瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 请斑竹帮忙看看日记~怎样才能杀干净?

1   1  /  1  页   跳转

请斑竹帮忙看看日记~怎样才能杀干净?

收藏
对猪击鼓
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-09-02
  • 来自:
发表于: 2006-09-06 20:14 | 只看楼主 短消息 资料
字号: 1楼

请斑竹帮忙看看日记~怎样才能杀干净?

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe>  []
    <shell><"C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe">  []
    <Windows installer><C:\winstall.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <RavTask><"d:\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe>  []
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <><C:\WINDOWS\system32\intenat.exe>  []
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  []
    <StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <TProgram><C:\WINDOWS\SMSS.EXE>  [kVSjHGJ7KlHMQRricowU]
    <Torjan Program><C:\WINDOWS\WINLOGON.EXE>  [XrPA2y0WoHZg8D5Lmqce]
    <><C:\WINDOWS\system32\intenat.exe>  []
    <ms><C:\Program Files\Microsoft\svhost32.exe>  []
    <C:\DOCUME~1\new\LOCALS~1\Temp\SetupCmd27.exe><C:\DOCUME~1\new\LOCALS~1\Temp\SetupCmd27.exe>  []
    <zt><C:\WINDOWS\Intel\rundll32.exe>  []
    <Tray><C:\WINDOWS\command\rundll32.exe>  []
    <Internet><C:\WINDOWS\system32\Intercpu.exe>  []
    <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>  []
    <Update><C:\Program Files\Common Files\UPDATE2\Update.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <TProgram><C:\WINDOWS\SMSS.EXE>  [kVSjHGJ7KlHMQRricowU]
    <Torjan Program><C:\WINDOWS\WINLOGON.EXE>  [XrPA2y0WoHZg8D5Lmqce]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <1><C:\WINDOWS\svchost.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe 1>  []
    <Userinit><userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\system.sys>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    <WinlogonNotify: AtiExtEvent><Ati2evxx.dll>  [ATI Technologies Inc.]

==================================
启动文件夹
[壁纸自动换]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\壁纸自动换.lnk><N>

==================================
最后编辑2006-09-06 20:20:42
分享到:
gototop
 
对猪击鼓
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-09-02
  • 来自:
发表于: 2006-09-06 20:15 | 只看楼主 短消息 资料
字号: 2楼

服务
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Gortable Media Serial Number S / Gortable Media Serial Number S]
  <C:\WINDOWS\MSN.exe><N/A>
[Rising Process Communication Center / RsCCenter]
  <"d:\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"D:\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[Internet Explorer helper Objects]
  {C277FAA4-F103-42AE-82FD-F4A1AB015F2A} <C:\WINDOWS\system32\MSIEHelp.dll, Microsoft Corporation. All rights reserved.>
[QuickBtn]
  {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\kuzhan\kuzhan.dll, Fengcent>
[天心传奇,国内在线人数最多的传奇]
  {3FAA0E5B-4005-431A-BF61-E03983CC9AA7} <http://www.234567.net/, N/A>
[开心溜溜娱乐门户网,电影、音乐、DJ、相声、小品、FLASH等等应有尽有]
  {6A3AA123-D3AE-4A24-891A-F1232092A719} <http://www.kx66.com/, N/A>
[中文网址导航]
  {D1DF4E4F-9137-44B7-8061-5F7B41A9D776} <http://www.234567.com/, N/A>
[泡游戏,给你推荐最新最好玩的游戏]
  {DE2EDC37-FFAD-4B1F-A4E8-D8ADDD349A36} <http://www.paogame.com/, N/A>
[宏网超级搜霸]
  {A790098E-DA46-472A-B77B-683882F78C0D} <C:\WINDOWS\system32\ZGHWIEBAR.dll, 中国宏网>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft? Corporation>
[Recorder Control]
  {2423AB16-9F42-457B-A337-FE3B11964DB0} <d:\BLUESK~1\recorder.ocx, Bluesky Studio (http://www.bluesky.cn)>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[宏网超级搜霸]
  {2E7D3330-EB94-4518-B0FE-E05379A5C1DA} <C:\PROGRA~1\234567\ZGHWBAR.dll, 中国宏网>
[BlueskyVideo Control]
  {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} <d:\BLUESK~1\v2.ocx, 蓝天工作室(http://www.bluesky.cn)>
[Share Control]
  {3072B1F1-0C4D-4E76-A7C6-FBAF129DBCC9} <d:\BLUESK~1\share.ocx, http://www.bluesky.cn>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[PP Control]
  {7005341F-8E42-47E3-987B-3DBE6288048C} <d:\BLUESK~1\pp.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Videohelp Control]
  {75B75D86-D88B-4BEA-BC59-BFD9D7300518} <d:\BLUESK~1\VIDEOH~1.OCX, Bluesky Studio(http://www.bluesky.cn)>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Filetran Control]
  {88734439-46D0-42C0-A13F-7E881EE550CF} <d:\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[Chat Control]
  {94EFE58C-E678-4808-AD65-24CE4B94C1FE} <d:\BLUESK~1\chat.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Blueskyvoice Control]
  {991481A7-4669-4e15-8C24-100404E1F5CB} <d:\BLUESK~1\BLUESK~1.OCX, 蓝天工作室(http://www.bluesky.cn)>
[Internet Explorer helper Objects]
  {9C9F9B89-B243-4613-9710-87060F137118} <C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSIEHE~1.DLL, Microsoft Corporation. All rights reserved.>
[Display Control]
  {A1D97DB3-E564-4743-B2E7-6F5182CBF406} <d:\BLUESK~1\display.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Tracechat Control]
  {A40335C4-D3D1-4E7B-9130-039CDA5B603C} <d:\BLUESK~1\TRACEC~1.OCX, bluesky studio>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Blueskyvoice Control]
  {BA0F088C-72C1-475a-92F8-42391DEF6961} <d:\BLUESK~1\BLUESK~2.OCX, 蓝天工作室(http://www.bluesky.cn)>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Internet Explorer helper Objects]
  {C277FAA4-F103-42AE-82FD-F4A1AB015F2A} <C:\WINDOWS\system32\MSIEHelp.dll, Microsoft Corporation. All rights reserved.>
[NTIECatcher Class]
  {C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi>
[Sun Java2]
  {C61A70F3-505E-4B90-916F-627A8706B4BC} <C:\WINDOWS\system32\COMBoHEvent.dll, N/A>
[Client Control]
  {C7B0C764-5D4E-433E-A854-591F28520577} <d:\BLUESK~1\client.ocx, >
[Play Control]
  {CC20DDA1-9A21-4DEC-B5BE-E61E0351FCA9} <d:\BLUESK~1\play.ocx, N/A>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[QuickBtn]
  {D1BB7CF4-4463-4E91-88D7-ECC3CE0A13B7} <C:\Program Files\kuzhan\kuzhan.dll, Fengcent>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash85.ocx, Macromedia, Inc.>
[]
  {E730189A-9973-4121-B046-AD1C161EC3AF} <C:\WINDOWS\system32\37211.dll, N/A>
[&使用迅雷下载]
  <d:\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <d:\Thunder\Program\GetAllUrl.htm, N/A>
[使用影音传送带下载]
  <C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
  <C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>
gototop
 
对猪击鼓
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-09-02
  • 来自:
发表于: 2006-09-06 20:15 | 只看楼主 短消息 资料
字号: 3楼

正在运行的进程
[PID: 556][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 612][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 640][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\Ati2evxx.dll]  <ATI Technologies Inc.><6.14.10.4124>
[PID: 684][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\cn_spiEx.dll]  <N/A><N/A>
[PID: 696][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\cn_spiEx.dll]  <N/A><N/A>
[PID: 848][C:\WINDOWS\system32\Ati2evxx.exe]  <ATI Technologies Inc.><6.14.10.4124>
    [C:\WINDOWS\system32\Ati2edxx.dll]  <ATI Technologies, Inc.><6, 14, 10, 2499>
[PID: 876][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 956][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1076][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\cn_spiEx.dll]  <N/A><N/A>
[PID: 1168][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1336][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1504][C:\WINDOWS\system32\Ati2evxx.exe]  <ATI Technologies Inc.><6.14.10.4124>
    [C:\WINDOWS\system32\Ati2edxx.dll]  <ATI Technologies, Inc.><6, 14, 10, 2499>
    [C:\WINDOWS\system32\Hook.dll]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
[PID: 1576][C:\WINDOWS\Explorer.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><2, 0, 0, 2>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
    [C:\WINDOWS\system32\cn_spiEx.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Hook.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\taskdir.dll]  <N/A><N/A>
    [d:\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
[PID: 1692][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1752][C:\Program Files\CNNIC\Cdn\cdnup.exe]  <><2, 4, 0, 6>
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><2, 0, 0, 2>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
    [C:\WINDOWS\system32\tdll.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\ztdll.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\msdll.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Hook.dll]  <N/A><N/A>
[PID: 1868][C:\WINDOWS\svchost.exe]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
    [C:\WINDOWS\system32\Hook.dll]  <N/A><N/A>
[PID: 1880][C:\WINDOWS\SOUNDMAN.EXE]  <Realtek Semiconductor Corp.><5, 1, 0, 48>
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><2, 0, 0, 2>
    [C:\WINDOWS\system32\Hook.dll]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
[PID: 1900][D:\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [D:\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [D:\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><2, 0, 0, 2>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
    [C:\WINDOWS\system32\Hook.dll]  <N/A><N/A>
    [D:\Rav\rslog.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[PID: 316][C:\WINDOWS\system32\intenat.exe]  <N/A><N/A>
    [C:\WINDOWS\system32\Hook.dll]  <N/A><N/A>
[PID: 584][C:\Program Files\Common Files\UPDATE2\Update.exe]  <N/A><N/A>
    [C:\WINDOWS\system32\cn_spiEx.dll]  <N/A><N/A>
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><2, 0, 0, 2>
    [C:\WINDOWS\system32\Hook.dll]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
[PID: 604][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\cn_spiEx.dll]  <N/A><N/A>
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><2, 0, 0, 2>
    [C:\WINDOWS\system32\Hook.dll]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
[PID: 732][C:\WINDOWS\system32\drwtsn32.exe]  <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
[PID: 1556][C:\WINDOWS\system32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1376][D:\Rav\Smartup.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 71>
    [D:\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 25>
    [D:\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[PID: 1772][C:\WINDOWS\system32\wbem\wmiprvse.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\cn_spiEx.dll]  <N/A><N/A>
[PID: 480][C:\WINDOWS\system32\drwtsn32.exe]  <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
[PID: 1056][C:\WINDOWS\system32\wuauclt.exe]  <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
    [C:\WINDOWS\system32\cn_spiEx.dll]  <N/A><N/A>
[PID: 440][C:\WINDOWS\WINLOGON.EXE]  <XrPA2y0WoHZg8D5Lmqce><0.00.0102>
    [C:\WINDOWS\system32\cn_spiEx.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\taskdir.dll]  <N/A><N/A>
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><2, 0, 0, 2>
    [C:\WINDOWS\system32\Hook.dll]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
[PID: 2744][C:\WINDOWS\system32\drwtsn32.exe]  <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
[PID: 2512][D:\Rav\Rav.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 75>
    [D:\Rav\PlugIn\RsPgScan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 17>
    [D:\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[PID: 2404][D:\sreng2\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\WINDOWS\system32\cn_spiEx.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\taskdir.dll]  <N/A><N/A>
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><2, 0, 0, 2>
    [C:\WINDOWS\system32\Hook.dll]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
gototop
 
对猪击鼓
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-09-02
  • 来自:
发表于: 2006-09-06 20:15 | 只看楼主 短消息 资料
字号: 4楼

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  Error. [winfiles]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
gototop
 
对猪击鼓
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-09-02
  • 来自:
发表于: 2006-09-06 20:18 | 只看楼主 短消息 资料
字号: 5楼

病毒好像越来越多了 瑞星杀都杀不完~  每次开机都会出现程序错误~比如打开网页就会出现
              IEXPLORE.EXE-应用程序错误~
  "0x10003237"指令引用的"0x0000005c"内存.该内存不能为"read"
gototop
 
mopery
头像
卡卡技术团队
  • 帖子:17737
  • 注册: 2005-12-06
  • 来自:New York
卡卡名人堂论坛9周年纪念
发表于: 2006-09-06 20:28 | 短消息 资料
字号: 6楼

[Gortable Media Serial Number S / Gortable Media Serial Number S]
<C:\WINDOWS\MSN.exe><N/A>
鸽子..安全模式...打开注册表编辑器,展开:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
搜索Gortable Media Serial Number S 删除..
删除
C:\WINDOWS\MSN.exe

[C:\WINDOWS\system32\cn_spiEx.dll] <N/A><N/A>
需要用LSPFix 来修复..
LSPFix(汉化版) 下载地址:http://forum.ikaka.com/topic.asp?board=67&artid=5188931
(8楼...)
同时下载WinsockXPFix.exe...(2楼...)
----------------------------------------------------------------
先运行LSPFix ... 勾上 我确定要进行修复操作 ...
然后将cn_spiEx.dll移到右边...点下完成...
----------------------------------------------------------------
如果在操作之后不能上网...请用WinsockXPFix.exe 修复一下即可...安全模式下..

<TProgram><C:\WINDOWS\SMSS.EXE> [kVSjHGJ7KlHMQRricowU]
<Torjan Program><C:\WINDOWS\WINLOGON.EXE> [XrPA2y0WoHZg8D5Lmqce]
参考:http://forum.ikaka.com/topic.asp?board=28&artid=8141143
下载幸福的狮子 编写的专杀查杀..

<Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe> []
参考顶置...

打开SRE 启动项目 注册表 删除
<Windows installer><C:\winstall.exe> []
<><C:\WINDOWS\system32\intenat.exe> []
<><C:\WINDOWS\system32\intenat.exe> []
<ms><C:\Program Files\Microsoft\svhost32.exe> []
<zt><C:\WINDOWS\Intel\rundll32.exe> []
<Tray><C:\WINDOWS\command\rundll32.exe> []
<Internet><C:\WINDOWS\system32\Intercpu.exe> []
<C:\DOCUME~1\new\LOCALS~1\Temp\SetupCmd27.exe><C:\DOCUME~1\new\LOCALS~1\Temp\SetupCmd27.exe> []
<Update><C:\Program Files\Common Files\UPDATE2\Update.exe> []
<1><C:\WINDOWS\svchost.exe> []
<{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\system.sys> []
删除
C:\winstall.exe
C:\WINDOWS\system32\intenat.exe
C:\Program Files\Microsoft\svhost32.exe
C:\WINDOWS\Intel\rundll32.exe
C:\WINDOWS\command\rundll32.exe
C:\WINDOWS\system32\Intercpu.exe
C:\Program Files\Common Files\UPDATE2\Update.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Internet Explorer\PLUGINS\system.sys
C:\WINDOWS\system32\Hook.dll
C:\WINDOWS\system32\taskdir.dll
C:\WINDOWS\system32\tdll.dll
C:\WINDOWS\system32\ztdll.dll
C:\WINDOWS\system32\msdll.dll

安全模式下清空
C:\DOCUME~1\new\LOCALS~1\Temp\
gototop
 
mopery
头像
卡卡技术团队
  • 帖子:17737
  • 注册: 2005-12-06
  • 来自:New York
卡卡名人堂论坛9周年纪念
发表于: 2006-09-06 20:28 | 短消息 资料
字号: 7楼

http://www.pctutu.com/srmsdown.asp
下载超级兔子..用超级兔子清理王卸载流氓软件...(安全模式...)
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT