explorer\CSRSS.Vexe - archive contains infected objects - moved
>C:\Program Files\Internet Explorer\EXPLORER.EXE infected with Trojan.PWS.Qqpass.395 - deleted
C:\Program Files\Internet Explorer\RUNDLL32.exe infected with Trojan.PWS.Wsgame - deleted
>C:\Program Files\Internet Explorer\SERVICES.EXEC:\Program Files\Internet Explorer\SVCHOST.EXE infected with Trojan.PWS.Zhengtu - deleted
C:\Program Files\Internet Explorer\PLUGINS\HMAPI.DLL infected with Trojan.DownLoader.15581 - deleted
C:\Program Files\Internet Explorer\PLUGINS\IPictureEx.dll infected with Trojan.DownLoader.15581 - deleted
C:\Program Files\Internet Explorer\PLUGINS\nppdf.dll infected with Trojan.MulDrop.4551 - deleted
C:\Program Files\Internet Explorer\PLUGINS\nppdfx.dll infected with Trojan.DownLoader.14932 - deleted
>C:\Program Files\Internet Explorer\PLUGINS\system.jmp infected with Trojan.PWS.Qqpass.395 - deleted
>C:\Program Files\Internet Explorer\PLUGINS\__delete_on_reboot__s_y_s_t_e_m_H_k_._s_y_s_ infected with Trojan.PWS.Qqpass.395 - will be cured after reboot

ALEXYUI

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 49969
Infected objects found: 48
Objects with modifications found: 0
Suspicious objects found: 2
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 9
Objects deleted: 35
Objects renamed: 0
Objects moved: 2
Objects ignored: 0
Scan speed: 3095 Kb/s
Scan time: 00:21:23
-----------------------------------------------------------------------------

Scanning interrupted by user! - viruses found
=============================================================================
Total session statistics
=============================================================================
Objects scanned: 50298
Infected objects found: 48
Objects with modifications found: 0
Suspicious objects found: 2
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 9
Objects deleted: 35
Objects renamed: 0
Objects moved: 2
Objects ignored: 0
Scan speed: 3135 Kb/s
Scan time: 00:21:36
=============================================================================

=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10060)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2007-01-10, 21:35:08 [HP_Owner]
Command-line: "C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Home Edition x86 (Build 2600), Service Pack 2
=============================================================================
Engine version: 4.33 (4.33.5.10110)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - 582 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43369.cdb - 687 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43368.cdb - 1099 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43367.cdb - 1834 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43366.cdb - 4015 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43365.cdb - 1342 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43364.cdb - 1335 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43363.cdb - 1152 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43362.cdb - 1006 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43361.cdb - 879 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43360.cdb - 988 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43359.cdb - 1205 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43358.cdb - 1139 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43357.cdb - 1302 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43346.cdb - 1428 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records

ALEXYUI

[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\cwrtoday.cdb - 380 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\cwntoday.cdb - 371 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\cwn43306.cdb - 781 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\cwn43305.cdb - 752 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\cwn43301.cdb - 772 virus records
[Virus base] C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
Total virus records: 166741
Key file: C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\RarSFX0\cureit.key
License key number: 0000000010
Registered to: Dr.Web CureIt Project
License key activates: 2005-03-05
License key expires: 2007-03-05

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

ALEXYUI

[Scan path] c:\documents and settings\all users\「開(c)l」功能表\程式集\啟動\desktop.ini
[Scan path] c:\documents and settings\hp_owner.your-6a15acd7c6\local settings\temp\rarsfx0\_start.exe
[Scan path] c:\documents and settings\hp_owner.your-6a15acd7c6\local settings\temp\rarsfx0\cureit.exe
[Scan path] c:\documents and settings\hp_owner.your-6a15acd7c6\「開(c)l」功能表\程式集\啟動\desktop.ini
[Scan path] c:\documents and settings\hp_owner.your-6a15acd7c6\(R)酯崤drweb-cureit.exe
[Scan path] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
[Scan path] c:\hp\kbd\kbd.exe
[Scan path] c:\program files\21cn\vgo\vgoiebho.dll
[Scan path] c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll
[Scan path] c:\program files\common files\installshield\updateservice\issch.exe
[Scan path] c:\program files\common files\installshield\updateservice\isuspm.exe
[Scan path] c:\program files\common files\intervideo\schsvr\schsvr.exe
[Scan path] c:\program files\common files\lightscribe\lssrvc.exe
[Scan path] c:\program files\common files\real\update_ob\realsched.exe
[Scan path] c:\program files\common files\symantec shared\ccapp.exe
[Scan path] c:\program files\common files\symantec shared\ccevtmgr.exe
[Scan path] c:\program files\common files\symantec shared\ccproxy.exe
[Scan path] c:\program files\common files\symantec shared\ccpwdsvc.exe
[Scan path] c:\program files\common files\symantec shared\ccsetmgr.exe
[Scan path] c:\program files\common files\symantec shared\security center\symwsc.exe
[Scan path] c:\program files\common files\symantec shared\security center\usrprmpt.exe
[Scan path] c:\program files\common files\symantec shared\sndsrvc.exe
[Scan path] c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys
[Scan path] c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe
[Scan path] c:\program files\common files\symantec shared\virusdefs\20041117.006\naveng.sys
[Scan path] c:\program files\common files\symantec shared\virusdefs\20041117.006\navex15.sys
[Scan path] c:\program files\common files\system\ole db\oledb32.dll
[Scan path] c:\program files\flashget\jccatch.dll
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
[Scan path] c:\program files\hp\digital imaging\bin\hpdtlk02.dll
[Scan path] c:\program files\hp\digital imaging\bin\hpqtra08.exe
[Scan path] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
[Scan path] c:\program files\internet explorer\iexplore.exe
[Scan path] c:\program files\intervideo\common\bin\winremote.exe
[Scan path] c:\program files\ipod\bin\ipodservice.exe
[Scan path] c:\program files\itunes\ituneshelper.exe
[Scan path] c:\program files\itunes\itunesminiplayer.dll
[Scan path] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
[Scan path] c:\program files\messenger\msmsgs.exe
[Scan path] c:\program files\msn messenger\fsshext.8.0.0812.00.dll
[Scan path] c:\program files\msn messenger\msgrapp.8.0.0812.00.dll
[Scan path] c:\program files\msn messenger\msnmsgr.exe
[Scan path] c:\program files\norton internet security\issvc.exe
[Scan path] c:\program files\norton internet security\norton antivirus\navapsvc.exe
[Scan path] c:\program files\norton internet security\norton antivirus\navshext.dll
[Scan path] c:\program files\norton internet security\norton antivirus\savrt.sys
[Scan path] c:\program files\norton internet security\norton antivirus\savrtpel.sys
[Scan path] c:\program files\norton internet security\norton antivirus\savscan.exe
[Scan path] c:\program files\outlook express\setup50.exe
[Scan path] c:\program files\outlook express\wabfind.dll
[Scan path] c:\program files\real\realplayer\rpshell.dll
[Scan path] c:\program files\sonic recordnow!\shlext.dll
[Scan path] c:\program files\symantec\symevent.sys
[Scan path] c:\program files\updates from hp\309731\program\updates from hp.exe
[Scan path] c:\program files\windows live toolbar\msntb.dll
[Scan path] c:\program files\winrar\rarext.dll
[Scan path] c:\windows\creator\remind_xp.exe
[Scan path] c:\windows\explorer.exe
[Scan path] c:\windows\ime\imjp8_1\imjpmig.exe
[Scan path] c:\windows\ime\imkr6_1\imekrmig.exe
[Scan path] c:\windows\inf\unregmp2.exe
[Scan path] c:\windows\microsoft.net\framework\v1.1.4322\aspnet_state.exe
[Scan path] c:\windows\msagent\agentpsh.dll
[Scan path] c:\windows\sminst\recguard.exe
[Scan path] c:\windows\system32\advapi32.dll
[Scan path] c:\windows\system32\advpack.dll
[Scan path] c:\windows\system32\alg.exe
[Scan path] c:\windows\system32\appwiz.cpl
[Scan path] c:\windows\system32\autochk.exe
[Scan path] c:\windows\system32\browseui.dll
[Scan path] c:\windows\system32\cabview.dll
[Scan path] c:\windows\system32\cdfview.dll
[Scan path] c:\windows\system32\cisvc.exe
[Scan path] c:\windows\system32\clipsrv.exe
[Scan path] c:\windows\system32\cnbjmon.dll
[Scan path] c:\windows\system32\comdlg32.dll
[Scan path] c:\windows\system32\crypt32.dll
[Scan path] c:\windows\system32\cryptext.dll
[Scan path] c:\windows\system32\cryptnet.dll
[Scan path] c:\windows\system32\cscdll.dll
[Scan path] c:\windows\system32\cscui.dll
[Scan path] c:\windows\system32\csrss.exe
[Scan path] c:\windows\system32\ctfmon.exe