瑞星卡卡安全论坛
gg枫qq - 2006-10-3 12:00:00
我的按钮已经变成这样了.怎么才能该回来?
附件:
7352602006103115213.bmp
zgr稳得起 - 2006-10-3 12:03:00
[version]
Signature=$CHICAGO$
[defaultinstall]
delreg=deleteMe
[deleteMe]
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder
------------------------------------------------------------------------------------
首先将上面蓝绿色的字符复制到记事本中再保存为后缀名为“inf”的“删除Folder.inf”文件名,找到它右击它选择“安装”即可,
再将下面红色的字符代码复制到记事本中再保存后缀名为“REG”的文件名,找到它双击它导入注册表即可。(注意:这两个文件执行有先
后次序,必须先执行蓝绿色的后缀名为inf的脚本文件再导入执行红色的后缀名为reg的注册表文件)
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder]
"Type"="group"
"Text"="@shell32.dll,-30498"
"Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\
48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\
00
"HelpID"="shell.hlp#51140"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewState]
"Type"="checkbox"
"Text"="@shell32.dll,-30506"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="ClassicViewState"
"CheckedValue"=dword:00000000
"UncheckedValue"=dword:00000001
"DefaultValue"=dword:00000000
"HelpID"="shell.hlp#51076"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideMyComputerIcons"
"Text"="@shell32.dll,-30497"
"Type"="checkbox"
"ValueName"="{21EC2020-3AEA-1069-A2DD-08002B30309D}"
"CheckedValue"=dword:00000000
"UncheckedValue"=dword:00000001
"DefaultValue"=dword:00000001
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51150"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess]
"Type"="checkbox"
"Text"="@shell32.dll,-30507"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="SeparateProcess"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000000
"HelpID"="shell.hlp#51079"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\Policy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\Policy\SeparateProce
ss]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache]
"Type"="checkbox"
"Text"="@shell32.dll,-30517"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="DisableThumbnailCache"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000000
"HelpID"="shell.hlp#51155"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FolderSizeTip]
"Type"="checkbox"
"Text"="@shell32.dll,-30514"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="FolderContentsInfoTip"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree]
"Type"="checkbox"
"Text"="@shell32.dll,-30511"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="FriendlyTree"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"HelpID"="shell.hlp#51149"
"DefaultValue"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden]
"Text"="@shell32.dll,-30499"
"Type"="group"
"Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\
48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\
00
"HelpID"="shell.hlp#51131"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30501"
"Type"="radio"
"CheckedValue"=dword:00000002
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51104"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"
"CheckValue"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt]
"Type"="checkbox"
"Text"="@shell32.dll,-30503"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="HideFileExt"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="shell.hlp#51101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler]
"Type"="checkbox"
"Text"="@shell32.dll,-30509"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="NoNetCrawling"
"CheckedValue"=dword:00000000
"UncheckedValue"=dword:00000001
"DefaultValue"=dword:00000000
"HelpID"="shell.hlp#51147"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy\NoNetCrawling]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowsers]
"Type"="checkbox"
"Text"="@shell32.dll,-30513"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="PersistBrowsers"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"HelpID"="shell.hlp#51152"
"DefaultValue"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor]
"Type"="checkbox"
"Text"="@shell32.dll,-30512"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="ShowCompColor"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="shell.hlp#51130"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath]
"Type"="checkbox"
"Text"="@shell32.dll,-30504"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CabinetState"
"ValueName"="FullPath"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000000
"HelpID"="shell.hlp#51100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress]
"Type"="checkbox"
"Text"="@shell32.dll,-30505"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CabinetState"
"ValueName"="FullPathAddress"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="shell.hlp#51107"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip]
"Type"="checkbox"
"Text"="@shell32.dll,-30502"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="ShowInfoTip"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="shell.hlp#51102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SimpleSharing]
"Type"="checkbox"
"Text"="@shell32.dll,-30518"
"HKeyRoot"=dword:80000002
"RegPath"="System\\CurrentControlSet\\Control\\LSA"
"ValueName"="ForceGuest"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"HelpID"="shell.hlp#51154"
"DefaultValue"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden]
"Type"="checkbox"
"Text"="@shell32.dll,-30508"
"WarningIfNotDefault"="@shell32.dll,-28964"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="ShowSuperHidden"
"CheckedValue"=dword:00000000
"UncheckedValue"=dword:00000001
"DefaultValue"=dword:00000001
"HelpID"="shell.hlp#51103"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHid
den]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarricade]
"Type"="checkbox"
"Text"="@shell32.dll,-30510"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="WebViewBarricade"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"HelpID"="shell.hlp#51148"
"DefaultValue"=dword:00000000
zgr稳得起 - 2006-10-3 12:05:00
如果一楼的方法没有效果可能中毒在安全模式下杀毒再用这个扫描日志\HijackThis1991zww.exe扫描日志传上来看看
下载软件网址:天空软件站
http://www.skycn.com/soft/15753.html
gg枫qq - 2006-10-3 12:13:00
第一步无法安装.
gg枫qq - 2006-10-3 12:14:00
HijackThis_815汉化版扫描日志 V1.99.1
保存于 11:12:43, 日期 2006-10-3
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
G:\瑞星\rising\Rising\Rav\CCenter.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
G:\瑞星\rising\Rising\Rav\Ravmond.exe
g:\瑞星\防火墙\rising\rfw\rfwsrv.exe
D:\WINDOWS\system32\spoolsv.exe
G:\瑞星\rising\Rising\Rav\RavStub.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.exe
g:\瑞星\防火墙\rising\rfw\RfwMain.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\瑞星\rising\Rising\Rav\RavTask.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
d:\windows\rundll32.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\svchost.exe
G:\qq\QQ.exe
G:\QQ宠物管家\PetDoctor.exe
G:\QQ宠物管家\QQPetSkinMonitor.exe
G:\qq\qqpet\qqpet.exe
G:\瑞星\rising\Rising\Rav\Rav.exe
G:\瑞星\rising\Rising\Rav\RavMon.exe
G:\qq\QQ.exe
G:\qq\qqpet\qqpet.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\DOCUME~1\lcf\LOCALS~1\Temp\Rar$EX06.781\HijackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe ntio.exe
O2 - BHO: (no name) - {E730189A-9973-4121-B046-AD1C161EC3AF} - D:\WINDOWS\system32\37216.dll (file missing)
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - D:\WINDOWS\system32\kakatool.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - 启动项HKLM\\Run: [High Definition Audio 属性页快捷方式] HDAShCut.exe
O4 - 启动项HKLM\\Run: [RavTask] "G:\瑞星\rising\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [RfwMain] "G:\瑞星\防火墙\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - 启动项HKLM\\Run: [wdfmgr32] D:\WINDOWS\system32\wdfmgr32.exe
O4 - 启动项HKLM\\Run: [Start] Start.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ATI CATALYST 系统托盘.lnk = D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - G:\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Excel(&x) - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - G:\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - G:\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - G:\qq\SendMMS.htm
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - G:\浩方\浩方对战平台\GameClient.exe
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{86795C68-DE16-4F75-A39C-8A672CA6EAFF}: NameServer = 220.189.127.108 220.189.127.107
O20 - Winlogon Notify: System Safety Monitor - D:\WINDOWS\SYSTEM32\SSMWinlogonEx.dll
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: Safe network plug-in of pb (plug-in) - Unknown owner - d:\windows\rundll32.exe
O23 - NT 服务: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - g:\瑞星\防火墙\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - g:\瑞星\防火墙\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - G:\瑞星\rising\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - G:\瑞星\rising\Rising\Rav\Ravmond.exe
O23 - NT 服务: Update Service For Windows (SoftUpdate) - Unknown owner - D:\WINDOWS\SoftUpdate.exe
O23 - NT 服务: Uninterruptible Power Supply (UPS) - Unknown owner - d:\windows\ups.exe
gg枫qq - 2006-10-3 12:15:00
这是日志.我已经查毒查过很多遍.有几个病毒无法删除.
ADL - 2006-10-3 12:19:00
http://anding.ys168.com/互相帮助中下载“显示隐藏文件.reg“双击导入注册表,重启机器!
zgr稳得起 - 2006-10-3 12:25:00
删除这个文件在安全模式下删除它
d:\windows\rundll32.exe
F2 - REG:system.ini: Shell=Explorer.exe ntio.exe
在安全模式下删除这个37216.dll 文件
O2 - BHO: (no name) - {E730189A-9973-4121-B046-AD1C161EC3AF} - D:\WINDOWS\system32\37216.dll (file missing)
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - 启动项HKLM\\Run: [High Definition Audio 属性页快捷方式] HDAShCut.exe
O4 - 启动项HKLM\\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - 启动项HKLM\\Run: [wdfmgr32] D:\WINDOWS\system32\wdfmgr32.exe
删除这个文件在安全模式下删除
O4 - 启动项HKLM\\Run: [Start] Start.exe
O4 - Global Startup: ATI CATALYST 系统托盘.lnk = D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O23 - NT 服务: Safe network plug-in of pb (plug-in) - Unknown owner - d:\windows\rundll32.exe
修复上面的所有项目再执行一要楼的方法扫描日志看
360安全卫士清理恶意软件官方下载页面下载软件网址:
http://www.360safe.com/download.html
叶·幽思 - 2006-10-3 12:41:00
修复:
O4 - 启动项HKLM\\Run: [wdfmgr32] D:\WINDOWS\system32\wdfmgr32.exe
删除:D:\WINDOWS\system32\wdfmgr32.exe
结束:d:\windows\rundll32.exe进程.
运行:services.msc
双击"SoftUpdate"服务停用、双击"plug-in"服务停用
重启后,删除:D:\WINDOWS\SoftUpdate.exe
删除:d:\windows\rundll32.exe
gg枫qq - 2006-10-3 13:27:00
这些文件都该了.但重启后又被该回原样了,要重新执行一楼的过程.这是怎么回事啊?
ADL - 2006-10-3 13:33:00
在安全模式下把病毒流氓清理干净,再双击6楼的文件,重启电脑!
-------
不然枉然!
-----------
流氓清理:
http://360safe.com/
gg枫qq - 2006-10-3 13:39:00
我是在安全模式下清理的.但回到普通模式后就变回原来的样子了
zgr稳得起 - 2006-10-3 13:54:00
| 引用: |
【gg枫qq的贴子】我是在安全模式下清理的.但回到普通模式后就变回原来的样子了
……………… |
垃圾恶意软件没有清理干净,用360安全卫士清理它们。
gg枫qq - 2006-10-3 14:45:00
【回复“zgr稳得起”的帖子】
刚才我又去清理了一次.但效果还是如此.重启后依旧恢复原样.
zgr稳得起 - 2006-10-3 14:54:00
| 引用: |
【gg枫qq的贴子】【回复“zgr稳得起”的帖子】
刚才我又去清理了一次.但效果还是如此.重启后依旧恢复原样.
……………… |
但是清理干净没有啊?如果清理干净了再按一楼给的方法执行一次试试看能否解决问题?再扫描日志看看
gg枫qq - 2006-10-3 15:10:00
还是不行.这是查好后的日志.请看看那里还有问题?
zgr稳得起 - 2006-10-3 15:17:00
| 引用: |
【gg枫qq的贴子】还是不行.这是查好后的日志.请看看那里还有问题?
……………… |
日志在那儿啊?
gg枫qq - 2006-10-3 15:20:00
HijackThis_815汉化版扫描日志 V1.99.1
保存于 14:59:45, 日期 2006-10-3
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
G:\瑞星\rising\Rising\Rav\CCenter.exe
D:\WINDOWS\System32\svchost.exe
G:\瑞星\rising\Rising\Rav\Ravmond.exe
g:\瑞星\防火墙\rising\rfw\rfwsrv.exe
D:\WINDOWS\system32\spoolsv.exe
G:\瑞星\rising\Rising\Rav\RavStub.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
G:\瑞星\rising\Rising\Rav\RavTask.exe
G:\瑞星\防火墙\Rising\Rfw\rfwmain.exe
D:\WINDOWS\system32\ctfmon.exe
G:\瑞星\rising\Rising\Rav\Ravmon.exe
D:\Program Files\Internet Explorer\iexplore.exe
G:\qq\QQ.exe
G:\HijackThis\HijackThis.exe
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - D:\WINDOWS\system32\kakatool.dll
O4 - 启动项HKLM\\Run: [RavTask] "G:\瑞星\rising\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [RfwMain] "G:\瑞星\防火墙\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - G:\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Excel(&x) - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - G:\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - G:\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - G:\qq\SendMMS.htm
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - G:\浩方\浩方对战平台\GameClient.exe
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{86795C68-DE16-4F75-A39C-8A672CA6EAFF}: NameServer = 220.189.127.108 220.189.127.107
O18 - 列举现有的协议: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\Mshtml.dll
O18 - 列举现有的协议: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - D:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - D:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - 列举现有的协议: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - D:\WINDOWS\system32\msvidctl.dll
O18 - 列举现有的协议: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - D:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - D:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - D:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - D:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - D:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: ipp - (no CLSID) - (no file)
O18 - 列举现有的协议: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll
O18 - 列举现有的协议: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\Mshtml.dll
O18 - 列举现有的协议: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - D:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\Mshtml.dll
O18 - 列举现有的协议: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - D:\WINDOWS\system32\inetcomm.dll
O18 - 列举现有的协议: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - D:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll
O18 - 列举现有的协议: msdaipp - (no CLSID) - (no file)
O18 - 列举现有的协议: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - 列举现有的协议: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\Mshtml.dll
O18 - 列举现有的协议: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - D:\WINDOWS\system32\Mshtml.dll
O18 - 列举现有的协议: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - D:\WINDOWS\system32\msvidctl.dll
O18 - 列举现有的协议: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\Mshtml.dll
O18 - 列举现有的协议: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - D:\WINDOWS\system32\wiascr.dll
O20 - Winlogon Notify: System Safety Monitor - D:\WINDOWS\SYSTEM32\SSMWinlogonEx.dll
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - g:\瑞星\防火墙\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - g:\瑞星\防火墙\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - G:\瑞星\rising\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - G:\瑞星\rising\Rising\Rav\Ravmond.exe
gg枫qq - 2006-10-3 15:20:00
SORRY.刚才忘了.
