SREng常用操作說明 (2.0 RC2)
SREng常用操作說明 (2.0 RC2)
編輯、刪除、註釋註冊表啟動項 打開 SREng ,到「啟動專案」->「註冊表」,這裡顯示了註冊表裡大部分啟動項訊息,除了常說的run等啟動項外,2.0 RC2新增加了對 ShellServiceObjectDelayLoad 、 SharedTaskScheduler 、 ShellExecuteHooks 、 WinlogonNotify 的檢測,只是對 ShellServiceObjectDelayLoad 、 SharedTaskScheduler 、 ShellExecuteHooks 三類只能進行刪除操作,不能編輯。 SREng 2.0 RC2 還增加了顏色標識,紅色表示高危專案,藍色表示未知安全狀態專案。 編輯註冊表啟動項 點擊選擇一個需要編輯的註冊表啟動專案,然後點擊「編輯」按鈕就會出現編輯交談視窗,可以對「名字」和「值」進行修改編輯。 雙擊一個註冊表啟動專案也可以打開編輯交談視窗。 刪除註冊表啟動項 要刪除一個註冊表啟動項,點擊選擇一個需要刪除的註冊表啟動專案,然後點擊「刪除」按鈕,出現刪除確認交談視窗,點擊是刪除,點擊否取消。 註釋註冊表啟動項 每個註冊表啟動項前都有一個小勾,點擊去掉小勾就「註釋」了那個啟動項,對應值資料前會出現一個「;」好,表示已註釋專案,和在msconfig系統配置實用程式裡一樣,被註釋掉的啟動項將不起作用。 註:對於 ShellServiceObjectDelayLoad 、 SharedTaskScheduler 、 ShellExecuteHooks 三類,不能進行編輯和註釋操作,只可以進行刪除操作。 |
調整服務啟動類型、刪除服務
SREng 2.0 RC2 增加了對系統驅動程式服務的掃瞄,打開 SREng ,到「啟動專案」->「服務」可以看到「Win32應用程式服務」和「驅動程式」兩個按鈕,按下相應按鈕彈出相應服務列表視窗(是可以最大化的視窗哦)。 一般情況下,我們經常操作的是「Win32應用程式服務」。 註:勾選「隱藏微軟服務」將隱藏發行者是微軟的服務,使服務列表看起來更加整潔,也可以減少誤操作系統服務的概率。 調整服務啟動類型 首先在列表中點擊選擇一個需要調整啟動類型的服務,然後點選「修改啟動類型」,再到「啟動類型」下拉列表裡選擇需要調整到的啟動類型:「Auto Start」、「Manual Start」或「Disabled」,最後點擊「設置」按鈕,出現確認交談視窗,點擊是確認,點擊否取消。 「Auto Start」表示「自動」 「Manual Start」表示「手動」 「Disabled」表示「已禁用」 刪除服務 首先在列表中點擊選擇一個需要刪除的服務,然後點選「刪除服務」,再點擊「設置」按鈕,出現警告交談視窗,請仔細閱讀警告交談視窗中的內容,確認是否繼續刪除服務的操作,點擊是取消,點擊否確認刪除。 「驅動程式」服務的相關操作基本和「Win32應用程式服務」的操作相同,不同之處是「驅動程式」的「啟動類型」裡還有「Boot Start」和「System Start」兩種啟動類型。 註:在服務列表裡 SREng 2.0 RC2 也增加了顏色標識,紅色表示高危專案,藍色表示未知安全狀態專案。 |
系統修復
文件關聯修復 SREng 會自動判斷所列文件關聯是否正常,如果不正常會在「狀態」列顯示「錯誤」字樣並自動勾選,點擊「修復」按鈕即可修復。 Windows Shell修復 這裡列出了一些常見的系統限制專案,勾選需要修復的專案,點擊「修復」按鈕進行修復。 圖中舉例:修復註冊表編輯器的禁用 和 任務管理器的禁用。 Internet Explorer修復 這裡列出了常見的一些和IE相關的限制專案,勾選需要修復的專案,點擊「修復」按鈕進行修復。 圖中舉例:恢復IE主頁為「空白頁」 和 修復Internet選項交談視窗內容設置的禁用。 瀏覽器載入項修復 選擇一個需要刪除的瀏覽器載入項,點擊「刪除所選內容」可以刪除對應的瀏覽器載入項,在出現的確認交談視窗中,點擊是確認刪除,點擊否取消操作。 註:選擇一個瀏覽器載入項,去掉「已啟用」的勾選可以禁用該瀏覽器載入項。 自動修復 預定為「推薦修復級別」,修復所有已知Windows註冊表相關錯誤,點擊「修復」按鈕進行修復。 另一個級別是「高強修復級別」,將刪除系統內所有策略項。 |
智慧式掃瞄
在右邊的視窗內勾選需要掃瞄的內容,點擊「掃瞄」按鈕開始掃瞄…… 掃瞄完成後出現「詳細報告」交談視窗,顯示了掃瞄結果報告內容,點擊「儲存報告」可以儲存掃瞄報告為LOG文件,預定文件名SREngLOG.LOG。 |
更多說明可見 System Repair Engineer(SREng) 作者 Smallfrogs 主頁:http://www.kztechs.com/
System Repair Engineer(SREng)2.0 RC2 線上用戶手冊:http://www.kztechs.com/sreng/help2/ System Repair Engineer (SREng) 2.0 RC2 正式發佈 System Repair Engineer (SREng) 2.0 RC2 正式發佈 http://www.kztechs.com/ System Repair Engineer (SREng) 是一款系統診斷配置工具,主要用於發現、發掘潛在的電腦故障和大多數由於電腦病毒造成的破壞。該軟件是由 KZTechs.COM 網站站長 Smallfrogs 開發的,能夠執行在所有主流的 Windows 操作系統上。目前用戶量已經超過30萬人次。 System Repair Engineer (SREng) 2.0 RC2 在以往版本的基礎上,重點增強了危險性檢測和擴展功能,提供了一套全新的系統掃瞄、配置功能,並提供了對第三方插件支持。System Repair Engineer (SREng) 2.0 RC2 版本裡面,增加了對 X64 操作系統的支持能力, 32bit 版本的 System Repair Engineer (SREng) 2.0 RC2 已經能夠很好的檢查 Windows XP Professional X64 操作系統上可能存在的問題,而專用的 64bit 版本的 System Repair Engineer (SREng) 也會在近期發佈。 在 System Repair Engineer (SREng) 的幫助下,您可以自己診斷您操作系統可能存在的普遍性問題,即使您是電腦的初學者,您也可以使用 System Repair Engineer (SREng) 的智慧式掃瞄功能將您系統的概況產生一份簡要的日誌,然後將該日誌傳送給對操作系統熟悉的朋友或網友,在他們的幫助下解決您系統可能存在的問題。 System Repair Engineer 2.0.21.505 發行說明 ------------------------------------------------------- 1. 提供插件支持功能,允許用戶自己編寫插件 2. 提供X64平台支持 3. 強化工作行程、服務枚舉檢查功能 4. 增加一些註冊表啟動項自動檢測 5. 提供全新的服務、驅動配置界面 6. 整合 Services/Drivers Configuration Tool 全部功能 7. 增加啟動項、服務簡易判斷規則,當發現可疑內容時會以顏色高亮顯示(紅色表示高危專案,藍色表示未知安全狀態專案) 8. 增加參數支持,可以使用 SREng.EXE /? 察看參數支持列表 9. 內置程式內部檢測除錯日誌產生功能 10. 增加消息提示抑制功能,可以通過設置選項抑制某些提示訊息 11. 修正一些BUG 12. 其他數十項改進 軟件下載:http://www.KZTechs.com/sreng/sreng2.zip 發行說明:http://www.kztechs.com/sreng/ReleaseNotes2.htm 線上手冊:http://www.kztechs.com/sreng/help2/ 引用: 關於著色功能的說明: 雖然這部分在幫助裡面寫了,但是這裡再說明一下: System Repair Engineer (SREng) 2.0 RC2 版本加入了可疑文件判定規則,當發現一個文件具有可疑特徵時,會進入可疑文件判定過程。可疑文件判定過程的判定結果目前有兩種:高危程式和未知安全等級程式。 高危程式:會以紅色顯示出來 未知安全等級程式:會以藍色顯示出來 驅動部分出現藍色是很正常的,不必介意。 * 如果碰到紅色專案,建議的操作先禁用,然後將對應的文件提交反病毒軟件廠商進行分析識別,確定是不是電腦病毒或惡意程式。 * 如果是藍色專案,建議的操作是將對應的文件提交反病毒軟件廠商進行分析識別,確定是不是電腦病毒或惡意程式。 * 該判定規則首先在註冊表啟動項、Win32服務、驅動程式裡面使用。 ENglish的操作系統 SREng如何顯示成CHS界面 選項裡頭預定語言就是CHS 但是顯示的界面還是EN的 我用AppLocale轉,繁體中文系統顯簡體沒問題,不用AppLocale顯示英文. |
Q:
每打開個程式就彈出個DOS視窗 今天剛開機,就彈出幾個DOS視窗 標題為C:\windows\internet.exe 一看到這個標題我就知道是中毒了,因為XP系統是沒有這個程式的 果然,在系統目錄下發現了這個文件,同時打開任何程式都會彈出一個DOS視窗 進入安全模式,刪除internet.exe,提示無法刪除.另外有程式在使用. 接著我就在安全模式下用瑞星,木馬剋星,木馬防線掃瞄了一次 都無法清除這個病毒 在此請教各位高手,有什麼辦法可以刪除這個病毒? A: 你試過在安全模式下刪除這個文件嗎? Q: 有啊 不過提示說有另外的程式在使用 無發刪除 A: 請使用此貼的附件工具SYSTEM REPAIR ENGINEER軟件,解壓後執行使用裡面的智慧式掃瞄功能掃瞄系統,再將掃瞄結果以回復內容的形式貼上來以便分析問題。請不要在對分析結果作出建議前進行任何修復操作。 Q: System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><rem "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation] <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <anvshell><rem anvshell.exe> [] <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.] <C-Media Mixer><Mixer.exe /startup> [C-Media Electronic Inc. (www.cmedia.com.tw)] <IMSCMig><rem C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation] <DAEMON Tools><rem "c:\DAEMON Tools\daemon.exe" -lang 1033> [] <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [] <MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <PigUpdate><; C:\Program Files\密码查看器\DownLoadPig.exe> [] <StormCodec_Helper><; "C:\Storm Codec\StormSet.exe" /S /opti> [] <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] ================================== 启动文件夹 服务 [Security Driver NetBT Proxy / nbproxy] <C:\Permeo\Security Driver\nbproxy.exe /service><Permeo Technologies, Inc.> [Rising Proxy Service / RfwProxySrv] <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.> [Rising Personal Firewall Service / RfwService] <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.> [Rising Process Communication Center / RsCCenter] <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [RsRavMon Service / RsRavMon] <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [SecuROM User Access Service (V7) / UserAccess7] <C:\WINDOWS\system32\UAService7.exe><N/A> ================================== 浏览器加载项 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [Yahoo!Photo] {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China> [AntiFish Class] {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.> [雅虎助手] {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!> [DragSearch BHO] {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, > [BandIE Class] {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.> [] {A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\KuGoo3\KuGoo3DownXControl.ocx, N/A> [浩方对战平台] {0A155D3C-68E2-4215-A47A-E800A446447A} <D:\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司> [雅虎助手] {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!> [百度超级搜霸] {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [MonitorURL Class] {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, N/A> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [TeachingPlayerTrigger Class] {2902F471-A89E-4BE0-A093-A2DB06772FE1} <C:\WINDOWS\system32\TPTrigger.dll, 江苏科建教育软件有限责任公司> [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation> [IEHandle Class] {31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\WINDOWS\system32\TPHANDLE.dll, 江苏科建教育软件有限责任公司> [Yahoo!Photo] {33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China> [AntiFish Class] {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.> [NaviHelperObj Class] {3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINDOWS\system32\NaviHelper.dll, TODO: <公司名>> [雅虎助手] {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!> [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation> [Yahoo!Live] {57421194-58FB-49AE-9B4F-FD48869B9AD4} <C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll, > [DragSearch BHO] {62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, > [MMSAssist BHO] {6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, > [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Active Desktop Mover] {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A> [BandIE Class] {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.> [Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [] {A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\KuGoo3\KuGoo3DownXControl.ocx, N/A> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [百度超级搜霸] {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.> [Messenger Object] {B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation> [OWSClientMiscApis Class] {BDEADE3F-C265-11D0-BCED-00A0C90AB50F} <C:\MICROS~1\OFFICE11\OWSCLT.DLL, Microsoft Corporation> [OWSBrowserUI Class] {BDEADE43-C265-11D0-BCED-00A0C90AB50F} <C:\MICROS~1\OFFICE11\OWSCLT.DLL, Microsoft Corporation> [OWSDiscussionServers Class] {BDEADEB7-C265-11D0-BCED-00A0C90AB50F} <C:\MICROS~1\OFFICE11\OWSCLT.DLL, Microsoft Corporation> [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.> [assist] {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo!> [&使用迅雷下载] <C:\Thunder\geturl.htm, N/A> [&使用迅雷下载全部链接] <C:\Thunder\getallurl.htm, N/A> [上传到QQ网络硬盘] <E:\qq\AddToNetDisk.htm, N/A> [使用KuGoo3下载(&K)] <D:\KuGoo3\KuGoo3DownX.htm, N/A> [添加到QQ自定义面板] <E:\qq\AddPanel.htm, N/A> [添加到QQ表情] <E:\qq\AddEmotion.htm, N/A> [用QQ彩信发送该图片] <E:\qq\SendMMS.htm, N/A> [百度--MP3搜索] <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM, N/A> [百度--图片搜索] <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM, N/A> [百度--新闻搜索] <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM, N/A> [百度--歌词搜索] <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM, N/A> [百度--网页搜索] <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM, N/A> [百度--词典搜索] <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM, N/A> [百度--贴吧搜索] <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM, N/A> ================================== 正在运行的进程 [PID: 716][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 800][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 824][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 872][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 884][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1036][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1116][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0> [PID: 1200][C:\Program Files\Rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3> [PID: 1220][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0> [PID: 1256][C:\Permeo\Security Driver\nbproxy.exe] <Permeo Technologies, Inc.><1.0> [PID: 1308][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1424][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1440][C:\Program Files\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 22> [C:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18> [C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1> [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2> [C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10> [C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\Program Files\Rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20> [C:\Program Files\Rising\Rav\HOOKSYS.dll] <Rising><18, 1, 0, 9> [C:\Program Files\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30> [C:\Program Files\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10> [C:\Program Files\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10> [C:\Program Files\Rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6> [C:\Program Files\Rising\Rav\HookWeb.dll] <rising><18, 0, 0, 1> [C:\Program Files\Rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9> [C:\Program Files\Rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\Program Files\Rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3> [C:\Program Files\Rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5> [C:\Program Files\Rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6> [C:\Program Files\Rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28> [C:\Program Files\Rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9> [C:\Program Files\Rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11> [C:\Program Files\Rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11> [C:\Program Files\Rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10> [C:\Program Files\Rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7> [C:\Program Files\Rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7> [C:\Program Files\Rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 15> [C:\Program Files\Rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3> [C:\Program Files\Rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6> [C:\Program Files\Rising\Rav\ScanNet.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5> [C:\Program Files\Rising\Rav\ExtMail.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13> [C:\Program Files\Rising\Rav\ScanElf.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3> [PID: 1540][c:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 32> [c:\program files\rising\rfw\RfwRule.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13> [c:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6> [c:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21> [c:\program files\rising\rfw\MonDrv.dll] <rs><1, 0, 0, 4> [c:\program files\rising\rfw\ProcLib.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9> [PID: 1696][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0> [PID: 1788][C:\Program Files\Rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13> [C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1> [C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [PID: 332][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] <Microsoft Corporation><7.00.9466> [PID: 356][C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe] <Microsoft Corporation><8.00.194> [C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0> [PID: 444][C:\WINDOWS\system32\UAService7.exe] <N/A><N/A> [PID: 1068][C:\Program Files\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22> [C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2> [C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10> [C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1> [PID: 1172][C:\WINDOWS\Mixer.exe] <C-Media Electronic Inc. (www.cmedia.com.tw)><1.51> [C:\WINDOWS\System32\cmnprop.dll] <C-Media Corporation><5.00.2195.11> [PID: 1356][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 2316][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1364][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 2024][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)> [PID: 428][C:\WINDOWS\explorer.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62> [C:\PROGRA~1\baidu\bar\baidubar.dll] <Baidu.com, Inc.><2, 0, 2, 76> [C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3> [C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll] <N/A><1, 0, 1, 1014> [C:\WINDOWS\system32\CmdLineExt.dll] <><1, 0, 0, 1> [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll] <Yahoo! China><1, 1, 2, 1034> [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll] <Yahoo!><2, 1, 5, 1045> [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] <><1, 2, 7, 1006> [D:\KuGoo3\KuGoo3DownXControl.ocx] <N/A><N/A> [PID: 2820][C:\WINDOWS\system32\mmc.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3> [PID: 3112][D:\Program Files\Maxthon\Maxthon.exe] <Maxthon International Ltd.><1, 5, 3, 18> [D:\Program Files\Maxthon\maxzlib.dll] < ><1, 0, 0, 2> [C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0> [D:\Program Files\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1> [C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3> [PID: 1924][D:\IPMsg\ipmsg.exe] <Azhi.net><2.05> [C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0> [PID: 1876][C:\Documents and Settings\ch\桌面\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0> ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE Error. [C:\WINDOWS\system32\Rundll.exe "%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. [Compiled Help Module] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: <PigUpdate><; C:\Program Files\密碼檢視器\DownLoadPig.exe> [] 似乎是網路豬,建議刪除它的開機啟動 用SRENG軟件的修復功能,修復EXE文件關聯。然後刪除C:\WINDOWS\system32\Rundll.exe和internet.exe(可以用置頂的killbox工具)。建議你按修改/創建時間尋找硬碟上其他和這個Rundll.exe相同時間的EXE文件. |
Q:
上網總是出現彈出視窗 System Repair Engineer (常用推薦) 說明: System Repair Engineer(SREng) 是一款全新的、強有力的、可擴充的用於調整和修復你系統的免費工具,在這個工具的幫助下,你可以察覺你的系統故障並能夠很容易的修復他們。本工具的前身是 RegFix 註冊表關鍵值修復工具,由於 RegFix 註冊表關鍵值修復工具的局限性和當前系統環境的複雜性,我重新設計了一個新的軟件,即 System Repair Engineer (SREng) 。 下載: SREng.exe http://www.kztechs.com/sreng/sreng2.zip 2006-06-17,20:49:15 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <KAVPersonal50><C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize> [Kaspersky Lab] <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] <BigDogPath><C:\WINDOWS\VM_STI.EXE FAMETECH USB PC CAMERA> [] <QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,,"C:\Program Files\HFEE\SVOHOST.EXE" un userinit.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] ================================== 啟動資料夾 [Adobe Gamma Loader] <C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Adobe Gamma Loader.lnk><N> [VPN Client] <C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\VPN Client.lnk><N> ================================== 服務 [Cisco Systems, Inc. VPN Service / CVPND] <"C:\Program Files\UTStarcom\VPN Client\cvpnd.exe"><Cisco Systems, Inc.> [kavsvc / kavsvc] <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe><Kaspersky Lab> ================================== 瀏覽器載入項 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v8.dll, Thunder Networking Technologies,LTD> [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [IEHandle Class] {31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\PROGRA~1\COLLEG~1\TEACHI~1\tphandle.dll, 江蘇科建教育軟件有限責任公司> [] {A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\音樂\kugoo霏凡專用\KuGoo3DownXControl.ocx, N/A> [浩方對戰平台] {0A155D3C-68E2-4215-A47A-E800A446447A} <F:\Backup\軟件\浩方\GameClient.exe, 上海浩方線上訊息技術有限公司> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [Dr.eye WebPage Translation] {92B255FE-94E2-4BCA-958D-3926CE38913F} <C:\PROGRA~1\Inventec\Dreye\DreyeMT\DREYEI~1.DLL, > [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v8.dll, Thunder Networking Technologies,LTD> [QuickTime Object] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.> [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation> [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation> [EWA Control] {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\COMMON~1\Synacast\SynaLive\SYNACA~1.OCX, Synacast> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation> [IEHandle Class] {31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\PROGRA~1\COLLEG~1\TEACHI~1\tphandle.dll, 江蘇科建教育軟件有限責任公司> [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation> [XML Data Source Object] {550DDA30-0541-11D2-9CA9-0060B0EC3D39} <%SystemRoot%\system32\msxml3.dll, N/A> [PowerPlayer Control] {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\DOCUME~1\mao\APPLIC~1\ppStream\100~1.138\POWERP~1.DLL, PPStream Inc.> [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>[List Control] {70CACCCA-8B83-4BCB-B2D1-188E9A495527} <C:\PROGRA~1\COMMON~1\Synacast\SynaLive\SYNACA~2.OCX, > [Microsoft Web 瀏覽器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [WebPlayer Control] {90203FFD-EF7F-4059-BC56-369E4D6D3824} <C:\PROGRA~1\VerySee\WEBPLA~1.OCX, TODO: <公司名>> [Dr.eye WebPage Translation] {92B255FE-94E2-4BCA-958D-3926CE38913F} <C:\PROGRA~1\Inventec\Dreye\DreyeMT\DREYEI~1.DLL, > [] {A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\音樂\kugoo霏凡專用\KuGoo3DownXControl.ocx, N/A> [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [Adobe Acrobat Control for ActiveX] {CA8A9780-280D-11CF-A24D-444553540000} <C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\pdf.ocx, Adobe Systems Incorporated> [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [&使用迅雷下載] <C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A> [&使用迅雷下載全部鏈接] <C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A> [匯出到 Microsoft Excel(&x)] <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A> ================================== 正在執行的工作行程 [PID: 700][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 784][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 808][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 852][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1> [PID: 864][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1020][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1096][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1> [PID: 1212][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1> [PID: 1260][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1304][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1628][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [F:\Backup\軟件\NERO\Nero7.2.0.3b\NeroDigitalExt.dll] <Nero AG><2, 0, 0, 8> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.156.342> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.156.3> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.0.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.156.0> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.156.1> [C:\WINDOWS\system32\xunleibho_v8.dll] <Thunder Networking Technologies,LTD><4, 5, 1, 33> [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><6.0.0.2003051500> [D:\音樂\kugoo霏凡專用\KuGoo3DownXControl.ocx] <N/A><N/A> [PID: 1696][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [PID: 1876][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3208> [PID: 1884][C:\WINDOWS\VM_STI.EXE] <VM.><4.2.610.4> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [C:\WINDOWS\system32\VM31bPrp.Ax] <VM><4.2.711.31> [PID: 1924][C:\Program Files\Messenger\msmsgs.exe] <Microsoft Corporation><4.7.3001> [C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1> [PID: 468][C:\Program Files\UTStarcom\VPN Client\cvpnd.exe] <Cisco Systems, Inc.><4.6.04.0043> [C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1> [C:\WINDOWS\system32\vsdata.dll] <Zone Labs LLC><5.5.062.011> [C:\WINDOWS\system32\VSINIT.dll] <Zone Labs LLC><5.5.062.011> [PID: 1392][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1400][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)> [PID: 1404][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1> [PID: 4068][C:\Program Files\InterVideo\WinDVR3\WinDvr.exe] <InterVideo Inc.><3.0.79.81> [C:\Program Files\InterVideo\WinDVR3\LibACI.dll] <InterVideo Inc.><3.0.79.81> [C:\Program Files\InterVideo\WinDVR3\ExtendedOEMDll.dll] <N/A><N/A> [C:\Program Files\InterVideo\WinDVR3\RCENU.dll] <InterVideo Inc.><1.0 Beta1> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [C:\WINDOWS\system32\Prop7134.dll] <Philips Semiconductors><1, 4, 0, 0> [C:\WINDOWS\system32\DVobSub.ax] <Gabest><1, 0, 0, 9> [C:\Program Files\InterVideo\WinDVR3\IVIscapt.ax] <InterVideo Inc.><3.0.79.81> [PID: 2256][F:\Backup\軟件\OICQ\騰訊QQ\QQ.exe] <TENCENT><0, 0, 0, 0> [F:\Backup\軟件\OICQ\騰訊QQ\QQBaseClassInDll.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\QQHelperDll.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\BasicCtrlDll.dll] <Tencent><5, 0, 200, 14> [F:\Backup\軟件\OICQ\騰訊QQ\RunJin.dll] <飄雲 http://www.pyqq.cn><飄雲> [F:\Backup\軟件\OICQ\騰訊QQ\ipsearcher.dll] <><1.0.0.3> [F:\Backup\軟件\OICQ\騰訊QQ\QQAPI.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\TIMProxy.dll] <tencent><0, 3, 2, 4> [F:\Backup\軟件\OICQ\騰訊QQ\LoginCtrl.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\npkcntc.dll] <INCA Internet Co., Ltd.><2005, 9, 1, 1> [F:\Backup\軟件\OICQ\騰訊QQ\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1> [F:\Backup\軟件\OICQ\騰訊QQ\QQRes.dll] <tencent><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\QQMainFrame.dll] <N/A><N/A> [F:\Backup\軟件\OICQ\騰訊QQ\CQQApplication.dll] <N/A><N/A> [C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\NewSkin.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\HostingMgr.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\CameraDll.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\MailSummary.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\QQSpace.dll] <><1, 0, 0, 1> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [F:\Backup\軟件\OICQ\騰訊QQ\QQGroupMng.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\QQSysMsgMng.dll] <N/A><N/A> [F:\Backup\軟件\OICQ\騰訊QQ\LongConnection.dll] <tencent><0, 3, 3, 8> [F:\Backup\軟件\OICQ\騰訊QQ\QQPlugin.dll] <N/A><N/A> [F:\Backup\軟件\OICQ\騰訊QQ\QQAllInOne.dll] <N/A><N/A> [F:\Backup\軟件\OICQ\騰訊QQ\SCCore.dll] <N/A><N/A> [F:\Backup\軟件\OICQ\騰訊QQ\QQCustomFace.dll] <N/A><N/A> [F:\Backup\軟件\OICQ\騰訊QQ\GroupConnection.dll] <Tencent><0, 3, 3, 5> [F:\Backup\軟件\OICQ\騰訊QQ\QQConfigPlugin.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\QRingMng.dll] <N/A><N/A> [F:\Backup\軟件\OICQ\騰訊QQ\UserDefinedHead.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\QQPet.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\QQAvatar.dll] <N/A><N/A> [F:\Backup\軟件\OICQ\騰訊QQ\FlashAvatarDll.dll] <><1, 4, 0, 1> [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [F:\Backup\軟件\OICQ\騰訊QQ\QQSceneMng.dll] <N/A><N/A> [C:\WINDOWS\system32\UNISPIM.IME] <北京清華紫光軟件股份有限公司><3.0.0.3045> [C:\WINDOWS\system32\upengine.dll] <北京清華紫光軟件股份有限公司><3.0.0.3045> [F:\Backup\軟件\OICQ\騰訊QQ\CommercesMng.dll] <><1, 0, 0, 1> [F:\Backup\軟件\OICQ\騰訊QQ\PersonalDesktop.dll] <深圳市騰訊電腦系統公司QQ工作小組><1, 0, 0, 2> [F:\Backup\軟件\OICQ\騰訊QQ\QQAddr.dll] <深圳市騰訊電腦系統有限公司><5, 0, 101, 141> [F:\Backup\軟件\OICQ\騰訊QQ\ShareFiles.dll] <N/A><N/A> [F:\Backup\軟件\OICQ\騰訊QQ\QQZip.dll] <tencent><0, 3, 2, 4> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.156.342> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.156.3> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.0.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.156.0> [F:\Backup\軟件\OICQ\騰訊QQ\QQPhoneHelper.dll] <騰訊科技(深圳)有限公司><2, 0, 4, 40> [PID: 1456][F:\Backup\軟件\OICQ\騰訊QQ\TIMPlatform.exe] <tencent><0, 3, 1, 8> [F:\Backup\軟件\OICQ\騰訊QQ\TIMProxy.dll] <tencent><0, 3, 2, 4> [PID: 3676][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\xunleibho_v8.dll] <Thunder Networking Technologies,LTD><4, 5, 1, 33> [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><6.0.0.2003051500> [C:\PROGRA~1\COLLEG~1\TEACHI~1\tphandle.dll] <江蘇科建教育軟件有限責任公司><5, 0, 10, 10> [D:\音樂\kugoo霏凡專用\KuGoo3DownXControl.ocx] <N/A><N/A> [F:\Backup\軟件\NERO\Nero7.2.0.3b\NeroDigitalExt.dll] <Nero AG><2, 0, 0, 8> [C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.156.342> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.156.3> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.0.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.156.0> [C:\WINDOWS\system32\UNISPIM.IME] <北京清華紫光軟件股份有限公司><3.0.0.3045> [C:\WINDOWS\system32\upengine.dll] <北京清華紫光軟件股份有限公司><3.0.0.3045> [PID: 1324][C:\Documents and Settings\mao\桌面\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: killbox v2.0.0.175 漢化版 (推薦) 說明:國外反病毒論壇很受歡迎的工具軟件,與 HijackThis 是最佳配合,實質是一個刪除任意文件的利器,它不管這個文件是EXE還是DLL等其它文件,也不管這個文件是正在執行中,還是被系統調用了,KillBox 都可以簡單幾步就將文件刪除 具體用法:http://www.47522999.com/news/data/2005/0618/article_34.htm 下載:http://www.crsky.com/soft/4640.html 请用置顶的KILLBOX工具删除这个文件 C:\WINDOWS\system32\msplus.dll Q: 刪除msplus.dll後,就沒法打開網頁了啊!拷貝回去後,濤聲依舊 A: 到置頂的工具帖中下載lspfix Lspfix (新手慎用) 說明:Winsock2修復工具,修復Layered Service Provider(LSP)。 下載:http://www.cexx.org/lspfix.exe 下載網頁面:http://www.cexx.org/lspfix.htm 執行前面下載的LSPFix.exe工具,選中選項「I Know What I'm Doing」,然後把左面視窗裡的msplus.dll文件移到右面視窗裡(不要動其他文件),然後選「Finish」。 然後再刪除它 |
Q:
【求助】網路能PING通網關,但IE卻提示「打不開搜索而」?? 系統中了病毒及廣告流氓軟件,連「我的電腦都打不開」,更不說IE了。經殺毒,可以打開「我的電腦」,但IE還是打不開網頁,提示「打不開搜索頁」,但網上的芳鄰能打開,網關也能PING通,用IE修復工具修復後也不行,請問該怎麼辦?請高手指教,謝謝!不想重裝系統。 A: 請到 這裡 下載 System Repair Engineer 。 解壓後雙擊sreng,點擊「智慧式掃瞄」——掃瞄——儲存報告——用記事本打開日誌文件SREngLOG.log,將內容複製貼上去上來。 Q: 現在問題是,網觀能ping通,局域網也通,就ie打不開,不知從何下手? A: 可能是 winsock LSP 出現問題了 請把HijackThis或 System Repair Engineer的掃瞄報告發上來,以便分析是否適合用 Winsock XP Fix 來解決 Q: 分析報告發出來,請幫忙分析下,謝謝。 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><"\Program Files\Logonui\Logonui.exe"> [Microsoft Corporation]這個有沒有問題?殺毒軟件報告可能染病毒。請你看看。 2006-06-19,18:07:29 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation] <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.] <nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE> [Eset ] <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe> [Tencent] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\Windows\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><"\Program Files\Logonui\Logonui.exe"> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AA6CCC90-B337-49FA-AF09-7A60B0CA1CAA}><> [] <{9E4B0A97-8E3B-4145-8127-4F5EBED58E5C}><> [] <{DE7BE181-4BB8-4520-B4AB-504BEAC008AA}><> [] <{213E78BD-8353-4D47-876B-E99D9C76CD66}><> [] <{3FA1CDC8-EDA0-4D7C-931E-F1CC67206C3C}><> [] <{F0248891-45C1-4559-8519-DFB07376F8D2}><> [] <{DEB835A8-4CCE-41FF-A104-53DAB57FF2A7}><> [] <{ACD330F3-E137-44F2-91CC-4BE2D0541A4E}><> [] <{11F9D051-5E27-428D-B760-0D94A653332C}><> [] <{15ADA3A1-E73E-4158-8ECB-7D73DF17681E}><> [] <{8002CC5A-DF35-4042-8EE3-C153991C1E49}><> [] <{ED241B5E-255F-4585-A8A6-F5EB691D9B6A}><> [] <{E6B069D6-7297-43EF-B87D-6B1368DBA66F}><> [] <{1DFCDD59-98C4-4E38-9DBA-64BCF4AD2632}><> [] <{C3CFB233-AE1F-4B5A-8C74-53922D111F3C}><> [] <{21153FB4-9C60-42A9-AD66-1BF3EE4A3F58}><> [] <{1909E461-7266-4201-8855-022294B7D164}><> [] <{0153E0FE-CEB7-4E69-8836-58B60F9D7F01}><> [] <{2361E63A-D1E9-4318-B50E-475AEDBA864C}><> [] <{F039B81A-AEE3-4F0A-A55D-293FFF34404F}><> [] <{53D56214-6FCD-4ED5-AF90-A9C8E0508666}><> [] <{0BC3BDDF-A4C0-4805-B16D-BD1822071631}><> [] <{54D9498B-CF93-414F-8984-8CE7FDE0D391}><C:\Program Files\ewido anti-malware\shellhook.dll> [] <{966261B0-3618-4B88-BAE1-B3086D634EB5}><> [] <{898EE642-7959-4F66-B589-B25248768EF7}><> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <stdup><> [] <Vision><> [] ================================== 啟動資料夾 服務 [Computer Storage / BRGNS] <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A> [ewido security suite control / ewido security suite control] <C:\Program Files\ewido anti-malware\ewidoctrl.exe><ewido networks> [ewido security suite guard / ewido security suite guard] <C:\Program Files\ewido anti-malware\ewidoguard.exe><ewido networks> [NOD32 Kernel Service / NOD32krn] <"C:\Program Files\Eset\nod32krn.exe"><Eset> [Sample NT Service / SampleService] <C:\WINDOWS\NTService.exe><N/A> ================================== 瀏覽器載入項 [新浪UC] {2253922F-1B26-4C74-8B57-E3AEE748DBB8} <C:\Program Files\sina\UC\uc.exe, 北京新浪訊息技術有限公司> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <F:\F盤剩餘內容\新增資料夾\QQ.EXE, TENCENT> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [AUDIO__WAV Moniker Class] {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Flash.ocx, Macromedia, Inc.> [&使用迅雷下載全部鏈接] <C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A> [匯出到 Microsoft Office Excel(&X)] <res://c:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000, N/A> ================================== 正在執行的工作行程 [PID: 460][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 508][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 532][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 576][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 588][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 736][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 780][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 864][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 928][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1016][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1256][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [PID: 1628][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\Program Files\TENCENT\Adplus\Adplus.dll] <Tencent><4, 0, 8, 80> [C:\Program Files\ewido anti-malware\shellhook.dll] <N/A><N/A> [PID: 1740][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.30> [PID: 1756][C:\Program Files\Eset\nod32kui.exe] <Eset ><2, 51, 22 > [C:\Program Files\Eset\nod32rui.dll] <N/A><N/A> [C:\Program Files\TENCENT\Adplus\Adplus.dll] <Tencent><4, 0, 8, 80> [C:\Program Files\Eset\pu_amon.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_amon.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pu_dmon.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_dmon.dll] <N/A><N/A> [C:\Program Files\Eset\pu_emon.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_emon.dll] <N/A><N/A> [C:\Program Files\Eset\pu_imon.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_imon.dll] <N/A><N/A> [C:\Program Files\Eset\pu_mirr.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_mirr.dll] <N/A><N/A> [C:\Program Files\Eset\pu_nod32.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_nod32.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pu_upd.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_upd.dll] <N/A><N/A> [PID: 1776][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1840][C:\Documents and Settings\wk1\桌面\SREng2-v2.021\SREng.exe] <Smallfrogs Studio><2.0.21.505> [C:\Program Files\TENCENT\Adplus\Adplus.dll] <Tencent><4, 0, 8, 80> [PID: 424][C:\Program Files\ewido anti-malware\ewidoctrl.exe] <ewido networks><3, 0, 0, 1> [C:\Program Files\ewido anti-malware\lang.dll] <privat><1, 0, 0, 1> [PID: 744][C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe] <Microsoft Corporation><2000.080.0194.00> [PID: 1144][C:\Program Files\Eset\nod32krn.exe] <Eset ><2, 51, 22 > [C:\Program Files\Eset\nod32krr.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\ps_amon.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_amon.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\ps_dmon.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_dmon.dll] <N/A><N/A> [C:\Program Files\Eset\ps_emon.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_emon.dll] <N/A><N/A> [C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_imon.dll] <N/A><N/A> [C:\Program Files\Eset\ps_mirr.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_mirr.dll] <N/A><N/A> [C:\Program Files\Eset\ps_nod32.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_nod32.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\ps_upd.dll] <Eset ><2, 51, 22 > [C:\Program Files\Eset\pr_upd.dll] <N/A><N/A> [PID: 1380][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)> ================================== 文件關聯 .TXT Error. [NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: 卸載騰訊地址欄搜索 再次執行 System Repair Engineer 在「啟動專案」->「註冊表」中刪除下面專案 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AA6CCC90-B337-49FA-AF09-7A60B0CA1CAA}><> [] <{9E4B0A97-8E3B-4145-8127-4F5EBED58E5C}><> [] <{DE7BE181-4BB8-4520-B4AB-504BEAC008AA}><> [] <{213E78BD-8353-4D47-876B-E99D9C76CD66}><> [] <{3FA1CDC8-EDA0-4D7C-931E-F1CC67206C3C}><> [] <{F0248891-45C1-4559-8519-DFB07376F8D2}><> [] <{DEB835A8-4CCE-41FF-A104-53DAB57FF2A7}><> [] <{ACD330F3-E137-44F2-91CC-4BE2D0541A4E}><> [] <{11F9D051-5E27-428D-B760-0D94A653332C}><> [] <{15ADA3A1-E73E-4158-8ECB-7D73DF17681E}><> [] <{8002CC5A-DF35-4042-8EE3-C153991C1E49}><> [] <{ED241B5E-255F-4585-A8A6-F5EB691D9B6A}><> [] <{E6B069D6-7297-43EF-B87D-6B1368DBA66F}><> [] <{1DFCDD59-98C4-4E38-9DBA-64BCF4AD2632}><> [] <{C3CFB233-AE1F-4B5A-8C74-53922D111F3C}><> [] <{21153FB4-9C60-42A9-AD66-1BF3EE4A3F58}><> [] <{1909E461-7266-4201-8855-022294B7D164}><> [] <{0153E0FE-CEB7-4E69-8836-58B60F9D7F01}><> [] <{2361E63A-D1E9-4318-B50E-475AEDBA864C}><> [] <{F039B81A-AEE3-4F0A-A55D-293FFF34404F}><> [] <{53D56214-6FCD-4ED5-AF90-A9C8E0508666}><> [] <{0BC3BDDF-A4C0-4805-B16D-BD1822071631}><> [] <{966261B0-3618-4B88-BAE1-B3086D634EB5}><> [] <{898EE642-7959-4F66-B589-B25248768EF7}><> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <stdup><> [] <Vision><> [] 執行 System Repair Engineer 在「啟動專案」->「服務」 中刪除下面專案 [Computer Storage / BRGNS] <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A> [Sample NT Service / SampleService] <C:\WINDOWS\NTService.exe><N/A> 刪除下面文件 C:\WINDOWS\NTService.exe C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL 工作行程文件: logonui 或者 logonui.exe 工作行程名稱: Microsoft Logon User Interface 工作行程名稱: logonui.exe是一個系統工作行程,用於顯示微軟Windows XP系統用戶切換界面。這個程式對你系統的正常執行是非常重要的。 出品者: Microsoft 屬於: Microsoft Windows Operating System 系統工作行程: 是 後台程式: 是 使用網路: 否 硬體相關: 否 常見錯誤: 未知N/A 記憶體使用: 未知N/A 安全等級 (0-5): 0 間諜軟件: 否 廣告軟件: 否 Virus: 否 木馬: 否 你是不是安裝了開機畫面美化工具? |
Q:
【求助】新裝系統卡巴報警msplus1.dll可疑文件,無法刪除! 昨天剛剛用TomatoWinXP_SP2_v2.7_SATA安裝系統後,卡巴發現以下情況, ---警告: 發現木馬可疑模塊!--- C:\WINDOWS\system32\msplus1.dll 二次安裝系統後,仍然有該病毒報警,懷疑是否操作系統鏡像帶有此病毒。 刪除該病毒後重啟依然發現並報警. 用ewido4.0,繼續掃瞄發現病毒TrackingCookie.Atdmt. 刪除重啟後掃瞄依然存在. 連接網路情況下,IE自動彈出彩虹堂網頁,尋求幫助!Thx! 按照版主在其他帖子中的要求,用System Repair Engineer 2.0.21.505 (2.0 RC 2)工具掃瞄系統 結果如下: 2006-06-19,18:42:48 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <KAVPersonal50><"D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize> [Kaspersky Lab] <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><D:\應用軟件\病毒防治\ewido anti-malware 4.0\shellexecutehook.dll> [ewido networks GmbH & Co. KG] ================================== 啟動資料夾 服務 [ewido anti-malware 4.0 guard / ewido anti-malware 4.0 guard] <D:\應用軟件\病毒防治\ewido anti-malware 4.0\guard.exe><N/A> [kavsvc / kavsvc] <"D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"><Kaspersky Lab> [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> [O&O Defrag / O&O Defrag] <D:\應用軟件\磁碟優化\Defrag_Server_Edition_8.0.1398\oodag.exe><O&O Software GmbH> ================================== 瀏覽器載入項 [VnetCookie Class] {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, > [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\應用軟件\聊天工具\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD> [番茄花園] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A> [訊息檢索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\應用軟件\辦公軟件\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\應用軟件\聊天工具\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [VnetCookie Class] {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, > [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\應用軟件\聊天工具\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Microsoft Web 瀏覽器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx, Adobe Systems, Inc.> [使用迅雷下載] <D:\應用軟件\中斷點續傳\Thunder\Program\GetUrl.htm, N/A> [使用迅雷下載全部鏈接] <D:\應用軟件\中斷點續傳\Thunder\Program\GetAllUrl.htm, N/A> [匯出到 Microsoft Office Excel(&X)] <res://D:\應用軟件\辦公軟件\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A> [新增到QQ表情] <D:\應用軟件\聊天工具\QQ\AddEmotion.htm, N/A> ================================== 正在執行的工作行程 [PID: 688][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 748][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 772][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 820][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 832][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 980][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1040][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\msplus.dll] <N/A><N/A> [PID: 1080][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\msplus.dll] <N/A><N/A> [PID: 1128][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1200][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1356][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [PID: 1668][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\msplus.dll] <N/A><N/A> [D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [D:\應用軟件\壓縮解壓\WinRAR\rarext.dll] <N/A><N/A> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\shellex.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\ewido anti-malware 4.0\context.dll] <ewido networks><1.0.0.1> [C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.8421> [C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.8421> [C:\WINDOWS\system32\nvshell.dll] <N/A><N/A> [D:\應用軟件\病毒防治\ewido anti-malware 4.0\shellexecutehook.dll] <ewido networks GmbH & Co. KG><1.0.0.1> [PID: 1736][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.8421> [PID: 1760][D:\應用軟件\磁碟優化\Defrag_Server_Edition_8.0.1398\oodag.exe] <O&O Software GmbH><8.0.1398> [D:\應用軟件\磁碟優化\Defrag_Server_Edition_8.0.1398\OODAGRS.DLL] <O&O Software GmbH><8.0.1.1347> [C:\WINDOWS\system32\msplus.dll] <N/A><N/A> [PID: 440][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\msplus.dll] <N/A><N/A> [PID: 972][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1248][C:\Program Files\ChinaNet\VnetClient.exe] <><2005, 11, 14, 1> [C:\Program Files\ChinaNet\Communicate.dll] <0><2005, 3, 3, 1> [C:\Program Files\ChinaNet\DialModule.dll] <GDCN><2005, 11, 15, 1> [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1> [C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX] <><2005, 7, 27, 1> [C:\PROGRA~1\ChinaNet\sign.dll] <0><2004, 12, 1, 1> [C:\PROGRA~1\ChinaNet\WEBPLU~1.DLL] <><2005, 8, 18, 1> [C:\PROGRA~1\ChinaNet\PostPlug.dll] <><2004, 12, 16, 2> [C:\PROGRA~1\ChinaNet\ADVERT~1.OCX] <><2005, 10, 13, 1> [C:\PROGRA~1\ChinaNet\Gif89a.dll] <><2005, 6, 21, 1> [C:\PROGRA~1\ChinaNet\VnetBs.ocx] <><2004, 11, 18, 1> [C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL] <><2005, 11, 14, 1> [C:\PROGRA~1\ChinaNet\AccountMgr.dll] <><2005, 11, 14, 17> [C:\PROGRA~1\ChinaNet\VnetSkin.ocx] <GDDC><2005, 11, 14, 1> [C:\PROGRA~1\ChinaNet\DialogStyle.dll] <><1, 0, 0, 1> [C:\PROGRA~1\ChinaNet\Timer.ocx] <><2005, 10, 9, 14> [C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX] <><2005, 2, 24, 1> [C:\PROGRA~1\ChinaNet\NEWMES~1.DLL] <><2005, 8, 26, 1> [C:\PROGRA~1\ChinaNet\PassCtrl.dll] <><1, 0, 0, 1> [C:\PROGRA~1\ChinaNet\PlugPush.dll] <><2004, 12, 21, 1> [C:\PROGRA~1\ChinaNet\ALLINT~1.DLL] <><2004, 11, 23, 1> [C:\PROGRA~1\ChinaNet\VNetLog.ocx] <><2005, 10, 9, 1> [C:\PROGRA~1\ChinaNet\StatNum.dll] <><2004, 11, 18, 1> [C:\PROGRA~1\ChinaNet\VNETON~1.OCX] <><2005, 3, 2, 1> [C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL] <GDCN><2005, 10, 9, 1> [C:\PROGRA~1\ChinaNet\VnetOptLog.dll] <><2005, 9, 13, 9> [C:\PROGRA~1\ChinaNet\DlgSkin.ocx] <><2005, 11, 14, 1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0> [C:\WINDOWS\system32\msplus.dll] <N/A><N/A> [C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx] <Adobe Systems, Inc.><9,0,0,296> [PID: 3560][D:\應用軟件\BT下載軟件\eMule\emule.exe] <http://www.emule.org.cn><0.47.0> [D:\應用軟件\BT下載軟件\eMule\VNNClientS.Dll] <VNN><3.0.22.1> [D:\應用軟件\BT下載軟件\eMule\ZipLib.dll] <VNN><1.0.0.1> [D:\應用軟件\BT下載軟件\eMule\vdevstate.dll] <N/A><N/A> [D:\應用軟件\BT下載軟件\eMule\lang\zh_CN.dll] <http://www.emule-project.net><0.47.0> [C:\WINDOWS\system32\msplus.dll] <N/A><N/A> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0> [C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx] <Adobe Systems, Inc.><9,0,0,296> [PID: 472][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [c:\PROGRA~1\chinanet\VNETTR~1.DLL] <><2005, 4, 6, 1> [c:\PROGRA~1\chinanet\Communicate.dll] <0><2005, 3, 3, 1> [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1> [D:\應用軟件\聊天工具\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5> [D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0> [C:\WINDOWS\system32\UNISPIM5.IME] <北京紫光華宇軟件股份有限公司><5.0.0.5076> [C:\WINDOWS\system32\msplus.dll] <N/A><N/A> [C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx] <Adobe Systems, Inc.><9,0,0,296> [PID: 3428][D:\應用軟件\病毒防治\ewido anti-malware 4.0\ewido.exe] <ewido networks GmbH & Co. KG><4, 0, 0, 151> [D:\應用軟件\病毒防治\ewido anti-malware 4.0\engine.dll] <ewido networks GmbH & Co. KG><4, 0, 0, 7> [C:\WINDOWS\system32\msplus.dll] <N/A><N/A> [PID: 3340][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [c:\PROGRA~1\chinanet\VNETTR~1.DLL] <><2005, 4, 6, 1> [c:\PROGRA~1\chinanet\Communicate.dll] <0><2005, 3, 3, 1> [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1> [D:\應用軟件\聊天工具\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5> [D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2> [C:\WINDOWS\system32\msplus.dll] <N/A><N/A> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0> [D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0> [d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0> [PID: 3924][D:\應用軟件\病毒防治\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [C:\WINDOWS\system32\msplus.dll] <N/A><N/A> [D:\應用軟件\病毒防治\SREng2\Plugins\SREngPluginDemo.SRE] <Smallfrogs Studio><1, 1, 1, 0> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== 緊急請求高人幫助,該病毒在重啟後或間隔幾小時後會再次出現。 A: 安全模式下刪除:C:\WINDOWS\system32\msplus.dll 如果找不到以上檔案,可以試試先作出以下設定 1. 重啟動電腦,按 F8 鍵,進入 安全模式 2. 在 我的電腦,點擊 工具--->資料夾選項 3. 點 檢視 選擇項,然後去掉 隱藏受保護的操作系統文件 前的勾,點選 顯示所有文件和資料夾 ,最後 確定 Q: 安全模式下刪除:C:WINDOWSsystem32msplus.dll 會導致IE不能使用,網路連接失效。 曾嘗試改msplus1.dll為msplus.dll,無效 安全模式下取消隱藏找不到該文件,過幾天自己又會出來的.... A: 請到使使用!病毒救援區版規--(附常用工具+查毒網站)中下載LSPFIX 執行LSPFix.exe,選中選項「I Know What I'm Doing」,然後把左面視窗裡的msplus.dll 文件移到右面視窗裡(不要動其他文件),然後選「Finish」。 重起電腦按F8進安全模式,在資料夾選項中,顯示隱藏文件和取消「隱藏受保護的操作系統文件」。然後找到c:\windows\system32\msplus.dll並刪除 |
Q:..
中了特諾伊木馬`刪除不了`怎麼辦(已解決) 描述:病毒名稱 圖片: 2006-06-21,21:17:54 System Repair Engineer 2.0.12.350 (2.0 RC 1) Windows XP Professional Service Pack 2 - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <run><> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <StormCodec_Helper><"E:\播放工具\暴風影音\Storm Codec1\StormSet.exe" /S /opti> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <Userinit><C:\WINDOWS\system32\userinit.exe> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><KB496973M.LOG> ================================== 啟動資料夾 服務 [ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard] <E:\系統工具\殺毒軟件\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.> [GrayPigeonServer / GrayPigeonServer] <C:\WINDOWS\G_Server2006.exe><N/A> [Gray_Pigeon_Server2.03 / GrayPigeonServer2.03] <C:\WINDOWS\G_Server2.03.exe><N/A> [InstallDriver Table Manager / IDriverT] <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation> [iPodService / iPodService] <C:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.> [itshow.com.cn / it.com.cn] <C:\WINDOWS\Hacker.com.cn.exe><N/A> [kavsvc / kavsvc] <"E:\殺毒\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"><Kaspersky Lab> [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> [ver / Perver] <C:\WINDOWS\sz.exe><N/A> [UFSoft SMS Platform / U8SmsSrv] <C:\WINDOWS\system32\U8SMSSrv.exe><N/A> [U8管理軟件 / UFNet] <C:\WINDOWS\system32\ServerNT.EXE><N/A> [Network Management Center Task / W32Tasks] <C:\WINDOWS\system32\taskman32.exe><N/A> [Window Time / Window Time] <C:\WINDOWS\svchost.exe><N/A> ================================== 瀏覽器載入項 [] {A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\kugoo\KuGoo\KuGoo3DownXControl.ocx, N/A> [浩方對戰平台] {0A155D3C-68E2-4215-A47A-E800A446447A} <F:\浩方\HF.Loader.v1.21-Ayu\HFGameOPT\GameClient.exe, 上海浩方線上訊息技術有限公司> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <F:\QQ\qq2006\QQ.EXE, N/A> [東方衛士] {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EF} <C:\PROGRA~1\DFVSIE~1\DFVSIEBR.dll, > [VTPlug3 Class] {0400AC1C-EEF0-4638-A501-31D5A0DC2002} <C:\WINDOWS\system32\gxd\VTrans3.dll, > [PowerPlayer Control] {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <E:\PPStream\POWERP~1.DLL, PPStream Inc.> [IMCv1 Control] {6924091F-CD97-41E1-B1D4-D9079409D413} <C:\PROGRA~1\LtUcx\1003\c0.dll, N/A> [Filetran Control] {88734439-46D0-42C0-A13F-7E881EE550CF} <C:\PROGRA~1\Bluesky\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)> [WebActivater Control] {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation> [DragSearch BHO] {62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A> [IMCv1 Control] {6924091F-CD97-41E1-B1D4-D9079409D413} <C:\PROGRA~1\LtUcx\1003\c0.dll, N/A> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\MediaAddin03.dll, Thunder Networking Technologies,LTD> [Microsoft Web 瀏覽器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [東方衛士] {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EF} <C:\PROGRA~1\DFVSIE~1\DFVSIEBR.dll, > [] {A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\kugoo\KuGoo\KuGoo3DownXControl.ocx, N/A> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.> [&使用迅雷下載全部鏈接] <C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A> [使用網際快車下載] <F:\FlashGet\jc_link.htm, N/A> [使用網際快車下載全部鏈接] <F:\FlashGet\jc_all.htm, N/A> [匯出到 Microsoft Office Excel(&X)] <res://E:\學習工具\office\OFFICE11\EXCEL.EXE/3000, N/A> ================================== 正在執行的工作行程 [PID: 672][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 744][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 768][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 820][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 832][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 1000][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 1064][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 1148][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 1200][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 1276][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 1696][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 1964][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A> [C:\WINDOWS\szKey.DLL] <N/A><N/A> [C:\WINDOWS\svchostKey.DLL] <N/A><N/A> [PID: 224][E:\系統工具\殺毒軟件\ewido anti-spyware 4.0\guard.exe] <Anti-Malware Development a.s.><4, 0, 0, 172> [E:\系統工具\殺毒軟件\ewido anti-spyware 4.0\engine.dll] <Anti-Malware Development a.s.><4, 0, 0, 172> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 344][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A> [C:\WINDOWS\svchostKey.DLL] <N/A><N/A> [C:\WINDOWS\szKey.DLL] <N/A><N/A> [PID: 436][C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe] <Microsoft Corporation><2000.080.0194.00> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 564][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.5216> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A> [C:\WINDOWS\szKey.DLL] <N/A><N/A> [C:\WINDOWS\svchostKey.DLL] <N/A><N/A> [PID: 664][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [F:\kugoo\KuGoo\KuGoo3DownXControl.ocx] <N/A><N/A> [C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A> [C:\WINDOWS\sz.DLL] <N/A><N/A> [C:\WINDOWS\szKey.DLL] <N/A><N/A> [C:\WINDOWS\svchostKey.DLL] <N/A><N/A> [PID: 704][C:\WINDOWS\system32\U8SMSSrv.exe] <N/A><N/A> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 1268][C:\WINDOWS\system32\ServerNT.EXE] <N/A><N/A> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [C:\WINDOWS\system32\UMiscell.dll] <北京用友軟件股份有限公司><1, 0, 0, 1> [C:\WINDOWS\system32\sgv.dll] <><8, 2, 0, 0> [C:\WINDOWS\system\Sense3.dll] <N/A><N/A> [C:\WINDOWS\system32\SecuComm.dll] <N/A><N/A> [PID: 1232][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 2380][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [PID: 2396][C:\WINDOWS\system32\wscntfy.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [C:\WINDOWS\svchostKey.DLL] <N/A><N/A> [C:\WINDOWS\szKey.DLL] <N/A><N/A> [C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A> [PID: 2100][C:\WINDOWS\explorer.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [C:\WINDOWS\szKey.DLL] <N/A><N/A> [C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A> [E:\系統工具\殺毒軟件\ewido anti-spyware 4.0\shellexecutehook.dll] <Anti-Malware Development a.s.><4, 0, 0, 172> [C:\WINDOWS\svchostKey.DLL] <N/A><N/A> [F:\kugoo\KuGoo\KuGoo3DownXControl.ocx] <N/A><N/A> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [E:\Right Click Image Converter\extRCIC.dll] <N/A><N/A> [E:\殺毒\Kaspersky Anti-Virus Personal Pro\shellex.dll] <Kaspersky Lab><5.0.388.1> [E:\系統工具\殺毒軟件\ewido anti-spyware 4.0\context.dll] <Anti-Malware Development a.s.><4, 0, 0, 172> [PID: 2556][F:\QQ\06\QQ.exe] <TENCENT><0, 0, 0, 0> [F:\QQ\06\QQBaseClassInDll.dll] <><1, 0, 0, 1> [F:\QQ\06\QQHelperDll.dll] <><1, 0, 0, 1> [F:\QQ\06\BasicCtrlDll.dll] <Tencent><5, 0, 200, 160> [F:\QQ\06\PYKer.dll] <飄雲 http://www.pyqq.cn><飄雲> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [F:\QQ\06\ipsearcher.dll] <><1.0.0.3> [C:\WINDOWS\szKey.DLL] <N/A><N/A> [C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A> [F:\QQ\06\QQAPI.dll] <><1, 0, 0, 1> [F:\QQ\06\TIMProxy.dll] <tencent><0, 3, 2, 4> [F:\QQ\06\LoginCtrl.dll] <><1, 0, 0, 1> [F:\QQ\06\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 3, 2, 1> [F:\QQ\06\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1> [F:\QQ\06\QQRes.dll] <tencent><1, 0, 0, 1> [F:\QQ\06\QQMainFrame.dll] <N/A><N/A> [F:\QQ\06\CQQApplication.dll] <N/A><N/A> [F:\QQ\06\NewSkin.dll] <><1, 0, 0, 1> [F:\QQ\06\HostingMgr.dll] <><1, 0, 0, 1> [F:\QQ\06\CameraDll.dll] <><1, 0, 0, 1> [F:\QQ\06\MailSummary.dll] <><1, 0, 0, 1> [F:\QQ\06\QQSpace.dll] <><1, 0, 0, 1> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [F:\QQ\06\QQGroupMng.dll] <><1, 0, 0, 1> [F:\QQ\06\GroupLive.dll] <N/A><N/A> [F:\QQ\06\QQSysMsgMng.dll] <N/A><N/A> [F:\QQ\06\UserDefinedHead.dll] <><1, 0, 0, 1> [F:\QQ\06\QQPlugin.dll] <N/A><N/A> [F:\QQ\06\QQConfigPlugin.dll] <><1, 0, 0, 1> [F:\QQ\06\LongConnection.dll] <tencent><5, 0, 200, 160> [F:\QQ\06\QRingMng.dll] <N/A><N/A> [F:\QQ\06\PhoneAPI.dll] <><1, 0, 0, 1> [F:\QQ\06\DialerAllinOne.dll] <tencent><1, 4, 0, 0> [F:\QQ\06\QQAllInOne.dll] <N/A><N/A> [F:\QQ\06\SCCore.dll] <N/A><N/A> [F:\QQ\06\QQCustomFace.dll] <N/A><N/A> [F:\QQ\06\QQPet.dll] <><1, 0, 0, 1> [F:\QQ\06\QQAvatar.dll] <N/A><N/A> [F:\QQ\06\FlashAvatarDll.dll] <><1, 4, 0, 1> [C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx] <Macromedia, Inc.><8,0,24,0> [F:\QQ\06\QQSceneMng.dll] <N/A><N/A> [F:\QQ\06\VqqModule.dll] <><1, 0, 0, 1> [F:\QQ\06\ImageOle.dll] <TODO: <Company name>><1.0.0.1> [F:\QQ\06\QQMagicFace.dll] <><1, 0, 0, 1> [F:\QQ\06\QQFileTransfer.dll] <Tencent><5, 0, 202, 180> [E:\系統工具\殺毒軟件\ewido anti-spyware 4.0\shellexecutehook.dll] <Anti-Malware Development a.s.><4, 0, 0, 172> [F:\QQ\06\CommercesMng.dll] <><1, 0, 0, 1> [F:\QQ\06\PersonalDesktop.dll] <深圳市騰訊電腦系統公司QQ工作小組><1, 0, 0, 2> [F:\QQ\06\QQAddr.dll] <深圳市騰訊電腦系統有限公司><5, 0, 101, 200> [C:\WINDOWS\svchostKey.DLL] <N/A><N/A> [F:\QQ\06\GroupConnection.dll] <Tencent><5, 0, 202, 170> [F:\QQ\06\QQZip.dll] <tencent><0, 3, 2, 4> [F:\QQ\06\QQPhoneHelper.dll] <騰訊科技(深圳)有限公司><2, 0, 4, 40> [PID: 1916][F:\QQ\06\TIMPlatform.exe] <tencent><0, 3, 1, 8> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [C:\WINDOWS\szKey.DLL] <N/A><N/A> [C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A> [F:\QQ\06\TIMProxy.dll] <tencent><0, 3, 2, 4> [PID: 4040][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [C:\WINDOWS\svchostKey.DLL] <N/A><N/A> [C:\WINDOWS\szKey.DLL] <N/A><N/A> [C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A> [PID: 420][C:\DOCUME~1\tony\LOCALS~1\Temp\Rar$EX00.719\SREng.exe] <Smallfrogs Studio><2.0.12.350> [C:\WINDOWS\KB496973M.LOG] <N/A><N/A> [C:\WINDOWS\svchostKey.DLL] <N/A><N/A> [C:\WINDOWS\szKey.DLL] <N/A><N/A> [C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP Error. [winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: 1. 使用SREng (相關操作說明) -刪除以下的啟動項 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><KB496973M.LOG> -刪除以下的服務 [GrayPigeonServer / GrayPigeonServer] <C:\WINDOWS\G_Server2006.exe><N/A> [Gray_Pigeon_Server2.03 / GrayPigeonServer2.03] <C:\WINDOWS\G_Server2.03.exe><N/A> [itshow.com.cn / it.com.cn] <C:\WINDOWS\Hacker.com.cn.exe><N/A> [ver / Perver] <C:\WINDOWS\sz.exe><N/A> [Network Management Center Task / W32Tasks] <C:\WINDOWS\system32\taskman32.exe><N/A> [Window Time / Window Time] <C:\WINDOWS\svchost.exe><N/A> 2. 重新啟動電腦,之後刪除以下檔案 (看注1) C:\WINDOWS\KB496973M.LOG C:\WINDOWS\sz.exe C:\WINDOWS\sz.DLL C:\WINDOWS\szKey.DLL C:\WINDOWS\G_Server2006.exe C:\WINDOWS\G_Server2006.DLL C:\WINDOWS\G_Server2006Key.DLL C:\WINDOWS\svchost.exe C:\WINDOWS\svchost.DLL C:\WINDOWS\svchostKey.DLL 注1: 如果找不到以上檔案,先作出以下設定 a) 在 我的電腦 ,點擊 工具--->資料夾選項 b) 點 檢視 選擇項,然後去掉 隱藏受保護的操作系統文件 前的勾,點選 顯示所有文件和資料夾 ,最後 確定 or... 用軟件Unlocker(最好的頑固軟件刪除工具) v1.8.1 官方中文版,沒有刪除不了的文件。我一直用它 Q: 刪除以下的啟動項 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><KB496973M.LOG> 它說這個文件對系統很重要,不能夠刪除~只能夠編輯~那怎麼辦??謝謝了 A: 把AppInit_DLLs編輯一下,改做空白的..... 再重新啟動刪除相關檔案 |
Q:
一个嫌疑分子,注册表项目不能删除? 在註冊表: localmachine\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDPSSW32 下.. 整個LEGACY_RDPSSW32項都沒有辦法刪除~下面還有個0000的項..都沒有辦法刪除. 開始的時候開機自動執行C:\windows\rdpssw32.exe 程式..被我刪除了.我用了流氓軟件清理後說發現,但是無法清除之.. 2006-06-27,15:45:45 System Repair Engineer 2.0.12.350 (2.0 RC 1) Windows XP Professional Service Pack 2 - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <run><> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <KvMonXP><"F:\Program Files\KV2006\KVMonXP.kxp" /auto> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <Userinit><C:\WINDOWS\system32\userinit.exe,> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> ================================== 啟動資料夾 [802.1X認證客戶端] <C:\Documents and Settings\kingsgame\「開始」表菜單\程式\啟動\802.1X認證客戶端.lnk><N> ================================== 服務 [Ati HotKey Poller / Ati HotKey Poller] <C:\WINDOWS\System32\Ati2evxx.exe><N/A> [ATI Smart / ATI Smart] <C:\WINDOWS\system32\ati2sgag.exe><> [KVSrvXP / KVSrvXP] <F:\Program Files\KV2006\KVSrvXP.exe /Service><Jiangmin Co. Ltd> [KVWSC / KVWSC] <"F:\Program Files\KV2006\KVWsc.exe"><Jiangmin Co.Ltd> [RDPSSW32 / RDPSSW32] <><N/A> [SVCHOST / SVCHOST] <C:\WINDOWS\SVCHOST.EXE><N/A> ================================== 瀏覽器載入項 [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <, N/A> [江民殺毒工具欄] {B5A34A93-D538-43A7-8371-864CB6148D12} <F:\Program Files\KV2006\KvShell.dll, Jiangmin Co.Ltd> [TegoSoft SmartLoader ActiveX Control] {1C960AA3-FAEE-11D0-9262-00A0243D2412} <C:\WINDOWS\DOWNLO~1\TegoLoad.OCX, TegoSoft Inc. http://www.tegosoft.com> [UploadListView Class] {474F00F5-3853-492C-AC3A-476512BBC336} <C:\WINDOWS\Downloaded Program Files\UploaderX.dll, > [PhotoUploadCtrl Control] {A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} <f:\PROGRA~1\Tencent\QZone\PHOTOU~1.OCX, tencent> [Java Plug-in 1.5.0_01] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <, N/A> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [FiltrateWebObj Class] {42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} <F:\Program Files\KV2006\KVBHO.dll, Jiangmin Co.Ltd> [超級兔子上網精靈] {43869BB3-22FD-4F15-9B46-238106BA2F4E} <, N/A> [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\SHDOCVW.DLL, N/A> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [超級兔子上網精靈] {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <, N/A> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\SHDOCVW.DLL, N/A> [江民殺毒工具欄] {B5A34A93-D538-43A7-8371-864CB6148D12} <F:\Program Files\KV2006\KvShell.dll, Jiangmin Co.Ltd> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.> [上傳到QQ網路硬碟] <{DEDEB80D-FA35-45D9-9460-4983E5A8AFE6}, N/A> [匯出到 Microsoft Office Excel(&X)] <res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A> [新增到QQ自定義面板] <, N/A> [新增到QQ表情] <, N/A> [用QQ彩信發送該圖片] <F:\Program Files\Tencent\SendMMS.htm, N/A> [用迅雷下載(&D)] <F:\Program Files\Thunder5.1.3.168 綠色版 by令狐雨辰\geturl.htm, N/A> [用迅雷下載全部(&A)] <F:\Program Files\Thunder5.1.3.168 綠色版 by令狐雨辰\getallurl.htm, N/A> ================================== 正在執行的工作行程 [PID: 580][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 644][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 668][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\Ati2evxx.dll] <N/A><N/A> [C:\WINDOWS\system32\antiwpa.dll] <N/A><N/A> [PID: 712][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 724][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 884][C:\WINDOWS\System32\Ati2evxx.exe] <N/A><N/A> [PID: 896][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1004][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1088][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1300][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1312][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1524][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [PID: 1732][F:\Program Files\KV2006\KVSrvXP.exe] <Jiangmin Co. Ltd><9.2.0.50822> [F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [F:\Program Files\KV2006\SvcSafe.dll] <Jiangmin Co. Ltd><9, 2, 0, 51107> [F:\Program Files\KV2006\lang\SvcSafe0804.lng] <N/A><N/A> [F:\Program Files\KV2006\RegProt.dll] <Jiangmin Co.Ltd><9, 0, 5, 1212> [F:\Program Files\KV2006\Scan.dll] <Jiangmin Co., Ltd.><1.0.6.05190> [F:\Program Files\KV2006\FileGD.dll] <Jiangmin Co.Ltd><9.2.0.50809> [F:\Program Files\KV2006\KvSPI.dll] <Jiangmin Co. Ltd.><1.0.6.06030> [F:\Program Files\KV2006\lang\KVSpi0804.lng] <N/A><N/A> [F:\Program Files\KV2006\ScanHost.dll] <Jiangmin Co. Ltd><9, 2, 0, 50822> [F:\Program Files\KV2006\KVWPSet.dll] <Jiangmin Co.Ltd><9, 0, 0, 60220> [F:\Program Files\KV2006\KVEnhS.dll] <Jiangmin Co., Ltd.><9, 2, 6, 02040> [F:\Program Files\KV2006\KVEnhJ.dll] <Jiangmin Co.Ltd><9, 1, 0, 50822> [F:\Program Files\KV2006\KVExtCab.dll] <JiangMin Co. Ltd><9, 2, 0, 50822> [F:\Program Files\KV2006\KVExtEml.dll] <Jiangmin Co. Ltd.><9, 2, 0, 51207> [F:\Program Files\KV2006\lang\KVExtEml0804.lng] <N/A><N/A> [F:\Program Files\KV2006\KvExtZip.dll] <JiangMin Co Ltd.><9, 2, 0, 50822> [F:\Program Files\KV2006\KVExtZ.dll] <Jiangmin Co. Ltd><9.2.0.503> [F:\Program Files\KV2006\KVExtTar.dll] <Jiangmin Co. Ltd><9, 2, 0, 50822> [F:\Program Files\KV2006\KVExtLZH.dll] <JiangMin Co. Ltd.><9, 2, 6, 0316> [F:\Program Files\KV2006\KvExtRar.dll] <JiangMin Co. Ltd.><9, 2, 6, 04020> [F:\Program Files\KV2006\KVExtGz_1.dll] <Jiangmin Co. Ltd><9, 0, 6, 04200> [F:\Program Files\KV2006\KVEnhK.dll] <Jiangmin Co.Ltd><9, 1, 0, 51209> [F:\Program Files\KV2006\Fix.dll] <Jiangmin Co.Ltd><9, 2, 0, 51011> [F:\Program Files\KV2006\KvCkMail.dll] <N/A><9, 0, 6, 605> [F:\Program Files\KV2006\lang\KvMailRes0804.lng] <N/A><N/A> [F:\Program Files\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817> [F:\Program Files\KV2006\lang\PrivateCfg0804.lng] <TODO: <Company name>><1.0.0.1> [PID: 432][C:\WINDOWS\system32\Ati2evxx.exe] <N/A><N/A> [PID: 616][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [F:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [F:\Program Files\KV2006\KvShell.dll] <Jiangmin Co.Ltd><9, 0, 5, 830> [F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [F:\Program Files\KV2006\lang\Kvxp0804_1.lng] <N/A><N/A> [F:\Program Files\KV2006\APIImpl.dll] <JiangMin Ltd.><9.0.0.500> [F:\Program Files\Tencent\qdshm.dll] <><1, 0, 101, 20> [F:\Program Files\SPX Capture\engine.dll] <N/A><N/A> [PID: 640][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [F:\Program Files\KV2006\KVMonXP.kxp] <Jiangmin Co.Ltd><9, 2, 0, 60103> [F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [F:\Program Files\KV2006\lang\Kvxp0804_1.lng] <N/A><N/A> [F:\Program Files\KV2006\GUIExt.dll] <Jiangmin Co.Ltd><9, 0, 5, 927> [F:\Program Files\KV2006\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200> [F:\Program Files\KV2006\EngFace.dll] <Jiangmin Co.Ltd><9.0.0.50809> [F:\Program Files\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817> [F:\Program Files\KV2006\KvMemory.dll] <Jiangmin Co. Ltd.><9, 0, 6, 0214> [F:\Program Files\KV2006\KvOffice.dll] <JiangMin New Tech.><9.0.0.1213> [F:\Program Files\KV2006\lang\KVOffice0804.lng] <N/A><N/A> [F:\Program Files\KV2006\VirusUpload.dll] <N/A><2, 0, 0, 0> [F:\Program Files\KV2006\lang\PrivateCfg0804.lng] <TODO: <Company name>><1.0.0.1> [F:\Program Files\KV2006\PProtect.dll] <Jiangmin Co. Ltd.><9.0.0.921> [PID: 1196][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [F:\Program Files\KV2006\TrojDie.kxp] <Jiangmin Co.Ltd><9.0.6.0413> [F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [F:\Program Files\KV2006\lang\TrojDie0804.lng] <Jiangmin Co.Ltd><9.0.0.0813> [F:\Program Files\KV2006\GUIExt.dll] <Jiangmin Co.Ltd><9, 0, 5, 927> [F:\Program Files\KV2006\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200> [F:\Program Files\KV2006\PProtect.dll] <Jiangmin Co. Ltd.><9.0.0.921> [F:\Program Files\KV2006\ComUIPS.dll] <Jiangmin Ltd.><9. 5. 5. 20> [PID: 1456][C:\Program Files\802.1X認證客戶端\Dot1XClient.exe] <huawei><2.00> [C:\WINDOWS\system32\W32N50.dll] <Printing Communications Assoc., Inc. (PCAUSA)><5.03.16.54> [PID: 1964][F:\Program Files\KV2006\KRegEx.exe] <Jiangmin Co.Ltd><9.0.6.210> [F:\Program Files\KV2006\KRegEx.dll] <Jiangmin Co. Ltd.><9.0.6.0119> [F:\Program Files\KV2006\KRegTrust.dll] <Jiangmin Co. Ltd.><9.0.0.825> [PID: 200][F:\Program Files\KV2006\UIHost.exe] <Jiangmin Co. Ltd><9.2.0.50822> [F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [F:\Program Files\KV2006\ComUI.dll] <Jiangmin Ltd.><9. 0. 0.509> [F:\Program Files\KV2006\ComUIPS.dll] <Jiangmin Ltd.><9. 5. 5. 20> [PID: 356][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)> [PID: 1408][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1868][F:\PROGRA~1\TheWorld\TheWorld.exe] <Phoenix Studio><1, 2, 3, 5> [C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx] <Macromedia, Inc.><8,0,24,0> [C:\WINDOWS\system32\FREEWB.IME] <Delphi Fan Studio><5.1> [F:\Program Files\freewb\plugin\date.plg] <><1, 0, 0, 1> [F:\Program Files\SPX Capture\engine.dll] <N/A><N/A> [PID: 1616][F:\Program Files\SPX Capture\Spx.exe] <MoodySoft><4.0.0.0> [F:\Program Files\SPX Capture\ICQMAPI.dll] <N/A><N/A> [F:\Program Files\SPX Capture\lpng.dll] <N/A><N/A> [F:\Program Files\SPX Capture\freeze.dll] <N/A><N/A> [F:\Program Files\SPX Capture\engine.dll] <N/A><N/A> [PID: 1368][F:\download\sreng2\SREng.exe] <Smallfrogs Studio><2.0.12.350> [F:\Program Files\SPX Capture\engine.dll] <N/A><N/A> ================================== 文件關聯 .TXT Error. [emeditor.txt] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: 再次執行 System Repair Engineer 在「啟動專案」->「服務」 中刪除下面專案 [RDPSSW32 / RDPSSW32] <><N/A> [SVCHOST / SVCHOST] <C:\WINDOWS\SVCHOST.EXE><N/A> Q: 2006-06-27,20:05:54 System Repair Engineer 2.0.12.350 (2.0 RC 1) Windows XP Professional Service Pack 2 - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <run><> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <KvMonXP><"F:\Program Files\KV2006\KVMonXP.kxp" /auto> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] <Super Rabbit Winspeed><"F:\Program Files\Super Rabbit\MagicSet\winspeed.exe" /autokill:117> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <Userinit><C:\WINDOWS\system32\userinit.exe,> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> ================================== 啟動資料夾 [802.1X認證客戶端] <C:\Documents and Settings\kingsgame\「開始」表菜單\程式\啟動\802.1X認證客戶端.lnk><N> ================================== 服務 [Ati HotKey Poller / Ati HotKey Poller] <C:\WINDOWS\System32\Ati2evxx.exe><N/A> [ATI Smart / ATI Smart] <C:\WINDOWS\system32\ati2sgag.exe><> [KVSrvXP / KVSrvXP] <F:\Program Files\KV2006\KVSrvXP.exe /Service><Jiangmin Co. Ltd> [KVWSC / KVWSC] <"F:\Program Files\KV2006\KVWsc.exe"><Jiangmin Co.Ltd> ================================== 瀏覽器載入項 [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <, N/A> [江民殺毒工具欄] {B5A34A93-D538-43A7-8371-864CB6148D12} <F:\Program Files\KV2006\KvShell.dll, Jiangmin Co.Ltd> [TegoSoft SmartLoader ActiveX Control] {1C960AA3-FAEE-11D0-9262-00A0243D2412} <C:\WINDOWS\DOWNLO~1\TegoLoad.OCX, TegoSoft Inc. http://www.tegosoft.com> [UploadListView Class] {474F00F5-3853-492C-AC3A-476512BBC336} <C:\WINDOWS\Downloaded Program Files\UploaderX.dll, > [PhotoUploadCtrl Control] {A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} <f:\PROGRA~1\Tencent\QZone\PHOTOU~1.OCX, tencent> [Java Plug-in 1.5.0_01] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <, N/A> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [FiltrateWebObj Class] {42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} <F:\Program Files\KV2006\KVBHO.dll, Jiangmin Co.Ltd> [超級兔子上網精靈] {43869BB3-22FD-4F15-9B46-238106BA2F4E} <, N/A> [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\SHDOCVW.DLL, N/A> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [超級兔子上網精靈] {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <, N/A> [] {A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\PROGRA~1\KuGoo2\KUGOO3~1.OCX, N/A> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\SHDOCVW.DLL, N/A> [江民殺毒工具欄] {B5A34A93-D538-43A7-8371-864CB6148D12} <F:\Program Files\KV2006\KvShell.dll, Jiangmin Co.Ltd> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.> [上傳到QQ網路硬碟] <{DEDEB80D-FA35-45D9-9460-4983E5A8AFE6}, N/A> [使用KuGoo3下載(&K)] <F:\Program Files\KuGoo2\KuGoo3DownX.htm, N/A> [匯出到 Microsoft Office Excel(&X)] <res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A> [新增到QQ自定義面板] <, N/A> [新增到QQ表情] <, N/A> [用QQ彩信發送該圖片] <F:\Program Files\Tencent\SendMMS.htm, N/A> [用迅雷下載(&D)] <F:\Program Files\Thunder5.1.3.168 綠色版 by令狐雨辰\geturl.htm, N/A> [用迅雷下載全部(&A)] <F:\Program Files\Thunder5.1.3.168 綠色版 by令狐雨辰\getallurl.htm, N/A> ================================== 正在執行的工作行程 [PID: 580][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 644][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 668][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\Ati2evxx.dll] <N/A><N/A> [C:\WINDOWS\system32\antiwpa.dll] <N/A><N/A> [PID: 712][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 724][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 896][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1004][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1088][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1300][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1312][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1524][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [PID: 1732][F:\Program Files\KV2006\KVSrvXP.exe] <Jiangmin Co. Ltd><9.2.0.50822> [F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [F:\Program Files\KV2006\SvcSafe.dll] <Jiangmin Co. Ltd><9, 2, 0, 51107> [F:\Program Files\KV2006\lang\SvcSafe0804.lng] <N/A><N/A> [F:\Program Files\KV2006\RegProt.dll] <Jiangmin Co.Ltd><9, 0, 5, 1212> [F:\Program Files\KV2006\Scan.dll] <Jiangmin Co., Ltd.><1.0.6.05190> [F:\Program Files\KV2006\FileGD.dll] <Jiangmin Co.Ltd><9.2.0.50809> [F:\Program Files\KV2006\KvSPI.dll] <Jiangmin Co. Ltd.><1.0.6.06030> [F:\Program Files\KV2006\lang\KVSpi0804.lng] <N/A><N/A> [F:\Program Files\KV2006\ScanHost.dll] <Jiangmin Co. Ltd><9, 2, 0, 50822> [F:\Program Files\KV2006\KVWPSet.dll] <Jiangmin Co.Ltd><9, 0, 0, 60220> [F:\Program Files\KV2006\KvCkMail.dll] <N/A><9, 0, 6, 605> [F:\Program Files\KV2006\lang\KvMailRes0804.lng] <N/A><N/A> [F:\Program Files\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817> [F:\Program Files\KV2006\lang\PrivateCfg0804.lng] <TODO: <Company name>><1.0.0.1> [PID: 616][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [F:\Program Files\KV2006\KvShell.dll] <Jiangmin Co.Ltd><9, 0, 5, 830> [F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [F:\Program Files\KV2006\lang\Kvxp0804_1.lng] <N/A><N/A> [F:\Program Files\KV2006\APIImpl.dll] <JiangMin Ltd.><9.0.0.500> [F:\Program Files\Tencent\qdshm.dll] <><1, 0, 101, 20> [F:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [F:\PROGRA~1\KuGoo2\KUGOO3~1.OCX] <N/A><N/A> [PID: 640][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1196][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 356][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)> [PID: 1408][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1492][C:\Program Files\802.1X認證客戶端\Dot1XClient.exe] <huawei><2.00> [C:\WINDOWS\system32\W32N50.dll] <Printing Communications Assoc., Inc. (PCAUSA)><5.03.16.54> [PID: 1668][F:\PROGRA~1\TheWorld\TheWorld.exe] <Phoenix Studio><1, 2, 3, 5> [C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx] <Macromedia, Inc.><8,0,24,0> [C:\WINDOWS\system32\FREEWB.IME] <Delphi Fan Studio><5.1> [F:\Program Files\freewb\plugin\date.plg] <><1, 0, 0, 1> [C:\WINDOWS\System32\xunleibho_v13.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 48> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [F:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll] <Gabest><1, 0, 1, 2> [F:\Program Files\Ringz Studio\Storm Codec\Codecs\OGGSplt.ax] <Gabest><1, 0, 0, 0> [C:\WINDOWS\system32\RealMediaSplitter.ax] <Gabest><1, 0, 1, 1> [F:\Program Files\Ringz Studio\Storm Codec\Codecs\MkvSplt.ax] <Gabest><1, 0, 2, 6> [C:\WINDOWS\System32\ffdshow.ax] <N/A><1, 0, 0, 1> [C:\DOCUME~1\KINGSG~1\APPLIC~1\ppStream\100~1.138\POWERL~1.OCX] <PPStream.com><1, 0, 0, 1216> [C:\DOCUME~1\KINGSG~1\APPLIC~1\ppStream\100~1.138\POWERP~1.DLL] <PPStream Inc.><1,0,0,1566> [C:\DOCUME~1\KINGSG~1\APPLIC~1\ppStream\100~1.138\PSNetwork.dll] <PPStream, inc.><1, 0, 0, 2296> [PID: 940][F:\網號\QQ相關\Q工具\myQQC\myQQC.exe] <N/A><V2.2> [PID: 3664][F:\download\sreng2\SREng.exe] <Smallfrogs Studio><2.0.12.350> ================================== 文件關聯 .TXT Error. [emeditor.txt] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A:新的掃瞄報告沒問題了 |
Q:
【求助】被IEXPLORER.exe搞住了!刪不掉啊! 被IEXPLORER.exe搞住了!刪不掉啊!不到5秒再殺。又出來了!! A: 請用 System Repair Engineer (SREng) 的智慧式掃瞄,掃瞄一個報告上來 1. 下載 System Repair Engineer 2 ,並儲存到桌面 2. 解開壓縮包裝,執行SREng.exe 3. 按 智慧式掃瞄 ,確保智慧式掃瞄下的專案已經全部打勾,再按 掃瞄 4. 掃瞄完成後,按 儲存報告 ,把報告儲存到桌面 5. 開啟SREngLOG.log報告,把報告所有內容複製 + 貼上來 Q: 2006-07-05,22:59:34 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] <pyjj><E:\濾鏡\加加\jj4\jjsvr4.exe> [加加開發組] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] <run><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation] <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.] <KvMonXP><"D:\KV2006\KVMonXP_2.kxp" /auto> [Jiangmin Co.Ltd] <SKYNET Personal FireWall><E:\安全\FIREWALL\pfw.exe> [廣州眾達天網技術有限公司] <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation] <><; > [] <CSPContext><; C:\WINDOWS\system32\CSPContext.exe> [中文之星] <rundll31><C:\WINDOWS\system32\IEXPLORER.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <DLMon><> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] <WinlogonNotify: AtiExtEvent><Ati2evxx.dll> [ATI Technologies Inc.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <ATICCC><; "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay> [] <ATIPTA><; ; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [] <IMSCMIG40W><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log> [Microsoft Corporation] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <NVMixerTray><; "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"> [NVIDIA Corporation] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <pyjj><; E:\濾鏡\加加\jj4\jjsvr4.exe> [加加開發組] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <rundll31><; C:\WINDOWS\system32\IEXPLORER.exe> [] <TkBellExe><; ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [] <Update><; > [] ================================== 啟動資料夾 服務 [Adobe LM Service / Adobe LM Service] <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems> [Ati HotKey Poller / Ati HotKey Poller] <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.> [ATI Smart / ATI Smart] <C:\WINDOWS\system32\ati2sgag.exe><> [InstallDriver Table Manager / IDriverT] <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation> [KVSrvXP / KVSrvXP] <D:\KV2006\KVSrvXP.exe /Service><Jiangmin Co. Ltd> [KVWSC / KVWSC] <"D:\KV2006\kvwsc.exe"><Jiangmin Co.Ltd> ================================== 瀏覽器載入項 [解霸] {367E0A21-8601-4986-9C9A-153BF5ACA118} <e:\HEROSOFT\Hero3000\MPLAYER.EXE, N/A> [聯想] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A> [訊息檢索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} <E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation> [@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A> [FlashGet] {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <E:\FlashGet-v1.71\flashget.exe, Amaze Soft> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [江民殺毒工具欄] {B5A34A93-D538-43A7-8371-864CB6148D12} <D:\KV2006\KvShell.dll, Jiangmin Co.Ltd> [SnagIt] {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <E:\圖像\TechSmith\SnagIt 7\SnagItIEAddin.dll, TechSmith Corporation> [&Save Flash] {4064EA35-578D-4073-A834-C96D82CBCF40} <E:\濾鏡\Save Flash\SaveFlash.dll, TODO: <Company name>> [MSN Photo Upload Tool] {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [Alexa Web Search] <CDB6E-AE6D-11CF-96B8-444553540000}, N/A> [Get Alexa Data] <, N/A> [Mail to a Friend...] <, N/A> [See Related Links] <, N/A> [Write a Review...] <, N/A> [上傳到QQ網路硬碟] <, N/A> [使用網際快車下載] <E:\FlashGet-v1.71\jc_link.htm, N/A> [使用網際快車下載全部鏈接] <E:\FlashGet-v1.71\jc_all.htm, N/A> [定位檢視 GPS 衛星地圖] <E:\濾鏡\Opanda\IExif 2.25\IExifMap.htm, N/A> [檢視 Exif/GPS/IPTC 訊息] <E:\濾鏡\Opanda\IExif 2.25\IExifCom.htm, N/A> [新增到QQ自定義面板] <, N/A> [新增到QQ表情] <, N/A> [用QQ彩信發送該圖片] <, N/A> ================================== 正在執行的工作行程 [PID: 508][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 576][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 604][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\Ati2evxx.dll] <ATI Technologies Inc.><6.14.10.4124> [PID: 648][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 660][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 800][C:\WINDOWS\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4124> [C:\WINDOWS\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2499> [PID: 828][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 896][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 956][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1036][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1124][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1356][C:\WINDOWS\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4124> [C:\WINDOWS\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2499> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> [PID: 1420][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0> [D:\KV2006\KvShell.dll] <Jiangmin Co.Ltd><9, 0, 5, 830> [D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [D:\KV2006\lang\Kvxp0804_1.lng] <N/A><N/A> [D:\KV2006\APIImpl.dll] <JiangMin Ltd.><9.0.0.500> [C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll] <><1, 0, 0, 1> [PID: 1432][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> [PID: 1588][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.29> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> [D:\KV2006\KVMonXP_2.kxp] <Jiangmin Co.Ltd><9, 2, 0, 60103> [D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [D:\KV2006\lang\Kvxp0804_1.lng] <N/A><N/A> [D:\KV2006\GUIExt.dll] <Jiangmin Co.Ltd><9, 0, 5, 927> [D:\KV2006\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200> [D:\KV2006\EngFace.dll] <Jiangmin Co.Ltd><9.0.0.50809> [D:\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817> [D:\KV2006\KvMemory.dll] <Jiangmin Co. Ltd.><9, 0, 6, 0214> [D:\KV2006\KvOffice.dll] <JiangMin New Tech.><9.0.0.1213> [D:\KV2006\lang\KVOffice0804.lng] <N/A><N/A> [D:\KV2006\VirusUpload.dll] <N/A><2, 0, 0, 0> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> [D:\KV2006\PProtect.dll] <Jiangmin Co. Ltd.><9.0.0.921> [PID: 1612][C:\WINDOWS\system32\IEXPLORER.exe] <N/A><N/A> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> [PID: 1632][E:\濾鏡\加加\jj4\jjsvr4.exe] <加加開發組><4.0.0.18> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> [PID: 1740][D:\KV2006\KVSrvXP.exe] <Jiangmin Co. Ltd><9.2.0.50822> [D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [D:\KV2006\SvcSafe.dll] <Jiangmin Co. Ltd><9, 2, 0, 51107> [D:\KV2006\lang\SvcSafe0804.lng] <N/A><N/A> [D:\KV2006\RegProt.dll] <Jiangmin Co.Ltd><9, 0, 5, 1212> [D:\KV2006\Scan.dll] <Jiangmin Co., Ltd.><1.0.6.05190> [D:\KV2006\FileGD.dll] <Jiangmin Co.Ltd><9.2.0.50809> [D:\KV2006\KvSPI.dll] <Jiangmin Co. Ltd.><1.0.6.06030> [D:\KV2006\lang\KVSpi0804.lng] <N/A><N/A> [D:\KV2006\ScanHost.dll] <Jiangmin Co. Ltd><9, 2, 0, 50822> [D:\KV2006\KVWPSet_1.dll] <Jiangmin Co.Ltd><9, 0, 0, 60220> [D:\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817> [D:\KV2006\KVEnhS.dll] <Jiangmin Co., Ltd.><9, 2, 6, 02040> [D:\KV2006\KVEnhJ.dll] <Jiangmin Co.Ltd><9, 1, 0, 50822> [D:\KV2006\KVExtCab.dll] <JiangMin Co. Ltd><9, 2, 0, 50822> [D:\KV2006\KvExtZip.dll] <JiangMin Co Ltd.><9, 2, 0, 50822> [D:\KV2006\KVExtZ.dll] <Jiangmin Co. Ltd><9.2.0.503> [D:\KV2006\KVExtTar.dll] <Jiangmin Co. Ltd><9, 2, 0, 50822> [D:\KV2006\KVExtLZH_1.dll] <JiangMin Co. Ltd.><9, 2, 6, 0316> [D:\KV2006\KvExtRar_1.dll] <JiangMin Co. Ltd.><9, 2, 6, 04020> [D:\KV2006\KVExtGz_1.dll] <Jiangmin Co. Ltd><9, 0, 6, 04200> [D:\KV2006\KVExtEml.dll] <Jiangmin Co. Ltd.><9, 2, 0, 51207> [D:\KV2006\lang\KVExtEml0804.lng] <N/A><N/A> [D:\KV2006\KVEnhK.dll] <Jiangmin Co.Ltd><9, 1, 0, 51209> [D:\KV2006\Fix.dll] <Jiangmin Co.Ltd><9, 2, 0, 51011> [D:\KV2006\KvCkMail.dll] <N/A><9, 0, 6, 605> [D:\KV2006\lang\KvMailRes0804.lng] <N/A><N/A> [PID: 1764][D:\KV2006\kvwsc.exe] <Jiangmin Co.Ltd><9, 0, 5, 908> [D:\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817> [D:\KV2006\EngFace.dll] <Jiangmin Co.Ltd><9.0.0.50809> [D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [PID: 1828][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1856][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)> [PID: 1024][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [D:\KV2006\TrojDie.kxp] <Jiangmin Co.Ltd><9.0.6.0413> [D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [D:\KV2006\lang\TrojDie0804.lng] <Jiangmin Co.Ltd><9.0.0.0813> [D:\KV2006\GUIExt.dll] <Jiangmin Co.Ltd><9, 0, 5, 927> [D:\KV2006\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200> [D:\KV2006\PProtect.dll] <Jiangmin Co. Ltd.><9.0.0.921> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> [D:\KV2006\ComUIPS.dll] <Jiangmin Ltd.><9. 5. 5. 20> [PID: 1724][D:\KV2006\KRegEx.exe] <Jiangmin Co.Ltd><9.0.6.210> [D:\KV2006\KRegEx.dll] <Jiangmin Co. Ltd.><9.0.6.0119> [D:\KV2006\KRegTrust.dll] <Jiangmin Co. Ltd.><9.0.0.825> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> [PID: 1932][D:\KV2006\UIHost.exe] <Jiangmin Co. Ltd><9.2.0.50822> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> [D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831> [D:\KV2006\ComUI.dll] <Jiangmin Ltd.><9. 0. 0.509> [D:\KV2006\ComUIPS.dll] <Jiangmin Ltd.><9. 5. 5. 20> [D:\KV2006\GUIExt.dll] <Jiangmin Co.Ltd><9, 0, 5, 927> [D:\KV2006\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200> [PID: 2696][E:\圖像\TheWorld-v1.26\TheWorld.exe] <Phoenix Studio><1, 2, 3, 5> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [PID: 3036][E:\安全\FireWall\PFW.exe] <廣州眾達天網技術有限公司><2.7.7.1000> [E:\安全\FireWall\SKYMISC.DLL] <N/A><N/A> [E:\安全\FireWall\COMPRESSWRAP.DLL] <N/A><N/A> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> [PID: 3108][E:\安全\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG Error. ["regedit.exe" "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS Error. [] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: 1. 使用SREng (相關操作說明) -刪除以下的啟動項 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <rundll31><C:\WINDOWS\system32\IEXPLORER.exe> [] 2. 重新啟動,按F8進入安全模式,刪除以下檔案 (看注1) C:\WINDOWS\system32\IEXPLORER.exe 注1: 如果找不到以上檔案,先作出以下設定 a) 在 我的電腦 ,點擊 工具--->資料夾選項 b) 點 檢視 選擇項,然後去掉 隱藏受保護的操作系統文件 前的勾,點選 顯示所有文件和資料夾 ,最後 確定 |
Q:
【求助】C:\WINDOWS\svchost.exe 工作行程中出現這個東西C:\WINDOWS\svchost.exe 無法結束工作行程,也不能刪除,該svchost.exe創建的日期是今天? 註冊表run鍵值中有svc在執行,刪除後自動出現 winlogon.exe在任務管理器中有兩個一個ID 532 一個是744 諾頓一直提示有病毒,但是總殺不玩? 怎麼辦?是中了什麼毒? 2006-07-14,00:06:22 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] <svc><C:\WINDOWS\svchost.exe> [] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <pdfFactory Dispatcher v1><C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe> [FinePrint Software, LLC] <ccApp><; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [Symantec Corporation] <vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe> [Symantec Corporation] <svc><C:\WINDOWS\svchost.exe> [] <HotKeysCmds><; C:\WINDOWS\system32\hkcmd.exe> [Intel Corporation] <IgfxTray><; C:\WINDOWS\system32\igfxtray.exe> [Intel Corporation] <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation] <SoundMan><; SOUNDMAN.EXE> [Realtek Semiconductor Corp.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\inituser.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] <WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll> [Symantec Corporation] ================================== 啟動資料夾 服務 [Symantec Event Manager / ccEvtMgr] <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation> [Symantec Password Validation / ccPwdSvc] <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation> [Symantec Settings Manager / ccSetMgr] <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation> [Symantec AntiVirus Definition Watcher / DefWatch] <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation> [DameWare Mini Remote Control / DWMRCS] <C:\WINDOWS\SYSTEM32\DWRCS.EXE -service><N/A> [KDDelegateService / KDDelegateService] <d:\Program Files\Kingdee\K3ERP\KDDelegateService.exe><KINGDEE> [SavRoam / SavRoam] <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec> [Symantec Network Drivers Service / SNDSrvc] <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation> [Symantec SPBBCSvc / SPBBCSvc] <"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation> [Symantec AntiVirus / Symantec AntiVirus] <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation> [VIPTray / VIPTray] <2 - 系統找不到指定的文件。 ><N/A> ================================== 瀏覽器載入項 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v5.dll, > [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [IEYHlprObj Class] {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation> [WinSC Class] {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A> [Webacc Class] {CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, > [IEHlprObj Class] {F5B3ECED-9BF3-4f7e-882B-A6E75343C499} <C:\Progra~1\NetMeeting\netinit.dll, Microsoft Corporation> [iehelper] {F651FCAA-F826-4922-8990-C6F99CC67AFC} <C:\WINDOWS\Win32ef.dll, N/A> [google bar] {FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A> [比較購物搜索(&C)] {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} <C:\WINDOWS\YayaBands.dll, Eastday Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <, N/A> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v5.dll, > [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [MonitorURL Class] {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, N/A> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A> [HHCtrl Object] {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation> [IEYHlprObj Class] {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation> [XBTP03129 Class] {6029B367-250A-4696-925C-641709CA7381} <C:\PROGRA~1\KUAISO~1\KUAISO~1.DLL, N/A> [Kuaiso Toolsbar] {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\Kuaiso Toolsbar\kuaiso_06040.dll, N/A> [WinSC Class] {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A> [estAliveObj Class] {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, N/A> [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, N/A> [IEHlprObj Class] {BA623AA0-9A82-4D0C-944C-0228CEA17780} <C:\Progra~1\Messenger\netshow.dll, N/A> [Webacc Class] {CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, > [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <, N/A> [IEHlprObj Class] {F5B3ECED-9BF3-4F7E-882B-A6E75343C499} <C:\Progra~1\NetMeeting\netinit.dll, Microsoft Corporation> [iehelper] {F651FCAA-F826-4922-8990-C6F99CC67AFC} <C:\WINDOWS\Win32ef.dll, N/A> [google bar] {FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A> ================================== 正在執行的工作行程 [PID: 664][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 720][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 744][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\NavLogon.dll] <Symantec Corporation><10.0.2.2000> [PID: 788][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 800][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 968][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1016][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1080][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1132][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1168][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1328][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe] <Symantec Corporation><103.5.6.3> [C:\Program Files\Common Files\Symantec Shared\ccL35.dll] <Symantec Corporation><103.5.6.3> [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.5.6.3> [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] <Symantec Corporation><103.5.6.3> [PID: 1356][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe] <Symantec Corporation><103.5.6.3> [C:\Program Files\Common Files\Symantec Shared\ccL35.dll] <Symantec Corporation><103.5.6.3> [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.5.6.3> [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\BB.DLL] <Symantec Corporation><1,5,1,3> [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL] <Symantec Corporation><1,5,1,3> [C:\Program Files\Common Files\Symantec Shared\ccSet.dll] <Symantec Corporation><103.5.6.3> [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL] <Symantec Corporation><103.5.6.3> [PID: 1664][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\fppmon1.dll] <FinePrint Software, LLC><1.17> [C:\WINDOWS\system32\fppr132.dll] <FinePrint Software, LLC><1.17> [PID: 1804][C:\Program Files\Symantec AntiVirus\DefWatch.exe] <Symantec Corporation><10.0.2.2000> [PID: 1828][C:\WINDOWS\SYSTEM32\DWRCS.EXE] <N/A><N/A> [PID: 1956][C:\Program Files\Symantec AntiVirus\SavRoam.exe] <symantec><10.0.2.2000> [C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll] <Symantec Corporation><10.0.2.2000> [C:\WINDOWS\system32\CBA.DLL] <LANDesk Software Ltd.><6.12.0.140 E> [C:\WINDOWS\system32\MsgSys.dll] <LANDesk Software Ltd.><6.12.0.140 E> [C:\WINDOWS\system32\NTS.dll] <LANDesk Software Ltd.><6.12.0.141 E> [C:\WINDOWS\system32\PDS.DLL] <LANDesk Software Ltd.><6.12.0.140 E> [c:\program files\common files\symantec shared\ssc\ScsComms.dll] <Symantec Corporation><10.0.2.2000> [PID: 244][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\hpwx3770.dll] <Hewlett-Packard><3.2.2.674> [C:\WINDOWS\system32\hpgt3770.dll] <Hewlett-Packard><1.0.2.682> [PID: 328][C:\Program Files\Symantec AntiVirus\Rtvscan.exe] <Symantec Corporation><10.0.2.2000> [C:\WINDOWS\system32\CBA.DLL] <LANDesk Software Ltd.><6.12.0.140 E> [C:\WINDOWS\system32\MsgSys.dll] <LANDesk Software Ltd.><6.12.0.140 E> [C:\WINDOWS\system32\NTS.dll] <LANDesk Software Ltd.><6.12.0.141 E> [C:\WINDOWS\system32\PDS.DLL] <LANDesk Software Ltd.><6.12.0.140 E> [C:\Program Files\Symantec AntiVirus\NAVLU.dll] <Symantec Corporation><10.0.2.2000> [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL] <Symantec Corporation><10.0.2.2000> [c:\program files\common files\symantec shared\ssc\ScsComms.dll] <Symantec Corporation><10.0.2.2000> [C:\Program Files\Symantec AntiVirus\I2ldvp3.dll] <Symantec Corporation><10.0.2.2000> [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.5.6.3> [C:\Program Files\Common Files\Symantec Shared\ccL35.dll] <Symantec Corporation><103.5.6.3> [C:\Program Files\Common Files\Symantec Shared\ccDec.dll] <Symantec Corporation><103.5.6.3> [C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll] <Symantec Corporation><3.02.14.03> [C:\Program Files\Common Files\Symantec Shared\ccScan.dll] <Symantec Corporation><103.5.6.3> [C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL] <Symantec Corporation><51.2.0.12> [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060712.021\ccEraser.dll] <Symantec Corporation><106.1.5.2> [C:\Program Files\Symantec AntiVirus\DefUtDCD.dll] <Symantec Corporation><3.1.13a.0> [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060712.021\ecmsvr32.dll] <Symantec Corporation><61.1.0.11> [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060712.021\NAVEX32a.DLL] <Symantec Corporation><20061.1.0.14> [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060712.021\NAVENG32.DLL] <Symantec Corporation><20061.1.0.14> [C:\Program Files\Symantec AntiVirus\NAVAP32.DLL] <Symantec Corporation><9.7.0.10> [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] <Symantec Corporation><9.7.0.10> [C:\Program Files\Symantec AntiVirus\IMail.dll] <Symantec Corporation><10.0.2.2000> [C:\Program Files\Symantec AntiVirus\NotesExt.dll] <Symantec Corporation><10.0.2.2000> [C:\Program Files\Symantec AntiVirus\vpmsece3.dll] <Symantec Corporation><10.0.2.2000> [C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll] <Symantec Corporation><10.0.2.2000> [C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll] <Symantec Corporation><1,5,1,3> [C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll] <Symantec Corporation><10.0.2.2000> [C:\Program Files\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><10.0.2.2000> [PID: 592][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 2976][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><7.0.5.2005092300> [C:\WINDOWS\system32\svchost.dll] <><1, 0, 0, 1> [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0> [C:\WINDOWS\system32\igfxpph.dll] <Intel Corporation><3.0.0.3847> [C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.3847> [C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.3847> [C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.3847> [C:\WINDOWS\system32\igfxdev.dll] <Intel Corporation><3.0.0.3847> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><10.0.2.2000> [C:\WINDOWS\system32\igfxress.dll] <Intel Corporation><3.0.0.3847> [C:\WINDOWS\system32\xunleibho_v5.dll] <><4, 3, 3, 30> [C:\WINDOWS\Win32ef.dll] <N/A><N/A> [C:\WINDOWS\vwwreg.dll] <N/A><N/A> [PID: 3112][C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe] <FinePrint Software, LLC><1.17> [C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppr132.dll] <FinePrint Software, LLC><1.17> [PID: 3128][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] <Symantec Corporation><103.5.6.3> [C:\Program Files\Common Files\Symantec Shared\ccL35.dll] <Symantec Corporation><103.5.6.3> [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.5.6.3> [C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL] <Symantec Corporation><103.5.6.3> [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL] <Symantec Corporation><103.5.6.3> [C:\WINDOWS\system32\SYMREDIR.DLL] <Symantec Corporation><6.0.1.105> [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] <Symantec Corporation><103.5.6.3> [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] <Symantec Corporation><103.5.6.3> [C:\Program Files\Symantec AntiVirus\SavEmail.dll] <Symantec Corporation><10.0.2.2000> [PID: 3144][C:\PROGRA~1\SYMANT~1\VPTray.exe] <Symantec Corporation><10.0.2.2000> [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] <Symantec Corporation><9.7.0.10> [C:\Program Files\Symantec AntiVirus\Cliproxy.dll] <Symantec Corporation><10.0.2.2000> [C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL] <Symantec Corporation><10.0.2.2000> [c:\program files\common files\symantec shared\ssc\ScsComms.dll] <Symantec Corporation><10.0.2.2000> [C:\WINDOWS\system32\nts.dll] <LANDesk Software Ltd.><6.12.0.141 E> [C:\WINDOWS\system32\cba.dll] <LANDesk Software Ltd.><6.12.0.140 E> [C:\WINDOWS\system32\MsgSys.dll] <LANDesk Software Ltd.><6.12.0.140 E> [C:\WINDOWS\system32\PDS.DLL] <LANDesk Software Ltd.><6.12.0.140 E> [PID: 3168][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 3336][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 2384][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 532][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 2644][C:\WINDOWS\system32\rdpclip.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 3472][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)> [PID: 3632][C:\WINDOWS\system32\taskmgr.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 184][C:\WINDOWS\regedit.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 3108][C:\DOCUME~1\wangquan\LOCALS~1\Temp\Rar$EX00.016\PrcView.exe] <PrcView><3.7.3.1> [PID: 3796][C:\WINDOWS\svchost.exe] <N/A><N/A> [PID: 3560][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A> [PID: 3072][C:\DOCUME~1\wangquan\LOCALS~1\Temp\Rar$EX00.079\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: 用sreng刪除啟動專案 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <svc><C:\WINDOWS\svchost.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <svc><C:\WINDOWS\svchost.exe> [] 重啟後在安全模式刪除 C:\WINDOWS\svchost.exe 如果刪除不了 請下載killbox強制刪除 除了上述問題外,還有以下需要處理的 建議修復操作時關閉其他所有的無關程式,包括IE瀏覽器等,建議將以下內容複製貼上去到記事本然後儲存以便操作。 請執行剛才用來做智慧式掃瞄的工具SREng, 在系統修復->瀏覽器載入項裡,勾選並b]刪除以下內容 ,都是些流氓軟件 [IEYHlprObj Class] {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation> [WinSC Class] {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A> [Webacc Class] {CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, > [IEHlprObj Class] {F5B3ECED-9BF3-4f7e-882B-A6E75343C499} <C:\Progra~1\NetMeeting\netinit.dll, Microsoft Corporation> [iehelper] {F651FCAA-F826-4922-8990-C6F99CC67AFC} <C:\WINDOWS\Win32ef.dll, N/A> [google bar] {FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A> [比較購物搜索(&C)] {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} <C:\WINDOWS\YayaBands.dll, Eastday Corporation> [MonitorURL Class] {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, N/A> [IEYHlprObj Class] {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation> [XBTP03129 Class] {6029B367-250A-4696-925C-641709CA7381} <C:\PROGRA~1\KUAISO~1\KUAISO~1.DLL, N/A> [Kuaiso Toolsbar] {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\Kuaiso Toolsbar\kuaiso_06040.dll, N/A> [WinSC Class] {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A> [estAliveObj Class] {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, N/A> [IEHlprObj Class] {BA623AA0-9A82-4D0C-944C-0228CEA17780} <C:\Progra~1\Messenger\netshow.dll, N/A> [Webacc Class] {CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, > [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <, N/A> [IEHlprObj Class] {F5B3ECED-9BF3-4F7E-882B-A6E75343C499} <C:\Progra~1\NetMeeting\netinit.dll, Microsoft Corporation> [iehelper] {F651FCAA-F826-4922-8990-C6F99CC67AFC} <C:\WINDOWS\Win32ef.dll, N/A> [google bar] {FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A> |
Q:
【求助】工作裡的RUNDLL32.EXE圖示變大變花了?病毒嗎? 以前也有過這樣的例子。RUNDLL32.EXE圖示變大變花了以後,桌面的圖示也變花了,接著感染了所有EXE文件和RAR文件,殺不了,後來只有格了硬碟。這次又出現了,好怕啊。 我掃瞄的系統報告: 2006-07-19,13:41:18 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows 2000 Advanced Server Service Pack 4 (Build 2195) - 管理權限用戶 - 完整功能 以下內容被選: 所有的啟動項目(包括註冊表、啟動檔案夾、服務等) 瀏覽器載入項 正在執行的工作(包括工作模組訊息) 文件關聯 啟動項目 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.] <ShStatEXE><"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE> [Network Associates, Inc.] <McAfeeUpdaterUI><"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey> [Network Associates, Inc.] <Network Associates Error Reporting Service><"C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"> [Network Associates, Inc.] <!ewido><"E:\ewido anti-spyware 4.0\ewido.exe" /minimized> [Anti-Malware Development a.s.] <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] <Update><C:\Program Files\Common Files\UPDAT\Update.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINNT\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><E:\ewido anti-spyware 4.0\shellexecutehook.dll> [Anti-Malware Development a.s.] ================================== 啟動檔案夾 服務 [Ati HotKey Poller / Ati HotKey Poller] <C:\WINNT\system32\Ati2evxx.exe><ATI Technologies Inc.> [ATI Smart / ATI Smart] <C:\WINNT\system32\ati2sgag.exe><> [Logical Disk Manager Administrative Service / dmadmin] <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.> [ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard] <E:\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.> [McAfee Framework 服務 / McAfeeFramework] <C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart><Network Associates, Inc.> [Network Associates McShield / McShield] <"C:\Program Files\Network Associates\VirusScan\Mcshield.exe"><Network Associates, Inc.> [Network Associates Task Manager / McTaskManager] <"C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"><Network Associates, Inc.> [Security Machine Manager / MouTALS] <C:\WINNT\SYSTEM32\RUNDLL32.EXE C:\WINNT\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A> [Ulead Burning Helper / UleadBurningHelper] <C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.> ================================== 瀏覽器載入項 [] {01A7A372-71E8-4022-9D76-B66BECF71A2E} <C:\WINNT\system32\IEBHOGET.dll, N/A> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD> [NewWebController Class] {9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINNT\system32\AdvSC.dll, N/A> [WinSC Class] {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINNT\system32\WinSC.dll, N/A> [QuickBtn] {D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent> [DuiSo.com Search] {E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINNT\system32\Inte32.dll, N/A> [QuickBtn] {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent> [MMSAssistMenu] {6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, > [@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A> [@msdxmLC.dll,-1@2052,電台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation> [WebActivater Control] {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINNT\system32\WEBACT~1.OCX, QQ> [InfoSecNetSign Class] {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINNT\DOWNLO~1\NetSign.dll, Infosec Technologies Co., Ltd.> [AxSubmitControl Class] {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINNT\DOWNLO~1\SUBMIT~1.DLL, > [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [IcbcSsl快取CleanerCtrl Class] {E9707834-5BF7-4CFF-A639-398427DE1991} <C:\WINNT\Downloaded Program Files\IcbcSsl快取Cleaner.dll, 中國工商銀行> [&使用迅雷下載] <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A> [&使用迅雷下載全部連接] <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A> ================================== 正在執行的工作 [PID: 176][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 200][\??\C:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 220][\??\C:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6997> [C:\WINNT\system32\Ati2evxx.dll] <ATI Technologies Inc.><6.14.10.4117> [PID: 248][C:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.7035> [C:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [PID: 260][C:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.7011> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [PID: 368][C:\WINNT\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4117> [C:\WINNT\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2497> [PID: 456][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [PID: 488][C:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.7059> [PID: 536][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [PID: 576][C:\WINNT\System32\llssrv.exe] <Microsoft Corporation><5.00.2195.7021> [PID: 608][C:\Program Files\Network Associates\Common Framework\FrameworkService.exe] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\nailog.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\naXML.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\applib.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\Logging.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\InternetManager.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\naInet.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\UserSpace.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\Management.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\cmalib.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\Scheduler.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\TCSubSys.dll] <Network Associates, Inc.><3.5.0.412> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [PID: 660][C:\Program Files\Network Associates\VirusScan\Mcshield.exe] <Network Associates, Inc.><8.0.0.309> [C:\Program Files\Network Associates\VirusScan\Res04\McShield.DLL] <Network Associates, Inc.><8.0.0.251> [C:\Program Files\Network Associates\VirusScan\FTL.Dll] <Network Associates, Inc.><8.0.0.135> [C:\Program Files\Network Associates\VirusScan\naiann.dll] <Network Associates, Inc.><8.0.0.308> [C:\Program Files\Network Associates\VirusScan\mytilus.dll] <Network Associates, Inc.><8.0.0.316> [C:\Program Files\Network Associates\Common Framework\GenEvtInf.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\VirusScan\NaEventU.DLL] <Network Associates, Inc.><8.0.0.342> [C:\Program Files\Network Associates\VirusScan\Res04\naEvtRes.dll] <Network Associates, Inc.><8.0.0.342> [C:\Program Files\Network Associates\VirusScan\VSIDSvr.dll] <Network Associates, Inc.><8.0.0.291> [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\VirusScan\EntSrv.Dll] <Network Associates, Inc><8.0.0.448> [PID: 676][C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe] <Network Associates, Inc.><8.0.0.1002> [C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\naiwmain.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\naicondl.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\RES04\VsTskMgr.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\MIDUtil.Dll] <McAfee, Inc.><8.0.0.152> [PID: 740][C:\WINNT\SYSTEM32\RUNDLL32.EXE] <Microsoft Corporation><5.00.2134.1> [PID: 748][C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe] <Network Associates, Inc.><3.5.0.412> [C:\PROGRA~1\NETWOR~1\COMMON~1\nailog.dll] <Network Associates, Inc.><3.5.0.474> [C:\PROGRA~1\NETWOR~1\COMMON~1\naCmnLib.dll] <Network Associates, Inc.><3.5.0.474> [C:\PROGRA~1\NETWOR~1\COMMON~1\naXML.dll] <Network Associates, Inc.><3.5.0.474> [C:\PROGRA~1\NETWOR~1\COMMON~1\0804\AgentRes.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\VirusScan\VsPlugin.dll] <Network Associates, Inc.><8.0.0.981> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [PID: 812][C:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701> [PID: 828][C:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6972> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [PID: 840][C:\WINNT\system32\stisvc.exe] <Microsoft Corporation><5.00.2195.6656> [C:\WINNT\system32\VM31bSTI.dll] <VM><4.2.510.21> [PID: 932][C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe] <Ulead Systems, Inc.><1, 0, 0, 4> [PID: 952][C:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100> [PID: 984][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [PID: 1020][C:\WINNT\system32\inetsrv\inetinfo.exe] <Microsoft Corporation><5.00.0984> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [PID: 1056][C:\WINNT\system32\msdtc.exe] <Microsoft Corporation><1999.9.3421.3> [PID: 1596][C:\WINNT\System32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [PID: 1432][C:\WINNT\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4117> [C:\WINNT\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2497> [PID: 1380][C:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [E:\ewido anti-spyware 4.0\shellexecutehook.dll] <Anti-Malware Development a.s.><4, 0, 0, 172> [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [C:\Program Files\Network Associates\VirusScan\shext.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\RES04\ShExtRes.dll] <Network Associates, Inc.><8.0.0.912> [PID: 1812][C:\WINNT\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.30> [PID: 1820][C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\naiwmain.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\RES04\shstat.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\RES04\Product.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\RES04\McShield.dll] <Network Associates, Inc.><8.0.0.251> [C:\Program Files\Network Associates\VirusScan\RES04\Shutilrc.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\Graphics.dll] <Network Associates, Inc.><8.0.0.912> [PID: 1828][C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\nailog.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\naXML.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\0804\UpdRes.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] <Network Associates, Inc.><3.5.0.412> [PID: 1836][C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe] <Network Associates, Inc.><2.0.275.0> [PID: 1916][E:\ewido anti-spyware 4.0\ewido.exe] <Anti-Malware Development a.s.><4, 0, 0, 172> [E:\ewido anti-spyware 4.0\engine.dll] <Anti-Malware Development a.s.><4, 0, 0, 172> [PID: 1924][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3510> [PID: 1960][C:\WINNT\system32\dllhost.exe] <Microsoft Corporation><5.00.2195.6692> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] <Network Associates, Inc.><8.0.0.992> [C:\Program Files\Network Associates\VirusScan\mytilus.dll] <Network Associates, Inc.><8.0.0.316> [C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll] <Network Associates, Inc.><8.0.0.251> [C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll] <McAfee, Inc.><4.4.00> [PID: 2048][C:\WINNT\system32\dllhost.exe] <Microsoft Corporation><5.00.2195.6692> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [PID: 2136][C:\DOCUME~1\lxy\LOCALS~1\Temp\M2Server.exe] <亞盟網路><1.0.0.1> [D:\MirServer\Mir200\IPLocal.dll] <N/A><N/A> [D:\MirServer\Mir200\M2Server.dll] <N/A><N/A> [D:\MirServer\Mir200\zPlugOfEngine.dll] <N/A><N/A> [C:\Program Files\Common Files\Borland Shared\BDE\IDAPI32.DLL] <N/A><N/A> [C:\Program Files\Common Files\Borland Shared\BDE\IDR20009.DLL] <N/A><N/A> [C:\Program Files\Common Files\Borland Shared\BDE\BANTAM.DLL] <N/A><N/A> [C:\Program Files\Common Files\Borland Shared\BDE\idsql32.DLL] <N/A><N/A> [C:\Program Files\Common Files\Borland Shared\BDE\IDPDX32.DLL] <N/A><N/A> [C:\Program Files\Common Files\Borland Shared\BDE\idbat32.DLL] <N/A><N/A> [PID: 2196][C:\WINNT\system32\mdm.exe] <Microsoft Corporation><6.00.8424> [PID: 2168][D:\MirServer\xysrvII.exe] <N/A><N/A> [C:\Program Files\Common Files\Borland Shared\BDE\IDAPI32.DLL] <N/A><N/A> [C:\Program Files\Common Files\Borland Shared\BDE\IDR20009.DLL] <N/A><N/A> [C:\Program Files\Common Files\Borland Shared\BDE\BANTAM.DLL] <N/A><N/A> [C:\Program Files\Common Files\Borland Shared\BDE\IDPDX32.DLL] <N/A><N/A> [PID: 652][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2800.1106> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [C:\WINNT\system32\IEBHOGET.dll] <N/A><N/A> [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1> [C:\Program Files\CoolWebsite\QuickLink.dll] <Fengcent><1, 0, 0, 2> [C:\WINNT\system32\Inte32.dll] <N/A><N/A> [C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] <Network Associates, Inc.><8.0.0.992> [C:\Program Files\Network Associates\VirusScan\mytilus.dll] <Network Associates, Inc.><8.0.0.316> [C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll] <Network Associates, Inc.><8.0.0.251> [C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll] <McAfee, Inc.><4.4.00> [PID: 1720][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2800.1106> [C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448> [C:\WINNT\system32\IEBHOGET.dll] <N/A><N/A> [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1> [C:\Program Files\CoolWebsite\QuickLink.dll] <Fengcent><1, 0, 0, 2> [C:\WINNT\system32\Inte32.dll] <N/A><N/A> [PID: 2516][C:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655> [PID: 2532][C:\DOCUME~1\lxy\LOCALS~1\Temp\Rar$EX00.719\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINNT\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 A: 使用SREng (相關操作說明)一樓 -移除以下的啟動項 [RealNetworks, Inc.] <Update><C:\Program Files\Common Files\UPDAT\Update.exe> [] -移除以下瀏覽器載入項 [] {01A7A372-71E8-4022-9D76-B66BECF71A2E} <C:\WINNT\system32\IEBHOGET.dll, N/A> [NewWebController Class] {9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINNT\system32\AdvSC.dll, N/A> [WinSC Class] {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINNT\system32\WinSC.dll, N/A> [QuickBtn] {D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent> [DuiSo.com Search] {E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINNT\system32\Inte32.dll, N/A> [QuickBtn] {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent> [MMSAssistMenu] {6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, > 你中的是Worm.Viking....試試用瑞星提供的Worm.Viking專殺工具 http://it.rising.com.cn/service/tech...RavVikiing.htm |
Q:
為什麼老是彈出廣告網頁 明明用清理LJ軟體清理過一次了 可是還是有廣告網頁自動彈出來 我的MM現在很鬱悶 大家幫幫忙啦~~~~~ A: 請用 System Repair Engineer 掃瞄一個log貼上來。 1 解壓縮Sreng2.zip 2 執行Sreng2.exe 3 智能掃瞄——掃瞄——儲存報告 4 把日誌sreng.log中的報告內容完整拷貝貼上來,不要修改。 掃瞄時請關閉所有你手動開啟的程序 sreng操作和修復教學 Q: 啟動項目 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] <msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [Microsoft Corporation] <pbmini><D:\Program Files\pcast\PodcastbarMini\PodcastBarMiniStarter.exe> [] <MyShares><c:\program Files\易虎\MyShares.exe /tray> [] <MSNShell><D:\Program Files\MSNShell\BIN\MSNShell.exe autorun> [] <msnnt><C:\WINDOWS\Updatec.exe> [] <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation] <VoipDiscount><"d:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized> [VoipDiscount] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <spoolsv><C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer> [廣州傲訊訊息科技有限公司] <Update><C:\Program Files\Common Files\UPDAT\Update.exe> [] <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [] <Thunder><"d:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s> [] <sysservice><C:\DOCUME~1\Admin\LOCALS~1\Temp\servicea.exe> [] <supdate2.dll><RUNDLL32.EXE C:\WINDOWS\system32\supdate2.dll,Run> [] <SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.] <res><C:\WINDOWS\system32\res.exe> [] <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation] <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC> [] <KAVPersonal50><"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize> [] <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [Intel Corporation] <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [Intel Corporation] <BIE><Rundll32 C:\WINDOWS\DOWNLO~1\BDPlugin.dll,Rundll32> [] <bgoomain.exe><C:\PROGRA~1\baigoo\bgoomain.exe> [BGoo] <AddrPlus3><C:\PROGRA~1\TENCENT\Adplus\stup.exe C:\PROGRA~1\TENCENT\Adplus\Adplus.dll Rundll32> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] <C:\PROGRA~1\baigoo\plugin\bgoocos\bgoocos.dll><regsvr32 /s C:\PROGRA~1\baigoo\plugin\bgoocos\bgoocos.dll> [BAIGOO] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] <UIHost><logonui.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{B83FC273-3522-4CC6-92EC-75CC86678DA4}><> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <Vision><C:\PROGRA~1\MMSASS~1\Mmsass~1.dll> [] ================================== 啟動檔案夾 [WinBrowse] <C:\Documents and Settings\Admin\「開始」表單\程序\啟動\WinBrowse.lnk><N> ================================== 服務 [Server2.03 / 2.03] <C:\WINDOWS\G_Server2.03.exe><N/A> [NT Data Provider / MOVEESS] <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A> ================================== 瀏覽器載入項 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [CPub Object] {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} <d:\Program Files\P4P\sodaie.dll, N/A> [wmpdrm] {0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, Allsum Info. Tech. Ltd.> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [BandIE Class] {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\Program Files\BAIDU\BAR\BAIDUBAR.DLL, Baidu.com, Inc.> [Status Class] {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\Program Files\baigoo\BGooBHO.dll, > [ST] {9394EDE7-C8B5-483E-8773-474BF36AF6E4} <C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation> [NewWebController Class] {9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINDOWS\system32\WinSC.dll, N/A> [MSNToolBandBHO] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll, Microsoft Corporation> [免費精彩視瀕超流暢在線觀看] {022C4009-5283-4365-97BF-144054B40E2E} <http://itv.mop.com, N/A> [浩方對戰平台] {0A155D3C-68E2-4215-A47A-E800A446447A} <D:\Program Files\浩方對戰平台\GameClient.exe, N/A> [訊息檢索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [MSN] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll, Microsoft Corporation> [MMCPlayer Class] {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [CPub Object] {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} <d:\Program Files\P4P\sodaie.dll, N/A> [wmpdrm] {0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, Allsum Info. Tech. Ltd.> [QuickBtn] {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, N/A> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [MMSAssist BHO] {6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, N/A> [stdup] {6A512BF7-EC78-4E8D-9841-6C02E8FA9838} <C:\WINDOWS\SYSTEM32\stdup.dll, N/A> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [BandIE Class] {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\Program Files\BAIDU\BAR\BAIDUBAR.DLL, Baidu.com, Inc.> [Status Class] {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\Program Files\baigoo\BGooBHO.dll, > [Microsoft Web 瀏覽器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [ST] {9394EDE7-C8B5-483E-8773-474BF36AF6E4} <C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation> [NewWebController Class] {9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINDOWS\system32\WinSC.dll, N/A> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [MSN] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll, Microsoft Corporation> [MSNToolBandBHO] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll, Microsoft Corporation> [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [pCastPanel Class] {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <C:\WINDOWS\system32\pCastCtl.dll, > [ >> 彩信傳送 <<] <res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A> [>>彩信傳送<<] <res://C:\Program Files\MMSAssist\Mmsass~1.dll/mms.htm, N/A> [上傳到QQ網路硬碟] <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A> [匯出到 Microsoft Office Excel(&X)] <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A> [增加到QQ自訂面板] <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A> [增加到QQ表情] <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A> [用QQ彩信傳送該圖片] <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A> ================================== 正在執行的工作 [PID: 568][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 640][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 664][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 708][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 720][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 868][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 912][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 984][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1036][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1152][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1284][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [C:\WINDOWS\system32\ZLhp1020.DLL] <Zenographics, Inc.><5, 53, 2714, 0> [C:\WINDOWS\system32\ZLM.dll] <Zenographics, Inc.><5, 50, 1416, 0> [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL] <Zenographics, Inc.><5, 54, 330, 0> [C:\WINDOWS\system32\Imf32.dll] <Zenographics, Inc.><5, 60, 1204, 0> [C:\WINDOWS\system32\ZTAG32.dll] <Zenographics, Inc.><5, 60, 1210, 0> [C:\WINDOWS\system32\ZSPOOL.dll] <Zenographics, Inc.><5, 51, 709, 0> [PID: 1644][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007> [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0> [C:\WINDOWS\system32\msicn\msibm.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1> [C:\WINDOWS\system32\igfxpph.dll] <Intel Corporation><3.0.0.3924> [C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.3924> [C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.3924> [C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.3924> [C:\WINDOWS\system32\igfxdev.dll] <Intel Corporation><3.0.0.3924> [C:\WINDOWS\system32\msicn\plugins\bse.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1> [C:\WINDOWS\system32\msicn\plugins\lup.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1> [C:\WINDOWS\system32\msicn\plugins\bm.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1> [C:\WINDOWS\system32\msicn\plugins\as.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1> [C:\WINDOWS\system32\igfxress.dll] <Intel Corporation><3.0.0.3924> [PID: 1764][C:\DOCUME~1\Admin\LOCALS~1\Temp\servicea.exe] <N/A><N/A> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007> [PID: 1780][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.30> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [PID: 1836][C:\WINDOWS\system32\hkcmd.exe] <Intel Corporation><3.0.0.3924> [C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.3924> [C:\WINDOWS\system32\igfxdev.dll] <Intel Corporation><3.0.0.3924> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.3924> [C:\WINDOWS\system32\igfxhk.dll] <Intel Corporation><3.0.0.3924> [C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.3924> [PID: 1844][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [PID: 1852][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [C:\WINDOWS\system32\msicn\msibm.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1> [PID: 1860][C:\Program Files\MSN Messenger\msnmsgr.exe] <Microsoft Corporation><7.5.0324> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007> [C:\WINDOWS\system32\msicn\msibm.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1> [PID: 1888][C:\Program Files\Messenger\msmsgs.exe] <Microsoft Corporation><4.7.3001> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [PID: 188][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] <Microsoft Corporation><7.00.9466> [PID: 508][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [PID: 900][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 3200][C:\Program Files\baigoo\bgoomain.exe] <BGoo><1, 0, 0, 1006> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007> [C:\Program Files\baigoo\bgooex.dll] <><1, 0, 0, 1007> [PID: 1708][D:\Program Files\Tencent\QQ\QQ.exe] <TENCENT><0, 0, 0, 0> [D:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\QQHelperDll.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\BasicCtrlDll.dll] <Tencent><5, 0, 200, 160> [C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [D:\Program Files\Tencent\QQ\QQAPI.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\TIMProxy.dll] <tencent><0, 3, 2, 4> [D:\Program Files\Tencent\QQ\LoginCtrl.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 3, 2, 1> [D:\Program Files\Tencent\QQ\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1> [D:\Program Files\Tencent\QQ\QQRes.dll] <tencent><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\QQMainFrame.dll] <N/A><N/A> [D:\Program Files\Tencent\QQ\CQQApplication.dll] <N/A><N/A> [D:\Program Files\Tencent\QQ\NewSkin.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\HostingMgr.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\CameraDll.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\MailSummary.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\QQSpace.dll] <><1, 0, 0, 1> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [D:\Program Files\Tencent\QQ\QQGroupMng.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\GroupLive.dll] <N/A><N/A> [D:\Program Files\Tencent\QQ\UserDefinedHead.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\QQPlugin.dll] <N/A><N/A> [D:\Program Files\Tencent\QQ\QQConfigPlugin.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\QQSysMsgMng.dll] <N/A><N/A> [D:\Program Files\Tencent\QQ\QRingMng.dll] <N/A><N/A> [D:\Program Files\Tencent\QQ\PhoneAPI.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\DialerAllinOne.dll] <tencent><1, 4, 0, 0> [D:\Program Files\Tencent\QQ\QQAvatar.dll] <N/A><N/A> [D:\Program Files\Tencent\QQ\FlashAvatarDll.dll] <><1, 4, 0, 1> [D:\Program Files\Tencent\QQ\LongConnection.dll] <tencent><5, 0, 200, 160> [D:\Program Files\Tencent\QQ\QQPet.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\BQQApplication.dll] <N/A><N/A> [D:\Program Files\Tencent\QQ\QQFileTransfer.dll] <Tencent><5, 0, 202, 180> [D:\Program Files\Tencent\QQ\CommercesMng.dll] <><1, 0, 0, 1> [D:\Program Files\Tencent\QQ\PersonalDesktop.dll] <深圳市騰訊電腦系統公司QQ工作小組><1, 0, 0, 2> [D:\Program Files\Tencent\QQ\QQAddr.dll] <深圳市騰訊電腦系統有限公司><5, 0, 101, 200> [D:\Program Files\Tencent\QQ\QQSceneMng.dll] <N/A><N/A> [D:\Program Files\Tencent\QQ\QQPhoneHelper.dll] <騰訊科技(深圳)有限公司><2, 0, 4, 40> [D:\Program Files\Tencent\QQ\QQAllInOne.dll] <N/A><N/A> [D:\Program Files\Tencent\QQ\SCCore.dll] <N/A><N/A> [D:\Program Files\Tencent\QQ\QQCustomFace.dll] <N/A><N/A> [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [C:\WINDOWS\system32\UNISPIM.IME] <北京清華紫光軟體股份有限公司><3.0.0.3045> [C:\WINDOWS\system32\upengine.dll] <北京清華紫光軟體股份有限公司><3.0.0.3045> [D:\Program Files\Tencent\QQ\GroupConnection.dll] <Tencent><5, 0, 202, 170> [D:\Program Files\Tencent\QQ\ImageOle.dll] <TODO: <Company name>><1.0.0.1> [D:\Program Files\Tencent\QQ\QQZip.dll] <tencent><0, 3, 2, 4> [C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax] <N/A><N/A> [C:\WINDOWS\system32\l3codecx.ax] <Fraunhofer Institut Integrierte Schaltungen IIS><1, 5, 0, 50> [D:\Program Files\Tencent\QQ\QQMagicFace.dll] <><1, 0, 0, 1> [PID: 2280][D:\Program Files\Tencent\QQ\TIMPlatform.exe] <tencent><0, 3, 1, 8> [C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [D:\Program Files\Tencent\QQ\TIMProxy.dll] <tencent><0, 3, 2, 4> [PID: 2912][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 3656][D:\Program Files\Maxthon\Maxthon.exe] <Maxthon International Ltd.><1, 5, 6, 42> [D:\Program Files\Maxthon\maxzlib.dll] < ><1, 0, 0, 2> [C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [C:\WINDOWS\system32\wmpdrm.dll] <Allsum Info. Tech. Ltd.><2, 0, 0, 1> [C:\PROGRA~1\baigoo\bgook.dll] <BAIGOO.COM><1, 0, 0, 1007> [C:\PROGRA~1\baigoo\plugin\bgoobar\bgoobar.dll] <BAIGOO><1, 0, 0, 1007> [C:\PROGRA~1\baigoo\plugin\bgoocos\bgoocos.dll] <BAIGOO><1.0.0.1007> [D:\Program Files\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1> [C:\WINDOWS\system32\UNISPIM.IME] <北京清華紫光軟體股份有限公司><3.0.0.3045> [C:\WINDOWS\system32\upengine.dll] <北京清華紫光軟體股份有限公司><3.0.0.3045> [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [PID: 4004][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A> [C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [PID: 2124][C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.984\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007> [C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1> [PID: 1776][C:\WINDOWS\system32\zshp1020.exe] <><1, 0, 1007, 0> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] A: <sysservice><C:\DOCUME~1\Admin\LOCALS~1\Temp\servicea.exe> <res><C:\WINDOWS\system32\res.exe> <supdate2.dll><RUNDLL32.EXE C:\WINDOWS\system32\supdate2.dll,Run> <Vision><C:\PROGRA~1\MMSASS~1\Mmsass~1.dll> <C:\WINDOWS\G_Server2.03.exe><N/A> [NT Data Provider / MOVEESS] <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087> 有問題 |
Q:
【求助】一個病毒---"alibaba2.exe"是什麼?請高手幫忙! 如題,我在BAIDU搜尋了沒有,在論壇裡也沒,請高手幫忙解決~~ 謝謝了~~ A: 請提供以下相關病毒報告(病毒日誌)訊息: 病毒名稱(完整的病毒名稱) 病毒檔案名,以及病毒文件所在的位置(完整路徑) 反病毒軟體的處理結果(清除/移除失敗等) 並請用 此帖 中的 System Repair Engineer 掃瞄一個log貼上來。 1 解壓縮Sreng2.zip 2 執行Sreng2.exe 3 智能掃瞄——掃瞄——儲存報告 4 把日誌sreng.log中的報告內容完整拷貝貼上來,不要修改。 掃瞄時請關閉所有你手動開啟的程序 sreng操作和修復教學 Q: C:\WINDOWS\System32\alibaba2.exe 我用的是卡巴的殺毒軟體 處理情況是可以移除的 以下的是sreng.log: 2006-07-20,14:16:29 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選: 所有的啟動項目(包括註冊表、啟動檔案夾、服務等) 瀏覽器載入項 正在執行的工作(包括工作模組訊息) 文件關聯 啟動項目 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation] <STYLEXP><C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide> [] <sys1><Rundll32.exe C:\WINDOWS\system32\Upsrv.dll,Run> [] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <1A:Stardock TrayMonitor><"C:\Program Files\Common Files\stardock\TrayServer.exe"> [Stardock] <RichMedia><C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\HBClient\tbhelper.dll",WaitWindows> [Shanghai Henbang Technology Co., Ltd] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation] <IESAddr><> [] <Update><C:\Program Files\Common Files\UPDAT\Update.exe> [] <StormCodec_Helper><"d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] ================================== 啟動檔案夾 [騰訊QQ] <C:\Documents and Settings\sxm20463\「開始」表單\程序\啟動\騰訊QQ.lnk><N> ================================== 服務 [kavsvc / kavsvc] <"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab> [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> [DNS 快取 / SOCEESe] <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A> [StyleXPService / StyleXPService] <"C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"><> ================================== 瀏覽器載入項 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [QuickBtn] {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <E:\Downloads\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [DragSearch BHO] {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A> [MMSAssist BHO] {6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, > [CpapView Class] {77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\Rundll32.dll, > [HBObject Class] {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\tbhelper.dll, Shanghai Henbang Technology Co., Ltd> [NTIECatcher Class] {C56CB6B0-0D96-11D6-8C65-B2868B609932} <D:\download\software\NetTransport 2\NTIEHelper.dll, Xi> [IEHlprObj Class] {CE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\system32\IEHelper.dll, > [浩方對戰平台] {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\Program Files\浩方對戰平台\GameClient.exe, 上海浩方在線資訊科技有限公司> [QuickBtn] {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent> [MMSAssistMenu] {6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, > [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Downloads\qq\QQ.EXE, TENCENT> [易趣購物] {DE607145-AC19-425e-862A-2D70ABDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=5, N/A> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <E:\Downloads\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [QuickBtn] {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <E:\Downloads\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [DragSearch BHO] {62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A> [MMSAssist BHO] {6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, > [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Active Desktop Mover] {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A> [CpapView Class] {77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\Rundll32.dll, > [HBObject Class] {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\tbhelper.dll, Shanghai Henbang Technology Co., Ltd> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [NTIECatcher Class] {C56CB6B0-0D96-11D6-8C65-B2868B609932} <D:\download\software\NetTransport 2\NTIEHelper.dll, Xi> [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [IEHlprObj Class] {CE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\system32\IEHelper.dll, > [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [ >> 彩信傳送 <<] <res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A> [上傳到QQ網路硬碟] <E:\Downloads\qq\AddToNetDisk.htm, N/A> [使用影音傳送帶下載] <D:\download\software\NetTransport 2\NTAddLink.html, N/A> [使用影音傳送帶下載全部連接] <D:\download\software\NetTransport 2\NTAddList.html, N/A> [匯出到 Microsoft Office Excel(&X)] <res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A> [增加到QQ自訂面板] <E:\Downloads\qq\AddPanel.htm, N/A> [增加到QQ表情] <E:\Downloads\qq\AddEmotion.htm, N/A> [用QQ彩信傳送該圖片] <E:\Downloads\qq\SendMMS.htm, N/A> ================================== 正在執行的工作 [PID: 616][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 680][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 704][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 748][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 760][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\upfdll.dll] <N/A><N/A> [PID: 908][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 956][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\upfdll.dll] <N/A><N/A> [PID: 1048][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\upfdll.dll] <N/A><N/A> [PID: 1080][C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe] <><0, 20, 0, 3000> [PID: 1172][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\upfdll.dll] <N/A><N/A> [PID: 1244][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\upfdll.dll] <N/A><N/A> [PID: 1532][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [PID: 1576][C:\WINDOWS\System32\SCardSvr.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1856][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.7190> [C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7190> [C:\WINDOWS\system32\nvshell.dll] <NVIDIA Corporation><6.14.10.10031> [C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62> [C:\WINDOWS\system32\Rundll32.dll] <><1, 0, 1, 1> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [C:\Program Files\CoolWebsite\QuickLink.dll] <Fengcent><1, 0, 0, 2> [C:\PROGRA~1\MMSASS~1\Mmsass~1.dll] <><1, 2, 0, 2> [D:\download\software\NetTransport 2\NTIEHelper.dll] <Xi><1.91.12> [PID: 184][C:\Program Files\Common Files\stardock\TrayServer.exe] <Stardock><v1.55> [PID: 196][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\PROGRA~1\HBClient\tbhelper.dll] <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 3> [PID: 220][C:\Program Files\Common Files\UPDAT\Update.exe] <N/A><N/A> [PID: 240][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 272][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\Upsrv.dll] <N/A><N/A> [PID: 424][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.7190> [C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7190> [PID: 480][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 876][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1020][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)> [PID: 148][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1472][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [d:\Program Files\AskTao\asktao.mod] <N/A><N/A> [d:\Program Files\AskTao\fmod.dll] <Firelight Technologies Pty, Ltd><3.74> [d:\Program Files\AskTao\memmgr.dll] <N/A><N/A> [d:\Program Files\AskTao\Communicate.dll] <N/A><N/A> [d:\Program Files\AskTao\gbits.dll] <N/A><N/A> [d:\Program Files\AskTao\report.dll] <N/A><N/A> [PID: 2452][E:\Downloads\qq\QQ.exe] <TENCENT><0, 0, 0, 0> [E:\Downloads\qq\QQBaseClassInDll.dll] <><1, 0, 0, 1> [E:\Downloads\qq\QQHelperDll.dll] <><1, 0, 0, 1> [E:\Downloads\qq\BasicCtrlDll.dll] <Tencent><5, 0, 200, 160> [E:\Downloads\qq\QQAPI.dll] <><1, 0, 0, 1> [E:\Downloads\qq\TIMProxy.dll] <tencent><0, 3, 2, 4> [E:\Downloads\qq\LoginCtrl.dll] <><1, 0, 0, 1> [E:\Downloads\qq\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 3, 2, 1> [E:\Downloads\qq\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1> [E:\Downloads\qq\QQRes.dll] <tencent><1, 0, 0, 1> [E:\Downloads\qq\QQMainFrame.dll] <N/A><N/A> [E:\Downloads\qq\CQQApplication.dll] <N/A><N/A> [C:\WINDOWS\system32\upfdll.dll] <N/A><N/A> [E:\Downloads\qq\NewSkin.dll] <><1, 0, 0, 1> [E:\Downloads\qq\HostingMgr.dll] <><1, 0, 0, 1> [E:\Downloads\qq\CameraDll.dll] <><1, 0, 0, 1> [E:\Downloads\qq\MailSummary.dll] <><1, 0, 0, 1> [E:\Downloads\qq\QQSpace.dll] <><1, 0, 0, 1> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [E:\Downloads\qq\QQGroupMng.dll] <><1, 0, 0, 1> [E:\Downloads\qq\GroupLive.dll] <N/A><N/A> [E:\Downloads\qq\LongConnection.dll] <tencent><5, 0, 200, 160> [E:\Downloads\qq\QQPlugin.dll] <N/A><N/A> [E:\Downloads\qq\ShareFiles.dll] <N/A><N/A> [E:\Downloads\qq\QQZip.dll] <tencent><0, 3, 2, 4> [E:\Downloads\qq\UserDefinedHead.dll] <><1, 0, 0, 1> [E:\Downloads\qq\QQConfigPlugin.dll] <><1, 0, 0, 1> [E:\Downloads\qq\QRingMng.dll] <N/A><N/A> [E:\Downloads\qq\PhoneAPI.dll] <><1, 0, 0, 1> [E:\Downloads\qq\DialerAllinOne.dll] <tencent><1, 4, 0, 0> [E:\Downloads\qq\QQAvatar.dll] <N/A><N/A> [E:\Downloads\qq\FlashAvatarDll.dll] <><1, 4, 0, 1> [E:\Downloads\qq\QQPet.dll] <><1, 0, 0, 1> [E:\Downloads\qq\QQSysMsgMng.dll] <N/A><N/A> [E:\Downloads\qq\videodevice.dll] <Tencent><1.5.0.0> [E:\Downloads\qq\inplus.dll] <Tencent><1.5.0.0> [C:\WINDOWS\system32\l3codeca.acm] <Fraunhofer Institut Integrierte Schaltungen IIS><1, 9, 0, 0305> [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [E:\Downloads\qq\QQAllInOne.dll] <N/A><N/A> [E:\Downloads\qq\SCCore.dll] <N/A><N/A> [E:\Downloads\qq\BQQApplication.dll] <N/A><N/A> [E:\Downloads\qq\QQCustomFace.dll] <N/A><N/A> [E:\Downloads\qq\CommercesMng.dll] <><1, 0, 0, 1> [E:\Downloads\qq\PersonalDesktop.dll] <深圳市騰訊電腦系統公司QQ工作小組><1, 0, 0, 2> [E:\Downloads\qq\QQUdpGetFileLib.dll] <tencent><0, 2, 2, 3> [E:\Downloads\qq\QQAddr.dll] <深圳市騰訊電腦系統有限公司><5, 0, 101, 200> [E:\Downloads\qq\QQSceneMng.dll] <N/A><N/A> [E:\Downloads\qq\QQPhoneHelper.dll] <騰訊科技(深圳)有限公司><2, 0, 4, 40> [E:\Downloads\qq\ImageOle.dll] <TODO: <Company name>><1.0.0.1> [E:\Downloads\qq\QQFileTransfer.dll] <Tencent><5, 0, 202, 180> [E:\Downloads\qq\GroupConnection.dll] <Tencent><5, 0, 202, 170> [PID: 2456][E:\Downloads\qq\TIMPlatform.exe] <tencent><0, 3, 1, 8> [E:\Downloads\qq\TIMProxy.dll] <tencent><0, 3, 2, 4> [PID: 1072][C:\Documents and Settings\sxm20463\桌面\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [C:\WINDOWS\system32\upfdll.dll] <N/A><N/A> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: <sys1><Rundll32.exe C:\WINDOWS\system32\Upsrv.dll,Run> <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] 感覺有問題,個人意見 卸載 酷站導航,很棒小秘書,雅虎助手,網路實名,mmsassist, 2 關閉所有視窗 ===〉執行sreng.exe ===〉啟動項目 ===〉註冊表 ===〉選下面的項目 ===〉移除 <sys1><Rundll32.exe C:\WINDOWS\system32\Upsrv.dll,Run> [] <RichMedia><C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\HBClient\tbhelper.dll",WaitWindows> <IESAddr><> [] <Update><C:\Program Files\Common Files\UPDAT\Update.exe> [] 3 啟動項目 ===〉服務 ===〉Win32 服務應用程式 ===〉勾選 「隱藏微軟服務」 ===〉選下面的項目 ===〉點選「移除服務」 ===〉設定 ===〉是 [DNS 快取 / SOCEESe] <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A> 4 系統修復 ===〉瀏覽器載入項 ===〉選下面的項目 ===〉移除所選內容 [QuickBtn] {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent> [DragSearch BHO] {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A> [MMSAssist BHO] {6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, > [CpapView Class] {77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\Rundll32.dll, > [HBObject Class] {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\tbhelper.dll, Shanghai Henbang Technology Co., Ltd> [IEHlprObj Class] {CE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\system32\IEHelper.dll, > [QuickBtn] {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent> [MMSAssistMenu] {6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, > [Active Desktop Mover] {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A> [CpapView Class] {77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\Rundll32.dll, > [HBObject Class] {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\tbhelper.dll, Shanghai Henbang Technology Co., Ltd> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [IEHlprObj Class] {CE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\system32\IEHelper.dll, > 5 重新啟動動進入安全模式(開機按F8,在等待介面選項「安全模式」),移除資料夾: C:\PROGRAM FILES\HBClient C:\Program Files\Common Files\UPDAT C:\Program Files\CoolWebsite C:\PROGRAM FILES\Yahoo! C:\PROGRAM FILES\MMSASSIST 文件: C:\WINDOWS\system32\Upsrv.dll C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL C:\WINDOWS\system32\Rundll32.dll C:\WINDOWS\system32\IEHelper.dll c:\system32\SHELL32.dll c:\system32\shdocvw.dll C:\WINDOWS\system32\upfdll.dll 同時清空臨時資料夾。 刪不掉的文件請使用 置頂帖子 中的 killbox 輔助處理。 執行 killbox.exe ===〉在「要移除的文件的完整路徑」中填入該檔案 ===〉移除文件 6 重新啟動動回到正常模式,用 惡意軟體清理助手 輔助清理剩餘的文件。 執行RogueCleaner.exe ===〉關閉所有視窗,僅保留RogueCleaner ===〉系統清理 ===〉惡意軟體清理 ===〉開始檢測 ===〉勾選「使用強制清理模式」 ===〉開始清理 7 至於你說的alibaba2.exe,移除了就沒有問題了。 8 另外問一下,這個資料夾 d:\Program Files\AskTao 中的東西是你自己安裝的? Q: d:\Program Files\AskTao 是一個叫做《問道》的網路遊戲 怎麼了?有問題的嗎? A: 那就!沒有問題了,我就是不熟悉,所以問你一下,以免操作失誤。 |
Q:
【求助】spoolsv工作無限佔用cpu資源的問題 麻煩大家幫我看看:就是最近我的電腦反應特別慢,發現spoolsv工作幾乎耗盡了cpu的全部資源。這個工作關閉以後可以恢復正常,但是列印機就沒法用了。我也試著在安全模式下去移除這個程序,可是好像沒用。請大家幫我出出主意,謝了 A: 請用 System Repair Engineer (SREng) 的智能掃瞄,掃瞄一個報告上來 1. 下載 SRENG2 ,並儲存到桌面 2. 解開壓縮包,執行SREng.exe 3. 按 智能掃瞄 ,確保智能掃瞄下的項目已經全部打勾,再按 掃瞄 4. 掃瞄完成後,按 儲存報告 ,把報告儲存到桌面 5. 開啟SREngLOG.log報告,把報告所有內容複製 + 貼上來 Q: 2006-07-21,08:04:08 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選: 所有的啟動項目(包括註冊表、啟動檔案夾、服務等) 瀏覽器載入項 正在執行的工作(包括工作模組訊息) 文件關聯 啟動項目 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] <Yahoo! Pager><"D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet> [] <msnmsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] <run><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation] <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation] <nwiz><; nwiz.exe /install> [] <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation] <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation] <愛眼大使><D:\Program Files\eyer\eyer\eyer.exe> [ElectricPower.cn] <KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize> [Kaspersky Lab] <UserFaultCheck><%systemroot%\system32\dumprep 0 -u> [] <DAEMON Tools-1033><; "C:\Program Files\D-Tools\daemon.exe" -lang 1033> [DAEMON'S HOME] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <CdnCtr><; "C:\Program Files\SearchNet\ServeUp.exe"> [] <DAEMON Tools-1033><; "C:\Program Files\D-Tools\daemon.exe" -lang 1033> [DAEMON'S HOME] <FeiyingUpdate><; C:\DOCUME~1\chn\LOCALS~1\Temp\~exB.exe> [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <MsnMsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <PCSuiteTrayApplication><; D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup> [Nokia] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <PcSync><; D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog> [Time Information Services Ltd.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <RaidTool><; C:\Program Files\VIA\RAID容錯式獨立磁碟陣列\raid_tool.exe> [VIA Technologies] <SearchNet_Up><; "C:\Program Files\SearchNet\ServeUp.exe"> [] <UnlockerAssistant><; C:\Program Files\Unlocker\UnlockerAssistant.exe> [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <Yahoo! Pager><; "D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet> [] ================================== 啟動檔案夾 服務 [Backbone Service / BBDemon] <d:\Program Files\Dassault Systemes\B15\intel_a\code\bin\CATSysDemon.exe -service><Dassault Systemes> [C-DillaCdaC11BA / C-DillaCdaC11BA] <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision> [kavsvc / kavsvc] <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"><Kaspersky Lab> [Moldflow Product Security / MFPS Daemon] <C:\Program Files\Moldflow\Product Security\mfpsd.exe><N/A> [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> [ServiceLayer / ServiceLayer] <"C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"><Nokia.> [Plastics Insight 5.0 Job Manager / synjm50] <C:\Program Files\Moldflow\Plastics Insight 5.0\bin\mpijm.exe><N/A> [Unigraphics Plot Server (ugiipqd) / ugiipqd] <C:\WINDOWS\system32\spool\ugplot\ugiipqd.exe><Unigraphics Solutions, Inc> [Unigraphics License Server (uglmd) / Unigraphics License Server (uglmd)] <"C:\Program Files\EDS\License Servers\UGNXFLEXlm\lmgrd.exe"><Macrovision Corporation> ================================== 瀏覽器載入項 [] {A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\原文件\KuGoo3V3.206\KuGoo3\KuGoo3DownXControl.ocx, N/A> [AxInputControl Class] {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, > [MessengerStatsClient Class] {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} <C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.> [Rising Web Scan Object] {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v13.dll, Thunder Networking Technologies,LTD> [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [NaviHelperObj Class] {3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINDOWS\system32\NaviHelper.dll, N/A> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [] {A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\原文件\KuGoo3V3.206\KuGoo3\KuGoo3DownXControl.ocx, N/A> [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [QuickBtn] {D1BB7CF4-4463-4E91-88D7-ECC3CE0A13B7} <C:\Program Files\CoolWebsite\QuickLink.dll, N/A> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.> [MessengerChecker Class] {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <D:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, TODO: <Company name>> [上傳到QQ網路硬碟] <D:\QQ2006\QQ\AddToNetDisk.htm, N/A> [使用KuGoo3下載(&K)] <F:\原文件\KuGoo3V3.206\KuGoo3\KuGoo3DownX.htm, N/A> [匯出到 Microsoft Office Excel(&X)] <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A> [增加到QQ自訂面板] <D:\QQ2006\QQ\AddPanel.htm, N/A> [增加到QQ表情] <D:\QQ2006\QQ\AddEmotion.htm, N/A> [用QQ彩信傳送該圖片] <D:\QQ2006\QQ\SendMMS.htm, N/A> ================================== 正在執行的工作 [PID: 692][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 772][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 796][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 848][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 860][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1024][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1088][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1176][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1300][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1396][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1692][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86> [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.0.0.86> [D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2> [F:\原文件\KuGoo3V3.206\KuGoo3\KuGoo3DownXControl.ocx] <N/A><N/A> [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0> [PID: 1956][D:\Program Files\eyer\eyer\eyer.exe] <ElectricPower.cn><0.9.6.11> [PID: 1976][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1984][D:\Program Files\Yahoo!\Messenger\ypager.exe] <N/A><N/A> [D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2> [D:\Program Files\Yahoo!\Messenger\ygxa_2.dll] <Yahoo! Inc.><2004, 2, 19, 1> [D:\Program Files\Yahoo!\Messenger\pcre.dll] <Pcre><3.9> [D:\Program Files\Yahoo!\Messenger\YML.dll] <N/A><3, 0, 0, 2> [D:\Program Files\Yahoo!\Messenger\YImage.dll] <Yahoo! Inc.><1, 0, 0, 1> [D:\Program Files\Yahoo!\Messenger\xmlparse.dll] <N/A><N/A> [D:\Program Files\Yahoo!\Messenger\xmltok.dll] <N/A><N/A> [D:\Program Files\Yahoo!\Messenger\ft60.dll] <Yahoo! Inc.><1.0.0.4> [D:\Program Files\Yahoo!\Messenger\res_msgr.dll] <Yahoo! Inc.><6, 0, 0, 1610> [C:\Program Files\Yahoo!\Shared\YbSkin2.dll] <Yahoo! Inc.><2005, 6, 3, 1> [D:\Program Files\Yahoo!\Messenger\MyYahoo.dll] <Yahoo! Inc.><6, 0, 0, 600> [D:\Program Files\Yahoo!\Messenger\D32-FW.DLL] <Distinct Corporation><3.4.6> [C:\WINDOWS\system32\icm32.dll] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0> [D:\Program Files\Yahoo!\Messenger\yvoicesm.dll] <N/A><1, 0, 201, 1> [D:\Program Files\Yahoo!\Messenger\yvoiceui.dll] <N/A><N/A> [D:\Program Files\Yahoo!\Messenger\yaudiomgr.dll] <N/A><1, 0, 200, 1> [D:\Program Files\Yahoo!\Messenger\yxtldr.dll] <N/A><1, 0, 200, 1> [D:\Program Files\Yahoo!\Messenger\rvsip.dll] <RADVISION><3.1.1.30> [D:\Program Files\Yahoo!\Messenger\rvcommon.dll] <RADVISION><1.0.18> [D:\Program Files\Yahoo!\Messenger\rvads.dll] <RADVISION><3.1.1.30> [D:\Program Files\Yahoo!\Messenger\rvsdp.dll] <RADVISION><> [D:\Program Files\Yahoo!\Messenger\yv_res.dll] <N/A><N/A> [D:\Program Files\Yahoo!\Messenger\eyeBeamAsDLL.dll] <N/A><N/A> [D:\Program Files\Yahoo!\Messenger\AEC_PC_DLL.dll] <N/A><N/A> [C:\Program Files\Yahoo!\Shared\YAlertCenter.dll] <Yahoo! Inc.><2004, 10, 20, 1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0> [PID: 1992][C:\Program Files\MSN Messenger\MsnMsgr.Exe] <Microsoft Corporation><8.0.0792.00> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0> [PID: 280][d:\Program Files\Dassault Systemes\B15\intel_a\code\bin\CATSysDemon.exe] <Dassault Systemes><5.15.0.5029> [PID: 296][C:\WINDOWS\system32\drivers\CDAC11BA.EXE] <Macrovision><4.20.020> [PID: 444][C:\Program Files\Moldflow\Product Security\mfpsd.exe] <N/A><N/A> [PID: 484][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.8185> [PID: 556][C:\Program Files\Moldflow\Plastics Insight 5.0\bin\mpijm.exe] <N/A><N/A> [PID: 604][C:\WINDOWS\system32\spool\ugplot\ugiipqd.exe] <Unigraphics Solutions, Inc><2.0.0.21> [C:\WINDOWS\system32\spool\ugplot\libplotq.dll] <Unigraphics Solutions, Inc><2.0.0.21> [C:\WINDOWS\system32\spool\ugplot\libsyss.dll] <Unigraphics Solutions, Inc><2.0.0.21> [PID: 720][C:\Program Files\EDS\License Servers\UGNXFLEXlm\lmgrd.exe] <Macrovision Corporation><8, 3, 2, 0> [PID: 1000][C:\Program Files\EDS\License Servers\UGNXFLEXlm\uglmd.exe] <N/A><N/A> [PID: 1676][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 2424][C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE] <Microsoft Corporation><11.0.5510> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\mcou.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\mcoup.dll] <Kaspersky Lab><5.0.0.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klcp.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\mcouloc.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\mailappl.dll] <Kaspersky Lab><5.0.388.1> [C:\PROGRA~1\MICROS~2\OFFICE11\OUTLCTL.DLL] <N/A><N/A> [D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\nfio.ppl] <Kaspersky Lab><5.0.388.0> [PID: 2652][C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE] <Microsoft Corporation><11.0.5604> [C:\Program Files\Microsoft Office\OFFICE11\STARTUP\MathPage.wll] <N/A><N/A> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\offguard.dll] <Kaspersky Lab><5.0.388.1> [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DI2011U.DLL] <KONICA MINOLTA BUSINESS TECHNOLOGIES,INC><1.00> [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DI2011L.DLL] <KONICA MINOLTA BUSINESS TECHNOLOGIES,INC><1.00> [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DI2011C.DLL] <KONICA MINOLTA BUSINESS TECHNOLOGIES,INC><1.00> [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DI2011K.DLL] <KONICA MINOLTA BUSINESS TECHNOLOGIES,INC><1.00> [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DI2011J.DLL] <KONICA MINOLTA BUSINESS TECHNOLOGIES,INC><1.0.0.0> [PID: 2900][D:\Program Files\Maxthon\Maxthon.exe] <MY Soft Technology><1, 5, 0, 53> [D:\Program Files\Maxthon\maxzlib.dll] < ><1, 0, 0, 2> [C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86> [C:\WINDOWS\system32\xunleibho_v13.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 48> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0> [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0> [D:\Program Files\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1> [D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [C:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll] <Gabest><1, 0, 1, 3> [C:\Program Files\Ringz Studio\Storm Codec\Codecs\empgdmx.ax] <Elecard Ltd.><1, 0, 19, 51017> [C:\WINDOWS\system32\RealMediaSplitter.ax] <Gabest><1, 0, 1, 0> [C:\WINDOWS\system32\ffdshow.ax] <N/A><1.0.2.2003> [PID: 1820][D:\Thunder\Thunder.exe] <Thunder Networking Technologies,LTD><5.1.3.168> [D:\Thunder\UpdateDownload.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 2> [D:\Thunder\download_interface.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 57> [D:\Thunder\log4cplus.dll] <><1, 0, 2, 1> [D:\Thunder\stlport_vc646.dll] <STLport Consulting, Inc.><4.6.2003.1031> [D:\Thunder\msgmanage.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 13> [D:\Thunder\historyinfo_manage.dll] <Thunder Networking Technologies,LTD><5, 2, 0, 148> [D:\Thunder\RegisterDll.dll] <Thunder Networking Technologies,LTD><1, 2, 0, 6> [D:\Thunder\FloatBar.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 2> [D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2> [C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86> [PID: 2236][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1584][C:\Documents and Settings\chn1.CHN\桌面\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [D:\Program Files\Yahoo!\Messenger\idle.dll] <Yahoo! Inc.><1, 0, 0, 2> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR Error. [AutoCADScriptFile] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: 關於Spoolsv.exe (所有資料通過收集整理) spoolsv - spoolsv.exe - 工作訊息 spoolsv - spoolsv.exe - 工作訊息 工作文件: spoolsv or spoolsv.exe 工作名稱: Printer Spooler Service 描述: Windows列印工作控制程序,用以列印機就緒。 一般錯誤: N/A 是否為系統工作: 是 如果目前你沒有自己的列印機而且不想用這台電腦列印資料,可以在「我的電腦」右鍵「管理」裡的「服務」項目中找到「Print Spooler(將文件載入到記憶體中以便遲後列印。)」找到,停止並且禁用就可以了。 後台列印程序和「資源耗盡」消息 問題描述 • 當重新啟動電腦或重新啟動後台列印程序服務時,接收到以下錯誤消息:Spoolsv.exe 無法啟動。 • 當開啟列印機內容時,接收到以下錯誤消息:「資源耗盡錯誤。」 • 列印我的文件時,接收到訪問衝突 (Dr. Watson) 錯誤消息。Dr. Watson 日誌附帶錯誤碼 C0000005 指向 Spoolsv.exe。接收到以下錯誤訊息,後台列印程序停止:<address> 的指令引用記憶體在 <address>。記憶體不可讀。 Spoolsv.exe 或「列印子系統不可用」消息 問題描述 啟動 Windows Server 2003 列印伺服器時,可能接收到以下錯誤消息:Spoolsv.exe 產生了一個錯誤。 而且,如果嘗試檢視列印機內容,可能接收到顯示「列印子系統不可用」的錯誤消息。 問題原因 後台列印服務可能已經停止。如果伺服器執行 Windows Server 2003 而使用為 Windows 98 或 Windows NT 設計的列印啟動程序,則也可能發生這種問題。 問題解決方案 1. 開啟註冊表編輯器 (RegEdt32.exe)。 2. 定位到註冊表以下鍵並將之移除: HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\ Control\\Print\\Printers\\ <Trouble Printer> 3. 結束註冊表編輯器。 補充: 前幾天感染了一個spoolsv.exe的木馬病毒,怎麼殺都殺不掉,殺了又來,最後找了下,發現spoolsv.exe的最新變種目前還沒有哪個軟體能殺掉,因此,將解決方法發怖在這裡,希望對大家有說明 spoolsv.exe是一種延緩列印木馬程序,它使電腦CPU使用率達到100%,從而使風扇保持高速嘈雜運轉。目前網上提供的方法或許能夠解決前期問題,但對最新的變種現象無能為力, Ctrl+Alt+Delete停止spoolsv.exe執行工作 重新啟動電腦進入安全模式,在C:/windows/system32/移除spoolsv.exe(或可用搜尋方式移除C碟所有同名文件) 執行regedit,用尋找方式找到並移除所有spoolsv文件。 我的電腦點擊右鍵,選項管理,服務,禁用print spooler服務(目前網上提供的方法僅到此) 重新啟動電腦進入系統一般模式,你會發現電腦還是處於高速運轉,但在搜尋中已找不到任何spoolsv相關文件。 Ctrl+Alt+Delete,你可以在工作中找到一個名為inter的後台執行程序,將其關閉即可。 強烈建議在套用以上步驟解決問題之後,執行反木馬程序掃瞄並移除感染文件。 1 卸載 中搜,酷站導航 2 關閉所有視窗 ===〉執行sreng.exe ===〉啟動項目 ===〉註冊表 ===〉選下面的項目 ===〉移除 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <CdnCtr><; "C:\Program Files\SearchNet\ServeUp.exe"> [] <FeiyingUpdate><; C:\DOCUME~1\chn\LOCALS~1\Temp\~exB.exe> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <SearchNet_Up><; "C:\Program Files\SearchNet\ServeUp.exe"> [] 3 系統修復 ===〉瀏覽器載入項 ===〉選下面的項目 ===〉移除所選內容 [AxInputControl Class] {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, > [NaviHelperObj Class] {3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINDOWS\system32\NaviHelper.dll, N/A> [QuickBtn] {D1BB7CF4-4463-4E91-88D7-ECC3CE0A13B7} <C:\Program Files\CoolWebsite\QuickLink.dll, N/A> 4 重新啟動動進入安全模式(開機按F8,在等待介面選項「安全模式」),移除資料夾: C:\Program Files\SearchNet C:\Program Files\CoolWebsite 文件: C:\DOCUME~1\chn\LOCALS~1\Temp\~exB.exe C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL C:\WINDOWS\system32\NaviHelper.dll 並清空臨時資料夾 刪不掉的文件請使用 置頂帖子 中的 killbox 輔助處理。 執行 killbox.exe ===〉在「要移除的文件的完整路徑」中填入該檔案 ===〉移除文件 5 重新啟動動回到正常模式,用 惡意軟體清理助手 輔助清理剩餘的文件。 執行RogueCleaner.exe ===〉關閉所有視窗,僅保留RogueCleaner ===〉系統清理 ===〉惡意軟體清理 ===〉開始檢測 ===〉勾選「使用強制清理模式」 ===〉開始清理 6 關於 中搜 的訊息還請再看看 cyberarmy 版主的帖子。 ==================================================================== 如果已經正常處理了有害程序,且不再出現問題的話,將標題標籤改為【已解決】。 |
Q:
中了Adware.Dinkum.a,大家幫幫忙啊 如題,瑞星清了幾次都沒成工大家幫幫忙啊 附System Repair 報告: 2006-07-23,19:22:53 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選: 所有的啟動項目(包括註冊表、啟動檔案夾、服務等) 瀏覽器載入項 正在執行的工作(包括工作模組訊息) 文件關聯 啟動項目 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] <run><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <SKYNET Personal FireWall><C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe> [廣州眾達天網技術有限公司] <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\Windows\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Themes] <WinlogonNotify: Themes><C:\WINDOWS\system32\m0rmla911d.dll> [] [HKEY_CURRENT_USER\Control Panel\Desktop] <SCRNSAVE.EXE><; F:\7\7\Kv2006\KVSCRK~1.SCR> [Jiangmin Co.Ltd] ================================== 啟動檔案夾 服務 [Rising Process Communication Center / RsCCenter] <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [RsRavMon Service / RsRavMon] <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [User Profile Hive Cleanup / UPHClean] <C:\Program Files\UPHClean\uphclean.exe><Microsoft Corporation> ================================== 瀏覽器載入項 [微軟] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.microsoft.com/china/index.htm, N/A> [啟動Web迅雷] {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\QQ2005\QQ.EXE, TENCENT> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\QQ2005\QQIEHelper.dll, N/A> [&Google] {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.> [WebThunder Browser Helper] {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_010.dll, Thunder Networking Technologies,LTD> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A> [超級兔子上網精靈] {43869BB3-22FD-4F15-9B46-238106BA2F4E} <, N/A> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\QQ2005\QQIEHelper.dll, N/A> [超級兔子上網精靈] {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <, N/A> [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <F:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin06.dll, Thunder Networking Technologies,LTD> [Microsoft Web 瀏覽器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <f:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD> [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, N/A> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [NTIECatcher Class] {C56CB6B0-0D96-11D6-8C65-B2868B609932} <, N/A> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.> [&使用迅雷下載] <f:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A> [&使用迅雷下載全部連接] <f:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A> [上傳到QQ網路硬碟] <D:\Program Files\QQ2005\AddToNetDisk.htm, N/A> [增加到QQ自訂面板] <D:\Program Files\QQ2005\AddPanel.htm, N/A> [增加到QQ表情] <D:\Program Files\QQ2005\AddEmotion.htm, N/A> [用QQ彩信傳送該圖片] <D:\Program Files\QQ2005\SendMMS.htm, N/A> ================================== 正在執行的工作 [PID: 1740][C:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\mwjet40.dll] <N/A><N/A> [C:\WINDOWS\system32\DRWEBSP.DLL] <Doctor Web, Ltd.><4.33.0.09160> [PID: 312][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21> [C:\WINDOWS\system32\mwjet40.dll] <N/A><N/A> [PID: 580][C:\Program Files\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22> [C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2> [C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11> [C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1> [PID: 1060][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1164][C:\Program Files\Rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 30> [C:\Program Files\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24> [C:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19> [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2> [C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11> [C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1> [C:\Program Files\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5> [PID: 3144][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\DRWEBSP.DLL] <Doctor Web, Ltd.><4.33.0.09160> [C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [C:\WINDOWS\system32\vsfilter.dll] <Gabest><1, 0, 0, 9> [C:\Program Files\ffdshow\ffdshow.ax] <N/A><1, 0, 0, 1> [PID: 1004][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A> [PID: 2864][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 3456][C:\DOCUME~1\212\LOCALS~1\Temp\Rar$EX05.499\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [C:\WINDOWS\system32\DRWEBSP.DLL] <Doctor Web, Ltd.><4.33.0.09160> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: 1. 找出以下檔案,上傳到 VirusTotal ,並在此貼上掃瞄結果 C:\WINDOWS\system32\mwjet40.dll 2. a) 下載F-Look2Me ,儲存到桌面上 b) 把f-look2me.zip壓縮包解開到桌面,執行 f-look2me.exe , 按 Y 繼續 c) F-Look2Me 找到 Look2Me 後, 會提示你要重新啟動 d) 重新啟動電腦後,把 F-Look2Me.log (不是f-look2me.txt) 的內容貼上來,並掃瞄一個新的HijackThis log上來 Q: 我執行Look2Me 都沒有重新啟動 日誌是 2006-06-23 19:34:44 INFO Look2Me was not found. 2006-06-23 19:35:20 INFO F-Look2Me Removal Tool ver 1.00.0 2006-06-23 19:35:20 INFO Copyright (c) 2006, F-Secure Corporation. All rights reserved. 2006-06-23 19:35:20 WARN Disclaimer of Warranty on Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND. F-SECURE EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 2006-06-23 19:35:20 WARN For full license terms please visit: 2006-06-23 19:35:20 WARN http://www.f-secure.com/products/license-terms/ 2006-06-23 19:35:23 INFO Agreed. 2006-06-23 19:35:23 INFO Look2Me was not found. 這是HijackThis log Logfile of HijackThis v1.99.1 Scan saved at 19:37:43, on 2006-7-23 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Rising\Rav\RavStub.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Rising\Rav\RavTask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Rising\Rav\Ravmon.exe C:\WINDOWS\system32\conime.exe f:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\212\桌面\hijackthis\HijackThis.exe O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &使用迅雷下載 - f:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下載全部連接 - f:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm O8 - Extra context menu item: 上傳到QQ網路硬碟 - D:\Program Files\QQ2005\AddToNetDisk.htm O8 - Extra context menu item: 增加到QQ自訂面板 - D:\Program Files\QQ2005\AddPanel.htm O8 - Extra context menu item: 增加到QQ表情 - D:\Program Files\QQ2005\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信傳送該圖片 - D:\Program Files\QQ2005\SendMMS.htm O9 - Extra button: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing) O9 - Extra 'Tools' menuitem: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing) O9 - Extra button: 啟動Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing) O9 - Extra 'Tools' menuitem: 啟動Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing) O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE O9 - Extra 'Tools' menuitem: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE O9 - Extra button: QQ炫彩工具條設定 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2005\QQIEHelper.dll (file missing) O9 - Extra 'Tools' menuitem: QQ炫彩工具條設定 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2005\QQIEHelper.dll (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{2DD48FA2-2895-4116-8CAD-CA0273BB7FFB}: NameServer = 60.191.244.5 60.191.244.2 O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\m0rmla911d.dll O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe A: VirusTotal 的掃瞄結果是 STATUS: FINISHEDComplete scanning result of "mwjet40.dll", received in VirusTotal at 07.23.2006, 14:02:18 (CET). Antivirus Version Update Result AntiVir n - no virus found Authentium n - no virus found Avast n - no virus found AVG n - no virus found BitDefender n - no virus found CAT-QuickHeal n - no virus found ClamAV n - no virus found DrWeb n - no virus found eTrust-InoculateIT n - no virus found eTrust-Vet n - no virus found Ewido n - no virus found Fortinet n - no virus found F-Prot n - no virus found F-Prot4 n - no virus found Ikarus n - no virus found Kaspersky n - no virus found McAfee n - no virus found Microsoft n - no virus found NOD32v2 n - no virus found Norman n - no virus found Panda n - no virus found Sophos n - no virus found Symantec n - no virus found TheHacker n - no virus found UNA n - no virus found VBA32 n - no virus found VirusBuster n - no virus found Q: 等待中,拜託高手了,急啊 A: QUOTE: 引用第2樓7385587於2006-07-23 20:03發表的「」: 我執行Look2Me 都沒有重新啟動 日誌是 2006-06-23 19:34:44 INFO Look2Me was not found. 2006-06-23 19:35:20 INFO F-Look2Me Removal Tool ver 1.00.0 2006-06-23 19:35:20 INFO Copyright (c) 2006, F-Secure Corporation. All rights reserved. ....... 按 [Copy to clipboard] 複製以下所有文字 CODE: Files to delete: C:\WINDOWS\system32\m0rmla911d.dll Registry keys to delete: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Themes [Copy to clipboard] The Avenger a) 下載 The Avenger,儲存到桌面並解開壓縮包 b) 執行 The Avenger , 按 Input script manually 再按 放大鏡 c) 按 Ctrl + V/右click貼上剛才複製的內容 ,按 Done ,按 綠燈 開始,當有提示彈出, 按 Yes 兩次 d) The Avenger 會重新啟動你的電腦大約一至兩次,如果重新啟動時有黑色視窗彈出,這是正常情況 e) 當重新啟動後,把 C:\avenger.txt 的內容貼上來,並請同時掃瞄一個新的HijackThis log上來 Q: 打不開放大鏡啊提示: error:could not open script file. please verify that path name is vaild and file exists ------------- 鋼材錯了,可以執行的 avenger: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\osbbdghh ******************* Script file located at: \??\C:\Documents and Settings\tnvqyutu.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\m0rmla911d.dll not found! Deletion of file C:\WINDOWS\system32\m0rmla911d.dll failed! Could not process line: C:\WINDOWS\system32\m0rmla911d.dll Status: 0xc0000034 Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Themes not found! Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Themes failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 20:43:38, on 2006-7-23 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Rising\Rav\RavStub.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Rising\Rav\RavTask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Rising\Rav\Ravmon.exe C:\WINDOWS\system32\conime.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\212\桌面\hijackthis\HijackThis.exe O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &使用迅雷下載 - f:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下載全部連接 - f:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm O8 - Extra context menu item: 上傳到QQ網路硬碟 - D:\Program Files\QQ2005\AddToNetDisk.htm O8 - Extra context menu item: 增加到QQ自訂面板 - D:\Program Files\QQ2005\AddPanel.htm O8 - Extra context menu item: 增加到QQ表情 - D:\Program Files\QQ2005\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信傳送該圖片 - D:\Program Files\QQ2005\SendMMS.htm O9 - Extra button: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing) O9 - Extra 'Tools' menuitem: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing) O9 - Extra button: 啟動Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing) O9 - Extra 'Tools' menuitem: 啟動Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing) O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE O9 - Extra 'Tools' menuitem: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE O9 - Extra button: QQ炫彩工具條設定 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2005\QQIEHelper.dll (file missing) O9 - Extra 'Tools' menuitem: QQ炫彩工具條設定 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2005\QQIEHelper.dll (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{2DD48FA2-2895-4116-8CAD-CA0273BB7FFB}: NameServer = 60.191.244.5 60.191.244.2 O20 - Winlogon Notify: Run - C:\WINDOWS\system32\naapi32.dll O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe A: ...奇怪 a) 下載Look2Me-Destroyer ,儲存到 C:\ b) 執行 Look2Me-Destroyer.exe , 在 Run this program as a task 打勾,之後會提示你過一會就會自動再次執行 c) 當 Look2Me-Destroyer 自動執行,按 Scan for L2M button,這時候你的桌面圖示可能會消失 d) 掃瞄完成後,按 Remove L2M button ,當完成後, Look2Me-Destroyer 會提示你將會關閉電腦 e) 電腦關閉後,再次啟動你的電腦,把桌面Look2Me-Destroyer.txt 或C:\Look2Me-Destroyer.txt 的內容貼上來,並掃瞄一個新的HijackThis log上來 PS: 如果過一會(大約一至兩分鍾)不會自動再次執行 請驗證 -電腦時間格式為 H:mm:ss -Look2Me-Destroyer.exe放在C:\ Q: Look2Me-Destroyer日誌: Look2Me-Destroyer V1.0.12 Scanning for infected files..... Scan started at 2006-7-23 21:20:27 Infected! C:\WINDOWS\system32\naapi32.dll Attempting to delete infected files... Attempting to delete: C:\WINDOWS\system32\naapi32.dll C:\WINDOWS\system32\naapi32.dll Deleted successfully! Making registry repairs. Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D290EBBB-76A0-48B1-B894-3E5E7A8E236E}" HKCR\Clsid\{D290EBBB-76A0-48B1-B894-3E5E7A8E236E} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5EA8FC6F-FF5F-47E1-A34F-C19B85830638}" HKCR\Clsid\{5EA8FC6F-FF5F-47E1-A34F-C19B85830638} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{222CFF09-A539-4E70-83C2-64269DA2F7BD}" HKCR\Clsid\{222CFF09-A539-4E70-83C2-64269DA2F7BD} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{40180886-B9C9-48DD-A53A-A6CB46FDD425}" HKCR\Clsid\{40180886-B9C9-48DD-A53A-A6CB46FDD425} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2FACA6B4-778C-4224-9D5A-249E9B889CF6}" HKCR\Clsid\{2FACA6B4-778C-4224-9D5A-249E9B889CF6} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1481D568-5A0F-4D63-A7FB-E9FCE2188BF9}" HKCR\Clsid\{1481D568-5A0F-4D63-A7FB-E9FCE2188BF9} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B39636E6-581A-4CAB-905F-95EC4518B13C}" HKCR\Clsid\{B39636E6-581A-4CAB-905F-95EC4518B13C} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{DC411158-F158-4867-9287-38B7C75CFF82}" HKCR\Clsid\{DC411158-F158-4867-9287-38B7C75CFF82} Restoring Windows certificates. Replaced hosts file with default windows hosts file Restoring SeDebugPrivilege for Administrators - Succeeded hijackthis日誌: Logfile of HijackThis v1.99.1 Scan saved at 21:26:07, on 2006-7-23 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Rising\Rav\RavStub.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Rising\Rav\RavMon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\212\桌面\hijackthis\HijackThis.exe O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe O4 - HKLM\..\Run: [RavTask] "D:\瑞星殺毒\Rising\Rav\RavTask.exe" -system O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &使用迅雷下載 - f:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下載全部連接 - f:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm O8 - Extra context menu item: 上傳到QQ網路硬碟 - D:\Program Files\QQ2005\AddToNetDisk.htm O8 - Extra context menu item: 增加到QQ自訂面板 - D:\Program Files\QQ2005\AddPanel.htm O8 - Extra context menu item: 增加到QQ表情 - D:\Program Files\QQ2005\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信傳送該圖片 - D:\Program Files\QQ2005\SendMMS.htm O9 - Extra button: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing) O9 - Extra 'Tools' menuitem: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing) O9 - Extra button: 啟動Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing) O9 - Extra 'Tools' menuitem: 啟動Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing) O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE O9 - Extra 'Tools' menuitem: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE O9 - Extra button: QQ炫彩工具條設定 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2005\QQIEHelper.dll (file missing) O9 - Extra 'Tools' menuitem: QQ炫彩工具條設定 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ2005\QQIEHelper.dll (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{2DD48FA2-2895-4116-8CAD-CA0273BB7FFB}: NameServer = 60.191.244.5 60.191.244.2 O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe A: QUOTE: 引用第10樓7385587於2006-07-23 21:30發表的「」: Look2Me-Destroyer日誌: Look2Me-Destroyer V1.0.12 Scanning for infected files..... Scan started at 2006-7-23 21:20:27 ....... 哈哈~~Look2Me 已經清除了~~ 你有沒有裝過Dr.Web?? Q: 沒啊,還是第一次聽到Dr.Web,他是什麼用的? A: Re:【求助】中了Adware.Dinkum.a,大家幫幫忙啊 QUOTE: 引用第12樓7385587於2006-07-23 21:51發表的「」: 沒啊,還是第一次聽到Dr.Web,他是什麼用的? 奇怪~~為什麼你有Dr.Web/Virus Chaser的東西..... Suggest你把drwebsp.dll清除 1. 下載 LSPFix 並儲存到桌面 2. 執行 LSPFix , 在 I know what I'm doing 打勾 3. 把 drwebsp.dll 放到 右邊 Remove, 按 Finish 4. 重新啟動電腦即可 |
Q:
【求助】碰到流氓網站:嘟呲實用導航 更改我的主頁, 怎麼刪都刪不掉。用超級兔子也修復不了。 這年頭上網怎麼到處都是流氓軟件,流氓網站啊!!! A: 1.下載最新官方版本System Repair Engineer : http://www.kztechs.com/sreng/download.html 使用方法: 解壓到隨意資料夾,執行SREng.exe,點擊"智慧式掃瞄"->"掃瞄"->"儲存報告".然後把報告發上來供高手分析. Q: 2006-08-03,12:37:20 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] <bgswitch><C:\WINDOWS\system32\bgswitch.exe> [] <OM_Monitor><C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart> [OLYMPUS IMAGING CORP.] <Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] <run><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation] <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <DAEMON Tools><"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033> [DT Soft Ltd.] <ATIModeChange><Ati2mdxx.exe> [ATI Technologies, Inc.] <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.] <Smapp><C:\Program Files\Analog Devices\SoundMAX\SMTray.exe> [Analog Devices, Inc.] <BigDogPath><C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera> [] <vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation] <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation] <Acrobat Assistant 7.0><"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"> [Adobe Systems Inc.] <OM_Monitor><C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe> [OLYMPUS IMAGING CORP.] <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh] <Vistadrv><C:\Program Files\Vista\systool\Vistadrive\vsdrv.exe> [] <Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] <SKYNET Personal FireWall><C:\Program Files\SkyNet\FireWall\PFW.exe> [廣州眾達天網技術有限公司] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] <WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll> [] ================================== 啟動資料夾 [Adobe Acrobat Speed Launcher] <C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Adobe Acrobat Speed Launcher.lnk><N> [Flash Video] <C:\Documents and Settings\Administrator\「開始」表菜單\程式\啟動\Flash Video.lnk><N> ================================== 服務 [Adobe LM Service / Adobe LM Service] <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems> [Ati HotKey Poller / Ati HotKey Poller] <C:\WINDOWS\system32\Ati2evxx.exe><N/A> [DefWatch / DefWatch] <C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation> [InstallDriver Table Manager / IDriverT] <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation> [kavsvc / kavsvc] <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe><Kaspersky Lab> [Symantec AntiVirus Client / Norton AntiVirus Server] <C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation> [SoundMAX Agent Service / SoundMAX Agent Service (default)] <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.> ================================== 瀏覽器載入項 [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [VnetCookie Class] {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, > [AcroIEToolbarHelper Class] {AE7CD045-E861-484f-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated> [使用網文快捕儲存當前網頁...] {0246d4c7-57d6-41eb-ae55-cc9a883929da} <, N/A> [使用網文快捕儲存...] {0246d4c7-57d6-41eb-ae55-cc9a883929db} <, N/A> [] {0246d4c7-57d6-41eb-ae55-cc9a883929de} <C:\Program Files\WebCatcher\WebCatcher.exe, Wizissoft> [FlashGet Bar] {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft> [Easy-WebPrint] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} <C:\Program Files\Canon\Easy-WebPrint\Toolband.dll, > [Adobe PDF] {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated> [金山快譯(&K)] {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2006\IEBand.dll, 金山軟件股份有限公司> [WebActivater Control] {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\system32\WEBACT~1.OCX, QQ> [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [Easy-WebPrint] {327C2873-E90D-4C37-AA9D-10AC9BABA46C} <C:\Program Files\Canon\Easy-WebPrint\Toolband.dll, > [Adobe PDF] {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated> [VnetCookie Class] {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, > [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [金山快譯(&K)] {6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2006\IEBand.dll, 金山軟件股份有限公司> [Microsoft Web 瀏覽器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [AcroIEToolbarHelper Class] {AE7CD045-E861-484F-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [FlashGet Bar] {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft> [使用網際快車下載] <C:\Program Files\FlashGet\jc_link.htm, N/A> [使用網際快車下載全部鏈接] <C:\Program Files\FlashGet\jc_all.htm, N/A> [匯出到 Microsoft Office Excel(&X)] <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A> [轉換為 Adobe PDF] <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A> [轉換為現有 PDF] <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A> [轉換選定的鏈接為 Adobe PDF] <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A> [轉換選定的鏈接為現有 PDF] <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A> [轉換選項為 Adobe PDF] <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A> [轉換選項為現有 PDF] <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A> [轉換鏈接目標為 Adobe PDF] <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A> [轉換鏈接目標為現有 PDF] <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A> ================================== 正在執行的工作行程 [PID: 476][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 536][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 560][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [C:\WINDOWS\system32\NavLogon.dll] <N/A><N/A> [PID: 612][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 624][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 780][C:\WINDOWS\system32\Ati2evxx.exe] <N/A><N/A> [PID: 792][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 844][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 892][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\System32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 1356][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 1384][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 1536][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [C:\Program Files\Tencent\QQ\Messenger.dll] <N/A><N/A> [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><6.0.1.2003110300> [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS] <Adobe Systems, Inc.><7.0.0.0> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><8.1.0.821> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.142.1> [C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll] <Adobe Systems Inc.><7.0.0.2004121400\0> [C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.chs] <Adobe Systems Inc.><7.0.0.2004121400\0> [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0> [PID: 1676][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [C:\WINDOWS\system32\AdobePDF.dll] <Adobe Systems Incorporated.><7.0.0.00> [C:\Program Files\Adobe\Acrobat 7.0\Distillr\AdistRes.CHS] <N/A><N/A> [C:\WINDOWS\system32\CNMLM52.DLL] <CANON INC.><1.70.2.2> [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD52.DLL] <CANON INC.><1.70.2.2> [PID: 1940][C:\Program Files\DAEMON Tools\daemon.exe] <DT Soft Ltd.><4.03.0.0> [C:\Program Files\DAEMON Tools\daemon.dll] <DT Soft Ltd.><4.03.0.0> [C:\Program Files\DAEMON Tools\PFCTOC.DLL] <Padus(R), Inc.><1, 0, 0, 12> [C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll] <N/A><1.0.6.0> [C:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll] <GENERIC><1.10.0.0> [C:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll] <GENERIC><1.12.0.0> [C:\Program Files\DAEMON Tools\Plugins\Images\nrgmount.dll] <GENERIC><1.11.0.0> [C:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll] <GENERIC><1.01.0.0> [PID: 1956][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] <ATI Technologies, Inc.><6.14.10.5061> [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] <ATI Technologies, Inc.><6.14.10.5061> [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS] <ATI Technologies, Inc.><6.14.10.5061> [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] <ATI Technologies, Inc.><6.14.10.5061> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 1968][C:\Program Files\Analog Devices\SoundMAX\SMTray.exe] <Analog Devices, Inc.><3, 2, 18, 0> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 1976][C:\WINDOWS\VM_STI.EXE] <VM.><4.2.610.4> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [C:\WINDOWS\system32\VM31bPrp.Ax] <VM><4.2.711.31> [PID: 1984][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] <Symantec Corporation><8.1.0.821> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><8.1.0.821> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1> [PID: 1996][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3208> [PID: 2016][C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe] <Adobe Systems Inc.><6.0.1.2004121400> [C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.chs] <Adobe Systems Inc.><6.0.0.0> [PID: 256][C:\Program Files\Tencent\QQ\Messenger.exe] <N/A><N/A> [PID: 344][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 408][C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe] <Symantec Corporation><8.1.0.821> [PID: 524][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] <Microsoft Corporation><7.00.9466> [PID: 740][C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe] <Symantec Corporation><8.1.0.821> [C:\WINDOWS\system32\CBA.DLL] <Intel? Corporation><6.12.0.105 E> [C:\WINDOWS\system32\MsgSys.dll] <Intel? Corporation><6.12.0.105 E> [C:\WINDOWS\system32\NTS.dll] <Intel? Corporation><6.12.0.105 E> [C:\WINDOWS\system32\PDS.DLL] <Intel? Corporation><6.12.0.105 E> [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll] <Symantec Corporation><8.1.0.821> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1> [C:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll] <Symantec Corporation><8.1.0.821> [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL] <Symantec Corp.><4.2.0.7> [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060726.039\NAVEX32a.DLL] <Symantec Corporation><20061.2.0.24> [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060726.039\NAVENG32.DLL] <Symantec Corporation><20061.2.0.24> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL] <Symantec Corporation><9.1.0.26> [PID: 1056][C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe] <Adobe Systems Incorporated><7.0.0.0> [PID: 1068][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] <Analog Devices, Inc.><3, 2, 6, 0> [PID: 1076][C:\Program Files\flvplayer\flvplayer.exe] <N/A><N/A> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [PID: 1960][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\System32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 228][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 216][C:\Program Files\Chinanet\VnetClient.exe] <><2005, 11, 14, 1> [C:\Program Files\Chinanet\Communicate.dll] <0><2005, 3, 3, 1> [C:\Program Files\Chinanet\DialModule.dll] <GDCN><2005, 11, 15, 1> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [C:\PROGRA~1\Chinanet\CLIENT~1.DLL] <><2004, 2, 28, 1> [C:\PROGRA~1\Chinanet\PLUGIN~1.OCX] <><2005, 7, 27, 1> [C:\PROGRA~1\Chinanet\sign.dll] <0><2004, 12, 1, 1> [C:\PROGRA~1\Chinanet\PostPlug.dll] <><2004, 12, 16, 2> [C:\PROGRA~1\Chinanet\ADVERT~1.OCX] <><2005, 10, 13, 1> [C:\PROGRA~1\Chinanet\VnetBs.ocx] <><2004, 11, 18, 1> [C:\PROGRA~1\Chinanet\ACCOUN~2.DLL] <><2005, 11, 14, 1> [C:\PROGRA~1\Chinanet\AccountMgr.dll] <><2005, 11, 14, 17> [C:\PROGRA~1\Chinanet\VnetSkin.ocx] <GDDC><2005, 11, 14, 1> [C:\PROGRA~1\Chinanet\DialogStyle.dll] <><1, 0, 0, 1> [C:\PROGRA~1\Chinanet\Timer.ocx] <><2005, 10, 9, 14> [C:\PROGRA~1\Chinanet\PLUGIN~2.OCX] <><2005, 2, 24, 1> [C:\PROGRA~1\Chinanet\NEWMES~1.DLL] <><2005, 8, 26, 1> [C:\PROGRA~1\Chinanet\PassCtrl.dll] <><1, 0, 0, 1> [C:\PROGRA~1\Chinanet\PlugPush.dll] <><2004, 12, 21, 1> [C:\PROGRA~1\Chinanet\ALLINT~1.DLL] <><2004, 11, 23, 1> [C:\PROGRA~1\Chinanet\VNETLO~1.OCX] <><2005, 10, 9, 1> [C:\PROGRA~1\Chinanet\StatNum.dll] <><2004, 11, 18, 1> [C:\PROGRA~1\Chinanet\VNETON~1.OCX] <><2005, 3, 2, 1> [C:\PROGRA~1\Chinanet\ALLFUN~1.DLL] <GDCN><2005, 10, 9, 1> [C:\PROGRA~1\Chinanet\VnetOptLog.dll] <><2005, 9, 13, 9> [C:\WINDOWS\system32\IeFilter.dll] <N/A><N/A> [C:\PROGRA~1\Chinanet\DlgSkin.ocx] <><2005, 11, 14, 1> [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [PID: 2428][C:\GreenBrowserV3.4\GreenBrowser.exe] <MoreQuick><1, 0, 0, 0> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 2972][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> [PID: 3056][C:\Documents and Settings\Administrator\My Documents\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 A: 再次執行 System Repair Engineer 在「啟動專案」->「註冊表」中刪除下面專案 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] C:\Program Files\Tencent\QQ\Messenger.exe <--刪除此文件 C:\Program Files\Tencent\QQ\Messenger.dll <--刪除此文件 下載Dr.Web CureIT! 免費掃瞄器,包含最新病毒庫,可以檢測清除病毒 ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe 自解壓格式,下載後直接執行cureit.exe,或者右鍵解壓縮後執行其中的_start.exe 先按「確定」進行「Start Express Scan」 執行殺毒,先會自動掃瞄記憶體工作行程和啟動項,自動掃瞄結束後,用滑鼠選中所有的硬碟分區再次殺毒. 最後把殺毒報告發上來,開始->執行 %USERPROFILE%\DoctorWeb\CureIt.log |
Q:
求助】幫我看看我的報告~ 2006-08-03,14:02:15 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 1 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [NVIDIA Corporation] <avgnt><"D:\AntiVir PersonalEdition Classic\avgnt.exe" /min> [Avira GmbH] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><KB235780M.LOG> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] ================================== 啟動資料夾 服務 [AntiVir PersonalEdition Classic Scheduler / AntiVirScheduler] <D:\AntiVir PersonalEdition Classic\sched.exe><Avira GmbH> [AntiVir PersonalEdition Classic Guard / AntiVirService] <D:\AntiVir PersonalEdition Classic\avguard.exe><AVIRA GmbH> [LexBce Server / LexBceS] <C:\WINDOWS\system32\LEXBCES.EXE><Lexmark International, Inc.> [Local Security Authority Subsystem Service / lsass] <><N/A> [Network Monitor / Network Monitor] <C:\Program Files\Network Monitor\netmon.exe service><N/A> [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation> [VKTServ / VKTServ] <C:\WINDOWS\System32\VKTServ.exe><N/A> [Microsoft Windows HelpFile / Windows Helpfile] <><N/A> ================================== 瀏覽器載入項 [Tencent Browser Helper] {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr1.dll, Tencent> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [訊息檢索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation> [@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [金山快譯(&K)] {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\PROGRA~1\Kingsoft\FASTAI~1\IEBand.dll, > [UCmore XP - The Search Accelerator] {44BE0690-5429-47f0-85BB-3FFD8020233E} <C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll, Effective-i Inc.> [電台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation> [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.> [上傳到QQ網路硬碟] <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A> [匯出到 Microsoft Office Excel(&X)] <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A> [新增到QQ自定義面板] <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A> [新增到QQ表情] <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A> [用QQ彩信發送該圖片] <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A> ================================== 正在執行的工作行程 [PID: 420][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [PID: 484][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 508][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [PID: 552][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 564][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [PID: 732][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 784][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 964][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 976][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 1092][C:\WINDOWS\system32\LEXBCES.EXE] <Lexmark International, Inc.><9.42> [C:\WINDOWS\system32\lexp2p32.dll] <Lexmark International, Inc.><9.42> [C:\WINDOWS\system32\lex2kusb.dll] <Lexmark International, Inc.><9.42> [PID: 1128][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.1699 (xpsp2.050610-1533)> [C:\WINDOWS\system32\LEXLMPM.DLL] <Lexmark International, Inc.><96.9.42> [C:\WINDOWS\system32\LexBce.dll] <Lexmark International, Inc.><9.42> [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LVBZPP5C.dll] <Lenovo (Beijing) Ltd.><1.0.2.3> [C:\WINDOWS\system32\LVBZpwr.dll] <Lenovo (Beijing) Ltd.><1, 0, 1, 0> [PID: 1132][C:\WINDOWS\system32\LEXPPS.EXE] <Lexmark International, Inc.><9.42> [C:\WINDOWS\system32\LEXBCE.DLL] <Lexmark International, Inc.><9.42> [PID: 1872][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)> [C:\WINDOWS\System32\nvshell.dll] <NVIDIA Corporation><6.14.10.5303> [C:\WINDOWS\System32\NVWRSZHC.DLL] <NVIDIA Corporation><6.14.10.5303> [C:\Program Files\TENCENT\Adplus\SSAddr1.dll] <Tencent><4, 1, 8, 81> [PID: 1976][D:\AntiVir PersonalEdition Classic\sched.exe] <Avira GmbH><7.00.00.17> [D:\AntiVir PersonalEdition Classic\schedr.dll] < Avira GmbH><7.00.00.04> [PID: 2036][D:\AntiVir PersonalEdition Classic\avguard.exe] <AVIRA GmbH><7.00.00.29> [D:\AntiVir PersonalEdition Classic\GUARDMSG.DLL] <H+BEDV Datentechnik GmbH><7.00.00.04> [D:\AntiVir PersonalEdition Classic\AVPREF.DLL] <Avira GmbH><7.00.00.01> [D:\AntiVir PersonalEdition Classic\SMTPLIB.DLL] <Avira GmbH><1.02.00.08> [D:\AntiVir PersonalEdition Classic\AVEWIN32.DLL] <Avira GmbH><7.1.1.0> [PID: 192][C:\Program Files\Network Monitor\netmon.exe] <N/A><N/A> [PID: 200][C:\WINDOWS\System32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.5303> [PID: 232][D:\AntiVir PersonalEdition Classic\avgnt.exe] <Avira GmbH><7.00.00.10> [D:\AntiVir PersonalEdition Classic\avgcmxp.dll] <Avira GmbH><7.00.00.09> [PID: 236][C:\WINDOWS\System32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)> [PID: 268][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [PID: 1696][C:\Program Files\寬帶上網助手\Apa2.exe] <Linkage System Intergrated><1, 0, 0, 9> [PID: 1764][C:\WINDOWS\System32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)> [PID: 388][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)> [C:\Program Files\TENCENT\Adplus\SSAddr1.dll] <Tencent><4, 1, 8, 81> [C:\Program Files\Tencent\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5> [PID: 1428][F:\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== 問題 電腦有點卡~ A: 再次執行 System Repair Engineer 在下面啟動項處點編輯按鈕,刪除其中的內容 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><KB235780M.LOG> [] 有什麼問題請文字說明 Q: 圖片: 圖片: 圖片: 圖片: QUOTE: 引用第2樓Bon Jovi於2006-08-03 14:35發表的「」: 再次執行 System Repair Engineer 在下面啟動項處點編輯按鈕,刪除其中的內容 [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWindows] [] ....... 那個我在殺毒的時候好像被刪了 但是啟動項好像還是弄不掉 A: 在下面啟動項處點編輯按擊<AppInit_DLLs> 在「值」這一項中,刪除 KB235780M.LOG 這幾個字母,然後確定 |
Q:
【求助】IE老彈廣告。請大家進來看看!附日誌! 2006-09-01,22:19:30 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation] <McAfeeUpdaterUI><"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey> [Network Associates, Inc.] <Network Associates Error Reporting Service><"C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"> [Network Associates, Inc.] <ShStatEXE><"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE> [Network Associates, Inc.] <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [] <CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32> [北京三七二一科技有限公司] <DAEMON Tools-2052><; ; "C:\Program Files\D-Tools\daemon.exe" -lang 2052> [] <helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> [] <IMJPMIG8.1><; ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <NvMediaCenter><; ; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation] <nwiz><; ; nwiz.exe /install> [] <PHIME2002A><; ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <SunJavaUpdateSched><; C:\Program Files\Java\jre1.5.0\bin\jusched.exe> [Sun Microsystems, Inc.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] ================================== 啟動資料夾 服務 [Adobe LM Service / Adobe LM Service] <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems> [Computer Storage / BUZOR] <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A> [McAfee Framework 服務 / McAfeeFramework] <C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart><Network Associates, Inc.> [Network Associates McShield / McShield] <"C:\Program Files\Network Associates\VirusScan\Mcshield.exe"><Network Associates, Inc.> [Network Associates Task Manager / McTaskManager] <"C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"><Network Associates, Inc.> [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> ================================== 瀏覽器載入項 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v3.dll, > [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <d:\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [IEYHlprObj Class] {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation> [Schedule Class] {8B316DA1-9950-4926-B9EA-1AEC124AFA45} <C:\WINDOWS\system32\sscli.dll, > [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation> [WinSC Class] {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A> [EastAliveObj Class] {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, Eastday Corporation> [T2BHO Class] {B1D147E7-873E-4909-8127-695D9BB78728} <C:\WINDOWS\Downloaded Program Files\barhelp24.0.dll, N/A> [tscgm Class] {D11D0862-0390-4884-A95C-4702D0D4C11A} <C:\WINDOWS\system32\coredrv32.dll, > [易得優播放器] {009541A0-3B81-101C-92F3-040224009C04} <C:\Program Files\edusoft\SWFBROWER\swfbrowse.exe, 易得優軟件> [Java Plug-in 1.5.0] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, Sun Microsystems, Inc.> [浩方對戰平台] {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\軟件\浩方對戰平台\GameClient.exe, 上海浩方線上訊息技術有限公司> [比較購物搜索(&C)] {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} <C:\WINDOWS\YayaBands.dll, Eastday Corporation> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <d:\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [BitCometBar] {3F1ABCDB-A875-46c1-8345-B72A4567E486} <d:\BitComet\BitCometBar\BitCometBar0.2.dll, N/A> [MMCPlayer Class] {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.> [Java Plug-in 1.5.0] {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, Sun Microsystems, Inc.> [estInsObj Class] {A927C078-E82F-471B-83F5-3D1504F7D01B} <C:\WINDOWS\estAlive.dll, Eastday Corporation> [Java Plug-in 1.5.0] {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, Sun Microsystems, Inc.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v3.dll, > [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [BitCometBar] {3F1ABCDB-A875-46C1-8345-B72A4567E486} <d:\BitComet\BitCometBar\BitCometBar0.2.dll, N/A> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <d:\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [IEYHlprObj Class] {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Schedule Class] {8B316DA1-9950-4926-B9EA-1AEC124AFA45} <C:\WINDOWS\system32\sscli.dll, > [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation> [WinSC Class] {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A> [EastAliveObj Class] {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, Eastday Corporation> [T2BHO Class] {B1D147E7-873E-4909-8127-695D9BB78728} <C:\WINDOWS\Downloaded Program Files\barhelp24.0.dll, N/A> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [3721] {B83FC273-3522-4CC6-92EC-75CC86678DA4} <C:\WINDOWS\Downloaded Program Files\CnsMin.dll, 北京三七二一科技有限公司> [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation> [tscgm Class] {D11D0862-0390-4884-A95C-4702D0D4C11A} <C:\WINDOWS\system32\coredrv32.dll, > [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.> [&使用迅雷下載] <D:\Thunder\geturl.htm, N/A> [&使用迅雷下載全部鏈接] <D:\Thunder\getAllurl.htm, N/A> [上傳到QQ網路硬碟] <D:\QQ\AddToNetDisk.htm, N/A> [新增到QQ自定義面板] <D:\QQ\AddPanel.htm, N/A> [新增到QQ表情] <D:\QQ\AddEmotion.htm, N/A> [用QQ彩信發送該圖片] <D:\QQ\SendMMS.htm, N/A> [用比特精靈下載(&B)] <D:\BitSpirit\bsurl.htm, N/A> [秦皇島教育網] <, N/A> ================================== 正在執行的工作行程 [PID: 416][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 636][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 668][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 712][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277> [PID: 724][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277> [PID: 880][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277> [PID: 944][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277> [PID: 1040][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277> [PID: 1076][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277> [PID: 1176][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277> [PID: 1488][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277> [C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.8420> [C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.8420> [C:\WINDOWS\system32\nvshell.dll] <N/A><N/A> [C:\WINDOWS\system32\xunleibho_v3.dll] <><4, 3, 1, 28> [C:\WINDOWS\system32\sscli.dll] <><5, 0, 2195, 6696> [C:\WINDOWS\system32\WinSC32.dll] <N/A><N/A> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [C:\Program Files\Network Associates\VirusScan\shext.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\RES04\ShExtRes.dll] <Network Associates, Inc.><8.0.0.912> [PID: 1528][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1648][C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\nailog.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\naXML.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\0804\UpdRes.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] <Network Associates, Inc.><3.5.0.412> [PID: 1676][C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe] <Network Associates, Inc.><2.0.275.0> [PID: 1684][C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\naiwmain.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\RES04\shstat.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\RES04\Product.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\RES04\McShield.dll] <Network Associates, Inc.><8.0.0.251> [C:\Program Files\Network Associates\VirusScan\RES04\Shutilrc.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\Graphics.dll] <Network Associates, Inc.><8.0.0.912> [PID: 1744][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 280][C:\Program Files\Network Associates\Common Framework\FrameworkService.exe] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\nailog.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\naXML.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\applib.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\Logging.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\InternetManager.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\naInet.dll] <Network Associates, Inc.><3.5.0.474> [C:\Program Files\Network Associates\Common Framework\UserSpace.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\Management.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\cmalib.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\Scheduler.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\Common Framework\TCSubSys.dll] <Network Associates, Inc.><3.5.0.412> [C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277> [PID: 312][C:\Program Files\Network Associates\VirusScan\Mcshield.exe] <Network Associates, Inc.><8.0.0.251> [C:\Program Files\Network Associates\VirusScan\Res04\McShield.DLL] <Network Associates, Inc.><8.0.0.251> [C:\Program Files\Network Associates\VirusScan\FTL.Dll] <Network Associates, Inc.><8.0.0.135> [C:\Program Files\Network Associates\VirusScan\naiann.dll] <Network Associates, Inc.><8.0.0.251> [C:\Program Files\Network Associates\VirusScan\mytilus.dll] <Network Associates, Inc.><8.0.0.251> [C:\Program Files\Network Associates\Common Framework\GenEvtInf.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\VirusScan\NaEventU.DLL] <Network Associates, Inc.><8.0.0.342> [C:\Program Files\Network Associates\VirusScan\Res04\naEvtRes.dll] <Network Associates, Inc.><8.0.0.342> [C:\Program Files\Network Associates\VirusScan\VSIDSvr.dll] <Network Associates, Inc.><8.0.0.251> [C:\Program Files\Common Files\Network Associates\Engine\MCSCAN32.DLL] <McAfee, Inc.><4.4.00> [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\VirusScan\EntSrv.Dll] <Network Associates, Inc><8.0.0.277> [PID: 336][C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe] <Network Associates, Inc.><3.5.0.412> [C:\PROGRA~1\NETWOR~1\COMMON~1\nailog.dll] <Network Associates, Inc.><3.5.0.474> [C:\PROGRA~1\NETWOR~1\COMMON~1\naCmnLib.dll] <Network Associates, Inc.><3.5.0.474> [C:\PROGRA~1\NETWOR~1\COMMON~1\naXML.dll] <Network Associates, Inc.><3.5.0.474> [C:\PROGRA~1\NETWOR~1\COMMON~1\0804\AgentRes.dll] <Network Associates, Inc.><3.5.0.412> [C:\Program Files\Network Associates\VirusScan\VsPlugin.dll] <Network Associates, Inc.><8.0.0.912> [C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277> [PID: 480][C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\naiwmain.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\naicondl.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\RES04\VsTskMgr.dll] <Network Associates, Inc.><8.0.0.912> [C:\Program Files\Network Associates\VirusScan\MIDUtil.Dll] <McAfee, Inc.><8.0.0.152> [PID: 564][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.8420> [PID: 840][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)> [PID: 1608][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 2332][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277> [PID: 2808][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\EntApi.dll] <Network Associates, Inc><8.0.0.277> [C:\WINDOWS\system32\xunleibho_v3.dll] <><4, 3, 1, 28> [d:\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5> [C:\WINDOWS\IEYHelper.dll] <Eastday Corporation><1, 0, 0, 13> [C:\WINDOWS\YayaBands.dll] <Eastday Corporation><1, 0, 0, 5> [C:\WINDOWS\YayaVerAtl.dll] <Eastday Corporation><1, 0, 0, 48> [C:\WINDOWS\system32\sscli.dll] <><5, 0, 2195, 6696> [C:\WINDOWS\system32\WinSC32.dll] <N/A><N/A> [C:\WINDOWS\estAlive.dll] <Eastday Corporation><1, 0, 0, 7> [C:\WINDOWS\system32\coredrv32.dll] <><1, 0, 0, 1> [C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] <Network Associates, Inc.><8.0.0.955> [C:\Program Files\Network Associates\VirusScan\mytilus.dll] <Network Associates, Inc.><8.0.0.251> [C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll] <Network Associates, Inc.><8.0.0.251> [C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll] <McAfee, Inc.><4.4.00> [PID: 3048][C:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\coredrv32.dll] <><1, 0, 0, 1> [PID: 1736][E:\軟件\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> ================================== 文件關聯 .TXT Error. [notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. [hh.exe %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [notepad.exe %1] .INF Error. [notepad.exe %1] .VBS Error. [wscript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: 1. 使用SREng (相關操作說明) -刪除以下的服務 [Computer Storage / BUZOR] -刪除以下瀏覽器載入項 [IEYHlprObj Class] {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} [Schedule Class] {8B316DA1-9950-4926-B9EA-1AEC124AFA45} [WinSC Class] {9ACEEE31-1440-471B-AA46-72B061FE7D61} [EastAliveObj Class] {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} [T2BHO Class] {B1D147E7-873E-4909-8127-695D9BB78728} [tscgm Class] {D11D0862-0390-4884-A95C-4702D0D4C11A} [比較購物搜索(&C)] {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} [estInsObj Class] {A927C078-E82F-471B-83F5-3D1504F7D01B} -修復以下文件關聯 .TXT Error. [notepad.exe %1] .CHM Error. [hh.exe %1] .INI Error. [notepad.exe %1] .INF Error. [notepad.exe %1] .VBS Error. [wscript.exe "%1" %*] 2. 重新啟動,刪除以下檔案 (看注1) C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL C:\WINDOWS\IEYHelper.dll C:\WINDOWS\estAlive.dll C:\WINDOWS\YayaBands.dll C:\WINDOWS\system32\sscli.dll C:\WINDOWS\system32\WinSC.dll C:\WINDOWS\system32\WinSC32.dll C:\WINDOWS\system32\WinSC64.dll C:\WINDOWS\system32\coredrv32.dll 3. 下載 惡意軟件清理助手,並儲存到桌面 (如有需要,把使用方法的圖同時儲存到桌面) 重新啟動,按 F8 進入安全模式,用惡意軟件清理助手清理一下你的系統 4. 用Dr.Web CureIT掃瞄一次你的電腦 a) 下載 Dr.Web CureIT 並儲存到桌面 (請同時把使用方法的圖片儲存到桌面,方便參考) b) 執行 cureit.exe ,按 Start 繼續,會提示你做一次Express Scan (掃瞄記憶體) ,如果找到已感染的檔案,會提示你進行清除(Cure) c) Express Scan完成後,按 Select drives ,再按右手面的 三角形/箭頭 開始掃瞄 d) 在掃瞄過程中找到已感染的檔案,按 Yes to All 去清除/移動檔案 e) 掃瞄完成後,如果找到已感染的檔案,根據圖中按 藍圈 ---> 紅圈 ---> 綠圈 f) 關閉Dr.Web CureIT 並重新啟動電腦,之後,把 C:\Documents and Settings\[你的用戶名稱]\DoctorWeb\CureIT.log 內容貼上來 開始 執行 services.msc 禁用下面名稱的服務 Computer Storage 刪除下面文件 C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL 超級兔子清理王7.78beta2(2006.08.31更新) 可卸載 163種流氓LJ惡意軟件 http://download5.pctutu.com/soft/winspeed778beta.zip 執行「超級兔子清理王」裡面的「專業卸載」,把裡面用紅色標記的流氓不良綁裝軟件全部卸載掉 不要安裝超級兔子上網精靈裡面帶的「超級兔子工具欄」 下載 執行 流氓軟件清理助手 V2.1.1 http://www.tommsoft.com/Products.aspx?pid=2 選擇強制清理,如果第一次清理不掉,可以去安全模式下再次清理 |
Q:
中毒了。大家看看我的日誌 在某網站下載了一個東西後。自動安裝了一些亂七八糟的東西。進入安全模式用卡巴 ewido殺毒 (掃瞄出20個病毒) 現在開機啟動後卡巴提示C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper 目錄下有個IEHelper.dll文件是廣告程式卻怎麼也刪不掉。 日誌: 2006-09-01,13:59:22 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] <run><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <kav><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab] <Outpost Firewall><C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice> [Agnitum Ltd.] <OutpostFeedBack><C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup> [Agnitum Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [Kaspersky Lab] ================================== 啟動資料夾 服務 [卡巴斯基反病毒軟件6.0 / AVP] <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab> [C-DillaCdaC11BA / C-DillaCdaC11BA] <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision> [Outpost Firewall Service / OutpostFirewall] <C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /service><Agnitum Ltd.> ================================== 瀏覽器載入項 [MyIEHelper Class] {16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4702.dll, N/A> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD> [Web反病毒保護] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab> [Outpost Firewall Pro 快速調較] {44627E97-789B-40d4-B5C2-58BD171129A1} <C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll, Agnitum Ltd.> [JUJU貓] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.jujumao.com, N/A> [CibaCtrl Class] {8DE0FCD4-5EB5-11D3-AD25-00002100131B} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, > [JoyoCtrl Class] {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, > [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [YOK超級搜索] {F869BB38-FFEF-4589-B986-610B7AD0ADA2} <http://www.yok.com, N/A> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [WebActivater Control] {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [ActiveMovieControl Object] {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation> [MyIEHelper Class] {16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4702.dll, N/A> [RealPlayer SMIL Download Handler] {224E833B-2CC6-42D9-AE39-90B6A38A4FA2} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [IETag Factory] {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation> [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Microsoft Web 瀏覽器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD> [CibaCtrl Class] {8DE0FCD4-5EB5-11D3-AD25-00002100131B} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, > [PhotoUploadCtrl Control] {A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} <C:\PROGRA~1\Tencent\QQ\QZone\PHOTOU~1.OCX, tencent> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation> [WebActivater Control] {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ> [JoyoCtrl Class] {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, > [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [AUDIO__WAV Moniker Class] {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [Microsoft Agent Control 2.0] {D45FD31B-5C6E-11D1-9EC1-00C04FD7081F} <C:\WINDOWS\msagent\agentctl.dll, Microsoft Corporation> [TencentVmpCtl Class] {D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation> [上傳到QQ網路硬碟] <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A> [使用迅雷下載] <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A> [使用迅雷下載全部鏈接] <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A> [匯出到 Microsoft Office Excel(&X)] <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A> [新增到QQ自定義面板] <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A> [新增到QQ表情] <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A> [用QQ彩信發送該圖片] <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A> ================================== 正在執行的工作行程 [PID: 644][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 752][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 800][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\klogon.dll] <Kaspersky Lab><6.0.0.299> [PID: 876][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 888][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1080][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1180][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1256][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1328][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1452][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1696][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [PID: 2008][C:\WINDOWS\system32\drivers\CDAC11BA.EXE] <Macrovision><4.20.020> [PID: 136][C:\Program Files\Agnitum\Outpost Firewall\outpost.exe] <Agnitum Ltd.><3.5.462.6330> [C:\Program Files\Agnitum\Outpost Firewall\engine.dll] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\op_utils.dll] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\Plugins\Ads\ad_int.ofp] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\Plugins\Content\cnt_int.ofp] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\Plugins\DNS\dns_int.ofp] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\Plugins\File\file_int.ofp] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\Plugins\Web\web_int.ofp] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\op_hdlr.dll] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\op_data.dll] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\netstat.ofp] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\Plugins\Protect\prot_int.ofp] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\sp_ui.ofp] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\sp_cure.dll] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\sp_mon.dll] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\sp_scan.dll] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\zlib.dll] <Jean-loup Gailly and Mark Adler><1, 1, 4, 0> [C:\Program Files\Agnitum\Outpost Firewall\unrar.dll] <N/A><N/A> [C:\Program Files\Agnitum\Outpost Firewall\op_cmn.dll] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\opst_ui.dll] <Agnitum Ltd.><3.51.759.6511> [C:\Program Files\Agnitum\Outpost Firewall\op_ctrls.dll] <Agnitum Ltd.><3.51.759.6511> [PID: 204][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)> [PID: 744][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86> [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.0.0.86> [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2> [PID: 1860][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 560][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1716][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86> [C:\Program Files\Tencent\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5> [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] <Kaspersky Lab><1.0.6.299> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] <Kaspersky Lab><6.0.0.299> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] <Kaspersky Lab><6.0.0.299> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] <Kaspersky Lab><6.0.0.299> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] <Kaspersky Lab><6.0.0.299> [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] <Kaspersky Lab><6.0.0.299> [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] <Kaspersky Lab><6.0.0.299> [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] <Kaspersky Lab><6.0.0.299> [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] <Kaspersky Lab><6.0.0.299> [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] <Kaspersky Lab><6.0.0.299> [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.0.0.86> [PID: 3536][E:\TDDownload\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> ================================== 文件關聯 .TXT Error. [Notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: 超級兔子清理王7.78beta2(2006.08.31更新) 可卸載 163種流氓LJ惡意軟件 http://download5.pctutu.com/soft/winspeed778beta.zip 執行「超級兔子清理王」裡面的「專業卸載」,把裡面用紅色標記的流氓不良綁裝軟件全部卸載掉 不要安裝超級兔子上網精靈裡面帶的「超級兔子工具欄」 下載 執行 流氓軟件清理助手 V2.1.1 http://www.tommsoft.com/Products.aspx?pid=2 選擇強制清理,如果第一次清理不掉,可以去安全模式下再次清理 |
Q:
office損壞,rar和其它很多exe文件打不開 不知是不是中毒,首先公司局域網內很多office文檔都打不開,有錯誤提示,重裝安裝OFFICE軟件後,文檔可以用了,但rar和其它很多exe文件都無法執行。 我已經用卡巴、諾盾、麥咖啡殺過毒了,均無效。。 並且打開其它文件時並沒有錯誤提示,只是沒任何反應,並且任務管理器裡沒有相關工作行程。。 求其它解決方法。。。 A: 如果懷疑係統裡有病毒或木馬,下載Dr.Web CureIT! 免費掃瞄器,包含最新病毒庫,可以檢測清除病毒、木馬、後門、流氓惡意軟件,不和已裝殺毒軟件衝突 直接下載位址: ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe 自解壓格式,下載後直接執行cureit.exe,或者滑鼠右鍵,解壓到目標資料夾,然後執行該資料夾裡面的「_start.exe」殺毒 先按「確定」進行「Start Express Scan」快速殺毒,先會自動掃瞄記憶體工作行程和啟動項,等快速掃瞄結束後,再用滑鼠左鍵選中硬碟分區的圖示,被選中的分區上會出現紅點標記,再次殺毒.Dr.Web界面左下角的5個按鍵分別是"全選" "清除" "重命名" "隔離" "刪除".可以先把殺毒報告發上來等待確認後再進行操作,或者Select all(全選) Cure ->Move incurable(將清除失敗的文件移動到隔離區) 最後把殺毒報告發上來,從"我的電腦"打開 %USERPROFILE%\DoctorWeb\ 打開下面文件CureIt.log複製其中內容到帖子裡 Dr.Web 使用圖解 如果還有問題,下載 System Repair Engineer http://www.kztechs.com/sreng/sreng2.zip 使用方法: 解壓到一個資料夾如D:\sreng2.執行SREng.exe,點擊"智慧式掃瞄"->"掃瞄"->"儲存報告".然後把報告發上來分析 Q: 單位裡也是這種情況,把OFFCE重裝了,可以用, 不過第二天又出現這種問題 對啊。。第二天又會不行。到底怎麼回事啊!! 我已經查好一次了,把CureIt.log複製其中內容到帖子裡 ============================================================================= Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.06080) Copyright (c) Igor Daniloff, 1992-2006 Log generated on: 2006-09-01, 11:08:29 [LSFJ0008][Administrator] Command-line: "C:\工具\cureit\cureit.exe" /lng /ini:cureit_XP.ini Operating system:Windows 2000 Professional x86 (Build 2195), Service Pack 4 ============================================================================= Engine version: 4.33 (4.33.4.07270) Engine API version: 2.01 [Virus base] C:\工具\cureit\crwtoday.cdb - 684 virus records [Virus base] C:\工具\cureit\crw43350.cdb - 1020 virus records [Virus base] C:\工具\cureit\crw43349.cdb - 1008 virus records [Virus base] C:\工具\cureit\crw43348.cdb - 1096 virus records [Virus base] C:\工具\cureit\crw43347.cdb - 707 virus records [Virus base] C:\工具\cureit\crw43346.cdb - 1429 virus records [Virus base] C:\工具\cureit\crw43345.cdb - 1358 virus records [Virus base] C:\工具\cureit\crw43344.cdb - 694 virus records [Virus base] C:\工具\cureit\crw43343.cdb - 1186 virus records [Virus base] C:\工具\cureit\crw43342.cdb - 744 virus records [Virus base] C:\工具\cureit\crw43341.cdb - 841 virus records [Virus base] C:\工具\cureit\crw43340.cdb - 822 virus records [Virus base] C:\工具\cureit\crw43339.cdb - 1071 virus records [Virus base] C:\工具\cureit\crw43338.cdb - 989 virus records [Virus base] C:\工具\cureit\crw43337.cdb - 855 virus records [Virus base] C:\工具\cureit\crw43336.cdb - 1297 virus records [Virus base] C:\工具\cureit\crw43335.cdb - 1195 virus records [Virus base] C:\工具\cureit\crw43334.cdb - 900 virus records [Virus base] C:\工具\cureit\crw43333.cdb - 1381 virus records [Virus base] C:\工具\cureit\crw43332.cdb - 1340 virus records [Virus base] C:\工具\cureit\crw43331.cdb - 2735 virus records [Virus base] C:\工具\cureit\crw43330.cdb - 2078 virus records [Virus base] C:\工具\cureit\crw43329.cdb - 2490 virus records [Virus base] C:\工具\cureit\crw43328.cdb - 743 virus records [Virus base] C:\工具\cureit\crw43327.cdb - 958 virus records [Virus base] C:\工具\cureit\crw43326.cdb - 793 virus records [Virus base] C:\工具\cureit\crw43325.cdb - 713 virus records [Virus base] C:\工具\cureit\crw43324.cdb - 655 virus records [Virus base] C:\工具\cureit\crw43323.cdb - 655 virus records [Virus base] C:\工具\cureit\crw43322.cdb - 778 virus records [Virus base] C:\工具\cureit\crw43321.cdb - 846 virus records [Virus base] C:\工具\cureit\crw43320.cdb - 808 virus records [Virus base] C:\工具\cureit\crw43319.cdb - 764 virus records [Virus base] C:\工具\cureit\crw43318.cdb - 838 virus records [Virus base] C:\工具\cureit\crw43317.cdb - 363 virus records [Virus base] C:\工具\cureit\crw43316.cdb - 730 virus records [Virus base] C:\工具\cureit\crw43315.cdb - 627 virus records [Virus base] C:\工具\cureit\crw43314.cdb - 824 virus records [Virus base] C:\工具\cureit\crw43313.cdb - 842 virus records [Virus base] C:\工具\cureit\crw43312.cdb - 830 virus records [Virus base] C:\工具\cureit\crw43311.cdb - 862 virus records [Virus base] C:\工具\cureit\crw43310.cdb - 853 virus records [Virus base] C:\工具\cureit\crw43309.cdb - 733 virus records [Virus base] C:\工具\cureit\crw43308.cdb - 708 virus records [Virus base] C:\工具\cureit\crw43307.cdb - 839 virus records [Virus base] C:\工具\cureit\crw43306.cdb - 930 virus records [Virus base] C:\工具\cureit\crw43305.cdb - 759 virus records [Virus base] C:\工具\cureit\crw43304.cdb - 721 virus records [Virus base] C:\工具\cureit\crw43303.cdb - 638 virus records [Virus base] C:\工具\cureit\crw43302.cdb - 806 virus records [Virus base] C:\工具\cureit\crw43301.cdb - 504 virus records [Virus base] C:\工具\cureit\crw43300.cdb - 24 virus records [Virus base] C:\工具\cureit\crwebase.cdb - 78674 virus records [Virus base] C:\工具\cureit\cwrtoday.cdb - 227 virus records [Virus base] C:\工具\cureit\cwr43301.cdb - 697 virus records [Virus base] C:\工具\cureit\crwrisky.cdb - 1271 virus records [Virus base] C:\工具\cureit\cwntoday.cdb - 105 virus records [Virus base] C:\工具\cureit\cwn43304.cdb - 793 virus records [Virus base] C:\工具\cureit\cwn43303.cdb - 766 virus records [Virus base] C:\工具\cureit\cwn43302.cdb - 850 virus records [Virus base] C:\工具\cureit\cwn43301.cdb - 773 virus records [Virus base] C:\工具\cureit\crwnasty.cdb - 4867 virus records Total virus records: 138087 Key file: C:\工具\cureit\cureit.key License key number: 0000000010 Registered to: Dr.Web CureIt Project License key activates: 2005-03-05 License key expires: 2007-03-05 ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 0 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 0 Kb/s Scan time: 00:00:00 ----------------------------------------------------------------------------- [Scan path] D:\WINNT\System32\smss.exe [Scan path] D:\WINNT\system32\csrss.exe [Scan path] D:\WINNT\system32\winlogon.exe [Scan path] D:\WINNT\system32\services.exe [Scan path] D:\WINNT\system32\lsass.exe [Scan path] D:\WINNT\system32\svchost.exe [Scan path] D:\WINNT\system32\spoolsv.exe [Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe [Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe [Scan path] D:\WINNT\system32\MSTask.exe [Scan path] D:\WINNT\System32\WBEM\WinMgmt.exe [Scan path] D:\WINNT\Explorer.EXE [Scan path] D:\WINNT\system32\hkcmd.exe [Scan path] D:\Program Files\Analog Devices\SoundMAX\Smtray.exe [Scan path] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [Scan path] D:\WINNT\system32\Internat.exe [Scan path] C:\jstax\jstax.exe [Scan path] C:\jstax\swdj.exe [Scan path] D:\WINNT\system32\regsvc.exe [Scan path] D:\WINNT\system32\conime.exe [Scan path] D:\Program Files\Internet Explorer\IEXPLORE.EXE [Scan path] C:\工具\cureit\_start.exe [Scan path] C:\工具\cureit\cureit.exe [Scan path] D:\WINNT\system32\mobsync.exe [Scan path] D:\WINNT\system32\mswdm.exe D:\WINNT\system32\mswdm.exe infected with Trojan.PWS.Gamania - incurable - moved [Scan path] d:\program files\internet explorer\connection wizard\icwconn1.exe [Scan path] D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [Scan path] D:\Program Files\Microsoft Office\Office\OSA9.EXE [Scan path] D:\WINNT\system32\mmsys.cpl [Scan path] D:\WINNT\system32\icmui.dll [Scan path] D:\WINNT\system32\rshx32.dll [Scan path] D:\WINNT\system32\docprop.dll [Scan path] D:\WINNT\system32\ntshrui.dll [Scan path] D:\WINNT\system32\plustab.dll [Scan path] D:\WINNT\system32\deskadp.dll [Scan path] D:\WINNT\system32\deskmon.dll [Scan path] D:\WINNT\system32\dssec.dll [Scan path] D:\WINNT\system32\shscrap.dll [Scan path] D:\WINNT\system32\diskcopy.dll [Scan path] D:\WINNT\system32\ntlanui2.dll [Scan path] D:\WINNT\system32\printui.dll [Scan path] D:\WINNT\system32\dskquoui.dll [Scan path] D:\WINNT\system32\syncui.dll [Scan path] D:\WINNT\system32\hticons.dll [Scan path] D:\WINNT\system32\fontext.dll [Scan path] D:\WINNT\system32\deskperf.dll [Scan path] D:\WINNT\system32\wshext.dll [Scan path] D:\WINNT\system32\cryptext.dll [Scan path] D:\WINNT\system32\NETSHELL.dll [Scan path] D:\WINNT\system32\shdocvw.dll [Scan path] D:\WINNT\system32\mstask.dll [Scan path] D:\WINNT\system32\shell32.dll [Scan path] D:\WINNT\system32\browseui.dll [Scan path] D:\WINNT\system32\sendmail.dll [Scan path] D:\WINNT\system32\occache.dll [Scan path] D:\WINNT\system32\webcheck.dll [Scan path] D:\WINNT\system32\thumbvw.dll [Scan path] D:\WINNT\system32\appwiz.cpl [Scan path] D:\WINNT\system32\dsfolder.dll [Scan path] D:\WINNT\system32\dsquery.dll [Scan path] D:\WINNT\system32\dsuiext.dll [Scan path] D:\WINNT\system32\mydocs.dll [Scan path] D:\WINNT\system32\cscui.dll [Scan path] D:\WINNT\system32\mmcshext.dll [Scan path] D:\WINNT\system32\cabview.dll [Scan path] D:\WINNT\system32\dllcache\wabfind.dll [Scan path] D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll [Scan path] D:\WINNT\system32\cdfview.dll [Scan path] D:\Program Files\Real\RealPlayer\rpshell.dll [Scan path] D:\Program Files\WinRAR\rarext.dll [Scan path] D:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL [Scan path] D:\WINNT\system32\stobject.dll [Scan path] D:\WINNT\system32\crypt32.dll [Scan path] D:\WINNT\system32\cryptnet.dll [Scan path] D:\WINNT\system32\cscdll.dll [Scan path] D:\WINNT\system32\igfxsrvc.dll [Scan path] D:\WINNT\system32\NavLogon.dll [Scan path] D:\WINNT\system32\sclgntfy.dll [Scan path] D:\WINNT\system32\WlNotify.dll [Scan path] D:\WINNT\system32\wzcdlg.dll [Scan path] D:\WINNT\system32\DRIVERS\ACPI.sys [Scan path] D:\WINNT\System32\drivers\afd.sys [Scan path] D:\WINNT\system32\DRIVERS\asyncmac.sys [Scan path] D:\WINNT\system32\DRIVERS\atapi.sys [Scan path] D:\WINNT\system32\DRIVERS\atmarpc.sys [Scan path] D:\WINNT\system32\DRIVERS\audstub.sys [Scan path] d:\winnt\system32\svchost.exe [Scan path] D:\WINNT\system32\DRIVERS\CCDECODE.sys [Scan path] D:\WINNT\system32\DRIVERS\cdrom.sys [Scan path] D:\WINNT\system32\cisvc.exe [Scan path] D:\WINNT\system32\clipsrv.exe [Scan path] D:\WINNT\system32\DRIVERS\disk.sys [Scan path] d:\winnt\system32\dmadmin.exe [Scan path] D:\WINNT\System32\drivers\dmboot.sys [Scan path] D:\WINNT\System32\drivers\dmio.sys [Scan path] D:\WINNT\System32\drivers\dmload.sys [Scan path] D:\WINNT\system32\drivers\DMusic.sys [Scan path] D:\WINNT\system32\DRIVERS\e100bnt5.sys [Scan path] D:\WINNT\system32\faxsvc.exe [Scan path] D:\WINNT\system32\DRIVERS\fdc.sys [Scan path] D:\WINNT\system32\DRIVERS\flpydisk.sys [Scan path] D:\WINNT\system32\drivers\fltmgr.sys [Scan path] D:\WINNT\system32\DRIVERS\fsvga.sys [Scan path] D:\WINNT\system32\DRIVERS\ftdisk.sys [Scan path] D:\WINNT\system32\DRIVERS\msgpc.sys [Scan path] D:\WINNT\system32\DRIVERS\i8042prt.sys [Scan path] D:\WINNT\system32\DRIVERS\ialmnt5.sys [Scan path] D:\WINNT\system32\DRIVERS\intelide.sys [Scan path] D:\WINNT\System32\DRIVERS\ipfltdrv.sys [Scan path] D:\WINNT\system32\DRIVERS\ipinip.sys [Scan path] D:\WINNT\system32\DRIVERS\ipnat.sys [Scan path] D:\WINNT\system32\DRIVERS\ipsec.sys [Scan path] D:\WINNT\System32\DRIVERS\irenum.sys [Scan path] D:\WINNT\system32\DRIVERS\isapnp.sys [Scan path] D:\WINNT\system32\DRIVERS\kbdclass.sys [Scan path] D:\WINNT\system32\drivers\kmixer.sys [Scan path] D:\WINNT\system32\drivers\kmsinput.sys [Scan path] D:\WINNT\system32\mnmsrvc.exe [Scan path] D:\WINNT\system32\DRIVERS\mouclass.sys [Scan path] D:\WINNT\system32\DRIVERS\MPE.sys [Scan path] D:\WINNT\system32\DRIVERS\mrxsmb.sys [Scan path] D:\WINNT\system32\msdtc.exe [Scan path] d:\winnt\system32\msiexec.exe [Scan path] D:\WINNT\system32\drivers\MSKSSRV.sys [Scan path] D:\WINNT\system32\drivers\MSPCLOCK.sys [Scan path] D:\WINNT\system32\drivers\MSPQM.sys [Scan path] D:\WINNT\system32\drivers\MSTEE.sys [Scan path] D:\WINNT\system32\DRIVERS\NABTSFEC.sys [Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys [Scan path] C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPEL.SYS [Scan path] D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG.sys [Scan path] D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX15.sys [Scan path] D:\WINNT\system32\DRIVERS\ndistapi.sys [Scan path] D:\WINNT\system32\DRIVERS\ndisuio.sys [Scan path] D:\WINNT\system32\DRIVERS\ndiswan.sys [Scan path] D:\WINNT\system32\DRIVERS\netbios.sys [Scan path] D:\WINNT\system32\DRIVERS\netbt.sys [Scan path] D:\WINNT\system32\netdde.exe [Scan path] D:\WINNT\system32\drivers\netdtect.sys [Scan path] D:\WINNT\system32\DRIVERS\nwlnkflt.sys [Scan path] D:\WINNT\system32\DRIVERS\nwlnkfwd.sys [Scan path] D:\WINNT\system32\DRIVERS\parallel.sys [Scan path] D:\WINNT\system32\DRIVERS\parport.sys [Scan path] D:\WINNT\system32\DRIVERS\pci.sys [Scan path] D:\WINNT\system32\DRIVERS\pciide.sys [Scan path] D:\WINNT\system32\DRIVERS\raspptp.sys [Scan path] D:\WINNT\system32\DRIVERS\ptilink.sys [Scan path] D:\WINNT\system32\DRIVERS\rasacd.sys [Scan path] D:\WINNT\system32\DRIVERS\rasl2tp.sys [Scan path] D:\WINNT\system32\DRIVERS\raspti.sys [Scan path] D:\WINNT\system32\drivers\RCA.sys [Scan path] D:\WINNT\system32\DRIVERS\rdbss.sys [Scan path] D:\WINNT\system32\DRIVERS\redbook.sys [Scan path] D:\WINNT\system32\locator.exe [Scan path] d:\winnt\system32\rsvp.exe [Scan path] D:\WINNT\System32\SCardSvr.exe [Scan path] D:\WINNT\system32\DRIVERS\serenum.sys [Scan path] D:\WINNT\system32\DRIVERS\serial.sys [Scan path] D:\WINNT\system32\DRIVERS\SLIP.sys [Scan path] D:\WINNT\system32\drivers\smwdm.sys [Scan path] D:\WINNT\system32\DRIVERS\srv.sys [Scan path] D:\WINNT\system32\DRIVERS\StreamIP.sys [Scan path] D:\WINNT\system32\DRIVERS\swenum.sys [Scan path] D:\WINNT\system32\drivers\swmidi.sys [Scan path] D:\Program Files\Symantec\SYMEVENT.SYS [Scan path] D:\WINNT\system32\drivers\sysaudio.sys [Scan path] D:\WINNT\system32\smlogsvc.exe [Scan path] D:\WINNT\system32\DRIVERS\tcpip.sys [Scan path] D:\WINNT\system32\tlntsvr.exe [Scan path] D:\WINNT\system32\DRIVERS\uhcd.sys [Scan path] D:\WINNT\system32\DRIVERS\update.sys [Scan path] D:\WINNT\System32\ups.exe [Scan path] D:\WINNT\system32\DRIVERS\usbehci.sys [Scan path] D:\WINNT\system32\DRIVERS\usbhub.sys [Scan path] D:\WINNT\system32\DRIVERS\usbhub20.sys [Scan path] D:\WINNT\system32\DRIVERS\USBSTOR.SYS [Scan path] D:\WINNT\System32\UtilMan.exe [Scan path] D:\WINNT\System32\drivers\vga.sys [Scan path] D:\WINNT\system32\DRIVERS\wanarp.sys [Scan path] D:\WINNT\system32\drivers\wdmaud.sys [Scan path] D:\WINNT\system32\DRIVERS\WSTCODEC.SYS [Scan path] D:\WINNT\system32\drivers\ialmsbw.sys [Scan path] D:\WINNT\system32\ntsd.exe ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 185 Infected objects found: 1 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 1 Objects ignored: 0 Scan speed: 264 Kb/s Scan time: 00:01:25 ----------------------------------------------------------------------------- [Scan path] C:\ C:\IBMTOOLS\APPS\ACCESS\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\APPS\ACROBAT\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\APPS\NORTONAV\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\APPS\NORTONAV\NAV\MSSHLIB\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\APPS\NORTONAV\NAV\RESCUE\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SMAXWDM\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SMAXWDM\W2K_XP\INSTALL.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Control Panel\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Sensaura 3D\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Synthesizer\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\CHIPSET\INTEL\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\VIDEO\INTEL\WXP\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\power65bak\PB6\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured >C:\Program Files\Alcohol Soft\Alcohol 120\Patch.exe is hacktool program Tool.ASEye.2 C:\Program Files\Analog Devices\SoundMAX\install.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Analog Devices\SoundMAX WDM Driver\install.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\MSN Messenger\msnmsgr.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Outlook Express\msimn.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\Setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Real\RealOne Player\realplay.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Real\RealOne Player\Setup\setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Real\RealPlayer\realplay.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Real\RealPlayer\Setup\setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\TTPlayer\TTPlayer.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\UltraEdit\uedit32.exe infected with Win32.HLLW.Gavir.17 - cured C:\RECYCLER\S-1-5-21-583907252-1364589140-682003330-500\Dc16.4\Setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\RECYCLER\S-1-5-21-583907252-1364589140-682003330-500\Dc19\APPS\SNMP\AGENT\W2K-WS32\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured >C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0007520.dll infected with Trojan.DownLoader.3944 - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010037.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010038.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010041.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010046.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010047.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010053.dll is adware program Adware.Cdn >C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010054.exe probably infected with BINARYRES C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010055.exe is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010056.exe is adware program Adware.Cdn >C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010611.dll infected with Trojan.DownLoader.3944 - deleted >C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010646.exe probably infected with BACKDOOR.Trojan >C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010651.exe probably infected with BACKDOOR.Trojan >C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010653.exe probably infected with BACKDOOR.Trojan >C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010657.exe probably infected with BACKDOOR.Trojan >C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010658.exe probably infected with BACKDOOR.Trojan C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010700.dll is adware program Adware.Baidu >C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010776.dll infected with Trojan.MulDrop.2135 - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010811.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010816.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010825.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010833.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010838.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010854.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010855.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP46\A0011464.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011507.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011508.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011509.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011510.exe is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011511.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011512.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011513.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011514.dll is adware program Adware.Cdn C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011516.sys is adware program Adware.Cdn >C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP78\A0013040.dll probably infected with BINARYRES >C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP78\snapshot\MFEX-1.DAT probably infected with BINARYRES C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP88\A0015897.EXE probably infected with DLOADER.Trojan C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP195\A0026610.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP195\A0026611.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP196\A0026645.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP196\A0026646.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026685.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026686.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026707.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026708.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\snapshot\MFEX-1.DAT is adware program Adware.Cdn C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026736.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026737.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026784.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026785.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026807.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026808.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026814.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026815.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP199\A0026821.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP199\A0026822.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP200\A0026859.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP200\A0026860.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP201\A0026906.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP201\A0026907.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0026941.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0026942.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0027034.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0027035.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027072.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027073.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027083.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027084.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP204\A0027121.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP204\A0027122.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027195.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027196.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027206.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027207.sys is adware program Adware.Henbang >C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027223.exe probably infected with BACKDOOR.Trojan >C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027229.exe probably infected with BACKDOOR.Trojan >C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027234.exe probably infected with BACKDOOR.Trojan >C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027239.exe probably infected with BACKDOOR.Trojan >C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027240.exe probably infected with BACKDOOR.Trojan C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027315.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027316.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027390.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027391.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP207\A0027446.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP207\A0027447.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP208\A0027493.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP208\A0027494.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027606.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027607.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027624.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027625.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027643.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027644.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027670.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027671.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP211\A0027716.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP211\A0027717.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP212\A0027795.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP212\A0027796.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP215\A0027894.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP215\A0027895.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027988.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027989.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027997.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027998.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028050.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028051.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028058.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028059.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP218\A0028094.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP218\A0028095.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028185.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028186.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028220.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028221.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP220\A0028405.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP220\A0028406.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP221\A0028428.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP221\A0028429.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028448.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028449.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028511.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028512.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP223\A0028532.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP223\A0028533.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP224\A0028559.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP224\A0028560.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP225\A0028582.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP225\A0028583.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028608.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028609.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028635.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028636.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP227\A0028697.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP227\A0028698.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028733.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028734.sys is adware program Adware.Henbang >C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028760.exe probably infected with BACKDOOR.Trojan >C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028766.exe probably infected with BACKDOOR.Trojan >C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028771.exe probably infected with BACKDOOR.Trojan >C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028776.exe probably infected with BACKDOOR.Trojan >C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028777.exe probably infected with BACKDOOR.Trojan C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028814.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028815.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028846.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028847.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028867.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028868.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028887.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028888.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028970.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028971.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028992.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028993.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029018.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029019.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029037.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029038.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029050.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029051.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029159.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029160.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029196.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029197.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029279.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029280.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP233\A0029320.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP233\A0029321.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029356.dll is adware program Adware.Cdn C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029361.dll is adware program Adware.Cdn C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029404.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029405.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029430.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029431.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0030430.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0030431.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0031430.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0031431.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032430.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032431.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032472.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032473.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP236\A0032508.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP236\A0032509.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032589.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032590.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032612.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032613.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032653.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032654.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032663.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032664.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032673.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032674.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032689.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032690.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032704.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032705.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032733.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032734.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032844.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032845.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032904.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032905.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032926.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032927.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP241\A0032943.exe infected with Trojan.DownLoader.3223 - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP241\A0032953.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP241\A0032954.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP242\A0032995.sys is adware program Adware.Henbang C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP242\A0032996.sys is adware program Adware.Henbang C:\wbzx9801\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\WPS2000\WpsUpd.EXE probably infected with DLOADER.Trojan C:\writeIC備份\ICsetup\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\Gordian.Knot.Rip.Pack.0.28.8.Setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\Install_Messenger_Beta.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\INSTALL_MSN_MESSENGER_NT.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\KS051221.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\PR16b1.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\QQGame.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\RealPlayer10-5GOLD.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\wangwangsetup_1.5.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\wrar330sc.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\xiaotv2006.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\znwb5502_setup.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\飄邈之旅[全].exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\18icyc\18icyc\icyc-ws-setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\ACDSee50en\acdsee50en.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\ACDSee50en\instmsiw.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\acdsee50_chs_yy\hb_acdsee5000025s_main_yy.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\acdsee50_chs_yy\hb_acdsee5000025s_other_yy.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\acdsee50_chs_yy\hb_acdsee5000025s_plugins_yy.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\CPCW_DianNaoBao_2005\PCWReadSys.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\DivX.Pro.v5.1.1.Incl.Keygen-SSG\DivXPro511Bundle.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\DivX.Pro.v5.1.1.Incl.Keygen-SSG\Divx_v5.1.1_Kg.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\DivXG400\setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\flash saver maker\flashchs.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\Photoshop 7.01簡體中文版\Setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\Photoshop 7.01簡體中文版\_ISDel.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\Sybase11.9.2客戶端\setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\Sybase11.9.2客戶端\_isdel.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\Sybase11.9.2客戶端\client\win31\Setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\任天堂\smynesc.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\瑩幕保護\MAT-V2-US.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\時鐘瑩幕保護\setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\王碼五筆字型輸入法第二版\WM9801\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\王碼五筆字型輸入法第二版\WM9801\TESTEN20.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\王碼五筆字型輸入法第二版\WM9801\UCDOS\INSTALL.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\王碼五筆字型輸入法第二版\WM9801\UCDOS\README.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\ANZH.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\DEF24P.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\INSTALL.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\MAKECZ.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\MAKEHZ.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\README.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\王碼五筆字型輸入法第二版\WM9801\WMDOS80\ZHCODE.EXE infected with Win32.HLLW.Gavir.17 - cured C:\工具\超級兔子\magicset746onlinedown.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\迅雷\Setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\工具\飛行\3dflyingsaver\3dflyingsaver.exe infected with Win32.HLLW.Gavir.17 - cured [Scan path] D:\ D:\WINNT\veevrg.exe infected with Win32.HLLW.Gavir.17 - incurable - moved D:\WINNT\rundl132.exe infected with Win32.HLLW.Gavir.17 - cured >D:\WINNT\2Sy.exe infected with Trojan.PWS.Lineage - deleted >D:\WINNT\1Sy.exe infected with Trojan.PWS.Lineage - deleted >D:\WINNT\4Sy.exe infected with Trojan.PWS.Lineage - deleted >D:\WINNT\5Sy.exe infected with Trojan.PWS.Lineage - deleted >D:\WINNT\6Sy.exe infected with Trojan.PWS.Lineage - deleted D:\WINNT\WINWORD.EXE infected with Win32.HLLW.Gavir.17 - cured D:\WINNT\realplay.exe infected with Win32.HLLW.Gavir.17 - cured D:\WINNT\EXCEL.EXE infected with Win32.HLLW.Gavir.17 - cured D:\WINNT\msnmsgr.exe infected with Win32.HLLW.Gavir.17 - cured D:\WINNT\Dll.dll infected with Win32.HLLW.Gavir.17 - will be cured after reboot >D:\WINNT\system32\dmshell.dll is adware program Adware.Dmad D:\WINNT\system32\layer1.dll probably infected with DLOADER.Trojan D:\WINNT\system32\msdll.dll infected with Trojan.PWS.Lineage - deleted D:\WINNT\system32\dl樓主.dll infected with Trojan.PWS.Lineage - deleted D:\WINNT\system32\dllwm.dll infected with Trojan.PWS.Lineage - deleted D:\WINNT\system32\bwdll.dll infected with Trojan.PWS.Lineage - deleted D:\WINNT\system32\config\software.LOG - read error D:\WINNT\system32\config\default.LOG - read error D:\WINNT\system32\config\SECURITY - read error D:\WINNT\system32\config\SECURITY.LOG - read error D:\WINNT\system32\config\SYSTEM.ALT - read error D:\WINNT\system32\config\SAM - read error D:\WINNT\system32\config\SAM.LOG - read error D:\WINNT\system32\config\SYSTEM - read error D:\WINNT\system32\config\SOFTWARE - read error D:\WINNT\system32\config\DEFAULT - read error D:\WINNT\system32\alitb1\update.exe probably infected with DLOADER.Trojan >D:\WINNT\command\rundll32.exe infected with Trojan.PWS.Lineage - deleted D:\Documents and Settings\Administrator\NTUSER.DAT - read error D:\Documents and Settings\Administrator\NTUSER~1.LOG - read error D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLASS.DAT - read error D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error D:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe infected with Win32.HLLW.Gavir.17 - cured D:\Program Files\Analog Devices\SoundMAX WDM Driver\install.exe infected with Win32.HLLW.Gavir.17 - cured >D:\Program Files\Intel\rundll32.exe infected with Trojan.PWS.Lineage - deleted D:\Program Files\Real\RealPlayer\realplay.exe infected with Win32.HLLW.Gavir.17 - cured D:\Program Files\Real\RealPlayer\Setup\setup.exe infected with Win32.HLLW.Gavir.17 - cured D:\Program Files\MSN Messenger\msnmsgr.exe infected with Win32.HLLW.Gavir.17 - cured ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 176659 Infected objects found: 101 Objects with modifications found: 0 Suspicious objects found: 22 Adware programs found: 190 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 1 Objects cured: 84 Objects deleted: 15 Objects renamed: 0 Objects moved: 1 Objects ignored: 0 Scan speed: 97 Kb/s Scan time: 01:48:22 ----------------------------------------------------------------------------- Scanning interrupted by user! - viruses found D:\WINNT\system32\alitb1\update.exe - incurable - deleted D:\WINNT\system32\layer1.dll - incurable - deleted D:\WINNT\system32\dmshell.dll - incurable - deleted C:\WPS2000\WpsUpd.EXE - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP242\A0032996.sys - incurable - moved C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP242\A0032995.sys - incurable - deleted C:\Program Files\Alcohol Soft\Alcohol 120\Patch.exe - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010037.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010038.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010041.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010046.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010047.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010053.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010054.exe - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010055.exe - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010056.exe - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010646.exe - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010651.exe - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010653.exe - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010657.exe - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010658.exe - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP39\A0010700.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010811.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010816.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010825.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010833.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010838.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010854.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP40\A0010855.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP46\A0011464.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011507.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011508.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011509.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011510.exe - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011511.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011512.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011513.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011514.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP47\A0011516.sys - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP78\A0013040.dll - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP78\snapshot\MFEX-1.DAT - incurable - deleted C:\System Volume Information\_restore{49974443-8BE5-48EF-9010-BA10F11908CC}\RP88\A0015897.EXE - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP195\A0026610.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP195\A0026611.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP196\A0026645.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP196\A0026646.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026685.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026686.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026707.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\A0026708.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP197\snapshot\MFEX-1.DAT - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026736.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026737.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026784.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026785.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026807.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026808.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026814.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP198\A0026815.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP199\A0026821.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP199\A0026822.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP200\A0026859.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP200\A0026860.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP201\A0026906.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP201\A0026907.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0026941.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0026942.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0027034.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP202\A0027035.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027072.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027073.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027083.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP203\A0027084.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP204\A0027121.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP204\A0027122.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027195.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027196.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027206.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027207.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027223.exe - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027229.exe - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027234.exe - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027239.exe - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP205\A0027240.exe - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027315.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027316.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027390.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP206\A0027391.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP207\A0027446.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP207\A0027447.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP208\A0027493.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP208\A0027494.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027606.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027607.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027624.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP209\A0027625.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027643.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027644.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027670.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP210\A0027671.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP211\A0027716.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP211\A0027717.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP212\A0027795.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP212\A0027796.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP215\A0027894.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP215\A0027895.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027988.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027989.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027997.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP216\A0027998.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028050.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028051.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028058.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP217\A0028059.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP218\A0028094.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP218\A0028095.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028185.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028186.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028220.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP219\A0028221.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP220\A0028405.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP220\A0028406.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP221\A0028428.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP221\A0028429.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028448.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028449.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028511.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP222\A0028512.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP223\A0028532.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP223\A0028533.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP224\A0028559.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP224\A0028560.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP225\A0028582.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP225\A0028583.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028608.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028609.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028635.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP226\A0028636.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP227\A0028697.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP227\A0028698.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028733.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028734.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028760.exe - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028766.exe - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028771.exe - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028776.exe - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP228\A0028777.exe - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028814.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028815.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028846.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028847.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028867.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028868.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028887.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP229\A0028888.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028970.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028971.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028992.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP230\A0028993.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029018.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029019.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029037.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029038.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029050.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029051.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029159.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP231\A0029160.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029196.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029197.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029279.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP232\A0029280.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP233\A0029320.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP233\A0029321.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029356.dll - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029361.dll - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029404.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029405.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029430.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP234\A0029431.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0030430.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0030431.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0031430.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0031431.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032430.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032431.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032472.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP235\A0032473.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP236\A0032508.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP236\A0032509.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032589.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032590.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032612.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP237\A0032613.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032653.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032654.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032663.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032664.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032673.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP238\A0032674.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032689.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032690.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032704.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032705.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032733.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032734.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032844.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP239\A0032845.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032904.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032905.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032926.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP240\A0032927.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-4647-972A-C0F90F9F2F50}\RP241\A0032953.sys - incurable - deleted C:\System Volume Information\_restore{B4718DC3-7164-464 -------------------- 公司的一台 把System Repair Engineer的報告也發上來,不過是我剛殺過的,求高手再看下,有沒有問題 2006-09-01,13:07:16 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows 2000 Professional Service Pack 4 (Build 2195) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <Internat.exe><Internat.exe> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] <run><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation] <IgfxTray><; D:\WINNT\system32\igfxtray.exe> [Intel Corporation] <HotKeysCmds><D:\WINNT\system32\hkcmd.exe> [Intel Corporation] <Smapp><D:\Program Files\Analog Devices\SoundMAX\Smtray.exe> [Analog Devices, Inc.] <vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation] <TkBellExe><; "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] <CheckFaultKernel><D:\WINNT\system32\mswdm.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><D:\WINNT\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] <WinlogonNotify: NavLogon><D:\WINNT\system32\NavLogon.dll> [] [HKEY_CURRENT_USER\Control Panel\Desktop] <SCRNSAVE.EXE><D:\WINNT\system32\MAT2.scr> [] ================================== 啟動資料夾 [Adobe Gamma Loader] <D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Adobe Gamma Loader.lnk><H> [Microsoft Office] <D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Microsoft Office.lnk><N> ================================== 服務 [DefWatch / DefWatch] <"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation> [Logical Disk Manager Administrative Service / dmadmin] <D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.> [Kingsoft Personal Firewall Service / KPfwSvc] <"D:\KAV2005\KPfwSvc.EXE"><N/A> [Messenger / Messenger] <\SystemRoot\D:\WINNT\system32\services.exe><N/A> [Symantec AntiVirus Client / Norton AntiVirus Server] <"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation> ================================== 瀏覽器載入項 [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <c:\Program Files\Tencent\QQ\QQ.EXE, N/A> [@msdxmLC.dll,-1@2052,電台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\system32\msdxm.ocx, Microsoft Corporation> [MSN] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <D:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll, N/A> [MeadCo ScriptX] {1663ed61-23eb-11d2-b92f-008048fdd814} <D:\WINNT\system32\MCScripX.dll, Mead & Co Limited> [CEditCtrl Object] {488A4255-3236-44B3-8F27-FA1AECAA8844} <D:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.> [上傳到QQ網路硬碟] <C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A> [新增到QQ自定義面板] <C:\Program Files\Tencent\qq\AddPanel.htm, N/A> [新增到QQ表情] <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A> [用QQ彩信發送該圖片] <C:\Program Files\Tencent\qq\SendMMS.htm, N/A> ================================== 正在執行的工作行程 [PID: 144][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 172][\??\D:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 192][\??\D:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6997> [D:\WINNT\system32\NavLogon.dll] <N/A><N/A> [PID: 220][D:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.7035> [D:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3> [PID: 240][D:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.7011> [PID: 416][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 440][D:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.7059> [PID: 468][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe] <Symantec Corporation><8.00.00.9374> [PID: 488][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 512][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe] <Symantec Corporation><8.00.00.9374> [D:\WINNT\system32\CBA.DLL] <Intel? Corporation><6.12.0.71 E> [D:\WINNT\system32\MsgSys.dll] <Intel? Corporation><6.12.0.71 E> [D:\WINNT\system32\NTS.dll] <Intel? Corporation><6.12.0.71 E> [D:\WINNT\system32\PDS.DLL] <Intel? Corporation><6.12.0.71 E> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVLU.dll] <Symantec Corporation><8.00.00.9374> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\i2ldvp3.dll] <Symantec Corporation><8.00.00.9374> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPI32.DLL] <Symantec Corp.><4.1.0.15> [D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX32a.DLL] <Symantec Corporation><20061.2.0.26> [D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG32.DLL] <Symantec Corporation><20061.2.0.26> [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP32.DLL] <Symantec Corporation><9.0.0.14> [D:\PROGRA~1\COMMON~1\SYMANT~1\SSC\Scandlgs.dll] <Symantec Corporation><8.00.00.9374> [PID: 636][D:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6972> [PID: 720][D:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100> [PID: 748][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 944][D:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690> [D:\WINNT\Dll.dll] <N/A><N/A> [D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxress.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxcpl.cpl] <Intel Corporation><3,0,0,1517> [D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><8.00.00.9374> [D:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [D:\WINNT\system32\igfxpph.dll] <Intel Corporation><3,0,0,1517> [PID: 1144][D:\WINNT\system32\hkcmd.exe] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxdev.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxhk.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517> [PID: 1176][D:\Program Files\Analog Devices\SoundMAX\Smtray.exe] <Analog Devices, Inc.><3, 0, 205, 0> [PID: 1128][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] <Symantec Corporation><8.00.00.9374> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll] <Symantec Corporation><8.00.00.9374> [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><8.00.00.9374> [PID: 316][D:\WINNT\system32\Internat.exe] <Microsoft Corporation><5.00.2920.0000> [PID: 424][D:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701> [PID: 1076][D:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655> [PID: 420][D:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106> [D:\WINNT\system32\PWBX3245.IME] <Beijing WangMa Computer General Company.><5.00.000> [D:\WINNT\system\WBX3245.dll] <N/A><N/A> [D:\WINNT\system\WMW3245.dll] <N/A><N/A> [D:\WINNT\system\WMSYS32.dll] <N/A><N/A> [PID: 1328][C:\工具\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["D:\WINNT\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: System Repair Engineer 刪除下面一條啟動項 <CheckFaultKernel><D:\WINNT\system32\mswdm.exe> [] 從system volumeinformation\_restore 系統還原備份資料夾中發現了病毒、木馬 我的電腦->右鍵->內容->系統還原,禁用系統還原功能 Dr.Web發現了很多病毒、木馬、後門,其中大部分已經被清除或刪除。重新用Dr.Web掃瞄一遍電腦,如果不再報告新病毒,就算解決了 Q: 請問我是win2000,在哪裡可以系統還原,禁用系統還原功能 A: 你大概裝的是雙系統。C硬碟分區上裝的是XP嗎? 系統還原在XP中有這個功能,可用從XP系統中禁用 Q: 哦,原來如此,謝謝 我機器以前做過XP,後來出問題裝了2000,XP沒能刪清 A: 不用客氣,電腦問題尤其是病毒問題,還是具體問題具體分析的好 |
Q:
【求助】奇怪啊,Win32.HLLW.Gavir.17 殺不清 就是剛才OFFCE的問題,我使用Dr.Web CureIT殺了,重啟後再殺時發現又有文件感染了這個,再次使用Dr.Web CureIT殺一次,系統確認CURED,重啟過後再查又發現有文件感染 經常是winnt/rund132.exe等幾個exe文件,. 我再用System Repair Engineer,請高手再幫著看下 2006-09-01,16:24:37 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows 2000 Professional Service Pack 4 (Build 2195) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <Internat.exe><Internat.exe> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] <run><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation] <IgfxTray><; D:\WINNT\system32\igfxtray.exe> [Intel Corporation] <HotKeysCmds><D:\WINNT\system32\hkcmd.exe> [Intel Corporation] <Smapp><D:\Program Files\Analog Devices\SoundMAX\Smtray.exe> [Analog Devices, Inc.] <vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation] <TkBellExe><; "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><D:\WINNT\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] <WinlogonNotify: NavLogon><D:\WINNT\system32\NavLogon.dll> [] [HKEY_CURRENT_USER\Control Panel\Desktop] <SCRNSAVE.EXE><D:\WINNT\system32\MAT2.scr> [] ================================== 啟動資料夾 [Adobe Gamma Loader] <D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Adobe Gamma Loader.lnk><H> [Microsoft Office] <D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Microsoft Office.lnk><N> ================================== 服務 [DefWatch / DefWatch] <"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation> [Logical Disk Manager Administrative Service / dmadmin] <D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.> [Kingsoft Personal Firewall Service / KPfwSvc] <"D:\KAV2005\KPfwSvc.EXE"><N/A> [Messenger / Messenger] <\SystemRoot\D:\WINNT\system32\services.exe><N/A> [Symantec AntiVirus Client / Norton AntiVirus Server] <"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation> ================================== 瀏覽器載入項 [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <c:\Program Files\Tencent\QQ\QQ.EXE, N/A> [@msdxmLC.dll,-1@2052,電台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\system32\msdxm.ocx, Microsoft Corporation> [MSN] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <D:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll, N/A> [MeadCo ScriptX] {1663ed61-23eb-11d2-b92f-008048fdd814} <D:\WINNT\system32\MCScripX.dll, Mead & Co Limited> [CEditCtrl Object] {488A4255-3236-44B3-8F27-FA1AECAA8844} <D:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.> [上傳到QQ網路硬碟] <C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A> [新增到QQ自定義面板] <C:\Program Files\Tencent\qq\AddPanel.htm, N/A> [新增到QQ表情] <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A> [用QQ彩信發送該圖片] <C:\Program Files\Tencent\qq\SendMMS.htm, N/A> ================================== 正在執行的工作行程 [PID: 144][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 172][\??\D:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 192][\??\D:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6997> [D:\WINNT\system32\NavLogon.dll] <N/A><N/A> [PID: 220][D:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.7035> [D:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3> [PID: 232][D:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.7011> [PID: 408][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 432][D:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.7059> [PID: 460][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe] <Symantec Corporation><8.00.00.9374> [PID: 480][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 504][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe] <Symantec Corporation><8.00.00.9374> [D:\WINNT\system32\CBA.DLL] <Intel? Corporation><6.12.0.71 E> [D:\WINNT\system32\MsgSys.dll] <Intel? Corporation><6.12.0.71 E> [D:\WINNT\system32\NTS.dll] <Intel? Corporation><6.12.0.71 E> [D:\WINNT\system32\PDS.DLL] <Intel? Corporation><6.12.0.71 E> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVLU.dll] <Symantec Corporation><8.00.00.9374> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\i2ldvp3.dll] <Symantec Corporation><8.00.00.9374> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPI32.DLL] <Symantec Corp.><4.1.0.15> [D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX32a.DLL] <Symantec Corporation><20061.2.0.26> [D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG32.DLL] <Symantec Corporation><20061.2.0.26> [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP32.DLL] <Symantec Corporation><9.0.0.14> [PID: 620][D:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6972> [PID: 652][D:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100> [PID: 728][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 940][D:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690> [D:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><8.00.00.9374> [D:\WINNT\Dll.dll] <N/A><N/A> [PID: 964][D:\WINNT\system32\hkcmd.exe] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxdev.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxhk.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517> [PID: 308][D:\Program Files\Analog Devices\SoundMAX\Smtray.exe] <Analog Devices, Inc.><3, 0, 205, 0> [PID: 1164][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] <Symantec Corporation><8.00.00.9374> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll] <Symantec Corporation><8.00.00.9374> [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><8.00.00.9374> [PID: 1180][D:\WINNT\system32\Internat.exe] <Microsoft Corporation><5.00.2920.0000> [PID: 808][D:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655> [PID: 1288][C:\jstax\jstax.exe] <N/A><N/A> [C:\jstax\PBVM60.dll] <Sybase Inc.><6.5.1.620> [C:\jstax\pbdwe60.dll] <Sybase Inc.><6.5.1.620> [PID: 304][C:\jstax\swdj.exe] <N/A><N/A> [C:\jstax\PBVM60.dll] <Sybase Inc.><6.5.1.620> [C:\jstax\pbdwe60.dll] <Sybase Inc.><6.5.1.620> [C:\jstax\pbSYC60.dll] <Sybase Inc.><6.5.1.620> [C:\jstax\libct.dll] <N/A><N/A> [C:\jstax\libintl.dll] <N/A><N/A> [C:\jstax\libcomn.dll] <N/A><N/A> [C:\jstax\libtcl.dll] <N/A><N/A> [C:\jstax\libcs.dll] <N/A><N/A> [C:\jstax\nlmsnmp.dll] <N/A><N/A> [C:\jstax\nlwnsck.dll] <N/A><N/A> [PID: 684][D:\WINNT\WinRAR.exe] <N/A><N/A> [PID: 340][D:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701> [PID: 540][C:\工具\cureit\_start.exe] <Doctor Web, Ltd.><2.44> [PID: 752][C:\工具\cureit\cureit.exe] <Doctor Web, Ltd.><4, 33, 2, 6080> [C:\工具\cureit\dwebllio.dll] <Doctor Web Ltd.><4, 32, 0, 0> [PID: 1068][D:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106> [D:\WINNT\system32\PWBX3245.IME] <Beijing WangMa Computer General Company.><5.00.000> [D:\WINNT\system\WBX3245.dll] <N/A><N/A> [D:\WINNT\system\WMW3245.dll] <N/A><N/A> [D:\WINNT\system\WMSYS32.dll] <N/A><N/A> [PID: 1332][C:\工具\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["D:\WINNT\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: Symantec AntiVirus 能升級嗎? 不認識這個病毒? Win32.HLLW.Gavir.17 國內的殺毒軟件命名為「維金」病毒,感染EXE格式文件 請把Dr.Web CureIT的殺毒報告發上來,最後有哪幾個病毒清除不掉? D:\WINNT\Dll.dll 這個文件應該有問題,請手動刪除 Q: 星期五我下班前再查了一次,沒發現病毒,可是今天中午又跳出提示rund132.exe出現錯誤,一查又中了, ============================================================================= Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.06080) Copyright (c) Igor Daniloff, 1992-2006 Log generated on: 2006-09-04, 11:52:44 [LSFJ0008][Administrator] Command-line: "C:\工具\cureit\cureit.exe" /lng /ini:cureit_XP.ini Operating system:Windows 2000 Professional x86 (Build 2195), Service Pack 4 ============================================================================= Engine version: 4.33 (4.33.4.07270) Engine API version: 2.01 [Virus base] C:\工具\cureit\crwtoday.cdb - 684 virus records [Virus base] C:\工具\cureit\crw43350.cdb - 1020 virus records [Virus base] C:\工具\cureit\crw43349.cdb - 1008 virus records [Virus base] C:\工具\cureit\crw43348.cdb - 1096 virus records [Virus base] C:\工具\cureit\crw43347.cdb - 707 virus records [Virus base] C:\工具\cureit\crw43346.cdb - 1429 virus records [Virus base] C:\工具\cureit\crw43345.cdb - 1358 virus records [Virus base] C:\工具\cureit\crw43344.cdb - 694 virus records [Virus base] C:\工具\cureit\crw43343.cdb - 1186 virus records [Virus base] C:\工具\cureit\crw43342.cdb - 744 virus records [Virus base] C:\工具\cureit\crw43341.cdb - 841 virus records [Virus base] C:\工具\cureit\crw43340.cdb - 822 virus records [Virus base] C:\工具\cureit\crw43339.cdb - 1071 virus records [Virus base] C:\工具\cureit\crw43338.cdb - 989 virus records [Virus base] C:\工具\cureit\crw43337.cdb - 855 virus records [Virus base] C:\工具\cureit\crw43336.cdb - 1297 virus records [Virus base] C:\工具\cureit\crw43335.cdb - 1195 virus records [Virus base] C:\工具\cureit\crw43334.cdb - 900 virus records [Virus base] C:\工具\cureit\crw43333.cdb - 1381 virus records [Virus base] C:\工具\cureit\crw43332.cdb - 1340 virus records [Virus base] C:\工具\cureit\crw43331.cdb - 2735 virus records [Virus base] C:\工具\cureit\crw43330.cdb - 2078 virus records [Virus base] C:\工具\cureit\crw43329.cdb - 2490 virus records [Virus base] C:\工具\cureit\crw43328.cdb - 743 virus records [Virus base] C:\工具\cureit\crw43327.cdb - 958 virus records [Virus base] C:\工具\cureit\crw43326.cdb - 793 virus records [Virus base] C:\工具\cureit\crw43325.cdb - 713 virus records [Virus base] C:\工具\cureit\crw43324.cdb - 655 virus records [Virus base] C:\工具\cureit\crw43323.cdb - 655 virus records [Virus base] C:\工具\cureit\crw43322.cdb - 778 virus records [Virus base] C:\工具\cureit\crw43321.cdb - 846 virus records [Virus base] C:\工具\cureit\crw43320.cdb - 808 virus records [Virus base] C:\工具\cureit\crw43319.cdb - 764 virus records [Virus base] C:\工具\cureit\crw43318.cdb - 838 virus records [Virus base] C:\工具\cureit\crw43317.cdb - 363 virus records [Virus base] C:\工具\cureit\crw43316.cdb - 730 virus records [Virus base] C:\工具\cureit\crw43315.cdb - 627 virus records [Virus base] C:\工具\cureit\crw43314.cdb - 824 virus records [Virus base] C:\工具\cureit\crw43313.cdb - 842 virus records [Virus base] C:\工具\cureit\crw43312.cdb - 830 virus records [Virus base] C:\工具\cureit\crw43311.cdb - 862 virus records [Virus base] C:\工具\cureit\crw43310.cdb - 853 virus records [Virus base] C:\工具\cureit\crw43309.cdb - 733 virus records [Virus base] C:\工具\cureit\crw43308.cdb - 708 virus records [Virus base] C:\工具\cureit\crw43307.cdb - 839 virus records [Virus base] C:\工具\cureit\crw43306.cdb - 930 virus records [Virus base] C:\工具\cureit\crw43305.cdb - 759 virus records [Virus base] C:\工具\cureit\crw43304.cdb - 721 virus records [Virus base] C:\工具\cureit\crw43303.cdb - 638 virus records [Virus base] C:\工具\cureit\crw43302.cdb - 806 virus records [Virus base] C:\工具\cureit\crw43301.cdb - 504 virus records [Virus base] C:\工具\cureit\crw43300.cdb - 24 virus records [Virus base] C:\工具\cureit\crwebase.cdb - 78674 virus records [Virus base] C:\工具\cureit\cwrtoday.cdb - 227 virus records [Virus base] C:\工具\cureit\cwr43301.cdb - 697 virus records [Virus base] C:\工具\cureit\crwrisky.cdb - 1271 virus records [Virus base] C:\工具\cureit\cwntoday.cdb - 105 virus records [Virus base] C:\工具\cureit\cwn43304.cdb - 793 virus records [Virus base] C:\工具\cureit\cwn43303.cdb - 766 virus records [Virus base] C:\工具\cureit\cwn43302.cdb - 850 virus records [Virus base] C:\工具\cureit\cwn43301.cdb - 773 virus records [Virus base] C:\工具\cureit\crwnasty.cdb - 4867 virus records Total virus records: 138087 Key file: C:\工具\cureit\cureit.key License key number: 0000000010 Registered to: Dr.Web CureIt Project License key activates: 2005-03-05 License key expires: 2007-03-05 ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 0 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 0 Kb/s Scan time: 00:00:00 ----------------------------------------------------------------------------- [Scan path] D:\WINNT\System32\smss.exe [Scan path] D:\WINNT\system32\csrss.exe [Scan path] D:\WINNT\system32\winlogon.exe [Scan path] D:\WINNT\system32\services.exe [Scan path] D:\WINNT\system32\lsass.exe [Scan path] D:\WINNT\system32\svchost.exe [Scan path] D:\WINNT\system32\spoolsv.exe [Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe [Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe [Scan path] D:\WINNT\system32\MSTask.exe [Scan path] D:\WINNT\System32\WBEM\WinMgmt.exe [Scan path] D:\WINNT\Explorer.EXE [Scan path] D:\WINNT\system32\hkcmd.exe [Scan path] D:\Program Files\Analog Devices\SoundMAX\Smtray.exe [Scan path] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [Scan path] D:\WINNT\system32\Internat.exe [Scan path] D:\WINNT\system32\conime.exe [Scan path] D:\Program Files\Internet Explorer\IEXPLORE.EXE [Scan path] D:\WINNT\magicset746onlinedown.exe D:\WINNT\magicset746onlinedown.exe infected with Win32.HLLW.Gavir.17 - will be cured after reboot [Scan path] D:\WINNT\system32\regsvc.exe [Scan path] C:\工具\cureit\_start.exe [Scan path] C:\工具\cureit\cureit.exe [Scan path] D:\WINNT\system32\mobsync.exe [Scan path] D:\WINNT\command\rundll32.exe [Scan path] D:\WINNT\system32\mswdm.exe D:\WINNT\system32\mswdm.exe infected with Trojan.PWS.Gamania - incurable - moved [Scan path] d:\program files\internet explorer\connection wizard\icwconn1.exe [Scan path] D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [Scan path] D:\Program Files\Microsoft Office\Office\OSA9.EXE [Scan path] D:\WINNT\system32\mmsys.cpl [Scan path] D:\WINNT\system32\icmui.dll [Scan path] D:\WINNT\system32\rshx32.dll [Scan path] D:\WINNT\system32\docprop.dll [Scan path] D:\WINNT\system32\ntshrui.dll [Scan path] D:\WINNT\system32\plustab.dll [Scan path] D:\WINNT\system32\deskadp.dll [Scan path] D:\WINNT\system32\deskmon.dll [Scan path] D:\WINNT\system32\dssec.dll [Scan path] D:\WINNT\system32\shscrap.dll [Scan path] D:\WINNT\system32\diskcopy.dll [Scan path] D:\WINNT\system32\ntlanui2.dll [Scan path] D:\WINNT\system32\printui.dll [Scan path] D:\WINNT\system32\dskquoui.dll [Scan path] D:\WINNT\system32\syncui.dll [Scan path] D:\WINNT\system32\hticons.dll [Scan path] D:\WINNT\system32\fontext.dll [Scan path] D:\WINNT\system32\deskperf.dll [Scan path] D:\WINNT\system32\wshext.dll [Scan path] D:\WINNT\system32\cryptext.dll [Scan path] D:\WINNT\system32\NETSHELL.dll [Scan path] D:\WINNT\system32\shdocvw.dll [Scan path] D:\WINNT\system32\mstask.dll [Scan path] D:\WINNT\system32\shell32.dll [Scan path] D:\WINNT\system32\browseui.dll [Scan path] D:\WINNT\system32\sendmail.dll [Scan path] D:\WINNT\system32\occache.dll [Scan path] D:\WINNT\system32\webcheck.dll [Scan path] D:\WINNT\system32\thumbvw.dll [Scan path] D:\WINNT\system32\appwiz.cpl [Scan path] D:\WINNT\system32\dsfolder.dll [Scan path] D:\WINNT\system32\dsquery.dll [Scan path] D:\WINNT\system32\dsuiext.dll [Scan path] D:\WINNT\system32\mydocs.dll [Scan path] D:\WINNT\system32\cscui.dll [Scan path] D:\WINNT\system32\mmcshext.dll [Scan path] D:\WINNT\system32\cabview.dll [Scan path] D:\WINNT\system32\dllcache\wabfind.dll [Scan path] D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll [Scan path] D:\WINNT\system32\cdfview.dll [Scan path] D:\Program Files\Real\RealPlayer\rpshell.dll [Scan path] D:\Program Files\WinRAR\rarext.dll [Scan path] D:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL [Scan path] D:\WINNT\system32\stobject.dll [Scan path] D:\WINNT\system32\crypt32.dll [Scan path] D:\WINNT\system32\cryptnet.dll [Scan path] D:\WINNT\system32\cscdll.dll [Scan path] D:\WINNT\system32\igfxsrvc.dll [Scan path] D:\WINNT\system32\NavLogon.dll [Scan path] D:\WINNT\system32\sclgntfy.dll [Scan path] D:\WINNT\system32\WlNotify.dll [Scan path] D:\WINNT\system32\wzcdlg.dll [Scan path] D:\WINNT\system32\DRIVERS\ACPI.sys [Scan path] D:\WINNT\System32\drivers\afd.sys [Scan path] D:\WINNT\system32\DRIVERS\asyncmac.sys [Scan path] D:\WINNT\system32\DRIVERS\atapi.sys [Scan path] D:\WINNT\system32\DRIVERS\atmarpc.sys [Scan path] D:\WINNT\system32\DRIVERS\audstub.sys [Scan path] d:\winnt\system32\svchost.exe [Scan path] D:\WINNT\system32\DRIVERS\CCDECODE.sys [Scan path] D:\WINNT\system32\DRIVERS\cdrom.sys [Scan path] D:\WINNT\system32\cisvc.exe [Scan path] D:\WINNT\system32\clipsrv.exe [Scan path] D:\WINNT\system32\DRIVERS\disk.sys [Scan path] d:\winnt\system32\dmadmin.exe [Scan path] D:\WINNT\System32\drivers\dmboot.sys [Scan path] D:\WINNT\System32\drivers\dmio.sys [Scan path] D:\WINNT\System32\drivers\dmload.sys [Scan path] D:\WINNT\system32\drivers\DMusic.sys [Scan path] D:\WINNT\system32\DRIVERS\e100bnt5.sys [Scan path] D:\WINNT\system32\faxsvc.exe [Scan path] D:\WINNT\system32\DRIVERS\fdc.sys [Scan path] D:\WINNT\system32\DRIVERS\flpydisk.sys [Scan path] D:\WINNT\system32\drivers\fltmgr.sys [Scan path] D:\WINNT\system32\DRIVERS\fsvga.sys [Scan path] D:\WINNT\system32\DRIVERS\ftdisk.sys [Scan path] D:\WINNT\system32\DRIVERS\msgpc.sys [Scan path] D:\WINNT\system32\DRIVERS\i8042prt.sys [Scan path] D:\WINNT\system32\DRIVERS\ialmnt5.sys [Scan path] D:\WINNT\system32\DRIVERS\intelide.sys [Scan path] D:\WINNT\System32\DRIVERS\ipfltdrv.sys [Scan path] D:\WINNT\system32\DRIVERS\ipinip.sys [Scan path] D:\WINNT\system32\DRIVERS\ipnat.sys [Scan path] D:\WINNT\system32\DRIVERS\ipsec.sys [Scan path] D:\WINNT\System32\DRIVERS\irenum.sys [Scan path] D:\WINNT\system32\DRIVERS\isapnp.sys [Scan path] D:\WINNT\system32\DRIVERS\kbdclass.sys [Scan path] D:\WINNT\system32\drivers\kmixer.sys [Scan path] D:\WINNT\system32\drivers\kmsinput.sys [Scan path] D:\WINNT\system32\mnmsrvc.exe [Scan path] D:\WINNT\system32\DRIVERS\mouclass.sys [Scan path] D:\WINNT\system32\DRIVERS\MPE.sys [Scan path] D:\WINNT\system32\DRIVERS\mrxsmb.sys [Scan path] D:\WINNT\system32\msdtc.exe [Scan path] d:\winnt\system32\msiexec.exe [Scan path] D:\WINNT\system32\drivers\MSKSSRV.sys [Scan path] D:\WINNT\system32\drivers\MSPCLOCK.sys [Scan path] D:\WINNT\system32\drivers\MSPQM.sys [Scan path] D:\WINNT\system32\drivers\MSTEE.sys [Scan path] D:\WINNT\system32\DRIVERS\NABTSFEC.sys [Scan path] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys [Scan path] C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPEL.SYS [Scan path] D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG.sys [Scan path] D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX15.sys [Scan path] D:\WINNT\system32\DRIVERS\ndistapi.sys [Scan path] D:\WINNT\system32\DRIVERS\ndisuio.sys [Scan path] D:\WINNT\system32\DRIVERS\ndiswan.sys [Scan path] D:\WINNT\system32\DRIVERS\netbios.sys [Scan path] D:\WINNT\system32\DRIVERS\netbt.sys [Scan path] D:\WINNT\system32\netdde.exe [Scan path] D:\WINNT\system32\drivers\netdtect.sys [Scan path] D:\WINNT\system32\DRIVERS\nwlnkflt.sys [Scan path] D:\WINNT\system32\DRIVERS\nwlnkfwd.sys [Scan path] D:\WINNT\system32\DRIVERS\parallel.sys [Scan path] D:\WINNT\system32\DRIVERS\parport.sys [Scan path] D:\WINNT\system32\DRIVERS\pci.sys [Scan path] D:\WINNT\system32\DRIVERS\pciide.sys [Scan path] D:\WINNT\system32\DRIVERS\raspptp.sys [Scan path] D:\WINNT\system32\DRIVERS\ptilink.sys [Scan path] D:\WINNT\system32\DRIVERS\rasacd.sys [Scan path] D:\WINNT\system32\DRIVERS\rasl2tp.sys [Scan path] D:\WINNT\system32\DRIVERS\raspti.sys [Scan path] D:\WINNT\system32\drivers\RCA.sys [Scan path] D:\WINNT\system32\DRIVERS\rdbss.sys [Scan path] D:\WINNT\system32\DRIVERS\redbook.sys [Scan path] D:\WINNT\system32\locator.exe [Scan path] d:\winnt\system32\rsvp.exe [Scan path] D:\WINNT\System32\SCardSvr.exe [Scan path] D:\WINNT\system32\DRIVERS\serenum.sys [Scan path] D:\WINNT\system32\DRIVERS\serial.sys [Scan path] D:\WINNT\system32\DRIVERS\SLIP.sys [Scan path] D:\WINNT\system32\drivers\smwdm.sys [Scan path] D:\WINNT\system32\DRIVERS\srv.sys [Scan path] D:\WINNT\system32\DRIVERS\StreamIP.sys [Scan path] D:\WINNT\system32\DRIVERS\swenum.sys [Scan path] D:\WINNT\system32\drivers\swmidi.sys [Scan path] D:\Program Files\Symantec\SYMEVENT.SYS [Scan path] D:\WINNT\system32\drivers\sysaudio.sys [Scan path] D:\WINNT\system32\smlogsvc.exe [Scan path] D:\WINNT\system32\DRIVERS\tcpip.sys [Scan path] D:\WINNT\system32\tlntsvr.exe [Scan path] D:\WINNT\system32\DRIVERS\uhcd.sys [Scan path] D:\WINNT\system32\DRIVERS\update.sys [Scan path] D:\WINNT\System32\ups.exe [Scan path] D:\WINNT\system32\DRIVERS\usbehci.sys [Scan path] D:\WINNT\system32\DRIVERS\usbhub.sys [Scan path] D:\WINNT\system32\DRIVERS\usbhub20.sys [Scan path] D:\WINNT\system32\DRIVERS\USBSTOR.SYS [Scan path] D:\WINNT\System32\UtilMan.exe [Scan path] D:\WINNT\System32\drivers\vga.sys [Scan path] D:\WINNT\system32\DRIVERS\wanarp.sys [Scan path] D:\WINNT\system32\drivers\wdmaud.sys [Scan path] D:\WINNT\system32\DRIVERS\WSTCODEC.SYS [Scan path] D:\WINNT\system32\drivers\ialmsbw.sys [Scan path] D:\WINNT\system32\ntsd.exe ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 185 Infected objects found: 2 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 1 Objects ignored: 0 Scan speed: 361 Kb/s Scan time: 00:01:25 ----------------------------------------------------------------------------- [Scan path] C:\ C:\IBMTOOLS\APPS\ACCESS\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\APPS\ACROBAT\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\APPS\NORTONAV\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\APPS\NORTONAV\NAV\MSSHLIB\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\APPS\NORTONAV\NAV\RESCUE\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SMAXWDM\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SMAXWDM\W2K_XP\INSTALL.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Control Panel\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Sensaura 3D\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\AUDIO\SOUNDMX3\SoundMAX Synthesizer\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\CHIPSET\INTEL\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\IBMTOOLS\DRIVERS\VIDEO\INTEL\WXP\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\power65bak\PB6\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Analog Devices\SoundMAX\install.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Analog Devices\SoundMAX WDM Driver\install.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\MSN Messenger\msnmsgr.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Outlook Express\msimn.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\Setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Real\RealOne Player\realplay.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\Real\RealPlayer\realplay.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\TTPlayer\TTPlayer.exe infected with Win32.HLLW.Gavir.17 - cured C:\Program Files\UltraEdit\uedit32.exe infected with Win32.HLLW.Gavir.17 - cured C:\RECYCLER\S-1-5-21-583907252-1364589140-682003330-500\Dc16.4\Setup.exe infected with Win32.HLLW.Gavir.17 - cured C:\RECYCLER\S-1-5-21-583907252-1364589140-682003330-500\Dc19\APPS\SNMP\AGENT\W2K-WS32\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\wbzx9801\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured C:\writeIC備份\ICsetup\SETUP.EXE infected with Win32.HLLW.Gavir.17 - cured [Scan path] D:\ D:\WINNT\Dll.dll infected with Win32.HLLW.Gavir.17 - will be cured after reboot D:\WINNT\rundl132.exe infected with Win32.HLLW.Gavir.17 - cured D:\WINNT\magicset746onlinedown.exe.delete_on_reboot infected with Win32.HLLW.Gavir.17 - will be cured after reboot D:\WINNT\system32\config\software.LOG - read error D:\WINNT\system32\config\default.LOG - read error D:\WINNT\system32\config\SECURITY - read error D:\WINNT\system32\config\SECURITY.LOG - read error D:\WINNT\system32\config\SYSTEM.ALT - read error D:\WINNT\system32\config\SAM - read error D:\WINNT\system32\config\SAM.LOG - read error D:\WINNT\system32\config\SYSTEM - read error D:\WINNT\system32\config\SOFTWARE - read error D:\WINNT\system32\config\DEFAULT - read error D:\Documents and Settings\Administrator\NTUSER.DAT - read error D:\Documents and Settings\Administrator\NTUSER~1.LOG - read error >D:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\J6WRJTKD\icast[1].txtD:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\STIBCDUN\mhxy[1].exe infected with Trojan.PWS.Gamania - incurable - moved D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLASS.DAT - read error D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error D:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe infected with Win32.HLLW.Gavir.17 - cured D:\Program Files\WinRAR\WinRAR.exe infected with Win32.HLLW.Gavir.17 - cured D:\Program Files\Analog Devices\SoundMAX WDM Driver\install.exe infected with Win32.HLLW.Gavir.17 - cured D:\Program Files\Microsoft Office\Office\EXCEL.EXE infected with Win32.HLLW.Gavir.17 - cured D:\Program Files\Microsoft Office\Office\WINWORD.EXE infected with Win32.HLLW.Gavir.17 - cured D:\Program Files\Real\RealPlayer\realplay.exe infected with Win32.HLLW.Gavir.17 - cured ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 123413 Infected objects found: 37 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 34 Objects deleted: 0 Objects renamed: 0 Objects moved: 1 Objects ignored: 0 Scan speed: 663 Kb/s Scan time: 01:41:25 ----------------------------------------------------------------------------- 2006-09-04,13:45:20 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows 2000 Professional Service Pack 4 (Build 2195) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <Internat.exe><Internat.exe> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <run><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation] <IgfxTray><; D:\WINNT\system32\igfxtray.exe> [Intel Corporation] <HotKeysCmds><D:\WINNT\system32\hkcmd.exe> [Intel Corporation] <Smapp><D:\Program Files\Analog Devices\SoundMAX\Smtray.exe> [Analog Devices, Inc.] <vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation] <TkBellExe><; "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] <Tray><D:\WINNT\command\rundll32.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><D:\WINNT\system32\userinit.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] <WinlogonNotify: NavLogon><D:\WINNT\system32\NavLogon.dll> [] [HKEY_CURRENT_USER\Control Panel\Desktop] <SCRNSAVE.EXE><D:\WINNT\system32\MAT2.scr> [] ================================== 啟動資料夾 [Adobe Gamma Loader] <D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Adobe Gamma Loader.lnk><H> [Microsoft Office] <D:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Microsoft Office.lnk><N> ================================== 服務 [DefWatch / DefWatch] <"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation> [Logical Disk Manager Administrative Service / dmadmin] <D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.> [Kingsoft Personal Firewall Service / KPfwSvc] <"D:\KAV2005\KPfwSvc.EXE"><N/A> [Messenger / Messenger] <\SystemRoot\D:\WINNT\system32\services.exe><N/A> [Symantec AntiVirus Client / Norton AntiVirus Server] <"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation> ================================== 瀏覽器載入項 [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <c:\Program Files\Tencent\QQ\QQ.EXE, N/A> [@msdxmLC.dll,-1@2052,電台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\system32\msdxm.ocx, Microsoft Corporation> [MSN] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <D:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll, N/A> [MeadCo ScriptX] {1663ed61-23eb-11d2-b92f-008048fdd814} <D:\WINNT\system32\MCScripX.dll, Mead & Co Limited> [CEditCtrl Object] {488A4255-3236-44B3-8F27-FA1AECAA8844} <D:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.> [上傳到QQ網路硬碟] <C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A> [新增到QQ自定義面板] <C:\Program Files\Tencent\qq\AddPanel.htm, N/A> [新增到QQ表情] <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A> [用QQ彩信發送該圖片] <C:\Program Files\Tencent\qq\SendMMS.htm, N/A> ================================== 正在執行的工作行程 [PID: 144][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 172][\??\D:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 192][\??\D:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6997> [D:\WINNT\system32\NavLogon.dll] <N/A><N/A> [PID: 220][D:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.7035> [D:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3> [PID: 232][D:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.7011> [PID: 404][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 428][D:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.7059> [PID: 456][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe] <Symantec Corporation><8.00.00.9374> [PID: 476][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 508][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe] <Symantec Corporation><8.00.00.9374> [D:\WINNT\system32\CBA.DLL] <Intel? Corporation><6.12.0.71 E> [D:\WINNT\system32\MsgSys.dll] <Intel? Corporation><6.12.0.71 E> [D:\WINNT\system32\NTS.dll] <Intel? Corporation><6.12.0.71 E> [D:\WINNT\system32\PDS.DLL] <Intel? Corporation><6.12.0.71 E> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVLU.dll] <Symantec Corporation><8.00.00.9374> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\i2ldvp3.dll] <Symantec Corporation><8.00.00.9374> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPI32.DLL] <Symantec Corp.><4.1.0.15> [D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVEX32a.DLL] <Symantec Corporation><20061.2.0.26> [D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.022\NAVENG32.DLL] <Symantec Corporation><20061.2.0.26> [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP32.DLL] <Symantec Corporation><9.0.0.14> [D:\PROGRA~1\COMMON~1\SYMANT~1\SSC\Scandlgs.dll] <Symantec Corporation><8.00.00.9374> [C:\PROGRA~1\SYMANT~1\SYMANT~1\DecSDK.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2ID.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2UUE.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2AMG.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2ARJ.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2CAB.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2EXE.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2GZIP.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2HQX.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2LHA.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2LZ.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2MIME.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2SS.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2RTF.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2TAR.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2TNEF.dll] <Symantec Corporation><3.02.07.19> [C:\PROGRA~1\SYMANT~1\SYMANT~1\Dec2ZIP.dll] <Symantec Corporation><3.02.07.19> [PID: 624][D:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6972> [PID: 656][D:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100> [PID: 720][D:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 868][D:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690> [D:\WINNT\system32\igfxcpl.cpl] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxress.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3,0,0,1517> [D:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [D:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><8.00.00.9374> [D:\WINNT\system32\igfxpph.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxdev.dll] <Intel Corporation><3,0,0,1517> [PID: 412][D:\WINNT\system32\hkcmd.exe] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxdev.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxhk.dll] <Intel Corporation><3,0,0,1517> [D:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,1517> [PID: 1104][D:\Program Files\Analog Devices\SoundMAX\Smtray.exe] <Analog Devices, Inc.><3, 0, 205, 0> [PID: 1144][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] <Symantec Corporation><8.00.00.9374> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll] <Symantec Corporation><8.00.00.9374> [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1> [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><8.00.00.9374> [PID: 1168][D:\WINNT\system32\Internat.exe] <Microsoft Corporation><5.00.2920.0000> [PID: 1284][D:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655> [PID: 536][D:\WINNT\magicset746onlinedown.exe] <N/A><N/A> [PID: 1236][D:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701> [PID: 1384][C:\工具\cureit\_start.exe] <Doctor Web, Ltd.><2.44> [PID: 1356][C:\工具\cureit\cureit.exe] <Doctor Web, Ltd.><4, 33, 2, 6080> [C:\工具\cureit\dwebllio.dll] <Doctor Web Ltd.><4, 32, 0, 0> [D:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL] <N/A><N/A> [PID: 1348][D:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106> [D:\WINNT\system32\PWBX3245.IME] <Beijing WangMa Computer General Company.><5.00.000> [D:\WINNT\system\WBX3245.dll] <N/A><N/A> [D:\WINNT\system\WMW3245.dll] <N/A><N/A> [D:\WINNT\system\WMSYS32.dll] <N/A><N/A> [PID: 1480][C:\工具\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP Error. [winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: <Tray><D:\WINNT\command\rundll32.exe> [] 刪除此啟動項 D:\WINNT\command\rundll32.exe 刪除這個文件 請樓主檢查一下,局域網內其他電腦是否也中了這個毒? Win32.HLLW.Gavir.17 Viking病毒會通過網路傳播的 Windows 2000系統沒有自帶防火牆,因此對網路上面的病毒沒有防禦能力 建議裝一個防火牆軟件,如ZoneAlarm 6.0 Free 版。同時用殺毒軟件清理本機上的病毒 |
Q:
【求助】IE被修改~怎麼也改不回來,求救 2006-09-04,14:55:45 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit> [NVIDIA Corporation] <Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] <Realplayer.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] <Messager.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] <run><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation] <nwiz><nwiz.exe /install> [NVIDIA Corporation] <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation] <Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] <Realplayer.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] <Messager.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] ================================== 啟動資料夾 服務 [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> ================================== 瀏覽器載入項 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [Recorder Control] {2423AB16-9F42-457B-A337-FE3B11964DB0} <C:\PROGRA~1\bluesky\BLUESK~1\recorder.ocx, Bluesky Studio (http://www.bluesky.cn)> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [BlueskyVideo Control] {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} <C:\PROGRA~1\bluesky\BLUESK~1\v2.ocx, 藍天工作室(http://www.bluesky.cn)> [Share Control] {3072B1F1-0C4D-4E76-A7C6-FBAF129DBCC9} <C:\PROGRA~1\bluesky\BLUESK~1\share.ocx, http://www.bluesky.cn> [HHCtrl Object] {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [PP Control] {7005341F-8E42-47E3-987B-3DBE6288048C} <C:\PROGRA~1\bluesky\BLUESK~1\pp.ocx, Bluesky Studio (http://www.bluesky.cn)> [Videohelp Control] {75B75D86-D88B-4BEA-BC59-BFD9D7300518} <C:\PROGRA~1\bluesky\BLUESK~1\VIDEOH~1.OCX, Bluesky Studio(http://www.bluesky.cn)> [Microsoft Web 瀏覽器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [Filetran Control] {88734439-46D0-42C0-A13F-7E881EE550CF} <C:\PROGRA~1\bluesky\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)> [Chat Control] {94EFE58C-E678-4808-AD65-24CE4B94C1FE} <C:\PROGRA~1\bluesky\BLUESK~1\chat.ocx, Bluesky Studio(http://www.bluesky.cn)> [Blueskyvoice Control] {991481A7-4669-4e15-8C24-100404E1F5CB} <C:\PROGRA~1\bluesky\BLUESK~1\BLUESK~1.OCX, 藍天工作室(http://www.bluesky.cn)> [Display Control] {A1D97DB3-E564-4743-B2E7-6F5182CBF406} <C:\PROGRA~1\bluesky\BLUESK~1\display.ocx, Bluesky Studio (http://www.bluesky.cn)> [Tracechat Control] {A40335C4-D3D1-4E7B-9130-039CDA5B603C} <C:\PROGRA~1\bluesky\BLUESK~1\TRACEC~1.OCX, bluesky studio> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [Blueskyvoice Control] {BA0F088C-72C1-475a-92F8-42391DEF6961} <C:\PROGRA~1\bluesky\BLUESK~1\BLUESK~2.OCX, 藍天工作室(http://www.bluesky.cn)> [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation> [Client Control] {C7B0C764-5D4E-433E-A854-591F28520577} <C:\PROGRA~1\bluesky\BLUESK~1\client.ocx, > [Play Control] {CC20DDA1-9A21-4DEC-B5BE-E61E0351FCA9} <C:\PROGRA~1\bluesky\BLUESK~1\play.ocx, Bluesky Studio (http://www.bluesky.cn)> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.> [&使用迅雷下載] <F:\迅雷\Thunder\geturl.htm, N/A> [&使用迅雷下載全部鏈接] <F:\迅雷\Thunder\getallurl.htm, N/A> [使用網際快車下載] <F:\FlashGet\jc_link.htm, N/A> [使用網際快車下載全部鏈接] <F:\FlashGet\jc_all.htm, N/A> ================================== 正在執行的工作行程 [PID: 444][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 508][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 532][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 576][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 588][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 740][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 796][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 856][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 904][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 952][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1240][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\Program Files\Tencent\QQ\RTraveler.dll] <N/A><N/A> [C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.7776> [C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7776> [C:\WINDOWS\system32\nvshell.dll] <NVIDIA Corporation><6.14.10.10530> [C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62> [PID: 1280][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1412][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.10> [PID: 1524][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1552][C:\WINDOWS\system32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\NVMCTRAY.DLL] <NVIDIA Corporation><6.14.10.7776> [C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7776> [PID: 1568][C:\Program Files\Tencent\QQ\Messenger.exe] <N/A><N/A> [PID: 1828][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.7776> [PID: 1880][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)> [PID: 780][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 988][C:\WINDOWS\system32\wscntfy.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 224][E:\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [E:\sreng2\SREng2\Plugins\SREngPluginDemo.SRE] <Smallfrogs Studio><1, 1, 1, 0> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: 先問一下,IE的主頁被修改為什麼網址??? 1. 可以的話,把以下檔案壓縮好,上傳到樣本區 C:\Program Files\Tencent\QQ\RTraveler.dll C:\Program Files\Tencent\QQ\Messenger.exe 2. 按 [Copy to clipboard] 複製以下所有文字 CODE: OptionStatusOn OptionSetStatus Terminating processes... ProcessKill \Messenger.exe|1 ProcessKill \explorer.exe|1 OptionSetStatus Deleting files... OptionOnDeleteFailUseReboot FileDelete C:\Program Files\Tencent\QQ\RTraveler.dll FileDelete C:\Program Files\Tencent\QQ\Messenger.exe OptionSetStatus Cleaning Registry... RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Realplayer.exe RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Messenger.exe RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Messager.exe RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Realplayer.exe RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Messenger.exe RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Messager.exe OptionSetStatus Setting IE Start Page to about:blank RegSetStringValue HKCU\Software\Microsoft\Internet Explorer\Main|Start Page|about:blank OptionSetStatus Emptying the Temp folder... SystemEmptyTempFolder SystemRun %WINDIR%\explorer.exe SystemRestart Some files cannot be deleted now.Please reboot your computer!|1 [Copy to clipboard] a) 開始---->所有程式---->附屬應用程式---->記事本 b) 按 Ctrl + V/右click貼上剛才複製的內容,按 檔案 ----> 儲存 c) 改 檔案類型:所有檔案 ,檔案名稱為 delete.bfu ,儲存到桌面 3. a)下載 Brute Force Uninstaller ,解壓到桌面,執行bfu.exe b) 按一下 黃色資料夾,選取剛才的delete.bfu c) 按 Execute ,之後會提示你重新啟動電腦,按 Y / 是 重新啟動電腦 d) 重新啟動後,掃瞄一個新的SREng log上黎 Q: [url]http://7b.com.cn/[url] 這個網址`~還有另一個的`現在不記得了~ A: 好的~先跟著步驟做一次看看 把它上傳樣本區..專門==偵毒往網掃掃看.... Q: 2006-09-04,15:22:12 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit> [NVIDIA Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] <run><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation] <nwiz><nwiz.exe /install> [NVIDIA Corporation] <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] ================================== 啟動資料夾 服務 [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> ================================== 瀏覽器載入項 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [Recorder Control] {2423AB16-9F42-457B-A337-FE3B11964DB0} <C:\PROGRA~1\bluesky\BLUESK~1\recorder.ocx, Bluesky Studio (http://www.bluesky.cn)> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [BlueskyVideo Control] {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} <C:\PROGRA~1\bluesky\BLUESK~1\v2.ocx, 藍天工作室(http://www.bluesky.cn)> [Share Control] {3072B1F1-0C4D-4E76-A7C6-FBAF129DBCC9} <C:\PROGRA~1\bluesky\BLUESK~1\share.ocx, http://www.bluesky.cn> [HHCtrl Object] {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [PP Control] {7005341F-8E42-47E3-987B-3DBE6288048C} <C:\PROGRA~1\bluesky\BLUESK~1\pp.ocx, Bluesky Studio (http://www.bluesky.cn)> [Videohelp Control] {75B75D86-D88B-4BEA-BC59-BFD9D7300518} <C:\PROGRA~1\bluesky\BLUESK~1\VIDEOH~1.OCX, Bluesky Studio(http://www.bluesky.cn)> [Microsoft Web 瀏覽器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [Filetran Control] {88734439-46D0-42C0-A13F-7E881EE550CF} <C:\PROGRA~1\bluesky\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)> [Chat Control] {94EFE58C-E678-4808-AD65-24CE4B94C1FE} <C:\PROGRA~1\bluesky\BLUESK~1\chat.ocx, Bluesky Studio(http://www.bluesky.cn)> [Blueskyvoice Control] {991481A7-4669-4e15-8C24-100404E1F5CB} <C:\PROGRA~1\bluesky\BLUESK~1\BLUESK~1.OCX, 藍天工作室(http://www.bluesky.cn)> [Display Control] {A1D97DB3-E564-4743-B2E7-6F5182CBF406} <C:\PROGRA~1\bluesky\BLUESK~1\display.ocx, Bluesky Studio (http://www.bluesky.cn)> [Tracechat Control] {A40335C4-D3D1-4E7B-9130-039CDA5B603C} <C:\PROGRA~1\bluesky\BLUESK~1\TRACEC~1.OCX, bluesky studio> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [Blueskyvoice Control] {BA0F088C-72C1-475a-92F8-42391DEF6961} <C:\PROGRA~1\bluesky\BLUESK~1\BLUESK~2.OCX, 藍天工作室(http://www.bluesky.cn)> [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation> [Client Control] {C7B0C764-5D4E-433E-A854-591F28520577} <C:\PROGRA~1\bluesky\BLUESK~1\client.ocx, > [Play Control] {CC20DDA1-9A21-4DEC-B5BE-E61E0351FCA9} <C:\PROGRA~1\bluesky\BLUESK~1\play.ocx, Bluesky Studio (http://www.bluesky.cn)> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.> [&使用迅雷下載] <F:\迅雷\Thunder\geturl.htm, N/A> [&使用迅雷下載全部鏈接] <F:\迅雷\Thunder\getallurl.htm, N/A> [使用網際快車下載] <F:\FlashGet\jc_link.htm, N/A> [使用網際快車下載全部鏈接] <F:\FlashGet\jc_all.htm, N/A> ================================== 正在執行的工作行程 [PID: 444][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 508][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 532][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 576][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 588][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 740][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 796][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 856][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 908][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1004][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1236][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.7776> [C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7776> [C:\WINDOWS\system32\nvshell.dll] <NVIDIA Corporation><6.14.10.10530> [C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62> [PID: 1272][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1408][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.10> [PID: 1432][C:\WINDOWS\system32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\NvMcTray.dll] <NVIDIA Corporation><6.14.10.7776> [C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7776> [PID: 1440][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1712][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.7776> [PID: 1760][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)> [PID: 400][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 852][C:\WINDOWS\system32\wscntfy.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1488][E:\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: log沒問題~ 問題解決了 |
Q:
【求助】不知為什麼我的電腦用著用著,就會自動當機!!! 不知為什麼我的電腦用著用著,就會自動當機!!! 請各位幫我看看是什麼回事?? 2006-09-03,12:10:58 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 1 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation] <iDuba Personal FireWall><C:\KAV6\Kavpfw.EXE> [Kingsoft Corporation] <Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] <Realplayer.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] <Messager.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <iDuba Personal FireWall><C:\KAV6\Kavpfw.EXE> [Kingsoft Corporation] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <iparmor><rem C:\Program Files\Iparmor\Iparmor.exe mini> [] <KAVRun><C:\KAV6\KAVRun.EXE> [kingsoft] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [NVIDIA Corporation] <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation] <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] <Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] <SOUNDM><winsmd.exe> [] <Realplayer.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] <Messager.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\updown.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] [HKEY_CURRENT_USER\Control Panel\Desktop] <SCRNSAVE.EXE><C:\KAV6\KaScrScn.scr> [] ================================== 啟動資料夾 服務 [Autodesk Licensing Service / Autodesk Licensing Service] <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk, Inc.> [C-DillaCdaC11BA / C-DillaCdaC11BA] <C:\WINDOWS\System32\drivers\CDAC11BA.EXE><Macrovision> [DirectX Graphics / dxdmain] <C:\WINDOWS\System32\dxdmain.exe><N/A> [InstallDriver Table Manager / IDriverT] <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation> [JMediaService / JMediaService] <C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service><N/A> [Local Security Authority Server / LSA Server] <C:\WINDOWS\System32\lsasrv.exe><N/A> [Local Security Authority Subsystem Service / lsass] <"C:\WINDOWS\lsass.exe"><N/A> [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation> [VKTServ / VKTServ] <C:\WINDOWS\System32\VKTServ.exe><N/A> [wint / wint] <C:\WINDOWS\System32\RunDLL32.exe "C:\WINDOWS\System32\wint\wint.dll",Run -r><N/A> ================================== 瀏覽器載入項 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\System32\xunleibho_v4.dll, > [KAVIEHelper Class] {1B2F92A1-CDAF-4511-9382-91E3F5CE0880} <C:\Program Files\KOS\KOSIEBar.dll, 金山軟件股份有限公司> [Router Layer] {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} <C:\WINDOWS\System32\aclayer.dll, N/A> [IeCatch2 Class] {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft> [浩方對戰平台] {0A155D3C-68E2-4215-A47A-E800A446447A} <C:\Program Files\浩方對戰平台\GameClient.exe, 上海浩方線上訊息技術有限公司> [金山毒霸安全助手] {EF72500A-C234-46C4-BF0A-9AA6913DDF34} <C:\Program Files\KOS\KOSIEBar.dll, 金山軟件股份有限公司> [系統標準按鍵(&E)] {6B2455FD-3669-4555-8DF8-69FD5BC846F8} <C:\WINDOWS\system32\SystemToolbar.dll, N/A> [使用網際快車下載] <C:\Program Files\FlashGet\jc_link.htm, N/A> [使用網際快車下載全部鏈接] <C:\Program Files\FlashGet\jc_all.htm, N/A> [新增到QQ自定義面板] <C:\Program Files\Tencent\qq\AddPanel.htm, N/A> [新增到QQ表情] <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A> ================================== 正在執行的工作行程 [PID: 552][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [PID: 620][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 644][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [PID: 688][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 700][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [PID: 872][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 972][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 1108][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 1120][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 1332][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.1699 (xpsp2.050610-1533)> [PID: 1612][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)> [C:\WINDOWS\System32\AcSignIcon.dll] <Autodesk><16.1.63.0> [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.1.63.0> [C:\Program Files\Tencent\QQ\RTraveler.dll] <N/A><N/A> [C:\WINDOWS\System32\KB4553736.LOG] <N/A><N/A> [C:\WINDOWS\System32\xunleibho_v4.dll] <><4, 3, 2, 29> [C:\PROGRA~1\FLASHGET\jccatch.dll] <Amaze Soft><1, 1, 4, 0> [PID: 248][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.1622> [PID: 288][C:\Program Files\Tencent\QQ\Messenger.exe] <N/A><N/A> [PID: 344][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [PID: 956][C:\WINDOWS\System32\drivers\CDAC11BA.EXE] <Macrovision><4.20.030> [PID: 1048][C:\WINDOWS\System32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.5303> [PID: 224][C:\Program Files\SkyNet\FireWall\PFW.exe] <廣州眾達天網技術有限公司><2.7.7.1004> [C:\Program Files\SkyNet\FireWall\SKYMISC.DLL] <N/A><N/A> [C:\Program Files\SkyNet\FireWall\COMPRESSWRAP.DLL] <N/A><N/A> [PID: 472][C:\Program Files\Vnet\VnetClient.exe] <><1, 0, 0, 1> [C:\WINDOWS\system32\Maxthonz.dll] <N/A><N/A> [C:\WINDOWS\System32\Macromed\Flash\FLASH.OCX] <Macromedia, Inc.><7,0,19,0> [PID: 768][C:\Program Files\Common Files\Real\Update_OB\realevent.exe] <RealNetworks, Inc.><0.1.0.1622> [C:\WINDOWS\System32\PNCRT.dll] <Real Networks, Inc><6.0.0.0> [C:\Program Files\Common Files\Real\Update_OB\rnms3270.dll] <RealNetworks, Inc.><7.0.0.1452> [C:\Program Files\Common Files\Real\Common\objb3201.dll] <RealNetworks, Inc.><0.1.0.3389> [C:\Program Files\Common Files\Real\RCAPlugins\uisy3201.dll] <RealNetworks, Inc.><0.1.0.1760> [C:\Program Files\Common Files\Real\Update_OB\rnad3201.dll] <RealNetworks, Inc.><0.1.0.1622> [C:\Program Files\Common Files\Real\Update_OB\rnqu3270.dll] <RealNetworks, Inc.><7.0.0.1685> [C:\Program Files\Common Files\Real\Update_OB\setu3270.dll] <RealNetworks, Inc.><7.0.0.2311> [C:\Program Files\Common Files\Real\Plugins\http3260.dll] <RealNetworks, Inc.><6.0.7.4278> [PID: 848][C:\Program Files\Common Files\Real\Update_OB\realevent.exe] <RealNetworks, Inc.><0.1.0.1622> [C:\WINDOWS\System32\PNCRT.dll] <Real Networks, Inc><6.0.0.0> [C:\Program Files\Common Files\Real\Update_OB\upgr3270.dll] <RealNetworks, Inc.><7.0.0.1675> [C:\Program Files\Common Files\Real\Common\objb3201.dll] <RealNetworks, Inc.><0.1.0.3389> [C:\Program Files\Common Files\Real\Update_OB\setu3270.dll] <RealNetworks, Inc.><7.0.0.2311> [C:\Program Files\Common Files\Real\Update_OB\rnqu3270.dll] <RealNetworks, Inc.><7.0.0.1685> [C:\Program Files\Common Files\Real\Update_OB\rnup3270.dll] <RealNetworks, Inc.><7.0.0.1052> [C:\Program Files\Common Files\Real\Update_OB\twebbrowse.dll] <RealNetworks, Inc.><1.0.2.311> [C:\Program Files\Common Files\Real\Update_OB\faus3270.dll] <RealNetworks, Inc.><7.0.0.1362> [C:\Program Files\Common Files\Real\Common\pnrs3260.dll] <RealNetworks, Inc.><6.0.9.2068> [C:\Program Files\Common Files\Real\Update_OB\rnad3201.dll] <RealNetworks, Inc.><0.1.0.1622> [C:\Program Files\Common Files\Real\Update_OB\rnms3270.dll] <RealNetworks, Inc.><7.0.0.1452> [C:\Program Files\Common Files\Real\Plugins\http3260.dll] <RealNetworks, Inc.><6.0.7.4278> [PID: 1884][C:\Program Files\FlashGet\flashget.exe] <Amaze Soft><1, 6, 5, 0> [C:\WINDOWS\system32\Maxthonz.dll] <N/A><N/A> [C:\WINDOWS\System32\Macromed\Flash\FLASH.OCX] <Macromedia, Inc.><7,0,19,0> [PID: 1956][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A> [C:\WINDOWS\System32\AcSignIcon.dll] <Autodesk><16.1.63.0> [PID: 492][C:\DOCUME~1\Naquan\LOCALS~1\Temp\Rar$EX02.625\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> ================================== 文件關聯 .TXT Error. [C:\WINDOWS\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. [C:\WINDOWS\hh.exe %1] .HLP Error. [C:\WINDOWS\winhlp32.exe %1] .INI Error. [C:\WINDOWS\NOTEPAD.EXE %1] .INF Error. [C:\WINDOWS\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== ; A: 很多LJ.... 1. 用 GMER 做個Rootkit Scan a) 下載 GMER 並解壓gmer.zip b) 執行gmer.exe ----> Rootkit c) 確認選取了所有專案 ( Show All 除外), 按 Scan d) 掃瞄完成後, 按 Copy複製掃瞄結果,在這裡貼上你的掃瞄結果 2. 使用SREng (相關操作說明) -刪除以下的啟動項 <Messenger.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] <Realplayer.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] <Messager.exe><C:\Program Files\Tencent\QQ\Messenger.exe> [] <SOUNDM><winsmd.exe> [] -修改Userinit的數值為 C:\WINDOWS\System32\userinit.exe, -刪除以下的服務 [DirectX Graphics / dxdmain] <C:\WINDOWS\System32\dxdmain.exe><N/A> [JMediaService / JMediaService] <C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service><N/A> [Local Security Authority Server / LSA Server] <C:\WINDOWS\System32\lsasrv.exe><N/A> [Local Security Authority Subsystem Service / lsass] <"C:\WINDOWS\lsass.exe"><N/A> [wint / wint] <C:\WINDOWS\System32\RunDLL32.exe "C:\WINDOWS\System32\wint\wint.dll",Run -r><N/A> -刪除以下瀏覽器載入項 [Router Layer] {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} <C:\WINDOWS\System32\aclayer.dll, N/A> [系統標準按鍵(&E)] {6B2455FD-3669-4555-8DF8-69FD5BC846F8} <C:\WINDOWS\system32\SystemToolbar.dll, N/A> -修復以下文件關聯 .TXT Error. [C:\WINDOWS\NOTEPAD.EXE %1] .CHM Error. [C:\WINDOWS\hh.exe %1] .HLP Error. [C:\WINDOWS\winhlp32.exe %1] .INI Error. [C:\WINDOWS\NOTEPAD.EXE %1] .INF Error. [C:\WINDOWS\NOTEPAD.EXE %1] 3. a) 下載 Pocket KillBox 並儲存到桌面 b) 按 [Copy to clipboard] 複製以下所有文字 CODE: C:\WINDOWS\system32\Maxthonz.dll C:\WINDOWS\System32\KB4553736.LOG C:\WINDOWS\System32\wint\wint.dll C:\WINDOWS\System32\dxdmain.exe C:\WINDOWS\System32\lsasrv.exe C:\WINDOWS\lsass.exe [Copy to clipboard] c) 執行 killbox.exe ,選 Delete on Reboot,再選 All Files d) 按 File ---> Paste from Clipboard e) 再按 紅色交叉(Delete File) , 當有提示時,按 Yes,另一個再按 No 電腦會自動重新啟動,如果沒有,請自行重新啟動電腦 4. 掃瞄新的SREng log上來 Q: 問當機了還開的了幾嗎? 我還要斷電源才可以開機 A: 請參考 - SREng常用操作說明 刪除給你的建議。如果不能刪除,說明具體遇到的問題。 建議在安全模式下嘗試刪除 下載老九 WinPE 最終修改版 http://laomaotao.u.winzheng.com/ 用虛擬光碟載入BootCD.ISO 或者直接用WinRAR解壓縮。執行 WINPE安裝 資料夾中的可執行程式 安裝.EXE。直接按照提示操作即可。 重啟電腦,進入WinPE 工具箱,在WinPE環境下刪除C硬碟中存在的木馬、病毒文件。注意文件的路徑,別把系統文件誤刪了 |
Q:
【求助】老大,我電腦裡有不明飛行物(有DOS視窗不斷跳出又立即消失),995那可憐的電腦啊!! 我只是打開一個瀏覽器,以下是掃瞄結果: 2006-09-20,20:25:45 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] <caishowmanage><C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE> [] <Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe> [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] <rx><C:\WINDOWS\system32\explore.exe> [] <wow><C:\WINDOWS\system32\Launcher.exe> [] <zz><C:\WINDOWS\system32\intenet.exe> [] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <nwiz><nwiz.exe /install> [] <SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.] <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [] <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe> [Tencent] <DesktopMemo><"C:\Program Files\DeskMemo\Deskmemo.exe"> [] <Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe> [] <CnsMin><8V?> [] <Torjan Program><C:\WINDOWS\WINLOGON.EXE> [wa1vTRVHCVJwSh8Xf92t] <ToP><C:\WINDOWS\LSASS.exe> [] <softbox><C:\WINDOWS\system32\softbox.exe> [bcnet] <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [] <RichMedia><C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows> [Shanghai Henbang Technology Co., Ltd] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] <kokv><C:\WINDOWS\system32\019i8e1.exe> [] <Alexa><C:\WINDOWS\system32\qproecss.exe> [] <Ver><2006.07.20> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe 1> [] <Userinit><userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <DelayRun><C:\WINDOWS\019d8e10.dll> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [] <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [] <StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [] ================================== 啟動資料夾 [IE-Bar] <C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\IE-Bar.lnk><N> ================================== 服務 [Performance Moniter / MOBILL] <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL,Export 1087><N/A> [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> [Rising Personal Firewall Service / RfwService] <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Corporation Limited> [Rising Process Communication Center / RsCCenter] <C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE><Beijing Rising Technology Co., Ltd.> [RsRavMon Service / RsRavMon] <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [SVCHAST / SystemInspect] <C:\Program Files\SystemInspect\SVCHAST.exe><N/A> 瀏覽器載入項 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v13.dll, Thunder Networking Technologies,LTD> [Tencent Browser Helper] {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent> [MyIEHelper Class] {16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5025.dll, N/A> [Adobe-Plugins Manager] {2AFA7CEC-26D9-4256-AF57-497A13180BA5} <C:\WINDOWS\System32\Agm.dll, AdoBeSoft Co.> [Yahoo!Photo] {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China> [AntiFish Class] {38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, yahoo! china> [CaiShowBH Class] {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>> [] {3D898C55-74CC-4B7C-B5F1-45913F368388} <C:\PROGRA~1\SYSTEM~1\SYSTEM~1.DLL, N/A> [raObject Class] {46F194EB-B7DB-4B7A-BD42-5FF39FD17664} <C:\PROGRA~1\pcast\hbcast.dll, Shanghai Henbang Technology Co., Ltd> [VnetCookie Class] {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, > [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <F:\應用軟件\聊天軟件\QQ2006BETA2SP1 雙顯IP版\azcx\Tencent\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [NetAccelerate Class] {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\wuwebex.dll, Microsoft Corporation> [DragSearch BHO] {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china> [] {669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\ssup.dll, TENCENT> [CpapView Class] {77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\Rundl132.dll, N/A> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD> [Schedule Class] {8B316DA1-9950-4926-B9EA-1AEC124AFA45} <C:\WINDOWS\system32\sscli.dll, > [] {958E3537-7E8D-4B4F-BF80-A39E6FEEF27B} <C:\WINDOWS\system32\Dgit.dll, N/A> [perfdp] {995FF616-7583-4D6B-9675-EED24EDC93BB} <C:\WINDOWS\system32\perfidp.dll, > [WinSC Class] {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A> [] {9C082F6C-91E4-4FC4-9280-186674ACCF83} <C:\WINDOWS\system32\Jkpl.dll, N/A> [Spoolsv Class] {9C363D55-07D7-433d-A13E-D9C105202F6F} <C:\WINDOWS\system32\drivers\spoolsv.dll, > [DDOC] {A64E86D2-203D-4145-AA9B-2425BAF568E9} <C:\WINDOWS\system32\henroer.dll, > [Google Toolbar Helper] {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.> [Macromedia. Flash8 Object] {C61A70F3-505E-4B90-916F-627A8706B4BC} <c:\WINDOWS\system32\FlashPlayer8OCX.dll, N/A> [QuickBtn] {D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} <C:\Program Files\kuzhan\kuzhan.dll, Fengcent> [51響導] {D271A289-57EB-4D0E-9131-A0CD25D4D1F8} <C:\WINDOWS\system32\browsewmzero.dll, N/A> [Windows ToyClass] {E3DB85B5-C559-4894-B474-42E89FAA1EFD} <C:\WINDOWS\system32\wlbs.dll, N/A> [BHelper Class] {F2E37336-BFDB-409B-8D0E-6F013C438B20} <C:\WINDOWS\system\019o8e11.dll, N/A> [XBTP01967 Class] {F3E19DD9-6D5B-4867-A057-1EFFFC62322E} <C:\WINDOWS\Temp\tbu1A\Toolbar.dll, N/A> [assist] {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll, Yahoo! China> [啟動迅雷] {0062C9BD-B349-40DE-91A0-755F37ACD559} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD> [QuickBtn] {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\kuzhan\kuzhan.dll, Fengcent> [上網助手] {5D73EE86-05F1-49ed-B850-E423120EC338} <http://assistant.3721.com/index.htm, N/A> [手機短信] {5DA5CC16-90A8-4c78-AB5E-596BAEDD1289} <http://sms.3721.com/ie/index.htm, N/A> [微軟] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.microsoft.com/china/index.htm, N/A> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\QQ2005\QQ.EXE, N/A> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <F:\應用軟件\聊天軟件\QQ2006BETA2SP1 雙顯IP版\azcx\Tencent\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [Yahoo! Messenger] {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <F:\應用軟件\聊天軟件\雅虎通\安裝程式\Messenger\YahooMessenger.exe, Yahoo! Inc.> [] {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://assistant.3721.com/security1.htm, N/A> [] {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://assistant.3721.com/clean1.htm, N/A> [&Google] {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.> [TT33定向搜索] {D940F380-49C7-4A05-9E33-53930AF5768F} <C:\WINDOWS\Temp\tbu1A\Toolbar.dll, N/A> [雅虎助手] {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, yahoo! china> [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft? Corporation> [WebActivater Control] {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\system32\WEBACT~1.OCX, QQ> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v13.dll, Thunder Networking Technologies,LTD> [Google Script Object] {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.> [IEMonitor Class] {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\Program Files\DeskAdTop\deskipn.dll, N/A> [Tencent Browser Helper] {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent> [MyIEHelper Class] {16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5025.dll, N/A> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [Adobe-Plugins Manager] {2AFA7CEC-26D9-4256-AF57-497A13180BA5} <C:\WINDOWS\System32\Agm.dll, AdoBeSoft Co.> [Yahoo!Photo] {33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China> [AntiFish Class] {38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, yahoo! china> [CaiShowBH Class] {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>> [] {3D898C55-74CC-4B7C-B5F1-45913F368388} <C:\PROGRA~1\SYSTEM~1\SYSTEM~1.DLL, N/A> [雅虎助手] {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, yahoo! china> [raObject Class] {46F194EB-B7DB-4B7A-BD42-5FF39FD17664} <C:\PROGRA~1\pcast\hbcast.dll, Shanghai Henbang Technology Co., Ltd> [VnetCookie Class] {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, > [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <F:\應用軟件\聊天軟件\QQ2006BETA2SP1 雙顯IP版\azcx\Tencent\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [NetAccelerate Class] {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\wuwebex.dll, Microsoft Corporation> [Yahoo!Live] {57421194-58FB-49AE-9B4F-FD48869B9AD4} <C:\Program Files\Yahoo!\Assistant\yaLive.dll, yahoo! china> [DragSearch BHO] {62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china> [] {669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\ssup.dll, TENCENT> [CpapView Class] {77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\Rundl132.dll, N/A> [Microsoft Web 瀏覽器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD> [Schedule Class] {8B316DA1-9950-4926-B9EA-1AEC124AFA45} <C:\WINDOWS\system32\sscli.dll, > [] {958E3537-7E8D-4B4F-BF80-A39E6FEEF27B} <C:\WINDOWS\system32\Dgit.dll, N/A> [perfdp] {995FF616-7583-4D6B-9675-EED24EDC93BB} <C:\WINDOWS\system32\perfidp.dll, > [WinSC Class] {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A> [] {9C082F6C-91E4-4FC4-9280-186674ACCF83} <C:\WINDOWS\system32\Jkpl.dll, N/A> [Spoolsv Class] {9C363D55-07D7-433D-A13E-D9C105202F6F} <C:\WINDOWS\system32\drivers\spoolsv.dll, > [DDOC] {A64E86D2-203D-4145-AA9B-2425BAF568E9} <C:\WINDOWS\system32\henroer.dll, > [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation> [Macromedia. Flash8 Object] {C61A70F3-505E-4B90-916F-627A8706B4BC} <c:\WINDOWS\system32\FlashPlayer8OCX.dll, N/A> [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [QuickBtn] {D1BB7CF4-4463-4E91-88D7-ECC3CE0A13B7} <C:\Program Files\kuzhan\kuzhan.dll, Fengcent> [51響導] {D271A289-57EB-4D0E-9131-A0CD25D4D1F8} <C:\WINDOWS\system32\browsewmzero.dll, N/A> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [TT33定向搜索] {D940F380-49C7-4A05-9E33-53930AF5768F} <C:\WINDOWS\Temp\tbu1A\Toolbar.dll, N/A> [Windows ToyClass] {E3DB85B5-C559-4894-B474-42E89FAA1EFD} <C:\WINDOWS\system32\wlbs.dll, N/A> [Messenger Class] {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <, N/A> [BHelper Class] {F2E37336-BFDB-409B-8D0E-6F013C438B20} <C:\WINDOWS\system\019o8e11.dll, N/A> [XBTP01967 Class] {F3E19DD9-6D5B-4867-A057-1EFFFC62322E} <C:\WINDOWS\Temp\tbu1A\Toolbar.dll, N/A> [assist] {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll, Yahoo! China> [&使用迅雷下載] <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A> [&使用迅雷下載全部鏈接] <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A> [Google 搜索(&G)] <res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A> [上傳到QQ網路硬碟] <C:\Program Files\QQ2005\AddToNetDisk.htm, N/A> [使用影音傳送帶下載] <C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A> [使用影音傳送帶下載全部鏈接] <C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A> [反向鏈接] <res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html, N/A> [匯出到 Microsoft Office Excel(&X)] <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A> [新增到QQ自定義面板] <C:\Program Files\QQ2005\AddPanel.htm, N/A> [新增到QQ表情] <C:\Program Files\QQ2005\AddEmotion.htm, N/A> [新增到雅虎訂閱(&Y)] <res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT, N/A> [用QQ彩信發送該圖片] <C:\Program Files\QQ2005\SendMMS.htm, N/A> [用比特精靈下載(&B)] <F:\應用軟件\下載工具\比特精靈 v3.0.0.087 穩定版\azcx\BitSpirit\bsurl.htm, N/A> [用炫彩圖鈴發送該圖片] <C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm, N/A> [類似網頁] <res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html, N/A> [快取記憶體的網頁快照] <res://c:\program files\google\GoogleToolbar2.dll/cmcache.html, N/A> [翻譯英文字詞(&T)] <res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html, N/A> [雅虎搜索] <res://C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll/203, N/A> ================================== 正在运行的进程 [PID: 568][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 620][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 644][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 688][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 700][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 856][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 920][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [PID: 1060][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [PID: 1144][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1268][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1692][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [PID: 1828][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5, 1, 0, 48> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [PID: 1904][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [PID: 1920][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3427> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [PID: 1984][C:\Program Files\DeskMemo\Deskmemo.exe] <><1, 0, 0, 1> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [PID: 132][C:\WINDOWS\system32\SVOHOST.exe] <N/A><N/A> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020> [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [PID: 472][C:\WINDOWS\WINLOGON.EXE] <wa1vTRVHCVJwSh8Xf92t><0.00.0109> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [PID: 1180][C:\WINDOWS\system32\softbox.exe] <bcnet><1.00> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [PID: 1868][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\PROGRA~1\pcast\hbcast.dll] <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 8> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020> [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015> [PID: 332][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020> [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015> [PID: 1260][C:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\DOCUME~1\new\TEMPLA~1\ba3e3f5\1.dll] <千橡互联><3, 0, 2, 0> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [C:\DOCUME~1\new\TEMPLA~1\ba3e3f5\3.dll] <千橡互联><3, 0, 2, 8> [C:\DOCUME~1\new\TEMPLA~1\ba3e3f5\4.dll] <千橡互联><3, 0, 2, 8> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020> [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015> [PID: 588][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [c:\WINDOWS\system32\urlmons32.dll] <N/A><N/A> [PID: 612][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 592][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1544][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.8195> [PID: 1936][C:\Program Files\SystemInspect\SVCHAST.exe] <N/A><N/A> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21> [PID: 864][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)> [PID: 1552][C:\WINDOWS\system32\wscntfy.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [PID: 1640][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [PID: 3876][c:\windows\system32\inetsrv\csrss.exe] <Microsoft><1.0.0.0> [PID: 2772][C:\Program Files\ChinaNet\VnetClient.exe] <><2005, 11, 14, 1> [C:\Program Files\ChinaNet\Communicate.dll] <0><2005, 3, 3, 1> [C:\Program Files\ChinaNet\DialModule.dll] <GDCN><2006, 6, 26, 1> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1> [C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX] <><2005, 7, 27, 1> [C:\PROGRA~1\ChinaNet\sign.dll] <0><2004, 12, 1, 1> [C:\PROGRA~1\ChinaNet\WEBPLU~1.DLL] <><2005, 8, 18, 1> [C:\PROGRA~1\ChinaNet\PostPlug.dll] <><2004, 12, 16, 2> [C:\PROGRA~1\ChinaNet\ADVERT~1.OCX] <><2005, 10, 13, 1> [C:\PROGRA~1\ChinaNet\Gif89a.dll] <><2005, 6, 21, 1> [C:\PROGRA~1\ChinaNet\VnetBs.ocx] <><2004, 11, 18, 1> [C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL] <><2005, 11, 14, 1> [C:\PROGRA~1\ChinaNet\AccountMgr.dll] <><2005, 11, 14, 17> [C:\PROGRA~1\ChinaNet\VnetSkin.ocx] <GDDC><2005, 11, 14, 1> [C:\PROGRA~1\ChinaNet\DialogStyle.dll] <><1, 0, 0, 1> [C:\PROGRA~1\ChinaNet\Timer.ocx] <><2005, 10, 9, 14> [C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX] <><2005, 2, 24, 1> [C:\PROGRA~1\ChinaNet\NEWMES~1.DLL] <><2005, 8, 26, 1> [C:\PROGRA~1\ChinaNet\PassCtrl.dll] <><1, 0, 0, 1> [C:\PROGRA~1\ChinaNet\PlugPush.dll] <><2004, 12, 21, 1> [C:\PROGRA~1\ChinaNet\ALLINT~1.DLL] <><2004, 11, 23, 1> [C:\PROGRA~1\ChinaNet\VNetLog.ocx] <><2005, 10, 9, 1> [C:\PROGRA~1\ChinaNet\StatNum.dll] <><2004, 11, 18, 1> [C:\PROGRA~1\ChinaNet\VNETON~1.OCX] <><2005, 3, 2, 1> [C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL] <GDCN><2005, 11, 1, 17> [C:\PROGRA~1\ChinaNet\VnetOptLog.dll] <><2005, 9, 13, 9> [C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\PROGRA~1\ChinaNet\DlgSkin.ocx] <><2005, 11, 14, 1> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020> [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015> [PID: 3364][F:\网络浏览及播放器\网络及电视浏览器\Maxthon v1.1.090 增强版\azcx\Maxthon\Maxthon.exe] <MY Soft Technology><1, 1, 0, 90> [F:\网络浏览及播放器\网络及电视浏览器\Maxthon v1.1.090 增强版\azcx\Maxthon\zlib.dll] <N/A><N/A> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020> [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015> [F:\网络浏览及播放器\网络及电视浏览器\Maxthon v1.1.090 增强版\azcx\Maxthon\Plugin\FloatBar\FloatBar.dll] <><1, 8, 0, 0> [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [F:\网络浏览及播放器\网络及电视浏览器\Maxthon v1.1.090 增强版\azcx\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1> [C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [PID: 3424][C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe] <Yahoo! China><3, 0, 9, 1015> [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015> [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll] <yahoo! china><3, 3, 5, 1086> [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] <Yahoo! China><3, 0, 1, 1010> [C:\Program Files\Yahoo!\Assistant\yNotifier.dll] <yahoo! china><3, 0, 0, 1000> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [PID: 3580][C:\PROGRA~1\PPRich\MINIPP~1.EXE] <N/A><N/A> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [PID: 4040][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\xunleibho_v13.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 48> [C:\Program Files\TENCENT\Adplus\SSAddr.dll] <Tencent><4, 2, 4, 43> [C:\WINDOWS\System32\Agm.dll] <AdoBeSoft Co.><4, 4, 26, 1> [C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll] <Yahoo! China><3, 0, 4, 1006> [C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll] <yahoo! china><3, 0, 2, 1003> [C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll] <TODO: <公司名>><1.0.0.1> [C:\PROGRA~1\SYSTEM~1\SYSTEM~1.DLL] <N/A><N/A> [C:\PROGRA~1\pcast\hbcast.dll] <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 8> [c:\PROGRA~1\chinanet\VNETTR~1.DLL] <><2005, 4, 6, 1> [c:\PROGRA~1\chinanet\Communicate.dll] <0><2005, 3, 3, 1> [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1> [F:\应用软件\聊天软件\QQ2006BETA2SP1 双显IP版\azcx\Tencent\QQIEHelper.dll] <深圳市腾讯计算机系统有限公司><1, 1, 0, 5> [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] <yahoo! china><3, 0, 1, 1001> [C:\WINDOWS\system32\ssup.dll] <TENCENT><4, 2, 4, 43> [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2> [C:\WINDOWS\system32\sscli.dll] <><5, 0, 2195, 6696> [C:\WINDOWS\system32\Dgit.dll] <N/A><N/A> [C:\WINDOWS\system32\perfidp.dll] <><1, 0, 0, 1> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [C:\WINDOWS\system32\Jkpl.dll] <N/A><N/A> [C:\WINDOWS\system32\drivers\spoolsv.dll] <><1, 0, 1, 1> [C:\WINDOWS\system32\henroer.dll] <><1, 0, 0, 1> [c:\program files\google\googletoolbar2.dll] <Google Inc.><3, 0, 131, 0> [c:\WINDOWS\system32\FlashPlayer8OCX.dll] <N/A><N/A> [C:\Program Files\kuzhan\kuzhan.dll] <Fengcent><1, 0, 0, 2> [C:\WINDOWS\system\019o8e11.dll] <N/A><N/A> [C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll] <Yahoo! China><3, 0, 9, 1014> [C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll] <yahoo! china><3, 1, 2, 1057> [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ysearch.dll] <Yahoo! China><3, 0, 5, 1005> [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasnoad.dll] <yahoo! china><3, 0, 2, 1004> [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yzsNetProto.dll] <Yahoo! China><3, 0, 0, 1000> [C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll] <Yahoo! China><3, 0, 1, 1001> [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yaswiper.dll] <Yahoo! China><3, 0, 2, 1002> [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasiesec.dll] <Yahoo! China><3, 0, 3, 1003> [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YSETTI~1.DLL] <yahoo! china><3, 0, 5, 1010> [C:\Program Files\Yahoo!\Assistant\Assist\ymailp.dll] <Yahoo! China><3.0.0.1006> [C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21> [C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [c:\WINDOWS\system32\urlmons32.dll] <N/A><N/A> [PID: 3480][C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3> [PID: 4084][c:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Corporation Limited><3, 1, 0, 36> [c:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Corporation Limited><3, 0, 1, 5> [c:\program files\rising\rfw\rfwrule.dll] <Beijing Rising Technology Corporation Limited><3, 1, 0, 0> [c:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Corporation Limited><3, 1, 0, 2> [PID: 2936][F:\系统安全\System Repair Engineer\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020> [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0> [PID: 2216][C:\WINDOWS\Explorer.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <Yahoo! China><3, 0, 2, 1020> [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] <Yahoo! China><3, 0, 9, 1015> [C:\WINDOWS\system32\winscok.dll] <N/A><N/A> [C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21> 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== 對了,電腦出問題後跳出視窗原來也有,不過它把殺毒軟件關閉後就沒有了,今天我用服務把殺毒打開後就不斷跳出來,影響在電腦上進行的一切活動。 A: 1. 江民發佈「落雪」(GamePass)木馬專殺1.1 http://www.jiangmin.com/download/TrojanKiller.rar 由C.I.S.R.T. 幸福的獅子編寫的「落雪」木馬專殺工具 http://www.cisrt.org/avtools/MiscKiller.rar 2.再次執行 System Repair Engineer 在「啟動專案」->「註冊表」中刪除下面專案 <Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe> [] <rx><C:\WINDOWS\system32\explore.exe> [] <wow><C:\WINDOWS\system32\Launcher.exe> [] <zz><C:\WINDOWS\system32\intenet.exe> [] <Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe> [] <CnsMin><8V?> [] <Torjan Program><C:\WINDOWS\WINLOGON.EXE> [wa1vTRVHCVJwSh8Xf92t] <ToP><C:\WINDOWS\LSASS.exe> [] <softbox><C:\WINDOWS\system32\softbox.exe> [bcnet] <kokv><C:\WINDOWS\system32\019i8e1.exe> [] <Alexa><C:\WINDOWS\system32\qproecss.exe> [] <Ver><2006.07.20> [] <DelayRun><C:\WINDOWS\019d8e10.dll> [] 再次執行 System Repair Engineer 在"啟動專案->服務->"Win32服務應用程式"選中"隱藏微軟服務" 然後將下面名稱的服務 [Performance Moniter / MOBILL] [SVCHAST / SystemInspect] "修改啟動類型"->"disable"->"設置" "刪除服務"->"設置"->"否" (注意: 按"否"是確認刪除服務,按"是"為取消操作) 3.重啟電腦,顯示所有文件和資料夾(隱含及系統保護) 打開「我的電腦-->工具-->資料夾選項-->檢視 去掉下面選項前面的鉤 「隱藏受保護系統文件(推薦)」 「隱藏已知文件類型的延伸名」 選中顯示所有文件和資料夾-->儲存設置 刪除下面文件 Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe C:\WINDOWS\system32\explore.exe C:\WINDOWS\system32\Launcher.exe C:\WINDOWS\system32\intenet.exe C:\WINDOWS\WINLOGON.EXE C:\WINDOWS\LSASS.exe C:\WINDOWS\system32\softbox.ex C:\WINDOWS\system32\019i8e1.exe C:\WINDOWS\system32\qproecss.exe C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL C:\Program Files\SystemInspect\SVCHAST.exe C:\WINDOWS\019d8e10.dll C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5025.dll 4.下載Dr.Web CureIT! 免費掃瞄器,包含最新病毒庫,可以檢測清除病毒、木馬、後門、流氓惡意軟件,不和已裝殺毒軟件衝突 直接下載位址: ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe 自解壓格式,下載後直接執行cureit.exe,或者滑鼠右鍵,解壓到目標資料夾,然後執行該資料夾裡面的「_start.exe」殺毒 先按「確定」進行「Start Express Scan」快速殺毒,先會自動掃瞄記憶體工作行程和啟動項,等快速掃瞄結束後,再用滑鼠左鍵選中硬碟分區的圖示,被選中的分區上會出現紅點標記,再次殺毒.Dr.Web界面左下角的5個按鍵分別是"全選" "清除" "重命名" "隔離" "刪除".可以先把殺毒報告發上來等待確認後再進行操作,或者Select all(全選) Cure ->Move incurable(將清除失敗的文件移動到隔離區) 最後把殺毒報告發上來,從"我的電腦"打開 %USERPROFILE%\DoctorWeb\ 打開下面文件CureIt.log複製其中內容到帖子裡 Dr.Web 使用圖解 Q: 已經按照以上執行,不過在執行「刪除下面文件」的過程中出現下面問題: Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe(成功刪除) C:\WINDOWS\system32\explore.exe「沒有找到文件」 C:\WINDOWS\system32\Launcher.exe「沒有找到文件」 C:\WINDOWS\system32\intenet.exe「沒有找到文件」 C:\WINDOWS\WINLOGON.EXE「沒有找到文件」 C:\WINDOWS\LSASS.exe「沒有找到文件」 C:\WINDOWS\system32\softbox.ex(成功刪除) C:\WINDOWS\system32\019i8e1.exe「沒有找到文件」 C:\WINDOWS\system32\qproecss.exe(刪除後3秒又出現) C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL「沒有找到文件」 C:\Program Files\SystemInspect\SVCHAST.exe「沒有找到文件」 C:\WINDOWS\019d8e10.dll「沒有找到文件」 C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5025.dll「沒有找到文件」 最後結果:沒有解決任何問題,暈死了 對了,在安全模式下殺出22種381個病毒,不過今天殺明天又出來. A: ><C:\WINDOWS\system32\019i8e1.exe> [] 這個文件肯定是病毒,你在帶命令提示字元的安全模式下,把系統受保護的文件都打開,或者查找,刪除掉~ Q: 可我找不到這個文件呀,為什麼?C:\WINDOWS\system32\019i8e1.exe> [] A: 顯示所有文件和資料夾(隱含及系統保護) 了嗎? 把Dr.Web的殺毒報告發上來 |
Q:
求助】先是報錯user.dll文件丟失~~後來有朋友說是中毒了~~~特來求救~~謝謝了~~ 開機後就出現了這個提示,系統還算能正常執行~~ 可是打開QQ交談視窗的時候出現了這個提示~~ 為什麼會這樣~?~?應該如何解決呢~?~?~ 向壇友求助~~~謝謝大家啦~~~ 附上 hijackthis的掃瞄文檔 Logfile of HijackThis v1.99.1 Scan saved at 11:52:43, on 2006-9-21 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe C:\Program Files\MSI\Core Center\CoreCenter.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe F:\download\ACDSee\ACDSee.exe E:\系統工具\檢測系統工具\HijackThis\HijackThis.exe O1 - Hosts: 125.91.1.20 localhost O1 - Hosts: 125.91.1.20 www.7939.com O1 - Hosts: 125.91.1.20 www.hao123.com O1 - Hosts: 125.91.1.20 www.9991.com O1 - Hosts: 125.91.1.20 www.5566.net O1 - Hosts: 125.91.1.20 www.gjj.cc O1 - Hosts: 125.91.1.20 www.265.com O1 - Hosts: 125.91.1.20 www.v111.com O2 - BHO: (no name) - {4BBC1A4D-DD20-4980-A645-2E13F6FC286D} - C:\WINDOWS\system32\3721.1.dll (file missing) O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\QQ\QQIEHelper.dll O2 - BHO: 超級兔子上網精靈 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - D:\PROGRA~1\MagicSet\haokanbar.dll O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX O3 - Toolbar: 超級兔子上網精靈 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - D:\PROGRA~1\MagicSet\haokanbar.dll O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] ; nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] ; RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE QQ-EYE PC Camera O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [rundll] rundll32 user.dll s O4 - HKLM\..\Run: [Super Rabbit SRRestore] D:\Program Files\MagicSet\srrest.exe /autosave O4 - HKCU\..\Run: [bgswitch] ; C:\WINDOWS\system32\bgswitch.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: 卡巴斯基駭客防護程式.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe O8 - Extra context menu item: &使用迅雷下載 - D:\Program Files\Thunder\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下載全部鏈接 - D:\Program Files\Thunder\Program\GetAllUrl.htm O8 - Extra context menu item: 上傳到QQ網路硬碟 - D:\Program Files\QQ\AddToNetDisk.htm O8 - Extra context menu item: 匯出到 Microsoft Office Excel(&X) - res://E:\OFFICE~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 新增到QQ自定義面板 - D:\Program Files\QQ\AddPanel.htm O8 - Extra context menu item: 新增到QQ表情 - D:\Program Files\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信發送該圖片 - D:\Program Files\QQ\SendMMS.htm O9 - Extra button: 浩方對戰平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\浩方對戰平台\GameClient.exe (file missing) O9 - Extra button: 番茄花園 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing) O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQ炫彩工具條設置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ\QQIEHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {045ADB92-9635-45CE-B25B-F19F825B0E39} (MSTPlayerInstaller Control) - http://www.aim99.com/QHPlayer/chs/MS...rInstaller.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{0DC1D374-01B7-44F6-B834-4A990F5BBE42}: NameServer = 202.100.192.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{0DC1D374-01B7-44F6-B834-4A990F5BBE42}: NameServer = 202.100.192.68 O17 - HKLM\System\CS2\Services\Tcpip\..\{0DC1D374-01B7-44F6-B834-4A990F5BBE42}: NameServer = 202.100.192.68 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: host Service For Windows (mshost) - Unknown owner - C:\WINDOWS\mshost.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe 再附上SREng2的掃瞄~~~ 2006-09-21,12:10:16 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <bgswitch><; C:\WINDOWS\system32\bgswitch.exe> [] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation] <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation] <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation] <nwiz><; nwiz.exe /install> [] <NvMediaCenter><; RunDLL32.exe NvMCTray.dll,NvTaskbarInit> [NVIDIA Corporation] <SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.] <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] <KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize> [Kaspersky Lab] <BigDogPath><C:\WINDOWS\VM_STI.EXE QQ-EYE PC Camera> [] <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [] <rundll><rundll32 user.dll s> [] <Super Rabbit SRRestore><D:\Program Files\MagicSet\srrest.exe /autosave> [Super Rabbit Soft] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{7AED4686-F3AB-44EC-A118-D70ADF6CCE21}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat> [] ================================== 啟動資料夾 [卡巴斯基駭客防護程式] <C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\卡巴斯基駭客防護程式.lnk><N> [CoreCenter] <C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\CoreCenter.lnk><N> ================================== 服務 [Crypkey License / Crypkey License] <crypserv.exe><Kenonic Controls Ltd.> [kavsvc / kavsvc] <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab> [host Service For Windows / mshost] <C:\WINDOWS\mshost.exe><N/A> [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> ================================== 瀏覽器載入項 [] {4BBC1A4D-DD20-4980-A645-2E13F6FC286D} <C:\WINDOWS\system32\3721.1.dll, N/A> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [超級兔子上網精靈] {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\PROGRA~1\MagicSet\haokanbar.dll, Xiang Feng Technology> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD> [] {A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX, N/A> [浩方對戰平台] {0A155D3C-68E2-4215-A47A-E800A446447A} <C:\Program Files\浩方對戰平台\GameClient.exe, N/A> [番茄花園] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [超級兔子上網精靈] {43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\PROGRA~1\MagicSet\haokanbar.dll, Xiang Feng Technology> [MSTPlayerInstaller Control] {045ADB92-9635-45CE-B25B-F19F825B0E39} <C:\WINDOWS\DOWNLO~1\MSTPLA~1.OCX, Liztech Co., Ltd> [ActiveMovieControl Object] {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [超級兔子上網精靈] {43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\PROGRA~1\MagicSet\haokanbar.dll, Xiang Feng Technology> [] {4BBC1A4D-DD20-4980-A645-2E13F6FC286D} <C:\WINDOWS\system32\3721.1.dll, N/A> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [超級兔子上網精靈] {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\PROGRA~1\MagicSet\haokanbar.dll, Xiang Feng Technology> [Microsoft Web 瀏覽器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD> [] {A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX, N/A> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.> [&使用迅雷下載] <D:\Program Files\Thunder\Program\GetUrl.htm, N/A> [&使用迅雷下載全部鏈接] <D:\Program Files\Thunder\Program\GetAllUrl.htm, N/A> [上傳到QQ網路硬碟] <D:\Program Files\QQ\AddToNetDisk.htm, N/A> [匯出到 Microsoft Office Excel(&X)] <res://E:\OFFICE~1\OFFICE11\EXCEL.EXE/3000, N/A> [新增到QQ自定義面板] <D:\Program Files\QQ\AddPanel.htm, N/A> [新增到QQ表情] <D:\Program Files\QQ\AddEmotion.htm, N/A> [用QQ彩信發送該圖片] <D:\Program Files\QQ\SendMMS.htm, N/A> ================================== 正在執行的工作行程 [PID: 636][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 696][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 720][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 764][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 776][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 940][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1004][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1104][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1144][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1212][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1460][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp.050610-1527)> [PID: 1688][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A> [C:\WINDOWS\system32\mp3infp.dll] <win32lab.com><2.52.6.0> [C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.9133> [C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.9133> [C:\WINDOWS\system32\nvshell.dll] <N/A><N/A> [D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1> [F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX] <N/A><N/A> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.227.1> [PID: 1776][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5, 1, 0, 52> [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A> [PID: 1784][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3512> [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A> [PID: 1804][C:\WINDOWS\VM_STI.EXE] <VM.><4.2.610.4> [C:\WINDOWS\system32\msdmo.dll] <N/A><N/A> [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A> [PID: 1852][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A> [PID: 1864][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe] <Kaspersky Labs><1.7.0.130> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\BCGCB59.dll] <BCGSoft Ltd><5, 84, 0, 0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\perfiloc.dll] <Kaspersky Labs><1.5.0.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\BCGCBRes.dll] <BCGSoft Ltd><5, 84, 0, 0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\wcswmi.dll] <Kaspersky Labs><5.0.201.1> [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A> [E:\系統工具\SPX\engine.dll] <N/A><N/A> [PID: 1876][C:\Program Files\MSI\Core Center\CoreCenter.exe] <><1, 6, 6, 0> [C:\Program Files\MSI\Core Center\GLM7X.dll] <MICRO-STAR INT'L CO., LTD.><3, 0, 0, 0> [C:\Program Files\MSI\Core Center\RushTop.dll] <N/A><N/A> [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A> [PID: 1948][C:\WINDOWS\system32\crypserv.exe] <Kenonic Controls Ltd.><5.4.0> [PID: 2028][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.9133> [PID: 1360][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 2520][C:\WINDOWS\system32\taskmgr.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A> [PID: 3352][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 3528][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [D:\PROGRA~1\MagicSet\haokanbar.dll] <Xiang Feng Technology><2, 2, 0, 1612> [D:\Program Files\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5> [D:\Program Files\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1> [F:\酷狗\KUGOOV~1.216\KUGOO3~1.OCX] <N/A><N/A> [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.227.342> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.227.3> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.227.0> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.227.0> [C:\WINDOWS\system32\UNISPIM5.IME] <北京紫光華宇軟件股份有限公司><5.0.0.5076> [C:\WINDOWS\system32\mp3infp.dll] <win32lab.com><2.52.6.0> [PID: 4064][F:\download\千千靜聽\TTPlayer.exe] <Alen Soft><4, 6, 8, 0> [F:\download\千千靜聽\ttpcomm.dll] <N/A><N/A> [F:\download\千千靜聽\ttpres.dll] <Alen Soft><4, 6, 8, 0> [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A> [PID: 2428][E:\系統工具\檢測系統工具\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat] <N/A><N/A> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: O1 - Hosts: 125.91.1.20 www.7939.com O1 - Hosts: 125.91.1.20 www.hao123.com O1 - Hosts: 125.91.1.20 www.9991.com O1 - Hosts: 125.91.1.20 www.5566.net O1 - Hosts: 125.91.1.20 www.gjj.cc O1 - Hosts: 125.91.1.20 www.265.com O1 - Hosts: 125.91.1.20 www.v111.com O16 - DPF: {045ADB92-9635-45CE-B25B-F19F825B0E39} (MSTPlayerInstaller Control) - http://www.aim99.com/QHPlayer/chs/MSTPlayerInstaller.ocx 清除以上條目 交談視窗的解決:點開始--執行-輸入Msconfig-點確定--啟動項裡留輸入法和殺毒軟件就行了。 Q: 謝謝這位朋友~~~~ 我已經用hijackthis修復這些了~~~~~ 你說的啟動項,我有這些啟動項: 除了我知道的殺軟、CPU溫度監控軟件、超級兔子的備份程式還有一個音效卡管理程式我都要關閉嗎~??~ A: 關閉所有應用程式和瀏覽器視窗,執行HijackThis,在主界面中需要修復/刪除的專案前面的正方形裡用滑鼠點擊打勾,接著按下「修復選項/Fix Checked」按鍵。會有一個安全提示,點擊「Yes」讓它繼續 O1 - Hosts: 125.91.1.20 localhost O1 - Hosts: 125.91.1.20 www.7939.com O1 - Hosts: 125.91.1.20 www.hao123.com O1 - Hosts: 125.91.1.20 www.9991.com O1 - Hosts: 125.91.1.20 www.5566.net O1 - Hosts: 125.91.1.20 www.gjj.cc O1 - Hosts: 125.91.1.20 www.265.com O1 - Hosts: 125.91.1.20 www.v111.com O2 - BHO: (no name) - {4BBC1A4D-DD20-4980-A645-2E13F6FC286D} - C:\WINDOWS\system32\3721.1.dll (file missing) O4 - HKLM\..\Run: [rundll] rundll32 user.dll s 再次執行 System Repair Engineer 在「啟動專案」->「註冊表」中刪除下面專案 <{7AED4686-F3AB-44EC-A118-D70ADF6CCE21}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat> [] 重啟電腦,顯示所有文件和資料夾(隱含及系統保護) 打開「我的電腦-->工具-->資料夾選項-->檢視 去掉下面選項前面的鉤 「隱藏受保護系統文件(推薦)」 「隱藏已知文件類型的延伸名」 選中顯示所有文件和資料夾-->儲存設置 刪除下面文件 C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Dat 就用 System Repair Engineer 清一下註冊表~ A: |
所有時間均為台北時間。現在的時間是 02:10 AM。 |
Powered by vBulletin® 版本 3.6.8
版權所有 ©2000 - 2024, Jelsoft Enterprises Ltd.
『服務條款』
* 有問題不知道該怎麼解決嗎?請聯絡本站的系統管理員 *