不加糖的咖啡 - 2005-7-26 2:04:00
**** Run Keys ****
RUN: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
RUN: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
RUN: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
RUN: [SoundMan] SOUNDMAN.EXE
RUN: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
RUN: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
RUN: [nwiz] nwiz.exe /install
RUN: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
RUN: [BigDogPath] C:\WINDOWS\VM_STI.EXE PC Camera CAMCAN
RUN: [KAVPersonal50] "F:\杀毒软件\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
RUN: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CONFLICT.3\CnsMin.dll,Rundll32
RUN: [Super Rabbit SRRestore] F:\PROGRA~1\SUPERR~1\MAGICSET\SRRest.exe /autosave
RUN: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
RUN: [Super Rabbit IEPro] F:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD
RUN: [Super Rabbit CDNotify] F:\Program Files\Super Rabbit\MagicSet\srcdnoti.exe /LOAD
RUN: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
**** Browser Helper Objects ****
BHO: []
BHO: [QQBrowserHelperObject Class] F:\QQ\QQIEHelper.dll
BHO: [CnsHook Class] C:\WINDOWS\DOWNLO~1\CONFLICT.3\CnsHook.dll
**** IE Toolbars ****
TOOLBAR: [电台(&R)] C:\WINDOWS\System32\msdxm.ocx
**** IE Extensions ****
IEExt: [手机短信] http://sms.3721.com/ie/index.htm
IEExt: [手机短信] http://sms.3721.com/ie/index.htm
IEExt: [Yahoo 1G电邮] http://cn.mail.yahoo.com/promo/rd1
IEExt: [寻宝乐趣多] http://hot.3721.com/rd/shop_btn.htm
IEExt: [上网助手] http://assistant.3721.com/index.htm?fb=Cns
IEExt: [@shdoclc.dll,-866] http://assistant.3721.com/index.htm?fb=Cns
IEExt: [QQ] F:\QQ\QQ.EXE
IEExt: [QQ] F:\QQ\QQ.EXE
IEExt: [情景聊天] http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/
IEExt: [情景聊天] http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/
IEExt: [Messenger] C:\Program Files\Messenger\MSMSGS.EXE
IEExt: [Messenger] C:\Program Files\Messenger\MSMSGS.EXE
**** Hosts File Entries ****
HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost
**** IE Settings ****
Default Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default Search: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Local Page: C:\WINDOWS\System32\blank.htm
Search Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
**** IE Context Menu (Right click) ****
IEContext: [添加到QQ自定义面板] F:\QQ\AddPanel.htm
IEContext: [添加到QQ表情] F:\QQ\AddEmotion.htm
IEContext: [用QQ彩信发送该图片] F:\QQ\SendMMS.htm
**** Layered Service Providers ****
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{01C49A16-4287-4F27-97B6-ECA7DA7DB037}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{01C49A16-4287-4F27-97B6-ECA7DA7DB037}] DATAGRAM 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7C39679F-8030-477C-9FF3-A99303C4EBFB}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7C39679F-8030-477C-9FF3-A99303C4EBFB}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1ED2D146-BE1B-4AEC-9743-53C701EBC9EE}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1ED2D146-BE1B-4AEC-9743-53C701EBC9EE}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D08D1D94-8918-4DCB-999B-D2F37F10FEDB}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D08D1D94-8918-4DCB-999B-D2F37F10FEDB}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DABB91EA-FEF0-4A9F-9716-DDEE6075151E}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DABB91EA-FEF0-4A9F-9716-DDEE6075151E}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7766A4E9-5F9F-4DC5-95B6-958B10CB3B99}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7766A4E9-5F9F-4DC5-95B6-958B10CB3B99}] DATAGRAM 4
**** Blocked Control Panel Items ****
BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No
**** Downloaded Program Files ****
DirectAnimation Java Classes [file://C:\WINDOWS\Java\classes\dajava.cab]
Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} [http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab] C:\WINDOWS\Downloaded Program Files\OL2005.dll
**** Windows Services ****
[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
[CiSvc] %SystemRoot%\system32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HexadecimaRepresentation] "C:\WINDOWS\Edit.exe"
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[ImapiService] C:\WINDOWS\System32\imapi.exe
[kavsvc] "F:\杀毒软件\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"
[lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\System32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[NVSvc] %SystemRoot%\System32\nvsvc32.exe
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RemoteRegistry] %SystemRoot%\system32\svchost.exe -k LocalService
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardDrv] %SystemRoot%\System32\SCardSvr.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{71969CFE-1809-43F5-820D-1E7B9E2EF40D}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost.exe -k netsvcs
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TlntSvr] C:\WINDOWS\System32\tlntsvr.exe
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[uploadmgr] %SystemRoot%\System32\svchost.exe -k netsvcs
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSp] %SystemRoot%\System32\svchost.exe -k netsvcs
[Wmi] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
**** Custom IE Search Items ****
SEARCH: [SearchAssistant] http://seek.3721.com/srchasst.htm
SEARCH: [CustomizeSearch] http://seek.3721.com/srchcust.htm
SEARCH: [OCustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SEARCH: [OSearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
**** Complete IE Options ****
IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\WINDOWS\System32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [Use FormSuggest] yes
IEOPT: [Disable Display Inline Images] no
IEOPT: [Disable Display Inline Videos] no
IEOPT: [Display Inline Videos] yes
IEOPT: [Disable Play_Animations] no
IEOPT: [Disable Play_Background_Sounds] no
IEOPT: [CNSMenu]
IEOPT: [CNSHint]
IEOPT: [CNSReset]
IEOPT: [CNSEnable]
IEOPT: [CNSList]
IEOPT: [CNSAutoUpdate]
IEOPT: [ASSUIN] 1
IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] %SystemRoot%\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] about:blank
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
我QQ278686415
不加糖的咖啡 - 2005-7-26 2:45:00
00
endurer - 2005-7-26 2:53:00
楼主原来遇到了什么问题?请说明。
不加糖的咖啡 - 2005-7-26 2:59:00
我遇见个病毒杀不掉删也杀不掉杀掉了还有我晕哦你加我QQ278686415啊
不加糖的咖啡 - 2005-7-26 3:08:00
是个特落衣木马
不加糖的咖啡 - 2005-7-26 3:09:00
你加我QQ278686415啊
不加糖的咖啡 - 2005-7-26 3:09:00
麻烦你了啊
不加糖的咖啡 - 2005-7-26 3:14:00
C:\System Volume Information\_restore{291780AD-309B-4B4B-8E29-87D4CCD2F0B6}
不加糖的咖啡 - 2005-7-26 3:14:00
C:\WINDOWS\system32\i
不加糖的咖啡 - 2005-7-26 3:16:00
就这2个文件里面
不加糖的咖啡 - 2005-7-26 3:21:00
人呢/
不加糖的咖啡 - 2005-7-26 3:25:00
不知道撒`哪木马就在那里的。.
不加糖的咖啡 - 2005-7-26 3:26:00
这些文件里面有个chenge文件删不掉隔离不了有没毒 但是把他们全部删完 只剩这一个文件 我把文件关了在开就马上有有了那些文件在安全模式下面删都删不了!
不加糖的咖啡 - 2005-7-26 3:27:00
怎么关闭系统还原?
不言放弃 - 2005-7-26 3:29:00
| 引用: |
【不加糖的咖啡的贴子】怎么关闭系统还原?
........................... |
参考http://forum.ikaka.com/topic.asp?board=28&artid=5216854
不加糖的咖啡 - 2005-7-26 3:38:00
C:\System Volume Information\_restore{291780AD-309B-4B4B-8E29-87D4CCD2F0B6}这里面的 我去你给我的哪个网站看了下 我这机子上没关闭还原啊..!
不加糖的咖啡 - 2005-7-26 3:41:00
就是不关闭不了啊
不加糖的咖啡 - 2005-7-26 3:45:00
你加我QQ 你远程 我 你来看看我在你给我哪网页上没弄起啊 我QQ278686415
© 2000 - 2026 Rising Corp. Ltd.