2006-06-15, 01:24 PM | #1 |
榮譽會員
|
系統 - SREng常用操作說明 (2.0 RC2)
SREng常用操作說明 (2.0 RC2)
編輯、刪除、註釋註冊表啟動項 打開 SREng ,到「啟動專案」->「註冊表」,這裡顯示了註冊表裡大部分啟動項訊息,除了常說的run等啟動項外,2.0 RC2新增加了對 ShellServiceObjectDelayLoad 、 SharedTaskScheduler 、 ShellExecuteHooks 、 WinlogonNotify 的檢測,只是對 ShellServiceObjectDelayLoad 、 SharedTaskScheduler 、 ShellExecuteHooks 三類只能進行刪除操作,不能編輯。 SREng 2.0 RC2 還增加了顏色標識,紅色表示高危專案,藍色表示未知安全狀態專案。 編輯註冊表啟動項 點擊選擇一個需要編輯的註冊表啟動專案,然後點擊「編輯」按鈕就會出現編輯交談視窗,可以對「名字」和「值」進行修改編輯。 雙擊一個註冊表啟動專案也可以打開編輯交談視窗。 刪除註冊表啟動項 要刪除一個註冊表啟動項,點擊選擇一個需要刪除的註冊表啟動專案,然後點擊「刪除」按鈕,出現刪除確認交談視窗,點擊是刪除,點擊否取消。 註釋註冊表啟動項 每個註冊表啟動項前都有一個小勾,點擊去掉小勾就「註釋」了那個啟動項,對應值資料前會出現一個「;」好,表示已註釋專案,和在msconfig系統配置實用程式裡一樣,被註釋掉的啟動項將不起作用。 註:對於 ShellServiceObjectDelayLoad 、 SharedTaskScheduler 、 ShellExecuteHooks 三類,不能進行編輯和註釋操作,只可以進行刪除操作。 |
__________________ |
|
送花文章: 3,
|
2006-06-15, 01:26 PM | #2 (permalink) |
榮譽會員
|
調整服務啟動類型、刪除服務
SREng 2.0 RC2 增加了對系統驅動程式服務的掃瞄,打開 SREng ,到「啟動專案」->「服務」可以看到「Win32應用程式服務」和「驅動程式」兩個按鈕,按下相應按鈕彈出相應服務列表視窗(是可以最大化的視窗哦)。 一般情況下,我們經常操作的是「Win32應用程式服務」。 註:勾選「隱藏微軟服務」將隱藏發行者是微軟的服務,使服務列表看起來更加整潔,也可以減少誤操作系統服務的概率。 調整服務啟動類型 首先在列表中點擊選擇一個需要調整啟動類型的服務,然後點選「修改啟動類型」,再到「啟動類型」下拉列表裡選擇需要調整到的啟動類型:「Auto Start」、「Manual Start」或「Disabled」,最後點擊「設置」按鈕,出現確認交談視窗,點擊是確認,點擊否取消。 「Auto Start」表示「自動」 「Manual Start」表示「手動」 「Disabled」表示「已禁用」 刪除服務 首先在列表中點擊選擇一個需要刪除的服務,然後點選「刪除服務」,再點擊「設置」按鈕,出現警告交談視窗,請仔細閱讀警告交談視窗中的內容,確認是否繼續刪除服務的操作,點擊是取消,點擊否確認刪除。 「驅動程式」服務的相關操作基本和「Win32應用程式服務」的操作相同,不同之處是「驅動程式」的「啟動類型」裡還有「Boot Start」和「System Start」兩種啟動類型。 註:在服務列表裡 SREng 2.0 RC2 也增加了顏色標識,紅色表示高危專案,藍色表示未知安全狀態專案。 |
送花文章: 3,
|
2006-06-15, 01:29 PM | #3 (permalink) |
榮譽會員
|
系統修復
文件關聯修復 SREng 會自動判斷所列文件關聯是否正常,如果不正常會在「狀態」列顯示「錯誤」字樣並自動勾選,點擊「修復」按鈕即可修復。 Windows Shell修復 這裡列出了一些常見的系統限制專案,勾選需要修復的專案,點擊「修復」按鈕進行修復。 圖中舉例:修復註冊表編輯器的禁用 和 任務管理器的禁用。 Internet Explorer修復 這裡列出了常見的一些和IE相關的限制專案,勾選需要修復的專案,點擊「修復」按鈕進行修復。 圖中舉例:恢復IE主頁為「空白頁」 和 修復Internet選項交談視窗內容設置的禁用。 瀏覽器載入項修復 選擇一個需要刪除的瀏覽器載入項,點擊「刪除所選內容」可以刪除對應的瀏覽器載入項,在出現的確認交談視窗中,點擊是確認刪除,點擊否取消操作。 註:選擇一個瀏覽器載入項,去掉「已啟用」的勾選可以禁用該瀏覽器載入項。 自動修復 預定為「推薦修復級別」,修復所有已知Windows註冊表相關錯誤,點擊「修復」按鈕進行修復。 另一個級別是「高強修復級別」,將刪除系統內所有策略項。 |
送花文章: 3,
|
2006-06-15, 01:31 PM | #5 (permalink) |
榮譽會員
|
更多說明可見 System Repair Engineer(SREng) 作者 Smallfrogs 主頁:http://www.kztechs.com/
System Repair Engineer(SREng)2.0 RC2 線上用戶手冊:http://www.kztechs.com/sreng/help2/ System Repair Engineer (SREng) 2.0 RC2 正式發佈 System Repair Engineer (SREng) 2.0 RC2 正式發佈 http://www.kztechs.com/ System Repair Engineer (SREng) 是一款系統診斷配置工具,主要用於發現、發掘潛在的電腦故障和大多數由於電腦病毒造成的破壞。該軟件是由 KZTechs.COM 網站站長 Smallfrogs 開發的,能夠執行在所有主流的 Windows 操作系統上。目前用戶量已經超過30萬人次。 System Repair Engineer (SREng) 2.0 RC2 在以往版本的基礎上,重點增強了危險性檢測和擴展功能,提供了一套全新的系統掃瞄、配置功能,並提供了對第三方插件支持。System Repair Engineer (SREng) 2.0 RC2 版本裡面,增加了對 X64 操作系統的支持能力, 32bit 版本的 System Repair Engineer (SREng) 2.0 RC2 已經能夠很好的檢查 Windows XP Professional X64 操作系統上可能存在的問題,而專用的 64bit 版本的 System Repair Engineer (SREng) 也會在近期發佈。 在 System Repair Engineer (SREng) 的幫助下,您可以自己診斷您操作系統可能存在的普遍性問題,即使您是電腦的初學者,您也可以使用 System Repair Engineer (SREng) 的智慧式掃瞄功能將您系統的概況產生一份簡要的日誌,然後將該日誌傳送給對操作系統熟悉的朋友或網友,在他們的幫助下解決您系統可能存在的問題。 System Repair Engineer 2.0.21.505 發行說明 ------------------------------------------------------- 1. 提供插件支持功能,允許用戶自己編寫插件 2. 提供X64平台支持 3. 強化工作行程、服務枚舉檢查功能 4. 增加一些註冊表啟動項自動檢測 5. 提供全新的服務、驅動配置界面 6. 整合 Services/Drivers Configuration Tool 全部功能 7. 增加啟動項、服務簡易判斷規則,當發現可疑內容時會以顏色高亮顯示(紅色表示高危專案,藍色表示未知安全狀態專案) 8. 增加參數支持,可以使用 SREng.EXE /? 察看參數支持列表 9. 內置程式內部檢測除錯日誌產生功能 10. 增加消息提示抑制功能,可以通過設置選項抑制某些提示訊息 11. 修正一些BUG 12. 其他數十項改進 軟件下載:http://www.KZTechs.com/sreng/sreng2.zip 發行說明:http://www.kztechs.com/sreng/ReleaseNotes2.htm 線上手冊:http://www.kztechs.com/sreng/help2/ 引用: 關於著色功能的說明: 雖然這部分在幫助裡面寫了,但是這裡再說明一下: System Repair Engineer (SREng) 2.0 RC2 版本加入了可疑文件判定規則,當發現一個文件具有可疑特徵時,會進入可疑文件判定過程。可疑文件判定過程的判定結果目前有兩種:高危程式和未知安全等級程式。 高危程式:會以紅色顯示出來 未知安全等級程式:會以藍色顯示出來 驅動部分出現藍色是很正常的,不必介意。 * 如果碰到紅色專案,建議的操作先禁用,然後將對應的文件提交反病毒軟件廠商進行分析識別,確定是不是電腦病毒或惡意程式。 * 如果是藍色專案,建議的操作是將對應的文件提交反病毒軟件廠商進行分析識別,確定是不是電腦病毒或惡意程式。 * 該判定規則首先在註冊表啟動項、Win32服務、驅動程式裡面使用。 ENglish的操作系統 SREng如何顯示成CHS界面 選項裡頭預定語言就是CHS 但是顯示的界面還是EN的 我用AppLocale轉,繁體中文系統顯簡體沒問題,不用AppLocale顯示英文. |
送花文章: 3,
|
2006-06-18, 04:52 PM | #6 (permalink) |
榮譽會員
|
Q:
每打開個程式就彈出個DOS視窗 今天剛開機,就彈出幾個DOS視窗 標題為C:\windows\internet.exe 一看到這個標題我就知道是中毒了,因為XP系統是沒有這個程式的 果然,在系統目錄下發現了這個文件,同時打開任何程式都會彈出一個DOS視窗 進入安全模式,刪除internet.exe,提示無法刪除.另外有程式在使用. 接著我就在安全模式下用瑞星,木馬剋星,木馬防線掃瞄了一次 都無法清除這個病毒 在此請教各位高手,有什麼辦法可以刪除這個病毒? A: 你試過在安全模式下刪除這個文件嗎? Q: 有啊 不過提示說有另外的程式在使用 無發刪除 A: 請使用此貼的附件工具SYSTEM REPAIR ENGINEER軟件,解壓後執行使用裡面的智慧式掃瞄功能掃瞄系統,再將掃瞄結果以回復內容的形式貼上來以便分析問題。請不要在對分析結果作出建議前進行任何修復操作。 Q: System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><rem "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation] <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <anvshell><rem anvshell.exe> [] <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.] <C-Media Mixer><Mixer.exe /startup> [C-Media Electronic Inc. (www.cmedia.com.tw)] <IMSCMig><rem C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation] <DAEMON Tools><rem "c:\DAEMON Tools\daemon.exe" -lang 1033> [] <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [] <MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <PigUpdate><; C:\Program Files\密码查看器\DownLoadPig.exe> [] <StormCodec_Helper><; "C:\Storm Codec\StormSet.exe" /S /opti> [] <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] ================================== 启动文件夹 服务 [Security Driver NetBT Proxy / nbproxy] <C:\Permeo\Security Driver\nbproxy.exe /service><Permeo Technologies, Inc.> [Rising Proxy Service / RfwProxySrv] <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.> [Rising Personal Firewall Service / RfwService] <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.> [Rising Process Communication Center / RsCCenter] <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [RsRavMon Service / RsRavMon] <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [SecuROM User Access Service (V7) / UserAccess7] <C:\WINDOWS\system32\UAService7.exe><N/A> ================================== 浏览器加载项 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [Yahoo!Photo] {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China> [AntiFish Class] {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.> [雅虎助手] {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!> [DragSearch BHO] {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, > [BandIE Class] {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.> [] {A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\KuGoo3\KuGoo3DownXControl.ocx, N/A> [浩方对战平台] {0A155D3C-68E2-4215-A47A-E800A446447A} <D:\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司> [雅虎助手] {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!> [百度超级搜霸] {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [MonitorURL Class] {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, N/A> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [TeachingPlayerTrigger Class] {2902F471-A89E-4BE0-A093-A2DB06772FE1} <C:\WINDOWS\system32\TPTrigger.dll, 江苏科建教育软件有限责任公司> [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation> [IEHandle Class] {31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\WINDOWS\system32\TPHANDLE.dll, 江苏科建教育软件有限责任公司> [Yahoo!Photo] {33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China> [AntiFish Class] {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.> [NaviHelperObj Class] {3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINDOWS\system32\NaviHelper.dll, TODO: <公司名>> [雅虎助手] {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!> [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation> [Yahoo!Live] {57421194-58FB-49AE-9B4F-FD48869B9AD4} <C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll, > [DragSearch BHO] {62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, > [MMSAssist BHO] {6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, > [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Active Desktop Mover] {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A> [BandIE Class] {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.> [Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [] {A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\KuGoo3\KuGoo3DownXControl.ocx, N/A> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [百度超级搜霸] {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.> [Messenger Object] {B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation> [OWSClientMiscApis Class] {BDEADE3F-C265-11D0-BCED-00A0C90AB50F} <C:\MICROS~1\OFFICE11\OWSCLT.DLL, Microsoft Corporation> [OWSBrowserUI Class] {BDEADE43-C265-11D0-BCED-00A0C90AB50F} <C:\MICROS~1\OFFICE11\OWSCLT.DLL, Microsoft Corporation> [OWSDiscussionServers Class] {BDEADEB7-C265-11D0-BCED-00A0C90AB50F} <C:\MICROS~1\OFFICE11\OWSCLT.DLL, Microsoft Corporation> [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.> [assist] {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo!> [&使用迅雷下载] <C:\Thunder\geturl.htm, N/A> [&使用迅雷下载全部链接] <C:\Thunder\getallurl.htm, N/A> [上传到QQ网络硬盘] <E:\qq\AddToNetDisk.htm, N/A> [使用KuGoo3下载(&K)] <D:\KuGoo3\KuGoo3DownX.htm, N/A> [添加到QQ自定义面板] <E:\qq\AddPanel.htm, N/A> [添加到QQ表情] <E:\qq\AddEmotion.htm, N/A> [用QQ彩信发送该图片] <E:\qq\SendMMS.htm, N/A> [百度--MP3搜索] <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM, N/A> [百度--图片搜索] <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM, N/A> [百度--新闻搜索] <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM, N/A> [百度--歌词搜索] <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM, N/A> [百度--网页搜索] <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM, N/A> [百度--词典搜索] <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM, N/A> [百度--贴吧搜索] <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM, N/A> ================================== 正在运行的进程 [PID: 716][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 800][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 824][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 872][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 884][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1036][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1116][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0> [PID: 1200][C:\Program Files\Rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3> [PID: 1220][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0> [PID: 1256][C:\Permeo\Security Driver\nbproxy.exe] <Permeo Technologies, Inc.><1.0> [PID: 1308][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1424][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1440][C:\Program Files\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 22> [C:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18> [C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1> [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2> [C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10> [C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\Program Files\Rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20> [C:\Program Files\Rising\Rav\HOOKSYS.dll] <Rising><18, 1, 0, 9> [C:\Program Files\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30> [C:\Program Files\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10> [C:\Program Files\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10> [C:\Program Files\Rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6> [C:\Program Files\Rising\Rav\HookWeb.dll] <rising><18, 0, 0, 1> [C:\Program Files\Rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9> [C:\Program Files\Rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\Program Files\Rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3> [C:\Program Files\Rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5> [C:\Program Files\Rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6> [C:\Program Files\Rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28> [C:\Program Files\Rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9> [C:\Program Files\Rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11> [C:\Program Files\Rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11> [C:\Program Files\Rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10> [C:\Program Files\Rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7> [C:\Program Files\Rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7> [C:\Program Files\Rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 15> [C:\Program Files\Rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3> [C:\Program Files\Rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6> [C:\Program Files\Rising\Rav\ScanNet.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5> [C:\Program Files\Rising\Rav\ExtMail.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13> [C:\Program Files\Rising\Rav\ScanElf.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3> [PID: 1540][c:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 32> [c:\program files\rising\rfw\RfwRule.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13> [c:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6> [c:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21> [c:\program files\rising\rfw\MonDrv.dll] <rs><1, 0, 0, 4> [c:\program files\rising\rfw\ProcLib.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9> [PID: 1696][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0> [PID: 1788][C:\Program Files\Rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13> [C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1> [C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [PID: 332][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] <Microsoft Corporation><7.00.9466> [PID: 356][C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe] <Microsoft Corporation><8.00.194> [C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0> [PID: 444][C:\WINDOWS\system32\UAService7.exe] <N/A><N/A> [PID: 1068][C:\Program Files\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22> [C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2> [C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10> [C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1> [PID: 1172][C:\WINDOWS\Mixer.exe] <C-Media Electronic Inc. (www.cmedia.com.tw)><1.51> [C:\WINDOWS\System32\cmnprop.dll] <C-Media Corporation><5.00.2195.11> [PID: 1356][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 2316][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1364][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 2024][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)> [PID: 428][C:\WINDOWS\explorer.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62> [C:\PROGRA~1\baidu\bar\baidubar.dll] <Baidu.com, Inc.><2, 0, 2, 76> [C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3> [C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll] <N/A><1, 0, 1, 1014> [C:\WINDOWS\system32\CmdLineExt.dll] <><1, 0, 0, 1> [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll] <Yahoo! China><1, 1, 2, 1034> [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll] <Yahoo!><2, 1, 5, 1045> [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] <><1, 2, 7, 1006> [D:\KuGoo3\KuGoo3DownXControl.ocx] <N/A><N/A> [PID: 2820][C:\WINDOWS\system32\mmc.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3> [PID: 3112][D:\Program Files\Maxthon\Maxthon.exe] <Maxthon International Ltd.><1, 5, 3, 18> [D:\Program Files\Maxthon\maxzlib.dll] < ><1, 0, 0, 2> [C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0> [D:\Program Files\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1> [C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3> [PID: 1924][D:\IPMsg\ipmsg.exe] <Azhi.net><2.05> [C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0> [PID: 1876][C:\Documents and Settings\ch\桌面\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0> ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE Error. [C:\WINDOWS\system32\Rundll.exe "%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. [Compiled Help Module] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: <PigUpdate><; C:\Program Files\密碼檢視器\DownLoadPig.exe> [] 似乎是網路豬,建議刪除它的開機啟動 用SRENG軟件的修復功能,修復EXE文件關聯。然後刪除C:\WINDOWS\system32\Rundll.exe和internet.exe(可以用置頂的killbox工具)。建議你按修改/創建時間尋找硬碟上其他和這個Rundll.exe相同時間的EXE文件. |
送花文章: 3,
|
2006-06-18, 04:57 PM | #7 (permalink) |
榮譽會員
|
Q:
上網總是出現彈出視窗 System Repair Engineer (常用推薦) 說明: System Repair Engineer(SREng) 是一款全新的、強有力的、可擴充的用於調整和修復你系統的免費工具,在這個工具的幫助下,你可以察覺你的系統故障並能夠很容易的修復他們。本工具的前身是 RegFix 註冊表關鍵值修復工具,由於 RegFix 註冊表關鍵值修復工具的局限性和當前系統環境的複雜性,我重新設計了一個新的軟件,即 System Repair Engineer (SREng) 。 下載: SREng.exe http://www.kztechs.com/sreng/sreng2.zip 2006-06-17,20:49:15 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <KAVPersonal50><C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize> [Kaspersky Lab] <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] <BigDogPath><C:\WINDOWS\VM_STI.EXE FAMETECH USB PC CAMERA> [] <QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,,"C:\Program Files\HFEE\SVOHOST.EXE" un userinit.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] ================================== 啟動資料夾 [Adobe Gamma Loader] <C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Adobe Gamma Loader.lnk><N> [VPN Client] <C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\VPN Client.lnk><N> ================================== 服務 [Cisco Systems, Inc. VPN Service / CVPND] <"C:\Program Files\UTStarcom\VPN Client\cvpnd.exe"><Cisco Systems, Inc.> [kavsvc / kavsvc] <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe><Kaspersky Lab> ================================== 瀏覽器載入項 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v8.dll, Thunder Networking Technologies,LTD> [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [IEHandle Class] {31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\PROGRA~1\COLLEG~1\TEACHI~1\tphandle.dll, 江蘇科建教育軟件有限責任公司> [] {A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\音樂\kugoo霏凡專用\KuGoo3DownXControl.ocx, N/A> [浩方對戰平台] {0A155D3C-68E2-4215-A47A-E800A446447A} <F:\Backup\軟件\浩方\GameClient.exe, 上海浩方線上訊息技術有限公司> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [Dr.eye WebPage Translation] {92B255FE-94E2-4BCA-958D-3926CE38913F} <C:\PROGRA~1\Inventec\Dreye\DreyeMT\DREYEI~1.DLL, > [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v8.dll, Thunder Networking Technologies,LTD> [QuickTime Object] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.> [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation> [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation> [EWA Control] {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\COMMON~1\Synacast\SynaLive\SYNACA~1.OCX, Synacast> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation> [IEHandle Class] {31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\PROGRA~1\COLLEG~1\TEACHI~1\tphandle.dll, 江蘇科建教育軟件有限責任公司> [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation> [XML Data Source Object] {550DDA30-0541-11D2-9CA9-0060B0EC3D39} <%SystemRoot%\system32\msxml3.dll, N/A> [PowerPlayer Control] {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\DOCUME~1\mao\APPLIC~1\ppStream\100~1.138\POWERP~1.DLL, PPStream Inc.> [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>[List Control] {70CACCCA-8B83-4BCB-B2D1-188E9A495527} <C:\PROGRA~1\COMMON~1\Synacast\SynaLive\SYNACA~2.OCX, > [Microsoft Web 瀏覽器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [WebPlayer Control] {90203FFD-EF7F-4059-BC56-369E4D6D3824} <C:\PROGRA~1\VerySee\WEBPLA~1.OCX, TODO: <公司名>> [Dr.eye WebPage Translation] {92B255FE-94E2-4BCA-958D-3926CE38913F} <C:\PROGRA~1\Inventec\Dreye\DreyeMT\DREYEI~1.DLL, > [] {A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\音樂\kugoo霏凡專用\KuGoo3DownXControl.ocx, N/A> [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [Adobe Acrobat Control for ActiveX] {CA8A9780-280D-11CF-A24D-444553540000} <C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\pdf.ocx, Adobe Systems Incorporated> [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [&使用迅雷下載] <C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A> [&使用迅雷下載全部鏈接] <C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A> [匯出到 Microsoft Excel(&x)] <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A> ================================== 正在執行的工作行程 [PID: 700][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 784][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 808][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 852][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1> [PID: 864][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1020][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1096][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1> [PID: 1212][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1> [PID: 1260][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1304][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1628][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [F:\Backup\軟件\NERO\Nero7.2.0.3b\NeroDigitalExt.dll] <Nero AG><2, 0, 0, 8> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.156.342> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.156.3> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.0.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.156.0> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.156.1> [C:\WINDOWS\system32\xunleibho_v8.dll] <Thunder Networking Technologies,LTD><4, 5, 1, 33> [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><6.0.0.2003051500> [D:\音樂\kugoo霏凡專用\KuGoo3DownXControl.ocx] <N/A><N/A> [PID: 1696][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [PID: 1876][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3208> [PID: 1884][C:\WINDOWS\VM_STI.EXE] <VM.><4.2.610.4> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [C:\WINDOWS\system32\VM31bPrp.Ax] <VM><4.2.711.31> [PID: 1924][C:\Program Files\Messenger\msmsgs.exe] <Microsoft Corporation><4.7.3001> [C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1> [PID: 468][C:\Program Files\UTStarcom\VPN Client\cvpnd.exe] <Cisco Systems, Inc.><4.6.04.0043> [C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1> [C:\WINDOWS\system32\vsdata.dll] <Zone Labs LLC><5.5.062.011> [C:\WINDOWS\system32\VSINIT.dll] <Zone Labs LLC><5.5.062.011> [PID: 1392][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1400][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)> [PID: 1404][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1> [PID: 4068][C:\Program Files\InterVideo\WinDVR3\WinDvr.exe] <InterVideo Inc.><3.0.79.81> [C:\Program Files\InterVideo\WinDVR3\LibACI.dll] <InterVideo Inc.><3.0.79.81> [C:\Program Files\InterVideo\WinDVR3\ExtendedOEMDll.dll] <N/A><N/A> [C:\Program Files\InterVideo\WinDVR3\RCENU.dll] <InterVideo Inc.><1.0 Beta1> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [C:\WINDOWS\system32\Prop7134.dll] <Philips Semiconductors><1, 4, 0, 0> [C:\WINDOWS\system32\DVobSub.ax] <Gabest><1, 0, 0, 9> [C:\Program Files\InterVideo\WinDVR3\IVIscapt.ax] <InterVideo Inc.><3.0.79.81> [PID: 2256][F:\Backup\軟件\OICQ\騰訊QQ\QQ.exe] <TENCENT><0, 0, 0, 0> [F:\Backup\軟件\OICQ\騰訊QQ\QQBaseClassInDll.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\QQHelperDll.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\BasicCtrlDll.dll] <Tencent><5, 0, 200, 14> [F:\Backup\軟件\OICQ\騰訊QQ\RunJin.dll] <飄雲 http://www.pyqq.cn><飄雲> [F:\Backup\軟件\OICQ\騰訊QQ\ipsearcher.dll] <><1.0.0.3> [F:\Backup\軟件\OICQ\騰訊QQ\QQAPI.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\TIMProxy.dll] <tencent><0, 3, 2, 4> [F:\Backup\軟件\OICQ\騰訊QQ\LoginCtrl.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\npkcntc.dll] <INCA Internet Co., Ltd.><2005, 9, 1, 1> [F:\Backup\軟件\OICQ\騰訊QQ\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1> [F:\Backup\軟件\OICQ\騰訊QQ\QQRes.dll] <tencent><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\QQMainFrame.dll] <N/A><N/A> [F:\Backup\軟件\OICQ\騰訊QQ\CQQApplication.dll] <N/A><N/A> [C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\NewSkin.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\HostingMgr.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\CameraDll.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\MailSummary.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\QQSpace.dll] <><1, 0, 0, 1> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [F:\Backup\軟件\OICQ\騰訊QQ\QQGroupMng.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\QQSysMsgMng.dll] <N/A><N/A> [F:\Backup\軟件\OICQ\騰訊QQ\LongConnection.dll] <tencent><0, 3, 3, 8> [F:\Backup\軟件\OICQ\騰訊QQ\QQPlugin.dll] <N/A><N/A> [F:\Backup\軟件\OICQ\騰訊QQ\QQAllInOne.dll] <N/A><N/A> [F:\Backup\軟件\OICQ\騰訊QQ\SCCore.dll] <N/A><N/A> [F:\Backup\軟件\OICQ\騰訊QQ\QQCustomFace.dll] <N/A><N/A> [F:\Backup\軟件\OICQ\騰訊QQ\GroupConnection.dll] <Tencent><0, 3, 3, 5> [F:\Backup\軟件\OICQ\騰訊QQ\QQConfigPlugin.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\QRingMng.dll] <N/A><N/A> [F:\Backup\軟件\OICQ\騰訊QQ\UserDefinedHead.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\QQPet.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\QQAvatar.dll] <N/A><N/A> [F:\Backup\軟件\OICQ\騰訊QQ\FlashAvatarDll.dll] <><1, 4, 0, 1> [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [F:\Backup\軟件\OICQ\騰訊QQ\QQSceneMng.dll] <N/A><N/A> [C:\WINDOWS\system32\UNISPIM.IME] <北京清華紫光軟件股份有限公司><3.0.0.3045> [C:\WINDOWS\system32\upengine.dll] <北京清華紫光軟件股份有限公司><3.0.0.3045> [F:\Backup\軟件\OICQ\騰訊QQ\CommercesMng.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\PersonalDesktop.dll] <深圳市騰訊電腦系統公司QQ工作小組><1, 0, 0, 2> [F:\Backup\軟件\OICQ\騰訊QQ\QQAddr.dll] <深圳市騰訊電腦系統有限公司><5, 0, 101, 141> [F:\Backup\軟件\OICQ\騰訊QQ\ShareFiles.dll] <N/A><N/A> [F:\Backup\軟件\OICQ\騰訊QQ\QQZip.dll] <tencent><0, 3, 2, 4> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.156.342> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.156.3> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.0.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.156.0> [F:\Backup\軟件\OICQ\騰訊QQ\QQPhoneHelper.dll] <騰訊科技(深圳)有限公司><2, 0, 4, 40> [PID: 1456][F:\Backup\軟件\OICQ\騰訊QQ\TIMPlatform.exe] <tencent><0, 3, 1, 8> [F:\Backup\軟件\OICQ\騰訊QQ\TIMProxy.dll] <tencent><0, 3, 2, 4> [PID: 3676][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\xunleibho_v8.dll] <Thunder Networking Technologies,LTD><4, 5, 1, 33> [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><6.0.0.2003051500> [C:\PROGRA~1\COLLEG~1\TEACHI~1\tphandle.dll] <江蘇科建教育軟件有限責任公司><5, 0, 10, 10> [D:\音樂\kugoo霏凡專用\KuGoo3DownXControl.ocx] <N/A><N/A> [F:\Backup\軟件\NERO\Nero7.2.0.3b\NeroDigitalExt.dll] <Nero AG><2, 0, 0, 8> [C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.156.342> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.156.3> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.0.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.156.0> [C:\WINDOWS\system32\UNISPIM.IME] <北京清華紫光軟件股份有限公司><3.0.0.3045> [C:\WINDOWS\system32\upengine.dll] <北京清華紫光軟件股份有限公司><3.0.0.3045> [PID: 1324][C:\Documents and Settings\mao\桌面\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: killbox v2.0.0.175 漢化版 (推薦) 說明:國外反病毒論壇很受歡迎的工具軟件,與 HijackThis 是最佳配合,實質是一個刪除任意文件的利器,它不管這個文件是EXE還是DLL等其它文件,也不管這個文件是正在執行中,還是被系統調用了,KillBox 都可以簡單幾步就將文件刪除 具體用法:http://www.47522999.com/news/data/2005/0618/article_34.htm 下載:http://www.crsky.com/soft/4640.html 请用置顶的KILLBOX工具删除这个文件 C:\WINDOWS\system32\msplus.dll Q: 刪除msplus.dll後,就沒法打開網頁了啊!拷貝回去後,濤聲依舊 A: 到置頂的工具帖中下載lspfix Lspfix (新手慎用) 說明:Winsock2修復工具,修復Layered Service Provider(LSP)。 下載:http://www.cexx.org/lspfix.exe 下載網頁面:http://www.cexx.org/lspfix.htm 執行前面下載的LSPFix.exe工具,選中選項「I Know What I'm Doing」,然後把左面視窗裡的msplus.dll文件移到右面視窗裡(不要動其他文件),然後選「Finish」。 然後再刪除它 |
送花文章: 3,
|
2006-06-19, 09:16 PM | #8 (permalink) |
榮譽會員
|
Q:
【求助】網路能PING通網關,但IE卻提示「打不開搜索而」?? 系統中了病毒及廣告流氓軟件,連「我的電腦都打不開」,更不說IE了。經殺毒,可以打開「我的電腦」,但IE還是打不開網頁,提示「打不開搜索頁」,但網上的芳鄰能打開,網關也能PING通,用IE修復工具修復後也不行,請問該怎麼辦?請高手指教,謝謝!不想重裝系統。 A: 請到 這裡 下載 System Repair Engineer 。 解壓後雙擊sreng,點擊「智慧式掃瞄」——掃瞄——儲存報告——用記事本打開日誌文件SREngLOG.log,將內容複製貼上去上來。 Q: 現在問題是,網觀能ping通,局域網也通,就ie打不開,不知從何下手? A: 可能是 winsock LSP 出現問題了 請把HijackThis或 System Repair Engineer的掃瞄報告發上來,以便分析是否適合用 Winsock XP Fix 來解決 Q: 分析報告發出來,請幫忙分析下,謝謝。 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><"\Program Files\Logonui\Logonui.exe"> [Microsoft Corporation]這個有沒有問題?殺毒軟件報告可能染病毒。請你看看。 2006-06-19,18:07:29 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation] <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.] <nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE> [Eset ] <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe> [Tencent] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\Windows\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><"\Program Files\Logonui\Logonui.exe"> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AA6CCC90-B337-49FA-AF09-7A60B0CA1CAA}><> [] <{9E4B0A97-8E3B-4145-8127-4F5EBED58E5C}><> [] <{DE7BE181-4BB8-4520-B4AB-504BEAC008AA}><> [] <{213E78BD-8353-4D47-876B-E99D9C76CD66}><> [] <{3FA1CDC8-EDA0-4D7C-931E-F1CC67206C3C}><> [] <{F0248891-45C1-4559-8519-DFB07376F8D2}><> [] <{DEB835A8-4CCE-41FF-A104-53DAB57FF2A7}><> [] <{ACD330F3-E137-44F2-91CC-4BE2D0541A4E}><> [] <{11F9D051-5E27-428D-B760-0D94A653332C}><> [] <{15ADA3A1-E73E-4158-8ECB-7D73DF17681E}><> [] <{8002CC5A-DF35-4042-8EE3-C153991C1E49}><> [] <{ED241B5E-255F-4585-A8A6-F5EB691D9B6A}><> [] <{E6B069D6-7297-43EF-B87D-6B1368DBA66F}><> [] <{1DFCDD59-98C4-4E38-9DBA-64BCF4AD2632}><> [] <{C3CFB233-AE1F-4B5A-8C74-53922D111F3C}><> [] <{21153FB4-9C60-42A9-AD66-1BF3EE4A3F58}><> [] <{1909E461-7266-4201-8855-022294B7D164}><> [] <{0153E0FE-CEB7-4E69-8836-58B60F9D7F01}><> [] <{2361E63A-D1E9-4318-B50E-475AEDBA864C}><> [] <{F039B81A-AEE3-4F0A-A55D-293FFF34404F}><> [] <{53D56214-6FCD-4ED5-AF90-A9C8E0508666}><> [] <{0BC3BDDF-A4C0-4805-B16D-BD1822071631}><> [] <{54D9498B-CF93-414F-8984-8CE7FDE0D391}><C:\Program Files\ewido anti-malware\shellhook.dll> [] <{966261B0-3618-4B88-BAE1-B3086D634EB5}><> [] <{898EE642-7959-4F66-B589-B25248768EF7}><> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <stdup><> [] <Vision><> [] ================================== 啟動資料夾 服務 [Computer Storage / BRGNS] <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A> [ewido security suite control / ewido security suite control] <C:\Program Files\ewido anti-malware\ewidoctrl.exe><ewido networks> [ewido security suite guard / ewido security suite guard] <C:\Program Files\ewido anti-malware\ewidoguard.exe><ewido networks> [NOD32 Kernel Service / NOD32krn] <"C:\Program Files\Eset\nod32krn.exe"><Eset> [Sample NT Service / SampleService] <C:\WINDOWS\NTService.exe><N/A> ================================== 瀏覽器載入項 [新浪UC] {2253922F-1B26-4C74-8B57-E3AEE748DBB8} <C:\Program Files\sina\UC\uc.exe, 北京新浪訊息技術有限公司> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <F:\F盤剩餘內容\新增資料夾\QQ.EXE, TENCENT> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [AUDIO__WAV Moniker Class] {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Flash.ocx, Macromedia, Inc.> [&使用迅雷下載全部鏈接] <C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A> [匯出到 Microsoft Office Excel(&X)] <res://c:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000, N/A> ================================== 正在執行的工作行程 [PID: 460][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 508][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 532][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 576][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 588][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 736][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 780][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 864][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 928][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1016][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1256][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [PID: 1628][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\Program Files\TENCENT\Adplus\Adplus.dll] <Tencent><4, 0, 8, 80> [C:\Program Files\ewido anti-malware\shellhook.dll] <N/A><N/A> [PID: 1740][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.30> [PID: 1756][C:\Program Files\Eset\nod32kui.exe] <Eset ><2, 51, 22 > [C:\Program Files\Eset\nod32rui.dll] <N/A><N/A> [C:\Program Files\TENCENT\Adplus\Adplus.dll] <Tencent><4, 0, 8, 80> [C:\Program Files\Eset\pu_amon.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_amon.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pu_dmon.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_dmon.dll] <N/A><N/A> [C:\Program Files\Eset\pu_emon.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_emon.dll] <N/A><N/A> [C:\Program Files\Eset\pu_imon.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_imon.dll] <N/A><N/A> [C:\Program Files\Eset\pu_mirr.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_mirr.dll] <N/A><N/A> [C:\Program Files\Eset\pu_nod32.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_nod32.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pu_upd.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_upd.dll] <N/A><N/A> [PID: 1776][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1840][C:\Documents and Settings\wk1\桌面\SREng2-v2.021\SREng.exe] <Smallfrogs Studio><2.0.21.505> [C:\Program Files\TENCENT\Adplus\Adplus.dll] <Tencent><4, 0, 8, 80> [PID: 424][C:\Program Files\ewido anti-malware\ewidoctrl.exe] <ewido networks><3, 0, 0, 1> [C:\Program Files\ewido anti-malware\lang.dll] <privat><1, 0, 0, 1> [PID: 744][C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe] <Microsoft Corporation><2000.080.0194.00> [PID: 1144][C:\Program Files\Eset\nod32krn.exe] <Eset ><2, 51, 22 > [C:\Program Files\Eset\nod32krr.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\ps_amon.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_amon.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\ps_dmon.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_dmon.dll] <N/A><N/A> [C:\Program Files\Eset\ps_emon.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_emon.dll] <N/A><N/A> [C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_imon.dll] <N/A><N/A> [C:\Program Files\Eset\ps_mirr.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_mirr.dll] <N/A><N/A> [C:\Program Files\Eset\ps_nod32.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_nod32.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\ps_upd.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_upd.dll] <N/A><N/A> [PID: 1380][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)> ================================== 文件關聯 .TXT Error. [NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: 卸載騰訊地址欄搜索 再次執行 System Repair Engineer 在「啟動專案」->「註冊表」中刪除下面專案 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AA6CCC90-B337-49FA-AF09-7A60B0CA1CAA}><> [] <{9E4B0A97-8E3B-4145-8127-4F5EBED58E5C}><> [] <{DE7BE181-4BB8-4520-B4AB-504BEAC008AA}><> [] <{213E78BD-8353-4D47-876B-E99D9C76CD66}><> [] <{3FA1CDC8-EDA0-4D7C-931E-F1CC67206C3C}><> [] <{F0248891-45C1-4559-8519-DFB07376F8D2}><> [] <{DEB835A8-4CCE-41FF-A104-53DAB57FF2A7}><> [] <{ACD330F3-E137-44F2-91CC-4BE2D0541A4E}><> [] <{11F9D051-5E27-428D-B760-0D94A653332C}><> [] <{15ADA3A1-E73E-4158-8ECB-7D73DF17681E}><> [] <{8002CC5A-DF35-4042-8EE3-C153991C1E49}><> [] <{ED241B5E-255F-4585-A8A6-F5EB691D9B6A}><> [] <{E6B069D6-7297-43EF-B87D-6B1368DBA66F}><> [] <{1DFCDD59-98C4-4E38-9DBA-64BCF4AD2632}><> [] <{C3CFB233-AE1F-4B5A-8C74-53922D111F3C}><> [] <{21153FB4-9C60-42A9-AD66-1BF3EE4A3F58}><> [] <{1909E461-7266-4201-8855-022294B7D164}><> [] <{0153E0FE-CEB7-4E69-8836-58B60F9D7F01}><> [] <{2361E63A-D1E9-4318-B50E-475AEDBA864C}><> [] <{F039B81A-AEE3-4F0A-A55D-293FFF34404F}><> [] <{53D56214-6FCD-4ED5-AF90-A9C8E0508666}><> [] <{0BC3BDDF-A4C0-4805-B16D-BD1822071631}><> [] <{966261B0-3618-4B88-BAE1-B3086D634EB5}><> [] <{898EE642-7959-4F66-B589-B25248768EF7}><> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <stdup><> [] <Vision><> [] 執行 System Repair Engineer 在「啟動專案」->「服務」 中刪除下面專案 [Computer Storage / BRGNS] <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A> [Sample NT Service / SampleService] <C:\WINDOWS\NTService.exe><N/A> 刪除下面文件 C:\WINDOWS\NTService.exe C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL 工作行程文件: logonui 或者 logonui.exe 工作行程名稱: Microsoft Logon User Interface 工作行程名稱: logonui.exe是一個系統工作行程,用於顯示微軟Windows XP系統用戶切換界面。這個程式對你系統的正常執行是非常重要的。 出品者: Microsoft 屬於: Microsoft Windows Operating System 系統工作行程: 是 後台程式: 是 使用網路: 否 硬體相關: 否 常見錯誤: 未知N/A 記憶體使用: 未知N/A 安全等級 (0-5): 0 間諜軟件: 否 廣告軟件: 否 Virus: 否 木馬: 否 你是不是安裝了開機畫面美化工具? 此帖於 2006-06-20 05:37 AM 被 psac 編輯. |
送花文章: 3,
|
2006-06-19, 11:29 PM | #9 (permalink) |
榮譽會員
|
Q:
【求助】新裝系統卡巴報警msplus1.dll可疑文件,無法刪除! 昨天剛剛用TomatoWinXP_SP2_v2.7_SATA安裝系統後,卡巴發現以下情況, ---警告: 發現木馬可疑模塊!--- C:\WINDOWS\system32\msplus1.dll 二次安裝系統後,仍然有該病毒報警,懷疑是否操作系統鏡像帶有此病毒。 刪除該病毒後重啟依然發現並報警. 用ewido4.0,繼續掃瞄發現病毒TrackingCookie.Atdmt. 刪除重啟後掃瞄依然存在. 連接網路情況下,IE自動彈出彩虹堂網頁,尋求幫助!Thx! 按照版主在其他帖子中的要求,用System Repair Engineer 2.0.21.505 (2.0 RC 2)工具掃瞄系統 結果如下: 2006-06-19,18:42:48 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <KAVPersonal50><"D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize> [Kaspersky Lab] <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><D:\應用軟件\病毒防治\ewido anti-malware 4.0\shellexecutehook.dll> [ewido networks GmbH & Co. KG] ================================== 啟動資料夾 服務 [ewido anti-malware 4.0 guard / ewido anti-malware 4.0 guard] <D:\應用軟件\病毒防治\ewido anti-malware 4.0\guard.exe><N/A> [kavsvc / kavsvc] <"D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"><Kaspersky Lab> [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> [O&O Defrag / O&O Defrag] <D:\應用軟件\磁碟優化\Defrag_Server_Edition_8.0.1398\oodag.exe><O&O Software GmbH> ================================== 瀏覽器載入項 [VnetCookie Class] {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, > [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\應用軟件\聊天工具\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD> [番茄花園] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A> [訊息檢索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\應用軟件\辦公軟件\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\應用軟件\聊天工具\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [VnetCookie Class] {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, > [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\應用軟件\聊天工具\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Microsoft Web 瀏覽器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx, Adobe Systems, Inc.> [使用迅雷下載] <D:\應用軟件\中斷點續傳\Thunder\Program\GetUrl.htm, N/A> [使用迅雷下載全部鏈接] <D:\應用軟件\中斷點續傳\Thunder\Program\GetAllUrl.htm, N/A> [匯出到 Microsoft Office Excel(&X)] <res://D:\應用軟件\辦公軟件\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A> [新增到QQ表情] <D:\應用軟件\聊天工具\QQ\AddEmotion.htm, N/A> ================================== 正在執行的工作行程 [PID: 688][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 748][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 772][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 820][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 832][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 980][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1040][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\msplus.dll] <N/A><N/A> [PID: 1080][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\msplus.dll] <N/A><N/A> [PID: 1128][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1200][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1356][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [PID: 1668][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\msplus.dll] <N/A><N/A> [D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [D:\應用軟件\壓縮解壓\WinRAR\rarext.dll] <N/A><N/A> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\shellex.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\ewido anti-malware 4.0\context.dll] <ewido networks><1.0.0.1> [C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.8421> [C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.8421> [C:\WINDOWS\system32\nvshell.dll] <N/A><N/A> [D:\應用軟件\病毒防治\ewido anti-malware 4.0\shellexecutehook.dll] <ewido networks GmbH & Co. KG><1.0.0.1> [PID: 1736][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.8421> [PID: 1760][D:\應用軟件\磁碟優化\Defrag_Server_Edition_8.0.1398\oodag.exe] <O&O Software GmbH><8.0.1398> [D:\應用軟件\磁碟優化\Defrag_Server_Edition_8.0.1398\OODAGRS.DLL] <O&O Software GmbH><8.0.1.1347> [C:\WINDOWS\system32\msplus.dll] <N/A><N/A> [PID: 440][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\msplus.dll] <N/A><N/A> [PID: 972][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1248][C:\Program Files\ChinaNet\VnetClient.exe] <><2005, 11, 14, 1> [C:\Program Files\ChinaNet\Communicate.dll] <0><2005, 3, 3, 1> [C:\Program Files\ChinaNet\DialModule.dll] <GDCN><2005, 11, 15, 1> [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1> [C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX] <><2005, 7, 27, 1> [C:\PROGRA~1\ChinaNet\sign.dll] <0><2004, 12, 1, 1> [C:\PROGRA~1\ChinaNet\WEBPLU~1.DLL] <><2005, 8, 18, 1> [C:\PROGRA~1\ChinaNet\PostPlug.dll] <><2004, 12, 16, 2> [C:\PROGRA~1\ChinaNet\ADVERT~1.OCX] <><2005, 10, 13, 1> [C:\PROGRA~1\ChinaNet\Gif89a.dll] <><2005, 6, 21, 1> [C:\PROGRA~1\ChinaNet\VnetBs.ocx] <><2004, 11, 18, 1> [C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL] <><2005, 11, 14, 1> [C:\PROGRA~1\ChinaNet\AccountMgr.dll] <><2005, 11, 14, 17> [C:\PROGRA~1\ChinaNet\VnetSkin.ocx] <GDDC><2005, 11, 14, 1> [C:\PROGRA~1\ChinaNet\DialogStyle.dll] <><1, 0, 0, 1> [C:\PROGRA~1\ChinaNet\Timer.ocx] <><2005, 10, 9, 14> [C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX] <><2005, 2, 24, 1> [C:\PROGRA~1\ChinaNet\NEWMES~1.DLL] <><2005, 8, 26, 1> [C:\PROGRA~1\ChinaNet\PassCtrl.dll] <><1, 0, 0, 1> [C:\PROGRA~1\ChinaNet\PlugPush.dll] <><2004, 12, 21, 1> [C:\PROGRA~1\ChinaNet\ALLINT~1.DLL] <><2004, 11, 23, 1> [C:\PROGRA~1\ChinaNet\VNetLog.ocx] <><2005, 10, 9, 1> [C:\PROGRA~1\ChinaNet\StatNum.dll] <><2004, 11, 18, 1> [C:\PROGRA~1\ChinaNet\VNETON~1.OCX] <><2005, 3, 2, 1> [C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL] <GDCN><2005, 10, 9, 1> [C:\PROGRA~1\ChinaNet\VnetOptLog.dll] <><2005, 9, 13, 9> [C:\PROGRA~1\ChinaNet\DlgSkin.ocx] <><2005, 11, 14, 1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0> [C:\WINDOWS\system32\msplus.dll] <N/A><N/A> [C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx] <Adobe Systems, Inc.><9,0,0,296> [PID: 3560][D:\應用軟件\BT下載軟件\eMule\emule.exe] <http://www.emule.org.cn><0.47.0> [D:\應用軟件\BT下載軟件\eMule\VNNClientS.Dll] <VNN><3.0.22.1> [D:\應用軟件\BT下載軟件\eMule\ZipLib.dll] <VNN><1.0.0.1> [D:\應用軟件\BT下載軟件\eMule\vdevstate.dll] <N/A><N/A> [D:\應用軟件\BT下載軟件\eMule\lang\zh_CN.dll] <http://www.emule-project.net><0.47.0> [C:\WINDOWS\system32\msplus.dll] <N/A><N/A> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0> [C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx] <Adobe Systems, Inc.><9,0,0,296> [PID: 472][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [c:\PROGRA~1\chinanet\VNETTR~1.DLL] <><2005, 4, 6, 1> [c:\PROGRA~1\chinanet\Communicate.dll] <0><2005, 3, 3, 1> [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1> [D:\應用軟件\聊天工具\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5> [D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0> [C:\WINDOWS\system32\UNISPIM5.IME] <北京紫光華宇軟件股份有限公司><5.0.0.5076> [C:\WINDOWS\system32\msplus.dll] <N/A><N/A> [C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx] <Adobe Systems, Inc.><9,0,0,296> [PID: 3428][D:\應用軟件\病毒防治\ewido anti-malware 4.0\ewido.exe] <ewido networks GmbH & Co. KG><4, 0, 0, 151> [D:\應用軟件\病毒防治\ewido anti-malware 4.0\engine.dll] <ewido networks GmbH & Co. KG><4, 0, 0, 7> [C:\WINDOWS\system32\msplus.dll] <N/A><N/A> [PID: 3340][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [c:\PROGRA~1\chinanet\VNETTR~1.DLL] <><2005, 4, 6, 1> [c:\PROGRA~1\chinanet\Communicate.dll] <0><2005, 3, 3, 1> [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1> [D:\應用軟件\聊天工具\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5> [D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2> [C:\WINDOWS\system32\msplus.dll] <N/A><N/A> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0> [PID: 3924][D:\應用軟件\病毒防治\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [C:\WINDOWS\system32\msplus.dll] <N/A><N/A> [D:\應用軟件\病毒防治\SREng2\Plugins\SREngPluginDemo.SRE] <Smallfrogs Studio><1, 1, 1, 0> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== 緊急請求高人幫助,該病毒在重啟後或間隔幾小時後會再次出現。 A: 安全模式下刪除:C:\WINDOWS\system32\msplus.dll 如果找不到以上檔案,可以試試先作出以下設定 1. 重啟動電腦,按 F8 鍵,進入 安全模式 2. 在 我的電腦,點擊 工具--->資料夾選項 3. 點 檢視 選擇項,然後去掉 隱藏受保護的操作系統文件 前的勾,點選 顯示所有文件和資料夾 ,最後 確定 Q: 安全模式下刪除:C:WINDOWSsystem32msplus.dll 會導致IE不能使用,網路連接失效。 曾嘗試改msplus1.dll為msplus.dll,無效 安全模式下取消隱藏找不到該文件,過幾天自己又會出來的.... A: 請到使使用!病毒救援區版規--(附常用工具+查毒網站)中下載LSPFIX 執行LSPFix.exe,選中選項「I Know What I'm Doing」,然後把左面視窗裡的msplus.dll 文件移到右面視窗裡(不要動其他文件),然後選「Finish」。 重起電腦按F8進安全模式,在資料夾選項中,顯示隱藏文件和取消「隱藏受保護的操作系統文件」。然後找到c:\windows\system32\msplus.dll並刪除 此帖於 2006-06-20 05:36 AM 被 psac 編輯. |
送花文章: 3,
|
2006-06-22, 05:19 PM | #10 (permalink) |
榮譽會員
|
Q:..
中了特諾伊木馬`刪除不了`怎麼辦(已解決) 描述:病毒名稱 圖片: 2006-06-21,21:17:54 System Repair Engineer 2.0.12.350 (2.0 RC 1) Windows XP Professional Service Pack 2 - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <run><> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <StormCodec_Helper><"E:\播放工具\暴風影音\Storm Codec1\StormSet.exe" /S /opti> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <Userinit><C:\WINDOWS\system32\userinit.exe> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><KB496973M.LOG> ================================== 啟動資料夾 服務 [ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard] <E:\系統工具\殺毒軟件\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.> [GrayPigeonServer / GrayPigeonServer] <C:\WINDOWS\G_Server2006.exe><N/A> [Gray_Pigeon_Server2.03 / GrayPigeonServer2.03] <C:\WINDOWS\G_Server2.03.exe><N/A> [InstallDriver Table Manager / IDriverT] <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation> [iPodService / iPodService] <C:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.> [itshow.com.cn / it.com.cn] <C:\WINDOWS\Hacker.com.cn.exe><N/A> [kavsvc / kavsvc] <"E:\殺毒\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"><Kaspersky Lab> [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> [ver / Perver] <C:\WINDOWS\sz.exe><N/A> [UFSoft SMS Platform / U8SmsSrv] <C:\WINDOWS\system32\U8SMSSrv.exe><N/A> [U8管理軟件 / UFNet] <C:\WINDOWS\system32\ServerNT.EXE><N/A> [Network Management Center Task / W32Tasks] <C:\WINDOWS\system32\taskman32.exe><N/A> [Window Time / Window Time] <C:\WINDOWS\svchost.exe><N/A> ================================== 瀏覽器載入項 [] {A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\kugoo\KuGoo\KuGoo3DownXControl.ocx, N/A> [浩方對戰平台] {0A155D3C-68E2-4215-A47A-E800A446447A} <F:\浩方\HF.Loader.v1.21-Ayu\HFGameOPT\GameClient.exe, 上海浩方線上訊息技術有限公司> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <F:\QQ\qq2006\QQ.EXE, N/A> [東方衛士] {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EF} <C:\PROGRA~1\DFVSIE~1\DFVSIEBR.dll, > [VTPlug3 Class] {0400AC1C-EEF0-4638-A501-31D5A0DC2002} <C:\WINDOWS\system32\gxd\VTrans3.dll, > [PowerPlayer Control] {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <E:\PPStream\POWERP~1.DLL, PPStream Inc.> [IMCv1 Control] {6924091F-CD97-41E1-B1D4-D9079409D413} <C:\PROGRA~1\LtUcx\1003\c0.dll, N/A> [Filetran Control] {88734439-46D0-42C0-A13F-7E881EE550CF} <C:\PROGRA~1\Bluesky\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)> [WebActivater Control] {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation> [DragSearch BHO] {62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A> [IMCv1 Control] {6924091F-CD97-41E1-B1D4-D9079409D413} <C:\PROGRA~1\LtUcx\1003\c0.dll, N/A> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\MediaAddin03.dll, Thunder Networking Technologies,LTD> [Microsoft Web 瀏覽器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [東方衛士] {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EF} <C:\PROGRA~1\DFVSIE~1\DFVSIEBR.dll, > [] {A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\kugoo\KuGoo\KuGoo3DownXControl.ocx, N/A> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.> [&使用迅雷下載全部鏈接] <C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A> [使用網際快車下載] <F:\FlashGet\jc_link.htm, N/A> [使用網際快車下載全部鏈接] <F:\FlashGet\jc_all.htm, N/A> [匯出到 Microsoft Office Excel(&X)] <res://E:\學習工具\office\OFFICE11\EXCEL.EXE/3000, N/A> ================================== 正在執行的工作行程 [PID: 672][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 744][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 768][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 820][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 832][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 1000][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 1064][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 1148][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 1200][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 1276][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 1696][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 1964][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A> [C:\WINDOWS\szKey.DLL] <N/A><N/A> [C:\WINDOWS\svchostKey.DLL] <N/A><N/A> [PID: 224][E:\系統工具\殺毒軟件\ewido anti-spyware 4.0\guard.exe] <Anti-Malware Development a.s.><4, 0, 0, 172> [E:\系統工具\殺毒軟件\ewido anti-spyware 4.0\engine.dll] <Anti-Malware Development a.s.><4, 0, 0, 172> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 344][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A> [C:\WINDOWS\svchostKey.DLL] <N/A><N/A> [C:\WINDOWS\szKey.DLL] <N/A><N/A> [PID: 436][C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe] <Microsoft Corporation><2000.080.0194.00> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 564][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.5216> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A> [C:\WINDOWS\szKey.DLL] <N/A><N/A> [C:\WINDOWS\svchostKey.DLL] <N/A><N/A> [PID: 664][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [F:\kugoo\KuGoo\KuGoo3DownXControl.ocx] <N/A><N/A> [C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A> [C:\WINDOWS\sz.DLL] <N/A><N/A> [C:\WINDOWS\szKey.DLL] <N/A><N/A> [C:\WINDOWS\svchostKey.DLL] <N/A><N/A> [PID: 704][C:\WINDOWS\system32\U8SMSSrv.exe] <N/A><N/A> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 1268][C:\WINDOWS\system32\ServerNT.EXE] <N/A><N/A> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [C:\WINDOWS\system32\UMiscell.dll] <北京用友軟件股份有限公司><1, 0, 0, 1> [C:\WINDOWS\system32\sgv.dll] <><8, 2, 0, 0> [C:\WINDOWS\system\Sense3.dll] <N/A><N/A> [C:\WINDOWS\system32\SecuComm.dll] <N/A><N/A> [PID: 1232][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 2380][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 2396][C:\WINDOWS\system32\wscntfy.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [C:\WINDOWS\svchostKey.DLL] <N/A><N/A> [C:\WINDOWS\szKey.DLL] <N/A><N/A> [C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A> [PID: 2100][C:\WINDOWS\explorer.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [C:\WINDOWS\szKey.DLL] <N/A><N/A> [C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A> [E:\系統工具\殺毒軟件\ewido anti-spyware 4.0\shellexecutehook.dll] <Anti-Malware Development a.s.><4, 0, 0, 172> [C:\WINDOWS\svchostKey.DLL] <N/A><N/A> [F:\kugoo\KuGoo\KuGoo3DownXControl.ocx] <N/A><N/A> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [E:\Right Click Image Converter\extRCIC.dll] <N/A><N/A> [E:\殺毒\Kaspersky Anti-Virus Personal Pro\shellex.dll] <Kaspersky Lab><5.0.388.1> [E:\系統工具\殺毒軟件\ewido anti-spyware 4.0\context.dll] <Anti-Malware Development a.s.><4, 0, 0, 172> [PID: 2556][F:\QQ\06\QQ.exe] <TENCENT><0, 0, 0, 0> [F:\QQ\06\QQBaseClassInDll.dll] <><1, 0, 0, 1> [F:\QQ\06\QQHelperDll.dll] <><1, 0, 0, 1> [F:\QQ\06\BasicCtrlDll.dll] <Tencent><5, 0, 200, 160> [F:\QQ\06\PYKer.dll] <飄雲 http://www.pyqq.cn><飄雲> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [F:\QQ\06\ipsearcher.dll] <><1.0.0.3> [C:\WINDOWS\szKey.DLL] <N/A><N/A> [C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A> [F:\QQ\06\QQAPI.dll] <><1, 0, 0, 1> [F:\QQ\06\TIMProxy.dll] <tencent><0, 3, 2, 4> [F:\QQ\06\LoginCtrl.dll] <><1, 0, 0, 1> [F:\QQ\06\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 3, 2, 1> [F:\QQ\06\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1> [F:\QQ\06\QQRes.dll] <tencent><1, 0, 0, 1> [F:\QQ\06\QQMainFrame.dll] <N/A><N/A> [F:\QQ\06\CQQApplication.dll] <N/A><N/A> [F:\QQ\06\NewSkin.dll] <><1, 0, 0, 1> [F:\QQ\06\HostingMgr.dll] <><1, 0, 0, 1> [F:\QQ\06\CameraDll.dll] <><1, 0, 0, 1> [F:\QQ\06\MailSummary.dll] <><1, 0, 0, 1> [F:\QQ\06\QQSpace.dll] <><1, 0, 0, 1> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [F:\QQ\06\QQGroupMng.dll] <><1, 0, 0, 1> [F:\QQ\06\GroupLive.dll] <N/A><N/A> [F:\QQ\06\QQSysMsgMng.dll] <N/A><N/A> [F:\QQ\06\UserDefinedHead.dll] <><1, 0, 0, 1> [F:\QQ\06\QQPlugin.dll] <N/A><N/A> [F:\QQ\06\QQConfigPlugin.dll] <><1, 0, 0, 1> [F:\QQ\06\LongConnection.dll] <tencent><5, 0, 200, 160> [F:\QQ\06\QRingMng.dll] <N/A><N/A> [F:\QQ\06\PhoneAPI.dll] <><1, 0, 0, 1> [F:\QQ\06\DialerAllinOne.dll] <tencent><1, 4, 0, 0> [F:\QQ\06\QQAllInOne.dll] <N/A><N/A> [F:\QQ\06\SCCore.dll] <N/A><N/A> [F:\QQ\06\QQCustomFace.dll] <N/A><N/A> [F:\QQ\06\QQPet.dll] <><1, 0, 0, 1> [F:\QQ\06\QQAvatar.dll] <N/A><N/A> [F:\QQ\06\FlashAvatarDll.dll] <><1, 4, 0, 1> [C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx] <Macromedia, Inc.><8,0,24,0> [F:\QQ\06\QQSceneMng.dll] <N/A><N/A> [F:\QQ\06\VqqModule.dll] <><1, 0, 0, 1> [F:\QQ\06\ImageOle.dll] <TODO: <Company name>><1.0.0.1> [F:\QQ\06\QQMagicFace.dll] <><1, 0, 0, 1> [F:\QQ\06\QQFileTransfer.dll] <Tencent><5, 0, 202, 180> [E:\系統工具\殺毒軟件\ewido anti-spyware 4.0\shellexecutehook.dll] <Anti-Malware Development a.s.><4, 0, 0, 172> [F:\QQ\06\CommercesMng.dll] <><1, 0, 0, 1> [F:\QQ\06\PersonalDesktop.dll] <深圳市騰訊電腦系統公司QQ工作小組><1, 0, 0, 2> [F:\QQ\06\QQAddr.dll] <深圳市騰訊電腦系統有限公司><5, 0, 101, 200> [C:\WINDOWS\svchostKey.DLL] <N/A><N/A> [F:\QQ\06\GroupConnection.dll] <Tencent><5, 0, 202, 170> [F:\QQ\06\QQZip.dll] <tencent><0, 3, 2, 4> [F:\QQ\06\QQPhoneHelper.dll] <騰訊科技(深圳)有限公司><2, 0, 4, 40> [PID: 1916][F:\QQ\06\TIMPlatform.exe] <tencent><0, 3, 1, 8> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [C:\WINDOWS\szKey.DLL] <N/A><N/A> [C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A> [F:\QQ\06\TIMProxy.dll] <tencent><0, 3, 2, 4> [PID: 4040][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [C:\WINDOWS\svchostKey.DLL] <N/A><N/A> [C:\WINDOWS\szKey.DLL] <N/A><N/A> [C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A> [PID: 420][C:\DOCUME~1\tony\LOCALS~1\Temp\Rar$EX00.719\SREng.exe] <Smallfrogs Studio><2.0.12.350> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [C:\WINDOWS\svchostKey.DLL] <N/A><N/A> [C:\WINDOWS\szKey.DLL] <N/A><N/A> [C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP Error. [winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: 1. 使用SREng (相關操作說明) -刪除以下的啟動項 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><KB496973M.LOG> -刪除以下的服務 [GrayPigeonServer / GrayPigeonServer] <C:\WINDOWS\G_Server2006.exe><N/A> [Gray_Pigeon_Server2.03 / GrayPigeonServer2.03] <C:\WINDOWS\G_Server2.03.exe><N/A> [itshow.com.cn / it.com.cn] <C:\WINDOWS\Hacker.com.cn.exe><N/A> [ver / Perver] <C:\WINDOWS\sz.exe><N/A> [Network Management Center Task / W32Tasks] <C:\WINDOWS\system32\taskman32.exe><N/A> [Window Time / Window Time] <C:\WINDOWS\svchost.exe><N/A> 2. 重新啟動電腦,之後刪除以下檔案 (看注1) C:\WINDOWS\KB496973M.LOG C:\WINDOWS\sz.exe C:\WINDOWS\sz.DLL C:\WINDOWS\szKey.DLL C:\WINDOWS\G_Server2006.exe C:\WINDOWS\G_Server2006.DLL C:\WINDOWS\G_Server2006Key.DLL C:\WINDOWS\svchost.exe C:\WINDOWS\svchost.DLL C:\WINDOWS\svchostKey.DLL 注1: 如果找不到以上檔案,先作出以下設定 a) 在 我的電腦 ,點擊 工具--->資料夾選項 b) 點 檢視 選擇項,然後去掉 隱藏受保護的操作系統文件 前的勾,點選 顯示所有文件和資料夾 ,最後 確定 or... 用軟件Unlocker(最好的頑固軟件刪除工具) v1.8.1 官方中文版,沒有刪除不了的文件。我一直用它 Q: 刪除以下的啟動項 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><KB496973M.LOG> 它說這個文件對系統很重要,不能夠刪除~只能夠編輯~那怎麼辦??謝謝了 A: 把AppInit_DLLs編輯一下,改做空白的..... 再重新啟動刪除相關檔案 |
送花文章: 3,
|
2006-06-28, 05:26 AM | #11 (permalink) |
榮譽會員
|
Q:
一个嫌疑分子,注册表项目不能删除? 在註冊表: localmachine\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDPSSW32 下.. 整個LEGACY_RDPSSW32項都沒有辦法刪除~下面還有個0000的項..都沒有辦法刪除. 開始的時候開機自動執行C:\windows\rdpssw32.exe 程式..被我刪除了.我用了流氓軟件清理後說發現,但是無法清除之.. 2006-06-27,15:45:45 System Repair Engineer 2.0.12.350 (2.0 RC 1) Windows XP Professional Service Pack 2 - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <run><> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <KvMonXP><"F:\Program Files\KV2006\KVMonXP.kxp" /auto> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <Userinit><C:\WINDOWS\system32\userinit.exe,> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> ================================== 啟動資料夾 [802.1X認證客戶端] <C:\Documents and Settings\kingsgame\「開始」表菜單\程式\啟動\802.1X認證客戶端.lnk><N> ================================== 服務 [Ati HotKey Poller / Ati HotKey Poller] <C:\WINDOWS\System32\Ati2evxx.exe><N/A> [ATI Smart / ATI Smart] <C:\WINDOWS\system32\ati2sgag.exe><> [KVSrvXP / KVSrvXP] <F:\Program Files\KV2006\KVSrvXP.exe /Service><Jiangmin Co. Ltd> [KVWSC / KVWSC] <"F:\Program Files\KV2006\KVWsc.exe"><Jiangmin Co.Ltd> [RDPSSW32 / RDPSSW32] <><N/A> [SVCHOST / SVCHOST] <C:\WINDOWS\SVCHOST.EXE><N/A> ================================== 瀏覽器載入項 [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <, N/A> [江民殺毒工具欄] {B5A34A93-D538-43A7-8371-864CB6148D12} <F:\Program Files\KV2006\KvShell.dll, Jiangmin Co.Ltd> [TegoSoft SmartLoader ActiveX Control] {1C960AA3-FAEE-11D0-9262-00A0243D2412} <C:\WINDOWS\DOWNLO~1\TegoLoad.OCX, TegoSoft Inc. http://www.tegosoft.com> [UploadListView Class] {474F00F5-3853-492C-AC3A-476512BBC336} <C:\WINDOWS\Downloaded Program Files\UploaderX.dll, > [PhotoUploadCtrl Control] {A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} <f:\PROGRA~1\Tencent\QZone\PHOTOU~1.OCX, tencent> [Java Plug-in 1.5.0_01] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <, N/A> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [FiltrateWebObj Class] {42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} <F:\Program Files\KV2006\KVBHO.dll, Jiangmin Co.Ltd> [超級兔子上網精靈] {43869BB3-22FD-4F15-9B46-238106BA2F4E} <, N/A> [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\SHDOCVW.DLL, N/A> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [超級兔子上網精靈] {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <, N/A> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\SHDOCVW.DLL, N/A> [江民殺毒工具欄] {B5A34A93-D538-43A7-8371-864CB6148D12} <F:\Program Files\KV2006\KvShell.dll, Jiangmin Co.Ltd> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.> [上傳到QQ網路硬碟] <{DEDEB80D-FA35-45D9-9460-4983E5A8AFE6}, N/A> [匯出到 Microsoft Office Excel(&X)] <res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A> [新增到QQ自定義面板] <, N/A> [新增到QQ表情] <, N/A> [用QQ彩信發送該圖片] <F:\Program Files\Tencent\SendMMS.htm, N/A> [用迅雷下載(&D)] <F:\Program Files\Thunder5.1.3.168 綠色版 by令狐雨辰\geturl.htm, N/A> [用迅雷下載全部(&A)] <F:\Program Files\Thunder5.1.3.168 綠色版 by令狐雨辰\getallurl.htm, N/A> ================================== 正在執行的工作行程 [PID: 580][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 644][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 668][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\Ati2evxx.dll] <N/A><N/A> [C:\WINDOWS\system32\antiwpa.dll] <N/A><N/A> [PID: 712][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 724][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 884][C:\WINDOWS\System32\Ati2evxx.exe] <N/A><N/A> [PID: 896][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1004][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1088][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1300][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1312][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1524][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [PID: 1732][F:\Program Files\KV2006\KVSrvXP.exe] <Jiangmin Co. Ltd><9.2.0.50822> [F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [F:\Program Files\KV2006\SvcSafe.dll] <Jiangmin Co. Ltd><9, 2, 0, 51107> [F:\Program Files\KV2006\lang\SvcSafe0804.lng] <N/A><N/A> [F:\Program Files\KV2006\RegProt.dll] <Jiangmin Co.Ltd><9, 0, 5, 1212> [F:\Program Files\KV2006\Scan.dll] <Jiangmin Co., Ltd.><1.0.6.05190> [F:\Program Files\KV2006\FileGD.dll] <Jiangmin Co.Ltd><9.2.0.50809> [F:\Program Files\KV2006\KvSPI.dll] <Jiangmin Co. Ltd.><1.0.6.06030> [F:\Program Files\KV2006\lang\KVSpi0804.lng] <N/A><N/A> [F:\Program Files\KV2006\ScanHost.dll] <Jiangmin Co. Ltd><9, 2, 0, 50822> [F:\Program Files\KV2006\KVWPSet.dll] <Jiangmin Co.Ltd><9, 0, 0, 60220> [F:\Program Files\KV2006\KVEnhS.dll] <Jiangmin Co., Ltd.><9, 2, 6, 02040> [F:\Program Files\KV2006\KVEnhJ.dll] <Jiangmin Co.Ltd><9, 1, 0, 50822> [F:\Program Files\KV2006\KVExtCab.dll] <JiangMin Co. Ltd><9, 2, 0, 50822> [F:\Program Files\KV2006\KVExtEml.dll] <Jiangmin Co. Ltd.><9, 2, 0, 51207> [F:\Program Files\KV2006\lang\KVExtEml0804.lng] <N/A><N/A> [F:\Program Files\KV2006\KvExtZip.dll] <JiangMin Co Ltd.><9, 2, 0, 50822> [F:\Program Files\KV2006\KVExtZ.dll] <Jiangmin Co. Ltd><9.2.0.503> [F:\Program Files\KV2006\KVExtTar.dll] <Jiangmin Co. Ltd><9, 2, 0, 50822> [F:\Program Files\KV2006\KVExtLZH.dll] <JiangMin Co. Ltd.><9, 2, 6, 0316> [F:\Program Files\KV2006\KvExtRar.dll] <JiangMin Co. Ltd.><9, 2, 6, 04020> [F:\Program Files\KV2006\KVExtGz_1.dll] <Jiangmin Co. Ltd><9, 0, 6, 04200> [F:\Program Files\KV2006\KVEnhK.dll] <Jiangmin Co.Ltd><9, 1, 0, 51209> [F:\Program Files\KV2006\Fix.dll] <Jiangmin Co.Ltd><9, 2, 0, 51011> [F:\Program Files\KV2006\KvCkMail.dll] <N/A><9, 0, 6, 605> [F:\Program Files\KV2006\lang\KvMailRes0804.lng] <N/A><N/A> [F:\Program Files\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817> [F:\Program Files\KV2006\lang\PrivateCfg0804.lng] <TODO: <Company name>><1.0.0.1> [PID: 432][C:\WINDOWS\system32\Ati2evxx.exe] <N/A><N/A> [PID: 616][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [F:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [F:\Program Files\KV2006\KvShell.dll] <Jiangmin Co.Ltd><9, 0, 5, 830> [F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [F:\Program Files\KV2006\lang\Kvxp0804_1.lng] <N/A><N/A> [F:\Program Files\KV2006\APIImpl.dll] <JiangMin Ltd.><9.0.0.500> [F:\Program Files\Tencent\qdshm.dll] <><1, 0, 101, 20> [F:\Program Files\SPX Capture\engine.dll] <N/A><N/A> [PID: 640][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [F:\Program Files\KV2006\KVMonXP.kxp] <Jiangmin Co.Ltd><9, 2, 0, 60103> [F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [F:\Program Files\KV2006\lang\Kvxp0804_1.lng] <N/A><N/A> [F:\Program Files\KV2006\GUIExt.dll] <Jiangmin Co.Ltd><9, 0, 5, 927> [F:\Program Files\KV2006\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200> [F:\Program Files\KV2006\EngFace.dll] <Jiangmin Co.Ltd><9.0.0.50809> [F:\Program Files\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817> [F:\Program Files\KV2006\KvMemory.dll] <Jiangmin Co. Ltd.><9, 0, 6, 0214> [F:\Program Files\KV2006\KvOffice.dll] <JiangMin New Tech.><9.0.0.1213> [F:\Program Files\KV2006\lang\KVOffice0804.lng] <N/A><N/A> [F:\Program Files\KV2006\VirusUpload.dll] <N/A><2, 0, 0, 0> [F:\Program Files\KV2006\lang\PrivateCfg0804.lng] <TODO: <Company name>><1.0.0.1> [F:\Program Files\KV2006\PProtect.dll] <Jiangmin Co. Ltd.><9.0.0.921> [PID: 1196][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [F:\Program Files\KV2006\TrojDie.kxp] <Jiangmin Co.Ltd><9.0.6.0413> [F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [F:\Program Files\KV2006\lang\TrojDie0804.lng] <Jiangmin Co.Ltd><9.0.0.0813> [F:\Program Files\KV2006\GUIExt.dll] <Jiangmin Co.Ltd><9, 0, 5, 927> [F:\Program Files\KV2006\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200> [F:\Program Files\KV2006\PProtect.dll] <Jiangmin Co. Ltd.><9.0.0.921> [F:\Program Files\KV2006\ComUIPS.dll] <Jiangmin Ltd.><9. 5. 5. 20> [PID: 1456][C:\Program Files\802.1X認證客戶端\Dot1XClient.exe] <huawei><2.00> [C:\WINDOWS\system32\W32N50.dll] <Printing Communications Assoc., Inc. (PCAUSA)><5.03.16.54> [PID: 1964][F:\Program Files\KV2006\KRegEx.exe] <Jiangmin Co.Ltd><9.0.6.210> [F:\Program Files\KV2006\KRegEx.dll] <Jiangmin Co. Ltd.><9.0.6.0119> [F:\Program Files\KV2006\KRegTrust.dll] <Jiangmin Co. Ltd.><9.0.0.825> [PID: 200][F:\Program Files\KV2006\UIHost.exe] <Jiangmin Co. Ltd><9.2.0.50822> [F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [F:\Program Files\KV2006\ComUI.dll] <Jiangmin Ltd.><9. 0. 0.509> [F:\Program Files\KV2006\ComUIPS.dll] <Jiangmin Ltd.><9. 5. 5. 20> [PID: 356][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)> [PID: 1408][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1868][F:\PROGRA~1\TheWorld\TheWorld.exe] <Phoenix Studio><1, 2, 3, 5> [C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx] <Macromedia, Inc.><8,0,24,0> [C:\WINDOWS\system32\FREEWB.IME] <Delphi Fan Studio><5.1> [F:\Program Files\freewb\plugin\date.plg] <><1, 0, 0, 1> [F:\Program Files\SPX Capture\engine.dll] <N/A><N/A> [PID: 1616][F:\Program Files\SPX Capture\Spx.exe] <MoodySoft><4.0.0.0> [F:\Program Files\SPX Capture\ICQMAPI.dll] <N/A><N/A> [F:\Program Files\SPX Capture\lpng.dll] <N/A><N/A> [F:\Program Files\SPX Capture\freeze.dll] <N/A><N/A> [F:\Program Files\SPX Capture\engine.dll] <N/A><N/A> [PID: 1368][F:\download\sreng2\SREng.exe] <Smallfrogs Studio><2.0.12.350> [F:\Program Files\SPX Capture\engine.dll] <N/A><N/A> ================================== 文件關聯 .TXT Error. [emeditor.txt] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: 再次執行 System Repair Engineer 在「啟動專案」->「服務」 中刪除下面專案 [RDPSSW32 / RDPSSW32] <><N/A> [SVCHOST / SVCHOST] <C:\WINDOWS\SVCHOST.EXE><N/A> Q: 2006-06-27,20:05:54 System Repair Engineer 2.0.12.350 (2.0 RC 1) Windows XP Professional Service Pack 2 - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <run><> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <KvMonXP><"F:\Program Files\KV2006\KVMonXP.kxp" /auto> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] <Super Rabbit Winspeed><"F:\Program Files\Super Rabbit\MagicSet\winspeed.exe" /autokill:117> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <Userinit><C:\WINDOWS\system32\userinit.exe,> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> ================================== 啟動資料夾 [802.1X認證客戶端] <C:\Documents and Settings\kingsgame\「開始」表菜單\程式\啟動\802.1X認證客戶端.lnk><N> ================================== 服務 [Ati HotKey Poller / Ati HotKey Poller] <C:\WINDOWS\System32\Ati2evxx.exe><N/A> [ATI Smart / ATI Smart] <C:\WINDOWS\system32\ati2sgag.exe><> [KVSrvXP / KVSrvXP] <F:\Program Files\KV2006\KVSrvXP.exe /Service><Jiangmin Co. Ltd> [KVWSC / KVWSC] <"F:\Program Files\KV2006\KVWsc.exe"><Jiangmin Co.Ltd> ================================== 瀏覽器載入項 [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <, N/A> [江民殺毒工具欄] {B5A34A93-D538-43A7-8371-864CB6148D12} <F:\Program Files\KV2006\KvShell.dll, Jiangmin Co.Ltd> [TegoSoft SmartLoader ActiveX Control] {1C960AA3-FAEE-11D0-9262-00A0243D2412} <C:\WINDOWS\DOWNLO~1\TegoLoad.OCX, TegoSoft Inc. http://www.tegosoft.com> [UploadListView Class] {474F00F5-3853-492C-AC3A-476512BBC336} <C:\WINDOWS\Downloaded Program Files\UploaderX.dll, > [PhotoUploadCtrl Control] {A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} <f:\PROGRA~1\Tencent\QZone\PHOTOU~1.OCX, tencent> [Java Plug-in 1.5.0_01] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <, N/A> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [FiltrateWebObj Class] {42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} <F:\Program Files\KV2006\KVBHO.dll, Jiangmin Co.Ltd> [超級兔子上網精靈] {43869BB3-22FD-4F15-9B46-238106BA2F4E} <, N/A> [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\SHDOCVW.DLL, N/A> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [超級兔子上網精靈] {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <, N/A> [] {A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\PROGRA~1\KuGoo2\KUGOO3~1.OCX, N/A> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\SHDOCVW.DLL, N/A> [江民殺毒工具欄] {B5A34A93-D538-43A7-8371-864CB6148D12} <F:\Program Files\KV2006\KvShell.dll, Jiangmin Co.Ltd> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.> [上傳到QQ網路硬碟] <{DEDEB80D-FA35-45D9-9460-4983E5A8AFE6}, N/A> [使用KuGoo3下載(&K)] <F:\Program Files\KuGoo2\KuGoo3DownX.htm, N/A> [匯出到 Microsoft Office Excel(&X)] <res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A> [新增到QQ自定義面板] <, N/A> [新增到QQ表情] <, N/A> [用QQ彩信發送該圖片] <F:\Program Files\Tencent\SendMMS.htm, N/A> [用迅雷下載(&D)] <F:\Program Files\Thunder5.1.3.168 綠色版 by令狐雨辰\geturl.htm, N/A> [用迅雷下載全部(&A)] <F:\Program Files\Thunder5.1.3.168 綠色版 by令狐雨辰\getallurl.htm, N/A> ================================== 正在執行的工作行程 [PID: 580][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 644][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 668][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\Ati2evxx.dll] <N/A><N/A> [C:\WINDOWS\system32\antiwpa.dll] <N/A><N/A> [PID: 712][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 724][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 896][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1004][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1088][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1300][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1312][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1524][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [PID: 1732][F:\Program Files\KV2006\KVSrvXP.exe] <Jiangmin Co. Ltd><9.2.0.50822> [F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [F:\Program Files\KV2006\SvcSafe.dll] <Jiangmin Co. Ltd><9, 2, 0, 51107> [F:\Program Files\KV2006\lang\SvcSafe0804.lng] <N/A><N/A> [F:\Program Files\KV2006\RegProt.dll] <Jiangmin Co.Ltd><9, 0, 5, 1212> [F:\Program Files\KV2006\Scan.dll] <Jiangmin Co., Ltd.><1.0.6.05190> [F:\Program Files\KV2006\FileGD.dll] <Jiangmin Co.Ltd><9.2.0.50809> [F:\Program Files\KV2006\KvSPI.dll] <Jiangmin Co. Ltd.><1.0.6.06030> [F:\Program Files\KV2006\lang\KVSpi0804.lng] <N/A><N/A> [F:\Program Files\KV2006\ScanHost.dll] <Jiangmin Co. Ltd><9, 2, 0, 50822> [F:\Program Files\KV2006\KVWPSet.dll] <Jiangmin Co.Ltd><9, 0, 0, 60220> [F:\Program Files\KV2006\KvCkMail.dll] <N/A><9, 0, 6, 605> [F:\Program Files\KV2006\lang\KvMailRes0804.lng] <N/A><N/A> [F:\Program Files\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817> [F:\Program Files\KV2006\lang\PrivateCfg0804.lng] <TODO: <Company name>><1.0.0.1> [PID: 616][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [F:\Program Files\KV2006\KvShell.dll] <Jiangmin Co.Ltd><9, 0, 5, 830> [F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [F:\Program Files\KV2006\lang\Kvxp0804_1.lng] <N/A><N/A> [F:\Program Files\KV2006\APIImpl.dll] <JiangMin Ltd.><9.0.0.500> [F:\Program Files\Tencent\qdshm.dll] <><1, 0, 101, 20> [F:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [F:\PROGRA~1\KuGoo2\KUGOO3~1.OCX] <N/A><N/A> [PID: 640][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1196][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 356][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)> [PID: 1408][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1492][C:\Program Files\802.1X認證客戶端\Dot1XClient.exe] <huawei><2.00> [C:\WINDOWS\system32\W32N50.dll] <Printing Communications Assoc., Inc. (PCAUSA)><5.03.16.54> [PID: 1668][F:\PROGRA~1\TheWorld\TheWorld.exe] <Phoenix Studio><1, 2, 3, 5> [C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx] <Macromedia, Inc.><8,0,24,0> [C:\WINDOWS\system32\FREEWB.IME] <Delphi Fan Studio><5.1> [F:\Program Files\freewb\plugin\date.plg] <><1, 0, 0, 1> [C:\WINDOWS\System32\xunleibho_v13.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 48> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [F:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll] <Gabest><1, 0, 1, 2> [F:\Program Files\Ringz Studio\Storm Codec\Codecs\OGGSplt.ax] <Gabest><1, 0, 0, 0> [C:\WINDOWS\system32\RealMediaSplitter.ax] <Gabest><1, 0, 1, 1> [F:\Program Files\Ringz Studio\Storm Codec\Codecs\MkvSplt.ax] <Gabest><1, 0, 2, 6> [C:\WINDOWS\System32\ffdshow.ax] <N/A><1, 0, 0, 1> [C:\DOCUME~1\KINGSG~1\APPLIC~1\ppStream\100~1.138\POWERL~1.OCX] <PPStream.com><1, 0, 0, 1216> [C:\DOCUME~1\KINGSG~1\APPLIC~1\ppStream\100~1.138\POWERP~1.DLL] <PPStream Inc.><1,0,0,1566> [C:\DOCUME~1\KINGSG~1\APPLIC~1\ppStream\100~1.138\PSNetwork.dll] <PPStream, inc.><1, 0, 0, 2296> [PID: 940][F:\網號\QQ相關\Q工具\myQQC\myQQC.exe] <N/A><V2.2> [PID: 3664][F:\download\sreng2\SREng.exe] <Smallfrogs Studio><2.0.12.350> ================================== 文件關聯 .TXT Error. [emeditor.txt] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A:新的掃瞄報告沒問題了 |
送花文章: 3,
|
2006-07-06, 08:45 AM | #12 (permalink) |
榮譽會員
|
Q:
【求助】被IEXPLORER.exe搞住了!刪不掉啊! 被IEXPLORER.exe搞住了!刪不掉啊!不到5秒再殺。又出來了!! A: 請用 System Repair Engineer (SREng) 的智慧式掃瞄,掃瞄一個報告上來 1. 下載 System Repair Engineer 2 ,並儲存到桌面 2. 解開壓縮包裝,執行SREng.exe 3. 按 智慧式掃瞄 ,確保智慧式掃瞄下的專案已經全部打勾,再按 掃瞄 4. 掃瞄完成後,按 儲存報告 ,把報告儲存到桌面 5. 開啟SREngLOG.log報告,把報告所有內容複製 + 貼上來 Q: 2006-07-05,22:59:34 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] <pyjj><E:\濾鏡\加加\jj4\jjsvr4.exe> [加加開發組] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] <run><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation] <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.] <KvMonXP><"D:\KV2006\KVMonXP_2.kxp" /auto> [Jiangmin Co.Ltd] <SKYNET Personal FireWall><E:\安全\FIREWALL\pfw.exe> [廣州眾達天網技術有限公司] <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation] <><; > [] <CSPContext><; C:\WINDOWS\system32\CSPContext.exe> [中文之星] <rundll31><C:\WINDOWS\system32\IEXPLORER.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <DLMon><> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] <WinlogonNotify: AtiExtEvent><Ati2evxx.dll> [ATI Technologies Inc.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <ATICCC><; "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay> [] <ATIPTA><; ; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [] <IMSCMIG40W><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log> [Microsoft Corporation] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <NVMixerTray><; "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"> [NVIDIA Corporation] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <pyjj><; E:\濾鏡\加加\jj4\jjsvr4.exe> [加加開發組] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <rundll31><; C:\WINDOWS\system32\IEXPLORER.exe> [] <TkBellExe><; ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [] <Update><; > [] ================================== 啟動資料夾 服務 [Adobe LM Service / Adobe LM Service] <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems> [Ati HotKey Poller / Ati HotKey Poller] <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.> [ATI Smart / ATI Smart] <C:\WINDOWS\system32\ati2sgag.exe><> [InstallDriver Table Manager / IDriverT] <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation> [KVSrvXP / KVSrvXP] <D:\KV2006\KVSrvXP.exe /Service><Jiangmin Co. Ltd> [KVWSC / KVWSC] <"D:\KV2006\kvwsc.exe"><Jiangmin Co.Ltd> ================================== 瀏覽器載入項 [解霸] {367E0A21-8601-4986-9C9A-153BF5ACA118} <e:\HEROSOFT\Hero3000\MPLAYER.EXE, N/A> [聯想] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A> [訊息檢索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} <E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation> [@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A> [FlashGet] {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <E:\FlashGet-v1.71\flashget.exe, Amaze Soft> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [江民殺毒工具欄] {B5A34A93-D538-43A7-8371-864CB6148D12} <D:\KV2006\KvShell.dll, Jiangmin Co.Ltd> [SnagIt] {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <E:\圖像\TechSmith\SnagIt 7\SnagItIEAddin.dll, TechSmith Corporation> [&Save Flash] {4064EA35-578D-4073-A834-C96D82CBCF40} <E:\濾鏡\Save Flash\SaveFlash.dll, TODO: <Company name>> [MSN Photo Upload Tool] {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [Alexa Web Search] <CDB6E-AE6D-11CF-96B8-444553540000}, N/A> [Get Alexa Data] <, N/A> [Mail to a Friend...] <, N/A> [See Related Links] <, N/A> [Write a Review...] <, N/A> [上傳到QQ網路硬碟] <, N/A> [使用網際快車下載] <E:\FlashGet-v1.71\jc_link.htm, N/A> [使用網際快車下載全部鏈接] <E:\FlashGet-v1.71\jc_all.htm, N/A> [定位檢視 GPS 衛星地圖] <E:\濾鏡\Opanda\IExif 2.25\IExifMap.htm, N/A> [檢視 Exif/GPS/IPTC 訊息] <E:\濾鏡\Opanda\IExif 2.25\IExifCom.htm, N/A> [新增到QQ自定義面板] <, N/A> [新增到QQ表情] <, N/A> [用QQ彩信發送該圖片] <, N/A> ================================== 正在執行的工作行程 [PID: 508][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 576][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 604][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\Ati2evxx.dll] <ATI Technologies Inc.><6.14.10.4124> [PID: 648][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 660][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 800][C:\WINDOWS\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4124> [C:\WINDOWS\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2499> [PID: 828][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 896][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 956][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1036][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1124][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1356][C:\WINDOWS\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4124> [C:\WINDOWS\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2499> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> [PID: 1420][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0> [D:\KV2006\KvShell.dll] <Jiangmin Co.Ltd><9, 0, 5, 830> [D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [D:\KV2006\lang\Kvxp0804_1.lng] <N/A><N/A> [D:\KV2006\APIImpl.dll] <JiangMin Ltd.><9.0.0.500> [C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll] <><1, 0, 0, 1> [PID: 1432][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> [PID: 1588][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.29> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> [D:\KV2006\KVMonXP_2.kxp] <Jiangmin Co.Ltd><9, 2, 0, 60103> [D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [D:\KV2006\lang\Kvxp0804_1.lng] <N/A><N/A> [D:\KV2006\GUIExt.dll] <Jiangmin Co.Ltd><9, 0, 5, 927> [D:\KV2006\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200> [D:\KV2006\EngFace.dll] <Jiangmin Co.Ltd><9.0.0.50809> [D:\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817> [D:\KV2006\KvMemory.dll] <Jiangmin Co. Ltd.><9, 0, 6, 0214> [D:\KV2006\KvOffice.dll] <JiangMin New Tech.><9.0.0.1213> [D:\KV2006\lang\KVOffice0804.lng] <N/A><N/A> [D:\KV2006\VirusUpload.dll] <N/A><2, 0, 0, 0> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> [D:\KV2006\PProtect.dll] <Jiangmin Co. Ltd.><9.0.0.921> [PID: 1612][C:\WINDOWS\system32\IEXPLORER.exe] <N/A><N/A> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> [PID: 1632][E:\濾鏡\加加\jj4\jjsvr4.exe] <加加開發組><4.0.0.18> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> [PID: 1740][D:\KV2006\KVSrvXP.exe] <Jiangmin Co. Ltd><9.2.0.50822> [D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [D:\KV2006\SvcSafe.dll] <Jiangmin Co. Ltd><9, 2, 0, 51107> [D:\KV2006\lang\SvcSafe0804.lng] <N/A><N/A> [D:\KV2006\RegProt.dll] <Jiangmin Co.Ltd><9, 0, 5, 1212> [D:\KV2006\Scan.dll] <Jiangmin Co., Ltd.><1.0.6.05190> [D:\KV2006\FileGD.dll] <Jiangmin Co.Ltd><9.2.0.50809> [D:\KV2006\KvSPI.dll] <Jiangmin Co. Ltd.><1.0.6.06030> [D:\KV2006\lang\KVSpi0804.lng] <N/A><N/A> [D:\KV2006\ScanHost.dll] <Jiangmin Co. Ltd><9, 2, 0, 50822> [D:\KV2006\KVWPSet_1.dll] <Jiangmin Co.Ltd><9, 0, 0, 60220> [D:\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817> [D:\KV2006\KVEnhS.dll] <Jiangmin Co., Ltd.><9, 2, 6, 02040> [D:\KV2006\KVEnhJ.dll] <Jiangmin Co.Ltd><9, 1, 0, 50822> [D:\KV2006\KVExtCab.dll] <JiangMin Co. Ltd><9, 2, 0, 50822> [D:\KV2006\KvExtZip.dll] <JiangMin Co Ltd.><9, 2, 0, 50822> [D:\KV2006\KVExtZ.dll] <Jiangmin Co. Ltd><9.2.0.503> [D:\KV2006\KVExtTar.dll] <Jiangmin Co. Ltd><9, 2, 0, 50822> [D:\KV2006\KVExtLZH_1.dll] <JiangMin Co. Ltd.><9, 2, 6, 0316> [D:\KV2006\KvExtRar_1.dll] <JiangMin Co. Ltd.><9, 2, 6, 04020> [D:\KV2006\KVExtGz_1.dll] <Jiangmin Co. Ltd><9, 0, 6, 04200> [D:\KV2006\KVExtEml.dll] <Jiangmin Co. Ltd.><9, 2, 0, 51207> [D:\KV2006\lang\KVExtEml0804.lng] <N/A><N/A> [D:\KV2006\KVEnhK.dll] <Jiangmin Co.Ltd><9, 1, 0, 51209> [D:\KV2006\Fix.dll] <Jiangmin Co.Ltd><9, 2, 0, 51011> [D:\KV2006\KvCkMail.dll] <N/A><9, 0, 6, 605> [D:\KV2006\lang\KvMailRes0804.lng] <N/A><N/A> [PID: 1764][D:\KV2006\kvwsc.exe] <Jiangmin Co.Ltd><9, 0, 5, 908> [D:\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817> [D:\KV2006\EngFace.dll] <Jiangmin Co.Ltd><9.0.0.50809> [D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [PID: 1828][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1856][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)> [PID: 1024][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [D:\KV2006\TrojDie.kxp] <Jiangmin Co.Ltd><9.0.6.0413> [D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [D:\KV2006\lang\TrojDie0804.lng] <Jiangmin Co.Ltd><9.0.0.0813> [D:\KV2006\GUIExt.dll] <Jiangmin Co.Ltd><9, 0, 5, 927> [D:\KV2006\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200> [D:\KV2006\PProtect.dll] <Jiangmin Co. Ltd.><9.0.0.921> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> [D:\KV2006\ComUIPS.dll] <Jiangmin Ltd.><9. 5. 5. 20> [PID: 1724][D:\KV2006\KRegEx.exe] <Jiangmin Co.Ltd><9.0.6.210> [D:\KV2006\KRegEx.dll] <Jiangmin Co. Ltd.><9.0.6.0119> [D:\KV2006\KRegTrust.dll] <Jiangmin Co. Ltd.><9.0.0.825> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> [PID: 1932][D:\KV2006\UIHost.exe] <Jiangmin Co. Ltd><9.2.0.50822> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> [D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [D:\KV2006\ComUI.dll] <Jiangmin Ltd.><9. 0. 0.509> [D:\KV2006\ComUIPS.dll] <Jiangmin Ltd.><9. 5. 5. 20> [D:\KV2006\GUIExt.dll] <Jiangmin Co.Ltd><9, 0, 5, 927> [D:\KV2006\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200> [PID: 2696][E:\圖像\TheWorld-v1.26\TheWorld.exe] <Phoenix Studio><1, 2, 3, 5> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [PID: 3036][E:\安全\FireWall\PFW.exe] <廣州眾達天網技術有限公司><2.7.7.1000> [E:\安全\FireWall\SKYMISC.DLL] <N/A><N/A> [E:\安全\FireWall\COMPRESSWRAP.DLL] <N/A><N/A> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> [PID: 3108][E:\安全\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG Error. ["regedit.exe" "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS Error. [] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: 1. 使用SREng (相關操作說明) -刪除以下的啟動項 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <rundll31><C:\WINDOWS\system32\IEXPLORER.exe> [] 2. 重新啟動,按F8進入安全模式,刪除以下檔案 (看注1) C:\WINDOWS\system32\IEXPLORER.exe 注1: 如果找不到以上檔案,先作出以下設定 a) 在 我的電腦 ,點擊 工具--->資料夾選項 b) 點 檢視 選擇項,然後去掉 隱藏受保護的操作系統文件 前的勾,點選 顯示所有文件和資料夾 ,最後 確定 |
送花文章: 3,
|
2006-07-15, 02:58 PM | #13 (permalink) |
榮譽會員
|
Q:
【求助】C:\WINDOWS\svchost.exe 工作行程中出現這個東西C:\WINDOWS\svchost.exe 無法結束工作行程,也不能刪除,該svchost.exe創建的日期是今天? 註冊表run鍵值中有svc在執行,刪除後自動出現 winlogon.exe在任務管理器中有兩個一個ID 532 一個是744 諾頓一直提示有病毒,但是總殺不玩? 怎麼辦?是中了什麼毒? 2006-07-14,00:06:22 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] <svc><C:\WINDOWS\svchost.exe> [] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <pdfFactory Dispatcher v1><C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe> [FinePrint Software, LLC] <ccApp><; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [Symantec Corporation] <vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe> [Symantec Corporation] <svc><C:\WINDOWS\svchost.exe> [] <HotKeysCmds><; C:\WINDOWS\system32\hkcmd.exe> [Intel Corporation] <IgfxTray><; C:\WINDOWS\system32\igfxtray.exe> [Intel Corporation] <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation] <SoundMan><; SOUNDMAN.EXE> [Realtek Semiconductor Corp.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\inituser.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] <WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll> [Symantec Corporation] ================================== 啟動資料夾 服務 [Symantec Event Manager / ccEvtMgr] <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation> [Symantec Password Validation / ccPwdSvc] <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation> [Symantec Settings Manager / ccSetMgr] <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation> [Symantec AntiVirus Definition Watcher / DefWatch] <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation> [DameWare Mini Remote Control / DWMRCS] <C:\WINDOWS\SYSTEM32\DWRCS.EXE -service><N/A> [KDDelegateService / KDDelegateService] <d:\Program Files\Kingdee\K3ERP\KDDelegateService.exe><KINGDEE> [SavRoam / SavRoam] <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec> [Symantec Network Drivers Service / SNDSrvc] <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation> [Symantec SPBBCSvc / SPBBCSvc] <"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation> [Symantec AntiVirus / Symantec AntiVirus] <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation> [VIPTray / VIPTray] <2 - 系統找不到指定的文件。 ><N/A> ================================== 瀏覽器載入項 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v5.dll, > [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [IEYHlprObj Class] {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation> [WinSC Class] {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A> [Webacc Class] {CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, > [IEHlprObj Class] {F5B3ECED-9BF3-4f7e-882B-A6E75343C499} <C:\Progra~1\NetMeeting\netinit.dll, Microsoft Corporation> [iehelper] {F651FCAA-F826-4922-8990-C6F99CC67AFC} <C:\WINDOWS\Win32ef.dll, N/A> [google bar] {FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A> [比較購物搜索(&C)] {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} <C:\WINDOWS\YayaBands.dll, Eastday Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <, N/A> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v5.dll, > [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [MonitorURL Class] {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, N/A> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A> [HHCtrl Object] {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation> [IEYHlprObj Class] {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation> [XBTP03129 Class] {6029B367-250A-4696-925C-641709CA7381} <C:\PROGRA~1\KUAISO~1\KUAISO~1.DLL, N/A> [Kuaiso Toolsbar] {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\Kuaiso Toolsbar\kuaiso_06040.dll, N/A> [WinSC Class] {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A> [estAliveObj Class] {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, N/A> [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, N/A> [IEHlprObj Class] {BA623AA0-9A82-4D0C-944C-0228CEA17780} <C:\Progra~1\Messenger\netshow.dll, N/A> [Webacc Class] {CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, > [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <, N/A> [IEHlprObj Class] {F5B3ECED-9BF3-4F7E-882B-A6E75343C499} <C:\Progra~1\NetMeeting\netinit.dll, Microsoft Corporation> [iehelper] {F651FCAA-F826-4922-8990-C6F99CC67AFC} <C:\WINDOWS\Win32ef.dll, N/A> [google bar] {FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A> ================================== 正在執行的工作行程 [PID: 664][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 720][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 744][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\NavLogon.dll] <Symantec Corporation><10.0.2.2000> [PID: 788][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 800][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 968][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1016][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1080][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1132][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1168][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1328][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe] <Symantec Corporation><103.5.6.3> [C:\Program Files\Common Files\Symantec Shared\ccL35.dll] <Symantec Corporation><103.5.6.3> [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.5.6.3> [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] <Symantec Corporation><103.5.6.3> [PID: 1356][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe] <Symantec Corporation><103.5.6.3> [C:\Program Files\Common Files\Symantec Shared\ccL35.dll] <Symantec Corporation><103.5.6.3> [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.5.6.3> [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\BB.DLL] <Symantec Corporation><1,5,1,3> [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL] <Symantec Corporation><1,5,1,3> [C:\Program Files\Common Files\Symantec Shared\ccSet.dll] <Symantec Corporation><103.5.6.3> [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL] <Symantec Corporation><103.5.6.3> [PID: 1664][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\fppmon1.dll] <FinePrint Software, LLC><1.17> [C:\WINDOWS\system32\fppr132.dll] <FinePrint Software, LLC><1.17> [PID: 1804][C:\Program Files\Symantec AntiVirus\DefWatch.exe] <Symantec Corporation><10.0.2.2000> [PID: 1828][C:\WINDOWS\SYSTEM32\DWRCS.EXE] <N/A><N/A> [PID: 1956][C:\Program Files\Symantec AntiVirus\SavRoam.exe] <symantec><10.0.2.2000> [C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll] <Symantec Corporation><10.0.2.2000> [C:\WINDOWS\system32\CBA.DLL] <LANDesk Software Ltd.><6.12.0.140 E> [C:\WINDOWS\system32\MsgSys.dll] <LANDesk Software Ltd.><6.12.0.140 E> [C:\WINDOWS\system32\NTS.dll] <LANDesk Software Ltd.><6.12.0.141 E> [C:\WINDOWS\system32\PDS.DLL] <LANDesk Software Ltd.><6.12.0.140 E> [c:\program files\common files\symantec shared\ssc\ScsComms.dll] <Symantec Corporation><10.0.2.2000> [PID: 244][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\hpwx3770.dll] <Hewlett-Packard><3.2.2.674> [C:\WINDOWS\system32\hpgt3770.dll] <Hewlett-Packard><1.0.2.682> [PID: 328][C:\Program Files\Symantec AntiVirus\Rtvscan.exe] <Symantec Corporation><10.0.2.2000> [C:\WINDOWS\system32\CBA.DLL] <LANDesk Software Ltd.><6.12.0.140 E> [C:\WINDOWS\system32\MsgSys.dll] <LANDesk Software Ltd.><6.12.0.140 E> [C:\WINDOWS\system32\NTS.dll] <LANDesk Software Ltd.><6.12.0.141 E> [C:\WINDOWS\system32\PDS.DLL] <LANDesk Software Ltd.><6.12.0.140 E> [C:\Program Files\Symantec AntiVirus\NAVLU.dll] <Symantec Corporation><10.0.2.2000> [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL] <Symantec Corporation><10.0.2.2000> [c:\program files\common files\symantec shared\ssc\ScsComms.dll] <Symantec Corporation><10.0.2.2000> [C:\Program Files\Symantec AntiVirus\I2ldvp3.dll] <Symantec Corporation><10.0.2.2000> [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.5.6.3> [C:\Program Files\Common Files\Symantec Shared\ccL35.dll] <Symantec Corporation><103.5.6.3> [C:\Program Files\Common Files\Symantec Shared\ccDec.dll] <Symantec Corporation><103.5.6.3> [C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\ccScan.dll] <Symantec Corporation><103.5.6.3> [C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL] <Symantec Corporation><51.2.0.12> [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060712.021\ccEraser.dll] <Symantec Corporation><106.1.5.2> [C:\Program Files\Symantec AntiVirus\DefUtDCD.dll] <Symantec Corporation><3.1.13a.0> [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060712.021\ecmsvr32.dll] <Symantec Corporation><61.1.0.11> [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060712.021\NAVEX32a.DLL] <Symantec Corporation><20061.1.0.14> [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060712.021\NAVENG32.DLL] <Symantec Corporation><20061.1.0.14> [C:\Program Files\Symantec AntiVirus\NAVAP32.DLL] <Symantec Corporation><9.7.0.10> [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] <Symantec Corporation><9.7.0.10> [C:\Program Files\Symantec AntiVirus\IMail.dll] <Symantec Corporation><10.0.2.2000> [C:\Program Files\Symantec AntiVirus\NotesExt.dll] <Symantec Corporation><10.0.2.2000> [C:\Program Files\Symantec AntiVirus\vpmsece3.dll] <Symantec Corporation><10.0.2.2000> [C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll] <Symantec Corporation><10.0.2.2000> [C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll] <Symantec Corporation><1,5,1,3> [C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll] <Symantec Corporation><10.0.2.2000> [C:\Program Files\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><10.0.2.2000> [PID: 592][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 2976][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><7.0.5.2005092300> [C:\WINDOWS\system32\svchost.dll] <><1, 0, 0, 1> [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0> [C:\WINDOWS\system32\igfxpph.dll] <Intel Corporation><3.0.0.3847> [C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.3847> [C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.3847> [C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.3847> [C:\WINDOWS\system32\igfxdev.dll] <Intel Corporation><3.0.0.3847> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><10.0.2.2000> [C:\WINDOWS\system32\igfxress.dll] <Intel Corporation><3.0.0.3847> [C:\WINDOWS\system32\xunleibho_v5.dll] <><4, 3, 3, 30> [C:\WINDOWS\Win32ef.dll] <N/A><N/A> [C:\WINDOWS\vwwreg.dll] <N/A><N/A> [PID: 3112][C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe] <FinePrint Software, LLC><1.17> [C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppr132.dll] <FinePrint Software, LLC><1.17> [PID: 3128][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] <Symantec Corporation><103.5.6.3> [C:\Program Files\Common Files\Symantec Shared\ccL35.dll] <Symantec Corporation><103.5.6.3> [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.5.6.3> [C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL] <Symantec Corporation><103.5.6.3> [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL] <Symantec Corporation><103.5.6.3> [C:\WINDOWS\system32\SYMREDIR.DLL] <Symantec Corporation><6.0.1.105> [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] <Symantec Corporation><103.5.6.3> [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] <Symantec Corporation><103.5.6.3> [C:\Program Files\Symantec AntiVirus\SavEmail.dll] <Symantec Corporation><10.0.2.2000> [PID: 3144][C:\PROGRA~1\SYMANT~1\VPTray.exe] <Symantec Corporation><10.0.2.2000> [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] <Symantec Corporation><9.7.0.10> [C:\Program Files\Symantec AntiVirus\Cliproxy.dll] <Symantec Corporation><10.0.2.2000> [C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL] <Symantec Corporation><10.0.2.2000> [c:\program files\common files\symantec shared\ssc\ScsComms.dll] <Symantec Corporation><10.0.2.2000> [C:\WINDOWS\system32\nts.dll] <LANDesk Software Ltd.><6.12.0.141 E> [C:\WINDOWS\system32\cba.dll] <LANDesk Software Ltd.><6.12.0.140 E> [C:\WINDOWS\system32\MsgSys.dll] <LANDesk Software Ltd.><6.12.0.140 E> [C:\WINDOWS\system32\PDS.DLL] <LANDesk Software Ltd.><6.12.0.140 E> [PID: 3168][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 3336][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 2384][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 532][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 2644][C:\WINDOWS\system32\rdpclip.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 3472][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)> [PID: 3632][C:\WINDOWS\system32\taskmgr.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 184][C:\WINDOWS\regedit.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 3108][C:\DOCUME~1\wangquan\LOCALS~1\Temp\Rar$EX00.016\PrcView.exe] <PrcView><3.7.3.1> [PID: 3796][C:\WINDOWS\svchost.exe] <N/A><N/A> [PID: 3560][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A> [PID: 3072][C:\DOCUME~1\wangquan\LOCALS~1\Temp\Rar$EX00.079\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: 用sreng刪除啟動專案 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <svc><C:\WINDOWS\svchost.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <svc><C:\WINDOWS\svchost.exe> [] 重啟後在安全模式刪除 C:\WINDOWS\svchost.exe 如果刪除不了 請下載killbox強制刪除 除了上述問題外,還有以下需要處理的 建議修復操作時關閉其他所有的無關程式,包括IE瀏覽器等,建議將以下內容複製貼上去到記事本然後儲存以便操作。 請執行剛才用來做智慧式掃瞄的工具SREng, 在系統修復->瀏覽器載入項裡,勾選並b]刪除以下內容 ,都是些流氓軟件 [IEYHlprObj Class] {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation> [WinSC Class] {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A> [Webacc Class] {CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, > [IEHlprObj Class] {F5B3ECED-9BF3-4f7e-882B-A6E75343C499} <C:\Progra~1\NetMeeting\netinit.dll, Microsoft Corporation> [iehelper] {F651FCAA-F826-4922-8990-C6F99CC67AFC} <C:\WINDOWS\Win32ef.dll, N/A> [google bar] {FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A> [比較購物搜索(&C)] {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} <C:\WINDOWS\YayaBands.dll, Eastday Corporation> [MonitorURL Class] {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, N/A> [IEYHlprObj Class] {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation> [XBTP03129 Class] {6029B367-250A-4696-925C-641709CA7381} <C:\PROGRA~1\KUAISO~1\KUAISO~1.DLL, N/A> [Kuaiso Toolsbar] {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\Kuaiso Toolsbar\kuaiso_06040.dll, N/A> [WinSC Class] {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A> [estAliveObj Class] {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, N/A> [IEHlprObj Class] {BA623AA0-9A82-4D0C-944C-0228CEA17780} <C:\Progra~1\Messenger\netshow.dll, N/A> [Webacc Class] {CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, > [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <, N/A> [IEHlprObj Class] {F5B3ECED-9BF3-4F7E-882B-A6E75343C499} <C:\Progra~1\NetMeeting\netinit.dll, Microsoft Corporation> [iehelper] {F651FCAA-F826-4922-8990-C6F99CC67AFC} <C:\WINDOWS\Win32ef.dll, N/A> [google bar] {FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A> |
送花文章: 3,
|
2006-07-20, 07:41 PM | #14 (permalink) |
榮譽會員
|
Q:
【求助】工作裡的RUNDLL32.EXE圖示變大變花了?病毒嗎? 以前也有過這樣的例子。RUNDLL32.EXE圖示變大變花了以後,桌面的圖示也變花了,接著感染了所有EXE文件和RAR文件,殺不了,後來只有格了硬碟。這次又出現了,好怕啊。 我掃瞄的系統報告: 2006-07-19,13:41:18 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows 2000 Advanced Server Service Pack 4 (Build 2195) - 管理權限用戶 - 完整功能 以下內容被選: 所有的啟動項目(包括註冊表、啟動檔案夾、服務等) 瀏覽器載入項 正在執行的工作(包括工作模組訊息) 文件關聯 啟動項目 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.] <ShStatEXE><"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE> [Network Associates, Inc.] <McAfeeUpdaterUI><"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey> [Network Associates, Inc.] <Network Associates Error Reporting Service><"C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"> [Network Associates, Inc.] <!ewido><"E:\ewido anti-spyware 4.0\ewido.exe" /minimized> [Anti-Malware Development a.s.] <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] <Update><C:\Program Files\Common Files\UPDAT\Update.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINNT\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><E:\ewido anti-spyware 4.0\shellexecutehook.dll> [Anti-Malware Development a.s.] ================================== 啟動檔案夾 服務 [Ati HotKey Poller / Ati HotKey Poller] <C:\WINNT\system32\Ati2evxx.exe><ATI Technologies Inc.> [ATI Smart / ATI Smart] <C:\WINNT\system32\ati2sgag.exe><> [Logical Disk Manager Administrative Service / dmadmin] <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.> [ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard] <E:\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.> [McAfee Framework 服務 / McAfeeFramework] <C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart><Network Associates, Inc.> [Network Associates McShield / McShield] <"C:\Program Files\Network Associates\VirusScan\Mcshield.exe"><Network Associates, Inc.> [Network Associates Task Manager / McTaskManager] <"C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"><Network Associates, Inc.> [Security Machine Manager / MouTALS] <C:\WINNT\SYSTEM32\RUNDLL32.EXE C:\WINNT\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A> [Ulead Burning Helper / UleadBurningHelper] <C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.> ================================== 瀏覽器載入項 [] {01A7A372-71E8-4022-9D76-B66BECF71A2E} <C:\WINNT\system32\IEBHOGET.dll, N/A> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD> [NewWebController Class] {9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINNT\system32\AdvSC.dll, N/A> [WinSC Class] {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINNT\system32\WinSC.dll, N/A> [QuickBtn] {D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent> [DuiSo.com Search] {E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINNT\system32\Inte32.dll, N/A> [QuickBtn] {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent> [MMSAssistMenu] {6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, > [@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A> [@msdxmLC.dll,-1@2052,電台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation> [WebActivater Control] {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINNT\system32\WEBACT~1.OCX, QQ> [InfoSecNetSign Class] {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINNT\DOWNLO~1\NetSign.dll, Infosec Technologies Co., Ltd.> [AxSubmitControl Class] {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINNT\DOWNLO~1\SUBMIT~1.DLL, > [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [IcbcSsl快取CleanerCtrl Class] {E9707834-5BF7-4CFF-A639-398427DE1991} <C:\WINNT\Downloaded Program Files\IcbcSsl快取Cleaner.dll, 中國工商銀行> [&使用迅雷下載] <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A> [&使用迅雷下載全部連接] <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A> ================================== 正在執行的工作 [PID: 176][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 200][\??\C:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 220][\??\C:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6997> [C:\WINNT\system32\Ati2evxx.dll] <ATI Technologies Inc.><6.14.10.4117> [PID: 248][C:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.7035> [C:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [PID: 260][C:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.7011> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [PID: 368][C:\WINNT\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4117> [C:\WINNT\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2497> [PID: 456][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [PID: 488][C:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.7059> [PID: 536][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [PID: 576][C:\WINNT\System32\llssrv.exe] <Microsoft Corporation><5.00.2195.7021> [PID: 608][C:\Program Files\Network Associates\Common Framework\FrameworkService.exe] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\nailog.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\naXML.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\applib.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\Logging.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\InternetManager.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\naInet.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\UserSpace.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\Management.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\cmalib.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\Scheduler.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\TCSubSys.dll] <Network Associates, Inc.><3.5.0.412> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [PID: 660][C:\Program Files\Network Associates\VirusScan\Mcshield.exe] <Network Associates, Inc.><8.0.0.309> [C:\Program Files\Network Associates\VirusScan\Res04\McShield.DLL] <Network Associates, Inc.><8.0.0.251> [C:\Program Files\Network Associates\VirusScan\FTL.Dll] <Network Associates, Inc.><8.0.0.135> [C:\Program Files\Network Associates\VirusScan\naiann.dll] <Network Associates, Inc.><8.0.0.308> [C:\Program Files\Network Associates\VirusScan\mytilus.dll] <Network Associates, Inc.><8.0.0.316> [C:\Program Files\Network Associates\Common Framework\GenEvtInf.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\VirusScan\NaEventU.DLL] <Network Associates, Inc.><8.0.0.342> [C:\Program Files\Network Associates\VirusScan\Res04\naEvtRes.dll] <Network Associates, Inc.><8.0.0.342> [C:\Program Files\Network Associates\VirusScan\VSIDSvr.dll] <Network Associates, Inc.><8.0.0.291> [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\VirusScan\EntSrv.Dll] <Network Associates, Inc><8.0.0.448> [PID: 676][C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe] <Network Associates, Inc.><8.0.0.1002> [C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\naiwmain.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\naicondl.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\RES04\VsTskMgr.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\MIDUtil.Dll] <McAfee, Inc.><8.0.0.152> [PID: 740][C:\WINNT\SYSTEM32\RUNDLL32.EXE] <Microsoft Corporation><5.00.2134.1> [PID: 748][C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe] <Network Associates, Inc.><3.5.0.412> [C:\PROGRA~1\NETWOR~1\COMMON~1\nailog.dll] <Network Associates, Inc.><3.5.0.474> [C:\PROGRA~1\NETWOR~1\COMMON~1\naCmnLib.dll] <Network Associates, Inc.><3.5.0.474> [C:\PROGRA~1\NETWOR~1\COMMON~1\naXML.dll] <Network Associates, Inc.><3.5.0.474> [C:\PROGRA~1\NETWOR~1\COMMON~1\0804\AgentRes.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\VirusScan\VsPlugin.dll] <Network Associates, Inc.><8.0.0.981> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [PID: 812][C:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701> [PID: 828][C:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6972> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [PID: 840][C:\WINNT\system32\stisvc.exe] <Microsoft Corporation><5.00.2195.6656> [C:\WINNT\system32\VM31bSTI.dll] <VM><4.2.510.21> [PID: 932][C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe] <Ulead Systems, Inc.><1, 0, 0, 4> [PID: 952][C:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100> [PID: 984][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [PID: 1020][C:\WINNT\system32\inetsrv\inetinfo.exe] <Microsoft Corporation><5.00.0984> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [PID: 1056][C:\WINNT\system32\msdtc.exe] <Microsoft Corporation><1999.9.3421.3> [PID: 1596][C:\WINNT\System32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [PID: 1432][C:\WINNT\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4117> [C:\WINNT\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2497> [PID: 1380][C:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [E:\ewido anti-spyware 4.0\shellexecutehook.dll] <Anti-Malware Development a.s.><4, 0, 0, 172> [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [C:\Program Files\Network Associates\VirusScan\shext.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\RES04\ShExtRes.dll] <Network Associates, Inc.><8.0.0.912> [PID: 1812][C:\WINNT\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.30> [PID: 1820][C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\naiwmain.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\RES04\shstat.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\RES04\Product.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\RES04\McShield.dll] <Network Associates, Inc.><8.0.0.251> [C:\Program Files\Network Associates\VirusScan\RES04\Shutilrc.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\Graphics.dll] <Network Associates, Inc.><8.0.0.912> [PID: 1828][C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\nailog.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\naXML.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\0804\UpdRes.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] <Network Associates, Inc.><3.5.0.412> [PID: 1836][C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe] <Network Associates, Inc.><2.0.275.0> [PID: 1916][E:\ewido anti-spyware 4.0\ewido.exe] <Anti-Malware Development a.s.><4, 0, 0, 172> [E:\ewido anti-spyware 4.0\engine.dll] <Anti-Malware Development a.s.><4, 0, 0, 172> [PID: 1924][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3510> [PID: 1960][C:\WINNT\system32\dllhost.exe] <Microsoft Corporation><5.00.2195.6692> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] <Network Associates, Inc.><8.0.0.992> [C:\Program Files\Network Associates\VirusScan\mytilus.dll] <Network Associates, Inc.><8.0.0.316> [C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll] <Network Associates, Inc.><8.0.0.251> [C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll] <McAfee, Inc.><4.4.00> [PID: 2048][C:\WINNT\system32\dllhost.exe] <Microsoft Corporation><5.00.2195.6692> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [PID: 2136][C:\DOCUME~1\lxy\LOCALS~1\Temp\M2Server.exe] <亞盟網路><1.0.0.1> [D:\MirServer\Mir200\IPLocal.dll] <N/A><N/A> [D:\MirServer\Mir200\M2Server.dll] <N/A><N/A> [D:\MirServer\Mir200\zPlugOfEngine.dll] <N/A><N/A> [C:\Program Files\Common Files\Borland Shared\BDE\IDAPI32.DLL] <N/A><N/A> [C:\Program Files\Common Files\Borland Shared\BDE\IDR20009.DLL] <N/A><N/A> [C:\Program Files\Common Files\Borland Shared\BDE\BANTAM.DLL] <N/A><N/A> [C:\Program Files\Common Files\Borland Shared\BDE\idsql32.DLL] <N/A><N/A> [C:\Program Files\Common Files\Borland Shared\BDE\IDPDX32.DLL] <N/A><N/A> [C:\Program Files\Common Files\Borland Shared\BDE\idbat32.DLL] <N/A><N/A> [PID: 2196][C:\WINNT\system32\mdm.exe] <Microsoft Corporation><6.00.8424> [PID: 2168][D:\MirServer\xysrvII.exe] <N/A><N/A> [C:\Program Files\Common Files\Borland Shared\BDE\IDAPI32.DLL] <N/A><N/A> [C:\Program Files\Common Files\Borland Shared\BDE\IDR20009.DLL] <N/A><N/A> [C:\Program Files\Common Files\Borland Shared\BDE\BANTAM.DLL] <N/A><N/A> [C:\Program Files\Common Files\Borland Shared\BDE\IDPDX32.DLL] <N/A><N/A> [PID: 652][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2800.1106> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [C:\WINNT\system32\IEBHOGET.dll] <N/A><N/A> [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1> [C:\Program Files\CoolWebsite\QuickLink.dll] <Fengcent><1, 0, 0, 2> [C:\WINNT\system32\Inte32.dll] <N/A><N/A> [C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] <Network Associates, Inc.><8.0.0.992> [C:\Program Files\Network Associates\VirusScan\mytilus.dll] <Network Associates, Inc.><8.0.0.316> [C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll] <Network Associates, Inc.><8.0.0.251> [C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll] <McAfee, Inc.><4.4.00> [PID: 1720][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2800.1106> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [C:\WINNT\system32\IEBHOGET.dll] <N/A><N/A> [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1> [C:\Program Files\CoolWebsite\QuickLink.dll] <Fengcent><1, 0, 0, 2> [C:\WINNT\system32\Inte32.dll] <N/A><N/A> [PID: 2516][C:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655> [PID: 2532][C:\DOCUME~1\lxy\LOCALS~1\Temp\Rar$EX00.719\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINNT\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 A: 使用SREng (相關操作說明)一樓 -移除以下的啟動項 [RealNetworks, Inc.] <Update><C:\Program Files\Common Files\UPDAT\Update.exe> [] -移除以下瀏覽器載入項 [] {01A7A372-71E8-4022-9D76-B66BECF71A2E} <C:\WINNT\system32\IEBHOGET.dll, N/A> [NewWebController Class] {9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINNT\system32\AdvSC.dll, N/A> [WinSC Class] {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINNT\system32\WinSC.dll, N/A> [QuickBtn] {D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent> [DuiSo.com Search] {E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINNT\system32\Inte32.dll, N/A> [QuickBtn] {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent> [MMSAssistMenu] {6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, > 你中的是Worm.Viking....試試用瑞星提供的Worm.Viking專殺工具 http://it.rising.com.cn/service/tech...RavVikiing.htm |
送花文章: 3,
|
2006-07-20, 07:43 PM | #15 (permalink) |
榮譽會員
|
Q:
為什麼老是彈出廣告網頁 明明用清理LJ軟體清理過一次了 可是還是有廣告網頁自動彈出來 我的MM現在很鬱悶 大家幫幫忙啦~~~~~ A: 請用 System Repair Engineer 掃瞄一個log貼上來。 1 解壓縮Sreng2.zip 2 執行Sreng2.exe 3 智能掃瞄——掃瞄——儲存報告 4 把日誌sreng.log中的報告內容完整拷貝貼上來,不要修改。 掃瞄時請關閉所有你手動開啟的程序 sreng操作和修復教學 Q: 啟動項目 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] <msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [Microsoft Corporation] <pbmini><D:\Program Files\pcast\PodcastbarMini\PodcastBarMiniStarter.exe> [] <MyShares><c:\program Files\易虎\MyShares.exe /tray> [] <MSNShell><D:\Program Files\MSNShell\BIN\MSNShell.exe autorun> [] <msnnt><C:\WINDOWS\Updatec.exe> [] <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation] <VoipDiscount><"d:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized> [VoipDiscount] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <spoolsv><C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer> [廣州傲訊訊息科技有限公司] <Update><C:\Program Files\Common Files\UPDAT\Update.exe> [] <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [] <Thunder><"d:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s> [] <sysservice><C:\DOCUME~1\Admin\LOCALS~1\Temp\servicea.exe> [] <supdate2.dll><RUNDLL32.EXE C:\WINDOWS\system32\supdate2.dll,Run> [] <SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.] <res><C:\WINDOWS\system32\res.exe> [] <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation] <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC> [] <KAVPersonal50><"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize> [] <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [Intel Corporation] <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [Intel Corporation] <BIE><Rundll32 C:\WINDOWS\DOWNLO~1\BDPlugin.dll,Rundll32> [] <bgoomain.exe><C:\PROGRA~1\baigoo\bgoomain.exe> [BGoo] <AddrPlus3><C:\PROGRA~1\TENCENT\Adplus\stup.exe C:\PROGRA~1\TENCENT\Adplus\Adplus.dll Rundll32> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] <C:\PROGRA~1\baigoo\plugin\bgoocos\bgoocos.dll><regsvr32 /s C:\PROGRA~1\baigoo\plugin\bgoocos\bgoocos.dll> [BAIGOO] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] <UIHost><logonui.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{B83FC273-3522-4CC6-92EC-75CC86678DA4}><> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <Vision><C:\PROGRA~1\MMSASS~1\Mmsass~1.dll> [] ================================== 啟動檔案夾 [WinBrowse] <C:\Documents and Settings\Admin\「開始」表單\程序\啟動\WinBrowse.lnk><N> ================================== 服務 [Server2.03 / 2.03] <C:\WINDOWS\G_Server2.03.exe><N/A> [NT Data Provider / MOVEESS] <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A> ================================== 瀏覽器載入項 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [CPub Object] {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} <d:\Program Files\P4P\sodaie.dll, N/A> [wmpdrm] {0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, Allsum Info. Tech. Ltd.> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [BandIE Class] {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\Program Files\BAIDU\BAR\BAIDUBAR.DLL, Baidu.com, Inc.> [Status Class] {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\Program Files\baigoo\BGooBHO.dll, > [ST] {9394EDE7-C8B5-483E-8773-474BF36AF6E4} <C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation> [NewWebController Class] {9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINDOWS\system32\WinSC.dll, N/A> [MSNToolBandBHO] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll, Microsoft Corporation> [免費精彩視瀕超流暢在線觀看] {022C4009-5283-4365-97BF-144054B40E2E} <http://itv.mop.com, N/A> [浩方對戰平台] {0A155D3C-68E2-4215-A47A-E800A446447A} <D:\Program Files\浩方對戰平台\GameClient.exe, N/A> [訊息檢索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [MSN] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll, Microsoft Corporation> [MMCPlayer Class] {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [CPub Object] {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} <d:\Program Files\P4P\sodaie.dll, N/A> [wmpdrm] {0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, Allsum Info. Tech. Ltd.> [QuickBtn] {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, N/A> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [MMSAssist BHO] {6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, N/A> [stdup] {6A512BF7-EC78-4E8D-9841-6C02E8FA9838} <C:\WINDOWS\SYSTEM32\stdup.dll, N/A> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [BandIE Class] {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\Program Files\BAIDU\BAR\BAIDUBAR.DLL, Baidu.com, Inc.> [Status Class] {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\Program Files\baigoo\BGooBHO.dll, > [Microsoft Web 瀏覽器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [ST] {9394EDE7-C8B5-483E-8773-474BF36AF6E4} <C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation> [NewWebController Class] {9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINDOWS\system32\WinSC.dll, N/A> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [MSN] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll, Microsoft Corporation> [MSNToolBandBHO] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll, Microsoft Corporation> [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [pCastPanel Class] {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <C:\WINDOWS\system32\pCastCtl.dll, > [ >> 彩信傳送 <<] <res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A> [>>彩信傳送<<] <res://C:\Program Files\MMSAssist\Mmsass~1.dll/mms.htm, N/A> [上傳到QQ網路硬碟] <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A> [匯出到 Microsoft Office Excel(&X)] <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A> [增加到QQ自訂面板] <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A> [增加到QQ表情] <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A> [用QQ彩信傳送該圖片] <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A> ================================== 正在執行的工作 [PID: 568][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 640][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 664][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 708][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 720][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 868][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 912][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 984][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1036][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1152][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1284][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [C:\WINDOWS\system32\ZLhp1020.DLL] <Zenographics, Inc.><5, 53, 2714, 0> [C:\WINDOWS\system32\ZLM.dll] <Zenographics, Inc.><5, 50, 1416, 0> [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL] <Zenographics, Inc.><5, 54, 330, 0> [C:\WINDOWS\system32\Imf32.dll] <Zenographics, Inc.><5, 60, 1204, 0> [C:\WINDOWS\system32\ZTAG32.dll] <Zenographics, Inc.><5, 60, 1210, 0> [C:\WINDOWS\system32\ZSPOOL.dll] <Zenographics, Inc.><5, 51, 709, 0> [PID: 1644][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007> [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0> [C:\WINDOWS\system32\msicn\msibm.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1> [C:\WINDOWS\system32\igfxpph.dll] <Intel Corporation><3.0.0.3924> [C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.3924> [C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.3924> [C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.3924> [C:\WINDOWS\system32\igfxdev.dll] <Intel Corporation><3.0.0.3924> [C:\WINDOWS\system32\msicn\plugins\bse.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1> [C:\WINDOWS\system32\msicn\plugins\lup.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1> [C:\WINDOWS\system32\msicn\plugins\bm.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1> [C:\WINDOWS\system32\msicn\plugins\as.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1> [C:\WINDOWS\system32\igfxress.dll] <Intel Corporation><3.0.0.3924> [PID: 1764][C:\DOCUME~1\Admin\LOCALS~1\Temp\servicea.exe] <N/A><N/A> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007> [PID: 1780][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.30> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [PID: 1836][C:\WINDOWS\system32\hkcmd.exe] <Intel Corporation><3.0.0.3924> [C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.3924> [C:\WINDOWS\system32\igfxdev.dll] <Intel Corporation><3.0.0.3924> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.3924> [C:\WINDOWS\system32\igfxhk.dll] <Intel Corporation><3.0.0.3924> [C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.3924> [PID: 1844][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [PID: 1852][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [C:\WINDOWS\system32\msicn\msibm.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1> [PID: 1860][C:\Program Files\MSN Messenger\msnmsgr.exe] <Microsoft Corporation><7.5.0324> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007> [C:\WINDOWS\system32\msicn\msibm.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1> [PID: 1888][C:\Program Files\Messenger\msmsgs.exe] <Microsoft Corporation><4.7.3001> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [PID: 188][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] <Microsoft Corporation><7.00.9466> [PID: 508][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [PID: 900][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 3200][C:\Program Files\baigoo\bgoomain.exe] <BGoo><1, 0, 0, 1006> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007> [C:\Program Files\baigoo\bgooex.dll] <><1, 0, 0, 1007> [PID: 1708][D:\Program Files\Tencent\QQ\QQ.exe] <TENCENT><0, 0, 0, 0> [D:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\QQHelperDll.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\BasicCtrlDll.dll] <Tencent><5, 0, 200, 160> [C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [D:\Program Files\Tencent\QQ\QQAPI.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\TIMProxy.dll] <tencent><0, 3, 2, 4> [D:\Program Files\Tencent\QQ\LoginCtrl.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 3, 2, 1> [D:\Program Files\Tencent\QQ\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1> [D:\Program Files\Tencent\QQ\QQRes.dll] <tencent><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\QQMainFrame.dll] <N/A><N/A> [D:\Program Files\Tencent\QQ\CQQApplication.dll] <N/A><N/A> [D:\Program Files\Tencent\QQ\NewSkin.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\HostingMgr.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\CameraDll.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\MailSummary.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\QQSpace.dll] <><1, 0, 0, 1> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [D:\Program Files\Tencent\QQ\QQGroupMng.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\GroupLive.dll] <N/A><N/A> [D:\Program Files\Tencent\QQ\UserDefinedHead.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\QQPlugin.dll] <N/A><N/A> [D:\Program Files\Tencent\QQ\QQConfigPlugin.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\QQSysMsgMng.dll] <N/A><N/A> [D:\Program Files\Tencent\QQ\QRingMng.dll] <N/A><N/A> [D:\Program Files\Tencent\QQ\PhoneAPI.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\DialerAllinOne.dll] <tencent><1, 4, 0, 0> [D:\Program Files\Tencent\QQ\QQAvatar.dll] <N/A><N/A> [D:\Program Files\Tencent\QQ\FlashAvatarDll.dll] <><1, 4, 0, 1> [D:\Program Files\Tencent\QQ\LongConnection.dll] <tencent><5, 0, 200, 160> [D:\Program Files\Tencent\QQ\QQPet.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\BQQApplication.dll] <N/A><N/A> [D:\Program Files\Tencent\QQ\QQFileTransfer.dll] <Tencent><5, 0, 202, 180> [D:\Program Files\Tencent\QQ\CommercesMng.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\PersonalDesktop.dll] <深圳市騰訊電腦系統公司QQ工作小組><1, 0, 0, 2> [D:\Program Files\Tencent\QQ\QQAddr.dll] <深圳市騰訊電腦系統有限公司><5, 0, 101, 200> [D:\Program Files\Tencent\QQ\QQSceneMng.dll] <N/A><N/A> [D:\Program Files\Tencent\QQ\QQPhoneHelper.dll] <騰訊科技(深圳)有限公司><2, 0, 4, 40> [D:\Program Files\Tencent\QQ\QQAllInOne.dll] <N/A><N/A> [D:\Program Files\Tencent\QQ\SCCore.dll] <N/A><N/A> [D:\Program Files\Tencent\QQ\QQCustomFace.dll] <N/A><N/A> [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [C:\WINDOWS\system32\UNISPIM.IME] <北京清華紫光軟體股份有限公司><3.0.0.3045> [C:\WINDOWS\system32\upengine.dll] <北京清華紫光軟體股份有限公司><3.0.0.3045> [D:\Program Files\Tencent\QQ\GroupConnection.dll] <Tencent><5, 0, 202, 170> [D:\Program Files\Tencent\QQ\ImageOle.dll] <TODO: <Company name>><1.0.0.1> [D:\Program Files\Tencent\QQ\QQZip.dll] <tencent><0, 3, 2, 4> [C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax] <N/A><N/A> [C:\WINDOWS\system32\l3codecx.ax] <Fraunhofer Institut Integrierte Schaltungen IIS><1, 5, 0, 50> [D:\Program Files\Tencent\QQ\QQMagicFace.dll] <><1, 0, 0, 1> [PID: 2280][D:\Program Files\Tencent\QQ\TIMPlatform.exe] <tencent><0, 3, 1, 8> [C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [D:\Program Files\Tencent\QQ\TIMProxy.dll] <tencent><0, 3, 2, 4> [PID: 2912][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 3656][D:\Program Files\Maxthon\Maxthon.exe] <Maxthon International Ltd.><1, 5, 6, 42> [D:\Program Files\Maxthon\maxzlib.dll] < ><1, 0, 0, 2> [C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [C:\WINDOWS\system32\wmpdrm.dll] <Allsum Info. Tech. Ltd.><2, 0, 0, 1> [C:\PROGRA~1\baigoo\bgook.dll] <BAIGOO.COM><1, 0, 0, 1007> [C:\PROGRA~1\baigoo\plugin\bgoobar\bgoobar.dll] <BAIGOO><1, 0, 0, 1007> [C:\PROGRA~1\baigoo\plugin\bgoocos\bgoocos.dll] <BAIGOO><1.0.0.1007> [D:\Program Files\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1> [C:\WINDOWS\system32\UNISPIM.IME] <北京清華紫光軟體股份有限公司><3.0.0.3045> [C:\WINDOWS\system32\upengine.dll] <北京清華紫光軟體股份有限公司><3.0.0.3045> [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [PID: 4004][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A> [C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [PID: 2124][C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.984\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [PID: 1776][C:\WINDOWS\system32\zshp1020.exe] <><1, 0, 1007, 0> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] A: <sysservice><C:\DOCUME~1\Admin\LOCALS~1\Temp\servicea.exe> <res><C:\WINDOWS\system32\res.exe> <supdate2.dll><RUNDLL32.EXE C:\WINDOWS\system32\supdate2.dll,Run> <Vision><C:\PROGRA~1\MMSASS~1\Mmsass~1.dll> <C:\WINDOWS\G_Server2.03.exe><N/A> [NT Data Provider / MOVEESS] <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087> 有問題 |
送花文章: 3,
|