瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 帮忙看看吧,IE主页被nb64占领..附日志等

12   1  /  2  页   跳转

帮忙看看吧,IE主页被nb64占领..附日志等

收藏
kaka伊
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2006-08-19
  • 来自:
发表于: 2006-08-19 21:29 | 显示全部 短消息 资料
字号: 1楼

帮忙看看吧,IE主页被nb64占领..附日志等

HijackThis_815汉化版扫描日志 V1.99.1
保存于      20:38:09, 日期 2006-8-19
操作系统:  Windows XP SP2 (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\KAV2006\KAVStart.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\KAV2006\KPFW32.EXE
D:\KAV2006\KMailMon.EXE
C:\WINDOWS\System32\svchost.exe
D:\KAV2006\KPfwSvc.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UpdateService.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\QQ\QQ.exe
D:\Program Files\QQ\TIMPlatform.exe
D:\新建文件夹\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: Shockwave Flash Object - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - C:\WINDOWS\system32\smflash.ocx
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4700.dll (file missing)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\迅雷\迅雷\ComDlls\XunLeiBHO_002.dll (file missing)
O4 - 启动项HKLM\\Run: [KavStart] "D:\KAV2006\KAVStart.exe" -startup
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KavPFW] "D:\KAV2006\KPFW32.EXE"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\迅雷\迅雷\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\迅雷\迅雷\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\迅雷\迅雷\Thunder.exe (file missing)
O9 - 浏览器额外的“工具”菜单项: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\迅雷\迅雷\Thunder.exe (file missing)
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\secur.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\secur.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BE8BEF2-D6B6-4A03-ADB3-A1FE0674BAC6}: NameServer = 202.102.192.68 202.102.199.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{A149991E-0C12-4B45-9D19-01CB3F7707F7}: NameServer = 202.102.192.68,202.102.199.68
O23 - NT 服务: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - D:\KAV2006\KPfwSvc.EXE
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: UpdateService - Unknown owner - C:\WINDOWS\system32\UpdateService.exe

最后编辑2006-08-23 10:21:49
分享到:
gototop
 
kaka伊
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2006-08-19
  • 来自:
发表于: 2006-08-19 21:33 | 显示全部 短消息 资料
字号: 2楼

:\KAV2006\KAVStart.exe   
Unknown  running process. (KAVStart.exe)

  This is a unknown process.

  C:\Program Files\Common Files\Real\Update_OB\realsched.exe   
Safe.  running process. (realsched.exe)
Checks for updates for RealPlayer
 

  C:\WINDOWS\system32\ctfmon.exe   
Safe.  This entry was classified from our visitors as good.
  Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
  D:\KAV2006\KPFW32.EXE   
Unknown  running process. (KPFW32.EXE)

  This is a unknown process.

  D:\KAV2006\KMailMon.EXE   
Unknown  running process. (KMailMon.EXE)

  This is a unknown process.

  C:\WINDOWS\System32\svchost.exe   
Safe.  running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.
 

  D:\KAV2006\KPfwSvc.EXE   
Unknown  running process. (KPfwSvc.EXE)

  This is a unknown process.

  C:\WINDOWS\system32\nvsvc32.exe   
Safe.  This entry was classified from our visitors as good.
  Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
  C:\WINDOWS\System32\svchost.exe   
Safe.  running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.
 

  C:\WINDOWS\system32\UpdateService.exe   
Unknown  running process. (UpdateService.exe)

  This is a unknown process.

  C:\WINDOWS\System32\svchost.exe   
Safe.  running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.
 

  D:\Program Files\QQ\QQ.exe   
Unknown  running process. (QQ.exe)

  This is a unknown process.

  D:\Program Files\QQ\TIMPlatform.exe   
Unknown  running process. (TIMPlatform.exe)

  This is a unknown process.

  D:\新建文件夹\HijackThis1991汉化୭ 6;\HijackThis1991zww.exe   
Unknown  running process. (HijackThis1991zww.exe)

  This is a unknown process.

