关于http://ala.union123.com主页被修改问题！

Quote:

今天新装的系统，不怎样染上了这个垃圾东西，主页被修改了，可以改回空白页，IE属性无什么严重问题（如图1）！但就是重启后又被修改为这hXXp://ala.union123.com垃圾主页，而且每次开机也会生成(如下图2)的快捷方式，这个快捷方式删了，重启又会自动生成！KV2007升级到最新杀了几个毒后一样还会这样，用IE修复工具强力修复过后一样不能解决，用安全卫士修复也没解决！更奇怪的是启动项已经清理得很干净了！下面是我用SREng扫到的报告，希望高手能指点一下手杀方案！

2007-01-09,20:52:21
System Repair Engineer 2.3.13.690
Smallfrogs http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中：
  所有的启动项目（包括注册表、启动文件夹、服务等）
  浏览器加载项
  正在运行的进程（包括进程模块信息）
  文件关联
  Winsock 提供者
  Autorun.inf
  HOSTS 文件

启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <KVMON><"C:\Program Files\JiangMin\AntiVirus\KVMonXP.kxp"> [Jiangmin Co.Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe> [(Verified)Microsoft Corporation]
  <Userinit><userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  <PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Corporation]
  <CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Corporation]
  <WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Corporation]
  <SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
  <WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
  <WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
  <WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
  <WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
  <WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
  <WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
  <WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
  <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Corporation]
  <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
  <SCRNSAVE.EXE><C:\WINDOWS\system32\KVSCRK~1.SCR> [Jiangmin Co., Ltd.]
==================================
启动文件夹
N/A
==================================
服务
[E0F42303 / E0F42303][Stopped/Auto Start]
<C:\WINDOWS\system32\E0F42303.EXE -service><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[KVSrvXP / KVSrvXP][Running/Auto Start]
<C:\Program Files\JiangMin\AntiVirus\kvsrvxp.exe /Service><Jiangmin Co., Ltd.>
[KVWSC / KVWSC][Running/Auto Start]
<"C:\Program Files\JiangMin\AntiVirus\KVWSC.exe"><Jiangmin Co.,Ltd>
[Microsoft Update Service / lDOMANE][Stopped/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\FNHED.DLL,Export 1087><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\mspmsnsv.dll><Microsoft Corporation>
==================================
驱动程序
[BsDeamon / BsDeamon][Running/System Start]
<\??\C:\PROGRA~1\JiangMin\ANTIVI~1\BsDeamon.sys><Jiangmin Co.,Ltd.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
<\??\G:\INSTALL\GMSIPCI.SYS><N/A>
[KRegEx / KRegEx][Running/System Start]
<\??\C:\PROGRA~1\JiangMin\ANTIVI~1\KRegEx.sys><Jiangmin Co. Ltd.>
[KSysCall Service / KSysCall][Running/System Start]
<\??\C:\PROGRA~1\JiangMin\common\KSysCall.sys><Jiangmin Co., Ltd.>
[KSysMon / KSysMon][Running/System Start]
<\??\C:\PROGRA~1\JiangMin\ANTIVI~1\KSysMon.sys><Jiangmin Co. Ltd.>
[KVDP / KVDP][Running/Manual Start]
<\??\C:\Program Files\JiangMin\AntiVirus\KVDP.sys><Jiangmin Co., Ltd.>
[KVRedir / KVRedir][Running/Manual Start]
<\??\C:\Program Files\JiangMin\AntiVirus\KVREDIR.SYS><Jiangmin Co., Ltd.>
[MSICPL / MSICPL][Stopped/Manual Start]
<\??\G:\install4\MSICPL.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\d:\Program Files\Tencent\TM\**lls\npkcrypt.sys><INCA Internet Co., Ltd.>
[NTACCESS / NTACCESS][Stopped/Manual Start]
<\??\G:\NTACCESS.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[SetupNTGLM7X / SetupNTGLM7X][Stopped/Manual Start]
<\??\G:\NTGLM7X.sys><N/A>
[Microcode Update Driver / Update][Running/Manual Start]
<system32\DRIVERS\update.sys><Microsoft Corporation>
[viagfx / viagfx][Running/Manual Start]
<system32\DRIVERS\vtmini.sys><Copyright (C) VIA/S3 Graphics Co, Ltd.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[viamraid / viamraid][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[Vinyl AC'97 Audio Controller (WDM) / VIAudio][Running/Manual Start]
<system32\drivers\vinyl97.sys><VIA Technologies, Inc.>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Running/Manual Start]
<\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
==================================
浏览器加载项
[XBTP02083 Class]
{336BA351-3E92-40d7-8227-53E9F88ED488} <C:\PROGRA~1\搜阉索鞴工?~1\soso.dll, N/A>
[BrowseHelper Class]
{80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <C:\Program Files\JiangMin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[搜索工具栏]
{50E15C78-DC91-4ABE-A8DC-5261058BB7D8} <C:\Program Files\搜索工具栏\soso.dll, N/A>
[江民杀毒工具栏]
{B5A34A93-D538-43A7-8371-864CB6148D12} <C:\Program Files\JiangMin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[搜索工具栏]
{50E15C78-DC91-4ABE-A8DC-5261058BB7D8} <C:\Program Files\搜索工具栏\soso.dll, N/A>
[XBTP02083 Class]
{336BA351-3E92-40D7-8227-53E9F88ED488} <C:\PROGRA~1\搜阉索鞴工?~1\soso.dll, N/A>
[BrowseHelper Class]
{80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <C:\Program Files\JiangMin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder\ComDlls\XunLeiBHO_007.dll, N/A>
[江民杀毒工具栏]
{B5A34A93-D538-43A7-8371-864CB6148D12} <C:\Program Files\JiangMin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[&使用迅雷下载]
<D:\Program Files\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<D:\Program Files\Thunder\Program\getallurl.htm, N/A>
==================================
正在运行的进程
[PID: 564][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1912][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1980][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 152][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 168][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 380][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 464][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 576][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 948][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  [C:\Program Files\JiangMin\AntiVirus\KVshell.dll] [Jiangmin Co.Ltd, 1, 0, 6, 1026]
  [C:\WINDOWS\system32\HiveBase.dll] [Jiangmin Co., Ltd., 1, 0, 6, 1107]
  [C:\Program Files\JiangMin\AntiVirus\lang\kvxp0804.lng] [N/A, N/A]
  [C:\Program Files\JiangMin\common\GUIEXT.DLL] [Jiangmin Co.Ltd, 1, 0, 6, 1201]
  [C:\Program Files\JiangMin\common\lang\guiext0804.lng] [JiangMin Ltd., 7, 1, 0, 200]
  [C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[PID: 1300][C:\Program Files\JiangMin\AntiVirus\KVWSC.exe] [Jiangmin Co.,Ltd, 1, 0, 6, 919]
  [C:\Program Files\JiangMin\Kernel\EngFace.dll] [Jiangmin Co., Ltd., 2, 0, 6, 1201]
  [C:\WINDOWS\system32\HiveBase.dll] [Jiangmin Co., Ltd., 1, 0, 6, 1107]
[PID: 1360][C:\WINDOWS\system32\Media\services.exe] [N/A, N/A]
[PID: 1404][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[PID: 1448][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 676][C:\WINDOWS\system32\Media\services.exe] [N/A, N/A]
[PID: 1688][C:\WINDOWS\system32\DllHost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  [C:\Program Files\JiangMin\common\ComUI.dll] [Jiangmin Co,.Ltd, 1, 0, 6, 908]
  [C:\Program Files\JiangMin\common\ComUIPS.dll] [Jiangmin Co.Ltd, 1.0.0.808]
  [C:\Program Files\JiangMin\common\GUIEXT.DLL] [Jiangmin Co.Ltd, 1, 0, 6, 1201]
  [C:\WINDOWS\system32\HiveBase.dll] [Jiangmin Co., Ltd., 1, 0, 6, 1107]
  [C:\Program Files\JiangMin\common\lang\guiext0804.lng] [JiangMin Ltd., 7, 1, 0, 200]
[PID: 1684][C:\Program Files\锐捷网络\Ruijie Supplicant\8021x.exe] [锐捷网络, 2, 50, 0, 0]
  [C:\WINDOWS\system32\W32N50.dll] [Printing Communications Assoc., Inc. (PCAUSA), 5.03.16.54]
[PID: 1096][D:\Program Files\TheWorld 2.0\TheWorld.exe] [Phoenix Studio, 2, 0, 0, 9]
[PID: 788][D:\Program Files\SREng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
==================================
文件关联
.TXT Error. [notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. [hh.exe %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [notepad.exe %1]
.INF Error. [notepad.exe %1]
.VBS Error. [wscript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
N/A
==================================
API HOOK
N/A
==================================

---===本帖最后由 我有我自在 于 2007-1-9 22:25 编辑===---

服务
[E0F42303 / E0F42303][Stopped/Auto Start]
<C:\WINDOWS\system32\E0F42303.EXE -service><Microsoft Corporation>
[Microsoft Update Service / lDOMANE][Stopped/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\FNHED.DLL,Export 1087><N/A>
驱动
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
<\??\G:\INSTALL\GMSIPCI.SYS><N/A>
[MSICPL / MSICPL][Stopped/Manual Start]
<\??\G:\install4\MSICPL.sys><N/A>
[NTACCESS / NTACCESS][Stopped/Manual Start]
<\??\G:\NTACCESS.sys><N/A>
[XBTP02083 Class]
{336BA351-3E92-40d7-8227-53E9F88ED488} <C:\PROGRA~1\搜阉索鞴工?~1\soso.dll, N/A>
[搜索工具栏]
{50E15C78-DC91-4ABE-A8DC-5261058BB7D8} <C:\Program Files\搜索工具栏\soso.dll, N/A>
文件关联
。CHM Error. [hh.exe %1]
.INI Error. [notepad.exe %1]
.INF Error. [notepad.exe %1]
.VBS Error. [wscript.exe "%1" %*]
.
TXT Error. [notepad.exe %1]


修复以上项目，同时删除相应文件。