瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 惊现最新变种病毒pctools!IE地址栏被篡改为http://www.6781.com/

12   1  /  2  页   跳转

惊现最新变种病毒pctools!IE地址栏被篡改为http://www.6781.com/

收藏
YukiLeung
头像
初生襁褓狮
  • 帖子:54
  • 注册: 2006-11-21
  • 来自:
发表于: 2006-11-26 10:27 | 只看楼主 短消息 资料
字号: 1楼

惊现最新变种病毒pctools!IE地址栏被篡改为http://www.6781.com/

路径:C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
贴上hijackthis扫描日志:


Logfile of HijackThis v1.99.1
Scan saved at 10:12:01, on 2006-11-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ntfis.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SuService.exe
d:\ruijie网络\8021x.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\imapi.exe
F:\ADOBEREAD\HijackThis.exe

R3 - URLSearchHook: BDSrchHook Class - {2C5AA40E-8814-4EB6-876E-7EFB8B3F9662} - C:\WINDOWS\DOWNLO~1\BDSrHook.dll (file missing)
O2 - BHO: (no name) - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cpqset] ; C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [IMSCMig] ; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\RunServices: [Supplicant] d:\ruijie网络\8021x.exe -Boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: 上传到QQ网络硬盘 - F:\QQ\QQ2006BETA3\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - F:\QQ\QQ2006BETA3\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - F:\QQ\QQ2006BETA3\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\QQ\QQ2006BETA3\SendMMS.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\QQ2006BETA3\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\QQ2006BETA3\QQ.EXE (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\QQ2006BETA3\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\QQ2006BETA3\QQIEHelper.dll (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {53AF6E02-F18F-4228-AC13-3E79773FBE50} (CMCBooter Object) - http://download.mysee.com/plugin/booter.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Supplicant Service - Unknown owner - C:\WINDOWS\system32\SuService.exe

最后编辑2006-11-26 22:16:10
分享到:
gototop
 
YukiLeung
头像
初生襁褓狮
  • 帖子:54
  • 注册: 2006-11-21
  • 来自:
发表于: 2006-11-26 10:37 | 只看楼主 短消息 资料
字号: 2楼

2006-11-26,10:21:26

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <Cpqset><; C:\Program Files\HPQ\Default Settings\cpqset.exe>  [N/A]
    <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <Supplicant><d:\ruijie网络\8021x.exe -Boot>  [锐捷网络]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ATIPTA><; "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe">  [ATI Technologies, Inc.]
    <ccApp><; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
    <HControl><; C:\WINDOWS\ATK0100\HControl.exe>  [(Verified)]
    <iTunesHelper><; "F:\music\ITUNES\iTunesHelper.exe">  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MsnMsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Mysee Alert><; "C:\Program Files\GAOV\Mysee Alert\Mysee Alert.exe" -notray>  [N/A]
    <RemoteControl><; C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe>  [Cyberlink Corp.]
    <StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    <SunJavaUpdateSched><; C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe>  [Sun Microsystems, Inc.]
    <SynTPEnh><; C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Synaptics, Inc.]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]

==================================
启动文件夹
N/A

==================================
服务
[Application Management / AppMgmt]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Symantec Event Manager / ccEvtMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Volume Optimization / ClipArt]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\bfpvxt22.dll><Microsoft Corporation>
[File Replication / File Replication]
  <C:\WINDOWS\system32\ntfis.exe><Microsoft Corporation>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Norton AntiVirus Auto Protect Service / navapsvc]
  <"C:\Program Files\Norton AntiVirus\navapsvc.exe"><Symantec Corporation>
[SAVScan / SAVScan]
  <"C:\Program Files\Norton AntiVirus\SAVScan.exe"><Symantec Corporation>
[ScriptBlocking Service / SBService]
  <C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe><Symantec Corporation>
[Supplicant Service / Supplicant Service]
  <C:\WINDOWS\system32\SuService.exe><N/A>

==================================
驱动程序
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService]
  <system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[AliIde / AliIde]
  <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[anyapi84 / anyapi84]
  <\??\C:\WINDOWS\system32\drivers\anyapi84.sys><Microsoft Corporation>
[ati2mtag / ati2mtag]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[ENTECH / ENTECH]
  <\??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS><EnTech Taiwan>
[GEAR CDRom Filter / GEARAspiWDM]
  <SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HSFHWAZL / HSFHWAZL]
  <system32\DRIVERS\HSFHWAZL.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP]
  <system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[mdmxsdk / mdmxsdk]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[msqmx / msqmx]
  <\??\C:\WINDOWS\system32\drivers\msqmx.sys><Microsoft Corporation>
[ATK0100 ACPI UTILITY / MTsensor]
  <system32\DRIVERS\ATKACPI.sys><>
[NAVENG / NAVENG]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061122.019\NAVENG.Sys><Symantec Corporation>
[NAVEX15 / NAVEX15]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061122.019\NavEx15.Sys><Symantec Corporation>
[npkcrypt / npkcrypt]
  <\??\F:\QQ\QQ2006BETA3\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[qqinoe27 / qqinoe27]
  <\??\C:\WINDOWS\system32\drivers\qqinoe27.sys><Microsoft Corporation>
[rimsptsk / rimsptsk]
  <\SystemRoot\system32\DRIVERS\rimsptsk.sys><REDC>
[risdptsk / risdptsk]
  <\SystemRoot\system32\DRIVERS\risdptsk.sys><REDC>
[Ricoh xD-Picture Card Driver / rismxdp]
  <\SystemRoot\system32\DRIVERS\rixdptsk.sys><REDC>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp]
  <system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[SAVRT / SAVRT]
  <\??\C:\Program Files\Norton AntiVirus\SAVRT.SYS><Symantec Corporation>
[SAVRTPEL / SAVRTPEL]
  <\??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS><Symantec Corporation>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><N/A>
[SMC IrCC Miniport Device Driver / SMCIRDA]
  <system32\DRIVERS\smcirda.sys><SMC>
[SymEvent / SymEvent]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV]
  <\??\C:\WINDOWS\system32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI]
  <\??\C:\WINDOWS\system32\Drivers\SYMTDI.SYS><Symantec Corporation>
[Synaptics TouchPad Driver / SynTP]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[TCP/IP Protocol Driver / Tcpip]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TOSHIBA Bluetooth HID port driver / toshidpt]
  <system32\drivers\Toshidpt.sys><TOSHIBA Corporation.>
[Bluetooth Port Driver from Toshiba / tosporte]
  <system32\DRIVERS\tosporte.sys><TOSHIBA Corporation>
[Bluetooth RFBUS from TOSHIBA / Tosrfbd]
  <System32\Drivers\tosrfbd.sys><TOSHIBA CORPORATION>
[Bluetooth RFBNEP from TOSHIBA / Tosrfbnp]
  <System32\Drivers\tosrfbnp.sys><TOSHIBA Corporation>
[Bluetooth RFCOMM from TOSHIBA / Tosrfcom]
  <System32\Drivers\tosrfcom.sys><TOSHIBA Corporation>
[Bluetooth RFHID from TOSHIBA / Tosrfhid]
  <system32\DRIVERS\Tosrfhid.sys><TOSHIBA Corporation.>
[Bluetooth Personal Area Network from TOSHIBA / tosrfnds]
  <system32\DRIVERS\tosrfnds.sys><TOSHIBA Corporation.>
[Bluetooth Audio Device (WDM) from TOSHIBA / TosRfSnd]
  <system32\drivers\TosRfSnd.sys><TOSHIBA Corporation>
[Bluetooth USB Controller / Tosrfusb]
  <System32\Drivers\tosrfusb.sys><TOSHIBA CORPORATION>
[ViaIde / ViaIde]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[用于 Windows XP 的英特尔(R) PRO/无线 2200BG 网络连接驱动程序 / w29n51]
  <system32\DRIVERS\w29n51.sys><Intel? Corporation>
gototop
 
YukiLeung
头像
初生襁褓狮
  • 帖子:54
  • 注册: 2006-11-21
  • 来自:
发表于: 2006-11-26 10:43 | 只看楼主 短消息 资料
字号: 3楼

==================================
浏览器加载项
[]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <F:\QQ2006BETA3\QQ.EXE, N/A>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <F:\QQ2006BETA3\QQIEHelper.dll, N/A>
[Norton AntiVirus]
  {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} <C:\Program Files\Norton AntiVirus\NavShExt.dll, N/A>
[CMCBooter Object]
  {53AF6E02-F18F-4228-AC13-3E79773FBE50} <C:\WINDOWS\system32\Booter.ocx, 北京高维视讯科技有限公司>
[Java Plug-in 1.5.0_04]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_04]
  {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, N/A>
[Norton AntiVirus]
  {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} <C:\Program Files\Norton AntiVirus\NavShExt.dll, N/A>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <F:\QQ2006BETA3\QQIEHelper.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[CNavExtBho Class]
  {BDF3E430-B101-42AD-A544-FADC6B084872} <C:\Program Files\Norton AntiVirus\NavShExt.dll, N/A>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
  <F:\QQ\QQ2006BETA3\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <F:\QQ\QQ2006BETA3\AddPanel.htm, N/A>
[添加到QQ表情]
  <F:\QQ\QQ2006BETA3\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <F:\QQ\QQ2006BETA3\SendMMS.htm, N/A>
gototop
 
YukiLeung
头像
初生襁褓狮
  • 帖子:54
  • 注册: 2006-11-21
  • 来自:
发表于: 2006-11-26 10:43 | 只看楼主 短消息 资料
字号: 4楼

==================================
正在运行的进程
[PID: 336][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 480][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 516][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4119]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 1, 0, 2, 2]
[PID: 560][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 572][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 724][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4119]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2497]
[PID: 748][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 804][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 844][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 896][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 928][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1060][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe]  [Symantec Corporation, 2.0.0.635]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 2.0.0.635]
[PID: 1140][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4119]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 1, 0, 2, 2]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2497]
[PID: 1204][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe]  [Symantec Corporation, 2.0.0.635]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 2.0.0.635]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\ccSetEvt.dll]  [Symantec Corporation, 2.0.0.635]
    [C:\PROGRA~1\NORTON~1\NAVEvent.dll]  [Symantec Corporation, 10.00.109]
[PID: 1240][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 1, 0, 2, 2]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll]  [Symantec Corporation, 1, 1, 1, 131]
    [C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll]  [Symantec Corporation, 1, 1, 1, 131]
[PID: 1452][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\tbtmon.dll]  [Toshiba America Business Solutions, Inc., 1.14]
    [C:\WINDOWS\system32\TosBtHcrpAPI.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\TosBtAPI.dll]  [TOSHIBA CORPORATION., 3.03.5707.0]
    [C:\WINDOWS\system32\TosBdAPI.dll]  [TOSHIBA CORPORATION., 3, 03, 0, 0]
    [C:\WINDOWS\system32\tbtmon98Language.dll]  [TOSHIBA CORPORATION., 1.01.00.CHS]
[PID: 1864][C:\WINDOWS\system32\ntfis.exe]  [Microsoft Corporation, 5, 2, 3790, 1830]
[PID: 1892][C:\Program Files\Norton AntiVirus\navapsvc.exe]  [Symantec Corporation, 10.00.109]
    [C:\Program Files\Norton AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.2.0.79]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 2.0.0.635]
[PID: 2016][C:\Program Files\Norton AntiVirus\SAVScan.exe]  [Symantec Corporation, 9.2.0.79]
    [C:\Program Files\Norton AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.2.0.79]
    [C:\Program Files\Common Files\Symantec Shared\ccScan.dll]  [Symantec Corporation, 2.0.0.635]
    [C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL]  [Symantec Corp., 1.0.1.2]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061122.019\ecmsvr32.dll]  [Symantec Corporation, 61.3.0.18]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061122.019\NAVEX32a.DLL]  [Symantec Corporation, 20061.3.0.12]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061122.019\NAVENG32.DLL]  [Symantec Corporation, 20061.3.0.12]
    [C:\Program Files\Norton AntiVirus\NAVAP32.DLL]  [Symantec Corporation, 9.2.0.79]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\DECSDK.DLL]  [Symantec Corporation, 3.02.10.16]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll]  [Symantec Corporation, 3.02.10.16]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll]  [Symantec Corporation, 3.02.10.16]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll]  [Symantec Corporation, 3.02.10.16]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll]  [Symantec Corporation, 3.02.10.16]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll]  [Symantec Corporation, 3.02.10.16]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll]  [Symantec Corporation, 3.02.10.16]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll]  [Symantec Corporation, 3.02.10.16]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll]  [Symantec Corporation, 3.02.10.16]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll]  [Symantec Corporation, 3.02.10.16]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2EXE.dll]  [Symantec Corporation, 3.02.10.16]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll]  [Symantec Corporation, 3.02.10.16]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll]  [Symantec Corporation, 3.02.10.16]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll]  [Symantec Corporation, 3.02.10.16]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll]  [Symantec Corporation, 3.02.10.16]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll]  [Symantec Corporation, 3.02.10.16]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll]  [Symantec Corporation, 3.02.10.16]
[PID: 200][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 164][C:\WINDOWS\system32\SuService.exe]  [N/A, N/A]
[PID: 456][d:\ruijie网络\8021x.exe]  [锐捷网络, 2, 50, 0, 0]
    [C:\WINDOWS\system32\W32N50.dll]  [Printing Communications Assoc., Inc. (PCAUSA), 5.03.16.54]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 1, 0, 2, 2]
[PID: 1564][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 924][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3510]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 1, 0, 2, 2]
[PID: 1500][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 1, 0, 2, 2]
[PID: 2076][C:\Program Files\MSN Messenger\msnmsgr.exe]  [Microsoft Corporation, 8.0.0812.00]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 1, 0, 2, 2]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll]  [Symantec Corporation, 1, 1, 1, 131]
    [C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll]  [Symantec Corporation, 1, 1, 1, 131]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 2428][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2940][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1752][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 1, 0, 2, 2]
    [C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll]  [Symantec Corporation, 1, 1, 1, 131]
    [C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll]  [Symantec Corporation, 1, 1, 1, 131]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 2252][c:\windows\imapi.exe]  [Microsoft Corporation, 1.0.0.1]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 1, 0, 2, 2]
[PID: 3232][C:\Documents and Settings\User\桌面\sreng最新版\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 1, 0, 2, 2]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
gototop
 
红夜鬼1
头像
横据古稀狮
  • 帖子:8602
  • 注册: 2006-10-18
  • 来自:
发表于: 2006-11-26 10:52 | 短消息 资料
字号: 5楼

重新启动电脑,自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。)



运行(双击)SRENG2,点“启动项目,服务,点“驱动程序”
勾选“隐藏已认证的微软项目”选中病毒服务[anyapi84 / anyapi84]
选择“删除服务”
点“设置”选择“否”


运行(双击)SRENG2,点“启动项目,服务,点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务Volume Optimization ,选择“删除服务”
点“设置”选择“否”


运行SREng2,使用“系统修复”--浏览器加载项--删除
[]
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, N/A>



显示隐藏文件
删除:                           
C:\WINDOWS\system32\bfpvxt22.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
C:\WINDOWS\system32\SOGOUPY.IME
C:\WINDOWS\system32\drivers\anyapi84.sys
gototop
 
金汇豪庭
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2006-11-09
  • 来自:
发表于: 2006-11-26 11:28 | 短消息 资料
字号: 6楼

负责任地告诉你:你的电脑完了!
gototop
 
YukiLeung
头像
初生襁褓狮
  • 帖子:54
  • 注册: 2006-11-21
  • 来自:
发表于: 2006-11-26 12:08 | 只看楼主 短消息 资料
字号: 7楼

引用:
【红夜鬼1的贴子】重新启动电脑,自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。)



运行(双击)SRENG2,点“启动项目,服务,点“驱动程序”
勾选“隐藏已认证的微软项目”选中病毒服务[anyapi84 / anyapi84]
选择“删除服务”
点“设置”选择“否”


运行(双击)SRENG2,点“启动项目,服务,点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务Volume Optimization ,选择“删除服务”
点“设置”选择“否”


运行SREng2,使用“系统修复”--浏览器加载项--删除
[]
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, N/A>



显示隐藏文件
删除:                           
C:\WINDOWS\system32\bfpvxt22.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
C:\WINDOWS\system32\SOGOUPY.IME
C:\WINDOWS\system32\drivers\anyapi84.sys
………………



我按照你的去做了,可是却遇到了困难。
1,搜索appmgmts.dll,找不到,包括隐藏文件。
2,删除了你说的那些病毒之后重启,用超级兔子扫描,发现pctools.dll这个东西还在。但是手动搜索C:\WINDOWS\system32\bfpvxt22.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
C:\WINDOWS\system32\SOGOUPY.IME
C:\WINDOWS\system32\drivers\anyapi84.sys
……………这几个你说要删除的东西时却找不到。那究竟是否已经成功删除?

现在真是焦头烂额。新电脑前阵子第一次中毒,然后现在又中毒,真是痛苦。
gototop
 
YukiLeung
头像
初生襁褓狮
  • 帖子:54
  • 注册: 2006-11-21
  • 来自:
发表于: 2006-11-26 12:09 | 只看楼主 短消息 资料
字号: 8楼

引用:
【金汇豪庭的贴子】负责任地告诉你:你的电脑完了!
………………

楼上的这么说是什么意思?
难道说这病毒没办法杀吗?
gototop
 
YukiLeung
头像
初生襁褓狮
  • 帖子:54
  • 注册: 2006-11-21
  • 来自:
发表于: 2006-11-26 12:11 | 只看楼主 短消息 资料
字号: 9楼

这是杀毒之后的扫描报告:

Logfile of HijackThis v1.99.1
Scan saved at 11:51:45, on 2006-11-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ntfis.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
c:\windows\imapi.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SuService.exe
d:\ruijie网络\8021x.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\桌面\sreng最新版\SREng\SREng.exe
F:\ADOBEREAD\HijackThis.exe

R3 - URLSearchHook: BDSrchHook Class - {2C5AA40E-8814-4EB6-876E-7EFB8B3F9662} - C:\WINDOWS\DOWNLO~1\BDSrHook.dll (file missing)
O2 - BHO: (no name) - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cpqset] ; C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [IMSCMig] ; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ATIPTA] ; "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ccApp] ; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HControl] ; C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [iTunesHelper] ; "F:\music\ITUNES\iTunesHelper.exe"
O4 - HKLM\..\Run: [Mysee Alert] ; "C:\Program Files\GAOV\Mysee Alert\Mysee Alert.exe" -notray
O4 - HKLM\..\Run: [RemoteControl] ; C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [StormCodec_Helper] ; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] ; C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\RunServices: [Supplicant] d:\ruijie网络\8021x.exe -Boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: 上传到QQ网络硬盘 - F:\QQ\QQ2006BETA3\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - F:\QQ\QQ2006BETA3\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - F:\QQ\QQ2006BETA3\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\QQ\QQ2006BETA3\SendMMS.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\QQ2006BETA3\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\QQ2006BETA3\QQ.EXE (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\QQ2006BETA3\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\QQ2006BETA3\QQIEHelper.dll (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {53AF6E02-F18F-4228-AC13-3E79773FBE50} (CMCBooter Object) - http://download.mysee.com/plugin/booter.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Supplicant Service - Unknown owner - C:\WINDOWS\system32\SuService.exe
gototop
 
YukiLeung
头像
初生襁褓狮
  • 帖子:54
  • 注册: 2006-11-21
  • 来自:
发表于: 2006-11-26 12:12 | 只看楼主 短消息 资料
字号: 10楼

2006-11-26,11:51:43

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <msnmsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <Cpqset><; C:\Program Files\HPQ\Default Settings\cpqset.exe>  [N/A]
    <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <ATIPTA><; "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe">  [ATI Technologies, Inc.]
    <ccApp><; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
    <HControl><; C:\WINDOWS\ATK0100\HControl.exe>  [(Verified)]
    <iTunesHelper><; "F:\music\ITUNES\iTunesHelper.exe">  [N/A]
    <Mysee Alert><; "C:\Program Files\GAOV\Mysee Alert\Mysee Alert.exe" -notray>  [N/A]
    <RemoteControl><; C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe>  [Cyberlink Corp.]
    <StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    <SunJavaUpdateSched><; C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe>  [Sun Microsystems, Inc.]
    <SynTPEnh><; C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Synaptics, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <Supplicant><d:\ruijie网络\8021x.exe -Boot>  [锐捷网络]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[ASP.NET State Service / aspnet_state]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Symantec Event Manager / ccEvtMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[File Replication / File Replication]
  <C:\WINDOWS\system32\ntfis.exe><Microsoft Corporation>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Norton AntiVirus Auto Protect Service / navapsvc]
  <"C:\Program Files\Norton AntiVirus\navapsvc.exe"><Symantec Corporation>
[SAVScan / SAVScan]
  <"C:\Program Files\Norton AntiVirus\SAVScan.exe"><Symantec Corporation>
[ScriptBlocking Service / SBService]
  <C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe><Symantec Corporation>
[Supplicant Service / Supplicant Service]
  <C:\WINDOWS\system32\SuService.exe><N/A>
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT