1   1  /  1  页   跳转

【求助】麻烦看下  谢谢了

收藏
心心魔魂
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2006-06-17
  • 来自:
发表于: 2006-06-17 20:35 | 只看楼主 短消息 资料
字号: 1楼

【求助】麻烦看下  谢谢了

内存中的进程:
[System Process]
alg.exe
BitComet.exe
CSRSS.EXE
CTFMON.EXE
EXPLORER.EXE
iexplore.exe
Iparmor.exe
LSASS.EXE
nvsvc32.exe
QQ.exe
SERVICES.EXE
SMSS.EXE
SPOOLSV.EXE
SVCHOST.EXE
System
TIMPlatform.exe
wdfmgr.exe
WINLOGON.EXE
wuauclt.exe
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\appHelp.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\CRYPTUI.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
F:\Iparmor\getportlistxp.dll
C:\WINDOWS\system32\hnetcfg.dll
F:\Iparmor\hookhookdll.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
F:\Iparmor\Iparmor.exe
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\jscript.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MFC42.DLL
C:\WINDOWS\system32\MFC42LOC.DLL
C:\WINDOWS\system32\mlang.dll
C:\WINDOWS\system32\mpr.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\mshtml.dll
C:\WINDOWS\system32\msimtf.dll
C:\WINDOWS\system32\msls31.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\oledlg.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RASAPI32.DLL
C:\WINDOWS\system32\rasman.dll
C:\WINDOWS\system32\RICHED20.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\shdoclc.dll
C:\WINDOWS\system32\shdocvw.dll
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\TAPI32.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\version.dll
C:\WINDOWS\system32\wininet.dll
C:\WINDOWS\system32\winmm.dll
C:\WINDOWS\system32\winspool.drv
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\wsock32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\asycfilt.dll
C:\WINDOWS\system32\ATL.DLL
F:\BitComet\BitComet.exe
C:\WINDOWS\system32\browseui.dll
C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll
C:\WINDOWS\system32\credui.dll
C:\WINDOWS\System32\davclnt.dll
F:\BitComet\dbghelp.dll
C:\WINDOWS\System32\drprov.dll
C:\WINDOWS\system32\LINKINFO.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSGINA.dll
C:\WINDOWS\system32\msxml3.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\System32\NETRAP.dll
C:\WINDOWS\system32\NETSHELL.dll
C:\WINDOWS\System32\NETUI0.dll
C:\WINDOWS\System32\NETUI1.dll
C:\WINDOWS\System32\ntlanman.dll
C:\WINDOWS\system32\ntshrui.dll
C:\WINDOWS\system32\ODBC32.dll
C:\WINDOWS\system32\odbcint.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINHTTP.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WMASF.DLL
C:\WINDOWS\system32\wmploc.dll
C:\WINDOWS\system32\WMVCore.DLL
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSUTB.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\ACTIVEDS.dll
C:\WINDOWS\system32\actxprxy.dll
C:\WINDOWS\system32\adsldpc.dll
C:\WINDOWS\system32\asfsipc.dll
C:\WINDOWS\system32\BatMeter.dll
C:\WINDOWS\system32\browselc.dll
C:\WINDOWS\system32\BROWSEUI.dll
C:\WINDOWS\system32\CBShell.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\System32\CSCDLL.dll
C:\WINDOWS\System32\cscui.dll
C:\WINDOWS\system32\DSOUND.dll
C:\WINDOWS\system32\DUSER.dll
C:\WINDOWS\Explorer.EXE
F:\金山游侠\Tools\KVD\kscdrush.dll
C:\WINDOWS\system32\midimap.dll
C:\WINDOWS\system32\MLANG.dll
C:\WINDOWS\system32\MPRAPI.dll
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\MSIMG32.dll
C:\WINDOWS\system32\MSISIP.DLL
C:\WINDOWS\system32\msutb.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\mydocs.dll
C:\WINDOWS\system32\newdev.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\nvcpl.dll
C:\WINDOWS\system32\NVRSZHC.DLL
C:\WINDOWS\system32\nvshell.dll
C:\WINDOWS\system32\OLEACC.dll
C:\WINDOWS\system32\POWRPROF.dll
C:\Program Files\WinRAR\rarext.dll
C:\WINDOWS\system32\RASAPI32.dll
C:\WINDOWS\system32\RASDLG.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\SHDOCVW.dll
C:\WINDOWS\system32\stobject.dll
C:\WINDOWS\system32\themeui.dll
C:\WINDOWS\system32\wdmaud.drv
C:\WINDOWS\system32\webcheck.dll
C:\WINDOWS\system32\wmpshell.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\WTSAPI32.dll
C:\WINDOWS\system32\WZCSAPI.DLL
F:\迅雷\ComDlls\XunLeiBHO_001.dll
C:\WINDOWS\system32\DCIMAN32.dll
C:\WINDOWS\system32\DDRAW.dll
C:\WINDOWS\system32\ddrawex.dll
C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ImgUtil.dll
C:\WINDOWS\system32\mshtmled.dll
C:\WINDOWS\system32\plugin.ocx
C:\WINDOWS\system32\pngfilt.dll
C:\WINDOWS\system32\vbscript.dll
C:\WINDOWS\system32\AVICAP32.dll
E:\QQ\BasicCtrlDll.dll
E:\QQ\BQQApplication.dll
E:\QQ\CameraDll.dll
C:\WINDOWS\system32\CFGMGR32.dll
E:\QQ\CommercesMng.dll
E:\QQ\CQQApplication.dll
C:\WINDOWS\system32\devenum.dll
E:\QQ\DialerAllinOne.dll
C:\WINDOWS\system32\DINPUT.dll
E:\QQ\FlashAvatarDll.dll
E:\QQ\gdiplus.dll
E:\QQ\GroupConnection.dll
E:\QQ\GroupLive.dll
C:\WINDOWS\system32\HID.DLL
E:\QQ\HostingMgr.dll
E:\QQ\ImageOle.dll
E:\QQ\inplus.dll
C:\WINDOWS\system32\l3codeca.acm
E:\QQ\LoginCtrl.dll
E:\QQ\LongConnection.dll
E:\QQ\MailSummary.dll
C:\WINDOWS\system32\mciwave.dll
E:\QQ\MFC42.DLL
C:\WINDOWS\system32\msadp32.acm
C:\WINDOWS\system32\msdmo.dll
C:\WINDOWS\system32\MSVFW32.dll
E:\QQ\NewSkin.dll
E:\QQ\npkcntc.dll
E:\QQ\npkpdb.dll
E:\QQ\OEMApplication.dll
C:\WINDOWS\system32\OLEPRO32.DLL
E:\QQ\PersonalDesktop.dll
E:\QQ\PhoneAPI.dll
E:\QQ\QQ.exe
E:\QQ\QQAddr.dll
E:\QQ\QQAllInOne.dll
E:\QQ\QQAPI.dll
E:\QQ\QQAvatar.dll
E:\QQ\QQBaseClassInDll.dll
E:\QQ\QQConfigPlugin.dll
E:\QQ\QQCustomFace.dll
E:\QQ\QQFileTransfer.dll
E:\QQ\QQGroupMng.dll
E:\QQ\QQHelperDll.dll
E:\QQ\QQMagicFace.dll
E:\QQ\QQMainFrame.dll
E:\QQ\QQMMSender.dll
E:\QQ\QQPet.dll
E:\QQ\QQPhoneHelper.dll
E:\QQ\QQPlugin.dll
E:\QQ\QQRes.dll
E:\QQ\QQSceneMng.dll
E:\QQ\QQSettingCtrl.dll
E:\QQ\QQSpace.dll
E:\QQ\QQSysMsgMng.dll
E:\QQ\QQZip.dll
E:\QQ\QRingMng.dll
E:\QQ\RICHED20.dll
E:\QQ\RICHED32.DLL
E:\QQ\SCCore.dll
E:\QQ\TIMProxy.dll
E:\QQ\UserDefinedHead.dll
E:\QQ\vbscript.dll
E:\QQ\videodevice.dll
C:\WINDOWS\system32\winabc.ime
C:\WINDOWS\system32\WINWB86.IME
C:\WINDOWS\system32\zipfldr.dll
E:\QQ\TIMPlatform.exe
==================================================
启动项目:
RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NVCPL.DLL,NVSTARTUP
RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NVMCTRAY.DLL,NVTASKBARINIT
C:\WINDOWS\SYSTEM32\CTFMON.EXE
desktop.ini
腾讯QQ.lnk

最后编辑2006-06-18 09:31:56
分享到:
gototop
 
心心魔魂
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2006-06-17
  • 来自:
发表于: 2006-06-17 20:35 | 只看楼主 短消息 资料
字号: 2楼

==================================================
系统服务列表:
Abiosdsk
system32\DRIVERS\ACPI.sys
ACPIEC
system32\drivers\aec.sys
\SystemRoot\System32\drivers\afd.sys
system32\drivers\ALCXSENS.SYS
system32\drivers\ALCXWDM.SYS
%SystemRoot%\system32\svchost.exe -k LocalService
%SystemRoot%\System32\alg.exe
System32\DRIVERS\aliide.sys
C:\Program Files\Antiy Labs\Alive\AliveCenter.exe
system32\drivers\es198x.sys
allem3
system32\DRIVERS\amdk7.sys
%SystemRoot%\system32\svchost.exe -k netsvcs
asc3350p
system32\DRIVERS\asyncmac.sys
system32\DRIVERS\atapi.sys
Atdisk
\??\F:\Anti Trojan Elite\ATEPMon.sys
system32\DRIVERS\atmarpc.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
system32\DRIVERS\audstub.sys
System32\DRIVERS\BaseTDI.SYS
BattC
Beep
%SystemRoot%\system32\svchost.exe -k netsvcs
%SystemRoot%\system32\svchost.exe -k netsvcs
cbidf2k
cd20xrnt
Cdaudio
Cdfs
system32\DRIVERS\cdrom.sys
Changer
%SystemRoot%\system32\cisvc.exe
%SystemRoot%\system32\clipsrv.exe
System32\DRIVERS\cmdide.sys
C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
ContentFilter
ContentIndex
%SystemRoot%\system32\svchost.exe -k netsvcs
system32\DRIVERS\d347bus.sys
System32\Drivers\d347prt.sys
%SystemRoot%\system32\svchost -k DcomLaunch
%SystemRoot%\system32\svchost.exe -k netsvcs
system32\DRIVERS\disk.sys
%SystemRoot%\System32\dmadmin.exe /com
System32\drivers\dmboot.sys
System32\drivers\dmio.sys
System32\drivers\dmload.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
system32\drivers\DMusic.sys
%SystemRoot%\system32\svchost.exe -k NetworkService
system32\drivers\drmkaud.sys
\??\C:\WINDOWS\system32\drivers\dHook.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\system32\services.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
\??\F:\Rising\Rav\ExpScan.sys
Fastfat
%SystemRoot%\System32\svchost.exe -k netsvcs
system32\DRIVERS\fdc.sys
Fips
system32\DRIVERS\flpydisk.sys
system32\DRIVERS\fltMgr.sys
system32\DRIVERS\fsvga.sys
Fs_Rec
system32\DRIVERS\ftdisk.sys
system32\DRIVERS\gameenum.sys
\??\G:\INSTALL\GMSIPCI.SYS
system32\DRIVERS\msgpc.sys
\SystemRoot\system32\drivers\gpkiller.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
system32\DRIVERS\hidusb.sys
\??\F:\Rising\Rav\HOOKCONT.sys
\??\F:\Rising\Rav\HookReg.sys
\??\F:\Rising\Rav\HookSys.sys
System32\Drivers\HTTP.sys
%SystemRoot%\System32\svchost.exe -k HTTPFilter
i2omgmt
system32\DRIVERS\i8042prt.sys
system32\DRIVERS\imapi.sys
C:\WINDOWS\system32\imapi.exe
inetaccs
Inport
System32\DRIVERS\intelide.sys
system32\DRIVERS\Ip6Fw.sys
\??\C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
system32\DRIVERS\ipinip.sys
system32\DRIVERS\ipnat.sys
system32\DRIVERS\ipsec.sys
system32\DRIVERS\irenum.sys
ISAPISearch
system32\DRIVERS\isapnp.sys
system32\DRIVERS\kbdclass.sys
System32\drivers\klif.sys
System32\drivers\klmc.sys
system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\KRegEx.sys
KSecDD
%SystemRoot%\system32\svchost.exe -k netsvcs
%SystemRoot%\system32\svchost.exe -k netsvcs
lbrtfdc
ldap
LicenseService
%SystemRoot%\system32\svchost.exe -k LocalService
F:\Common Framework\FrameworkService.exe /ServiceStart
\??\F:\Safety Monitor\mcnahook.sys
System32\DRIVERS\MegaIDE.sys
\??\F:\Rising\Rav\MEMSCAN.sys
%SystemRoot%\system32\svchost.exe -k netsvcs
mnmdd
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087
Modem
system32\DRIVERS\mouclass.sys
MountMgr
system32\DRIVERS\mrxdav.sys
system32\DRIVERS\mrxsmb.sys
C:\WINDOWS\system32\msdtc.exe
Msfs
C:\WINDOWS\system32\msiexec.exe /V
system32\drivers\MSKSSRV.sys
system32\drivers\MSPCLOCK.sys
system32\drivers\MSPQM.sys
system32\DRIVERS\mssmbios.sys
system32\drivers\msmpu401.sys
Mup
system32\drivers\naiavf5x.sys
system32\drivers\mvstdi5x.sys
NDIS
system32\DRIVERS\ndistapi.sys
system32\DRIVERS\ndisuio.sys
system32\DRIVERS\ndiswan.sys
NDProxy
system32\DRIVERS\netbios.sys
system32\DRIVERS\netbt.sys
%SystemRoot%\system32\netdde.exe
%SystemRoot%\system32\netdde.exe
%SystemRoot%\system32\lsass.exe
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\system32\svchost.exe -k netsvcs
system32\drivers\npf.sys
Npfs
\??\E:\QQ\npkcrypt.sys
\??\E:\QQ\npkycryp.sys
\??\G:\NTACCESS.sys
Ntfs
%SystemRoot%\system32\lsass.exe
%SystemRoot%\system32\svchost.exe -k netsvcs
Null
system32\DRIVERS\nv4_mini.sys
%SystemRoot%\system32\nvsvc32.exe
system32\DRIVERS\nwlnkflt.sys
system32\DRIVERS\nwlnkfwd.sys
PageDefrag
system32\DRIVERS\parport.sys
PartMgr
ParVdm
system32\DRIVERS\pci.sys
PCIDump
System32\DRIVERS\pciide.sys
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
PerfDisk
PerfNet
PerfOS
PerfProc
%SystemRoot%\system32\services.exe
%SystemRoot%\system32\lsass.exe
system32\DRIVERS\raspptp.sys
system32\DRIVERS\processr.sys
\SystemRoot\System32\drivers\prodrv04.sys
%SystemRoot%\system32\lsass.exe
system32\DRIVERS\psched.sys
system32\DRIVERS\ptilink.sys
system32\DRIVERS\quakedrv.sys
system32\DRIVERS\rasacd.sys
%SystemRoot%\system32\svchost.exe -k netsvcs
system32\DRIVERS\rasl2tp.sys
%SystemRoot%\system32\svchost.exe -k netsvcs
system32\DRIVERS\raspppoe.sys
system32\DRIVERS\raspti.sys
system32\DRIVERS\rdbss.sys
System32\DRIVERS\RDPCDD.sys
RDPDD
system32\DRIVERS\rdpdr.sys
RDPNP
RDPWD
C:\WINDOWS\system32\sessmgr.exe
system32\DRIVERS\redbook.sys
%SystemRoot%\system32\svchost.exe -k netsvcs
%SystemRoot%\system32\svchost.exe -k LocalService
%SystemRoot%\system32\locator.exe
%SystemRoot%\system32\svchost -k rpcss
%SystemRoot%\system32\rsvp.exe
system32\DRIVERS\RTL8139.SYS
%SystemRoot%\system32\lsass.exe
%SystemRoot%\System32\SCardSvr.exe
%SystemRoot%\System32\svchost.exe -k netsvcs
system32\DRIVERS\secdrv.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\system32\svchost.exe -k netsvcs
system32\DRIVERS\serenum.sys
system32\DRIVERS\serial.sys
\??\G:\NTGLM7X.sys
Sfloppy
%SystemRoot%\system32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
Simbad
system32\DRIVERS\SISAGPX.sys
SNMP
system32\drivers\splitter.sys
%SystemRoot%\system32\spoolsv.exe
system32\DRIVERS\sr.sys
%SystemRoot%\system32\svchost.exe -k netsvcs
system32\DRIVERS\srv.sys
%SystemRoot%\system32\svchost.exe -k LocalService
F:\Safety Monitor\SSMService.exe
system32\DRIVERS\st3wolf.sys
%SystemRoot%\system32\svchost.exe -k imgsvc
system32\DRIVERS\stwlfbus.sys
system32\DRIVERS\swenum.sys
system32\drivers\swmidi.sys
C:\WINDOWS\system32\dllhost.exe /Processid:{FE112428-0D75-4ED6-9904-6B55B3381F42}
system32\drivers\sysaudio.sys
%SystemRoot%\system32\smlogsvc.exe
%SystemRoot%\System32\svchost.exe -k netsvcs
system32\DRIVERS\tcpip.sys
TDPIPE
TDTCP
system32\DRIVERS\termdd.sys
%SystemRoot%\System32\svchost -k DComLaunch
%SystemRoot%\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\tlntsvr.exe
TosIde
%SystemRoot%\system32\svchost.exe -k netsvcs
TSDDD
Udfs
C:\WINDOWS\system32\wdfmgr.exe
system32\DRIVERS\update.sys
%SystemRoot%\system32\svchost.exe -k LocalService
%SystemRoot%\System32\ups.exe
USB
system32\DRIVERS\usbhub.sys
system32\DRIVERS\usbohci.sys
system32\DRIVERS\usbprint.sys
system32\DRIVERS\USBSTOR.SYS
system32\DRIVERS\usbuhci.sys
\SystemRoot\System32\drivers\vga.sys
system32\DRIVERS\viaagp.sys
system32\DRIVERS\viaide.sys
VolSnap
%SystemRoot%\System32\vssvc.exe
VXD
%SystemRoot%\System32\svchost.exe -k netsvcs
W3SVC
system32\DRIVERS\wanarp.sys
WDICA
system32\drivers\wdmaud.sys
system32\drivers\tridwave.sys
%SystemRoot%\system32\svchost.exe -k LocalService
%systemroot%\system32\svchost.exe -k netsvcs
Winsock
WinSock2
WinTrust
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
WmiApRpl
C:\WINDOWS\system32\wbem\wmiapsrv.exe
System32\Drivers\WmNdisDrv.sys
WS2IFSL
%SystemRoot%\System32\svchost.exe -k netsvcs
%systemroot%\system32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
{C0B388D4-9965-4DE4-B908-9F72DC5D6A6C}
gototop
 
我无邪
头像
高贵耄耋狮
  • 帖子:20720
  • 注册: 2004-06-10
  • 来自:广西玉林
发表于: 2006-06-17 22:16 | 短消息 资料
字号: 3楼

请下载 System Repair Engineer,使用“智能扫描”,按下“扫描”按钮进行扫描,扫描完成后按下“保存报告”按钮保存报告日志文件(SREng.LOG),把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完,分次粘完,请不要修改。
gototop
 
心心魔魂
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2006-06-17
  • 来自:
发表于: 2006-06-18 08:48 | 只看楼主 短消息 资料
字号: 4楼

2006-06-18,08:38:18

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\Userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><"\Program Files\Logonui\Royale.exe">  [Microsoft Corporation]

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\user\「开始」菜单\程序\启动\腾讯QQ.lnk><N>

==================================
服务
[Antiy live update / Alive Auto-Update Service]
  <C:\Program Files\Antiy Labs\Alive\AliveCenter.exe><N/A>
[McAfee Framework 服务 / McAfeeFramework]
  <F:\Common Framework\FrameworkService.exe /ServiceStart><N/A>
[NT Data Provider / MOBILL]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[System Safety Monitor / SSM]
  <F:\Safety Monitor\SSMService.exe><N/A>

==================================
浏览器加载项
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <F:\迅雷\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[Office Update Installation Engine]
  {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Microsoft ProgressBar Control, version 5.0 (SP2)]
  {0713E8D2-850A-101B-AFC0-4210102A8DA7} <C:\WINDOWS\system32\COMCTL32.OCX, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corp.>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <F:\迅雷\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[&使用迅雷下载]
  <F:\迅雷\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <F:\迅雷\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <E:\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <E:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\QQ\SendMMS.htm, N/A>
gototop
 
心心魔魂
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2006-06-17
  • 来自:
发表于: 2006-06-18 08:48 | 只看楼主 短消息 资料
字号: 5楼

==================================
正在运行的进程
[PID: 440][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 500][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 524][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 568][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 580][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 740][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 788][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 852][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 896][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 972][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1160][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\nvcpl.dll]  <NVIDIA Corporation><6.14.10.8198>
    [C:\WINDOWS\system32\NVRSZHC.DLL]  <NVIDIA Corporation><6.14.10.8198>
    [C:\WINDOWS\system32\nvshell.dll]  <N/A><N/A>
    [F:\迅雷\ComDlls\XunLeiBHO_001.dll]  <Thunder Networking Technologies,LTD><5, 0, 0, 1>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [F:\金山游侠\Tools\KVD\kscdrush.dll]  <金山软件股份有限公司><5, 0, 0, 0>
    [C:\WINDOWS\system32\CBShell.dll]  <SoftCNC><1.0.0.1>
[PID: 1332][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
    [C:\WINDOWS\system32\CNMLM3C.DLL]  <CANON INC.><1.50.2.6>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD3C.DLL]  <CANON INC.><1.50.2.6>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  <Windows (R) 2000 DDK provider><5.00.2195.1620>
[PID: 1500][C:\WINDOWS\system32\RUNDLL32.EXE]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\NvMcTray.dll]  <NVIDIA Corporation><6.14.10.8198>
    [C:\WINDOWS\system32\NVRSZHC.DLL]  <NVIDIA Corporation><6.14.10.8198>
[PID: 1508][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1520][E:\QQ\QQ.exe]  <TENCENT><0, 0, 0, 0>
    [E:\QQ\QQBaseClassInDll.dll]  <><1, 0, 0, 1>
    [E:\QQ\QQHelperDll.dll]  <><1, 0, 0, 1>
    [E:\QQ\BasicCtrlDll.dll]  <Tencent><5, 0, 200, 160>
    [E:\QQ\QQAPI.dll]  <><1, 0, 0, 1>
    [E:\QQ\TIMProxy.dll]  <tencent><0, 3, 2, 4>
    [E:\QQ\LoginCtrl.dll]  <><1, 0, 0, 1>
    [E:\QQ\npkcntc.dll]  <INCA Internet Co., Ltd.><2006, 3, 2, 1>
    [E:\QQ\npkpdb.dll]  <INCA Internet Co., Ltd.><2003, 10, 1, 1>
    [E:\QQ\QQRes.dll]  <tencent><1, 0, 0, 1>
    [E:\QQ\QQMainFrame.dll]  <N/A><N/A>
    [E:\QQ\CQQApplication.dll]  <N/A><N/A>
    [E:\QQ\NewSkin.dll]  <><1, 0, 0, 1>
    [E:\QQ\HostingMgr.dll]  <><1, 0, 0, 1>
    [E:\QQ\CameraDll.dll]  <><1, 0, 0, 1>
    [E:\QQ\MailSummary.dll]  <><1, 0, 0, 1>
    [E:\QQ\QQSpace.dll]  <><1, 0, 0, 1>
    [E:\QQ\QQAllInOne.dll]  <N/A><N/A>
    [E:\QQ\GroupLive.dll]  <N/A><N/A>
    [E:\QQ\SCCore.dll]  <N/A><N/A>
    [E:\QQ\QQMMSender.dll]  <N/A><N/A>
    [E:\QQ\QQSettingCtrl.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
    [E:\QQ\QQGroupMng.dll]  <><1, 0, 0, 1>
    [E:\QQ\UserDefinedHead.dll]  <><1, 0, 0, 1>
    [E:\QQ\QQPlugin.dll]  <N/A><N/A>
    [E:\QQ\QQConfigPlugin.dll]  <><1, 0, 0, 1>
    [E:\QQ\QRingMng.dll]  <N/A><N/A>
    [E:\QQ\PhoneAPI.dll]  <><1, 0, 0, 1>
    [E:\QQ\DialerAllinOne.dll]  <tencent><1, 4, 0, 0>
    [E:\QQ\QQSysMsgMng.dll]  <N/A><N/A>
    [E:\QQ\QQAvatar.dll]  <N/A><N/A>
    [E:\QQ\FlashAvatarDll.dll]  <><1, 4, 0, 1>
    [E:\QQ\LongConnection.dll]  <tencent><5, 0, 200, 160>
    [E:\QQ\QQPet.dll]  <><1, 0, 0, 1>
    [E:\QQ\BQQApplication.dll]  <N/A><N/A>
    [E:\QQ\CommercesMng.dll]  <><1, 0, 0, 1>
    [E:\QQ\PersonalDesktop.dll]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
    [E:\QQ\QQUdpGetFileLib.dll]  <tencent><0, 2, 2, 3>
    [E:\QQ\QQAddr.dll]  <深圳市腾讯计算机系统有限公司><5, 0, 101, 200>
    [E:\QQ\QQSceneMng.dll]  <N/A><N/A>
    [E:\QQ\OEMApplication.dll]  <><1, 0, 0, 1>
    [E:\QQ\QQCustomFace.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
    [E:\QQ\QQPhoneHelper.dll]  <腾讯科技(深圳)有限公司><2, 0, 4, 40>
    [E:\QQ\GroupConnection.dll]  <Tencent><5, 0, 202, 170>
[PID: 1592][E:\QQ\TIMPlatform.exe]  <tencent><0, 3, 1, 8>
    [E:\QQ\TIMProxy.dll]  <tencent><0, 3, 2, 4>
[PID: 164][C:\WINDOWS\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.8198>
[PID: 180][C:\WINDOWS\system32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1456][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 476][C:\WINDOWS\system32\wuauclt.exe]  <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 1108][C:\WINDOWS\system32\wuauclt.exe]  <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 2844][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [F:\迅雷\ComDlls\XunLeiBHO_001.dll]  <Thunder Networking Technologies,LTD><5, 0, 0, 1>
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
[PID: 1672][C:\WINDOWS\system32\taskmgr.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 4024][C:\Documents and Settings\user\桌面\sreng2\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  Error. [C:\WINDOWS\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
gototop
 
我无邪
头像
高贵耄耋狮
  • 帖子:20720
  • 注册: 2004-06-10
  • 来自:广西玉林
发表于: 2006-06-18 09:39 | 短消息 资料
字号: 6楼

运行System Repair Engineer,使用“系统修复,文件关联,勾选“全选”点“修复”使所有扩展名都恢复正常
运行System Repair Engineer,点“启动项目,服务,点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务NT Data Provider,选择“删除服务”点“设置”选择“否”最后重启
双击我的电脑,工具,文件夹选项,查看,单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件(推荐)"复选框。在提示确定更改时,单击“是”,清除“隐藏已知文件类型的扩展名
重启后删除
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT