Q:
【求助】C:\WINDOWS\svchost.exe
工作行程中出現這個東西C:\WINDOWS\svchost.exe
無法結束工作行程,也不能刪除,該svchost.exe創建的日期是今天?
註冊表run鍵值中有svc在執行,刪除後自動出現
winlogon.exe在任務管理器中有兩個一個ID 532
一個是744
諾頓一直提示有病毒,但是總殺不玩?
怎麼辦?是中了什麼毒?
2006-07-14,00:06:22
System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (
http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能
以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯
啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<svc><C:\WINDOWS\svchost.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<pdfFactory Dispatcher v1><C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe> [FinePrint Software, LLC]
<ccApp><; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [Symantec Corporation]
<vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe> [Symantec Corporation]
<svc><C:\WINDOWS\svchost.exe> []
<HotKeysCmds><; C:\WINDOWS\system32\hkcmd.exe> [Intel Corporation]
<IgfxTray><; C:\WINDOWS\system32\igfxtray.exe> [Intel Corporation]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<SoundMan><; SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\inituser.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll> [Symantec Corporation]
==================================
啟動資料夾
服務
[Symantec Event Manager / ccEvtMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
<"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch]
<"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[DameWare Mini Remote Control / DWMRCS]
<C:\WINDOWS\SYSTEM32\DWRCS.EXE -service><N/A>
[KDDelegateService / KDDelegateService]
<d:\Program Files\Kingdee\K3ERP\KDDelegateService.exe><KINGDEE>
[SavRoam / SavRoam]
<"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc]
<"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc]
<"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
<"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[VIPTray / VIPTray]
<2 - 系統找不到指定的文件。
><N/A>
==================================
瀏覽器載入項
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v5.dll, >
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IEYHlprObj Class]
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[Webacc Class]
{CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, >
[IEHlprObj Class]
{F5B3ECED-9BF3-4f7e-882B-A6E75343C499} <C:\Progra~1\NetMeeting\netinit.dll, Microsoft Corporation>
[iehelper]
{F651FCAA-F826-4922-8990-C6F99CC67AFC} <C:\WINDOWS\Win32ef.dll, N/A>
[google bar]
{FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A>
[比較購物搜索(&C)]
{A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} <C:\WINDOWS\YayaBands.dll, Eastday Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <, N/A>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v5.dll, >
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[MonitorURL Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A>
[HHCtrl Object]
{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[IEYHlprObj Class]
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation>
[XBTP03129 Class]
{6029B367-250A-4696-925C-641709CA7381} <C:\PROGRA~1\KUAISO~1\KUAISO~1.DLL, N/A>
[Kuaiso Toolsbar]
{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\Kuaiso Toolsbar\kuaiso_06040.dll, N/A>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[estAliveObj Class]
{A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, N/A>
[IEHlprObj Class]
{BA623AA0-9A82-4D0C-944C-0228CEA17780} <C:\Progra~1\Messenger\netshow.dll, N/A>
[Webacc Class]
{CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <, N/A>
[IEHlprObj Class]
{F5B3ECED-9BF3-4F7E-882B-A6E75343C499} <C:\Progra~1\NetMeeting\netinit.dll, Microsoft Corporation>
[iehelper]
{F651FCAA-F826-4922-8990-C6F99CC67AFC} <C:\WINDOWS\Win32ef.dll, N/A>
[google bar]
{FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A>
==================================
正在執行的工作行程
[PID: 664][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 720][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 744][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\NavLogon.dll] <Symantec Corporation><10.0.2.2000>
[PID: 788][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 800][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 968][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1016][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1080][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1132][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1168][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1328][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] <Symantec Corporation><103.5.6.3>
[PID: 1356][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.5.6.3>
[C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\BB.DLL] <Symantec Corporation><1,5,1,3>
[C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL] <Symantec Corporation><1,5,1,3>
[C:\Program Files\Common Files\Symantec Shared\ccSet.dll] <Symantec Corporation><103.5.6.3>
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL] <Symantec Corporation><103.5.6.3>
[PID: 1664][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\fppmon1.dll] <FinePrint Software, LLC><1.17>
[C:\WINDOWS\system32\fppr132.dll] <FinePrint Software, LLC><1.17>
[PID: 1804][C:\Program Files\Symantec AntiVirus\DefWatch.exe] <Symantec Corporation><10.0.2.2000>
[PID: 1828][C:\WINDOWS\SYSTEM32\DWRCS.EXE] <N/A><N/A>
[PID: 1956][C:\Program Files\Symantec AntiVirus\SavRoam.exe] <symantec><10.0.2.2000>
[C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll] <Symantec Corporation><10.0.2.2000>
[C:\WINDOWS\system32\CBA.DLL] <LANDesk Software Ltd.><6.12.0.140 E>
[C:\WINDOWS\system32\MsgSys.dll] <LANDesk Software Ltd.><6.12.0.140 E>
[C:\WINDOWS\system32\NTS.dll] <LANDesk Software Ltd.><6.12.0.141 E>
[C:\WINDOWS\system32\PDS.DLL] <LANDesk Software Ltd.><6.12.0.140 E>
[c:\program files\common files\symantec shared\ssc\ScsComms.dll] <Symantec Corporation><10.0.2.2000>
[PID: 244][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\hpwx3770.dll] <Hewlett-Packard><3.2.2.674>
[C:\WINDOWS\system32\hpgt3770.dll] <Hewlett-Packard><1.0.2.682>
[PID: 328][C:\Program Files\Symantec AntiVirus\Rtvscan.exe] <Symantec Corporation><10.0.2.2000>
[C:\WINDOWS\system32\CBA.DLL] <LANDesk Software Ltd.><6.12.0.140 E>
[C:\WINDOWS\system32\MsgSys.dll] <LANDesk Software Ltd.><6.12.0.140 E>
[C:\WINDOWS\system32\NTS.dll] <LANDesk Software Ltd.><6.12.0.141 E>
[C:\WINDOWS\system32\PDS.DLL] <LANDesk Software Ltd.><6.12.0.140 E>
[C:\Program Files\Symantec AntiVirus\NAVLU.dll] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL] <Symantec Corporation><10.0.2.2000>
[c:\program files\common files\symantec shared\ssc\ScsComms.dll] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Symantec AntiVirus\I2ldvp3.dll] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccDec.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\ccScan.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL] <Symantec Corporation><51.2.0.12>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060712.021\ccEraser.dll] <Symantec Corporation><106.1.5.2>
[C:\Program Files\Symantec AntiVirus\DefUtDCD.dll] <Symantec Corporation><3.1.13a.0>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060712.021\ecmsvr32.dll] <Symantec Corporation><61.1.0.11>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060712.021\NAVEX32a.DLL] <Symantec Corporation><20061.1.0.14>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060712.021\NAVENG32.DLL] <Symantec Corporation><20061.1.0.14>
[C:\Program Files\Symantec AntiVirus\NAVAP32.DLL] <Symantec Corporation><9.7.0.10>
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] <Symantec Corporation><9.7.0.10>
[C:\Program Files\Symantec AntiVirus\IMail.dll] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Symantec AntiVirus\NotesExt.dll] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Symantec AntiVirus\vpmsece3.dll] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll] <Symantec Corporation><1,5,1,3>
[C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><10.0.2.2000>
[PID: 592][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2976][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><7.0.5.2005092300>
[C:\WINDOWS\system32\svchost.dll] <><1, 0, 0, 1>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[C:\WINDOWS\system32\igfxpph.dll] <Intel Corporation><3.0.0.3847>
[C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.3847>
[C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.3847>
[C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.3847>
[C:\WINDOWS\system32\igfxdev.dll] <Intel Corporation><3.0.0.3847>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><10.0.2.2000>
[C:\WINDOWS\system32\igfxress.dll] <Intel Corporation><3.0.0.3847>
[C:\WINDOWS\system32\xunleibho_v5.dll] <><4, 3, 3, 30>
[C:\WINDOWS\Win32ef.dll] <N/A><N/A>
[C:\WINDOWS\vwwreg.dll] <N/A><N/A>
[PID: 3112][C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe] <FinePrint Software, LLC><1.17>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppr132.dll] <FinePrint Software, LLC><1.17>
[PID: 3128][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.5.6.3>
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL] <Symantec Corporation><103.5.6.3>
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL] <Symantec Corporation><103.5.6.3>
[C:\WINDOWS\system32\SYMREDIR.DLL] <Symantec Corporation><6.0.1.105>
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Symantec AntiVirus\SavEmail.dll] <Symantec Corporation><10.0.2.2000>
[PID: 3144][C:\PROGRA~1\SYMANT~1\VPTray.exe] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] <Symantec Corporation><9.7.0.10>
[C:\Program Files\Symantec AntiVirus\Cliproxy.dll] <Symantec Corporation><10.0.2.2000>
[C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL] <Symantec Corporation><10.0.2.2000>
[c:\program files\common files\symantec shared\ssc\ScsComms.dll] <Symantec Corporation><10.0.2.2000>
[C:\WINDOWS\system32\nts.dll] <LANDesk Software Ltd.><6.12.0.141 E>
[C:\WINDOWS\system32\cba.dll] <LANDesk Software Ltd.><6.12.0.140 E>
[C:\WINDOWS\system32\MsgSys.dll] <LANDesk Software Ltd.><6.12.0.140 E>
[C:\WINDOWS\system32\PDS.DLL] <LANDesk Software Ltd.><6.12.0.140 E>
[PID: 3168][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3336][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2384][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 532][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2644][C:\WINDOWS\system32\rdpclip.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3472][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 3632][C:\WINDOWS\system32\taskmgr.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 184][C:\WINDOWS\regedit.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3108][C:\DOCUME~1\wangquan\LOCALS~1\Temp\Rar$EX00.016\PrcView.exe] <PrcView><3.7.3.1>
[PID: 3796][C:\WINDOWS\svchost.exe] <N/A><N/A>
[PID: 3560][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A>
[PID: 3072][C:\DOCUME~1\wangquan\LOCALS~1\Temp\Rar$EX00.079\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
==================================
A:
用sreng刪除啟動專案
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<svc><C:\WINDOWS\svchost.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<svc><C:\WINDOWS\svchost.exe> []
重啟後在安全模式刪除
C:\WINDOWS\svchost.exe
如果刪除不了 請下載killbox強制刪除
除了上述問題外,還有以下需要處理的
建議修復操作時關閉其他所有的無關程式,包括IE瀏覽器等,建議將以下內容複製貼上去到記事本然後儲存以便操作。
請執行剛才用來做智慧式掃瞄的工具SREng,
在系統修復->瀏覽器載入項裡,勾選並b]刪除以下內容 ,都是些流氓軟件
[IEYHlprObj Class]
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[Webacc Class]
{CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, >
[IEHlprObj Class]
{F5B3ECED-9BF3-4f7e-882B-A6E75343C499} <C:\Progra~1\NetMeeting\netinit.dll, Microsoft Corporation>
[iehelper]
{F651FCAA-F826-4922-8990-C6F99CC67AFC} <C:\WINDOWS\Win32ef.dll, N/A>
[google bar]
{FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A>
[比較購物搜索(&C)]
{A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} <C:\WINDOWS\YayaBands.dll, Eastday Corporation>
[MonitorURL Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, N/A>
[IEYHlprObj Class]
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation>
[XBTP03129 Class]
{6029B367-250A-4696-925C-641709CA7381} <C:\PROGRA~1\KUAISO~1\KUAISO~1.DLL, N/A>
[Kuaiso Toolsbar]
{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\Kuaiso Toolsbar\kuaiso_06040.dll, N/A>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[estAliveObj Class]
{A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, N/A>
[IEHlprObj Class]
{BA623AA0-9A82-4D0C-944C-0228CEA17780} <C:\Progra~1\Messenger\netshow.dll, N/A>
[Webacc Class]
{CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <, N/A>
[IEHlprObj Class]
{F5B3ECED-9BF3-4F7E-882B-A6E75343C499} <C:\Progra~1\NetMeeting\netinit.dll, Microsoft Corporation>
[iehelper]
{F651FCAA-F826-4922-8990-C6F99CC67AFC} <C:\WINDOWS\Win32ef.dll, N/A>
[google bar]
{FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A>