zgr稳得起 - 2006-10-3 15:37:00
[version]
Signature=$CHICAGO$
[defaultinstall]
delreg=deleteMe
[deleteMe]
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder
------------------------------------------------------------------------------------
首先将上面蓝绿色的字符复制到记事本中再保存为后缀名为“inf”的“删除Folder.inf”文件名,找到它右击它选择“安装”即可,
再将下面红色的字符代码复制到记事本中再保存后缀名为“REG”的文件名,找到它双击它导入注册表即可。(注意:这两个文件执行有先
后次序,必须先执行蓝绿色的后缀名为inf的脚本文件再导入执行红色的后缀名为reg的注册表文件)
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder]
"Type"="group"
"Text"="@shell32.dll,-30498"
"Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\
48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\
00
"HelpID"="shell.hlp#51140"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewState]
"Type"="checkbox"
"Text"="@shell32.dll,-30506"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="ClassicViewState"
"CheckedValue"=dword:00000000
"UncheckedValue"=dword:00000001
"DefaultValue"=dword:00000000
"HelpID"="shell.hlp#51076"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideMyComputerIcons"
"Text"="@shell32.dll,-30497"
"Type"="checkbox"
"ValueName"="{21EC2020-3AEA-1069-A2DD-08002B30309D}"
"CheckedValue"=dword:00000000
"UncheckedValue"=dword:00000001
"DefaultValue"=dword:00000001
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51150"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess]
"Type"="checkbox"
"Text"="@shell32.dll,-30507"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="SeparateProcess"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000000
"HelpID"="shell.hlp#51079"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\Policy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\Policy\SeparateProce
ss]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache]
"Type"="checkbox"
"Text"="@shell32.dll,-30517"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="DisableThumbnailCache"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000000
"HelpID"="shell.hlp#51155"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FolderSizeTip]
"Type"="checkbox"
"Text"="@shell32.dll,-30514"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="FolderContentsInfoTip"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree]
"Type"="checkbox"
"Text"="@shell32.dll,-30511"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="FriendlyTree"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"HelpID"="shell.hlp#51149"
"DefaultValue"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden]
"Text"="@shell32.dll,-30499"
"Type"="group"
"Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\
48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\
00
"HelpID"="shell.hlp#51131"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30501"
"Type"="radio"
"CheckedValue"=dword:00000002
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51104"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"
"CheckValue"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt]
"Type"="checkbox"
"Text"="@shell32.dll,-30503"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="HideFileExt"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="shell.hlp#51101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler]
"Type"="checkbox"
"Text"="@shell32.dll,-30509"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="NoNetCrawling"
"CheckedValue"=dword:00000000
"UncheckedValue"=dword:00000001
"DefaultValue"=dword:00000000
"HelpID"="shell.hlp#51147"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy\NoNetCrawling]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowsers]
"Type"="checkbox"
"Text"="@shell32.dll,-30513"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="PersistBrowsers"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"HelpID"="shell.hlp#51152"
"DefaultValue"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor]
"Type"="checkbox"
"Text"="@shell32.dll,-30512"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="ShowCompColor"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="shell.hlp#51130"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath]
"Type"="checkbox"
"Text"="@shell32.dll,-30504"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CabinetState"
"ValueName"="FullPath"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000000
"HelpID"="shell.hlp#51100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress]
"Type"="checkbox"
"Text"="@shell32.dll,-30505"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CabinetState"
"ValueName"="FullPathAddress"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="shell.hlp#51107"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip]
"Type"="checkbox"
"Text"="@shell32.dll,-30502"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="ShowInfoTip"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="shell.hlp#51102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SimpleSharing]
"Type"="checkbox"
"Text"="@shell32.dll,-30518"
"HKeyRoot"=dword:80000002
"RegPath"="System\\CurrentControlSet\\Control\\LSA"
"ValueName"="ForceGuest"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"HelpID"="shell.hlp#51154"
"DefaultValue"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden]
"Type"="checkbox"
"Text"="@shell32.dll,-30508"
"WarningIfNotDefault"="@shell32.dll,-28964"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="ShowSuperHidden"
"CheckedValue"=dword:00000000
"UncheckedValue"=dword:00000001
"DefaultValue"=dword:00000001
"HelpID"="shell.hlp#51103"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHid
den]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarricade]
"Type"="checkbox"
"Text"="@shell32.dll,-30510"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="WebViewBarricade"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"HelpID"="shell.hlp#51148"
"DefaultValue"=dword:00000000
重启动系统一次再执行上面的项目
gg枫qq - 2006-10-3 15:58:00
可以了.谢谢大家的帮助!
1
© 2000 - 2026 Rising Corp. Ltd.