史萊姆論壇

返回   史萊姆論壇 > 教學文件資料庫 > 作業系統操作技術文件
忘記密碼?
註冊帳號 論壇說明 標記討論區已讀

歡迎您來到『史萊姆論壇』 ^___^

您目前正以訪客的身份瀏覽本論壇,訪客所擁有的權限將受到限制,您可以瀏覽本論壇大部份的版區與文章,但您將無法參與任何討論或是使用私人訊息與其他會員交流。若您希望擁有完整的使用權限,請註冊成為我們的一份子,註冊的程序十分簡單、快速,而且最重要的是--註冊是完全免費的!

請點擊這裡:『註冊成為我們的一份子!』

Google 提供的廣告


 
 
主題工具 顯示模式
舊 2006-06-15, 01:24 PM   #1
psac
榮譽會員
 
psac 的頭像
榮譽勳章
UID - 3662
在線等級: 級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時
註冊日期: 2002-12-07
住址: 木柵市立動物園
文章: 17381
現金: 5253 金幣
資產: 33853 金幣
預設 系統 - SREng常用操作說明 (2.0 RC2)

SREng常用操作說明 (2.0 RC2)

編輯、刪除、註釋註冊表啟動項

打開 SREng ,到「啟動專案」->「註冊表」,這裡顯示了註冊表裡大部分啟動項訊息,除了常說的run等啟動項外,2.0 RC2新增加了對 ShellServiceObjectDelayLoad 、 SharedTaskScheduler 、 ShellExecuteHooks 、 WinlogonNotify 的檢測,只是對 ShellServiceObjectDelayLoad 、 SharedTaskScheduler 、 ShellExecuteHooks 三類只能進行刪除操作,不能編輯。

SREng 2.0 RC2 還增加了顏色標識,紅色表示高危專案,藍色表示未知安全狀態專案。


編輯註冊表啟動項

點擊選擇一個需要編輯的註冊表啟動專案,然後點擊「編輯」按鈕就會出現編輯交談視窗,可以對「名字」和「值」進行修改編輯。
雙擊一個註冊表啟動專案也可以打開編輯交談視窗。
http://www.simkz.com/antivirus/rescue/tools/images/s2rc201.gif

http://www.simkz.com/antivirus/rescue/tools/images/s2rc201.gif

刪除註冊表啟動項

要刪除一個註冊表啟動項,點擊選擇一個需要刪除的註冊表啟動專案,然後點擊「刪除」按鈕,出現刪除確認交談視窗,點擊是刪除,點擊否取消。

http://www.simkz.com/antivirus/rescue/tools/images/s2rc202.gif


註釋註冊表啟動項

每個註冊表啟動項前都有一個小勾,點擊去掉小勾就「註釋」了那個啟動項,對應值資料前會出現一個「;」好,表示已註釋專案,和在msconfig系統配置實用程式裡一樣,被註釋掉的啟動項將不起作用。

註:對於 ShellServiceObjectDelayLoad 、 SharedTaskScheduler 、 ShellExecuteHooks 三類,不能進行編輯和註釋操作,只可以進行刪除操作。
__________________
http://bbsimg.qianlong.com/upload/01/08/29/68/1082968_1136014649812.gif
psac 目前離線  
送花文章: 3, 收花文章: 1625 篇, 收花: 3196 次
舊 2006-06-15, 01:26 PM   #2 (permalink)
榮譽會員
 
psac 的頭像
榮譽勳章
UID - 3662
在線等級: 級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時
註冊日期: 2002-12-07
住址: 木柵市立動物園
文章: 17381
現金: 5253 金幣
資產: 33853 金幣
預設

調整服務啟動類型、刪除服務

SREng 2.0 RC2 增加了對系統驅動程式服務的掃瞄,打開 SREng ,到「啟動專案」->「服務」可以看到「Win32應用程式服務」和「驅動程式」兩個按鈕,按下相應按鈕彈出相應服務列表視窗(是可以最大化的視窗哦)。
http://www.simkz.com/antivirus/rescue/tools/images/s2rc203.gif


一般情況下,我們經常操作的是「Win32應用程式服務」。

註:勾選「隱藏微軟服務」將隱藏發行者是微軟的服務,使服務列表看起來更加整潔,也可以減少誤操作系統服務的概率。


調整服務啟動類型

首先在列表中點擊選擇一個需要調整啟動類型的服務,然後點選「修改啟動類型」,再到「啟動類型」下拉列表裡選擇需要調整到的啟動類型:「Auto Start」、「Manual Start」或「Disabled」,最後點擊「設置」按鈕,出現確認交談視窗,點擊是確認,點擊否取消。

「Auto Start」表示「自動」
「Manual Start」表示「手動」
「Disabled」表示「已禁用」


http://www.simkz.com/antivirus/rescue/tools/images/s2rc204.gif

刪除服務

首先在列表中點擊選擇一個需要刪除的服務,然後點選「刪除服務」,再點擊「設置」按鈕,出現警告交談視窗,請仔細閱讀警告交談視窗中的內容,確認是否繼續刪除服務的操作,點擊是取消,點擊否確認刪除。


http://www.simkz.com/antivirus/rescue/tools/images/s2rc205.gif

「驅動程式」服務的相關操作基本和「Win32應用程式服務」的操作相同,不同之處是「驅動程式」的「啟動類型」裡還有「Boot Start」和「System Start」兩種啟動類型。

註:在服務列表裡 SREng 2.0 RC2 也增加了顏色標識,紅色表示高危專案,藍色表示未知安全狀態專案。
psac 目前離線  
送花文章: 3, 收花文章: 1625 篇, 收花: 3196 次
舊 2006-06-15, 01:29 PM   #3 (permalink)
榮譽會員
 
psac 的頭像
榮譽勳章
UID - 3662
在線等級: 級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時
註冊日期: 2002-12-07
住址: 木柵市立動物園
文章: 17381
現金: 5253 金幣
資產: 33853 金幣
預設

系統修復

文件關聯修復

SREng 會自動判斷所列文件關聯是否正常,如果不正常會在「狀態」列顯示「錯誤」字樣並自動勾選,點擊「修復」按鈕即可修復。

http://www.simkz.com/antivirus/rescue/tools/images/s2rc206.gif


Windows Shell修復

這裡列出了一些常見的系統限制專案,勾選需要修復的專案,點擊「修復」按鈕進行修復。
圖中舉例:修復註冊表編輯器的禁用 和 任務管理器的禁用。

http://www.simkz.com/antivirus/rescue/tools/images/s2rc207.gif

Internet Explorer修復

這裡列出了常見的一些和IE相關的限制專案,勾選需要修復的專案,點擊「修復」按鈕進行修復。
圖中舉例:恢復IE主頁為「空白頁」 和 修復Internet選項交談視窗內容設置的禁用。


http://www.simkz.com/antivirus/rescue/tools/images/s2rc208.gif

瀏覽器載入項修復

選擇一個需要刪除的瀏覽器載入項,點擊「刪除所選內容」可以刪除對應的瀏覽器載入項,在出現的確認交談視窗中,點擊是確認刪除,點擊否取消操作。

http://www.simkz.com/antivirus/rescue/tools/images/s2rc209.gif
註:選擇一個瀏覽器載入項,去掉「已啟用」的勾選可以禁用該瀏覽器載入項。


自動修復

預定為「推薦修復級別」,修復所有已知Windows註冊表相關錯誤,點擊「修復」按鈕進行修復。
另一個級別是「高強修復級別」,將刪除系統內所有策略項。


http://www.simkz.com/antivirus/rescue/tools/images/s2rc210.gif
psac 目前離線  
送花文章: 3, 收花文章: 1625 篇, 收花: 3196 次
舊 2006-06-15, 01:30 PM   #4 (permalink)
榮譽會員
 
psac 的頭像
榮譽勳章
UID - 3662
在線等級: 級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時
註冊日期: 2002-12-07
住址: 木柵市立動物園
文章: 17381
現金: 5253 金幣
資產: 33853 金幣
預設

智慧式掃瞄

在右邊的視窗內勾選需要掃瞄的內容,點擊「掃瞄」按鈕開始掃瞄……
掃瞄完成後出現「詳細報告」交談視窗,顯示了掃瞄結果報告內容,點擊「儲存報告」可以儲存掃瞄報告為LOG文件,預定文件名SREngLOG.LOG。
http://www.simkz.com/antivirus/rescue/tools/images/s2rc211.gif
http://www.simkz.com/antivirus/rescue/tools/images/s2rc211.gif
psac 目前離線  
送花文章: 3, 收花文章: 1625 篇, 收花: 3196 次
舊 2006-06-15, 01:31 PM   #5 (permalink)
榮譽會員
 
psac 的頭像
榮譽勳章
UID - 3662
在線等級: 級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時
註冊日期: 2002-12-07
住址: 木柵市立動物園
文章: 17381
現金: 5253 金幣
資產: 33853 金幣
預設

更多說明可見 System Repair Engineer(SREng) 作者 Smallfrogs 主頁:http://www.kztechs.com/

System Repair Engineer(SREng)2.0 RC2 線上用戶手冊:http://www.kztechs.com/sreng/help2/
System Repair Engineer (SREng) 2.0 RC2 正式發佈
System Repair Engineer (SREng) 2.0 RC2 正式發佈
http://www.kztechs.com/

  System Repair Engineer (SREng) 是一款系統診斷配置工具,主要用於發現、發掘潛在的電腦故障和大多數由於電腦病毒造成的破壞。該軟件是由 KZTechs.COM 網站站長 Smallfrogs 開發的,能夠執行在所有主流的 Windows 操作系統上。目前用戶量已經超過30萬人次。
  System Repair Engineer (SREng) 2.0 RC2 在以往版本的基礎上,重點增強了危險性檢測和擴展功能,提供了一套全新的系統掃瞄、配置功能,並提供了對第三方插件支持。System Repair Engineer (SREng) 2.0 RC2 版本裡面,增加了對 X64 操作系統的支持能力, 32bit 版本的 System Repair Engineer (SREng) 2.0 RC2 已經能夠很好的檢查 Windows XP Professional X64 操作系統上可能存在的問題,而專用的 64bit 版本的 System Repair Engineer (SREng) 也會在近期發佈。
  在 System Repair Engineer (SREng) 的幫助下,您可以自己診斷您操作系統可能存在的普遍性問題,即使您是電腦的初學者,您也可以使用 System Repair Engineer (SREng) 的智慧式掃瞄功能將您系統的概況產生一份簡要的日誌,然後將該日誌傳送給對操作系統熟悉的朋友或網友,在他們的幫助下解決您系統可能存在的問題。

System Repair Engineer 2.0.21.505 發行說明
-------------------------------------------------------
1. 提供插件支持功能,允許用戶自己編寫插件
2. 提供X64平台支持
3. 強化工作行程、服務枚舉檢查功能
4. 增加一些註冊表啟動項自動檢測
5. 提供全新的服務、驅動配置界面
6. 整合 Services/Drivers Configuration Tool 全部功能
7. 增加啟動項、服務簡易判斷規則,當發現可疑內容時會以顏色高亮顯示(紅色表示高危專案,藍色表示未知安全狀態專案)
8. 增加參數支持,可以使用 SREng.EXE /? 察看參數支持列表
9. 內置程式內部檢測除錯日誌產生功能
10. 增加消息提示抑制功能,可以通過設置選項抑制某些提示訊息
11. 修正一些BUG
12. 其他數十項改進


軟件下載:http://www.KZTechs.com/sreng/sreng2.zip
發行說明:http://www.kztechs.com/sreng/ReleaseNotes2.htm
線上手冊:http://www.kztechs.com/sreng/help2/


引用:
關於著色功能的說明:
雖然這部分在幫助裡面寫了,但是這裡再說明一下:

System Repair Engineer (SREng) 2.0 RC2 版本加入了可疑文件判定規則,當發現一個文件具有可疑特徵時,會進入可疑文件判定過程。可疑文件判定過程的判定結果目前有兩種:高危程式和未知安全等級程式。
高危程式:會以紅色顯示出來
未知安全等級程式:會以藍色顯示出來

驅動部分出現藍色是很正常的,不必介意。

* 如果碰到紅色專案,建議的操作先禁用,然後將對應的文件提交反病毒軟件廠商進行分析識別,確定是不是電腦病毒或惡意程式。
* 如果是藍色專案,建議的操作是將對應的文件提交反病毒軟件廠商進行分析識別,確定是不是電腦病毒或惡意程式。
* 該判定規則首先在註冊表啟動項、Win32服務、驅動程式裡面使用。

ENglish的操作系統 SREng如何顯示成CHS界面 選項裡頭預定語言就是CHS 但是顯示的界面還是EN的

我用AppLocale轉,繁體中文系統顯簡體沒問題,不用AppLocale顯示英文.
psac 目前離線  
送花文章: 3, 收花文章: 1625 篇, 收花: 3196 次
舊 2006-06-18, 04:52 PM   #6 (permalink)
榮譽會員
 
psac 的頭像
榮譽勳章
UID - 3662
在線等級: 級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時
註冊日期: 2002-12-07
住址: 木柵市立動物園
文章: 17381
現金: 5253 金幣
資產: 33853 金幣
預設

Q:
每打開個程式就彈出個DOS視窗

今天剛開機,就彈出幾個DOS視窗

標題為C:\windows\internet.exe

一看到這個標題我就知道是中毒了,因為XP系統是沒有這個程式的

果然,在系統目錄下發現了這個文件,同時打開任何程式都會彈出一個DOS視窗

進入安全模式,刪除internet.exe,提示無法刪除.另外有程式在使用.

接著我就在安全模式下用瑞星,木馬剋星,木馬防線掃瞄了一次

都無法清除這個病毒

在此請教各位高手,有什麼辦法可以刪除這個病毒?




A:
你試過在安全模式下刪除這個文件嗎?



Q:


有啊
不過提示說有另外的程式在使用
無發刪除



A:



請使用此貼的附件工具SYSTEM REPAIR ENGINEER軟件,解壓後執行使用裡面的智慧式掃瞄功能掃瞄系統,再將掃瞄結果以回復內容的形式貼上來以便分析問題。請不要在對分析結果作出建議前進行任何修復操作。


Q:
System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><rem "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<anvshell><rem anvshell.exe> []
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<C-Media Mixer><Mixer.exe /startup> [C-Media Electronic Inc. (www.cmedia.com.tw)]
<IMSCMig><rem C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<DAEMON Tools><rem "c:\DAEMON Tools\daemon.exe" -lang 1033> []
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> []
<MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<PigUpdate><; C:\Program Files\密码查看器\DownLoadPig.exe> []
<StormCodec_Helper><; "C:\Storm Codec\StormSet.exe" /S /opti> []
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]

==================================
启动文件夹
服务
[Security Driver NetBT Proxy / nbproxy]
<C:\Permeo\Security Driver\nbproxy.exe /service><Permeo Technologies, Inc.>
[Rising Proxy Service / RfwProxySrv]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SecuROM User Access Service (V7) / UserAccess7]
<C:\WINDOWS\system32\UAService7.exe><N/A>

==================================
浏览器加载项
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, >
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\KuGoo3\KuGoo3DownXControl.ocx, N/A>
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <D:\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[MonitorURL Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[TeachingPlayerTrigger Class]
{2902F471-A89E-4BE0-A093-A2DB06772FE1} <C:\WINDOWS\system32\TPTrigger.dll, 江苏科建教育软件有限责任公司>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[IEHandle Class]
{31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\WINDOWS\system32\TPHANDLE.dll, 江苏科建教育软件有限责任公司>
[Yahoo!Photo]
{33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.>
[NaviHelperObj Class]
{3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINDOWS\system32\NaviHelper.dll, TODO: <公司名>>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Yahoo!Live]
{57421194-58FB-49AE-9B4F-FD48869B9AD4} <C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll, >
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, >
[MMSAssist BHO]
{6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\KuGoo3\KuGoo3DownXControl.ocx, N/A>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Messenger Object]
{B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[OWSClientMiscApis Class]
{BDEADE3F-C265-11D0-BCED-00A0C90AB50F} <C:\MICROS~1\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
[OWSBrowserUI Class]
{BDEADE43-C265-11D0-BCED-00A0C90AB50F} <C:\MICROS~1\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
[OWSDiscussionServers Class]
{BDEADEB7-C265-11D0-BCED-00A0C90AB50F} <C:\MICROS~1\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo!>
[&使用迅雷下载]
<C:\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Thunder\getallurl.htm, N/A>
[上传到QQ网络硬盘]
<E:\qq\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
<D:\KuGoo3\KuGoo3DownX.htm, N/A>
[添加到QQ自定义面板]
<E:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<E:\qq\SendMMS.htm, N/A>
[百度--MP3搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM, N/A>
[百度--图片搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM, N/A>
[百度--新闻搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM, N/A>
[百度--歌词搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM, N/A>
[百度--网页搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM, N/A>
[百度--词典搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM, N/A>
[百度--贴吧搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM, N/A>

==================================
正在运行的进程
[PID: 716][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 800][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 824][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 872][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 884][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1036][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1116][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0>
[PID: 1200][C:\Program Files\Rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1220][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0>
[PID: 1256][C:\Permeo\Security Driver\nbproxy.exe] <Permeo Technologies, Inc.><1.0>
[PID: 1308][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1424][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1440][C:\Program Files\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 22>
[C:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[C:\Program Files\Rising\Rav\HOOKSYS.dll] <Rising><18, 1, 0, 9>
[C:\Program Files\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
[C:\Program Files\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\Program Files\Rising\Rav\HookWeb.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[C:\Program Files\Rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[C:\Program Files\Rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\Rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6>
[C:\Program Files\Rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
[C:\Program Files\Rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[C:\Program Files\Rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\Rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\Rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 15>
[C:\Program Files\Rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\Program Files\Rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\Program Files\Rising\Rav\ScanNet.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\Rising\Rav\ExtMail.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\Program Files\Rising\Rav\ScanElf.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1540][c:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 32>
[c:\program files\rising\rfw\RfwRule.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
[c:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
[c:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
[c:\program files\rising\rfw\MonDrv.dll] <rs><1, 0, 0, 4>
[c:\program files\rising\rfw\ProcLib.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[PID: 1696][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0>
[PID: 1788][C:\Program Files\Rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 332][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] <Microsoft Corporation><7.00.9466>
[PID: 356][C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe] <Microsoft Corporation><8.00.194>
[C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0>
[PID: 444][C:\WINDOWS\system32\UAService7.exe] <N/A><N/A>
[PID: 1068][C:\Program Files\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[PID: 1172][C:\WINDOWS\Mixer.exe] <C-Media Electronic Inc. (www.cmedia.com.tw)><1.51>
[C:\WINDOWS\System32\cmnprop.dll] <C-Media Corporation><5.00.2195.11>
[PID: 1356][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2316][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1364][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2024][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 428][C:\WINDOWS\explorer.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[C:\PROGRA~1\baidu\bar\baidubar.dll] <Baidu.com, Inc.><2, 0, 2, 76>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll] <N/A><1, 0, 1, 1014>
[C:\WINDOWS\system32\CmdLineExt.dll] <><1, 0, 0, 1>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll] <Yahoo! China><1, 1, 2, 1034>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll] <Yahoo!><2, 1, 5, 1045>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] <><1, 2, 7, 1006>
[D:\KuGoo3\KuGoo3DownXControl.ocx] <N/A><N/A>
[PID: 2820][C:\WINDOWS\system32\mmc.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 3112][D:\Program Files\Maxthon\Maxthon.exe] <Maxthon International Ltd.><1, 5, 3, 18>
[D:\Program Files\Maxthon\maxzlib.dll] < ><1, 0, 0, 2>
[C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0>
[D:\Program Files\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1924][D:\IPMsg\ipmsg.exe] <Azhi.net><2.05>
[C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0>
[PID: 1876][C:\Documents and Settings\ch\桌面\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\Permeo\Security Driver\s5spi.dll] <Permeo Technologies Inc.><4, 2, 0, 0>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE Error. [C:\WINDOWS\system32\Rundll.exe "%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. [Compiled Help Module]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================


A:
<PigUpdate><; C:\Program Files\密碼檢視器\DownLoadPig.exe> []
似乎是網路豬,建議刪除它的開機啟動


用SRENG軟件的修復功能,修復EXE文件關聯。然後刪除C:\WINDOWS\system32\Rundll.exe和internet.exe(可以用置頂的killbox工具)。建議你按修改/創建時間尋找硬碟上其他和這個Rundll.exe相同時間的EXE文件.
psac 目前離線  
送花文章: 3, 收花文章: 1625 篇, 收花: 3196 次
舊 2006-06-18, 04:57 PM   #7 (permalink)
榮譽會員
 
psac 的頭像
榮譽勳章
UID - 3662
在線等級: 級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時
註冊日期: 2002-12-07
住址: 木柵市立動物園
文章: 17381
現金: 5253 金幣
資產: 33853 金幣
預設

Q:
上網總是出現彈出視窗

System Repair Engineer (常用推薦)
說明:
System Repair Engineer(SREng) 是一款全新的、強有力的、可擴充的用於調整和修復你系統的免費工具,在這個工具的幫助下,你可以察覺你的系統故障並能夠很容易的修復他們。本工具的前身是 RegFix 註冊表關鍵值修復工具,由於 RegFix 註冊表關鍵值修復工具的局限性和當前系統環境的複雜性,我重新設計了一個新的軟件,即 System Repair Engineer (SREng) 。
下載:
SREng.exe
http://www.kztechs.com/sreng/sreng2.zip


2006-06-17,20:49:15

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<KAVPersonal50><C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize> [Kaspersky Lab]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<BigDogPath><C:\WINDOWS\VM_STI.EXE FAMETECH USB PC CAMERA> []
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,,"C:\Program Files\HFEE\SVOHOST.EXE" un userinit.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]

==================================
啟動資料夾
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\Adobe Gamma Loader.lnk><N>
[VPN Client]
<C:\Documents and Settings\All Users\「開始」表菜單\程式\啟動\VPN Client.lnk><N>

==================================
服務
[Cisco Systems, Inc. VPN Service / CVPND]
<"C:\Program Files\UTStarcom\VPN Client\cvpnd.exe"><Cisco Systems, Inc.>
[kavsvc / kavsvc]
<C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe><Kaspersky Lab>

==================================
瀏覽器載入項
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v8.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IEHandle Class]
{31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\PROGRA~1\COLLEG~1\TEACHI~1\tphandle.dll, 江蘇科建教育軟件有限責任公司>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\音樂\kugoo霏凡專用\KuGoo3DownXControl.ocx, N/A>
[浩方對戰平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <F:\Backup\軟件\浩方\GameClient.exe, 上海浩方線上訊息技術有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Dr.eye WebPage Translation]
{92B255FE-94E2-4BCA-958D-3926CE38913F} <C:\PROGRA~1\Inventec\Dreye\DreyeMT\DREYEI~1.DLL, >
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v8.dll, Thunder Networking Technologies,LTD>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[EWA Control]
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\COMMON~1\Synacast\SynaLive\SYNACA~1.OCX, Synacast>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[IEHandle Class]
{31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\PROGRA~1\COLLEG~1\TEACHI~1\tphandle.dll, 江蘇科建教育軟件有限責任公司>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[XML Data Source Object]
{550DDA30-0541-11D2-9CA9-0060B0EC3D39} <%SystemRoot%\system32\msxml3.dll, N/A>
[PowerPlayer Control]
{5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\DOCUME~1\mao\APPLIC~1\ppStream\100~1.138\POWERP~1.DLL, PPStream Inc.>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>[List Control]
{70CACCCA-8B83-4BCB-B2D1-188E9A495527} <C:\PROGRA~1\COMMON~1\Synacast\SynaLive\SYNACA~2.OCX, >
[Microsoft Web 瀏覽器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[WebPlayer Control]
{90203FFD-EF7F-4059-BC56-369E4D6D3824} <C:\PROGRA~1\VerySee\WEBPLA~1.OCX, TODO: <公司名>>
[Dr.eye WebPage Translation]
{92B255FE-94E2-4BCA-958D-3926CE38913F} <C:\PROGRA~1\Inventec\Dreye\DreyeMT\DREYEI~1.DLL, >
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\音樂\kugoo霏凡專用\KuGoo3DownXControl.ocx, N/A>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Adobe Acrobat Control for ActiveX]
{CA8A9780-280D-11CF-A24D-444553540000} <C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\pdf.ocx, Adobe Systems Incorporated>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[&使用迅雷下載]
<C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下載全部鏈接]
<C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[匯出到 Microsoft Excel(&x)]
<res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>

==================================
正在執行的工作行程
[PID: 700][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 784][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 808][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 852][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1>
[PID: 864][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1020][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1096][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1>
[PID: 1212][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1>
[PID: 1260][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1304][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1628][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[F:\Backup\軟件\NERO\Nero7.2.0.3b\NeroDigitalExt.dll] <Nero AG><2, 0, 0, 8>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.156.342>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.156.3>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.0.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.156.0>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.156.1>
[C:\WINDOWS\system32\xunleibho_v8.dll] <Thunder Networking Technologies,LTD><4, 5, 1, 33>
[C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><6.0.0.2003051500>
[D:\音樂\kugoo霏凡專用\KuGoo3DownXControl.ocx] <N/A><N/A>
[PID: 1696][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1876][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3208>
[PID: 1884][C:\WINDOWS\VM_STI.EXE] <VM.><4.2.610.4>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\WINDOWS\system32\VM31bPrp.Ax] <VM><4.2.711.31>
[PID: 1924][C:\Program Files\Messenger\msmsgs.exe] <Microsoft Corporation><4.7.3001>
[C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1>
[PID: 468][C:\Program Files\UTStarcom\VPN Client\cvpnd.exe] <Cisco Systems, Inc.><4.6.04.0043>
[C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\vsdata.dll] <Zone Labs LLC><5.5.062.011>
[C:\WINDOWS\system32\VSINIT.dll] <Zone Labs LLC><5.5.062.011>
[PID: 1392][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1400][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1404][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1>
[PID: 4068][C:\Program Files\InterVideo\WinDVR3\WinDvr.exe] <InterVideo Inc.><3.0.79.81>
[C:\Program Files\InterVideo\WinDVR3\LibACI.dll] <InterVideo Inc.><3.0.79.81>
[C:\Program Files\InterVideo\WinDVR3\ExtendedOEMDll.dll] <N/A><N/A>
[C:\Program Files\InterVideo\WinDVR3\RCENU.dll] <InterVideo Inc.><1.0 Beta1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\WINDOWS\system32\Prop7134.dll] <Philips Semiconductors><1, 4, 0, 0>
[C:\WINDOWS\system32\DVobSub.ax] <Gabest><1, 0, 0, 9>
[C:\Program Files\InterVideo\WinDVR3\IVIscapt.ax] <InterVideo Inc.><3.0.79.81>
[PID: 2256][F:\Backup\軟件\OICQ\騰訊QQ\QQ.exe] <TENCENT><0, 0, 0, 0>
[F:\Backup\軟件\OICQ\騰訊QQ\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\QQHelperDll.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\BasicCtrlDll.dll] <Tencent><5, 0, 200, 14>
[F:\Backup\軟件\OICQ\騰訊QQ\RunJin.dll] <飄雲 http://www.pyqq.cn><飄雲>
[F:\Backup\軟件\OICQ\騰訊QQ\ipsearcher.dll] <><1.0.0.3>
[F:\Backup\軟件\OICQ\騰訊QQ\QQAPI.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[F:\Backup\軟件\OICQ\騰訊QQ\LoginCtrl.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\npkcntc.dll] <INCA Internet Co., Ltd.><2005, 9, 1, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\QQRes.dll] <tencent><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\QQMainFrame.dll] <N/A><N/A>
[F:\Backup\軟件\OICQ\騰訊QQ\CQQApplication.dll] <N/A><N/A>
[C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\NewSkin.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\HostingMgr.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\CameraDll.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\MailSummary.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[F:\Backup\軟件\OICQ\騰訊QQ\QQGroupMng.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\QQSysMsgMng.dll] <N/A><N/A>
[F:\Backup\軟件\OICQ\騰訊QQ\LongConnection.dll] <tencent><0, 3, 3, 8>
[F:\Backup\軟件\OICQ\騰訊QQ\QQPlugin.dll] <N/A><N/A>
[F:\Backup\軟件\OICQ\騰訊QQ\QQAllInOne.dll] <N/A><N/A>
[F:\Backup\軟件\OICQ\騰訊QQ\SCCore.dll] <N/A><N/A>
[F:\Backup\軟件\OICQ\騰訊QQ\QQCustomFace.dll] <N/A><N/A>
[F:\Backup\軟件\OICQ\騰訊QQ\GroupConnection.dll] <Tencent><0, 3, 3, 5>
[F:\Backup\軟件\OICQ\騰訊QQ\QQConfigPlugin.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\QRingMng.dll] <N/A><N/A>
[F:\Backup\軟件\OICQ\騰訊QQ\UserDefinedHead.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\QQPet.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\QQAvatar.dll] <N/A><N/A>
[F:\Backup\軟件\OICQ\騰訊QQ\FlashAvatarDll.dll] <><1, 4, 0, 1>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[F:\Backup\軟件\OICQ\騰訊QQ\QQSceneMng.dll] <N/A><N/A>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清華紫光軟件股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\upengine.dll] <北京清華紫光軟件股份有限公司><3.0.0.3045>
[F:\Backup\軟件\OICQ\騰訊QQ\CommercesMng.dll] <><1, 0, 0, 1>
[F:\Backup\軟件\OICQ\騰訊QQ\PersonalDesktop.dll] <深圳市騰訊電腦系統公司QQ工作小組><1, 0, 0, 2>
[F:\Backup\軟件\OICQ\騰訊QQ\QQAddr.dll] <深圳市騰訊電腦系統有限公司><5, 0, 101, 141>
[F:\Backup\軟件\OICQ\騰訊QQ\ShareFiles.dll] <N/A><N/A>
[F:\Backup\軟件\OICQ\騰訊QQ\QQZip.dll] <tencent><0, 3, 2, 4>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.156.342>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.156.3>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.0.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.156.0>
[F:\Backup\軟件\OICQ\騰訊QQ\QQPhoneHelper.dll] <騰訊科技(深圳)有限公司><2, 0, 4, 40>
[PID: 1456][F:\Backup\軟件\OICQ\騰訊QQ\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[F:\Backup\軟件\OICQ\騰訊QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 3676][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\xunleibho_v8.dll] <Thunder Networking Technologies,LTD><4, 5, 1, 33>
[C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><6.0.0.2003051500>
[C:\PROGRA~1\COLLEG~1\TEACHI~1\tphandle.dll] <江蘇科建教育軟件有限責任公司><5, 0, 10, 10>
[D:\音樂\kugoo霏凡專用\KuGoo3DownXControl.ocx] <N/A><N/A>
[F:\Backup\軟件\NERO\Nero7.2.0.3b\NeroDigitalExt.dll] <Nero AG><2, 0, 0, 8>
[C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.156.342>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.156.3>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.0.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.156.0>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清華紫光軟件股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\upengine.dll] <北京清華紫光軟件股份有限公司><3.0.0.3045>
[PID: 1324][C:\Documents and Settings\mao\桌面\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\system32\msplus.dll] <><1, 0, 0, 1>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================


A:
killbox v2.0.0.175 漢化版 (推薦)
說明:國外反病毒論壇很受歡迎的工具軟件,與 HijackThis 是最佳配合,實質是一個刪除任意文件的利器,它不管這個文件是EXE還是DLL等其它文件,也不管這個文件是正在執行中,還是被系統調用了,KillBox 都可以簡單幾步就將文件刪除
具體用法:http://www.47522999.com/news/data/2005/0618/article_34.htm
下載:http://www.crsky.com/soft/4640.html



请用置顶的KILLBOX工具删除这个文件 C:\WINDOWS\system32\msplus.dll

Q:
刪除msplus.dll後,就沒法打開網頁了啊!拷貝回去後,濤聲依舊


A:


到置頂的工具帖中下載lspfix

Lspfix (新手慎用)
說明:Winsock2修復工具,修復Layered Service Provider(LSP)。
下載:http://www.cexx.org/lspfix.exe
下載網頁面:http://www.cexx.org/lspfix.htm

執行前面下載的LSPFix.exe工具,選中選項「I Know What I'm Doing」,然後把左面視窗裡的msplus.dll文件移到右面視窗裡(不要動其他文件),然後選「Finish」。

然後再刪除它
psac 目前離線  
送花文章: 3, 收花文章: 1625 篇, 收花: 3196 次
舊 2006-06-19, 09:16 PM   #8 (permalink)
榮譽會員
 
psac 的頭像
榮譽勳章
UID - 3662
在線等級: 級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時
註冊日期: 2002-12-07
住址: 木柵市立動物園
文章: 17381
現金: 5253 金幣
資產: 33853 金幣
預設

Q:
【求助】網路能PING通網關,但IE卻提示「打不開搜索而」??

系統中了病毒及廣告流氓軟件,連「我的電腦都打不開」,更不說IE了。經殺毒,可以打開「我的電腦」,但IE還是打不開網頁,提示「打不開搜索頁」,但網上的芳鄰能打開,網關也能PING通,用IE修復工具修復後也不行,請問該怎麼辦?請高手指教,謝謝!不想重裝系統。



A:


請到 這裡 下載 System Repair Engineer 。
解壓後雙擊sreng,點擊「智慧式掃瞄」——掃瞄——儲存報告——用記事本打開日誌文件SREngLOG.log,將內容複製貼上去上來。



Q:
現在問題是,網觀能ping通,局域網也通,就ie打不開,不知從何下手?



A:
可能是 winsock LSP 出現問題了

請把HijackThis或 System Repair Engineer的掃瞄報告發上來,以便分析是否適合用 Winsock XP Fix 來解決



Q:
分析報告發出來,請幫忙分析下,謝謝。
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><"\Program Files\Logonui\Logonui.exe"> [Microsoft Corporation]這個有沒有問題?殺毒軟件報告可能染病毒。請你看看。




2006-06-19,18:07:29

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE> [Eset ]
<stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe> [Tencent]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\Windows\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><"\Program Files\Logonui\Logonui.exe"> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AA6CCC90-B337-49FA-AF09-7A60B0CA1CAA}><> []
<{9E4B0A97-8E3B-4145-8127-4F5EBED58E5C}><> []
<{DE7BE181-4BB8-4520-B4AB-504BEAC008AA}><> []
<{213E78BD-8353-4D47-876B-E99D9C76CD66}><> []
<{3FA1CDC8-EDA0-4D7C-931E-F1CC67206C3C}><> []
<{F0248891-45C1-4559-8519-DFB07376F8D2}><> []
<{DEB835A8-4CCE-41FF-A104-53DAB57FF2A7}><> []
<{ACD330F3-E137-44F2-91CC-4BE2D0541A4E}><> []
<{11F9D051-5E27-428D-B760-0D94A653332C}><> []
<{15ADA3A1-E73E-4158-8ECB-7D73DF17681E}><> []
<{8002CC5A-DF35-4042-8EE3-C153991C1E49}><> []
<{ED241B5E-255F-4585-A8A6-F5EB691D9B6A}><> []
<{E6B069D6-7297-43EF-B87D-6B1368DBA66F}><> []
<{1DFCDD59-98C4-4E38-9DBA-64BCF4AD2632}><> []
<{C3CFB233-AE1F-4B5A-8C74-53922D111F3C}><> []
<{21153FB4-9C60-42A9-AD66-1BF3EE4A3F58}><> []
<{1909E461-7266-4201-8855-022294B7D164}><> []
<{0153E0FE-CEB7-4E69-8836-58B60F9D7F01}><> []
<{2361E63A-D1E9-4318-B50E-475AEDBA864C}><> []
<{F039B81A-AEE3-4F0A-A55D-293FFF34404F}><> []
<{53D56214-6FCD-4ED5-AF90-A9C8E0508666}><> []
<{0BC3BDDF-A4C0-4805-B16D-BD1822071631}><> []
<{54D9498B-CF93-414F-8984-8CE7FDE0D391}><C:\Program Files\ewido anti-malware\shellhook.dll> []
<{966261B0-3618-4B88-BAE1-B3086D634EB5}><> []
<{898EE642-7959-4F66-B589-B25248768EF7}><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<stdup><> []
<Vision><> []

==================================
啟動資料夾
服務
[Computer Storage / BRGNS]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[ewido security suite control / ewido security suite control]
<C:\Program Files\ewido anti-malware\ewidoctrl.exe><ewido networks>
[ewido security suite guard / ewido security suite guard]
<C:\Program Files\ewido anti-malware\ewidoguard.exe><ewido networks>
[NOD32 Kernel Service / NOD32krn]
<"C:\Program Files\Eset\nod32krn.exe"><Eset>
[Sample NT Service / SampleService]
<C:\WINDOWS\NTService.exe><N/A>

==================================
瀏覽器載入項
[新浪UC]
{2253922F-1B26-4C74-8B57-E3AEE748DBB8} <C:\Program Files\sina\UC\uc.exe, 北京新浪訊息技術有限公司>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <F:\F盤剩餘內容\新增資料夾\QQ.EXE, TENCENT>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Flash.ocx, Macromedia, Inc.>
[&使用迅雷下載全部鏈接]
<C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://c:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在執行的工作行程
[PID: 460][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 508][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 532][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 576][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 588][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 736][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 780][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 864][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 928][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1016][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1256][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1628][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\TENCENT\Adplus\Adplus.dll] <Tencent><4, 0, 8, 80>
[C:\Program Files\ewido anti-malware\shellhook.dll] <N/A><N/A>
[PID: 1740][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.30>
[PID: 1756][C:\Program Files\Eset\nod32kui.exe] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\nod32rui.dll] <N/A><N/A>
[C:\Program Files\TENCENT\Adplus\Adplus.dll] <Tencent><4, 0, 8, 80>
[C:\Program Files\Eset\pu_amon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_amon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pu_dmon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_dmon.dll] <N/A><N/A>
[C:\Program Files\Eset\pu_emon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_emon.dll] <N/A><N/A>
[C:\Program Files\Eset\pu_imon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[C:\Program Files\Eset\pu_mirr.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_mirr.dll] <N/A><N/A>
[C:\Program Files\Eset\pu_nod32.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_nod32.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pu_upd.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_upd.dll] <N/A><N/A>
[PID: 1776][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1840][C:\Documents and Settings\wk1\桌面\SREng2-v2.021\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\Program Files\TENCENT\Adplus\Adplus.dll] <Tencent><4, 0, 8, 80>
[PID: 424][C:\Program Files\ewido anti-malware\ewidoctrl.exe] <ewido networks><3, 0, 0, 1>
[C:\Program Files\ewido anti-malware\lang.dll] <privat><1, 0, 0, 1>
[PID: 744][C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe] <Microsoft Corporation><2000.080.0194.00>
[PID: 1144][C:\Program Files\Eset\nod32krn.exe] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\nod32krr.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\ps_amon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_amon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\ps_dmon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_dmon.dll] <N/A><N/A>
[C:\Program Files\Eset\ps_emon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_emon.dll] <N/A><N/A>
[C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[C:\Program Files\Eset\ps_mirr.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_mirr.dll] <N/A><N/A>
[C:\Program Files\Eset\ps_nod32.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_nod32.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\ps_upd.dll] <Eset ><2, 51, 22 >
[C:\Program Files\Eset\pr_upd.dll] <N/A><N/A>
[PID: 1380][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>

==================================
文件關聯
.TXT Error. [NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================




A:


卸載騰訊地址欄搜索



再次執行 System Repair Engineer 在「啟動專案」->「註冊表」中刪除下面專案


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AA6CCC90-B337-49FA-AF09-7A60B0CA1CAA}><> []
<{9E4B0A97-8E3B-4145-8127-4F5EBED58E5C}><> []
<{DE7BE181-4BB8-4520-B4AB-504BEAC008AA}><> []
<{213E78BD-8353-4D47-876B-E99D9C76CD66}><> []
<{3FA1CDC8-EDA0-4D7C-931E-F1CC67206C3C}><> []
<{F0248891-45C1-4559-8519-DFB07376F8D2}><> []
<{DEB835A8-4CCE-41FF-A104-53DAB57FF2A7}><> []
<{ACD330F3-E137-44F2-91CC-4BE2D0541A4E}><> []
<{11F9D051-5E27-428D-B760-0D94A653332C}><> []
<{15ADA3A1-E73E-4158-8ECB-7D73DF17681E}><> []
<{8002CC5A-DF35-4042-8EE3-C153991C1E49}><> []
<{ED241B5E-255F-4585-A8A6-F5EB691D9B6A}><> []
<{E6B069D6-7297-43EF-B87D-6B1368DBA66F}><> []
<{1DFCDD59-98C4-4E38-9DBA-64BCF4AD2632}><> []
<{C3CFB233-AE1F-4B5A-8C74-53922D111F3C}><> []
<{21153FB4-9C60-42A9-AD66-1BF3EE4A3F58}><> []
<{1909E461-7266-4201-8855-022294B7D164}><> []
<{0153E0FE-CEB7-4E69-8836-58B60F9D7F01}><> []
<{2361E63A-D1E9-4318-B50E-475AEDBA864C}><> []
<{F039B81A-AEE3-4F0A-A55D-293FFF34404F}><> []
<{53D56214-6FCD-4ED5-AF90-A9C8E0508666}><> []
<{0BC3BDDF-A4C0-4805-B16D-BD1822071631}><> []
<{966261B0-3618-4B88-BAE1-B3086D634EB5}><> []
<{898EE642-7959-4F66-B589-B25248768EF7}><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<stdup><> []
<Vision><> []


執行 System Repair Engineer 在「啟動專案」->「服務」 中刪除下面專案

[Computer Storage / BRGNS]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[Sample NT Service / SampleService]
<C:\WINDOWS\NTService.exe><N/A>


刪除下面文件
C:\WINDOWS\NTService.exe
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL



工作行程文件: logonui 或者 logonui.exe

工作行程名稱: Microsoft Logon User Interface

工作行程名稱: logonui.exe是一個系統工作行程,用於顯示微軟Windows XP系統用戶切換界面。這個程式對你系統的正常執行是非常重要的。



出品者: Microsoft
屬於: Microsoft Windows Operating System

系統工作行程: 是
後台程式: 是
使用網路: 否
硬體相關: 否
常見錯誤: 未知N/A
記憶體使用: 未知N/A
安全等級 (0-5): 0
間諜軟件: 否
廣告軟件: 否
Virus: 否
木馬: 否


你是不是安裝了開機畫面美化工具?

此帖於 2006-06-20 05:37 AM 被 psac 編輯.
psac 目前離線  
送花文章: 3, 收花文章: 1625 篇, 收花: 3196 次
舊 2006-06-19, 11:29 PM   #9 (permalink)
榮譽會員
 
psac 的頭像
榮譽勳章
UID - 3662
在線等級: 級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時
註冊日期: 2002-12-07
住址: 木柵市立動物園
文章: 17381
現金: 5253 金幣
資產: 33853 金幣
預設

Q:

【求助】新裝系統卡巴報警msplus1.dll可疑文件,無法刪除!

昨天剛剛用TomatoWinXP_SP2_v2.7_SATA安裝系統後,卡巴發現以下情況,

---警告: 發現木馬可疑模塊!---
C:\WINDOWS\system32\msplus1.dll

二次安裝系統後,仍然有該病毒報警,懷疑是否操作系統鏡像帶有此病毒。

刪除該病毒後重啟依然發現並報警.

用ewido4.0,繼續掃瞄發現病毒TrackingCookie.Atdmt.

刪除重啟後掃瞄依然存在.

連接網路情況下,IE自動彈出彩虹堂網頁,尋求幫助!Thx!


按照版主在其他帖子中的要求,用System Repair Engineer 2.0.21.505 (2.0 RC 2)工具掃瞄系統

結果如下:

2006-06-19,18:42:48

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KAVPersonal50><"D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize> [Kaspersky Lab]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><D:\應用軟件\病毒防治\ewido anti-malware 4.0\shellexecutehook.dll> [ewido networks GmbH & Co. KG]

==================================
啟動資料夾
服務
[ewido anti-malware 4.0 guard / ewido anti-malware 4.0 guard]
<D:\應用軟件\病毒防治\ewido anti-malware 4.0\guard.exe><N/A>
[kavsvc / kavsvc]
<"D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"><Kaspersky Lab>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[O&O Defrag / O&O Defrag]
<D:\應用軟件\磁碟優化\Defrag_Server_Edition_8.0.1398\oodag.exe><O&O Software GmbH>

==================================
瀏覽器載入項
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\應用軟件\聊天工具\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[番茄花園]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[訊息檢索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\應用軟件\辦公軟件\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\應用軟件\聊天工具\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\應用軟件\聊天工具\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 瀏覽器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx, Adobe Systems, Inc.>
[使用迅雷下載]
<D:\應用軟件\中斷點續傳\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下載全部鏈接]
<D:\應用軟件\中斷點續傳\Thunder\Program\GetAllUrl.htm, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://D:\應用軟件\辦公軟件\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[新增到QQ表情]
<D:\應用軟件\聊天工具\QQ\AddEmotion.htm, N/A>

==================================
正在執行的工作行程
[PID: 688][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 748][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 772][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 820][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 832][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 980][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1040][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[PID: 1080][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[PID: 1128][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1200][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1356][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1668][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[D:\應用軟件\壓縮解壓\WinRAR\rarext.dll] <N/A><N/A>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\shellex.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\ewido anti-malware 4.0\context.dll] <ewido networks><1.0.0.1>
[C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.8421>
[C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.8421>
[C:\WINDOWS\system32\nvshell.dll] <N/A><N/A>
[D:\應用軟件\病毒防治\ewido anti-malware 4.0\shellexecutehook.dll] <ewido networks GmbH & Co. KG><1.0.0.1>
[PID: 1736][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.8421>
[PID: 1760][D:\應用軟件\磁碟優化\Defrag_Server_Edition_8.0.1398\oodag.exe] <O&O Software GmbH><8.0.1398>
[D:\應用軟件\磁碟優化\Defrag_Server_Edition_8.0.1398\OODAGRS.DLL] <O&O Software GmbH><8.0.1.1347>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[PID: 440][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[PID: 972][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1248][C:\Program Files\ChinaNet\VnetClient.exe] <><2005, 11, 14, 1>
[C:\Program Files\ChinaNet\Communicate.dll] <0><2005, 3, 3, 1>
[C:\Program Files\ChinaNet\DialModule.dll] <GDCN><2005, 11, 15, 1>
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1>
[C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX] <><2005, 7, 27, 1>
[C:\PROGRA~1\ChinaNet\sign.dll] <0><2004, 12, 1, 1>
[C:\PROGRA~1\ChinaNet\WEBPLU~1.DLL] <><2005, 8, 18, 1>
[C:\PROGRA~1\ChinaNet\PostPlug.dll] <><2004, 12, 16, 2>
[C:\PROGRA~1\ChinaNet\ADVERT~1.OCX] <><2005, 10, 13, 1>
[C:\PROGRA~1\ChinaNet\Gif89a.dll] <><2005, 6, 21, 1>
[C:\PROGRA~1\ChinaNet\VnetBs.ocx] <><2004, 11, 18, 1>
[C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL] <><2005, 11, 14, 1>
[C:\PROGRA~1\ChinaNet\AccountMgr.dll] <><2005, 11, 14, 17>
[C:\PROGRA~1\ChinaNet\VnetSkin.ocx] <GDDC><2005, 11, 14, 1>
[C:\PROGRA~1\ChinaNet\DialogStyle.dll] <><1, 0, 0, 1>
[C:\PROGRA~1\ChinaNet\Timer.ocx] <><2005, 10, 9, 14>
[C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX] <><2005, 2, 24, 1>
[C:\PROGRA~1\ChinaNet\NEWMES~1.DLL] <><2005, 8, 26, 1>
[C:\PROGRA~1\ChinaNet\PassCtrl.dll] <><1, 0, 0, 1>
[C:\PROGRA~1\ChinaNet\PlugPush.dll] <><2004, 12, 21, 1>
[C:\PROGRA~1\ChinaNet\ALLINT~1.DLL] <><2004, 11, 23, 1>
[C:\PROGRA~1\ChinaNet\VNetLog.ocx] <><2005, 10, 9, 1>
[C:\PROGRA~1\ChinaNet\StatNum.dll] <><2004, 11, 18, 1>
[C:\PROGRA~1\ChinaNet\VNETON~1.OCX] <><2005, 3, 2, 1>
[C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL] <GDCN><2005, 10, 9, 1>
[C:\PROGRA~1\ChinaNet\VnetOptLog.dll] <><2005, 9, 13, 9>
[C:\PROGRA~1\ChinaNet\DlgSkin.ocx] <><2005, 11, 14, 1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx] <Adobe Systems, Inc.><9,0,0,296>
[PID: 3560][D:\應用軟件\BT下載軟件\eMule\emule.exe] <http://www.emule.org.cn><0.47.0>
[D:\應用軟件\BT下載軟件\eMule\VNNClientS.Dll] <VNN><3.0.22.1>
[D:\應用軟件\BT下載軟件\eMule\ZipLib.dll] <VNN><1.0.0.1>
[D:\應用軟件\BT下載軟件\eMule\vdevstate.dll] <N/A><N/A>
[D:\應用軟件\BT下載軟件\eMule\lang\zh_CN.dll] <http://www.emule-project.net><0.47.0>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx] <Adobe Systems, Inc.><9,0,0,296>
[PID: 472][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[c:\PROGRA~1\chinanet\VNETTR~1.DLL] <><2005, 4, 6, 1>
[c:\PROGRA~1\chinanet\Communicate.dll] <0><2005, 3, 3, 1>
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1>
[D:\應用軟件\聊天工具\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5>
[D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[C:\WINDOWS\system32\UNISPIM5.IME] <北京紫光華宇軟件股份有限公司><5.0.0.5076>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx] <Adobe Systems, Inc.><9,0,0,296>
[PID: 3428][D:\應用軟件\病毒防治\ewido anti-malware 4.0\ewido.exe] <ewido networks GmbH & Co. KG><4, 0, 0, 151>
[D:\應用軟件\病毒防治\ewido anti-malware 4.0\engine.dll] <ewido networks GmbH & Co. KG><4, 0, 0, 7>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[PID: 3340][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[c:\PROGRA~1\chinanet\VNETTR~1.DLL] <><2005, 4, 6, 1>
[c:\PROGRA~1\chinanet\Communicate.dll] <0><2005, 3, 3, 1>
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1>
[D:\應用軟件\聊天工具\QQ\QQIEHelper.dll] <深圳市騰訊電腦系統有限公司><1, 1, 0, 5>
[D:\應用軟件\中斷點續傳\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[D:\應用軟件\病毒防治\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[d:\應用軟件\病毒防治\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[PID: 3924][D:\應用軟件\病毒防治\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\system32\msplus.dll] <N/A><N/A>
[D:\應用軟件\病毒防治\SREng2\Plugins\SREngPluginDemo.SRE] <Smallfrogs Studio><1, 1, 1, 0>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
緊急請求高人幫助,該病毒在重啟後或間隔幾小時後會再次出現。


A:
安全模式下刪除:C:\WINDOWS\system32\msplus.dll

如果找不到以上檔案,可以試試先作出以下設定
1. 重啟動電腦,按 F8 鍵,進入 安全模式
2. 在 我的電腦,點擊 工具--->資料夾選項
3. 點 檢視 選擇項,然後去掉 隱藏受保護的操作系統文件 前的勾,點選 顯示所有文件和資料夾 ,最後 確定




Q:

安全模式下刪除:C:WINDOWSsystem32msplus.dll

會導致IE不能使用,網路連接失效。

曾嘗試改msplus1.dll為msplus.dll,無效

安全模式下取消隱藏找不到該文件,過幾天自己又會出來的....



A:



請到使使用!病毒救援區版規--(附常用工具+查毒網站)中下載LSPFIX

執行LSPFix.exe,選中選項「I Know What I'm Doing」,然後把左面視窗裡的msplus.dll
文件移到右面視窗裡(不要動其他文件),然後選「Finish」。

重起電腦按F8進安全模式,在資料夾選項中,顯示隱藏文件和取消「隱藏受保護的操作系統文件」。然後找到c:\windows\system32\msplus.dll並刪除

此帖於 2006-06-20 05:36 AM 被 psac 編輯.
psac 目前離線  
送花文章: 3, 收花文章: 1625 篇, 收花: 3196 次
舊 2006-06-22, 05:19 PM   #10 (permalink)
榮譽會員
 
psac 的頭像
榮譽勳章
UID - 3662
在線等級: 級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時
註冊日期: 2002-12-07
住址: 木柵市立動物園
文章: 17381
現金: 5253 金幣
資產: 33853 金幣
預設

Q:..
中了特諾伊木馬`刪除不了`怎麼辦(已解決)


描述:病毒名稱
圖片:
http://img20.imageshack.us/img20/5429/641291743915e64e0b29ea32xu.jpg
2006-06-21,21:17:54

System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows XP Professional Service Pack 2 - 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<run><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<StormCodec_Helper><"E:\播放工具\暴風影音\Storm Codec1\StormSet.exe" /S /opti>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><KB496973M.LOG>

==================================
啟動資料夾
服務
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard]
<E:\系統工具\殺毒軟件\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.>
[GrayPigeonServer / GrayPigeonServer]
<C:\WINDOWS\G_Server2006.exe><N/A>
[Gray_Pigeon_Server2.03 / GrayPigeonServer2.03]
<C:\WINDOWS\G_Server2.03.exe><N/A>
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPodService / iPodService]
<C:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[itshow.com.cn / it.com.cn]
<C:\WINDOWS\Hacker.com.cn.exe><N/A>
[kavsvc / kavsvc]
<"E:\殺毒\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"><Kaspersky Lab>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[ver / Perver]
<C:\WINDOWS\sz.exe><N/A>
[UFSoft SMS Platform / U8SmsSrv]
<C:\WINDOWS\system32\U8SMSSrv.exe><N/A>
[U8管理軟件 / UFNet]
<C:\WINDOWS\system32\ServerNT.EXE><N/A>
[Network Management Center Task / W32Tasks]
<C:\WINDOWS\system32\taskman32.exe><N/A>
[Window Time / Window Time]
<C:\WINDOWS\svchost.exe><N/A>

==================================
瀏覽器載入項
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\kugoo\KuGoo\KuGoo3DownXControl.ocx, N/A>
[浩方對戰平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <F:\浩方\HF.Loader.v1.21-Ayu\HFGameOPT\GameClient.exe, 上海浩方線上訊息技術有限公司>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <F:\QQ\qq2006\QQ.EXE, N/A>
[東方衛士]
{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EF} <C:\PROGRA~1\DFVSIE~1\DFVSIEBR.dll, >
[VTPlug3 Class]
{0400AC1C-EEF0-4638-A501-31D5A0DC2002} <C:\WINDOWS\system32\gxd\VTrans3.dll, >
[PowerPlayer Control]
{5EC7C511-CD0F-42E6-830C-1BD9882F3458} <E:\PPStream\POWERP~1.DLL, PPStream Inc.>
[IMCv1 Control]
{6924091F-CD97-41E1-B1D4-D9079409D413} <C:\PROGRA~1\LtUcx\1003\c0.dll, N/A>
[Filetran Control]
{88734439-46D0-42C0-A13F-7E881EE550CF} <C:\PROGRA~1\Bluesky\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)>
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[IMCv1 Control]
{6924091F-CD97-41E1-B1D4-D9079409D413} <C:\PROGRA~1\LtUcx\1003\c0.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\MediaAddin03.dll, Thunder Networking Technologies,LTD>
[Microsoft Web 瀏覽器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[東方衛士]
{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EF} <C:\PROGRA~1\DFVSIE~1\DFVSIEBR.dll, >
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\kugoo\KuGoo\KuGoo3DownXControl.ocx, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[&使用迅雷下載全部鏈接]
<C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[使用網際快車下載]
<F:\FlashGet\jc_link.htm, N/A>
[使用網際快車下載全部鏈接]
<F:\FlashGet\jc_all.htm, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://E:\學習工具\office\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在執行的工作行程
[PID: 672][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 744][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 768][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 820][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 832][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 1000][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 1064][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 1148][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 1200][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 1276][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 1696][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 1964][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A>
[C:\WINDOWS\szKey.DLL] <N/A><N/A>
[C:\WINDOWS\svchostKey.DLL] <N/A><N/A>
[PID: 224][E:\系統工具\殺毒軟件\ewido anti-spyware 4.0\guard.exe] <Anti-Malware Development a.s.><4, 0, 0, 172>
[E:\系統工具\殺毒軟件\ewido anti-spyware 4.0\engine.dll] <Anti-Malware Development a.s.><4, 0, 0, 172>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 344][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A>
[C:\WINDOWS\svchostKey.DLL] <N/A><N/A>
[C:\WINDOWS\szKey.DLL] <N/A><N/A>
[PID: 436][C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe] <Microsoft Corporation><2000.080.0194.00>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 564][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.5216>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A>
[C:\WINDOWS\szKey.DLL] <N/A><N/A>
[C:\WINDOWS\svchostKey.DLL] <N/A><N/A>
[PID: 664][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[F:\kugoo\KuGoo\KuGoo3DownXControl.ocx] <N/A><N/A>
[C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A>
[C:\WINDOWS\sz.DLL] <N/A><N/A>
[C:\WINDOWS\szKey.DLL] <N/A><N/A>
[C:\WINDOWS\svchostKey.DLL] <N/A><N/A>
[PID: 704][C:\WINDOWS\system32\U8SMSSrv.exe] <N/A><N/A>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 1268][C:\WINDOWS\system32\ServerNT.EXE] <N/A><N/A>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[C:\WINDOWS\system32\UMiscell.dll] <北京用友軟件股份有限公司><1, 0, 0, 1>
[C:\WINDOWS\system32\sgv.dll] <><8, 2, 0, 0>
[C:\WINDOWS\system\Sense3.dll] <N/A><N/A>
[C:\WINDOWS\system32\SecuComm.dll] <N/A><N/A>
[PID: 1232][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 2380][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[PID: 2396][C:\WINDOWS\system32\wscntfy.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[C:\WINDOWS\svchostKey.DLL] <N/A><N/A>
[C:\WINDOWS\szKey.DLL] <N/A><N/A>
[C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A>
[PID: 2100][C:\WINDOWS\explorer.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[C:\WINDOWS\szKey.DLL] <N/A><N/A>
[C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A>
[E:\系統工具\殺毒軟件\ewido anti-spyware 4.0\shellexecutehook.dll] <Anti-Malware Development a.s.><4, 0, 0, 172>
[C:\WINDOWS\svchostKey.DLL] <N/A><N/A>
[F:\kugoo\KuGoo\KuGoo3DownXControl.ocx] <N/A><N/A>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[E:\Right Click Image Converter\extRCIC.dll] <N/A><N/A>
[E:\殺毒\Kaspersky Anti-Virus Personal Pro\shellex.dll] <Kaspersky Lab><5.0.388.1>
[E:\系統工具\殺毒軟件\ewido anti-spyware 4.0\context.dll] <Anti-Malware Development a.s.><4, 0, 0, 172>
[PID: 2556][F:\QQ\06\QQ.exe] <TENCENT><0, 0, 0, 0>
[F:\QQ\06\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[F:\QQ\06\QQHelperDll.dll] <><1, 0, 0, 1>
[F:\QQ\06\BasicCtrlDll.dll] <Tencent><5, 0, 200, 160>
[F:\QQ\06\PYKer.dll] <飄雲 http://www.pyqq.cn><飄雲>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[F:\QQ\06\ipsearcher.dll] <><1.0.0.3>
[C:\WINDOWS\szKey.DLL] <N/A><N/A>
[C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A>
[F:\QQ\06\QQAPI.dll] <><1, 0, 0, 1>
[F:\QQ\06\TIMProxy.dll] <tencent><0, 3, 2, 4>
[F:\QQ\06\LoginCtrl.dll] <><1, 0, 0, 1>
[F:\QQ\06\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 3, 2, 1>
[F:\QQ\06\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[F:\QQ\06\QQRes.dll] <tencent><1, 0, 0, 1>
[F:\QQ\06\QQMainFrame.dll] <N/A><N/A>
[F:\QQ\06\CQQApplication.dll] <N/A><N/A>
[F:\QQ\06\NewSkin.dll] <><1, 0, 0, 1>
[F:\QQ\06\HostingMgr.dll] <><1, 0, 0, 1>
[F:\QQ\06\CameraDll.dll] <><1, 0, 0, 1>
[F:\QQ\06\MailSummary.dll] <><1, 0, 0, 1>
[F:\QQ\06\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[F:\QQ\06\QQGroupMng.dll] <><1, 0, 0, 1>
[F:\QQ\06\GroupLive.dll] <N/A><N/A>
[F:\QQ\06\QQSysMsgMng.dll] <N/A><N/A>
[F:\QQ\06\UserDefinedHead.dll] <><1, 0, 0, 1>
[F:\QQ\06\QQPlugin.dll] <N/A><N/A>
[F:\QQ\06\QQConfigPlugin.dll] <><1, 0, 0, 1>
[F:\QQ\06\LongConnection.dll] <tencent><5, 0, 200, 160>
[F:\QQ\06\QRingMng.dll] <N/A><N/A>
[F:\QQ\06\PhoneAPI.dll] <><1, 0, 0, 1>
[F:\QQ\06\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[F:\QQ\06\QQAllInOne.dll] <N/A><N/A>
[F:\QQ\06\SCCore.dll] <N/A><N/A>
[F:\QQ\06\QQCustomFace.dll] <N/A><N/A>
[F:\QQ\06\QQPet.dll] <><1, 0, 0, 1>
[F:\QQ\06\QQAvatar.dll] <N/A><N/A>
[F:\QQ\06\FlashAvatarDll.dll] <><1, 4, 0, 1>
[C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx] <Macromedia, Inc.><8,0,24,0>
[F:\QQ\06\QQSceneMng.dll] <N/A><N/A>
[F:\QQ\06\VqqModule.dll] <><1, 0, 0, 1>
[F:\QQ\06\ImageOle.dll] <TODO: <Company name>><1.0.0.1>
[F:\QQ\06\QQMagicFace.dll] <><1, 0, 0, 1>
[F:\QQ\06\QQFileTransfer.dll] <Tencent><5, 0, 202, 180>
[E:\系統工具\殺毒軟件\ewido anti-spyware 4.0\shellexecutehook.dll] <Anti-Malware Development a.s.><4, 0, 0, 172>
[F:\QQ\06\CommercesMng.dll] <><1, 0, 0, 1>
[F:\QQ\06\PersonalDesktop.dll] <深圳市騰訊電腦系統公司QQ工作小組><1, 0, 0, 2>
[F:\QQ\06\QQAddr.dll] <深圳市騰訊電腦系統有限公司><5, 0, 101, 200>
[C:\WINDOWS\svchostKey.DLL] <N/A><N/A>
[F:\QQ\06\GroupConnection.dll] <Tencent><5, 0, 202, 170>
[F:\QQ\06\QQZip.dll] <tencent><0, 3, 2, 4>
[F:\QQ\06\QQPhoneHelper.dll] <騰訊科技(深圳)有限公司><2, 0, 4, 40>
[PID: 1916][F:\QQ\06\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[C:\WINDOWS\szKey.DLL] <N/A><N/A>
[C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A>
[F:\QQ\06\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 4040][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[C:\WINDOWS\svchostKey.DLL] <N/A><N/A>
[C:\WINDOWS\szKey.DLL] <N/A><N/A>
[C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A>
[PID: 420][C:\DOCUME~1\tony\LOCALS~1\Temp\Rar$EX00.719\SREng.exe] <Smallfrogs Studio><2.0.12.350>
[C:\WINDOWS\KB496973M.LOG] <N/A><N/A>
[C:\WINDOWS\svchostKey.DLL] <N/A><N/A>
[C:\WINDOWS\szKey.DLL] <N/A><N/A>
[C:\WINDOWS\G_Server2006Key.DLL] <N/A><N/A>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP Error. [winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================



A:


1. 使用SREng (相關操作說明)

-刪除以下的啟動項
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><KB496973M.LOG>

-刪除以下的服務
[GrayPigeonServer / GrayPigeonServer]
<C:\WINDOWS\G_Server2006.exe><N/A>
[Gray_Pigeon_Server2.03 / GrayPigeonServer2.03]
<C:\WINDOWS\G_Server2.03.exe><N/A>
[itshow.com.cn / it.com.cn]
<C:\WINDOWS\Hacker.com.cn.exe><N/A>
[ver / Perver]
<C:\WINDOWS\sz.exe><N/A>
[Network Management Center Task / W32Tasks]
<C:\WINDOWS\system32\taskman32.exe><N/A>
[Window Time / Window Time]
<C:\WINDOWS\svchost.exe><N/A>


2. 重新啟動電腦,之後刪除以下檔案 (看注1)
C:\WINDOWS\KB496973M.LOG
C:\WINDOWS\sz.exe
C:\WINDOWS\sz.DLL
C:\WINDOWS\szKey.DLL
C:\WINDOWS\G_Server2006.exe
C:\WINDOWS\G_Server2006.DLL
C:\WINDOWS\G_Server2006Key.DLL
C:\WINDOWS\svchost.exe
C:\WINDOWS\svchost.DLL
C:\WINDOWS\svchostKey.DLL

注1: 如果找不到以上檔案,先作出以下設定
a) 在 我的電腦 ,點擊 工具--->資料夾選項
b) 點 檢視 選擇項,然後去掉 隱藏受保護的操作系統文件 前的勾,點選 顯示所有文件和資料夾 ,最後 確定
or...
用軟件Unlocker(最好的頑固軟件刪除工具) v1.8.1 官方中文版,沒有刪除不了的文件。我一直用它



Q:

刪除以下的啟動項
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><KB496973M.LOG>

它說這個文件對系統很重要,不能夠刪除~只能夠編輯~那怎麼辦??謝謝了




A:

把AppInit_DLLs編輯一下,改做空白的.....
再重新啟動刪除相關檔案
psac 目前離線  
送花文章: 3, 收花文章: 1625 篇, 收花: 3196 次
舊 2006-06-28, 05:26 AM   #11 (permalink)
榮譽會員
 
psac 的頭像
榮譽勳章
UID - 3662
在線等級: 級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時
註冊日期: 2002-12-07
住址: 木柵市立動物園
文章: 17381
現金: 5253 金幣
資產: 33853 金幣
預設

Q:
一个嫌疑分子,注册表项目不能删除?
http://img444.imageshack.us/img444/9251/6427075f8251a3b0860ba2he.jpg
在註冊表:
localmachine\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDPSSW32
下..
整個LEGACY_RDPSSW32項都沒有辦法刪除~下面還有個0000的項..都沒有辦法刪除.
開始的時候開機自動執行C:\windows\rdpssw32.exe 程式..被我刪除了.我用了流氓軟件清理後說發現,但是無法清除之..

2006-06-27,15:45:45

System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows XP Professional Service Pack 2 - 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<run><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KvMonXP><"F:\Program Files\KV2006\KVMonXP.kxp" /auto>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>

==================================
啟動資料夾
[802.1X認證客戶端]
<C:\Documents and Settings\kingsgame\「開始」表菜單\程式\啟動\802.1X認證客戶端.lnk><N>

==================================
服務
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\System32\Ati2evxx.exe><N/A>
[ATI Smart / ATI Smart]
<C:\WINDOWS\system32\ati2sgag.exe><>
[KVSrvXP / KVSrvXP]
<F:\Program Files\KV2006\KVSrvXP.exe /Service><Jiangmin Co. Ltd>
[KVWSC / KVWSC]
<"F:\Program Files\KV2006\KVWsc.exe"><Jiangmin Co.Ltd>
[RDPSSW32 / RDPSSW32]
<><N/A>
[SVCHOST / SVCHOST]
<C:\WINDOWS\SVCHOST.EXE><N/A>

==================================
瀏覽器載入項
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <, N/A>
[江民殺毒工具欄]
{B5A34A93-D538-43A7-8371-864CB6148D12} <F:\Program Files\KV2006\KvShell.dll, Jiangmin Co.Ltd>
[TegoSoft SmartLoader ActiveX Control]
{1C960AA3-FAEE-11D0-9262-00A0243D2412} <C:\WINDOWS\DOWNLO~1\TegoLoad.OCX, TegoSoft Inc. http://www.tegosoft.com>
[UploadListView Class]
{474F00F5-3853-492C-AC3A-476512BBC336} <C:\WINDOWS\Downloaded Program Files\UploaderX.dll, >
[PhotoUploadCtrl Control]
{A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} <f:\PROGRA~1\Tencent\QZone\PHOTOU~1.OCX, tencent>
[Java Plug-in 1.5.0_01]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[FiltrateWebObj Class]
{42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} <F:\Program Files\KV2006\KVBHO.dll, Jiangmin Co.Ltd>
[超級兔子上網精靈]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <, N/A>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\SHDOCVW.DLL, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[超級兔子上網精靈]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\SHDOCVW.DLL, N/A>
[江民殺毒工具欄]
{B5A34A93-D538-43A7-8371-864CB6148D12} <F:\Program Files\KV2006\KvShell.dll, Jiangmin Co.Ltd>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[上傳到QQ網路硬碟]
<{DEDEB80D-FA35-45D9-9460-4983E5A8AFE6}, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[新增到QQ自定義面板]
<, N/A>
[新增到QQ表情]
<, N/A>
[用QQ彩信發送該圖片]
<F:\Program Files\Tencent\SendMMS.htm, N/A>
[用迅雷下載(&D)]
<F:\Program Files\Thunder5.1.3.168 綠色版 by令狐雨辰\geturl.htm, N/A>
[用迅雷下載全部(&A)]
<F:\Program Files\Thunder5.1.3.168 綠色版 by令狐雨辰\getallurl.htm, N/A>

==================================
正在執行的工作行程
[PID: 580][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 644][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 668][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\Ati2evxx.dll] <N/A><N/A>
[C:\WINDOWS\system32\antiwpa.dll] <N/A><N/A>
[PID: 712][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 724][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 884][C:\WINDOWS\System32\Ati2evxx.exe] <N/A><N/A>
[PID: 896][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1004][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1088][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1300][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1312][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1524][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1732][F:\Program Files\KV2006\KVSrvXP.exe] <Jiangmin Co. Ltd><9.2.0.50822>
[F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[F:\Program Files\KV2006\SvcSafe.dll] <Jiangmin Co. Ltd><9, 2, 0, 51107>
[F:\Program Files\KV2006\lang\SvcSafe0804.lng] <N/A><N/A>
[F:\Program Files\KV2006\RegProt.dll] <Jiangmin Co.Ltd><9, 0, 5, 1212>
[F:\Program Files\KV2006\Scan.dll] <Jiangmin Co., Ltd.><1.0.6.05190>
[F:\Program Files\KV2006\FileGD.dll] <Jiangmin Co.Ltd><9.2.0.50809>
[F:\Program Files\KV2006\KvSPI.dll] <Jiangmin Co. Ltd.><1.0.6.06030>
[F:\Program Files\KV2006\lang\KVSpi0804.lng] <N/A><N/A>
[F:\Program Files\KV2006\ScanHost.dll] <Jiangmin Co. Ltd><9, 2, 0, 50822>
[F:\Program Files\KV2006\KVWPSet.dll] <Jiangmin Co.Ltd><9, 0, 0, 60220>
[F:\Program Files\KV2006\KVEnhS.dll] <Jiangmin Co., Ltd.><9, 2, 6, 02040>
[F:\Program Files\KV2006\KVEnhJ.dll] <Jiangmin Co.Ltd><9, 1, 0, 50822>
[F:\Program Files\KV2006\KVExtCab.dll] <JiangMin Co. Ltd><9, 2, 0, 50822>
[F:\Program Files\KV2006\KVExtEml.dll] <Jiangmin Co. Ltd.><9, 2, 0, 51207>
[F:\Program Files\KV2006\lang\KVExtEml0804.lng] <N/A><N/A>
[F:\Program Files\KV2006\KvExtZip.dll] <JiangMin Co Ltd.><9, 2, 0, 50822>
[F:\Program Files\KV2006\KVExtZ.dll] <Jiangmin Co. Ltd><9.2.0.503>
[F:\Program Files\KV2006\KVExtTar.dll] <Jiangmin Co. Ltd><9, 2, 0, 50822>
[F:\Program Files\KV2006\KVExtLZH.dll] <JiangMin Co. Ltd.><9, 2, 6, 0316>
[F:\Program Files\KV2006\KvExtRar.dll] <JiangMin Co. Ltd.><9, 2, 6, 04020>
[F:\Program Files\KV2006\KVExtGz_1.dll] <Jiangmin Co. Ltd><9, 0, 6, 04200>
[F:\Program Files\KV2006\KVEnhK.dll] <Jiangmin Co.Ltd><9, 1, 0, 51209>
[F:\Program Files\KV2006\Fix.dll] <Jiangmin Co.Ltd><9, 2, 0, 51011>
[F:\Program Files\KV2006\KvCkMail.dll] <N/A><9, 0, 6, 605>
[F:\Program Files\KV2006\lang\KvMailRes0804.lng] <N/A><N/A>
[F:\Program Files\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817>
[F:\Program Files\KV2006\lang\PrivateCfg0804.lng] <TODO: <Company name>><1.0.0.1>
[PID: 432][C:\WINDOWS\system32\Ati2evxx.exe] <N/A><N/A>
[PID: 616][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[F:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[F:\Program Files\KV2006\KvShell.dll] <Jiangmin Co.Ltd><9, 0, 5, 830>
[F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[F:\Program Files\KV2006\lang\Kvxp0804_1.lng] <N/A><N/A>
[F:\Program Files\KV2006\APIImpl.dll] <JiangMin Ltd.><9.0.0.500>
[F:\Program Files\Tencent\qdshm.dll] <><1, 0, 101, 20>
[F:\Program Files\SPX Capture\engine.dll] <N/A><N/A>
[PID: 640][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[F:\Program Files\KV2006\KVMonXP.kxp] <Jiangmin Co.Ltd><9, 2, 0, 60103>
[F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[F:\Program Files\KV2006\lang\Kvxp0804_1.lng] <N/A><N/A>
[F:\Program Files\KV2006\GUIExt.dll] <Jiangmin Co.Ltd><9, 0, 5, 927>
[F:\Program Files\KV2006\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200>
[F:\Program Files\KV2006\EngFace.dll] <Jiangmin Co.Ltd><9.0.0.50809>
[F:\Program Files\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817>
[F:\Program Files\KV2006\KvMemory.dll] <Jiangmin Co. Ltd.><9, 0, 6, 0214>
[F:\Program Files\KV2006\KvOffice.dll] <JiangMin New Tech.><9.0.0.1213>
[F:\Program Files\KV2006\lang\KVOffice0804.lng] <N/A><N/A>
[F:\Program Files\KV2006\VirusUpload.dll] <N/A><2, 0, 0, 0>
[F:\Program Files\KV2006\lang\PrivateCfg0804.lng] <TODO: <Company name>><1.0.0.1>
[F:\Program Files\KV2006\PProtect.dll] <Jiangmin Co. Ltd.><9.0.0.921>
[PID: 1196][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[F:\Program Files\KV2006\TrojDie.kxp] <Jiangmin Co.Ltd><9.0.6.0413>
[F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[F:\Program Files\KV2006\lang\TrojDie0804.lng] <Jiangmin Co.Ltd><9.0.0.0813>
[F:\Program Files\KV2006\GUIExt.dll] <Jiangmin Co.Ltd><9, 0, 5, 927>
[F:\Program Files\KV2006\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200>
[F:\Program Files\KV2006\PProtect.dll] <Jiangmin Co. Ltd.><9.0.0.921>
[F:\Program Files\KV2006\ComUIPS.dll] <Jiangmin Ltd.><9. 5. 5. 20>
[PID: 1456][C:\Program Files\802.1X認證客戶端\Dot1XClient.exe] <huawei><2.00>
[C:\WINDOWS\system32\W32N50.dll] <Printing Communications Assoc., Inc. (PCAUSA)><5.03.16.54>
[PID: 1964][F:\Program Files\KV2006\KRegEx.exe] <Jiangmin Co.Ltd><9.0.6.210>
[F:\Program Files\KV2006\KRegEx.dll] <Jiangmin Co. Ltd.><9.0.6.0119>
[F:\Program Files\KV2006\KRegTrust.dll] <Jiangmin Co. Ltd.><9.0.0.825>
[PID: 200][F:\Program Files\KV2006\UIHost.exe] <Jiangmin Co. Ltd><9.2.0.50822>
[F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[F:\Program Files\KV2006\ComUI.dll] <Jiangmin Ltd.><9. 0. 0.509>
[F:\Program Files\KV2006\ComUIPS.dll] <Jiangmin Ltd.><9. 5. 5. 20>
[PID: 356][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 1408][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1868][F:\PROGRA~1\TheWorld\TheWorld.exe] <Phoenix Studio><1, 2, 3, 5>
[C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx] <Macromedia, Inc.><8,0,24,0>
[C:\WINDOWS\system32\FREEWB.IME] <Delphi Fan Studio><5.1>
[F:\Program Files\freewb\plugin\date.plg] <><1, 0, 0, 1>
[F:\Program Files\SPX Capture\engine.dll] <N/A><N/A>
[PID: 1616][F:\Program Files\SPX Capture\Spx.exe] <MoodySoft><4.0.0.0>
[F:\Program Files\SPX Capture\ICQMAPI.dll] <N/A><N/A>
[F:\Program Files\SPX Capture\lpng.dll] <N/A><N/A>
[F:\Program Files\SPX Capture\freeze.dll] <N/A><N/A>
[F:\Program Files\SPX Capture\engine.dll] <N/A><N/A>
[PID: 1368][F:\download\sreng2\SREng.exe] <Smallfrogs Studio><2.0.12.350>
[F:\Program Files\SPX Capture\engine.dll] <N/A><N/A>

==================================
文件關聯
.TXT Error. [emeditor.txt]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================





A:

再次執行 System Repair Engineer 在「啟動專案」->「服務」 中刪除下面專案

[RDPSSW32 / RDPSSW32]
<><N/A>
[SVCHOST / SVCHOST]
<C:\WINDOWS\SVCHOST.EXE><N/A>




Q:
2006-06-27,20:05:54

System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows XP Professional Service Pack 2 - 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<run><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KvMonXP><"F:\Program Files\KV2006\KVMonXP.kxp" /auto>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<Super Rabbit Winspeed><"F:\Program Files\Super Rabbit\MagicSet\winspeed.exe" /autokill:117>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>

==================================
啟動資料夾
[802.1X認證客戶端]
<C:\Documents and Settings\kingsgame\「開始」表菜單\程式\啟動\802.1X認證客戶端.lnk><N>

==================================
服務
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\System32\Ati2evxx.exe><N/A>
[ATI Smart / ATI Smart]
<C:\WINDOWS\system32\ati2sgag.exe><>
[KVSrvXP / KVSrvXP]
<F:\Program Files\KV2006\KVSrvXP.exe /Service><Jiangmin Co. Ltd>
[KVWSC / KVWSC]
<"F:\Program Files\KV2006\KVWsc.exe"><Jiangmin Co.Ltd>

==================================
瀏覽器載入項
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <, N/A>
[江民殺毒工具欄]
{B5A34A93-D538-43A7-8371-864CB6148D12} <F:\Program Files\KV2006\KvShell.dll, Jiangmin Co.Ltd>
[TegoSoft SmartLoader ActiveX Control]
{1C960AA3-FAEE-11D0-9262-00A0243D2412} <C:\WINDOWS\DOWNLO~1\TegoLoad.OCX, TegoSoft Inc. http://www.tegosoft.com>
[UploadListView Class]
{474F00F5-3853-492C-AC3A-476512BBC336} <C:\WINDOWS\Downloaded Program Files\UploaderX.dll, >
[PhotoUploadCtrl Control]
{A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} <f:\PROGRA~1\Tencent\QZone\PHOTOU~1.OCX, tencent>
[Java Plug-in 1.5.0_01]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[FiltrateWebObj Class]
{42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} <F:\Program Files\KV2006\KVBHO.dll, Jiangmin Co.Ltd>
[超級兔子上網精靈]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <, N/A>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\SHDOCVW.DLL, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[超級兔子上網精靈]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <, N/A>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\PROGRA~1\KuGoo2\KUGOO3~1.OCX, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\SHDOCVW.DLL, N/A>
[江民殺毒工具欄]
{B5A34A93-D538-43A7-8371-864CB6148D12} <F:\Program Files\KV2006\KvShell.dll, Jiangmin Co.Ltd>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[上傳到QQ網路硬碟]
<{DEDEB80D-FA35-45D9-9460-4983E5A8AFE6}, N/A>
[使用KuGoo3下載(&K)]
<F:\Program Files\KuGoo2\KuGoo3DownX.htm, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[新增到QQ自定義面板]
<, N/A>
[新增到QQ表情]
<, N/A>
[用QQ彩信發送該圖片]
<F:\Program Files\Tencent\SendMMS.htm, N/A>
[用迅雷下載(&D)]
<F:\Program Files\Thunder5.1.3.168 綠色版 by令狐雨辰\geturl.htm, N/A>
[用迅雷下載全部(&A)]
<F:\Program Files\Thunder5.1.3.168 綠色版 by令狐雨辰\getallurl.htm, N/A>

==================================
正在執行的工作行程
[PID: 580][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 644][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 668][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\Ati2evxx.dll] <N/A><N/A>
[C:\WINDOWS\system32\antiwpa.dll] <N/A><N/A>
[PID: 712][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 724][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 896][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1004][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1088][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1300][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1312][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1524][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1732][F:\Program Files\KV2006\KVSrvXP.exe] <Jiangmin Co. Ltd><9.2.0.50822>
[F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[F:\Program Files\KV2006\SvcSafe.dll] <Jiangmin Co. Ltd><9, 2, 0, 51107>
[F:\Program Files\KV2006\lang\SvcSafe0804.lng] <N/A><N/A>
[F:\Program Files\KV2006\RegProt.dll] <Jiangmin Co.Ltd><9, 0, 5, 1212>
[F:\Program Files\KV2006\Scan.dll] <Jiangmin Co., Ltd.><1.0.6.05190>
[F:\Program Files\KV2006\FileGD.dll] <Jiangmin Co.Ltd><9.2.0.50809>
[F:\Program Files\KV2006\KvSPI.dll] <Jiangmin Co. Ltd.><1.0.6.06030>
[F:\Program Files\KV2006\lang\KVSpi0804.lng] <N/A><N/A>
[F:\Program Files\KV2006\ScanHost.dll] <Jiangmin Co. Ltd><9, 2, 0, 50822>
[F:\Program Files\KV2006\KVWPSet.dll] <Jiangmin Co.Ltd><9, 0, 0, 60220>
[F:\Program Files\KV2006\KvCkMail.dll] <N/A><9, 0, 6, 605>
[F:\Program Files\KV2006\lang\KvMailRes0804.lng] <N/A><N/A>
[F:\Program Files\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817>
[F:\Program Files\KV2006\lang\PrivateCfg0804.lng] <TODO: <Company name>><1.0.0.1>
[PID: 616][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[F:\Program Files\KV2006\KvShell.dll] <Jiangmin Co.Ltd><9, 0, 5, 830>
[F:\Program Files\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[F:\Program Files\KV2006\lang\Kvxp0804_1.lng] <N/A><N/A>
[F:\Program Files\KV2006\APIImpl.dll] <JiangMin Ltd.><9.0.0.500>
[F:\Program Files\Tencent\qdshm.dll] <><1, 0, 101, 20>
[F:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[F:\PROGRA~1\KuGoo2\KUGOO3~1.OCX] <N/A><N/A>
[PID: 640][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1196][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 356][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 1408][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1492][C:\Program Files\802.1X認證客戶端\Dot1XClient.exe] <huawei><2.00>
[C:\WINDOWS\system32\W32N50.dll] <Printing Communications Assoc., Inc. (PCAUSA)><5.03.16.54>
[PID: 1668][F:\PROGRA~1\TheWorld\TheWorld.exe] <Phoenix Studio><1, 2, 3, 5>
[C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx] <Macromedia, Inc.><8,0,24,0>
[C:\WINDOWS\system32\FREEWB.IME] <Delphi Fan Studio><5.1>
[F:\Program Files\freewb\plugin\date.plg] <><1, 0, 0, 1>
[C:\WINDOWS\System32\xunleibho_v13.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 48>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[F:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll] <Gabest><1, 0, 1, 2>
[F:\Program Files\Ringz Studio\Storm Codec\Codecs\OGGSplt.ax] <Gabest><1, 0, 0, 0>
[C:\WINDOWS\system32\RealMediaSplitter.ax] <Gabest><1, 0, 1, 1>
[F:\Program Files\Ringz Studio\Storm Codec\Codecs\MkvSplt.ax] <Gabest><1, 0, 2, 6>
[C:\WINDOWS\System32\ffdshow.ax] <N/A><1, 0, 0, 1>
[C:\DOCUME~1\KINGSG~1\APPLIC~1\ppStream\100~1.138\POWERL~1.OCX] <PPStream.com><1, 0, 0, 1216>
[C:\DOCUME~1\KINGSG~1\APPLIC~1\ppStream\100~1.138\POWERP~1.DLL] <PPStream Inc.><1,0,0,1566>
[C:\DOCUME~1\KINGSG~1\APPLIC~1\ppStream\100~1.138\PSNetwork.dll] <PPStream, inc.><1, 0, 0, 2296>
[PID: 940][F:\網號\QQ相關\Q工具\myQQC\myQQC.exe] <N/A><V2.2>
[PID: 3664][F:\download\sreng2\SREng.exe] <Smallfrogs Studio><2.0.12.350>

==================================
文件關聯
.TXT Error. [emeditor.txt]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================



A:新的掃瞄報告沒問題了
psac 目前離線  
送花文章: 3, 收花文章: 1625 篇, 收花: 3196 次
舊 2006-07-06, 08:45 AM   #12 (permalink)
榮譽會員
 
psac 的頭像
榮譽勳章
UID - 3662
在線等級: 級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時
註冊日期: 2002-12-07
住址: 木柵市立動物園
文章: 17381
現金: 5253 金幣
資產: 33853 金幣
預設

Q:

【求助】被IEXPLORER.exe搞住了!刪不掉啊!

被IEXPLORER.exe搞住了!刪不掉啊!不到5秒再殺。又出來了!!

A:


請用 System Repair Engineer (SREng) 的智慧式掃瞄,掃瞄一個報告上來

1. 下載 System Repair Engineer 2 ,並儲存到桌面
2. 解開壓縮包裝,執行SREng.exe
3. 按 智慧式掃瞄 ,確保智慧式掃瞄下的專案已經全部打勾,再按 掃瞄
4. 掃瞄完成後,按 儲存報告 ,把報告儲存到桌面
5. 開啟SREngLOG.log報告,把報告所有內容複製 + 貼上來


Q:
2006-07-05,22:59:34

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<pyjj><E:\濾鏡\加加\jj4\jjsvr4.exe> [加加開發組]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<KvMonXP><"D:\KV2006\KVMonXP_2.kxp" /auto> [Jiangmin Co.Ltd]
<SKYNET Personal FireWall><E:\安全\FIREWALL\pfw.exe> [廣州眾達天網技術有限公司]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<><; > []
<CSPContext><; C:\WINDOWS\system32\CSPContext.exe> [中文之星]
<rundll31><C:\WINDOWS\system32\IEXPLORER.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<DLMon><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
<WinlogonNotify: AtiExtEvent><Ati2evxx.dll> [ATI Technologies Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ATICCC><; "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay> []
<ATIPTA><; ; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> []
<IMSCMIG40W><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log> [Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NVMixerTray><; "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"> [NVIDIA Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<pyjj><; E:\濾鏡\加加\jj4\jjsvr4.exe> [加加開發組]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<rundll31><; C:\WINDOWS\system32\IEXPLORER.exe> []
<TkBellExe><; ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> []
<Update><; > []

==================================
啟動資料夾
服務
[Adobe LM Service / Adobe LM Service]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
<C:\WINDOWS\system32\ati2sgag.exe><>
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[KVSrvXP / KVSrvXP]
<D:\KV2006\KVSrvXP.exe /Service><Jiangmin Co. Ltd>
[KVWSC / KVWSC]
<"D:\KV2006\kvwsc.exe"><Jiangmin Co.Ltd>

==================================
瀏覽器載入項
[解霸]
{367E0A21-8601-4986-9C9A-153BF5ACA118} <e:\HEROSOFT\Hero3000\MPLAYER.EXE, N/A>
[聯想]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A>
[訊息檢索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <E:\FlashGet-v1.71\flashget.exe, Amaze Soft>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[江民殺毒工具欄]
{B5A34A93-D538-43A7-8371-864CB6148D12} <D:\KV2006\KvShell.dll, Jiangmin Co.Ltd>
[SnagIt]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <E:\圖像\TechSmith\SnagIt 7\SnagItIEAddin.dll, TechSmith Corporation>
[&Save Flash]
{4064EA35-578D-4073-A834-C96D82CBCF40} <E:\濾鏡\Save Flash\SaveFlash.dll, TODO: <Company name>>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Alexa Web Search]
<CDB6E-AE6D-11CF-96B8-444553540000}, N/A>
[Get Alexa Data]
<, N/A>
[Mail to a Friend...]
<, N/A>
[See Related Links]
<, N/A>
[Write a Review...]
<, N/A>
[上傳到QQ網路硬碟]
<, N/A>
[使用網際快車下載]
<E:\FlashGet-v1.71\jc_link.htm, N/A>
[使用網際快車下載全部鏈接]
<E:\FlashGet-v1.71\jc_all.htm, N/A>
[定位檢視 GPS 衛星地圖]
<E:\濾鏡\Opanda\IExif 2.25\IExifMap.htm, N/A>
[檢視 Exif/GPS/IPTC 訊息]
<E:\濾鏡\Opanda\IExif 2.25\IExifCom.htm, N/A>
[新增到QQ自定義面板]
<, N/A>
[新增到QQ表情]
<, N/A>
[用QQ彩信發送該圖片]
<, N/A>

==================================
正在執行的工作行程
[PID: 508][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 576][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 604][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\Ati2evxx.dll] <ATI Technologies Inc.><6.14.10.4124>
[PID: 648][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 660][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 800][C:\WINDOWS\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4124>
[C:\WINDOWS\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2499>
[PID: 828][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 896][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 956][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1036][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1124][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1356][C:\WINDOWS\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4124>
[C:\WINDOWS\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2499>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[PID: 1420][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[D:\KV2006\KvShell.dll] <Jiangmin Co.Ltd><9, 0, 5, 830>
[D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[D:\KV2006\lang\Kvxp0804_1.lng] <N/A><N/A>
[D:\KV2006\APIImpl.dll] <JiangMin Ltd.><9.0.0.500>
[C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll] <><1, 0, 0, 1>
[PID: 1432][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[PID: 1588][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.29>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[D:\KV2006\KVMonXP_2.kxp] <Jiangmin Co.Ltd><9, 2, 0, 60103>
[D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[D:\KV2006\lang\Kvxp0804_1.lng] <N/A><N/A>
[D:\KV2006\GUIExt.dll] <Jiangmin Co.Ltd><9, 0, 5, 927>
[D:\KV2006\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200>
[D:\KV2006\EngFace.dll] <Jiangmin Co.Ltd><9.0.0.50809>
[D:\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817>
[D:\KV2006\KvMemory.dll] <Jiangmin Co. Ltd.><9, 0, 6, 0214>
[D:\KV2006\KvOffice.dll] <JiangMin New Tech.><9.0.0.1213>
[D:\KV2006\lang\KVOffice0804.lng] <N/A><N/A>
[D:\KV2006\VirusUpload.dll] <N/A><2, 0, 0, 0>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[D:\KV2006\PProtect.dll] <Jiangmin Co. Ltd.><9.0.0.921>
[PID: 1612][C:\WINDOWS\system32\IEXPLORER.exe] <N/A><N/A>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[PID: 1632][E:\濾鏡\加加\jj4\jjsvr4.exe] <加加開發組><4.0.0.18>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[PID: 1740][D:\KV2006\KVSrvXP.exe] <Jiangmin Co. Ltd><9.2.0.50822>
[D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[D:\KV2006\SvcSafe.dll] <Jiangmin Co. Ltd><9, 2, 0, 51107>
[D:\KV2006\lang\SvcSafe0804.lng] <N/A><N/A>
[D:\KV2006\RegProt.dll] <Jiangmin Co.Ltd><9, 0, 5, 1212>
[D:\KV2006\Scan.dll] <Jiangmin Co., Ltd.><1.0.6.05190>
[D:\KV2006\FileGD.dll] <Jiangmin Co.Ltd><9.2.0.50809>
[D:\KV2006\KvSPI.dll] <Jiangmin Co. Ltd.><1.0.6.06030>
[D:\KV2006\lang\KVSpi0804.lng] <N/A><N/A>
[D:\KV2006\ScanHost.dll] <Jiangmin Co. Ltd><9, 2, 0, 50822>
[D:\KV2006\KVWPSet_1.dll] <Jiangmin Co.Ltd><9, 0, 0, 60220>
[D:\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817>
[D:\KV2006\KVEnhS.dll] <Jiangmin Co., Ltd.><9, 2, 6, 02040>
[D:\KV2006\KVEnhJ.dll] <Jiangmin Co.Ltd><9, 1, 0, 50822>
[D:\KV2006\KVExtCab.dll] <JiangMin Co. Ltd><9, 2, 0, 50822>
[D:\KV2006\KvExtZip.dll] <JiangMin Co Ltd.><9, 2, 0, 50822>
[D:\KV2006\KVExtZ.dll] <Jiangmin Co. Ltd><9.2.0.503>
[D:\KV2006\KVExtTar.dll] <Jiangmin Co. Ltd><9, 2, 0, 50822>
[D:\KV2006\KVExtLZH_1.dll] <JiangMin Co. Ltd.><9, 2, 6, 0316>
[D:\KV2006\KvExtRar_1.dll] <JiangMin Co. Ltd.><9, 2, 6, 04020>
[D:\KV2006\KVExtGz_1.dll] <Jiangmin Co. Ltd><9, 0, 6, 04200>
[D:\KV2006\KVExtEml.dll] <Jiangmin Co. Ltd.><9, 2, 0, 51207>
[D:\KV2006\lang\KVExtEml0804.lng] <N/A><N/A>
[D:\KV2006\KVEnhK.dll] <Jiangmin Co.Ltd><9, 1, 0, 51209>
[D:\KV2006\Fix.dll] <Jiangmin Co.Ltd><9, 2, 0, 51011>
[D:\KV2006\KvCkMail.dll] <N/A><9, 0, 6, 605>
[D:\KV2006\lang\KvMailRes0804.lng] <N/A><N/A>
[PID: 1764][D:\KV2006\kvwsc.exe] <Jiangmin Co.Ltd><9, 0, 5, 908>
[D:\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817>
[D:\KV2006\EngFace.dll] <Jiangmin Co.Ltd><9.0.0.50809>
[D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[PID: 1828][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1856][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1024][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[D:\KV2006\TrojDie.kxp] <Jiangmin Co.Ltd><9.0.6.0413>
[D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[D:\KV2006\lang\TrojDie0804.lng] <Jiangmin Co.Ltd><9.0.0.0813>
[D:\KV2006\GUIExt.dll] <Jiangmin Co.Ltd><9, 0, 5, 927>
[D:\KV2006\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200>
[D:\KV2006\PProtect.dll] <Jiangmin Co. Ltd.><9.0.0.921>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[D:\KV2006\ComUIPS.dll] <Jiangmin Ltd.><9. 5. 5. 20>
[PID: 1724][D:\KV2006\KRegEx.exe] <Jiangmin Co.Ltd><9.0.6.210>
[D:\KV2006\KRegEx.dll] <Jiangmin Co. Ltd.><9.0.6.0119>
[D:\KV2006\KRegTrust.dll] <Jiangmin Co. Ltd.><9.0.0.825>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[PID: 1932][D:\KV2006\UIHost.exe] <Jiangmin Co. Ltd><9.2.0.50822>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[D:\KV2006\ComUI.dll] <Jiangmin Ltd.><9. 0. 0.509>
[D:\KV2006\ComUIPS.dll] <Jiangmin Ltd.><9. 5. 5. 20>
[D:\KV2006\GUIExt.dll] <Jiangmin Co.Ltd><9, 0, 5, 927>
[D:\KV2006\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200>
[PID: 2696][E:\圖像\TheWorld-v1.26\TheWorld.exe] <Phoenix Studio><1, 2, 3, 5>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 3036][E:\安全\FireWall\PFW.exe] <廣州眾達天網技術有限公司><2.7.7.1000>
[E:\安全\FireWall\SKYMISC.DLL] <N/A><N/A>
[E:\安全\FireWall\COMPRESSWRAP.DLL] <N/A><N/A>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[PID: 3108][E:\安全\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG Error. ["regedit.exe" "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS Error. []
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================




A:


1. 使用SREng (相關操作說明)
-刪除以下的啟動項
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<rundll31><C:\WINDOWS\system32\IEXPLORER.exe> []

2. 重新啟動,按F8進入安全模式,刪除以下檔案 (看注1)
C:\WINDOWS\system32\IEXPLORER.exe

注1: 如果找不到以上檔案,先作出以下設定
a) 在 我的電腦 ,點擊 工具--->資料夾選項
b) 點 檢視 選擇項,然後去掉 隱藏受保護的操作系統文件 前的勾,點選 顯示所有文件和資料夾 ,最後 確定
psac 目前離線  
送花文章: 3, 收花文章: 1625 篇, 收花: 3196 次
舊 2006-07-15, 02:58 PM   #13 (permalink)
榮譽會員
 
psac 的頭像
榮譽勳章
UID - 3662
在線等級: 級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時
註冊日期: 2002-12-07
住址: 木柵市立動物園
文章: 17381
現金: 5253 金幣
資產: 33853 金幣
預設

Q:

【求助】C:\WINDOWS\svchost.exe

工作行程中出現這個東西C:\WINDOWS\svchost.exe
無法結束工作行程,也不能刪除,該svchost.exe創建的日期是今天?
註冊表run鍵值中有svc在執行,刪除後自動出現
winlogon.exe在任務管理器中有兩個一個ID 532
一個是744
諾頓一直提示有病毒,但是總殺不玩?
怎麼辦?是中了什麼毒?
2006-07-14,00:06:22

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能

以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<svc><C:\WINDOWS\svchost.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<pdfFactory Dispatcher v1><C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe> [FinePrint Software, LLC]
<ccApp><; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [Symantec Corporation]
<vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe> [Symantec Corporation]
<svc><C:\WINDOWS\svchost.exe> []
<HotKeysCmds><; C:\WINDOWS\system32\hkcmd.exe> [Intel Corporation]
<IgfxTray><; C:\WINDOWS\system32\igfxtray.exe> [Intel Corporation]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<SoundMan><; SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\inituser.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll> [Symantec Corporation]

==================================
啟動資料夾
服務
[Symantec Event Manager / ccEvtMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
<"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch]
<"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[DameWare Mini Remote Control / DWMRCS]
<C:\WINDOWS\SYSTEM32\DWRCS.EXE -service><N/A>
[KDDelegateService / KDDelegateService]
<d:\Program Files\Kingdee\K3ERP\KDDelegateService.exe><KINGDEE>
[SavRoam / SavRoam]
<"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc]
<"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc]
<"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
<"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[VIPTray / VIPTray]
<2 - 系統找不到指定的文件。
><N/A>

==================================
瀏覽器載入項
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v5.dll, >
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IEYHlprObj Class]
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[Webacc Class]
{CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, >
[IEHlprObj Class]
{F5B3ECED-9BF3-4f7e-882B-A6E75343C499} <C:\Progra~1\NetMeeting\netinit.dll, Microsoft Corporation>
[iehelper]
{F651FCAA-F826-4922-8990-C6F99CC67AFC} <C:\WINDOWS\Win32ef.dll, N/A>
[google bar]
{FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A>
[比較購物搜索(&C)]
{A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} <C:\WINDOWS\YayaBands.dll, Eastday Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <, N/A>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v5.dll, >
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[MonitorURL Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A>
[HHCtrl Object]
{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[IEYHlprObj Class]
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation>
[XBTP03129 Class]
{6029B367-250A-4696-925C-641709CA7381} <C:\PROGRA~1\KUAISO~1\KUAISO~1.DLL, N/A>
[Kuaiso Toolsbar]
{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\Kuaiso Toolsbar\kuaiso_06040.dll, N/A>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[estAliveObj Class]
{A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, N/A>
[IEHlprObj Class]
{BA623AA0-9A82-4D0C-944C-0228CEA17780} <C:\Progra~1\Messenger\netshow.dll, N/A>
[Webacc Class]
{CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <, N/A>
[IEHlprObj Class]
{F5B3ECED-9BF3-4F7E-882B-A6E75343C499} <C:\Progra~1\NetMeeting\netinit.dll, Microsoft Corporation>
[iehelper]
{F651FCAA-F826-4922-8990-C6F99CC67AFC} <C:\WINDOWS\Win32ef.dll, N/A>
[google bar]
{FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A>

==================================
正在執行的工作行程
[PID: 664][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 720][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 744][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\NavLogon.dll] <Symantec Corporation><10.0.2.2000>
[PID: 788][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 800][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 968][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1016][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1080][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1132][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1168][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1328][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] <Symantec Corporation><103.5.6.3>
[PID: 1356][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.5.6.3>
[C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\BB.DLL] <Symantec Corporation><1,5,1,3>
[C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL] <Symantec Corporation><1,5,1,3>
[C:\Program Files\Common Files\Symantec Shared\ccSet.dll] <Symantec Corporation><103.5.6.3>
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL] <Symantec Corporation><103.5.6.3>
[PID: 1664][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\fppmon1.dll] <FinePrint Software, LLC><1.17>
[C:\WINDOWS\system32\fppr132.dll] <FinePrint Software, LLC><1.17>
[PID: 1804][C:\Program Files\Symantec AntiVirus\DefWatch.exe] <Symantec Corporation><10.0.2.2000>
[PID: 1828][C:\WINDOWS\SYSTEM32\DWRCS.EXE] <N/A><N/A>
[PID: 1956][C:\Program Files\Symantec AntiVirus\SavRoam.exe] <symantec><10.0.2.2000>
[C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll] <Symantec Corporation><10.0.2.2000>
[C:\WINDOWS\system32\CBA.DLL] <LANDesk Software Ltd.><6.12.0.140 E>
[C:\WINDOWS\system32\MsgSys.dll] <LANDesk Software Ltd.><6.12.0.140 E>
[C:\WINDOWS\system32\NTS.dll] <LANDesk Software Ltd.><6.12.0.141 E>
[C:\WINDOWS\system32\PDS.DLL] <LANDesk Software Ltd.><6.12.0.140 E>
[c:\program files\common files\symantec shared\ssc\ScsComms.dll] <Symantec Corporation><10.0.2.2000>
[PID: 244][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\hpwx3770.dll] <Hewlett-Packard><3.2.2.674>
[C:\WINDOWS\system32\hpgt3770.dll] <Hewlett-Packard><1.0.2.682>
[PID: 328][C:\Program Files\Symantec AntiVirus\Rtvscan.exe] <Symantec Corporation><10.0.2.2000>
[C:\WINDOWS\system32\CBA.DLL] <LANDesk Software Ltd.><6.12.0.140 E>
[C:\WINDOWS\system32\MsgSys.dll] <LANDesk Software Ltd.><6.12.0.140 E>
[C:\WINDOWS\system32\NTS.dll] <LANDesk Software Ltd.><6.12.0.141 E>
[C:\WINDOWS\system32\PDS.DLL] <LANDesk Software Ltd.><6.12.0.140 E>
[C:\Program Files\Symantec AntiVirus\NAVLU.dll] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL] <Symantec Corporation><10.0.2.2000>
[c:\program files\common files\symantec shared\ssc\ScsComms.dll] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Symantec AntiVirus\I2ldvp3.dll] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccDec.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll] <Symantec Corporation><3.02.14.03>
[C:\Program Files\Common Files\Symantec Shared\ccScan.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL] <Symantec Corporation><51.2.0.12>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060712.021\ccEraser.dll] <Symantec Corporation><106.1.5.2>
[C:\Program Files\Symantec AntiVirus\DefUtDCD.dll] <Symantec Corporation><3.1.13a.0>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060712.021\ecmsvr32.dll] <Symantec Corporation><61.1.0.11>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060712.021\NAVEX32a.DLL] <Symantec Corporation><20061.1.0.14>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060712.021\NAVENG32.DLL] <Symantec Corporation><20061.1.0.14>
[C:\Program Files\Symantec AntiVirus\NAVAP32.DLL] <Symantec Corporation><9.7.0.10>
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] <Symantec Corporation><9.7.0.10>
[C:\Program Files\Symantec AntiVirus\IMail.dll] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Symantec AntiVirus\NotesExt.dll] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Symantec AntiVirus\vpmsece3.dll] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll] <Symantec Corporation><1,5,1,3>
[C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><10.0.2.2000>
[PID: 592][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2976][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><7.0.5.2005092300>
[C:\WINDOWS\system32\svchost.dll] <><1, 0, 0, 1>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[C:\WINDOWS\system32\igfxpph.dll] <Intel Corporation><3.0.0.3847>
[C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.3847>
[C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.3847>
[C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.3847>
[C:\WINDOWS\system32\igfxdev.dll] <Intel Corporation><3.0.0.3847>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><10.0.2.2000>
[C:\WINDOWS\system32\igfxress.dll] <Intel Corporation><3.0.0.3847>
[C:\WINDOWS\system32\xunleibho_v5.dll] <><4, 3, 3, 30>
[C:\WINDOWS\Win32ef.dll] <N/A><N/A>
[C:\WINDOWS\vwwreg.dll] <N/A><N/A>
[PID: 3112][C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe] <FinePrint Software, LLC><1.17>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppr132.dll] <FinePrint Software, LLC><1.17>
[PID: 3128][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.5.6.3>
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL] <Symantec Corporation><103.5.6.3>
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL] <Symantec Corporation><103.5.6.3>
[C:\WINDOWS\system32\SYMREDIR.DLL] <Symantec Corporation><6.0.1.105>
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] <Symantec Corporation><103.5.6.3>
[C:\Program Files\Symantec AntiVirus\SavEmail.dll] <Symantec Corporation><10.0.2.2000>
[PID: 3144][C:\PROGRA~1\SYMANT~1\VPTray.exe] <Symantec Corporation><10.0.2.2000>
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] <Symantec Corporation><9.7.0.10>
[C:\Program Files\Symantec AntiVirus\Cliproxy.dll] <Symantec Corporation><10.0.2.2000>
[C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL] <Symantec Corporation><10.0.2.2000>
[c:\program files\common files\symantec shared\ssc\ScsComms.dll] <Symantec Corporation><10.0.2.2000>
[C:\WINDOWS\system32\nts.dll] <LANDesk Software Ltd.><6.12.0.141 E>
[C:\WINDOWS\system32\cba.dll] <LANDesk Software Ltd.><6.12.0.140 E>
[C:\WINDOWS\system32\MsgSys.dll] <LANDesk Software Ltd.><6.12.0.140 E>
[C:\WINDOWS\system32\PDS.DLL] <LANDesk Software Ltd.><6.12.0.140 E>
[PID: 3168][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3336][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2384][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 532][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2644][C:\WINDOWS\system32\rdpclip.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3472][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 3632][C:\WINDOWS\system32\taskmgr.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 184][C:\WINDOWS\regedit.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3108][C:\DOCUME~1\wangquan\LOCALS~1\Temp\Rar$EX00.016\PrcView.exe] <PrcView><3.7.3.1>
[PID: 3796][C:\WINDOWS\svchost.exe] <N/A><N/A>
[PID: 3560][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A>
[PID: 3072][C:\DOCUME~1\wangquan\LOCALS~1\Temp\Rar$EX00.079\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================




A:


用sreng刪除啟動專案
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<svc><C:\WINDOWS\svchost.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<svc><C:\WINDOWS\svchost.exe> []

重啟後在安全模式刪除
C:\WINDOWS\svchost.exe
如果刪除不了 請下載killbox強制刪除


除了上述問題外,還有以下需要處理的

建議修復操作時關閉其他所有的無關程式,包括IE瀏覽器等,建議將以下內容複製貼上去到記事本然後儲存以便操作。

請執行剛才用來做智慧式掃瞄的工具SREng,
在系統修復->瀏覽器載入項裡,勾選並b]刪除以下內容 ,都是些流氓軟件

[IEYHlprObj Class]
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[Webacc Class]
{CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, >
[IEHlprObj Class]
{F5B3ECED-9BF3-4f7e-882B-A6E75343C499} <C:\Progra~1\NetMeeting\netinit.dll, Microsoft Corporation>
[iehelper]
{F651FCAA-F826-4922-8990-C6F99CC67AFC} <C:\WINDOWS\Win32ef.dll, N/A>
[google bar]
{FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A>
[比較購物搜索(&C)]
{A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} <C:\WINDOWS\YayaBands.dll, Eastday Corporation>
[MonitorURL Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, N/A>
[IEYHlprObj Class]
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation>
[XBTP03129 Class]
{6029B367-250A-4696-925C-641709CA7381} <C:\PROGRA~1\KUAISO~1\KUAISO~1.DLL, N/A>
[Kuaiso Toolsbar]
{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\Kuaiso Toolsbar\kuaiso_06040.dll, N/A>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[estAliveObj Class]
{A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, N/A>
[IEHlprObj Class]
{BA623AA0-9A82-4D0C-944C-0228CEA17780} <C:\Progra~1\Messenger\netshow.dll, N/A>
[Webacc Class]
{CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <, N/A>
[IEHlprObj Class]
{F5B3ECED-9BF3-4F7E-882B-A6E75343C499} <C:\Progra~1\NetMeeting\netinit.dll, Microsoft Corporation>
[iehelper]
{F651FCAA-F826-4922-8990-C6F99CC67AFC} <C:\WINDOWS\Win32ef.dll, N/A>
[google bar]
{FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A>
psac 目前離線  
送花文章: 3, 收花文章: 1625 篇, 收花: 3196 次
舊 2006-07-20, 07:41 PM   #14 (permalink)
榮譽會員
 
psac 的頭像
榮譽勳章
UID - 3662
在線等級: 級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時
註冊日期: 2002-12-07
住址: 木柵市立動物園
文章: 17381
現金: 5253 金幣
資產: 33853 金幣
預設

Q:

【求助】工作裡的RUNDLL32.EXE圖示變大變花了?病毒嗎?

以前也有過這樣的例子。RUNDLL32.EXE圖示變大變花了以後,桌面的圖示也變花了,接著感染了所有EXE文件和RAR文件,殺不了,後來只有格了硬碟。這次又出現了,好怕啊。
我掃瞄的系統報告:

2006-07-19,13:41:18

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Advanced Server Service Pack 4 (Build 2195)
- 管理權限用戶 - 完整功能

以下內容被選:
所有的啟動項目(包括註冊表、啟動檔案夾、服務等)
瀏覽器載入項
正在執行的工作(包括工作模組訊息)
文件關聯


啟動項目
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<ShStatEXE><"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE>

[Network Associates, Inc.]
<McAfeeUpdaterUI><"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"

/StartedFromRunKey> [Network Associates, Inc.]
<Network Associates Error Reporting Service><"C:\Program Files\Common Files\Network

Associates\TalkBack\TBMon.exe"> [Network Associates, Inc.]
<!ewido><"E:\ewido anti-spyware 4.0\ewido.exe" /minimized> [Anti-Malware Development

a.s.]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>

[RealNetworks, Inc.]
<Update><C:\Program Files\Common Files\UPDAT\Update.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINNT\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><E:\ewido anti-spyware

4.0\shellexecutehook.dll> [Anti-Malware Development a.s.]

==================================
啟動檔案夾
服務
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINNT\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
<C:\WINNT\system32\ati2sgag.exe><>
[Logical Disk Manager Administrative Service / dmadmin]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard]
<E:\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.>
[McAfee Framework 服務 / McAfeeFramework]
<C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

/ServiceStart><Network Associates, Inc.>
[Network Associates McShield / McShield]
<"C:\Program Files\Network Associates\VirusScan\Mcshield.exe"><Network Associates, Inc.>
[Network Associates Task Manager / McTaskManager]
<"C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"><Network Associates, Inc.>
[Security Machine Manager / MouTALS]
<C:\WINNT\SYSTEM32\RUNDLL32.EXE C:\WINNT\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[Ulead Burning Helper / UleadBurningHelper]
<C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>

==================================
瀏覽器載入項
[]
{01A7A372-71E8-4022-9D76-B66BECF71A2E} <C:\WINNT\system32\IEBHOGET.dll, N/A>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder

Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[NewWebController Class]
{9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINNT\system32\AdvSC.dll, N/A>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINNT\system32\WinSC.dll, N/A>
[QuickBtn]
{D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} <C:\Program Files\CoolWebsite\QuickLink.dll,

Fengcent>
[DuiSo.com Search]
{E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINNT\system32\Inte32.dll, N/A>
[QuickBtn]
{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll,

Fengcent>
[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,電台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft

Corporation>
[WebActivater Control]
{3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINNT\system32\WEBACT~1.OCX, QQ>
[InfoSecNetSign Class]
{62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINNT\DOWNLO~1\NetSign.dll, Infosec

Technologies Co., Ltd.>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINNT\DOWNLO~1\SUBMIT~1.DLL, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8b.ocx,

Macromedia, Inc.>
[IcbcSsl快取CleanerCtrl Class]
{E9707834-5BF7-4CFF-A639-398427DE1991} <C:\WINNT\Downloaded Program

Files\IcbcSsl快取Cleaner.dll, 中國工商銀行>
[&使用迅雷下載]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下載全部連接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>

==================================
正在執行的工作
[PID: 176][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 200][\??\C:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 220][\??\C:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6997>
[C:\WINNT\system32\Ati2evxx.dll] <ATI Technologies Inc.><6.14.10.4117>
[PID: 248][C:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.7035>
[C:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[PID: 260][C:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.7011>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[PID: 368][C:\WINNT\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4117>
[C:\WINNT\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2497>
[PID: 456][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[PID: 488][C:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.7059>
[PID: 536][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[PID: 576][C:\WINNT\System32\llssrv.exe] <Microsoft Corporation><5.00.2195.7021>
[PID: 608][C:\Program Files\Network Associates\Common Framework\FrameworkService.exe]

<Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\nailog.dll] <Network Associates,

Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\naXML.dll] <Network Associates,

Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] <Network

Associates, Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\applib.dll] <Network Associates,

Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\Logging.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\InternetManager.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\naInet.dll] <Network Associates,

Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\UserSpace.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll]

<Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\Management.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\cmalib.dll] <Network Associates,

Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\Scheduler.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\TCSubSys.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[PID: 660][C:\Program Files\Network Associates\VirusScan\Mcshield.exe] <Network

Associates, Inc.><8.0.0.309>
[C:\Program Files\Network Associates\VirusScan\Res04\McShield.DLL] <Network

Associates, Inc.><8.0.0.251>
[C:\Program Files\Network Associates\VirusScan\FTL.Dll] <Network Associates,

Inc.><8.0.0.135>
[C:\Program Files\Network Associates\VirusScan\naiann.dll] <Network Associates,

Inc.><8.0.0.308>
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] <Network Associates,

Inc.><8.0.0.316>
[C:\Program Files\Network Associates\Common Framework\GenEvtInf.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\VirusScan\NaEventU.DLL] <Network Associates,

Inc.><8.0.0.342>
[C:\Program Files\Network Associates\VirusScan\Res04\naEvtRes.dll] <Network

Associates, Inc.><8.0.0.342>
[C:\Program Files\Network Associates\VirusScan\VSIDSvr.dll] <Network Associates,

Inc.><8.0.0.291>
[C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll]

<Network Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\VirusScan\EntSrv.Dll] <Network Associates,

Inc><8.0.0.448>
[PID: 676][C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe] <Network

Associates, Inc.><8.0.0.1002>
[C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] <Network Associates,

Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\naiwmain.dll] <Network Associates,

Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\naicondl.dll] <Network Associates,

Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\RES04\VsTskMgr.dll] <Network

Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\MIDUtil.Dll] <McAfee, Inc.><8.0.0.152>
[PID: 740][C:\WINNT\SYSTEM32\RUNDLL32.EXE] <Microsoft Corporation><5.00.2134.1>
[PID: 748][C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe] <Network Associates,

Inc.><3.5.0.412>
[C:\PROGRA~1\NETWOR~1\COMMON~1\nailog.dll] <Network Associates, Inc.><3.5.0.474>
[C:\PROGRA~1\NETWOR~1\COMMON~1\naCmnLib.dll] <Network Associates, Inc.><3.5.0.474>
[C:\PROGRA~1\NETWOR~1\COMMON~1\naXML.dll] <Network Associates, Inc.><3.5.0.474>
[C:\PROGRA~1\NETWOR~1\COMMON~1\0804\AgentRes.dll] <Network Associates,

Inc.><3.5.0.412>
[C:\Program Files\Network Associates\VirusScan\VsPlugin.dll] <Network Associates,

Inc.><8.0.0.981>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[PID: 812][C:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701>
[PID: 828][C:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6972>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[PID: 840][C:\WINNT\system32\stisvc.exe] <Microsoft Corporation><5.00.2195.6656>
[C:\WINNT\system32\VM31bSTI.dll] <VM><4.2.510.21>
[PID: 932][C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe] <Ulead Systems,

Inc.><1, 0, 0, 4>
[PID: 952][C:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100>
[PID: 984][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[PID: 1020][C:\WINNT\system32\inetsrv\inetinfo.exe] <Microsoft Corporation><5.00.0984>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[PID: 1056][C:\WINNT\system32\msdtc.exe] <Microsoft Corporation><1999.9.3421.3>
[PID: 1596][C:\WINNT\System32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[PID: 1432][C:\WINNT\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4117>
[C:\WINNT\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2497>
[PID: 1380][C:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[E:\ewido anti-spyware 4.0\shellexecutehook.dll] <Anti-Malware Development a.s.><4, 0,

0, 172>
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder

Networking Technologies,LTD><5, 0, 0, 1>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\Network Associates\VirusScan\shext.dll] <Network Associates,

Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\RES04\ShExtRes.dll] <Network

Associates, Inc.><8.0.0.912>
[PID: 1812][C:\WINNT\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.30>
[PID: 1820][C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE] <Network Associates,

Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] <Network Associates,

Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\naiwmain.dll] <Network Associates,

Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\RES04\shstat.dll] <Network Associates,

Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\RES04\Product.dll] <Network Associates,

Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\RES04\McShield.dll] <Network

Associates, Inc.><8.0.0.251>
[C:\Program Files\Network Associates\VirusScan\RES04\Shutilrc.dll] <Network

Associates, Inc.><8.0.0.912>
[C:\Program Files\Network Associates\VirusScan\Graphics.dll] <Network Associates,

Inc.><8.0.0.912>
[PID: 1828][C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\nailog.dll] <Network Associates,

Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] <Network

Associates, Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\naXML.dll] <Network Associates,

Inc.><3.5.0.474>
[C:\Program Files\Network Associates\Common Framework\0804\UpdRes.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] <Network

Associates, Inc.><3.5.0.412>
[C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll]

<Network Associates, Inc.><3.5.0.412>
[PID: 1836][C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe] <Network

Associates, Inc.><2.0.275.0>
[PID: 1916][E:\ewido anti-spyware 4.0\ewido.exe] <Anti-Malware Development a.s.><4, 0, 0,

172>
[E:\ewido anti-spyware 4.0\engine.dll] <Anti-Malware Development a.s.><4, 0, 0, 172>
[PID: 1924][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks,

Inc.><0.1.0.3510>
[PID: 1960][C:\WINNT\system32\dllhost.exe] <Microsoft Corporation><5.00.2195.6692>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] <Network Associates,

Inc.><8.0.0.992>
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] <Network Associates,

Inc.><8.0.0.316>
[C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll] <Network

Associates, Inc.><8.0.0.251>
[C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll] <McAfee,

Inc.><4.4.00>
[PID: 2048][C:\WINNT\system32\dllhost.exe] <Microsoft Corporation><5.00.2195.6692>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[PID: 2136][C:\DOCUME~1\lxy\LOCALS~1\Temp\M2Server.exe] <亞盟網路><1.0.0.1>
[D:\MirServer\Mir200\IPLocal.dll] <N/A><N/A>
[D:\MirServer\Mir200\M2Server.dll] <N/A><N/A>
[D:\MirServer\Mir200\zPlugOfEngine.dll] <N/A><N/A>
[C:\Program Files\Common Files\Borland Shared\BDE\IDAPI32.DLL] <N/A><N/A>
[C:\Program Files\Common Files\Borland Shared\BDE\IDR20009.DLL] <N/A><N/A>
[C:\Program Files\Common Files\Borland Shared\BDE\BANTAM.DLL] <N/A><N/A>
[C:\Program Files\Common Files\Borland Shared\BDE\idsql32.DLL] <N/A><N/A>
[C:\Program Files\Common Files\Borland Shared\BDE\IDPDX32.DLL] <N/A><N/A>
[C:\Program Files\Common Files\Borland Shared\BDE\idbat32.DLL] <N/A><N/A>
[PID: 2196][C:\WINNT\system32\mdm.exe] <Microsoft Corporation><6.00.8424>
[PID: 2168][D:\MirServer\xysrvII.exe] <N/A><N/A>
[C:\Program Files\Common Files\Borland Shared\BDE\IDAPI32.DLL] <N/A><N/A>
[C:\Program Files\Common Files\Borland Shared\BDE\IDR20009.DLL] <N/A><N/A>
[C:\Program Files\Common Files\Borland Shared\BDE\BANTAM.DLL] <N/A><N/A>
[C:\Program Files\Common Files\Borland Shared\BDE\IDPDX32.DLL] <N/A><N/A>
[PID: 652][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft

Corporation><6.00.2800.1106>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[C:\WINNT\system32\IEBHOGET.dll] <N/A><N/A>
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder

Networking Technologies,LTD><5, 0, 0, 1>
[C:\Program Files\CoolWebsite\QuickLink.dll] <Fengcent><1, 0, 0, 2>
[C:\WINNT\system32\Inte32.dll] <N/A><N/A>
[C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] <Network Associates,

Inc.><8.0.0.992>
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] <Network Associates,

Inc.><8.0.0.316>
[C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll] <Network

Associates, Inc.><8.0.0.251>
[C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll] <McAfee,

Inc.><4.4.00>
[PID: 1720][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft

Corporation><6.00.2800.1106>
[C:\WINNT\system32\EntApi.dll] <Network Associates, Inc><8.0.0.448>
[C:\WINNT\system32\IEBHOGET.dll] <N/A><N/A>
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder

Networking Technologies,LTD><5, 0, 0, 1>
[C:\Program Files\CoolWebsite\QuickLink.dll] <Fengcent><1, 0, 0, 2>
[C:\WINNT\system32\Inte32.dll] <N/A><N/A>
[PID: 2516][C:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655>
[PID: 2532][C:\DOCUME~1\lxy\LOCALS~1\Temp\Rar$EX00.719\SREng2\SREng.exe] <Smallfrogs

Studio><2.0.21.505>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者



A:


使用SREng (相關操作說明)一樓
-移除以下的啟動項
[RealNetworks, Inc.]
<Update><C:\Program Files\Common Files\UPDAT\Update.exe> []

-移除以下瀏覽器載入項
[]
{01A7A372-71E8-4022-9D76-B66BECF71A2E} <C:\WINNT\system32\IEBHOGET.dll, N/A>
[NewWebController Class]
{9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINNT\system32\AdvSC.dll, N/A>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINNT\system32\WinSC.dll, N/A>
[QuickBtn]
{D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} <C:\Program Files\CoolWebsite\QuickLink.dll,
Fengcent>
[DuiSo.com Search]
{E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINNT\system32\Inte32.dll, N/A>
[QuickBtn]
{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll,
Fengcent>
[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >


你中的是Worm.Viking....試試用瑞星提供的Worm.Viking專殺工具
http://it.rising.com.cn/service/tech...RavVikiing.htm
psac 目前離線  
送花文章: 3, 收花文章: 1625 篇, 收花: 3196 次
舊 2006-07-20, 07:43 PM   #15 (permalink)
榮譽會員
 
psac 的頭像
榮譽勳章
UID - 3662
在線等級: 級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時
註冊日期: 2002-12-07
住址: 木柵市立動物園
文章: 17381
現金: 5253 金幣
資產: 33853 金幣
預設

Q:
為什麼老是彈出廣告網頁

明明用清理LJ軟體清理過一次了 可是還是有廣告網頁自動彈出來 我的MM現在很鬱悶 大家幫幫忙啦~~~~~


A:
請用 System Repair Engineer 掃瞄一個log貼上來。
1 解壓縮Sreng2.zip
2 執行Sreng2.exe
3 智能掃瞄——掃瞄——儲存報告
4 把日誌sreng.log中的報告內容完整拷貝貼上來,不要修改。
掃瞄時請關閉所有你手動開啟的程序
sreng操作和修復教學


Q:

啟動項目
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [Microsoft Corporation]
<pbmini><D:\Program Files\pcast\PodcastbarMini\PodcastBarMiniStarter.exe> []
<MyShares><c:\program Files\易虎\MyShares.exe /tray> []
<MSNShell><D:\Program Files\MSNShell\BIN\MSNShell.exe autorun> []
<msnnt><C:\WINDOWS\Updatec.exe> []
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
<VoipDiscount><"d:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized> [VoipDiscount]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<spoolsv><C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer> [廣州傲訊訊息科技有限公司]
<Update><C:\Program Files\Common Files\UPDAT\Update.exe> []
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> []
<Thunder><"d:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s> []
<sysservice><C:\DOCUME~1\Admin\LOCALS~1\Temp\servicea.exe> []
<supdate2.dll><RUNDLL32.EXE C:\WINDOWS\system32\supdate2.dll,Run> []
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<res><C:\WINDOWS\system32\res.exe> []
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC> []
<KAVPersonal50><"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize> []
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [Intel Corporation]
<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [Intel Corporation]
<BIE><Rundll32 C:\WINDOWS\DOWNLO~1\BDPlugin.dll,Rundll32> []
<bgoomain.exe><C:\PROGRA~1\baigoo\bgoomain.exe> [BGoo]
<AddrPlus3><C:\PROGRA~1\TENCENT\Adplus\stup.exe C:\PROGRA~1\TENCENT\Adplus\Adplus.dll Rundll32> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<C:\PROGRA~1\baigoo\plugin\bgoocos\bgoocos.dll><regsvr32 /s C:\PROGRA~1\baigoo\plugin\bgoocos\bgoocos.dll> [BAIGOO]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{B83FC273-3522-4CC6-92EC-75CC86678DA4}><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<Vision><C:\PROGRA~1\MMSASS~1\Mmsass~1.dll> []

==================================
啟動檔案夾
[WinBrowse]
<C:\Documents and Settings\Admin\「開始」表單\程序\啟動\WinBrowse.lnk><N>

==================================
服務
[Server2.03 / 2.03]
<C:\WINDOWS\G_Server2.03.exe><N/A>
[NT Data Provider / MOVEESS]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>

==================================
瀏覽器載入項
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[CPub Object]
{0CA51D02-7739-43EA-8D9A-1E8AD4327B03} <d:\Program Files\P4P\sodaie.dll, N/A>
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, Allsum Info. Tech. Ltd.>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\Program Files\BAIDU\BAR\BAIDUBAR.DLL, Baidu.com, Inc.>
[Status Class]
{7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\Program Files\baigoo\BGooBHO.dll, >
[ST]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} <C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation>
[NewWebController Class]
{9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINDOWS\system32\WinSC.dll, N/A>
[MSNToolBandBHO]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll, Microsoft Corporation>
[免費精彩視瀕超流暢在線觀看]
{022C4009-5283-4365-97BF-144054B40E2E} <http://itv.mop.com, N/A>
[浩方對戰平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <D:\Program Files\浩方對戰平台\GameClient.exe, N/A>
[訊息檢索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll, Microsoft Corporation>
[MMCPlayer Class]
{05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[CPub Object]
{0CA51D02-7739-43EA-8D9A-1E8AD4327B03} <d:\Program Files\P4P\sodaie.dll, N/A>
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, Allsum Info. Tech. Ltd.>
[QuickBtn]
{1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[MMSAssist BHO]
{6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, N/A>
[stdup]
{6A512BF7-EC78-4E8D-9841-6C02E8FA9838} <C:\WINDOWS\SYSTEM32\stdup.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\Program Files\BAIDU\BAR\BAIDUBAR.DLL, Baidu.com, Inc.>
[Status Class]
{7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\Program Files\baigoo\BGooBHO.dll, >
[Microsoft Web 瀏覽器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[ST]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} <C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation>
[NewWebController Class]
{9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINDOWS\system32\WinSC.dll, N/A>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll, Microsoft Corporation>
[MSNToolBandBHO]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[pCastPanel Class]
{FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <C:\WINDOWS\system32\pCastCtl.dll, >
[ >> 彩信傳送 <<]
<res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A>
[>>彩信傳送<<]
<res://C:\Program Files\MMSAssist\Mmsass~1.dll/mms.htm, N/A>
[上傳到QQ網路硬碟]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[增加到QQ自訂面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[增加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信傳送該圖片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在執行的工作
[PID: 568][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 640][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 664][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 708][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 720][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 868][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 912][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 984][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1036][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1152][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1284][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[C:\WINDOWS\system32\ZLhp1020.DLL] <Zenographics, Inc.><5, 53, 2714, 0>
[C:\WINDOWS\system32\ZLM.dll] <Zenographics, Inc.><5, 50, 1416, 0>
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL] <Zenographics, Inc.><5, 54, 330, 0>
[C:\WINDOWS\system32\Imf32.dll] <Zenographics, Inc.><5, 60, 1204, 0>
[C:\WINDOWS\system32\ZTAG32.dll] <Zenographics, Inc.><5, 60, 1210, 0>
[C:\WINDOWS\system32\ZSPOOL.dll] <Zenographics, Inc.><5, 51, 709, 0>
[PID: 1644][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[C:\WINDOWS\system32\msicn\msibm.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\igfxpph.dll] <Intel Corporation><3.0.0.3924>
[C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.3924>
[C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.3924>
[C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.3924>
[C:\WINDOWS\system32\igfxdev.dll] <Intel Corporation><3.0.0.3924>
[C:\WINDOWS\system32\msicn\plugins\bse.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\msicn\plugins\lup.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\msicn\plugins\bm.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\msicn\plugins\as.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\igfxress.dll] <Intel Corporation><3.0.0.3924>
[PID: 1764][C:\DOCUME~1\Admin\LOCALS~1\Temp\servicea.exe] <N/A><N/A>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[PID: 1780][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.30>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[PID: 1836][C:\WINDOWS\system32\hkcmd.exe] <Intel Corporation><3.0.0.3924>
[C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.3924>
[C:\WINDOWS\system32\igfxdev.dll] <Intel Corporation><3.0.0.3924>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.3924>
[C:\WINDOWS\system32\igfxhk.dll] <Intel Corporation><3.0.0.3924>
[C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.3924>
[PID: 1844][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[PID: 1852][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[C:\WINDOWS\system32\msicn\msibm.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1>
[PID: 1860][C:\Program Files\MSN Messenger\msnmsgr.exe] <Microsoft Corporation><7.5.0324>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\WINDOWS\system32\msicn\msibm.dll] <廣州傲訊訊息科技有限公司><2, 0, 0, 1>
[PID: 1888][C:\Program Files\Messenger\msmsgs.exe] <Microsoft Corporation><4.7.3001>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[PID: 188][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] <Microsoft Corporation><7.00.9466>
[PID: 508][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[PID: 900][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3200][C:\Program Files\baigoo\bgoomain.exe] <BGoo><1, 0, 0, 1006>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\Program Files\baigoo\bgooex.dll] <><1, 0, 0, 1007>
[PID: 1708][D:\Program Files\Tencent\QQ\QQ.exe] <TENCENT><0, 0, 0, 0>
[D:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QQHelperDll.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\BasicCtrlDll.dll] <Tencent><5, 0, 200, 160>
[C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[D:\Program Files\Tencent\QQ\QQAPI.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[D:\Program Files\Tencent\QQ\LoginCtrl.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 3, 2, 1>
[D:\Program Files\Tencent\QQ\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[D:\Program Files\Tencent\QQ\QQRes.dll] <tencent><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QQMainFrame.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\CQQApplication.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\NewSkin.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\HostingMgr.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\CameraDll.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\MailSummary.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QQGroupMng.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\GroupLive.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\UserDefinedHead.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QQPlugin.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QQConfigPlugin.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QQSysMsgMng.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QRingMng.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\PhoneAPI.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[D:\Program Files\Tencent\QQ\QQAvatar.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\FlashAvatarDll.dll] <><1, 4, 0, 1>
[D:\Program Files\Tencent\QQ\LongConnection.dll] <tencent><5, 0, 200, 160>
[D:\Program Files\Tencent\QQ\QQPet.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\BQQApplication.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QQFileTransfer.dll] <Tencent><5, 0, 202, 180>
[D:\Program Files\Tencent\QQ\CommercesMng.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\PersonalDesktop.dll] <深圳市騰訊電腦系統公司QQ工作小組><1, 0, 0, 2>
[D:\Program Files\Tencent\QQ\QQAddr.dll] <深圳市騰訊電腦系統有限公司><5, 0, 101, 200>
[D:\Program Files\Tencent\QQ\QQSceneMng.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QQPhoneHelper.dll] <騰訊科技(深圳)有限公司><2, 0, 4, 40>
[D:\Program Files\Tencent\QQ\QQAllInOne.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\SCCore.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QQCustomFace.dll] <N/A><N/A>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清華紫光軟體股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\upengine.dll] <北京清華紫光軟體股份有限公司><3.0.0.3045>
[D:\Program Files\Tencent\QQ\GroupConnection.dll] <Tencent><5, 0, 202, 170>
[D:\Program Files\Tencent\QQ\ImageOle.dll] <TODO: <Company name>><1.0.0.1>
[D:\Program Files\Tencent\QQ\QQZip.dll] <tencent><0, 3, 2, 4>
[C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax] <N/A><N/A>
[C:\WINDOWS\system32\l3codecx.ax] <Fraunhofer Institut Integrierte Schaltungen IIS><1, 5, 0, 50>
[D:\Program Files\Tencent\QQ\QQMagicFace.dll] <><1, 0, 0, 1>
[PID: 2280][D:\Program Files\Tencent\QQ\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[D:\Program Files\Tencent\QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 2912][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3656][D:\Program Files\Maxthon\Maxthon.exe] <Maxthon International Ltd.><1, 5, 6, 42>
[D:\Program Files\Maxthon\maxzlib.dll] < ><1, 0, 0, 2>
[C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[C:\WINDOWS\system32\wmpdrm.dll] <Allsum Info. Tech. Ltd.><2, 0, 0, 1>
[C:\PROGRA~1\baigoo\bgook.dll] <BAIGOO.COM><1, 0, 0, 1007>
[C:\PROGRA~1\baigoo\plugin\bgoobar\bgoobar.dll] <BAIGOO><1, 0, 0, 1007>
[C:\PROGRA~1\baigoo\plugin\bgoocos\bgoocos.dll] <BAIGOO><1.0.0.1007>
[D:\Program Files\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清華紫光軟體股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\upengine.dll] <北京清華紫光軟體股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 4004][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A>
[C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[PID: 2124][C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.984\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\Program Files\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] <><1, 0, 1, 1>
[PID: 1776][C:\WINDOWS\system32\zshp1020.exe] <><1, 0, 1007, 0>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]


A:


<sysservice><C:\DOCUME~1\Admin\LOCALS~1\Temp\servicea.exe>
<res><C:\WINDOWS\system32\res.exe>
<supdate2.dll><RUNDLL32.EXE C:\WINDOWS\system32\supdate2.dll,Run>
<Vision><C:\PROGRA~1\MMSASS~1\Mmsass~1.dll>
<C:\WINDOWS\G_Server2.03.exe><N/A>
[NT Data Provider / MOVEESS]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087>

有問題
psac 目前離線  
送花文章: 3, 收花文章: 1625 篇, 收花: 3196 次
 


主題工具
顯示模式

發表規則
不可以發文
不可以回覆主題
不可以上傳附加檔案
不可以編輯您的文章

論壇啟用 BB 語法
論壇啟用 表情符號
論壇啟用 [IMG] 語法
論壇禁用 HTML 語法
Trackbacks are 禁用
Pingbacks are 禁用
Refbacks are 禁用


所有時間均為台北時間。現在的時間是 03:33 PM


Powered by vBulletin® 版本 3.6.8
版權所有 ©2000 - 2019, Jelsoft Enterprises Ltd.


SEO by vBSEO 3.6.1