主題: SREng常用操作說明 (2.0 RC2)
查看單個文章
舊 2006-09-22, 12:31 PM   #28 (permalink)
psac
榮譽會員
 
psac 的頭像
榮譽勳章
UID - 3662
在線等級: 級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時
註冊日期: 2002-12-07
住址: 木柵市立動物園
文章: 17381
現金: 5253 金幣
資產: 33853 金幣
預設
Q:

求助】先是報錯user.dll文件丟失~~後來有朋友說是中毒了~~~特來求救~~謝謝了~~

開機後就出現了這個提示,系統還算能正常執行~~


可是打開QQ交談視窗的時候出現了這個提示~~

http://bbs.crsky.com/1128632305/Mon_0609/64_164278_63b4bf1a1b5772d.jpg
http://bbs.crsky.com/1128632305/Mon_0609/64_164278_c14e188755041f7.jpg

為什麼會這樣~?~?應該如何解決呢~?~?~
向壇友求助~~~謝謝大家啦~~~ 附上 hijackthis的掃瞄文檔



Logfile of HijackThis v1.99.1
Scan saved at 11:52:43, on 2006-9-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\download\ACDSee\ACDSee.exe
E:\系統工具\檢測系統工具\HijackThis\HijackThis.exe

O1 - Hosts: 125.91.1.20 localhost
O1 - Hosts: 125.91.1.20 www.7939.com
O1 - Hosts: 125.91.1.20 www.hao123.com
O1 - Hosts: 125.91.1.20 www.9991.com
O1 - Hosts: 125.91.1.20 www.5566.net
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 125.91.1.20 www.265.com
O1 - Hosts: 125.91.1.20 www.v111.com
O2 - BHO: (no name) - {4BBC1A4D-DD20-4980-A645-2E13F6FC286D} - C:\WINDOWS\system32\3721.1.dll (file missing)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\QQ\QQIEHelper.dll
O2 - BHO: 超級兔子上網精靈 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - D:\PROGRA~1\MagicSet\haokanbar.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX
O3 - Toolbar: 超級兔子上網精靈 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - D:\PROGRA~1\MagicSet\haokanbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] ; nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] ; RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE QQ-EYE PC Camera
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [rundll] rundll32 user.dll s
O4 - HKLM\..\Run: [Super Rabbit SRRestore] D:\Program Files\MagicSet\srrest.exe /autosave
O4 - HKCU\..\Run: [bgswitch] ; C:\WINDOWS\system32\bgswitch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: 卡巴斯基駭客防護程式.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O8 - Extra context menu item: &使用迅雷下載 - D:\Program Files\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下載全部鏈接 - D:\Program Files\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上傳到QQ網路硬碟 - D:\Program Files\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 匯出到 Microsoft Office Excel(&X) - res://E:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 新增到QQ自定義面板 - D:\Program Files\QQ\AddPanel.htm
O8 - Extra context menu item: 新增到QQ表情 - D:\Program Files\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信發送該圖片 - D:\Program Files\QQ\SendMMS.htm
O9 - Extra button: 浩方對戰平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\浩方對戰平台\GameClient.exe (file missing)
O9 - Extra button: 番茄花園 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具條設置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {045ADB92-9635-45CE-B25B-F19F825B0E39} (MSTPlayerInstaller Control) - http://www.aim99.com/QHPlayer/chs/MS...rInstaller.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DC1D374-01B7-44F6-B834-4A990F5BBE42}: NameServer = 202.100.192.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{0DC1D374-01B7-44F6-B834-4A990F5BBE42}: NameServer = 202.100.192.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{0DC1D374-01B7-44F6-B834-4A990F5BBE42}: NameServer = 202.100.192.68
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: host Service For Windows (mshost) - Unknown owner - C:\WINDOWS\mshost.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe




再附上SREng2的掃瞄~~~
2006-09-21,12:10:16

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<bgswitch><; C:\WINDOWS\system32\bgswitch.exe> []
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><; nwiz.exe /install> []
<NvMediaCenter><; RunDLL32.exe NvMCTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize> [Kaspersky Lab]
<BigDogPath><C:\WINDOWS\VM_STI.EXE QQ-EYE PC Camera> []
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> []
<rundll><rundll32 user.dll s> []
<Super Rabbit SRRestore><D:\Program Files\MagicSet\srrest.exe /autosave> [Super Rabbit Soft]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{7AED4686-F3AB-44EC-A118-D70ADF6CCE21}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat> []

==================================
啟動資料夾
[卡巴斯基駭客防護程式]
<C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\卡巴斯基駭客防護程式.lnk><N>
[CoreCenter]
<C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\CoreCenter.lnk><N>

==================================
服務
[Crypkey License / Crypkey License]
<crypserv.exe><Kenonic Controls Ltd.>
[kavsvc / kavsvc]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[host Service For Windows / mshost]
<C:\WINDOWS\mshost.exe><N/A>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
瀏覽器載入項
[]
{4BBC1A4D-DD20-4980-A645-2E13F6FC286D} <C:\WINDOWS\system32\3721.1.dll, N/A>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[超級兔子上網精靈]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\PROGRA~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX, N/A>
[浩方對戰平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <C:\Program Files\浩方對戰平台\GameClient.exe, N/A>
[番茄花園]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[超級兔子上網精靈]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\PROGRA~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
[MSTPlayerInstaller Control]
{045ADB92-9635-45CE-B25B-F19F825B0E39} <C:\WINDOWS\DOWNLO~1\MSTPLA~1.OCX, Liztech Co., Ltd>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[超級兔子上網精靈]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\PROGRA~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
[]
{4BBC1A4D-DD20-4980-A645-2E13F6FC286D} <C:\WINDOWS\system32\3721.1.dll, N/A>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[超級兔子上網精靈]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\PROGRA~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Microsoft Web 瀏覽器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[&使用迅雷下載]
<D:\Program Files\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下載全部鏈接]
<D:\Program Files\Thunder\Program\GetAllUrl.htm, N/A>
[上傳到QQ網路硬碟]
<D:\Program Files\QQ\AddToNetDisk.htm, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://E:\OFFICE~1\OFFICE11\EXCEL.EXE/3000, N/A>
[新增到QQ自定義面板]
<D:\Program Files\QQ\AddPanel.htm, N/A>
[新增到QQ表情]
<D:\Program Files\QQ\AddEmotion.htm, N/A>
[用QQ彩信發送該圖片]
<D:\Program Files\QQ\SendMMS.htm, N/A>

==================================
正在執行的工作行程
[PID: 636][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 696][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 720][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 764][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 776][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 940][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1004][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1104][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1144][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1212][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1460][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp.050610-1527)>
[PID: 1688][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[C:\WINDOWS\system32\mp3infp.dll] <win32lab.com><2.52.6.0>
[C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.9133>
[C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.9133>
[C:\WINDOWS\system32\nvshell.dll] <N/A><N/A>
[D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1>
[F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX] <N/A><N/A>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.227.1>
[PID: 1776][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5, 1, 0, 52>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[PID: 1784][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3512>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[PID: 1804][C:\WINDOWS\VM_STI.EXE] <VM.><4.2.610.4>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[PID: 1852][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[PID: 1864][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe] <Kaspersky Labs><1.7.0.130>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\BCGCB59.dll] <BCGSoft Ltd><5, 84, 0, 0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\perfiloc.dll] <Kaspersky Labs><1.5.0.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\BCGCBRes.dll] <BCGSoft Ltd><5, 84, 0, 0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\wcswmi.dll] <Kaspersky Labs><5.0.201.1>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[E:\系統工具\SPX\engine.dll] <N/A><N/A>
[PID: 1876][C:\Program Files\MSI\Core Center\CoreCenter.exe] <><1, 6, 6, 0>
[C:\Program Files\MSI\Core Center\GLM7X.dll] <MICRO-STAR INT'L CO., LTD.><3, 0, 0, 0>
[C:\Program Files\MSI\Core Center\RushTop.dll] <N/A><N/A>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[PID: 1948][C:\WINDOWS\system32\crypserv.exe] <Kenonic Controls Ltd.><5.4.0>
[PID: 2028][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.9133>
[PID: 1360][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2520][C:\WINDOWS\system32\taskmgr.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[PID: 3352][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3528][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[D:\PROGRA~1\MagicSet\haokanbar.dll] <Xiang Feng Technology><2, 2, 0, 1612>
[D:\Program Files\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5>
[D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1>
[F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX] <N/A><N/A>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.227.342>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.227.3>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.227.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.227.0>
[C:\WINDOWS\system32\UNISPIM5.IME] <北京紫光華宇軟件股份有限公司><5.0.0.5076>
[C:\WINDOWS\system32\mp3infp.dll] <win32lab.com><2.52.6.0>
[PID: 4064][F:\download\千千靜聽\TTPlayer.exe] <Alen Soft><4, 6, 8, 0>
[F:\download\千千靜聽\ttpcomm.dll] <N/A><N/A>
[F:\download\千千靜聽\ttpres.dll] <Alen Soft><4, 6, 8, 0>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>
[PID: 2428][E:\系統工具\檢測系統工具\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================



A:
O1 - Hosts: 125.91.1.20 www.7939.com
O1 - Hosts: 125.91.1.20 www.hao123.com
O1 - Hosts: 125.91.1.20 www.9991.com
O1 - Hosts: 125.91.1.20 www.5566.net
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 125.91.1.20 www.265.com
O1 - Hosts: 125.91.1.20 www.v111.com
O16 - DPF: {045ADB92-9635-45CE-B25B-F19F825B0E39} (MSTPlayerInstaller Control) - http://www.aim99.com/QHPlayer/chs/MSTPlayerInstaller.ocx
清除以上條目

交談視窗的解決:點開始--執行-輸入Msconfig-點確定--啟動項裡留輸入法和殺毒軟件就行了。



Q:

謝謝這位朋友~~~~
我已經用hijackthis修復這些了~~~~~
你說的啟動項,我有這些啟動項:

http://bbs.crsky.com/1128632305/Mon_0609/64_164278_ec8066eb37807aa.jpg


http://bbs.crsky.com/1128632305/Mon_0609/64_164278_de417965821cde4.jpg

除了我知道的殺軟、CPU溫度監控軟件、超級兔子的備份程式還有一個音效卡管理程式我都要關閉嗎~??~




A:
關閉所有應用程式和瀏覽器視窗,執行HijackThis,在主界面中需要修復/刪除的專案前面的正方形裡用滑鼠點擊打勾,接著按下「修復選項/Fix Checked」按鍵。會有一個安全提示,點擊「Yes」讓它繼續

O1 - Hosts: 125.91.1.20 localhost
O1 - Hosts: 125.91.1.20 www.7939.com
O1 - Hosts: 125.91.1.20 www.hao123.com
O1 - Hosts: 125.91.1.20 www.9991.com
O1 - Hosts: 125.91.1.20 www.5566.net
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 125.91.1.20 www.265.com
O1 - Hosts: 125.91.1.20 www.v111.com
O2 - BHO: (no name) - {4BBC1A4D-DD20-4980-A645-2E13F6FC286D} - C:\WINDOWS\system32\3721.1.dll (file missing)
O4 - HKLM\..\Run: [rundll] rundll32 user.dll s


再次執行 System Repair Engineer 在「啟動專案」->「註冊表」中刪除下面專案

<{7AED4686-F3AB-44EC-A118-D70ADF6CCE21}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat> []


重啟電腦,顯示所有文件和資料夾(隱含及系統保護)
打開「我的電腦-->工具-->資料夾選項-->檢視

去掉下面選項前面的鉤
「隱藏受保護系統文件(推薦)」
「隱藏已知文件類型的延伸名」
選中顯示所有文件和資料夾-->儲存設置

刪除下面文件
C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat

就用 System Repair Engineer 清一下註冊表~

A:
__________________
http://bbsimg.qianlong.com/upload/01/08/29/68/1082968_1136014649812.gif
psac 目前離線  
送花文章: 3, 收花文章: 1631 篇, 收花: 3205 次