瑞星卡卡安全论坛

首页 » 技术交流区 » 系统软件 » 卸载ACDC后,.BAT文件不能运行
alak - 2006-9-8 23:25:00
Logfile of HijackThis v1.99.1
Scan saved at 23:11:30, on 2006-9-8
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
D:\Program Files\KV2006\KVMonXP.kxp
C:\WINDOWS\system32\CTFMON.EXE
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\KV2006\KVSrvXP.exe
D:\Program Files\KV2006\kvwsc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\alg.exe
D:\Program Files\KV2006\TrojDie.kxp
D:\Program Files\KV2006\KRegEx.exe
D:\Program Files\KV2006\UIHost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
D:\Program Files\Netease\popo2004\popo.exe
D:\Program Files\Tencent\QQ\QZone\QZone.exe
D:\Program Files\Maxthon2\Maxthon.exe
C:\Documents and Settings\Administrator\桌面\Play\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: FiltrateWebObj Class - {42AFACEE-2A77-41EB-9EE2-D9F8AF827F90}

- D:\Program Files\KV2006\KVBHO_1.dll
O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} -

D:\Program Files\KV2006\KvShell.dll
O3 - Toolbar: ICQ  Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} -

(no file)
O3 - Toolbar: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} -

D:\Program Files\KV2006\KvShell.dll
O3 - Toolbar: BitComet工具栏 - {3F1ABCDB-A875-46c1-8345-B72A4567E486} -

(no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no

file)
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-

C89982D87CBF} - C:\Program Files\Google\Web

Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} -

D:\PROGRA~1\Sina\ddt\DDTONG~1.DLL
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1

\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [KvMonXP] "D:\Program Files\KV2006\KVMonXP.kxp" /auto
O4 - HKLM\..\Run: [pfw] D:\Program Files\SkyNet\FireWall\PFW.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32

\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program

Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions

present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel

present
O8 - Extra context menu item: &Google Search - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -

res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder

Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program

Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: Backward Links - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -

res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: 使用新浪下载助手下载 - D:\PROGRA~1

\Sina\ddt\sinadl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) -

res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-

AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01

\bin\npjpi150_01.dll
O9 - Extra button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-

0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?

source=cns&btn=yahoomail (file missing)
O9 - Extra 'Tools' menuitem: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92

-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?

source=cns&btn=yahoomail (file missing)
O9 - Extra button: (no name) - {59BC54A2-56B3-44a0-93E5-432D58746E26} -

(no file)
O9 - Extra button: (no name) - {5D73EE86-05F1-49ed-B850-E423120EC338} -

(no file)
O9 - Extra button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} -

http://www.tomatolei.com (file missing)
O9 - Extra 'Tools' menuitem: 番茄花园 - {6096E38F-5AC1-4391-8EC4-

75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6}

- http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-

AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: (no name) - {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} -

(no file)
O9 - Extra button: (no name) - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

(no file)
O9 - Extra button: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}

- http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file

missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-

8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?

source=cns&btn=repair (file missing)
O9 - Extra button: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D}

- D:\PROGRA~1\Sina\ddt\DDTONG~1.DLL
O9 - Extra button: 清理上网记录 - {FD00D911-7529-4084-9946-

A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?

source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-

A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?

source=cns&btn=clean (file missing)
O9 - Extra button: (no name) - {974AD624-EA50-4831-A6C0-3040F6665396} -

D:\Program Files\Sina\ddt\RssBand.dll (HKCU)
O9 - Extra button: (no name) - {F0646DC8-58CD-4C64-8F6B-525043914685} -

D:\Program Files\Sina\ddt\RssBand.dll (HKCU)
O11 - Options group: [!CNS]  中文上网
O17 - HKLM\System\CCS\Services\Tcpip\..\{F66306FD-6C88-4BC7-BCB4-

9DD445DDEEF8}: NameServer = 202.102.152.3
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} -

C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945}

- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development

a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: KVSrvXP - Jiangmin Co. Ltd - D:\Program Files\KV2006

\KVSrvXP.exe
O23 - Service: KVWSC - Jiangmin Co.Ltd - D:\Program Files\KV2006

\kvwsc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner -

C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia

Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program

Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. -

C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service

(default)) - Analog Devices, Inc. - C:\Program Files\Analog

Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) -

TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2006

\WinStylerThemeSvc.exe



卸载ACDC后,.BAT文件不能运行
右键点击没有打开和编辑这2个选项
通过DOS命令可以运行.
.BAT 文本为
@echo off
echo 正在清除系统垃圾文件,请稍等......
del /f /s /q %systemdrive%\*.tmp
del /f /s /q %systemdrive%\*._mp
del /f /s /q %systemdrive%\*.log
del /f /s /q %systemdrive%\*.gid
del /f /s /q %systemdrive%\*.chk
del /f /s /q %systemdrive%\*.old
del /f /s /q %systemdrive%\recycled\*.*
del /f /s /q %windir%\*.bak
del /f /s /q %windir%\prefetch\*.*
rd /s /q %windir%\temp & md %windir%\temp
del /f /q %userprofile%\小甜饼s\*.*
del /f /q %userprofile%\recent\*.*
del /f /s /q "%userprofile%\Local Settings\Temporary Internet Files\*.*"
del /f /s /q "%userprofile%\Local Settings\Temp\*.*"
del /f /s /q "%userprofile%\recent\*.*"
echo 清除系统LJ完成!
echo. & pause
1
查看完整版本: 卸载ACDC后,.BAT文件不能运行