瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 请问HijackThis,还有其他的一些程序,一启动就被自动关闭,是什么病毒啊??
paulhybryant - 2006-10-4 18:53:00
HijackThis,还有其他的一些程序,一启动就被自动关闭,是什么病毒啊??
而且点击Systray上的图标,出来的窗口闪一下,就被自动关闭了
用Norton和卡巴都杀过了,还是不行
paulhybryant - 2006-10-4 19:26:00
而且现在启动一些进程,比如maxthon浏览器,在任务管理器和procexp中都看不到maxthon进程,进程的数量少,但是内存使用挺多的
想用Hijactthis扫都不行啊...
该怎么办啊,请指教
paulhybryant - 2006-10-4 19:39:00
进程都跑到那里去了?
paulhybryant - 2006-10-4 21:27:00
请大虾们看看啊
paulhybryant - 2006-10-4 21:42:00
那位帮看看啊,在线等,帖子沉的太快了
说明最近病毒有多猖獗啊!!!!!!
paulhybryant - 2006-10-4 22:21:00
在线等
paulhybryant - 2006-10-4 22:36:00
这是SREng的扫描结果

2006-10-04,22:19:41

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <RoboForm><"C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe">  [Siber Systems]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <AssistSystray><D:\PROGRA~2\TWEAKA~1\AssistSystray.exe>  [全能助手工作室]
    <WmIEAssit><D:\Program Files\完美卸载V2006 完整版\IeRepair.exe -PowerOn>  []
    <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><"C:\WINDOWS\System32\Userinit.exe">  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]

==================================
启动文件夹
服务
[Automatic LiveUpdate Scheduler / Automatic LiveUpdate Scheduler]
  <"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"><N/A>
[Kaspersky Anti-Virus 6.0 / AVP]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[DHCP service / DHCP service for virtual netwo]
  <C:\WINDOWS\DHCPM.exe><N/A>
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard]
  <D:\Program Files\ewido_4.0.0.172c_3.3\guard.exe><Anti-Malware Development a.s.>
[NuTCRACKERService / NuTCRACKERService]
  <C:\WINDOWS\system32\nutsrv4.exe><DataFocus, Inc.>
[O&O Defrag / O&O Defrag]
  <C:\WINDOWS\system32\oodag.exe><O&O Software GmbH>
[Windows User Mode Driver Frameworkre5 / ServiceIkankan5]
  <><N/A>
[TuneUp WinStyler Theme Service / TUWinStylerThemeSvc]
  <"C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe"><TuneUp Software GmbH>
[VMware Authorization Service / VMAuthdService]
  <C:\Program Files\VMware\VMware Workstation\vmware-authd.exe><VMware, Inc.>
[VMware DHCP Service / VMnetDHCP]
  <C:\WINDOWS\system32\vmnetdhcp.exe><VMware, Inc.>
[VMware Virtual Mount Manager Extended / vmount2]
  <"C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe"><VMware, Inc.>
[VMware NAT Service / VMware NAT Service]
  <C:\WINDOWS\system32\vmnat.exe><VMware, Inc.>

==================================
浏览器加载项
[全能助手[资源管理器]伴侣]
  {939802BD-EDC8-4EE3-9997-A65BE4657FFD} <D:\Program Files\TweakAssist\ExBar.dll, 全能助手工作室>
[&RoboForm]
  {724d43a0-0d85-11d4-9908-00400523e39a} <C:\Program Files\Siber Systems\AI RoboForm\roboform.dll, Siber Systems>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\Program Files\Thunder Network\WebThunder\WebThunderBHO_013.dll, Thunder Networking Technologies,LTD>
[Microsoft ProgressBar Control, version 5.0 (SP2)]
  {0713E8D2-850A-101B-AFC0-4210102A8DA7} <C:\WINDOWS\system32\comctl32.ocx, Microsoft Corporation>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[SafeMe Internet Explorer Helper]
  {3AE06CEE-58A6-4F5F-AF89-6C5350842F16} <C:\WINDOWS\system32\SafeHelper12.dll, LINKMEDIA Tech>
[FlpLauncher Class]
  {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} <d:\PROGRA~2\E-BOOK~1\FLIPVI~1\fplaunch.dll, >
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[&RoboForm]
  {724D43A0-0D85-11D4-9908-00400523E39A} <C:\Program Files\Siber Systems\AI RoboForm\roboform.dll, Siber Systems>
[]
  {724D43A9-0D85-11D4-9908-00400523E39A} <C:\Program Files\Siber Systems\AI RoboForm\roboform.dll, Siber Systems>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[PortalCom R01]
  {817C90B5-1688-42BE-9044-58422DB088B2} <C:\WINDOWS\PortalAxR01.ocx, Huawei Co. Ltd.>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SUBMIT~1.DLL, >
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <, N/A>
[全能助手[资源管理器]伴侣]
  {939802BD-EDC8-4EE3-9997-A65BE4657FFD} <D:\Program Files\TweakAssist\ExBar.dll, 全能助手工作室>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\system\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[Iesign Control]
  {F3E92562-1B4D-4BFA-B2D4-E9BCABE3B6A3} <C:\WINDOWS\DOWNLO~1\iesign.ocx, csii>
[使用Web迅雷下载]
  <D:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <D:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
paulhybryant - 2006-10-4 22:38:00
==================================
正在运行的进程
[PID: 532][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 600][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 624][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\klogon.dll]  <Kaspersky Lab><6.0.1.394>
    [C:\WINDOWS\system32\PYJJ4.IME]  <加加工作组><4.0.0.21>
[PID: 672][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 684][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 852][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 912][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 972][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [c:\windows\system32\acss.dll]  <LINKMEDIA Tech><1, 5, 0, 4>
    [c:\windows\system32\nwsapagent.dll]  <LINKMEDIA Tech><1, 5, 0, 4>
[PID: 1024][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1112][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1248][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\PYJJ4.IME]  <加加工作组><4.0.0.21>
    [C:\WINDOWS\system32\KB27861001.log]  <N/A><N/A>
    [D:\PROGRA~2\TWEAKA~1\AssistDeskBar.dll]  <全能助手工作室><5, 0, 3, 0>
    [C:\WINDOWS\system32\mp3infp.dll]  <win32lab.com><2.53.26.0>
    [D:\PROGRA~2\TWEAKA~1\TrayKrnl.dll]  <全能助手工作室><1, 0, 0, 0>
    [d:\Program Files\Unlocker\UnlockerCOM.dll]  <N/A><N/A>
    [D:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [D:\Program Files\IDM Computer Solutions\UEStudio\uesctmn.dll]  <><1, 0, 0, 1>
    [D:\PROGRA~2\TWEAKA~1\AssistQRunShell.dll]  <全能助手工作室><3, 0, 0, 3>
    [d:\Program Files\PicaView\PicaView.dll]  <ACD Systems, Ltd.><2, 0, 0, 84>
    [d:\Program Files\PicaView\IDE_ACDStd.apl]  <ACD Systems, Ltd.><3,1,36,1>
    [C:\WINDOWS\System32\PathCopyEx.dll]  <><1, 0, 0, 1>
    [C:\PROGRA~1\OOSOFT~1\DEFRAG~1\oodsh.dll]  <O&O Software GmbH><1.0.1.2596>
    [C:\PROGRA~1\OOSOFT~1\DEFRAG~1\OODSHRS.DLL]  <O&O Software GmbH><1.0.11.1312>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll]  <Kaspersky Lab><6.0.1.394>
    [D:\Program Files\ewido_4.0.0.172c_3.3\context.dll]  <Anti-Malware Development a.s.><4, 0, 0, 172>
    [C:\WINDOWS\system32\WmShell.dll]  <KillSoft><1.0.0.1>
    [C:\WINDOWS\system32\contmenu.dll]  <N/A><N/A>
[PID: 1472][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1596][C:\WINDOWS\system32\imapi.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1660][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  <Microsoft Corporation><7.00.9466>
[PID: 1816][C:\WINDOWS\system32\nutsrv4.exe]  <DataFocus, Inc.><4.50.0000>
    [C:\WINDOWS\system32\nutmsg4.dll]  <DataFocus, Inc.><4.50.0000>
[PID: 1836][C:\WINDOWS\system32\oodag.exe]  <O&O Software GmbH><8.0.1398>
    [C:\WINDOWS\system32\OODAGRS.DLL]  <O&O Software GmbH><8.0.1.1347>
    [C:\WINDOWS\system32\PYJJ4.IME]  <加加工作组><4.0.0.21>
[PID: 1964][C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe]  <VMware, Inc.><5.5.1 build-19175>
    [C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmxScsiLib.dll]  <VMware, Inc.><5.5.1 build-19175>
[PID: 2140][C:\WINDOWS\system32\wscntfy.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\PYJJ4.IME]  <加加工作组><4.0.0.21>
    [D:\PROGRA~2\TWEAKA~1\TrayKrnl.dll]  <全能助手工作室><1, 0, 0, 0>
[PID: 2172][D:\PROGRA~2\TWEAKA~1\AssistSystray.exe]  <全能助手工作室><4, 0, 4, 0>
    [D:\PROGRA~2\TWEAKA~1\AssistAlert.dll]  <全能助手工作室><1, 0, 0, 0>
    [D:\PROGRA~2\TWEAKA~1\AssistBWSpy.dll]  <全能助手工作室><1, 0, 1, 1>
    [D:\PROGRA~2\TWEAKA~1\TweakAssistKrnl.dll]  <全能助手工作室><2, 0, 1, 1>
    [C:\WINDOWS\system32\PYJJ4.IME]  <加加工作组><4.0.0.21>
    [D:\PROGRA~2\TWEAKA~1\AssistWallpaper.dll]  <全能助手工作室><2, 0, 0, 3>
    [D:\PROGRA~2\TWEAKA~1\AssistImgfmt.dll]  <全能助手工作室><2, 0, 0, 0>
    [D:\PROGRA~2\TWEAKA~1\TrayKrnl.dll]  <全能助手工作室><1, 0, 0, 0>
[PID: 2180][D:\Program Files\完美卸载V2006 完整版\IeRepair.exe]  <><1, 0, 0, 1>
    [D:\Program Files\完美卸载V2006 完整版\SkinMagic.dll]  <Appspeed Inc.><2, 4, 1, 1>
    [C:\WINDOWS\system32\PYJJ4.IME]  <加加工作组><4.0.0.21>
    [D:\PROGRA~2\TWEAKA~1\TrayKrnl.dll]  <全能助手工作室><1, 0, 0, 0>
[PID: 2232][C:\WINDOWS\system32\rundll32.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\sdmAgent22.dll]  <LINKMEDIA Tech><1, 5, 0, 7>
    [C:\WINDOWS\system32\PYJJ4.IME]  <加加工作组><4.0.0.21>
    [D:\PROGRA~2\TWEAKA~1\TrayKrnl.dll]  <全能助手工作室><1, 0, 0, 0>
paulhybryant - 2006-10-4 22:40:00
[PID: 2236][C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe]  <Siber Systems><6-6-2>
    [C:\Program Files\Siber Systems\AI RoboForm\RoboForm.DLL]  <Siber Systems><6-6-2>
    [C:\WINDOWS\system32\PYJJ4.IME]  <加加工作组><4.0.0.21>
    [D:\PROGRA~2\TWEAKA~1\TrayKrnl.dll]  <全能助手工作室><1, 0, 0, 0>
[PID: 12804][C:\WINDOWS\system32\CMMON32.EXE]  <Microsoft Corporation><7.02.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\PYJJ4.IME]  <加加工作组><4.0.0.21>
    [D:\PROGRA~2\TWEAKA~1\TrayKrnl.dll]  <全能助手工作室><1, 0, 0, 0>
[PID: 41936][d:\program files\winamp\winamp.exe]  <Nullsoft><5,2,5,857>
    [d:\program files\winamp\NSCRT.dll]  <Nullsoft, Inc.><7.10.0000>
    [d:\program files\winamp\System\aacPlusDecoder.w5s]  <N/A><N/A>
    [d:\program files\winamp\System\alac.w5s]  <N/A><N/A>
    [d:\program files\winamp\System\filereader.w5s]  <N/A><N/A>
    [d:\program files\winamp\System\jnetlib.w5s]  <N/A><N/A>
    [d:\program files\winamp\System\playlist.w5s]  <N/A><N/A>
    [d:\program files\winamp\System\png.w5s]  <N/A><N/A>
    [d:\program files\winamp\System\tagz.w5s]  <N/A><N/A>
    [d:\program files\winamp\System\watcher.w5s]  <N/A><N/A>
    [d:\program files\winamp\System\xml.w5s]  <N/A><N/A>
    [C:\WINDOWS\system32\PYJJ4.IME]  <加加工作组><4.0.0.21>
    [d:\program files\winamp\Plugins\in_!mpg123.dll]  <Shibatch Software><1, 0, 0, 0>
    [d:\program files\winamp\Plugins\in_APE.dll]  <Matthew T. Ashland><4.01>
    [d:\program files\winamp\Plugins\in_asfs.dll]  <AudioSoft><1.30>
