瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » SOS!!!!急救!!!!老鸟帮手救爱机!!!!【求助】
风之祭奠曲 - 2006-1-3 15:00:00
我的机子不知中了什么病毒~~~进程上经常有个叫sfx.exe和netdrvr.exe的进程在运行,结束后自己会启动。我用毒霸扫过了~~~没事~~~但经常机子会出现假死和自动重启=现象。求各位帮下手~~小弟感激ing~~~
附:日志
HijackThis_zww汉化版扫描日志 V1.99.1
保存于      15:00:00, 日期 2006-1-3
操作系统:  Windows XP SP1 (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\KAV2006\KWatch.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\KAV2006\KPfwSvc.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\KAV2006\KAVStart.exe
D:\eMule\eMule.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\WINDOWS\system32\netdrvr.exe
C:\Program Files\Thunder Network\Thunder\Thunder.exe
C:\Program Files\浩方对战平台\GameClient.exe
C:\Program Files\Tencent\TT\TTraveler.exe
C:\Documents and Settings\McDyess\桌面\防毒\HijackThis1[1].99.1\HijackThis1991zww.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v8.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\System32\jkhgh.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: (no name) - {c82401d8-7d2f-43c4-bdfe-00320c008982} - C:\WINDOWS\System32\sompluex.dll
O2 - BHO: Bho Class - {EFDAC3FE-F44A-4030-8589-1E23BC6573D5} - C:\WINDOWS\System32\tkvpqinw.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - 启动项HKLM\\Run: [KavStart] "C:\KAV2006\KAVStart.exe" -startup
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\sfx.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule\eMule.exe -AutoStart
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 下载页面上的ED2(&K)链接 - d:\eMule\ed2k.html
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\浩方对战平台\GameClient.exe
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O11 - Options group: [TBH] QQ地址栏搜索
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128478002876
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128477984579
O16 - DPF: {7A818607-0D4D-4C09-AB73-E4FC105FD9C3} (Web800 Control) - http://radio.cga.com.cn/mdc800.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
O16 - DPF: {98A62E3F-A8C5-4EF0-8A00-C70CF9D18A89} (LoaderCore Class) - http://tb.sogou.com/DLLoader.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.zango.com/GetZango/Download/zangoax.cab
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: efedb - efedb.dll (file missing)
O20 - Winlogon Notify: jkhgh - C:\WINDOWS\System32\jkhgh.dll
O23 - NT 服务: BoolTern - Unknown owner - C:\WINDOWS\svch0st.exe (file missing)
O23 - NT 服务: EnvSec - Unknown owner - C:\WINDOWS\System32\envsec.exe (file missing)
O23 - NT 服务: FirebirdGuardianDefaultInstance - The Firebird Project - D:\广东省~1\FireBird\bin\fbguard.exe
O23 - NT 服务: FirebirdServerDefaultInstance - The Firebird Project - D:\广东省~1\FireBird\bin\fbserver.exe
O23 - NT 服务: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\KAV2006\KPfwSvc.EXE
O23 - NT 服务: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\KAV2006\KWatch.EXE
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - NT 服务: spool - Unknown owner - C:\WINDOWS\spoollv.exe (file missing)
O23 - NT 服务: Windows Archiver (winarc) - Unknown owner - C:\WINDOWS\windat.exe (file missing)
O23 - NT 服务: Windows Basis Cont - Unknown owner - C:\WINDOWS\WinFTP32.exe (file missing)
O23 - NT 服务: WindowsSysBoot - Unknown owner - C:\WINDOWS\cytob.exe (file missing)

东海龙宫 - 2006-1-3 15:20:00
O4 - 启动项HKLM\\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\sfx.exe
O23 - NT 服务: spool - Unknown owner - C:\WINDOWS\spoollv.exe (file missing)
O23 - NT 服务: Windows Archiver (winarc) - Unknown owner - C:\WINDOWS\windat.exe (file missing)
O23 - NT 服务: Windows Basis Cont - Unknown owner - C:\WINDOWS\WinFTP32.exe (file missing)
O23 - NT 服务: WindowsSysBoot - Unknown owner - C:\WINDOWS\cytob.exe (file missing)

ヘ网络农民ヘ - 2006-1-3 15:30:00
修复:
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128478002876
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128477984579
O16 - DPF: {7A818607-0D4D-4C09-AB73-E4FC105FD9C3} (Web800 Control) - http://radio.cga.com.cn/mdc800.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
O16 - DPF: {98A62E3F-A8C5-4EF0-8A00-C70CF9D18A89} (LoaderCore Class) - http://tb.sogou.com/DLLoader.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.zango.com/GetZango/Download/zangoax.cab

O23 - NT 服务: BoolTern - Unknown owner - C:\WINDOWS\svch0st.exe (file missing)

监视键盘的木马
用hiajckthis修复:O23 - Service: EnvSec - Unknown owner - D:\WINNT\system32\envsec.exe

开始--控制面版--管理工具--服务--找到EnvSec属性--改成已禁用

显示所有文件找到D:\WINNT\system32\envsec.exe删除

O23 - NT 服务: spool - Unknown owner - C:\WINDOWS\spoollv.exe (file missing)
spoollv.exe 是一个spybot,在安全模式下显示所有文件找到C:\WINDOWS\spoollv.exe 删除


O23 - NT 服务: Windows Archiver (winarc) - Unknown owner - C:\WINDOWS\windat.exe (file missing)  在安全模式下显示所有文件找到 C:\WINDOWS\windat.exe 删除

O23 - NT 服务: Windows Basis Cont - Unknown owner - C:\WINDOWS\WinFTP32.exe (file missing)
在安全模式下显示所有文件找到  C:\WINDOWS\WinFTP32.exe删除
ヘ网络农民ヘ - 2006-1-3 15:33:00
引用:
【东海龙宫的贴子】O4 - 启动项HKLM\\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\sfx.exe
...........................


解决方法是:开机后最快的时间内删除系统盘根目录sfx.exe,然后赶紧结束systntrl.exe进程,再去system32中找到syscnrl.exe并删除HKEY_current_user\software\microsoft\search assistant\acmru\5603 DDtc HKEY_local_machine\system\controlSet001\services\net这两个键值,下次启动就不加载了,正个过程要快,要再SFX.exe没有冒出来之前完成这一切,就OK..
风之祭奠曲 - 2006-1-7 18:35:00
还是不行~~~还有,HKEY_current_user\software\microsoft\search assistant\acmru\下有两个键直~~~~要不要都杀了?
WinFTP32.exe envsec.exe windat.exe spoollv.exe 这几个文件都找不到~~~
不言放弃 - 2006-1-7 18:56:00
按ctrl+alt+del
调出任务管理器
结束C:\WINDOWS\system32\netdrvr.exe进程

用HIJACKTHIS修复
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\System32\jkhgh.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: (no name) - {c82401d8-7d2f-43c4-bdfe-00320c008982} - C:\WINDOWS\System32\sompluex.dll
O2 - BHO: Bho Class - {EFDAC3FE-F44A-4030-8589-1E23BC6573D5} - C:\WINDOWS\System32\tkvpqinw.dll
O4 - 启动项HKLM\\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\sfx.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O20 - Winlogon Notify: efedb - efedb.dll (file missing)
O20 - Winlogon Notify: jkhgh - C:\WINDOWS\System32\jkhgh.dll
O23 - NT 服务: BoolTern - Unknown owner - C:\WINDOWS\svch0st.exe (file missing)
O23 - NT 服务: EnvSec - Unknown owner - C:\WINDOWS\System32\envsec.exe (file missing)
O23 - NT 服务: spool - Unknown owner - C:\WINDOWS\spoollv.exe (file missing)
O23 - NT 服务: Windows Archiver (winarc) - Unknown owner - C:\WINDOWS\windat.exe (file missing)
O23 - NT 服务: Windows Basis Cont - Unknown owner - C:\WINDOWS\WinFTP32.exe (file missing)
O23 - NT 服务: WindowsSysBoot - Unknown owner - C:\WINDOWS\cytob.exe (file missing)

删除以上文件

找不到文件请参考图片设置:

附件: 364052200617185626.JPG
风之祭奠曲 - 2006-1-7 19:08:00
HijackThis_zww汉化版扫描日志 V1.99.1
保存于      19:08:15, 日期 2006-1-7
操作系统:  Windows XP SP1 (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\KAV2006\KWatch.EXE
D:\广东省~1\FireBird\bin\fbguard.exe
D:\广东省~1\FireBird\bin\fbserver.exe
C:\KAV2006\KPfwSvc.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\KAV2006\KAVStart.exe
C:\WINDOWS\System32\RUNDLL32.EXE
D:\eMule\eMule.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\浩方对战平台\GameClient.exe
C:\WINDOWS\system32\netdrvr.exe
C:\Program Files\Tencent\TT\TTraveler.exe
C:\Program Files\KuGoo3\KuGoo.exe
C:\sfx.exe
C:\Documents and Settings\McDyess\桌面\防毒\HijackThis1[1].99.1\HijackThis1991zww.exe

R3 - URLSearchHook: BDSrchHook Class - {2C5AA40E-8814-4EB6-876E-7EFB8B3F9662} - C:\WINDOWS\DOWNLO~1\BDSrHook.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v8.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\System32\jkhgh.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: BDHlprObj Class - {CA92B524-BC8A-4610-BD2C-6BD3E28155D0} - C:\WINDOWS\DOWNLO~1\BDHelper.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - 启动项HKLM\\Run: [KavStart] "C:\KAV2006\KAVStart.exe" -startup
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule\eMule.exe -AutoStart
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 下载页面上的ED2(&K)链接 - d:\eMule\ed2k.html
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\浩方对战平台\GameClient.exe
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O11 - Options group: [TBH] QQ地址栏搜索
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O18 - 列举现有的协议: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - 列举现有的协议: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll
O18 - 列举现有的协议: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: ipp - (no CLSID) - (no file)
O18 - 列举现有的协议: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - 列举现有的协议: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - 列举现有的协议: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - 列举现有的协议: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - 列举现有的协议: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - 列举现有的协议: msdaipp - (no CLSID) - (no file)
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - 列举现有的协议: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - 列举现有的协议: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - 列举现有的协议: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll
O18 - 列举现有的协议: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - 列举现有的协议: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx
O18 - 列举现有的协议: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O20 - Winlogon Notify: jkhgh - C:\WINDOWS\System32\jkhgh.dll
O23 - NT 服务: FirebirdGuardianDefaultInstance - The Firebird Project - D:\广东省~1\FireBird\bin\fbguard.exe
O23 - NT 服务: FirebirdServerDefaultInstance - The Firebird Project - D:\广东省~1\FireBird\bin\fbserver.exe
O23 - NT 服务: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\KAV2006\KPfwSvc.EXE
O23 - NT 服务: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\KAV2006\KWatch.EXE
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - NT 服务: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - NT 服务: Windows Archiver (winarc) - Unknown owner - C:\WINDOWS\windat.exe (file missing)
新的日志
风之祭奠曲 - 2006-1-8 21:06:00
谢谢各位老鸟~~~~谢谢一切帮过偶的人~~~偶机子上的病毒都清了~~~十分感谢
1
查看完整版本: SOS!!!!急救!!!!老鸟帮手救爱机!!!!【求助】
© 2000 - 2026 Rising Corp. Ltd.