急急急 bbs.ikaka.com

蜀山大侠 - 2007-1-22 1:16:00

求助：检测到风险软件 Hidden object怎么办？

已检测到: 风险软件 Hidden object 运行进程: C:\Program Files\Internet Explorer\IEXPLORE.EXE
已检测到: 风险软件 Hidden object 运行进程: C:\Program Files\Tencent\qq\QQ.exe
已检测到: 风险软件 Hidden object 运行进程: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
已检测到: 风险软件 Hidden object 运行进程: C:\Downloads\TrojanDetector.EXE
已检测到: 风险软件 Hidden object 运行进程: C:\Program Files\Filseclab\Twister\Twister.exe
已检测到: 风险软件 Hidden object 运行进程: C:\WINDOWS\system32\svchost.exe
已检测到: 风险软件 Hidden object 运行进程: C:\WINDOWS\system32\rundll32.exe
已检测到: 风险软件 Hidden object 运行进程: C:\Program Files\3721\ske\TrojanAssistant.exe

UFO不幸外人 - 2007-1-22 1:52:00

需要你扫描SRE日志
这几个确实有问题尤其C:\WINDOWS\system32\rundll32.exe下面的DLL

看看是否有病毒把，下载地址http://www4.skycn.com/soft/23312.html

蜀山大侠 - 2007-1-22 2:35:00

显示不料桌面啊　　ＩＥ也被日了　　　怎么办？

蜀山大侠 - 2007-1-22 2:38:00

显示不了桌面啊　　ＩＥ也被日了　　怎么办啊？　　急啊

蜀山大侠 - 2007-1-22 2:39:00

显示不了桌面啊　　ＩＥ也被日了　　怎么办啊？　　急啊

蜀山大侠 - 2007-1-22 2:47:00

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [N/A]
<Super Rabbit IEPro><; C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD> [Super Rabbit Soft]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<IgfxTray><; C:\WINDOWS\system32\igfxtray.exe> [(Verified)Intel Corporation]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
<kav><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
<StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [N/A]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [N/A]
<Userinit><userinit.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Corporation]
<{17ADBAEC-A6FF-11E0-9A84-00C04FD8DBD8}><C:\WINDOWS\system32\H7ADBAEC.log> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Corporation]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Corporation]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Corporation]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Corporation]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Corporation]

蜀山大侠 - 2007-1-22 2:48:00

启动文件夹
N/A

==================================
服务
[13FFDE81 / 13FFDE81]
<><N/A>
[Application Layer Gateway Service / ALG]
<C:\WINDOWS\System32\alg.exe><N/A>
[卡巴斯基反病毒6.0 / AVP]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard]
<D:\其他\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.>
[ewido security suite control / ewido security suite control]
<><N/A>
[ewido security suite guard / ewido security suite guard]
<><N/A>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Remote Access Client Manager / RasC1Man]
<C:\WINDOWS\system32\racm.exe function><N/A>
[Print Spooler / Spooler]
<C:\WINDOWS\system32\spoolsv.exe><N/A>
[Windows DHCP Service / WinDHCPsvc]
<C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS]
<system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[axvdkbus / axvdkbus]
<system32\DRIVERS\axvdkbus.sys><>
[axvodka / axvodka]
<system32\DRIVERS\axvodka.sys><>
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ENTECH / ENTECH]
<\??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys><EnTech Taiwan>
[ewido anti-spyware 4.0 driver / ewido anti-spyware 4.0 driver]
<\??\D:\其他\ewido anti-spyware 4.0\guard.sys><N/A>
[ewido security suite driver / ewido security suite driver]
<\??\D:\新建文件夹\EWIDO-35-好使\ewido anti-malware\guard.sys><N/A>
[ialm / ialm]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[kl1 / kl1]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[npkcrypt / npkcrypt]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[npkycryp / npkycryp]
<\??\C:\Program Files\Tencent\QQ\npkycryp.sys><N/A>
[Pnpnt / Pnpnt]
<\SystemRoot\System32\Drivers\pnpnt.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver / rtl8139]
<system32\DRIVERS\R8139n51.SYS><Realtek Semiconductor Corporation>
[System Safety Monitor 2.0 Core Engine / safemon]
<\SystemRoot\system32\drivers\safemon.sys><System Safety Limited>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[TCP/IP Protocol Driver / Tcpip]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TSP / TSP]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>

蜀山大侠 - 2007-1-22 2:49:00

浏览器加载项
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\PROGRA~1\SUPERR~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
[启动迅雷]
{0062C9BD-B349-40DE-91A0-755F37ACD559} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <, N/A>
[Abobe Flash Play9]
{BD328E49-38AB-42CB-8EEA-73AA4CD2A6FD} <, N/A>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\PROGRA~1\SUPERR~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
[MMCPlayer Class]
{05C1004E-2596-48E5-8E26-39362985EEB9} <C:\Program Files\Sogou PXP\MMCShell.dll, N/A>
[Java Plug-in 1.4.1_01]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll, JavaSoft / Sun Microsystems, Inc.>
[Java Plug-in 1.4.1_01]
{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll, JavaSoft / Sun Microsystems, Inc.>
[Measurement Services Client v.3.11]
{D1E7CBDA-E60E-4970-A01C-37301EF7BF98} <C:\WINDOWS\system32\FUTURE~1\MSC\MSC3.ocx, Futuremark Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[iaskhelper Class]
{DF8B6C19-A6E0-4D65-BC01-867031A821B8} <C:\WINDOWS\Downloaded Program Files\minihelper.dll, 新浪网技术(中国)有限公司>
[PluginInstaller Class]
{E4D543B0-6F90-4FAC-9A2A-207A9CC886A8} <C:\WINDOWS\Downloaded Program Files\QPluginInstaller.dll, >
[QVideoCapture Class]
{04953C68-6EA4-11D7-9EB2-00104B9B5229} <C:\WINDOWS\system32\Q.Video Control\QVideoControl.dll, >
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[MMCPlayer Class]
{05C1004E-2596-48E5-8E26-39362985EEB9} <C:\Program Files\Sogou PXP\MMCShell.dll, N/A>
[QWebHelper Class]
{062C0AE3-B710-4D2D-8B01-85B4DB722700} <C:\WINDOWS\system32\Q.COM Utilities\qcomutil.dll, >
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[Baidu Search Bar]
{0FB8C8ED-61A4-DD21-DBBC-9C11983DDB38} <C:\WINDOWS\system32\BAIDUB~1.DLL, Baidu.com, Inc.>
[TBSB00889 Class]
{19BB865F-1769-4C0C-B1F6-53418DC414CA} <, N/A>
[PowerList Control]
{20C2C286-BDE8-441B-B73D-AFA22D914DA5} <D:\其他\PPStream\POWERL~1.OCX, PPStream.com>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[Yahoo!Photo]
{33BBE430-0E42-4F12-B075-8D21ACB10DCB} <, N/A>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <, N/A>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\PROGRA~1\SUPERR~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <, N/A>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[PowerPlayer Control]
{5EC7C511-CD0F-42E6-830C-1BD9882F3458} <D:\其他\PPStream\POWERP~1.DLL, PPStream Inc.>
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <, N/A>
[Microsoft 外壳 UI 帮助程序]
{64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <%SystemRoot%\system32\shdocvw.dll, N/A>
[BHOHelper Class]
{67A90DD5-128D-43AB-B97C-565D2DD42A28} <C:\PROGRA~1\real\atloader.dll, N/A>
[BHOHelper Class]
{67A90DD6-128D-43AB-B97C-565D2DD42A28} <C:\PROGRA~1\real\atloader.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\PROGRA~1\SUPERR~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin07.dll, Thunder Networking Technologies,LTD>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <, N/A>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[conimehlp Class]
{B10343BD-1DC6-442F-9BA2-D44C708CEE83} <, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Abobe Flash Play9]
{BD328E49-38AB-42CB-8EEA-73AA4CD2A6FD} <, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Measurement Services Client v.3.11]
{D1E7CBDA-E60E-4970-A01C-37301EF7BF98} <C:\WINDOWS\system32\FUTURE~1\MSC\MSC3.ocx, Futuremark Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[iaskhelper Class]
{DF8B6C19-A6E0-4D65-BC01-867031A821B8} <C:\WINDOWS\Downloaded Program Files\minihelper.dll, 新浪网技术(中国)有限公司>
[Flash Assistant]
{E29F0B13-0D84-45AA-81EC-CC629BC07566} <C:\WINDOWS\system32\Flasher.dll, N/A>
[PluginInstaller Class]
{E4D543B0-6F90-4FAC-9A2A-207A9CC886A8} <C:\WINDOWS\Downloaded Program Files\QPluginInstaller.dll, >
[ADXAutoLive]
{E5212436-921F-44a3-8865-11C0B9BA4AF2} <C:\PROGRA~1\real\autolive.dll, Microsoft Corporation>
[ADXAutoLive]
{E5212437-921F-44a3-8865-11C0B9BA4AF2} <C:\PROGRA~1\real\autolive.dll, Microsoft Corporation>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 512][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 560][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 584][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 628][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 640][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 800][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 860][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 924][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1024][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1108][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================

蜀山大侠 - 2007-1-22 2:50:00

高手快帮忙啊!!!!!!!!!!谢谢

鸟儿天上飞 - 2007-1-22 2:59:00

运行(双击)SRENG2，点“启动项目，服务，点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
[Remote Access Client Manager / RasC1Man]
<C:\WINDOWS\system32\racm.exe function><N/A>
[Print Spooler / Spooler]
<C:\WINDOWS\system32\spoolsv.exe><N/A>
[Windows DHCP Service / WinDHCPsvc]
<C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>
，选择“删除服务”
点“设置”选择“否”

重启按F８进入安全模式下
显示隐藏文件
删除：
C:\WINDOWS\system32\windhcp.ocx
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\racm.exe

红色内容在没有打印机情况下删除..

影子110 - 2007-1-22 3:13:00

补充一下~~
安全模式下清理这个启动项~并删除这个文件~

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

<{17ADBAEC-A6FF-11E0-9A84-00C04FD8DBD8}><C:\WINDOWS\system32\H7ADBAEC.log> [N/A]

蜀山大侠 - 2007-1-22 3:16:00

不行啊,现在我的任务管理器也大不开了.
桌面和任务拦无法显示安全模式的桌面和任务拦也大不开
SRENG2运行不了怎么办?!!!!!!!!

鸟儿天上飞 - 2007-1-22 3:17:00

【回复“影子110”的帖子】
HOHO...我才睡醒还迷糊捏..

蜀山大侠 - 2007-1-22 3:19:00

怎么半啊　　大哥　　我都困的不行了　　　帮帮忙把　　谢谢了啊！！

鸟儿天上飞 - 2007-1-22 3:23:00

引用:

【蜀山大侠的贴子】不行啊,现在我的任务管理器也大不开了.
桌面和任务拦无法显示安全模式的桌面和任务拦也大不开
SRENG2运行不了怎么办?!!!!!!!!
………………

你怎么发的帖子..

蜀山大侠 - 2007-1-22 3:27:00

什么意思啊? 我没有办法打开任何程序因为没有途径
桌面上什么都没有日志还是我用任务管理器运行SRE扫描的
现在任务管理器也大不开了你说我该怎么办啊?

瑞星卡卡安全论坛