瑞星卡卡安全论坛
刘安华 - 2005-11-16 14:21:00
我的电脑中网页病毒了是www.kk12.com,系统不定时的弹出不健康的网页,我用3721网上助手,反间谍专家,金山毒霸,金山木马专杀,卡卡助手都用了没用。我用hijackthis。我在听网上的人说用这个软件导出的信息让网上的高手看高手就能告诉你删掉哪个,我是无能为力,求求大侠帮帮小弟吧!
Logfile of HijackThis v1.99.1
Scan saved at 14:10:44, on 2005-11-16
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\KAV2005\KWatch.EXE
C:\WINDOWS\Explorer.EXE
C:\KAV2005\KPfwSvc.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\3721\assistse.exe
C:\KAV2005\KAVStart.EXE
C:\KAV2005\KMailMon.EXE
C:\Program Files\Tuotu\TuoTu.exe
C:\Program Files\3721\ske\TrojanAssistant.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\KAV2005\KAV32.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\lzg\LOCALS~1\Temp\Rar$EX64.102\HijackThis.exe
R3 - URLSearchHook: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] rem RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] rem nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] rem RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] rem "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Thunder] rem "C:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [assistse] "C:\PROGRA~1\3721\assistse.exe"
O4 - HKLM\..\Run: [TuoTu] C:\Program Files\Tuotu\TuoTu.exe -Min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] rem "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: 使用脱兔下载 - C:\Program Files\Tuotu\xdownGeturl.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: 脱兔下载 - {D5C1CCC2-811B-4bf2-BF22-0D3B89600F5B} - C:\Program Files\Tuotu\TuoTu.exe
O9 - Extra 'Tools' menuitem: &TuoTu - {D5C1CCC2-811B-4bf2-BF22-0D3B89600F5B} - C:\Program Files\Tuotu\TuoTu.exe
O11 - Options group: [!CNS] 上网助手-地址栏搜索
O16 - DPF: {045ADB92-9635-45CE-B25B-F19F825B0E39} (MSTPlayerInstaller Control) - http://211.153.184.28/MSTPlayerServer_Update/MSTPlayerInstaller.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126786546116
O17 - HKLM\System\CCS\Services\Tcpip\..\{997785FC-2F25-43CF-B843-CA797891C97F}: NameServer = 202.106.0.20,202.160.46.151
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\KAV2005\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\KAV2005\KWatch.EXE
O23 - Service: File Replication Services (NtFrs32) - Unknown owner - C:\WINDOWS\System32\NtFrs32.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SDAgent Service (SDAgentService) - Unknown owner - C:\Program Files\Common Files\smartde\sde.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
影子110 - 2005-11-16 14:30:00
呵呵,,打开这个网页,弹出来多少页面啊,关一个自动弹出来一个~~~~
建议你发到反浏览器论坛,在那儿会有人帮你解决~~~
只能帮你顶了~~
BlackStone - 2005-11-16 14:32:00
用Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)
工具的下载、使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7318038第14楼
刘安华 - 2005-11-16 14:32:00
能弹出3,4个网页刚才又弹出来个http://pic.666l.com/也是不健康的网页还有几个看不到地址怎么解决下
刘安华 - 2005-11-16 14:52:00
这就是autoruns导出的
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
+ C:\WINDOWS\system32\userinit.exe Userinit Logon Application Microsoft Corporation c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
+ Explorer.exe Windows Explorer Microsoft Corporation c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ assistse AssistSetting yahoo c:\program files\3721\assistse.exe
+ DAEMON Tools-1033 Virtual DAEMON Manager DAEMON'S HOME c:\program files\d-tools\daemon.exe
+ helper.dll Run a DLL as an App Microsoft Corporation c:\windows\system32\rundll32.exe
+ iDuba Personal FireWall \
+ Kavrun \
+ Knight V \
+ NvCplDaemon Run a DLL as an App Microsoft Corporation c:\windows\system32\rundll32.exe
+ NvMediaCenter Run a DLL as an App Microsoft Corporation c:\windows\system32\rundll32.exe
+ nwiz File not found: rem
+ Thunder File not found: rem
+ TkBellExe File not found: rem
+ TuoTu 脱兔 TuoTu.com c:\program files\tuotu\tuotu.exe
C:\Documents and Settings\All Users\「开始」菜单\程序\启动
+ KATAutoRunBackup c:\documents and settings\all users\「开始」菜单\程序\启动\katautorunbackup
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ ctfmon.exe CTF Loader Microsoft Corporation c:\windows\system32\ctfmon.exe
+ iDuba Personal FireWall \
+ MSMSGS File not found: rem
HKLM\System\CurrentControlSet\Services
+ AudioSrv 管理基于 Windows 的程序的音频设备。如果此服务被终止,音频设备及其音效将不能正常工作。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ Browser 维护网络上计算机的更新列表,并将列表提供给计算机指定浏览。如果服务停止,列表不会被更新或维护。如果服务被禁用,任何直接依赖于此服务的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ C-DillaCdaC11BA Macrovision RTS Service Macrovision c:\windows\system32\drivers\cdac11ba.exe
+ CryptSvc 提供三种管理服务: 编录数据库服务,它确定 Windows 文件的签字; 受保护的根服务,它从此计算机添加和删除受信根证书机构的证书;和密钥(Key)服务,它帮助注册此计算机获取证书。如果此服务被终止,这些管理服务将无法正常运行。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ Dhcp 通过注册和更改 IP 地址以及 DNS 名称来管理网络配置。 Microsoft Corporation c:\windows\system32\svchost.exe
+ dmserver 监测和监视新硬盘驱动器并向逻辑磁盘管理器管理服务发送卷的信息以便配置。如果此服务被终止,动态磁盘状态和配置信息会过时。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ Dnscache 为此计算机解析和缓冲域名系统 (DNS) 名称。如果此服务被停止,计算机将不能解析 DNS 名称并定位 Active Directory 域控制器。如果此服务被禁用,任何明确依赖它的服务将不能启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ ERSvc 服务和应用程序在非标准环境下运行时允许错误报告。 Microsoft Corporation c:\windows\system32\svchost.exe
+ Eventlog 启用在事件查看器查看基于 Windows 的程序和组件颁发的事件日志消息。无法终止此服务。 Microsoft Corporation c:\windows\system32\services.exe
+ helpsvc 启用在此计算机上运行帮助和支持中心。如果停止服务,帮助和支持中心将不可用。如果禁用服务,任何直接依赖于此服务的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ KPfwSvc Kingsoft Firewall Service for Windows 2000 Kingsoft Corporation c:\kav2005\kpfwsvc.exe
+ KWatchSvc 金山毒霸文件实时防毒服务程序 Kingsoft Corporation c:\kav2005\kwatch.exe
+ lanmanserver 支持此计算机通过网络的文件、打印、和命名管道共享。如果服务停止,这些功能不可用。如果服务被禁用,任何直接依赖于此服务的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ lanmanworkstation 创建和维护到远程服务的客户端网络连接。如果服务停止,这些连接将不可用。如果服务被禁用,任何直接依赖于此服务的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ LmHosts 允许对“TCP/IP 上 NetBIOS (NetBT)”服务以及 NetBIOS 名称解析的支持。 Microsoft Corporation c:\windows\system32\svchost.exe
+ Messenger 传输客户端和服务器之间的 NET SEND 和 Alerter 服务消息。此服务与 Windows Messenger 无关。如果服务停止,Alerter 消息不会被传输。如果服务被禁用,任何直接依赖于此服务的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ NtFrs32 c:\windows\system32\ntfrs32.exe
刘安华 - 2005-11-16 14:53:00
+ NVSvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\windows\system32\nvsvc32.exe
+ PlugPlay 使计算机在极少或没有用户输入的情况下能识别并适应硬件的更改。终止或禁用此服务会造成系统不稳定。 Microsoft Corporation c:\windows\system32\services.exe
+ PolicyAgent 管理 IP 安全策略以及启动 ISAKMP/Oakley (IKE) 和 IP 安全驱动程序。 Microsoft Corporation c:\windows\system32\lsass.exe
+ ProtectedStorage 提供对敏感数据(如私钥)的保护性存储,以便防止未授权的服务,过程或用户对其的非法访问。 Microsoft Corporation c:\windows\system32\lsass.exe
+ RemoteRegistry 使远程用户能修改此计算机上的注册表设置。如果此服务被终止,只有此计算机上的用户才能修改注册表。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ RpcSs 提供终结点映射程序 (endpoint mapper) 以及其它 RPC 服务。 Microsoft Corporation c:\windows\system32\svchost.exe
+ SamSs 存储本地用户帐户的安全信息。 Microsoft Corporation c:\windows\system32\lsass.exe
+ Schedule 使用户能在此计算机上配置和制定自动任务的日程。如果此服务被终止,这些任务将无法在日程时间里运行。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ SDAgentService File not found: C:\Program Files\Common Files\smartde\sde.exe
+ seclogon 启用替换凭据下的启用进程。如果此服务被终止,此类型登录访问将不可用。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ SENS 跟踪系统事件,如登录 Windows,网络以及电源事件等。将这些事件通知给 COM+ 事件系统 “订阅者(subscriber)”。 Microsoft Corporation c:\windows\system32\svchost.exe
+ ShellHWDetection Generic Host Process for Win32 Services Microsoft Corporation c:\windows\system32\svchost.exe
+ Spooler 将文件加载到内存中以便迟后打印。 Microsoft Corporation c:\windows\system32\spoolsv.exe
+ srservice 执行系统还原功能。 要停止服务,请从“我的电脑”的属性中的系统还原选项卡关闭系统还原 Microsoft Corporation c:\windows\system32\svchost.exe
+ StdService AOL Corp. c:\windows\system32\stdsver.dll
+ Themes 为用户提供使用主题管理的经验。 Microsoft Corporation c:\windows\system32\svchost.exe
+ TrkWks 在计算机内 NTFS 文件之间保持链接或在网络域中的计算机之间保持链接。 Microsoft Corporation c:\windows\system32\svchost.exe
+ UleadBurningHelper ULCDRSvr Ulead Systems, Inc. c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe
+ UMWdf 启用 Windows 用户模式驱动程序。 Microsoft Corporation c:\windows\system32\wdfmgr.exe
+ uploadmgr 管理网络上客户端和服务器之间同步和异步文件传输。如果停止服务,网络上客户端和服务器之间同步和异步文件传输不会发生。如果禁用服务,任何直接依赖于此服务的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ W32Time 维护在网络上的所有客户端和服务器的时间和日期同步。如果此服务被停止,时间和日期的同步将不可用。如果此服务被禁用,任何明确依赖它的服务都将不能启动。
Microsoft Corporation c:\windows\system32\svchost.exe
+ WebClient 使基于 Windows 的程序能创建、访问和修改基于 Internet 的文件。如果此服务被终止,将会失去这些功能。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ winmgmt 提供共同的界面和对象模式以便访问有关操作系统、设备、应用程序和服务的管理信息。如果此服务被终止,多数基于 Windows 的软件将无法正常运行。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ wuauserv 从 Windows Update 启用重要的 Windows 更新的下载和安装。如果禁用该服务,操作系统可以在 Windows Update 网站手动更新。 Microsoft Corporation c:\windows\system32\svchost.exe
+ WZCSVC 为您的 802.11 适配器提供自动配置 Microsoft Corporation c:\windows\system32\svchost.exe
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ Internet Explorer Windows NT User Data Migration Tool Microsoft Corporation c:\windows\system32\shmgrate.exe
+ Internet Explorer 6 IE 5.0 Per-User Install Utility Microsoft Corporation c:\windows\system32\ie4uinit.exe
+ Microsoft Outlook Express 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe
+ Microsoft Windows Media Player Microsoft Windows Media Player 安装实用程序 Microsoft Corporation c:\windows\inf\unregmp2.exe
+ Microsoft Windows Media Player ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll
+ NetMeeting 3.01 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll
+ Outlook Express Windows NT User Data Migration Tool Microsoft Corporation c:\windows\system32\shmgrate.exe
+ Themes Setup Microsoft(C) Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe
+ Windows Messenger ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll
+ Windows 桌面更新 Microsoft(C) Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe
+ 通讯簿 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe
+ 浏览器自定义组件 Microsoft Internet Explorer Customization DLL Microsoft Corporation c:\windows\system32\iedkcs32.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
+ Browseui 预加载程序 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 组件类别缓存程序 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
刘安华 - 2005-11-16 14:56:00
+ CDBurn Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ PostBootReminder Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ SysTray Systray shell service object Microsoft Corporation c:\windows\system32\stobject.dll
+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ shell32.dll Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ %DESC_PublishDropTarget% Photo Printing Wizard Microsoft Corporation c:\windows\system32\photowiz.dll
+ .CAB file viewer Cabinet File Viewer Shell Extension Microsoft Corporation c:\windows\system32\cabview.dll
+ ActiveX 高速缓存文件夹 Object Control Viewer Microsoft Corporation c:\windows\system32\occache.dll
+ Audio Media Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ Auto Update Property Sheet Extension Windows Update AutoUpdate Engine Microsoft Corporation c:\windows\system32\wuaueng.dll
+ Avi Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ BandProxy Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ CDF Extension Copy Hook Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Channel Menu Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll
+ Channel Properties Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll
+ Code Download Agent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Compatibility Page Compatibility Tab Shell Extension DLL Microsoft Corporation c:\windows\system32\slayerxp.dll
+ Compressed (zipped) Folder Right Drag Handler Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll
+ Compressed (zipped) Folder SendTo Target Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll
+ ConnectionAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Crypto PKO Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll
+ Crypto Sign Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll
+ Darwin App Publisher Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl
+ Desktop Explorer NVIDIA Desktop Explorer, Version 105.13 NVIDIA Corporation c:\windows\system32\nvshell.dll
+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 105.13 NVIDIA Corporation c:\windows\system32\nvshell.dll
+ DfsShell Distributed File System shell extension Microsoft Corporation c:\windows\system32\dfsshlex.dll
+ Directory Context Menu Verbs Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll
+ Directory Object Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll
+ Directory Property UI Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll
+ Directory Query UI Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll
+ Directory Start/Search Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll
+ Disk Copy Extension Windows DiskCopy Microsoft Corporation c:\windows\system32\diskcopy.dll
+ Disk Quota UI Windows Shell Disk Quota UI DLL Microsoft Corporation c:\windows\system32\dskquoui.dll
+ Display Adapter CPL Extension Advanced display adapter properties Microsoft Corporation c:\windows\system32\deskadp.dll
+ Display Monitor CPL Extension Advanced display monitor properties Microsoft Corporation c:\windows\system32\deskmon.dll
+ Display Panning CPL Extension File not found: deskpan.dll
+ Display TroubleShoot CPL Extension Advanced display performance properties Microsoft Corporation c:\windows\system32\deskperf.dll
+ DS Security Page Directory Service Security UI Microsoft Corporation c:\windows\system32\dssec.dll
+ Favorites Band Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ FTP Folders Webview Microsoft Internet Explorer FTP Folder Shell Extension Microsoft Corporation c:\windows\system32\msieftp.dll
+ GDI+ 文件缩略图解压缩程序 Windows 图片和传真查看器 Microsoft Corporation c:\windows\system32\shimgvw.dll
+ HTML 缩略图的解压缩程序 Windows 图片和传真查看器 Microsoft Corporation c:\windows\system32\shimgvw.dll
+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll
+ ICC 配置文件 Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll
+ ICM 打印机管理 Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll
+ ICM 监视器管理 Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll
+ ICM 扫描仪管理 Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll
+ IE4 套件初始屏幕 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ IE伴郎 5522 Soft c:\program files\netmeeting\callcont32.dll
+ Installed Apps Enumerator Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl
+ Internet Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Internet Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Internet Name Space Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Internet 临时文件 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Internet 临时文件 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
刘安华 - 2005-11-16 14:57:00
+ InternetShortcut Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ ISFBand OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Microsoft Agent Character Property Sheet Handler Microsoft Agent Property Sheet Handler Microsoft Corporation c:\windows\msagent\agentpsh.dll
+ Microsoft AutoComplete Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Browser Architecture Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Microsoft BrowserBand Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft DocProp Inplace Calendar Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Droplist Combo Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace ML Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Time Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Shell Ext Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft Internet 工具栏 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Url History 服务 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Microsoft Url 搜索挂接 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Microsoft 多个自动完成列表容器 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft 历史自动完成列表 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft 数据链接 Microsoft Data Access - OLE DB Core Services Microsoft Corporation c:\program files\common files\system\ole db\oledb32.dll
+ Microsoft 外壳文件夹自动完成列表 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Midi Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ MMC Icon Handler MMC Shell Extension DLL Microsoft Corporation c:\windows\system32\mmcshext.dll
+ MRU 自动完成列表 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Multimedia File Property Sheet Control Panel Drivers Applet Microsoft Corporation c:\windows\system32\mmsys.cpl
+ MyDocs Copy Hook My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll
+ MyDocs Drop Target My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll
+ MyDocs Properties My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll
+ NTFS Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32.dll
+ NvCpl DesktopContext Class NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 105.13 NVIDIA Corporation c:\windows\system32\nvshell.dll
+ Offline Files Folder Options Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll
+ Offline Files Menu Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll
+ OLE Docfile Property Page OLE DocFile Property Page Microsoft Corporation c:\windows\system32\docprop.dll
+ Play on my TV helper NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
+ PlusPack CPL Extension Windows Theme API Microsoft Corporation c:\windows\system32\themeui.dll
+ Portable Media Devices 便携媒体设备命令行解释器扩展 Microsoft Corporation c:\windows\system32\audiodev.dll
+ Portable Media Devices Menu 便携媒体设备命令行解释器扩展 Microsoft Corporation c:\windows\system32\audiodev.dll
+ PostAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Printers Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32.dll
+ Remote Sessions CPL Extension Remote Sessions CPL Extension Microsoft Corporation c:\windows\system32\remotepg.dll
+ Search Assistant OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Sendmail service Send Mail Microsoft Corporation c:\windows\system32\sendmail.dll
+ Sendmail service Send Mail Microsoft Corporation c:\windows\system32\sendmail.dll
+ Shell Application Manager Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl
+ Shell Automation Inproc Service Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Shell Band Site Menu Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Shell DocObject Viewer Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Shell extensions for file compression \
+ Shell extensions for Microsoft Windows Network objects Network object shell UI Microsoft Corporation c:\windows\system32\ntlanui2.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\ringz studio\storm codec\rpshell.dll
+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll
+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll
+ Shell Image Data Factory Windows 图片和传真查看器 Microsoft Corporation c:\windows\system32\shimgvw.dll
+ Shell Image Property Handler Windows 图片和传真查看器 Microsoft Corporation c:\windows\system32\shimgvw.dll
+ Shell Image Verbs Windows 图片和传真查看器 Microsoft Corporation c:\windows\system32\shimgvw.dll
+ Shell properties for a DS object Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll
+ Shell Scrap DataHandler Shell scrap object handler Microsoft Corporation c:\windows\system32\shscrap.dll
+ Subscription Mgr Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Tasks Folder Icon Handler Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll
+ Tasks Folder Shell Extension Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll
+ TrayAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ TridentImageExtractor Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Video Media Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ Video Thumbnail Extractor Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
刘安华 - 2005-11-16 14:58:00
+ Wav Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ Web Printer Shell Extension Print UI DLL Microsoft Corporation c:\windows\system32\printui.dll
+ Web 搜索 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ WebCheck SyncMgr Handler Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ WebCheckChannelAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ WebCheckWebCrawler Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll
+ Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll
+ Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll
+ Windows Script Host 的 Shell extensions Microsoft (r) Shell Extension for Windows Script Host Microsoft Corporation c:\windows\system32\wshext.dll
+ WinRAR shell extension c:\program files\winrar\rarext.dll
+ Yahoo Trojan Cleanner c:\program files\3721\ske\contmenu.dll
+ 帮助和支持 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ 帮助和支持 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ 补充的外壳文件夹 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 补充的外壳文件夹 2 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 窗格中的搜索 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 地址 EditBox Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 地址(&A) Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 地址条解析程序 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 电子邮件 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ 粉碎文件 File not found: C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll
+ 跟踪弹出栏 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 公文包 Windows Briefcase Microsoft Corporation c:\windows\system32\syncui.dll
+ 管理工具 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ 获取 Passport 向导 Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll
+ 加密上下文菜单 \
+ 可访问的 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 历史记录 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ 媒体区 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 频道句柄对象 Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll
+ 频道快捷方式 Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll
+ 频道文件 Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll
+ 全局文件夹设置 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 任务计划 Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll
+ 任务栏和「开始」菜单 Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ 扫描仪和照相机 Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll
+ 扫描仪和照相机 Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll
+ 扫描仪和照相机 Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll
+ 扫描仪和照相机 Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll
+ 扫描仪和照相机 Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll
+ 搜索 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ 搜索区 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 通过 Web 订购照片 Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll
+ 脱机文件夹 Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll
+ 外壳 DeskBar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 外壳 DeskBarApp Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 外壳 Rebar BandSite Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 外壳出版向导对象 Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll
+ 网络出版向导 Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll
+ 网络连接 Network Connections Shell Microsoft Corporation c:\windows\system32\netshell.dll
+ 网络连接 Network Connections Shell Microsoft Corporation c:\windows\system32\netshell.dll
+ 下载状态 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 压缩(zipped)文件夹 Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll
刘安华 - 2005-11-16 14:59:00
+ 用户(&P)... Find People Microsoft Corporation c:\program files\outlook express\wabfind.dll
+ 用户帮助 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 用户帐户 Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll
+ 预订文件夹 Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ 运行... Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ 摘要信息缩略图处理程序(DOCFILES) Windows 图片和传真查看器 Microsoft Corporation c:\windows\system32\shimgvw.dll
+ 注册数目路选项实用程序 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 自定义 MRU 自动完成列表 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ 字体 Windows Font Folder Microsoft Corporation c:\windows\system32\fontext.dll
+ 字体 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ 浏览器栏 Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ 金山毒霸2005 Kingsoft Antivirus Explorer Integration Kingsoft Corporation c:\kav2005\kavext.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ {24F14F01-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ {24F14F02-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ {66742402-F9B9-11D1-A202-0000F81FEDEE} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ std software AOL Corp. c:\windows\system32\stdup.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
+ coolbar CoolBar 3721 c:\program files\3721\assist\asbar.dll
+ shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ &TuoTu 脱兔 TuoTu.com c:\program files\tuotu\tuotu.exe
+ @shdoclc.dll,-864 c:\windows\web\related.htm
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
+ autocheck autochk * Auto Check Utility Microsoft Corporation c:\windows\system32\autochk.exe
+ ck File not found: ck
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
+ Your Image File Name Here without a path Symbolic Debugger for Windows 2000 Microsoft Corporation c:\windows\system32\ntsd.exe
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
+ advapi32 Advanced Windows 32 Base API Microsoft Corporation c:\windows\system32\advapi32.dll
+ comdlg32 Common Dialogs DLL Microsoft Corporation c:\windows\system32\comdlg32.dll
+ gdi32 GDI Client DLL Microsoft Corporation c:\windows\system32\gdi32.dll
+ imagehlp Windows NT Image Helper Microsoft Corporation c:\windows\system32\imagehlp.dll
+ kernel32 Windows NT BASE API Client DLL Microsoft Corporation c:\windows\system32\kernel32.dll
+ lz32 LZ Expand/Compress API DLL Microsoft Corporation c:\windows\system32\lz32.dll
+ ole32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\ole32.dll
+ oleaut32 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems Microsoft Corporation c:\windows\system32\oleaut32.dll
+ olecli32 Object Linking and Embedding Client Library Microsoft Corporation c:\windows\system32\olecli32.dll
+ olecnv32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olecnv32.dll
+ olesvr32 Object Linking and Embedding Server Library Microsoft Corporation c:\windows\system32\olesvr32.dll
+ olethk32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olethk32.dll
+ rpcrt4 Remote Procedure Call Runtime Microsoft Corporation c:\windows\system32\rpcrt4.dll
+ shell32 Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ url Internet Shortcut Shell Extension DLL Microsoft Corporation c:\windows\system32\url.dll
+ urlmon OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ user32 Windows XP USER API Client DLL Microsoft Corporation c:\windows\system32\user32.dll
+ version Version Checking and File Installation Libraries Microsoft Corporation c:\windows\system32\version.dll
+ wininet Internet Extensions for Win32 Microsoft Corporation c:\windows\system32\wininet.dll
+ wldap32 Win32 LDAP API DLL Microsoft Corporation c:\windows\system32\wldap32.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ cscdll Offline Network Agent Microsoft Corporation c:\windows\system32\cscdll.dll
+ ScCertProp Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
+ Schedule Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
+ SensLogn Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
+ termsrv Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
+ wlballoon Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
HKCU\Control Panel\Desktop\Scrnsave.exe
+ C:\WINDOWS\仙剑奇~1.SCR c:\windows\仙剑奇侠传三屏幕保护程序.scr
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{1607E168-9FAE-4B8C-A90F-AC9B529B2367}] DATAGRAM 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{1607E168-9FAE-4B8C-A90F-AC9B529B2367}] SEQPACKET 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{23042F72-D5F1-430E-B356-E1B274FCA3AC}] DATAGRAM 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{23042F72-D5F1-430E-B356-E1B274FCA3AC}] SEQPACKET 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{6378CEE5-2502-4FED-91F2-A36B62E0EE4E}] DATAGRAM 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{6378CEE5-2502-4FED-91F2-A36B62E0EE4E}] SEQPACKET 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{997785FC-2F25-43CF-B843-CA797891C97F}] DATAGRAM 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{997785FC-2F25-43CF-B843-CA797891C97F}] SEQPACKET 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [RAW/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [TCP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [UDP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ RSVP TCP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll
+ RSVP UDP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ BJ Language Monitor Langage Monitor for Canon Bubble-Jet Printer Microsoft Corporation c:\windows\system32\cnbjmon.dll
+ Local Port Local Spooler DLL Microsoft Corporation c:\windows\system32\localspl.dll
+ PJL Language Monitor PJL Language monitor Microsoft Corporation c:\windows\system32\pjlmon.dll
+ Standard TCP/IP Port Standard TCP/IP Port Monitor DLL Microsoft Corporation c:\windows\system32\tcpmon.dll
+ USB Monitor Standard Dynamic Printing Port Monitor DLL Microsoft Corporation c:\windows\system32\usbmon.dll
刘安华 - 2005-11-16 15:12:00
看样子只能格C盘了
BlackStone - 2005-11-16 15:20:00
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)
海色の月 - 2005-11-16 22:59:00
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll
这项可以修复掉。
这两项可从注册表编辑器里删除:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SDAgentService
雪山松子 - 2005-11-17 0:13:00
你仔细查看源代码有一段被强制添加的如:
<ifream>..省略代码...</ifream>
这就是病毒发现的问题,删除就是,我也是刚刚修改好我的网站发现这样的恶意修改!
神无 - 2005-11-17 0:25:00
R3 - URLSearchHook: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] rem "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] rem nwiz.exe /install
O4 - HKLM\..\Run: [Thunder] rem "C:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [assistse] "C:\PROGRA~1\3721\assistse.exe"
O4 - HKLM\..\Run: [TuoTu] C:\Program Files\Tuotu\TuoTu.exe -Min
O4 - HKCU\..\Run: [MSMSGS] rem "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: 脱兔下载 - {D5C1CCC2-811B-4bf2-BF22-0D3B89600F5B} - C:\Program Files\Tuotu\TuoTu.exe
O9 - Extra 'Tools' menuitem: &TuoTu - {D5C1CCC2-811B-4bf2-BF22-0D3B89600F5B} - C:\Program Files\Tuotu\TuoTu.exe
O11 - Options group: [!CNS] 上网助手-地址栏搜索
O16 - DPF: {045ADB92-9635-45CE-B25B-F19F825B0E39} (MSTPlayerInstaller Control) - http://211.153.184.28/MSTPlayerServer_Update/MSTPlayerInstaller.ocx
O23 - Service: SDAgent Service (SDAgentService) - Unknown owner - C:\Program Files\Common Files\smartde\sde.exe (file missing)
修复这几项
1
© 2000 - 2026 Rising Corp. Ltd.