  R3 - 默认的URLSearchHook丢失。用HijackThis& #20462;复   
Possibly nasty  Should be fixed if you do not know the application or if no application is mentioned.
  Should be fixed if you do not know this application.
  O2 - BHO: Shockwave Flash Object - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - C:\WINDOWS\system32\smflash.ocx   
Unknown  Entries found in this registry zone are potentially nasty. This application ([14A21378-5BB1-4BC4-95D5-5D3F51527F6F] - Result: ) has been checked. Hit rate: 0,00%
  Unknown application.
  O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4700.dll (file missing)   
Unnecessarily  Entries found in this registry zone are potentially nasty. This application ([16B770A0-0E87-4278-B748-2460D64A8386] - Result: ) has been checked. Hit rate: 0,00%
  Unknown application.
Unnecessary (deactivated) entry that can be fixed.
  O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\迅雷\迅雷\ComDlls\XunLeiBHO_002.dll (file missing)   
Unnecessarily  Entries found in this registry zone are potentially nasty. This application ([889D2FEB-5411-4565-8998-1DD2C5261283] - Result: 889D2FEB-5411-4565-8998-1DD2C5261283) has been checked. Hit rate: 100,00%
 
Unnecessary (deactivated) entry that can be fixed.
  O4 - 启动项HKLM\\Run: [KavStart] "D:\KAV2006\KAVStart.exe" -startup   
Unknown 
Hit rate: 0,00 % (result)
  Unknown application.
gototop
 
kaka伊
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2006-08-19
  • 来自:
发表于: 2006-08-19 21:33 | 显示全部 短消息 资料
字号: 3楼

HKCU\..\Run: [KavPFW] "D:\KAV2006\KPFW32.EXE"   
Unknown 
Hit rate: 0,00 % (result)
  Unknown application.
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present   
Safe.  This entry was classified from our visitors as good.
  Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
  O8 - IE右键菜单中的新增项௤ 6;: &使用迅雷下载 - D:\迅雷\迅雷\Program\GetUrl.htm   
Possibly nasty  Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed.
  To be fixed if the entry '&使用迅雷下载 ' is unknown.
  O8 - IE右键菜单中的新增项௤ 6;: &使用迅雷下载全部链接 ; - D:\迅雷\迅雷\Program\GetAllUrl.htm   
Possibly nasty  Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed.
  To be fixed if the entry '&使用迅雷下载全部链接 ' is unknown.
  O8 - IE右键菜单中的新增项௤ 6;: 上传到QQ网络硬盘 - D:\Program Files\QQ\AddToNetDisk.htm   
Possibly nasty  Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed.
  To be fixed if the entry '上传到QQ网络硬盘 ' is unknown.
  O8 - IE右键菜单中的新增项௤ 6;: 添加到QQ自定义面板 - D:\Program Files\QQ\AddPanel.htm   
Possibly nasty  Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed.
  To be fixed if the entry '添加到QQ自定义面板 ' is unknown.
  O8 - IE右键菜单中的新增项௤ 6;: 添加到QQ表情 - D:\Program Files\QQ\AddEmotion.htm   
Possibly nasty  Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed.
  To be fixed if the entry '添加到QQ表情 ' is unknown.
  O8 - IE右键菜单中的新增项௤ 6;: 用QQ彩信发送该图片 - D:\Program Files\QQ\SendMMS.htm   
Possibly nasty  Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed.
  To be fixed if the entry '用QQ彩信发送该图片 ' is unknown.
  O9 - 浏览器额外的按钮: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\迅雷\迅雷\Thunder.exe (file missing)   
Unnecessarily  Unknown buttons or entries in the 'Extras'-menu should be fixed.
  To be fixed if the entry '启动迅雷 ' is unknown.
Unnecessary (deactivated) entry that can be fixed.
  O9 - 浏览器额外的“工具”菜ࡕ 3;项: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\迅雷\迅雷\Thunder.exe (file missing)   
Unnecessarily  Unknown buttons or entries in the 'Extras'-menu should be fixed.
  To be fixed if the entry '启动迅雷 ' is unknown.
Unnecessary (deactivated) entry that can be fixed.
  O10 - 未知的文件在 Winsock LSP: c:\windows\system32\secur.dll   
Nasty  This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
  Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org.
  O10 - 未知的文件在 Winsock LSP: c:\windows\system32\secur.dll   
Nasty  This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
  Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org.
  O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com   
Safe.  This entry should be fixed if this address does not belong to your PC-manufacturer or your 'Internet-Service-Provider (ISP)'.
   
  O17 - HKLM\System\CCS\Services\Tcpip\..\{3BE8BEF2-D6B6-4A03-ADB3-A1FE0674BAC6}: NameServer = 202.102.192.68 202.102.199.68   
Possibly nasty  If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too.
  Do you know the IP or Domain '202.102.192.68 202.102.199.68'? If not, fix this entry.
  O17 - HKLM\System\CCS\Services\Tcpip\..\{A149991E-0C12-4B45-9D19-01CB3F7707F7}: NameServer = 202.102.192.68,202.102.199.68   
Possibly nasty  If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too.
  Do you know the IP or Domain '202.102.192.68,202.102.199.68'? If not, fix this entry.
  O23 - NT 服务: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - D:\KAV2006\KPfwSvc.EXE   
Unknown  These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
  Unknown service. (KPfwSvc.EXE)
  O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe   
Safe.  These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
  This service (nvsvc32.exe) was identified as a good one.
  O23 - NT 服务: UpdateService - Unknown owner - C:\WINDOWS\system32\UpdateService.exe   

gototop
 
kaka伊
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2006-08-19
  • 来自:
发表于: 2006-08-19 21:34 | 显示全部 短消息 资料
字号: 4楼

我都不知道该怎么办,我看到的全发上来了,大虾门帮帮忙啦,谢谢....
gototop
 
kaka伊
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2006-08-19
  • 来自:
发表于: 2006-08-19 21:36 | 显示全部 短消息 资料
字号: 5楼

引用:
【建能的贴子】O23 - NT 服务: UpdateService - Unknown owner - C:\WINDOWS\system32\UpdateService.exe
灰鸽子
………………

是什么???我该咋办???
gototop
 
kaka伊
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2006-08-19
  • 来自:
发表于: 2006-08-20 00:36 | 显示全部 短消息 资料
字号: 6楼

HijackThis_815汉化版扫描日志 V1.99.1
保存于      0:26:01, 日期 2006-8-20
操作系统:  Windows XP SP2 (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\KAV2006\KAVStart.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\KAV2006\KPFW32.EXE
C:\WINDOWS\System32\svchost.exe
D:\KAV2006\KPfwSvc.EXE
D:\KAV2006\KMailMon.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\wuauclt.exe
D:\新建文件夹\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: Shockwave Flash Object - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - C:\WINDOWS\system32\smflash.ocx
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4700.dll (file missing)
O4 - 启动项HKLM\\Run: [KavStart] "D:\KAV2006\KAVStart.exe" -startup
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KavPFW] "D:\KAV2006\KPFW32.EXE"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\迅雷\迅雷\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\迅雷\迅雷\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\迅雷\迅雷\Thunder.exe (file missing)
O9 - 浏览器额外的“工具”菜单项: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\迅雷\迅雷\Thunder.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BE8BEF2-D6B6-4A03-ADB3-A1FE0674BAC6}: NameServer = 202.102.192.68 202.102.199.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{A149991E-0C12-4B45-9D19-01CB3F7707F7}: NameServer = 202.102.192.68,202.102.199.68
O23 - NT 服务: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - D:\KAV2006\KPfwSvc.EXE
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
gototop
 
kaka伊
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2006-08-19
  • 来自:
发表于: 2006-08-20 00:38 | 显示全部 短消息 资料
字号: 7楼

按你的说法操作后,日志如上...谢谢....接下来怎么办???
gototop
 
kaka伊
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2006-08-19
  • 来自:
发表于: 2006-08-20 22:51 | 显示全部 短消息 资料
字号: 8楼

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <KavPFW><"D:\KAV2006\KPFW32.EXE">  [Kingsoft Corporation]
    <Super Rabbit IEPro><D:\新建文件夹\magicset776\MagicSet\SRIECLI.EXE /LOAD>  [Super Rabbit Soft]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <KavStart><"D:\KAV2006\KAVStart.exe" -startup>  [Kingsoft Corporation]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <91cast><; >  []
    <bgoomain.exe><; C:\Program Files\baigoo\bgoomain.exe>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <caishowmanage><; C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <CdnCtr><; C:\Program Files\CNNIC\Cdn\cdnup.exe>  []
    <Desktop><; C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll>  []
    <iDuba Personal FireWall><; >  []
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  []
    <LetsCool><; C:\Program Files\LetsCool\LetsCool.exe>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    <Load><; C:\PROGRA~1\svhost32.exe C:\WINDOWS\system\8aei697.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MiniPPGou.exe><; C:\Program Files\MiniPPGou\MiniPPGou.exe>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <msnnt><; C:\WINDOWS\Updatec.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MSService_v1.0><; C:\WINDOWS\system\realsched.exe>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MyShares><; c:\program Files\忆多多\MyShares.exe /tray>  []
    <NetCounter><; c:\Program Files\NetCounter\NetCount.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <ourmini><; C:\WINDOWS\System\svchost.exe>  []
    <pbmini><; C:\Program Files\pcast\PodcastbarMini\PodcastBar.exe -hide>  []
    <SoundMam><; C:\WINDOWS\system32\SVOHOST.exe>  []
    <spoolsv><; >  []
    <svc><; C:\WINDOWS\svchost.exe>  []
    <sysupd><; C:\WINDOWS\system32\sysupd.exe>  []
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
gototop
 
kaka伊
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2006-08-19
  • 来自:
发表于: 2006-08-20 22:51 | 显示全部 短消息 资料
字号: 9楼

启动文件夹
服务
[Kingsoft Personal Firewall Service / KPfwSvc]
  <"D:\KAV2006\KPfwSvc.EXE"><Kingsoft Corporation>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[UpdateService / UpdateService]
  <C:\WINDOWS\system32\UpdateService.exe><N/A>

==================================
浏览器加载项
[Shockwave Flash Object]
  {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} <C:\WINDOWS\system32\smflash.ocx, Macromedia, Inc.>
[MyIEHelper Class]
  {16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4700.dll, N/A>
[启动迅雷]
  {0062C9BD-B349-40DE-91A0-755F37ACD559} <D:\Program Files\Thunder Network\迅雷\Thunder.exe, Thunder Networking Technologies,LTD>
[Shockwave Flash Object]
  {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} <C:\WINDOWS\system32\smflash.ocx, Macromedia, Inc.>
[MyIEHelper Class]
  {16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4700.dll, N/A>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\新建文件夹\MagicSet\haokanbar.dll, N/A>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder Network\迅雷\ComDlls\XunLeiBHO_002.dll, N/A>
[Mini PPGou BHO]
  {92FB5F8F-8254-4978-9C50-03D9B0405062} <C:\PROGRA~1\MINIPP~1\MINIPP~1.DLL, N/A>
[WAB Importer/Exporter]
  {AA158CA5-93B4-4CD4-8D8C-BB6F9F515213} <C:\WINDOWS\System32\wabimp.dll, N/A>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <D:\Program Files\Thunder Network\迅雷\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\Program Files\Thunder Network\迅雷\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\QQ\SendMMS.htm, N/A>
gototop
 
kaka伊
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2006-08-19
  • 来自:
发表于: 2006-08-20 22:51 | 显示全部 短消息 资料
字号: 10楼

正在运行的进程
[PID: 440][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 512][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 560][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 604][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 616][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 768][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 836][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 896][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 956][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1020][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1220][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1412][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [D:\KAV2006\KMailOEBand.dll]  <N/A><2006, 5, 19, 118>
    [C:\Program Files\Acrobatchs\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
    [C:\WINDOWS\system32\nvcpl.dll]  <NVIDIA Corporation><6.14.10.8185>
    [C:\WINDOWS\system32\NVRSZHC.DLL]  <NVIDIA Corporation><6.14.10.8185>
    [C:\WINDOWS\system32\nvshell.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\smflash.ocx]  <Macromedia, Inc.><6.8.19.1>
    [D:\新建文件夹 (2)\rarext.dll]  <N/A><N/A>
    [D:\KAV2006\KAVEXT.DLL]  <Kingsoft Corporation><2005, 8, 5, 16>
    [D:\MP3工具\AMVTools\SrcCount.dll]  <><1, 0, 0, 1>
[PID: 1516][D:\KAV2006\KAVStart.exe]  <Kingsoft Corporation><2006, 7, 6, 198>
    [D:\KAV2006\KAVIPC2.DLL]  <Kingsoft Corporation><2004, 12, 28, 20>
    [D:\KAV2006\PopSprt3.dll]  <Kingsoft Corporation><2005, 12, 6, 30>
    [D:\KAV2006\KAVPassp.dll]  <Kingsoft Corporation><2006, 6, 7, 252>
    [D:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [D:\KAV2006\KMailOEBand.dll]  <N/A><2006, 5, 19, 118>
[PID: 1540][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3292>
    [D:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 1596][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 1608][D:\KAV2006\KPFW32.EXE]  <Kingsoft Corporation><2006, 8, 9, 615>
    [D:\KAV2006\KAVIPC2.DLL]  <Kingsoft Corporation><2004, 12, 28, 20>
    [D:\KAV2006\KAConfig.DLL]  <Kingsoft Corporation><2005, 3, 23, 30>
    [D:\KAV2006\FiltList.dll]  <N/A><N/A>
    [D:\KAV2006\KAVPassp.DLL]  <Kingsoft Corporation><2006, 6, 7, 252>
    [D:\KAV2006\KMailOEBand.dll]  <N/A><2006, 5, 19, 118>
    [D:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [D:\KAV2006\KAEPlat.DLL]  <Kingsoft Corp.><2006, 4, 25, 58>
    [D:\KAV2006\KAEMem.DAT]  <Kingsoft><2006, 5, 17, 14>
    [D:\KAV2006\KAEUnpack.DAT]  <Kingsoft Corp.><2006, 6, 15, 44>
[PID: 1656][D:\KAV2006\KMailMon.EXE]  <Kingsoft Corporation><2006, 4, 12, 106>
    [D:\KAV2006\KAntiSpm.dll]  <N/A><1, 0, 0, 2>
    [D:\KAV2006\KAVIPC2.DLL]  <Kingsoft Corporation><2004, 12, 28, 20>
    [D:\KAV2006\KAECall2.DLL]  <Kingsoft Corporation><2004, 12, 28, 7>
    [D:\KAV2006\KAEPlat.DLL]  <Kingsoft Corp.><2006, 4, 25, 58>
    [D:\KAV2006\KAEMem.DAT]  <Kingsoft><2006, 5, 17, 14>
    [D:\KAV2006\KAEUnpack.DAT]  <Kingsoft Corp.><2006, 6, 15, 44>
    [D:\KAV2006\KAConfig.DLL]  <Kingsoft Corporation><2005, 3, 23, 30>
    [D:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [D:\KAV2006\KMailOEBand.dll]  <N/A><2006, 5, 19, 118>
[PID: 1772][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1808][D:\KAV2006\KPfwSvc.EXE]  <Kingsoft Corporation><2005, 9, 5, 28>
[PID: 1864][C:\WINDOWS\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.8185>
[PID: 1892][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1064][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 924][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3504][D:\Program Files\Maxthon\Maxthon.exe]  <Maxthon International Ltd.><1, 5, 6, 42>
    [D:\Program Files\Maxthon\maxzlib.dll]  < ><1, 0, 0, 2>
    [D:\KAV2006\KMailOEBand.dll]  <N/A><2006, 5, 19, 118>
    [D:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [D:\Program Files\Maxthon\Services\RealTime\real_time.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
[PID: 2648][D:\Program Files\QQ\QQ.exe]  <TENCENT><0, 0, 0, 0>
    [D:\Program Files\QQ\QQBaseClassInDll.dll]  <><1, 0, 0, 1>
    [D:\Program Files\QQ\QQHelperDll.dll]  <><1, 0, 0, 1>
    [D:\Program Files\QQ\BasicCtrlDll.dll]  <Tencent><5, 0, 200, 160>
    [D:\KAV2006\KMailOEBand.dll]  <N/A><2006, 5, 19, 118>
    [D:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [D:\Program Files\QQ\QQAPI.dll]  <><1, 0, 0, 1>
    [D:\Program Files\QQ\TIMProxy.dll]  <tencent><0, 3, 2, 4>
    [D:\Program Files\QQ\LoginCtrl.dll]  <><1, 0, 0, 1>
    [D:\Program Files\QQ\npkcntc.dll]  <INCA Internet Co., Ltd.><2006, 3, 2, 1>
    [D:\Program Files\QQ\npkpdb.dll]  <INCA Internet Co., Ltd.><2003, 10, 1, 1>
    [D:\Program Files\QQ\QQRes.dll]  <tencent><1, 0, 0, 1>
    [D:\Program Files\QQ\QQMainFrame.dll]  <N/A><N/A>
    [D:\Program Files\QQ\CQQApplication.dll]  <N/A><N/A>
    [D:\Program Files\QQ\NewSkin.dll]  <><1, 0, 0, 1>
    [D:\Program Files\QQ\HostingMgr.dll]  <><1, 0, 0, 1>
    [D:\Program Files\QQ\CameraDll.dll]  <><1, 0, 0, 1>
    [D:\Program Files\QQ\MailSummary.dll]  <><1, 0, 0, 1>
    [D:\Program Files\QQ\QQSpace.dll]  <><1, 0, 0, 1>
    [D:\Program Files\QQ\QQAllInOne.dll]  <N/A><N/A>
    [D:\Program Files\QQ\GroupLive.dll]  <N/A><N/A>
    [D:\Program Files\QQ\SCCore.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
    [D:\Program Files\QQ\QQGroupMng.dll]  <><1, 0, 0, 1>
    [D:\Program Files\QQ\UserDefinedHead.dll]  <><1, 0, 0, 1>
    [D:\Program Files\QQ\QQPlugin.dll]  <N/A><N/A>
    [D:\Program Files\QQ\QQCustomFace.dll]  <N/A><N/A>
    [D:\Program Files\QQ\QQPet.dll]  <><1, 0, 0, 1>
    [D:\Program Files\QQ\QQSysMsgMng.dll]  <N/A><N/A>
    [D:\Program Files\QQ\QQConfigPlugin.dll]  <><1, 0, 0, 1>
    [D:\Program Files\QQ\QQAvatar.dll]  <N/A><N/A>
    [D:\Program Files\QQ\FlashAvatarDll.dll]  <><1, 4, 0, 1>
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
    [D:\Program Files\QQ\QRingMng.dll]  <N/A><N/A>
    [D:\Program Files\QQ\ImageOle.dll]  <TODO: <Company name>><1.0.0.1>
    [D:\Program Files\QQ\QQMagicFace.dll]  <><1, 0, 0, 1>
    [D:\Program Files\QQ\QQSceneMng.dll]  <N/A><N/A>
    [D:\Program Files\QQ\PhoneAPI.dll]  <><1, 0, 0, 1>
    [D:\Program Files\QQ\DialerAllinOne.dll]  <tencent><1, 4, 0, 0>
    [D:\Program Files\QQ\GroupConnection.dll]  <Tencent><5, 0, 202, 170>
    [D:\Program Files\QQ\LongConnection.dll]  <tencent><5, 0, 200, 160>
    [D:\Program Files\QQ\QQZip.dll]  <tencent><0, 3, 2, 4>
    [D:\Program Files\QQ\BQQApplication.dll]  <N/A><N/A>
    [D:\Program Files\QQ\CommercesMng.dll]  <><1, 0, 0, 1>
    [D:\Program Files\QQ\PersonalDesktop.dll]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
    [D:\Program Files\QQ\QQAddr.dll]  <深圳市腾讯计算机系统有限公司><5, 0, 101, 200>
[PID: 2684][D:\Program Files\QQ\TIMPlatform.exe]  <tencent><0, 3, 1, 8>
    [D:\KAV2006\KMailOEBand.dll]  <N/A><2006, 5, 19, 118>
    [D:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [D:\Program Files\QQ\TIMProxy.dll]  <tencent><0, 3, 2, 4>
[PID: 2248][D:\Program Files\Maxthon\Maxthon.exe]  <Maxthon International Ltd.><1, 5, 6, 42>
    [D:\Program Files\Maxthon\maxzlib.dll]  < ><1, 0, 0, 2>
    [D:\KAV2006\KMailOEBand.dll]  <N/A><2006, 5, 19, 118>
    [D:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [D:\Program Files\Maxthon\Services\RealTime\real_time.dll]  <><1, 0, 0, 1>
[PID: 3440][D:\新建文件夹\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [D:\KAV2006\KMailOEBand.dll]  <N/A><2006, 5, 19, 118>
    [D:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT