瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » IE首页被改,怎么改回来
文物2 - 2009-2-4 20:14:00
把c:\windows\system32\drivers\ruxcf.syss发到可疑文件区

启动XDELBOX程序。[url=http://bbs.ikaka.com/attachment.aspx?attachmentid=446806]<<<<<XDELBOX点击下载[/url]复制粘贴下面文件操作删除:
C:\WINDOWS\system32\iXPT.sys
c:\windows\system32\drivers\ruxcf.syss
C:\WINDOWS\system32\drivers\pnpmem.sys
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\obj\wmpobj.sys

在扫日志的SRENG工具》启动项目》服务》驱动程序》里面找下面项删除
==================================
驱动程序
[iXPT / iXPT][Stopped/Disabled]
  <\??\C:\WINDOWS\system32\iXPT.sys><N/A>
[ruxc / obat][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ruxcf.syss><N/A>
[pnpmem / pnpmem][Stopped/Disabled]
  <\??\C:\WINDOWS\system32\drivers\pnpmem.sys><N/A>
C:\Documents and Settings\All Users\Application Data\Microsoft\Media [wmpobj / wmpobj][Stopped/Disabled]
  <\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\obj\wmpobj.sys><N/A>



下载并运行清理IFEO的工具<<<<<<<点击这里下载并运行
林花不谢 - 2009-2-5 9:34:00
楼上朋友说的那c:\windows\system32\drivers\ruxcf.syss已经不存在,但是在扫描日志里还是有,看来没清除彻底
还有,我的hosts已经被改成了hosts.txt,真正的hosts被隐藏,设置了显示所有文件和系统文件也看不到,在WinRAR中可以看到它

您给的清理IFEO工具的地址我进不去,所以没法下载
backway - 2009-2-5 9:43:00
重新扫份sreng日志来看看。
林花不谢 - 2009-2-5 9:54:00
启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)]
    <Userinit><C:\WINDOWS\system32\UserInit.exe,>  [(Verified)]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6E57E39C-D99C-49CC-A8EB-4ADD64FA6308}]
    <N/A><C:\WINDOWS\RMPlayer.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFA26EE8-EEA3-4626-97C9-9CB3ECEA5C7F}]
    <N/A><C:\WINDOWS\system32\hellbot.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{b746f5d7-3fce-8413-8413-40df8e602a87}]
    <N/A><C:\WINDOWS\system32\gyvrkemuk\svchost.exe /t>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
    <IFEO[360rpt.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
    <IFEO[360Safe.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe]
    <IFEO[adam.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe]
    <IFEO[AgentSvr.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe]
    <IFEO[AppSvc32.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe]
    <IFEO[auto.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.exe]
    <IFEO[AutoRun.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe]
    <IFEO[autoruns.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe]
    <IFEO[avgrssvc.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe]
    <IFEO[AvMonitor.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com]
    <IFEO[avp.com]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
    <IFEO[avp.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boxmod.exe]
    <IFEO[boxmod.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
    <IFEO[CCenter.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe]
    <IFEO[ccSvcHst.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cross.exe]
    <IFEO[cross.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrRtp.exe]
    <IFEO[DrRtp.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE]
    <IFEO[enc98.EXE]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe]
    <IFEO[FileDsty.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe]
    <IFEO[FTCleanerShell.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guangd.exe]
    <IFEO[guangd.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe]
    <IFEO[HijackThis.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe]
    <IFEO[IceSword.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe]
    <IFEO[iparmo.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
    <IFEO[Iparmor.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe]
    <IFEO[isPwdSvc.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe]
    <IFEO[kabaload.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR]
    <IFEO[KaScrScn.SCR]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe]
    <IFEO[KASMain.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe]
    <IFEO[KASTask.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe]
    <IFEO[KAV32.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe]
    <IFEO[KAVDX.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe]
    <IFEO[KAVPFW.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe]
    <IFEO[KAVSetup.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe]
    <IFEO[KAVStart.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe]
    <IFEO[KISLnchr.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe]
    <IFEO[KMailMon.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe]
    <IFEO[KMFilter.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe]
    <IFEO[KPFW32.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe]
    <IFEO[KPFW32X.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe]
    <IFEO[KPFWSvc.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe]
    <IFEO[KRegEx.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.COM]
    <IFEO[KRepair.COM]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe]
    <IFEO[KsLoader.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp]
    <IFEO[KVCenter.kxp]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe]
    <IFEO[KvDetect.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe]
    <IFEO[KvfwMcl.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp]
    <IFEO[KVMonXP.kxp]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp]
    <IFEO[KVMonXP_1.kxp]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe]
    <IFEO[kvol.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe]
    <IFEO[kvolself.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp]
    <IFEO[KvReport.kxp]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe]
    <IFEO[KVSrvXP.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp]
    <IFEO[KVStub.kxp]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe]
    <IFEO[kvupload.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe]
    <IFEO[kvwsc.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp]
    <IFEO[KvXP.kxp]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe]
    <IFEO[KWatch.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe]
    <IFEO[KWatch9x.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe]
    <IFEO[KWatchX.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe]
    <IFEO[loaddll.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe]
    <IFEO[MagicSet.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe]
    <IFEO[mcconsol.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe]
    <IFEO[mmqczj.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe]
    <IFEO[mmsk.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe]
    <IFEO[NAVSetup.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe]
    <IFEO[nod32krn.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe]
    <IFEO[nod32kui.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe]
    <IFEO[PFW.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe]
    <IFEO[PFWLiveUpdate.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe]
    <IFEO[QHSET.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
林花不谢 - 2009-2-5 9:54:00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe]
    <IFEO[QQDoctor.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe]
    <IFEO[Ras.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe]
    <IFEO[Rav.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe]
    <IFEO[RavMon.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe]
    <IFEO[RavMonD.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe]
    <IFEO[RavStub.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe]
    <IFEO[RavTask.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe]
    <IFEO[RegClean.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe]
    <IFEO[rfwcfg.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe]
    <IFEO[RfwMain.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe]
    <IFEO[rfwProxy.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe]
    <IFEO[rfwsrv.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe]
    <IFEO[RsAgent.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe]
    <IFEO[Rsaupd.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe]
    <IFEO[runiep.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxtray.exe]
    <IFEO[safeboxtray.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe]
    <IFEO[safelive.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe]
    <IFEO[scan32.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDGames.exe]
    <IFEO[SDGames.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe]
    <IFEO[shcfg32.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ShuiNiu.exe]
    <IFEO[ShuiNiu.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe]
    <IFEO[SmartUp.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sos.exe]
    <IFEO[sos.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.exe]
    <IFEO[SREng.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svch0st.exe]
    <IFEO[svch0st.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe]
    <IFEO[symlcsvc.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe]
    <IFEO[SysSafe.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Systom.exe]
    <IFEO[Systom.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
    <IFEO[taskmgr.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TNT.Exe]
    <IFEO[TNT.Exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe]
    <IFEO[TrojanDetector.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe]
    <IFEO[Trojanwall.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp]
    <IFEO[TrojDie.kxp]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TxoMoU.Exe]
    <IFEO[TxoMoU.Exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE]
    <IFEO[ua80.EXE]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UFO.exe]
    <IFEO[UFO.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe]
    <IFEO[UIHost.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe]
    <IFEO[UmxAgent.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe]
    <IFEO[UmxAttachment.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe]
    <IFEO[UmxCfg.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe]
    <IFEO[UmxFwHlp.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe]
    <IFEO[UmxPol.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.EXE]
    <IFEO[UpLive.EXE]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe]
    <IFEO[WoptiClean.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\XP.exe]
    <IFEO[XP.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe]
    <IFEO[zxsweep.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)]

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]
  <"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"><Sun Microsystems, Inc.>
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><>
[Network Service / Network Service][Stopped/Disabled]
  <C:\WINDOWS\360ME\360ME.exe><(File is missing)>

==================================
驱动程序
[Service for Avance AC'97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver / DM9102][Running/Manual Start]
  <system32\DRIVERS\DM9PCI5.SYS><CNet Technology, Inc.>
[HSFHWBS2 / HSFHWBS2][Running/Manual Start]
  <system32\DRIVERS\HSFBS2S2.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
  <system32\DRIVERS\HSFDPSP2.sys><Conexant Systems, Inc.>
[iXPT / iXPT][Stopped/Disabled]
  <\??\C:\WINDOWS\system32\iXPT.sys><N/A>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[ruxc / obat][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ruxcf.syss><N/A>
[Padus ASPI Shell / pfc][Stopped/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[pnpmem / pnpmem][Stopped/Disabled]
  <\??\C:\WINDOWS\system32\drivers\pnpmem.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
[Sentinel / Sentinel][Running/Auto Start]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSFCXTS2.sys><Conexant Systems, Inc.>
[wmpobj / wmpobj][Stopped/Disabled]
  <\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\obj\wmpobj.sys><N/A>
林花不谢 - 2009-2-5 9:55:00
浏览器加载项
[SnagIt Toolbar Loader]
  {00C6482D-C502-44C8-8409-FCE54AD9C208} <C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll, (Signed) TechSmith Corporation>
[Info cache]
  {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\WINDOWS\Intel\baiduc.dll, Syons.Fae>
[JavaSunSurf Class]
  {AAB6C1A0-F3A4-4DAC-A922-F82E601E73A8} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2005.dll, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <E:\FR\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[SnagIt]
  {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll, (Signed) TechSmith Corporation>
[Java Plug-in 1.6.0_10]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[]
  {B2EC6023-6C00-49F9-A8BE-3AAC4E326BA4} <, >
[Java Plug-in 1.6.0_10]
  {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_10]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_10.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[SnagIt Toolbar Loader]
  {00C6482D-C502-44C8-8409-FCE54AD9C208} <C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll, (Signed) TechSmith Corporation>
[WebThunder Class]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, >
[]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <, >
[Info cache]
  {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\WINDOWS\Intel\baiduc.dll, Syons.Fae>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[金山毒霸在线杀毒]
  {577A1997-6FD0-4972-B234-885DA583F9CE} <C:\PROGRA~1\KOS\KOSClean.OCX, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[SnagIt]
  {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll, (Signed) TechSmith Corporation>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
  {962EFB8E-2683-42D4-AC74-AAA4C759B9C6} <, >
[]
  {9A4E6730-B97D-43D0-979C-C81F88D78559} <, >
[JavaSunSurf Class]
  {AAB6C1A0-F3A4-4DAC-A922-F82E601E73A8} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2005.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[金山毒霸在线产品升级]
  {E847C78C-C210-4195-8799-FBF3BF89797D} <C:\PROGRA~1\KOS\KOSInit.ocx, N/A>
[导出当前页到超星阅览器(&A)]
  <C:\Program Files\SSREADER36\ss_all.htm, N/A>
[导出选中部分到超星阅览器(&S)]
  <C:\Program Files\SSREADER36\ss_select.htm, N/A>
[添加到QQ表情]
  <E:\qq\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 500 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 544 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 588 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 600 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 748 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 796 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 896 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 968 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1020 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1212 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 8.0.0.0]
    [E:\yasuorar\rarext.dll]  [N/A, ]
    [C:\手工清理木马群工具包\超级巡警暴力文件删除器\FileForceKiller.dll]  [DSW Lab, 1, 0, 0, 1]
[PID: 1252 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\AdobePDF.dll]  [Adobe Systems Incorporated., 6.0.000]
    [C:\Program Files\Adobe\Acrobat 6.0\Distillr\adistres.dll]  [Adobe Systems Incorporated., 6.0.0.2003051500]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
[PID: 1524 / SYSTEM][C:\WINDOWS\system32\inetsrv\inetinfo.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1552 / SYSTEM][C:\Program Files\Java\jre6\bin\jqs.exe]  [Sun Microsystems, Inc., 6.0.100.33]
    [C:\Program Files\Java\jre6\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
[PID: 236 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1352 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll]  [TechSmith Corporation, 9.0.0.351]
    [C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddinRes.dll]  [TechSmith Corporation, 9.0.0.351]
    [C:\Program Files\TechSmith\SnagIt 9\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll]  [TechSmith Corporation, 9.0.0.351]
    [C:\WINDOWS\Intel\baiduc.dll]  [Syons.Fae, 2. 3, 0, 2]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xmvsource.dll_1_work]  [XunLei, 1, 0, 0, 5]
    [C:\WINDOWS\system32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
[PID: 1004 / Administrator][C:\WINDOWS\已释放的2.6.12.1018\SRE9d2c65c3.EXE]  [Smallfrogs Studio, 2.6.12.1018]
    [C:\WINDOWS\已释放的2.6.12.1018\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\asfsipc.dll]  [Microsoft Corporation, 1.1.00.3917]
[PID: 1220 / Administrator][C:\手工清理木马群工具包\可疑文件提取工具\文 件 提 取 器.exe]  [a r s w p.com, 1, 3, 0, 0]
[PID: 1536 / Administrator][C:\WINDOWS\regedit.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      caosinimama.8800.org
127.0.0.1      chj771277.3322.org
127.0.0.1      lilj.us

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 544, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 600, C:\WINDOWS\SYSTEM32\LSASS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 896, C:\WINDOWS\SYSTEM32\SVCHOST.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 896, C:\WINDOWS\SYSTEM32\SVCHOST.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1212, C:\WINDOWS\EXPLORER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1252, C:\WINDOWS\SYSTEM32\SPOOLSV.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1352, C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1220, C:\手工清理木马群工具包\可疑文件提取工具\文 件 提 取 器.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1536, C:\WINDOWS\REGEDIT.EXE]
天月来了 - 2009-2-5 10:02:00
日志文件以附件形式发来
点击我这贴右下角的“引用”或最右下角的那个较大的“回复”然后就应该知道怎么发了。
林花不谢 - 2009-2-5 10:05:00


引用:
原帖由 天月来了 于 2009-2-5 10:02:00 发表
日志文件以附件形式发来
点击我这贴右下角的“引用”或最右下角的那个较大的“回复”然后就应该知道怎么发了。


天月大版主,我的问题还是前两天的问题,还没解决好

附件: SREngLOG.txt
aaccbbdd - 2009-2-5 10:13:00
启动项目 -- 注册表之如下项删除: 
<N/A><C:\WINDOWS\RMPlayer.exe>

超级兔子修复IE
backway - 2009-2-5 10:17:00
IEFO:default20:
附件里的工具运行下

附件: IFEO.rar
aaccbbdd - 2009-2-5 10:19:00
我咋觉得是免疫的
backway - 2009-2-5 10:23:00
冰刃毒霸瑞星都在 呢:default3:
林花不谢 - 2009-2-5 10:23:00


引用:
原帖由 backway 于 2009-2-5 10:17:00 发表
IEFO:default20:
附件里的工具运行下


谢谢,可是修复后怎么还有那么多?(不过,和原来已经不一样了)
backway - 2009-2-5 10:26:00
直接手动删除就,选中多个,下面有删除。
林花不谢 - 2009-2-5 10:28:00
刚才看到有它们的时候我就删除过,但是删除不了
backway - 2009-2-5 10:32:00
重新上传sreng日志,以附件传
天月来了 - 2009-2-5 10:33:00
或者我置顶工具贴内的映像劫持清除工具,反复清除几遍去
林花不谢 - 2009-2-5 10:47:00
您置顶帖内的工具我使用过很多次,但是每次都是提示找到0项
backway - 2009-2-5 10:48:00
:default3: :default3:
估计病毒还没弄完
重新扫描上传sreng日志看看

另外天月可以叫他把注册表IFEO部分导出来给你看看,是啥原因查不出来
林花不谢 - 2009-2-5 10:50:00


引用:
原帖由 backway 于 2009-2-5 10:48:00 发表
:default3: :default3:
估计病毒还没弄完
重新扫描上传sreng日志看看


按照aaccbbdd朋友说的用超级兔子修复IE后,首页已可以修改了

可是现在的微机里还不干净,我再传一下日志

附件: SREngLOG.txt
天月来了 - 2009-2-5 10:51:00
那就定位注册表位置

用冰刃去看到底怎样个情况

很可能那位置的注册表权限被病毒恶搞了

同时这项的删除,可能需要关闭你的所有安全软件

因为一些安全软件默认阻止这项的修改和删除

所以你一直删除不了它。

很滑稽的过程,安全软件阻止不了病毒,但是能阻止你。
天月来了 - 2009-2-5 10:53:00
当注册表权限被稍微改了改

就会折腾不了吧

不看了
黑恋56 - 2009-2-5 10:54:00
你可以用一下修复IE看看那

不行了 在给我说
天月来了 - 2009-2-5 10:55:00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

这就是注册表路径

导出来,发我看看
林花不谢 - 2009-2-5 10:57:00
我的电脑没有任何安全软件,再就是,刚才我发的图片中的信息也就是那些IFEO中出现的,在注册表中都有,我修改了权限后可以直接在注册表中删除它们吗?
backway - 2009-2-5 10:57:00
LZ用的什么杀毒软件啊?
只用在线扫描么?:default3:
运行regedit找到HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
这个,右键选择导出保存再传过来
林花不谢 - 2009-2-5 10:58:00
刚才我删除了几个了,但是我不知道这样删除是否可以
backway - 2009-2-5 11:00:00
删完后再用sreng检查下看有没有成功就行
删掉了就OK了
林花不谢 - 2009-2-5 11:02:00


引用:
原帖由 backway 于 2009-2-5 10:57:00 发表
LZ用的什么杀毒软件啊?
只用在线扫描么?:default3:
运行regedit找到HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
这个,右键选择导出保存再传过来


我这人比较懒惰,所以连在线扫描也没用过,只是感到微机实在不行了,才来这里寻求帮助,呵呵

你说的键下的情况,我导出了,刚才我改了几个了,我发给你

附件: image.txt
林花不谢 - 2009-2-5 11:06:00
每一个都得重新设置权限,真麻烦

我想请教个问题,这个位置被修改后有什么作用,它们为什么要修改这些地方,原来有个朋友的电脑进不了桌面就是修复了这里的一个键值后才可以的
123
查看完整版本: IE首页被改,怎么改回来
© 2000 - 2025 Rising Corp. Ltd.