    [d:\program files\winamp\Plugins\in_atrac3.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Msdmo.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\in_cdda.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\in_CDReader.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\in_cue.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\in_dshow.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\in_flac.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\in_flic.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\in_linein.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\in_midi.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\in_mod.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\in_mp3.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\in_mp4.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\in_mpc.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\in_nsv.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\in_tara.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\in_vorbis.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\in_vqf.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\read_file.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\in_wave.dll]  <N/A><N/A>
    [d:\program files\winamp\libsndfile.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\in_wm.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\Out_AAC.dll]  <N/A><1, 5, 0, 0>
    [d:\program files\winamp\id3lib.dll]  <http://www.id3lib.org/><3.8.3>
    [d:\program files\winamp\Plugins\out_asio(dll).dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\out_disk.dll]  <Nullsoft><5,2,5,787>
    [d:\program files\winamp\Plugins\out_ds.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\out_ds_ssrc.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\out_filewrite.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\out_lame.dll]  <MUKOLI><1.6.3>
    [d:\program files\winamp\Plugins\out_sqr.dll]  <SqrSoft?><1, 7, 5, 0>
    [d:\program files\winamp\Plugins\out_wave.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\out_wave_ssrc.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\gen_cue.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\gen_ff.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\gen_find_on_disk.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\gen_hotkeys.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\gen_jumpex.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\gen_MiniLyrics.dll]  <N/A><N/A>
    [C:\Program Files\MiniLyrics\MiniLyrics.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\gen_ml.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\ml_nowplaying.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\ml_bookmarks.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\ml_history.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\ml_local.dll]  <N/A><N/A>
    [d:\program files\winamp\nde.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\ml_playlists.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\ml_disc.dll]  <N/A><N/A>
    [d:\program files\winamp\primosdk.dll]  <Sonic Solutions><3.2.40.500>
    [d:\program files\winamp\PX.dll]  <Sonic Solutions><3.2.40.500>
    [d:\program files\winamp\Plugins\ml_gusb_us.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\ml_online.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\ml_pmp.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\pmp_ipod.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\pmp_njb.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\pmp_p4s.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\pmp_usb.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\ml_wire.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\gen_msn.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\gen_saveas.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\gen_timerestore.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\gen_tips.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\gen_tray.dll]  <N/A><N/A>
    [d:\program files\winamp\Plugins\gen_undo.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\hwplugin.dll]  <HyunWon Inc><1, 1, 0, 5>
    [C:\WINDOWS\system32\hwPDwmf.dll]  <Hyun Won Inc><3, 0, 0, 1>
    [C:\WINDOWS\system32\HWusbfmc.dll]  <HyunWon Inc ><1, 0, 0, 7>
    [d:\PROGRA~2\M_ANYL~1.1\Korean\hwiSP.dll]  <HyunWon Inc><1, 1, 0, 6>
    [d:\Program Files\Ahead\WMPBurn\NeroBurnPlugin.dll]  <Ahead Software AG><1, 2, 0, 1>
    [D:\PROGRA~2\TWEAKA~1\TrayKrnl.dll]  <全能助手工作室><1, 0, 0, 0>
[PID: 59172][C:\WINDOWS\system32\inetsrv\inetinfo.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
paulhybryant - 2006-10-4 22:40:00
[PID: 63976][d:\program files\kingsoft\powerword 2005\xdict.exe]  <Kingsoft Co, Ltd.><8, 5, 0, 0>
    [d:\program files\kingsoft\powerword 2005\DicMngr.dll]  <Kingsoft><1, 0, 0, 0>
    [d:\program files\kingsoft\powerword 2005\doshow.dll]  <N/A><N/A>
    [d:\program files\kingsoft\powerword 2005\ITextOut.dll]  <Kingsoft><1, 1, 0, 0>
    [d:\program files\kingsoft\powerword 2005\KPic10.dll]  <N/A><N/A>
    [d:\program files\kingsoft\powerword 2005\ijl11.dll]  <Intel Corporation><1.1.2>
    [d:\program files\kingsoft\powerword 2005\NormGrab.DLL]  <Kingsoft Co, Ltd.><6, 0, 0, 0>
    [d:\program files\kingsoft\powerword 2005\toTTSEngine50.dll]  <Kingsoft Corporation><1, 0, 0, 1>
    [d:\program files\kingsoft\powerword 2005\xfile.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\PYJJ4.IME]  <加加工作组><4.0.0.21>
    [d:\program files\kingsoft\powerword 2005\DBCore10.dll]  <Kingsoft  Corp.><1, 0, 0, 0>
    [d:\program files\kingsoft\powerword 2005\XdictGrb.dll]  <Kingsoft Co, Ltd.><8, 5, 0, 0>
    [D:\PROGRA~2\TWEAKA~1\TrayKrnl.dll]  <全能助手工作室><1, 0, 0, 0>
[PID: 93980][C:\Program Files\jj4\jjsvr4.exe]  <加加开发组><4.0.0.20>
    [C:\WINDOWS\system32\PYJJ4.IME]  <加加工作组><4.0.0.21>
    [D:\PROGRA~2\TWEAKA~1\TrayKrnl.dll]  <全能助手工作室><1, 0, 0, 0>
[PID: 137088][d:\program files\merriam-webster3.0\merriam-webster.exe]  <Merriam-Webster><3, 0, 0, 0>
    [d:\program files\merriam-webster3.0\xnmba510.dll]  <N/A><N/A>
    [d:\program files\merriam-webster3.0\xnmte510.dll]  <N/A><N/A>
    [d:\program files\merriam-webster3.0\xnmhn510.dll]  <N/A><N/A>
    [d:\program files\merriam-webster3.0\xnmpr510.dll]  <N/A><N/A>
    [d:\program files\merriam-webster3.0\xnmr70mt.dll]  <N/A><N/A>
    [D:\PROGRA~2\TWEAKA~1\TrayKrnl.dll]  <全能助手工作室><1, 0, 0, 0>
    [C:\WINDOWS\system32\PYJJ4.IME]  <加加工作组><4.0.0.21>
[PID: 159788][C:\Program Files\Maxthon\Maxthon.exe]  <Maxthon International Ltd.><1, 5, 7, 82>
    [C:\Program Files\Maxthon\maxzlib.dll]  < ><1, 0, 0, 2>
    [D:\PROGRA~2\TWEAKA~1\TrayKrnl.dll]  <全能助手工作室><1, 0, 0, 0>
    [C:\WINDOWS\system32\PYJJ4.IME]  <加加工作组><4.0.0.21>
    [C:\Program Files\Maxthon\Plugin\ViewSource\ViewSrc.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Thunder Network\WebThunder\WebThunderBHO_013.dll]  <Thunder Networking Technologies,LTD><6, 0, 0, 4>
    [C:\Program Files\VMware\VMware Workstation\vmPerfmon.dll]  <VMware, Inc.><5.5.1 build-19175>
    [C:\Program Files\Siber Systems\AI RoboForm\roboform.dll]  <Siber Systems><6-6-2>
    [C:\Program Files\Maxthon\Services\RealTime\real_time.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll]  <Kaspersky Lab><1.0.6.394>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  <Kaspersky Lab><6.0.1.394>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll]  <Kaspersky Lab><6.0.1.394>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  <Kaspersky Lab><6.0.1.394>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  <Kaspersky Lab><6.0.1.394>
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  <Kaspersky Lab><6.0.1.394>
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  <Kaspersky Lab><6.0.1.394>
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  <Kaspersky Lab><6.0.1.394>
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  <Kaspersky Lab><6.0.1.394>
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  <Kaspersky Lab><6.0.1.394>
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\basegui.ppl]  <Kaspersky Lab><6.0.1.394>
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl]  <Kaspersky Lab><6.0.1.394>
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
[PID: 266964][C:\WINDOWS\system32\inetsrv\DavCData.exe]  <Microsoft Corporation><6.0.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 281868][C:\WINDOWS\explorer.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\PROGRA~2\TWEAKA~1\TrayKrnl.dll]  <全能助手工作室><1, 0, 0, 0>
    [C:\WINDOWS\system32\PYJJ4.IME]  <加加工作组><4.0.0.21>
    [C:\WINDOWS\system32\mp3infp.dll]  <win32lab.com><2.53.26.0>
    [d:\Program Files\Unlocker\UnlockerCOM.dll]  <N/A><N/A>
    [C:\PROGRA~1\OOSOFT~1\DEFRAG~1\oodsh.dll]  <O&O Software GmbH><1.0.1.2596>
    [C:\PROGRA~1\OOSOFT~1\DEFRAG~1\OODSHRS.DLL]  <O&O Software GmbH><1.0.11.1312>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll]  <Kaspersky Lab><6.0.1.394>
    [C:\WINDOWS\system32\contmenu.dll]  <N/A><N/A>
    [D:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [D:\PROGRA~2\TWEAKA~1\AssistQRunShell.dll]  <全能助手工作室><3, 0, 0, 3>
    [C:\WINDOWS\System32\PathCopyEx.dll]  <><1, 0, 0, 1>
    [D:\Program Files\ewido_4.0.0.172c_3.3\context.dll]  <Anti-Malware Development a.s.><4, 0, 0, 172>
    [C:\WINDOWS\system32\WmShell.dll]  <KillSoft><1.0.0.1>
[PID: 283228][D:\PROGRA~2\TWEAKA~1\AssistQRun.exe]  <全能助手工作室><5, 0, 4, 0>
    [D:\PROGRA~2\TWEAKA~1\TrayKrnl.dll]  <全能助手工作室><1, 0, 0, 0>
    [C:\WINDOWS\system32\PYJJ4.IME]  <加加工作组><4.0.0.21>
[PID: 283392][d:\program files\sreng\sreng.exe]  <Smallfrogs Studio><2.0.21.505>
    [D:\PROGRA~2\TWEAKA~1\TrayKrnl.dll]  <全能助手工作室><1, 0, 0, 0>
    [C:\WINDOWS\system32\PYJJ4.IME]  <加加工作组><4.0.0.21>
    [d:\program files\sreng\Plugins\SREngPluginDemo.SRE]  <Smallfrogs Studio><1, 1, 1, 0>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
春水如尘 - 2006-10-4 23:08:00
可能是你的文件中病毒后,被杀软杀掉了,就损坏了,所以运行不了
呵呵,猜测哈
paulhybryant - 2006-10-4 23:09:00
paulhybryant - 2006-10-5 11:03:00
不是啊,可以运行啊,是运行一下就被终止,
而像卡巴斯基,可以用来杀毒,但是要打开哪个它的界面,闪一下就消失了
而且有过一次启动后那些程序能够正常使用,但是再重启又不行了
而且现在那些进程的PID都是6位数的,很不正常啊
1
查看完整版本: 请问HijackThis,还有其他的一些程序,一启动就被自动关闭,是什么病毒啊??
© 2000 - 2026 Rising Corp. Ltd.