123   3  /  3  页   跳转

高手来帮帮我啊~~

收藏
xf86151
头像
初生襁褓狮
  • 帖子:24
  • 注册: 2006-08-12
  • 来自:
发表于: 2006-08-13 09:05 | 只看楼主 短消息 资料
字号: 21楼

Logfile of HijackThis v1.99.1
Scan saved at 08:42:13, on 2006-08-13
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\WINLOGON.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\msime.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\internat.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
C:\WINDOWS\System32\ctfmon.exe
E:\Program Files\QQ2006\QQ.exe
E:\Program Files\QQ2006\TIMPlatform.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\NBA Live 2005\Program\Thunder5.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\WinRAR.exe
C:\DOCUME~1\XYF~1.FZH\LOCALS~1\Temp\Rar$EX00.316\HijackThis.exe

R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe 1
F3 - REG:win.ini: load=; ?矹?詾矵?軁矵?????
F3 - REG:win.ini: run=; ?矹?詾矵?軁矵?????
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 202.85.22.10 bbs.100free.net
O1 - Hosts: 202.85.22.10 100free.net
O1 - Hosts: 202.85.22.10 www.100free.net
O2 - BHO: PPGou BHO - {00000000-0000-0000-0000-C4CA9A05F1E2} - D:\PROGRA~1\PPGou2\PPG2IE~1.DLL (file missing)
O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_010.dll
O2 - BHO: (no name) - {01A7A372-71E8-4022-9D76-B66BECF71A2E} - C:\WINDOWS\system32\IEBHODLL.dll
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll (file missing)
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\System32\wmpdrm.dll
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper200686_8157.dll
O2 - BHO: 上网助手 - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\Assist\assist.dll
O2 - BHO: 电鹰工具栏 - {1BC0B497-3010-43BF-AD78-5858A70907A2} - C:\WINDOWS\system32\dytoolband.dll (file missing)
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: (no name) - {35980F6E-A137-4E50-953D-813BB8556899}? - (no file)
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: Wbho Class - {40E3A34A-3282-41F8-AD2C-051BAB96AD4A} - C:\WINDOWS\System32\Usign.dll (file missing)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: DuDu.com - {6BDE1669-B490-48E3-B668-456314F2D6C3} - (no file)
O2 - BHO: DuDu.com - {6BDE1669-B490-48E3-B668-456314F2D6C3}? - (no file)
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - F:\NBA Live 2005\ComDlls\XunLeiBHO_002.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\PROGRA~1\KuGoo2\KUGOO3~1.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MacroMediapd - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINDOWS\System32\microapmddt.dll (file missing)
O2 - BHO: (no name) - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD}? - (no file)
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\a70o3071.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\KakaTool.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: 上网助手 - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\Assist\assist.dll
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [mscfs] ; RUNDLL32 C:\WINDOWS\System32\msibm\cfsys.DLL,cfs
O4 - HKLM\..\Run: [RfwMain] "F:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\RavMon.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - HKLM\..\Run: [intranet] C:\WINDOWS\System32\intranet.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] ; "D:\题库\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [assistse] ;
O4 - HKLM\..\Run: [CdnCtr] ;
O4 - HKLM\..\Run: [DTService] ; rundll32.exe C:\DOCUME~1\XYF~1.FZH\LOCALS~1\Temp\RarSFX0\DTSERV~1.DLL,Load
O4 - HKLM\..\Run: [ExFilter] ; Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll,ExecFilter solo"
O4 - HKLM\..\Run: [FORTRESS] ;
O4 - HKLM\..\Run: [hbpassport] ;
O4 - HKLM\..\Run: [iparmor] ;
O4 - HKLM\..\Run: [k3log] ;
O4 - HKLM\..\Run: [KvMonXP] ;
O4 - HKLM\..\Run: [RavMon] ;
O4 - HKLM\..\Run: [RavTimer] ;
O4 - HKLM\..\Run: [RealTray] ;
O4 - HKLM\..\Run: [res] ;
O4 - HKLM\..\Run: [SearchNet_Up] ;
O4 - HKLM\..\Run: [SkyDune] ; C:\Program Files\NetSecurity\NetSecurity.exe -Poweron
O4 - HKLM\..\Run: [SKYNET Personal FireWall] ;
O4 - HKLM\..\Run: [spoolsv] ;
O4 - HKLM\..\Run: [Super Rabbit SRRestore] ;
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [uc] ;
O4 - HKLM\..\Run: [Update] ;
O4 - HKLM\..\Run: [Windog] ; E:\WinDog\WinDog.EXE
O4 - HKLM\..\Run: [wins] ;
O4 - HKLM\..\RunServices: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] ;
O4 - HKCU\..\Run: [SDO2005] ;
O4 - Global Startup: IE-Bar.lnk = C:\Program Files\Common Files\IE-Bar\iebar.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
gototop
 
xf86151
头像
初生襁褓狮
  • 帖子:24
  • 注册: 2006-08-12
  • 来自:
发表于: 2006-08-13 09:06 | 只看楼主 短消息 资料
字号: 22楼

O8 - Extra context menu item: &使用迅雷下载 - F:\NBA Live 2005\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - F:\NBA Live 2005\Program\GetAllUrl.htm
O8 - Extra context menu item: Google 搜索(&G) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\QQ2006\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - D:\PROGRA~1\KUGOO2\KuGoo3DownX.htm
O8 - Extra context menu item: 使用Web迅雷下载 - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 - Extra context menu item: 反向链接 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\QQ2006\AddEmotion.htm
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 电鹰搜索 - res://C:\WINDOWS\system32\dytoolband.dll/MENUSEARCH.HTM
O8 - Extra context menu item: 类似网页 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: 缓存的网页快照 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: 翻译英文字词(&T) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289}? - http://sms.3721.com/ie/index.htm?pid=U_superrsoft_62756 (file missing)
O9 - Extra button: UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - D:\UC\UC.exe
O9 - Extra button: 新浪UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8}? - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {35980F6E-A137-4E50-953D-813BB8556899}? - (no file)
O9 - Extra button: 常用网址 - {36B39F01-7B48-44AD-A165-5849CD8EF562}? - C:\WINDOWS\System32\SHDOCVW.DLL
O9 - Extra button: 下载管理 - {3DB9F45E-AA74-4373-A466-C18A9F1C500D}? - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: 下载管理 - {3DB9F45E-AA74-4373-A466-C18A9F1C500D}? - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97}? - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26}? - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338}? - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b}? - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b}? - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}? - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - E:\新建 公文包\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - E:\新建 公文包\QQIEHelper.dll (file missing)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}? - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}? - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}? - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: 易趣购物 - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=50 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=50 (file missing)
O9 - Extra button: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D}? - C:\PROGRA~1\sina\UC\UCddt\DDTONG~1.DLL (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5}? - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5}? - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {28E0FA88-ABA8-4937-A247-3031F1A11165} - http://pi.51.net/download/diybar2.cab
O16 - DPF: {8F9E8A28-C296-4C6F-9A57-8FE4374135A1} (TV Stream Source) - http://218.57.9.18/down/0510/1014Chaos.cab
O16 - DPF: {BE9535B7-76FB-4572-AD20-B32BADB3643B} (TV Stream Source) - http://image2.sina.com.cn/cctv/Chaos203b.cab
O16 - DPF: {E1207373-6721-4AAD-888B-C8C5A0209E17} (VnetAnpr Class) - http://service.chinavnet.com/zx/VNetInterface/VNetForSP/VnetPlugin.CAB
O16 - DPF: {EF9F1C48-1A63-495A-9317-B7B71B34A9CF} - http://ddddl.dudu.com/ddd/update/plugin/dudumsp.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://itv.5qzone.net/pCastCtl_1.0.0.82_20060329.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{84FB47BA-94DC-4303-99FA-B4EDCCADBB49}: NameServer = 202.102.192.68 202.102.199.68
O18 - Protocol: mp3 - (no CLSID) - (no file)
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\system\a70d3070.dll
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Unknown owner - (no file)
O23 - Service: KVSrvXP - Unknown owner - (no file)
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - (no file)
O23 - Service: Network Logon (NetWorkLogon) - Unknown owner - rundll32.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - (no file)
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - f:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Unknown owner - F:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - F:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - F:\Program Files\Rising\Rav\Ravmond.exe
gototop
 
mopery
头像
卡卡技术团队
  • 帖子:17737
  • 注册: 2005-12-06
  • 来自:New York
卡卡名人堂论坛9周年纪念
发表于: 2006-08-13 09:08 | 短消息 资料
字号: 23楼

修复
R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe 1
F3 - REG:win.ini: load=; ?矹?詾矵?軁矵?????
F3 - REG:win.ini: run=; ?矹?詾矵?軁矵?????
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 202.85.22.10 bbs.100free.net
O1 - Hosts: 202.85.22.10 100free.net
O1 - Hosts: 202.85.22.10 www.100free.net
O2 - BHO: PPGou BHO - {00000000-0000-0000-0000-C4CA9A05F1E2} - D:\PROGRA~1\PPGou2\PPG2IE~1.DLL (file missing)
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll (file missing)
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\System32\wmpdrm.dll
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper200686_8157.dll
O2 - BHO: 电鹰工具栏 - {1BC0B497-3010-43BF-AD78-5858A70907A2} - C:\WINDOWS\system32\dytoolband.dll (file missing)
O2 - BHO: (no name) - {35980F6E-A137-4E50-953D-813BB8556899}? - (no file)
O2 - BHO: Wbho Class - {40E3A34A-3282-41F8-AD2C-051BAB96AD4A} - C:\WINDOWS\System32\Usign.dll (file missing)
O2 - BHO: DuDu.com - {6BDE1669-B490-48E3-B668-456314F2D6C3} - (no file)
O2 - BHO: DuDu.com - {6BDE1669-B490-48E3-B668-456314F2D6C3}? - (no file)
O2 - BHO: MacroMediapd - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINDOWS\System32\microapmddt.dll (file missing)
O2 - BHO: (no name) - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD}? - (no file)
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\a70o3071.dll
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\RavMon.exe
O4 - HKLM\..\Run: [assistse] ;
O4 - HKLM\..\Run: [CdnCtr] ;
O4 - HKLM\..\Run: [DTService] ; rundll32.exe C:\DOCUME~1\XYF~1.FZH\LOCALS~1\Temp\RarSFX0\DTSERV~1.DLL,Load
O4 - HKLM\..\Run: [FORTRESS] ;
O4 - HKLM\..\Run: [hbpassport] ;
O4 - HKLM\..\Run: [iparmor] ;
O4 - HKLM\..\Run: [k3log] ;
O4 - HKLM\..\Run: [KvMonXP] ;
O4 - HKLM\..\Run: [RavMon] ;
O4 - HKLM\..\Run: [RavTimer] ;
O4 - HKLM\..\Run: [RealTray] ;
O4 - HKLM\..\Run: [res] ;
O4 - HKLM\..\Run: [SearchNet_Up] ;
O4 - HKLM\..\Run: [SKYNET Personal FireWall] ;
O4 - HKLM\..\Run: [spoolsv] ;
O4 - HKLM\..\Run: [Super Rabbit SRRestore] ;
O4 - HKLM\..\Run: [uc] ;
O4 - HKLM\..\Run: [Update] ;
O4 - HKLM\..\Run: [wins] ;
O4 - HKCU\..\Run: [MSMSGS] ;
O4 - HKCU\..\Run: [SDO2005] ;
O4 - Global Startup: IE-Bar.lnk = C:\Program Files\Common Files\IE-Bar\iebar.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
删除
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper200686_8157.dll
C:\WINDOWS\a70o3071.dll
C:\WINDOWS\RavMon.exe

清空
C:\DOCUME~1\XYF~1.FZH\LOCALS~1\Temp\

卸载
C:\Program Files\Common Files\IE-Bar
删除
C:\Program Files\Common Files\IE-Bar
gototop
 
mopery
头像
卡卡技术团队
  • 帖子:17737
  • 注册: 2005-12-06
  • 来自:New York
卡卡名人堂论坛9周年纪念
发表于: 2006-08-13 09:08 | 短消息 资料
字号: 24楼

O4 - HKLM\..\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE

参考顶置帖..
gototop
 
mopery
头像
卡卡技术团队
  • 帖子:17737
  • 注册: 2005-12-06
  • 来自:New York
卡卡名人堂论坛9周年纪念
发表于: 2006-08-13 09:10 | 短消息 资料
字号: 25楼

(file missing)结尾的勾上修复..

修复
O18 - Protocol: mp3 - (no CLSID) - (no file)
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\system\a70d3070.dll
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Unknown owner - (no file)
O23 - Service: KVSrvXP - Unknown owner - (no file)
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - (no file)
O23 - Service: Network Logon (NetWorkLogon) - Unknown owner - rundll32.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - (no file)

打开注册表编辑器,展开:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
搜索KPfwSvc
KVSrvXP
MDM
NetWorkLogon
NipSvc
删除...

删除
C:\WINDOWS\system\a70d3070.dll

C:\WINDOWS\System32\msime.exe
参考顶置...

http://www.pctutu.com/srmsdown.asp
下载超级兔子..用超级兔子清理王卸载流氓软件...(安全模式...)
gototop
 
xf86151
头像
初生襁褓狮
  • 帖子:24
  • 注册: 2006-08-12
  • 来自:
发表于: 2006-08-13 09:42 | 只看楼主 短消息 资料
字号: 26楼

怎么有的文件无法删除啊?老提示有另一程序正在使用啊?
gototop
 
xf86151
头像
初生襁褓狮
  • 帖子:24
  • 注册: 2006-08-12
  • 来自:
发表于: 2006-08-13 09:59 | 只看楼主 短消息 资料
字号: 27楼

我顶啊
gototop
 
xf86151
头像
初生襁褓狮
  • 帖子:24
  • 注册: 2006-08-12
  • 来自:
发表于: 2006-08-13 09:59 | 只看楼主 短消息 资料
字号: 28楼

我再顶啊
gototop
 
<<上一主题|下一主题>>
123   3  /  3  页   跳转
页面顶部
Powered by Discuz!NT