瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 跪求各位大哥帮小弟看看吧!带日志!十万火急!【求助】

1   1  /  1  页   跳转

跪求各位大哥帮小弟看看吧!带日志!十万火急!【求助】

收藏
不懂的新手
头像
初生襁褓狮
  • 帖子:62
  • 注册: 2006-07-19
  • 来自:
发表于: 2006-07-19 19:36 | 只看楼主 短消息 资料
字号: 1楼

跪求各位大哥帮小弟看看吧!带日志!十万火急!【求助】

正在运行的进程
[PID: 464][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 528][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 564][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\Ati2evxx.dll]  <ATI Technologies Inc.><6.14.10.4113>
[PID: 608][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 620][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 768][C:\WINDOWS\system32\Ati2evxx.exe]  <ATI Technologies Inc.><6.14.10.4113>
    [C:\WINDOWS\system32\Ati2edxx.dll]  <ATI Technologies, Inc.><6, 14, 10, 2496>
[PID: 780][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 836][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 900][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 952][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1088][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1232][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1336][C:\WINDOWS\system32\Ati2evxx.exe]  <ATI Technologies Inc.><6.14.10.4113>
    [C:\WINDOWS\system32\Ati2edxx.dll]  <ATI Technologies, Inc.><6, 14, 10, 2496>
    [C:\DOCUME~1\wn\LOCALS~1\Temp\8m.dll]  <WinRAR archiver><3, 4, 2, 0>
[PID: 1696][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1736][C:\Program Files\Founder\Emergency Center\Hotkey.exe]  <N/A><N/A>
    [C:\Program Files\Founder\Emergency Center\SBHotkey.dll]  <N/A><N/A>
[PID: 1752][C:\PROGRA~1\founder\IP_Phone\slpc.exe]  <N/A><N/A>
[PID: 2024][C:\WINDOWS\system32\mnsie.exe]  <Microsoft Corporation><5.1.2600.2180>
    [C:\DOCUME~1\wn\LOCALS~1\Temp\8m.dll]  <WinRAR archiver><3, 4, 2, 0>
[PID: 156][C:\WINDOWS\SOUNDMAN.EXE]  <Realtek Semiconductor Corp.><5.1.0.39>
    [C:\DOCUME~1\wn\LOCALS~1\Temp\8m.dll]  <WinRAR archiver><3, 4, 2, 0>
[PID: 176][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3510>
    [C:\DOCUME~1\wn\LOCALS~1\Temp\8m.dll]  <WinRAR archiver><3, 4, 2, 0>
[PID: 184][C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe]  <N/A><3.0.00.13241>
    [C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRVps.dll]  <Sony Corporation><4.1.00.13261>
    [C:\DOCUME~1\wn\LOCALS~1\Temp\8m.dll]  <WinRAR archiver><3, 4, 2, 0>
[PID: 196][C:\WINDOWS\system32\RunDll32.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system\cmcnfgu.cpl]  <C-Media Corporation><1. 0. 47. 5>
    [C:\WINDOWS\System32\cmpropu.dll]  <C-Media Corporation><1.0.2.3>
    [C:\DOCUME~1\wn\LOCALS~1\Temp\8m.dll]  <WinRAR archiver><3, 4, 2, 0>
[PID: 168][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\DOCUME~1\wn\LOCALS~1\Temp\8m.dll]  <WinRAR archiver><3, 4, 2, 0>
[PID: 888][C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe]  <Sony Corporation><3.0.00.13241>
    [C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRVps.dll]  <Sony Corporation><4.1.00.13261>
[PID: 968][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3284][C:\WINDOWS\system32\drivers\mcq\adout.exe]  <><1, 0, 0, 7>
[PID: 1164][C:\WINDOWS\explorer.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\DOCUME~1\wn\LOCALS~1\Temp\8m.dll]  <WinRAR archiver><3, 4, 2, 0>
    [C:\Program Files\Founder\Emergency Center\SBHotkey.dll]  <N/A><N/A>
    [C:\WINDOWS\Downloaded Program Files\swflash.dll]  <N/A><N/A>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
[PID: 2468][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\DOCUME~1\wn\LOCALS~1\Temp\8m.dll]  <WinRAR archiver><3, 4, 2, 0>
    [C:\WINDOWS\system32\macromed\flash\flash.ocx]  <Macromedia, Inc.><6,0,79,0>
    [C:\Program Files\Founder\Emergency Center\SBHotkey.dll]  <N/A><N/A>
    [E:\PROGRA~1\KuGoo3\KUGOO3~1.OCX]  <N/A><N/A>
[PID: 692][D:\新建文件夹 (3)\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\DOCUME~1\wn\LOCALS~1\Temp\8m.dll]  <WinRAR archiver><3, 4, 2, 0>
最后编辑2006-07-19 20:31:49
分享到:
gototop
 
不懂的新手
头像
初生襁褓狮
  • 帖子:62
  • 注册: 2006-07-19
  • 来自:
发表于: 2006-07-19 19:42 | 只看楼主 短消息 资料
字号: 2楼

求求各位大哥大姐帮忙看看吧!还需要什么样的日志?我是新手,不懂我只把正在运行的进程的日志粘上来了!还需要别的日志吗?
gototop
 
不懂的新手
头像
初生襁褓狮
  • 帖子:62
  • 注册: 2006-07-19
  • 来自:
发表于: 2006-07-19 19:43 | 只看楼主 短消息 资料
字号: 3楼

启动文件夹
服务
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Database information combine / DbooInfo]
  <C:\WINDOWS\dbmsinfo.exe><易易加速科技有限公司>
[iPod 服务 / iPodService]
  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Computer, Inc.>
[MSCSPTISRV / MSCSPTISRV]
  <C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe><Sony Corporation>
[PACSPTISVR / PACSPTISVR]
  <C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe><Sony Corporation>
[SDAgent Service / SDAgentService]
  <C:\Program Files\Common Files\smartde\sde.exe><北京兴华基业软件技术有限公司>
[Sony SPTI Service / SPTISRV]
  <C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe><Sony Corporation>
[SonicStage SCSI Service / SSScsiSV]
  <C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe><Sony Corporation>
[Sysbak hotkey Server / Sysbak_hotkey_Server]
  <C:\Program Files\Founder\Emergency Center\Hotkey.exe><N/A>
[TeamSun LPC / TeamSun LPC]
  <C:\PROGRA~1\founder\IP_Phone\slpc.exe><N/A>
gototop
 
不懂的新手
头像
初生襁褓狮
  • 帖子:62
  • 注册: 2006-07-19
  • 来自:
发表于: 2006-07-19 19:44 | 只看楼主 短消息 资料
字号: 4楼

浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[internet explorer helper]
  {02C9B9AB-6372-46C5-B356-773FAF3B6B1E} <C:\WINDOWS\fonts\msshapi.dll, >
[MyIEHelper Class]
  {16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4683.dll, Microsoft Corporation>
[BrowserHelper Class]
  {2D99E8F4-56B7-457B-9A92-61B5D247D263} <C:\WINDOWS\system32\WinDefendor.dll, TODO: <公司名>>
[CaiShowBH Class]
  {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>>
[NetAccelerate Class]
  {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, N/A>
[Hssdtobj Class]
  {5D15CEAC-3B27-4863-AAEA-93A4C8A6C57D} <C:\WINDOWS\system32\hssdtobm.dll, 易易加速科技有限公司>
[Mini PPGou BHO]
  {92FB5F8F-8254-4978-9C50-03D9B0405062} <C:\PROGRA~1\MINIPP~1\MINIPP~1.DLL, N/A>
[NewWebController Class]
  {9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINDOWS\system32\WinSC.dll, N/A>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <E:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[DuiSo.com Search]
  {E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINDOWS\system32\Inte32.dll, N/A>
[Letscool System Helper]
  {F0C15012-7DBD-4068-95A2-0A82DB03AC35} <C:\WINDOWS\system32\CoolBho.dll, LETSCOOL Network Technology>
[豪杰超级解霸9]
  {367E0A21-8601-4986-9C9A-153BF5ACA118} <E:\Hero 9\STHSDVD.EXE, herosoft>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\新建文件夹 (3)\QQ.EXE, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[IE标准栏]
  {954F618B-0DEC-4D1A-9317-E0FC96F87865} <C:\WINDOWS\system32\amstreamxb.dll, >
[SysMonOCX Control]
  {9BDBC41E-C335-4263-83C0-ECE78EE28A33} <C:\WINDOWS\DOWNLO~1\SYSMON~1.OCX, AhnLab>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[internet explorer helper]
  {02C9B9AB-6372-46C5-B356-773FAF3B6B1E} <C:\WINDOWS\fonts\msshapi.dll, >
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <, N/A>
[MyIEHelper Class]
  {16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4683.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[BrowserHelper Class]
  {2D99E8F4-56B7-457B-9A92-61B5D247D263} <C:\WINDOWS\system32\WinDefendor.dll, TODO: <公司名>>
[CaiShowBH Class]
  {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>>
[google bar]
  {479241B5-347D-41B5-A76B-202D06B52EAE} <C:\WINDOWS\Windef.dll, N/A>
[NetAccelerate Class]
  {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, N/A>
[Hssdtobj Class]
  {5D15CEAC-3B27-4863-AAEA-93A4C8A6C57D} <C:\WINDOWS\system32\hssdtobm.dll, 易易加速科技有限公司>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Mini PPGou BHO]
  {92FB5F8F-8254-4978-9C50-03D9B0405062} <C:\PROGRA~1\MINIPP~1\MINIPP~1.DLL, N/A>
[IE标准栏]
  {954F618B-0DEC-4D1A-9317-E0FC96F87865} <C:\WINDOWS\system32\amstreamxb.dll, >
[NewWebController Class]
  {9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINDOWS\system32\WinSC.dll, N/A>
[SysMonOCX Control]
  {9BDBC41E-C335-4263-83C0-ECE78EE28A33} <C:\WINDOWS\DOWNLO~1\SYSMON~1.OCX, AhnLab>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <E:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[DuiSo.com Search]
  {E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINDOWS\system32\Inte32.dll, N/A>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[Letscool System Helper]
  {F0C15012-7DBD-4068-95A2-0A82DB03AC35} <C:\WINDOWS\system32\CoolBho.dll, LETSCOOL Network Technology>
[&使用迅雷下载]
  <D:\迅雷\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\迅雷\getallurl.htm, N/A>
[&使用迷你屁屁狗[PPGou]加速下载]
  <C:\Program Files\MiniPPGou\geturl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\新建文件夹 (3)\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
  <E:\Program Files\KuGoo3\KuGoo3DownX.htm, N/A>
[使用超级解霸播放]
  <E:\Hero 9\MPURLGET.HTM, N/A>
[添加到QQ自定义面板]
  <D:\新建文件夹 (3)\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\新建文件夹 (3)\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\新建文件夹 (3)\SendMMS.htm, N/A>
[用炫彩图铃发送该图片]
  <C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm, N/A>
gototop
 
yanmings
头像
锋芒艾服狮
  • 帖子:1698
  • 注册: 2005-01-10
  • 来自:
发表于: 2006-07-19 19:58 | 短消息 资料
字号: 5楼

日志不全
gototop
 
不懂的新手
头像
初生襁褓狮
  • 帖子:62
  • 注册: 2006-07-19
  • 来自:
发表于: 2006-07-19 20:04 | 只看楼主 短消息 资料
字号: 6楼

注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <msnnt><C:\WINDOWS\mcUpdate.exe>  []
    <caishowmanage><C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE>  []
    <LetsCool><C:\Program Files\LetsCool\LetsCool.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <BigDog303><C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)>  []
    <SsAAD.exe><C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe>  []
    <CmUsbSound><RunDll32 cmcnfgu.cpl,CMICtrlWnd>  []
    <MiniPPGou.exe><C:\Program Files\MiniPPGou\MiniPPGou.exe>  []
    <SOUNDM><winsmd.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <1><C:\WINDOWS\wingdi.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <Vision><>  []
    <DVDBurn><C:\WINDOWS\Downloaded Program Files\AfxEdit.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    <WinlogonNotify: AtiExtEvent><Ati2evxx.dll>  [ATI Technologies Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <AddrPlus2><; RUNDLL32.EXE C:\PROGRA~1\TENCENT\AddrPlus\QAHook.dll,Rundll32>  []
    <ATIPTA><; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <BigDog303><; C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)>  []
    <BigDogPath><; C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera>  []
    <CmUsbSound><; RunDll32 cmcnfgu.cpl,CMICtrlWnd>  []
    <doc><; c:\windows\doc.exe>  []
    <helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  []
    <IntelliPoint><; "C:\Program Files\Microsoft IntelliPoint\point32.exe">  [Microsoft Corporation]
    <iTunesHelper><; "C:\Program Files\iTunes\iTunesHelper.exe">  [Apple Computer, Inc.]
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  []
    <QuickTime Task><; "C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Computer, Inc.]
    <RavTimeXP><; C:\WINDOWS\TEMP\WUUR.exe>  []
    <spoolsv><; C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer>  []
    <SsAAD.exe><; C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe>  []
    <SunTown><; >  []
    <SysExplr><; E:\Hero 9\SysExplr.EXE>  []
    <TeamSun LPC><; "C:\Program Files\founder\IP_Phone\slpc.exe" Tray>  []
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
gototop
 
不懂的新手
头像
初生襁褓狮
  • 帖子:62
  • 注册: 2006-07-19
  • 来自:
发表于: 2006-07-19 20:06 | 只看楼主 短消息 资料
字号: 7楼

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
gototop
 
不言放弃
头像
社区嘉宾
  • 帖子:30678
  • 注册: 2004-09-17
  • 来自:蓝色星球
发表于: 2006-07-19 20:39 | 短消息 资料
字号: 8楼

【回复“不懂的新手”的帖子】
晕倒
好好的一个日志竟然弄得这么乱
真是麻烦

操作参考:

=================

打开SREng--系统修复--启动项目--注册表--用鼠标左键选中如下项目--删除

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<msnnt><C:\WINDOWS\mcUpdate.exe> []
<caishowmanage><C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE> []

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<SOUNDM><winsmd.exe> []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<1><C:\WINDOWS\wingdi.exe> []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<Vision><> []
<DVDBurn><C:\WINDOWS\Downloaded Program Files\AfxEdit.dll> []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<doc><; c:\windows\doc.exe> []
<RavTimeXP><; C:\WINDOWS\TEMP\WUUR.exe> []
<spoolsv><; C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer> []

================

打开SREng--系统修复--浏览器加载项--用鼠标左键选中如下项目--删除所选内容

[internet explorer helper]
{02C9B9AB-6372-46C5-B356-773FAF3B6B1E} <C:\WINDOWS\fonts\msshapi.dll, >

[MyIEHelper Class]
{16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4683.dll, Microsoft Corporation>

[BrowserHelper Class]
{2D99E8F4-56B7-457B-9A92-61B5D247D263} <C:\WINDOWS\system32\WinDefendor.dll, TODO: <公司名>>

[CaiShowBH Class]
{3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>>

[NetAccelerate Class]
{5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, N/A>

[Hssdtobj Class]
{5D15CEAC-3B27-4863-AAEA-93A4C8A6C57D} <C:\WINDOWS\system32\hssdtobm.dll, 易易加速科技有限公司>

[NewWebController Class]
{9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINDOWS\system32\WinSC.dll, N/A>

[DuiSo.com Search]
{E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINDOWS\system32\Inte32.dll, N/A>

[Letscool System Helper]
{F0C15012-7DBD-4068-95A2-0A82DB03AC35} <C:\WINDOWS\system32\CoolBho.dll, LETSCOOL Network Technology>

[IE标准栏]
{954F618B-0DEC-4D1A-9317-E0FC96F87865} <C:\WINDOWS\system32\amstreamxb.dll, >

[internet explorer helper]
{02C9B9AB-6372-46C5-B356-773FAF3B6B1E} <C:\WINDOWS\fonts\msshapi.dll, >

[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <, N/A>

[MyIEHelper Class]
{16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4683.dll, Microsoft Corporation>

[BrowserHelper Class]
{2D99E8F4-56B7-457B-9A92-61B5D247D263} <C:\WINDOWS\system32\WinDefendor.dll, TODO: <公司名>>

[CaiShowBH Class]
{3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>>

[google bar]
{479241B5-347D-41B5-A76B-202D06B52EAE} <C:\WINDOWS\Windef.dll, N/A>

[NetAccelerate Class]
{5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, N/A>

[Hssdtobj Class]
{5D15CEAC-3B27-4863-AAEA-93A4C8A6C57D} <C:\WINDOWS\system32\hssdtobm.dll, 易易加速科技有限公司>

[IE标准栏]
{954F618B-0DEC-4D1A-9317-E0FC96F87865} <C:\WINDOWS\system32\amstreamxb.dll, >

[NewWebController Class]
{9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINDOWS\system32\WinSC.dll, N/A>

[DuiSo.com Search]
{E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINDOWS\system32\Inte32.dll, N/A>

[Letscool System Helper]
{F0C15012-7DBD-4068-95A2-0A82DB03AC35} <C:\WINDOWS\system32\CoolBho.dll, LETSCOOL Network Technology>

===========================

开始--控制面板--性能和维护--管理工具--服务
禁用如下服务:
[Database information combine / DbooInfo]
[SDAgent Service / SDAgentService]

=================

开始--运行
输入regedit
确定
进入注册表
依次展开
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00X\Services](X代表1,2,3,4....)
找到后删除如下文件夹:
DbooInfo文件夹
SDAgentService文件夹

=========================
http://www.xfocus.net/tools/200605/1161.html
下载后打开IceSword
在工具栏中点击--文件--设置
勾选“禁止进线程创建”
然后结束如下进程:
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\mnsie.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\mcq\adout.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe

用IceSword删除
C:\DOCUME~1\wn\LOCALS~1\Temp\8m.dll
C:\WINDOWS\Downloaded Program Files\swflash.dll
C:\WINDOWS\system32\drivers\mcq\adout.exe
C:\WINDOWS\system32\drivers\mcq\

删除完毕
把IceSword的“禁止进线程创建”前的勾去掉

====================

卸载
C:\Program Files\CaiShow Tech\

==============

删除
C:\Program Files\CaiShow Tech\
C:\WINDOWS\mcUpdate.exe
winsmd.exe(在C盘搜索)
C:\WINDOWS\wingdi.exe
C:\WINDOWS\Downloaded Program Files\AfxEdit.dll
c:\windows\doc.exe
C:\WINDOWS\TEMP\WUUR.exe
C:\WINDOWS\system32\spoolsv\
C:\WINDOWS\fonts\msshapi.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4683.dll
C:\WINDOWS\Windef.dll
C:\WINDOWS\system32\MicrosoftNet.dll
C:\WINDOWS\system32\hssdtobm.dll
C:\WINDOWS\system32\amstreamxb.dll
C:\WINDOWS\system32\WinSC.dll
C:\WINDOWS\system32\Inte32.dll
C:\WINDOWS\system32\CoolBho.dll

提示:
若正常模式下无法解决
建议进入安全模式下操作
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT