瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】上网会自动弹出网页!高手帮忙!

1   1  /  1  页   跳转

【求助】上网会自动弹出网页!高手帮忙!

收藏
custer0287
头像
初生襁褓狮
  • 帖子:22
  • 注册: 2006-02-13
  • 来自:
发表于: 2006-02-22 11:54 | 只看楼主 短消息 资料
字号: 1楼

【求助】上网会自动弹出网页!高手帮忙!

上网时会不时的弹出网页,大部分都是58.com的地址,一直没找到什么原因,下为扫描结果


HijackThis_815汉化版扫描日志 V1.99.1
保存于      11:45:25, 日期 2006-2-22
操作系统:  Windows XP SP2 (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\InfoSafe\GUS-Client\IsGusClient.exe
C:\Program Files\InfoSafe\GUS-Client\IsGusClientGuard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\InfoSafe\SNLSP\ISVS.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\InfoSafe\GUS-Client\IsAlarmTip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\InfoSafe\SNLSP\SNLSPGuard.exe
C:\Program Files\InfoSafe\SNLSP\SNLSPCtrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\HijackThis\HijackThis1991zww.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files\JetCar\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - IE工具栏增项: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - 启动项HKLM\\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - 启动项HKLM\\Run: [GUS-Client-Tip] C:\Program Files\InfoSafe\GUS-Client\IsAlarmTip.exe
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\JetCar\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\JetCar\jc_all.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 转换为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: 转换为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - IE右键菜单中的新增项目: 转换选定的链接为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - IE右键菜单中的新增项目: 转换选定的链接为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - IE右键菜单中的新增项目: 转换选项为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: 转换选项为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - IE右键菜单中的新增项目: 转换链接目标为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: 转换链接目标为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\JetCar\FlashGet.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\JetCar\FlashGet.exe
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3F166327-8030-4881-8BD2-EA25350E574A} (CellWeb5 Control) - http://10.97.0.40/Client/CellWeb5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129190503937
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {9E9ED017-71D7-4ED3-884E-0ACD92163EE9} (nc Class) - http://10.97.0.40/Client/NC_Client_131.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DE48FA2-D388-477F-B81C-03A699ADDD3C}: NameServer = 61.166.150.101
O23 - NT 服务: GcServices Service (GcServices) - Unknown owner - C:\Program Files\InfoSafe\GUS-Client\IsGusClient.exe
O23 - NT 服务: GcServicesGuard Service (GcServicesGuard) - info - C:\Program Files\InfoSafe\GUS-Client\IsGusClientGuard.exe
O23 - NT 服务: KILL Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - NT 服务: KILL Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - NT 服务: KILL Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - NT 服务: ISVS - Unknown owner - C:\Program Files\InfoSafe\SNLSP\ISVS.exe" -service (file missing)
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: SNLSPGuard Service (SNLSPGuard) - INFOSAFE - C:\Program Files\InfoSafe\SNLSP\SNLSPGuard.exe
O23 - NT 服务: SNLSPService - InfoSafe - C:\Program Files\InfoSafe\SNLSP\SNLSPCtrl.exe
O23 - NT 服务: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - NT 服务: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


请各位帮忙看看,到底是什么原因!
先谢过了!!
最后编辑2006-02-23 16:58:54
分享到:
gototop
 
魔法学徒
头像
卡卡技术团队
  • 帖子:11465
  • 注册: 2004-10-03
  • 来自:
发表于: 2006-02-22 21:24 | 短消息 资料
字号: 2楼

请用System Repair Engineer扫个log贴上来

下载地址见置顶贴
[必读]本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
gototop
 
custer0287
头像
初生襁褓狮
  • 帖子:22
  • 注册: 2006-02-13
  • 来自:
发表于: 2006-02-23 09:54 | 只看楼主 短消息 资料
字号: 3楼

System Repair Engineer 扫面结果如下

2006-02-23,09:51:40

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows XP Professional Service Pack 2 - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <msnmsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <SolarWinds Toolbar><; >
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <SuperAdBlocker><; >
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Realtime Monitor><C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <GUS-Client-Tip><C:\Program Files\InfoSafe\GUS-Client\IsAlarmTip.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Acrobat Assistant 7.0><; "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <BootSkin 起动工作><; "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <spoolsv><; >
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Update><; C:\Program Files\Common Files\UPDATE\Update.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <WangWang><; "C:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <yassistse><; >
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <YLive.exe><; >
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
  <DTService><rundll32.exe C:\DOCUME~1\ADMINI~1.LEN\LOCALS~1\Temp\RarSFX0\DTSERV~1.DLL,Load>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
  <ipsec><rundll32.exe C:\PROGRA~1\COMMON~1\system\msdc32.dll,_S1>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINDOWS\system32\Userinit.exe,>

==================================
启动文件夹
服务
[GcServices Service / GcServices]
  <C:\Program Files\InfoSafe\GUS-Client\IsGusClient.exe><>
[GcServicesGuard Service / GcServicesGuard]
  <C:\Program Files\InfoSafe\GUS-Client\IsGusClientGuard.exe><info>
[KILL Antivirus RPC Server / InoRPC]
  <"C:\Program Files\CA\eTrust Antivirus\InoRpc.exe"><Computer Associates International, Inc.>
[KILL Antivirus Realtime Server / InoRT]
  <"C:\Program Files\CA\eTrust Antivirus\InoRT.exe"><Computer Associates International, Inc.>
[KILL Antivirus Job Server / InoTask]
  <"C:\Program Files\CA\eTrust Antivirus\InoTask.exe"><Computer Associates International, Inc.>
[ISVS / ISVS]
  <"C:\Program Files\InfoSafe\SNLSP\ISVS.exe" -service><INFOSAFE>
[IPSEC Client / MouTALS]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[SNLSPGuard Service / SNLSPGuard]
  <"C:\Program Files\InfoSafe\SNLSP\SNLSPGuard.exe"><INFOSAFE>
[SNLSPService / SNLSPService]
  <"C:\Program Files\InfoSafe\SNLSP\SNLSPCtrl.exe"><InfoSafe>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[StarWind iSCSI Service / StarWindService]
  <C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe><Rocket Division Software>
gototop
 
custer0287
头像
初生襁褓狮
  • 帖子:22
  • 注册: 2006-02-13
  • 来自:
发表于: 2006-02-23 09:55 | 只看楼主 短消息 资料
字号: 4楼

还有:

浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\Program Files\JetCar\jccatch.dll, Amaze Soft>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484f-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\Program Files\JetCar\FlashGet.exe, Amaze Soft>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft? Corporation>
[Office Update Installation Engine]
  {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[CellWeb5 Control]
  {3F166327-8030-4881-8BD2-EA25350E574A} <C:\WINDOWS\system32\cellweb5.ocx, Cell Software, Inc.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[nc Class]
  {9E9ED017-71D7-4ED3-884E-0ACD92163EE9} <C:\PROGRA~1\NC_CLI~1\JavaSoft\JRE\132E6D~1.1\bin\NCOcx.dll, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[wmpdrm]
  {0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, N/A>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft? Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[CellWeb5 Control]
  {3F166327-8030-4881-8BD2-EA25350E574A} <C:\WINDOWS\system32\cellweb5.ocx, Cell Software, Inc.>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Java Plug-in 1.3.1_01]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\NC_Client_131\JavaSoft\JRE\1.3.1\bin\NPJava131_01.dll, JavaSoft / Sun Microsystems, Inc.>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[nc Class]
  {9E9ED017-71D7-4ED3-884E-0ACD92163EE9} <C:\PROGRA~1\NC_CLI~1\JavaSoft\JRE\132E6D~1.1\bin\NCOcx.dll, >
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\Program Files\JetCar\jccatch.dll, Amaze Soft>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484F-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[]
  {B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[使用网际快车下载]
  <C:\Program Files\JetCar\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\JetCar\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[转换为 Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换为现有 PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换选定的链接为 Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[转换选定的链接为现有 PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[转换选项为 Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换选项为现有 PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换链接目标为 Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换链接目标为现有 PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
gototop
 
custer0287
头像
初生襁褓狮
  • 帖子:22
  • 注册: 2006-02-13
  • 来自:
发表于: 2006-02-23 09:57 | 只看楼主 短消息 资料
字号: 5楼

好多:

正在运行的进程
[PID: 460][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 520][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 544][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 588][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 600][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 756][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 800][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 864][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 908][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 992][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1152][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
    [C:\WINDOWS\system32\AdobePDF.dll]  <Adobe Systems Incorporated.><7.0.0.00>
    [C:\Program Files\Adobe\Acrobat 7.0\Distillr\AdistRes.CHS]  <N/A><N/A>
    [C:\WINDOWS\system32\EBPMON2.DLL]  <SEIKO EPSON CORPORATION><2, 3, 0, 0>
    [C:\WINDOWS\system32\HPBMMON.DLL]  <Hewlett-Packard><10.00.14>
    [C:\WINDOWS\system32\hpdomon.dll]  <Hewlett-Packard><03.42.00>
    [C:\WINDOWS\system32\HPBHealr.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HPPRN05.DLL]  <Hewlett-Packard Corporation><60.05.17.02>
[PID: 1392][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\PROGRA~1\COMMON~1\system\msdc32.dll]  <Micorsoft Corporation><1, 0, 0, 1>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS]  <Adobe Systems, Inc.><7.0.0.0>
    [C:\WINDOWS\system32\nvcpl.dll]  <NVIDIA Corporation><6.14.10.6172>
    [C:\WINDOWS\system32\NVRSZHC.DLL]  <NVIDIA Corporation><6.14.10.6172>
    [C:\WINDOWS\system32\nvshell.dll]  <NVIDIA Corporation><6.14.10.6172>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.0.2004121400>
    [C:\Program Files\JetCar\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [C:\PROGRA~1\COMMON~1\system\mod\mstd.dll]  <><1, 4, 0, 1>
[PID: 1544][C:\Program Files\InfoSafe\GUS-Client\IsGusClient.exe]  <><6, 0, 0, 6>
    [C:\Program Files\InfoSafe\GUS-Client\IsInterface.dll]  <><1, 0, 0, 1>
[PID: 1564][C:\Program Files\InfoSafe\GUS-Client\IsGusClientGuard.exe]  <info><1, 0, 0, 2>
[PID: 1632][C:\Program Files\CA\eTrust Antivirus\InoRpc.exe]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\InConfig.dll]  <Computer Associates International, Inc.><7.1.410.1>
    [C:\Program Files\CA\eTrust Antivirus\InoOEM.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\INOCORE.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\SharedComponents\ScanEngine\DistCfg.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\ScanLog.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\InocDB.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\LANG\KILL\wBkRsrcres.dll]  <冠群金辰软件有限公司><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\secAddIn.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\InocAdn.dll]  <Computer Associates International, Inc.><7.1.195.0>
    [C:\Program Files\CA\eTrust Antivirus\InDrvCfg.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\secAPI.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\SharedComponents\ScanEngine\InoScan.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\LANG\KILL\ScanResres.dll]  <冠群金辰软件有限公司><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\poldecod.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\polAdn.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\RPCMtAdn.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\NameAPIX.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\RPCMtAPI.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\InoAlert.dll]  <Computer Associates International, Inc.><7.1.409.1>
[PID: 1644][C:\Program Files\CA\eTrust Antivirus\InoRT.exe]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\ScanLog.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\InConfig.dll]  <Computer Associates International, Inc.><7.1.410.1>
    [C:\Program Files\CA\eTrust Antivirus\InoOEM.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\INOCORE.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\InocDB.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\SharedComponents\ScanEngine\DistCfg.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\LANG\KILL\wBkRsrcres.dll]  <冠群金辰软件有限公司><7.1.199.0>
    [C:\Program Files\CA\SharedComponents\ScanEngine\InoScan.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\LANG\KILL\ScanResres.dll]  <冠群金辰软件有限公司><7.1.199.0>
    [C:\Program Files\CA\SharedComponents\ScanEngine\arclib.dll]  <Computer Associates International, Inc.><7.2.1.8>
    [C:\Program Files\CA\SharedComponents\ScanEngine\VetE.dll]  <Computer Associates International, Inc.><Version 12.4.1.0>
[PID: 1664][C:\Program Files\CA\eTrust Antivirus\InoTask.exe]  <Computer Associates International, Inc.><7.1.410.1>
    [C:\Program Files\CA\eTrust Antivirus\InoAlert.dll]  <Computer Associates International, Inc.><7.1.409.1>
    [C:\Program Files\CA\eTrust Antivirus\ScanLog.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\InConfig.dll]  <Computer Associates International, Inc.><7.1.410.1>
    [C:\Program Files\CA\eTrust Antivirus\InoOEM.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\INOCORE.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\InocDB.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\RPCMtAPI.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\InDrvCfg.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\SharedComponents\ScanEngine\DistCfg.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\secAPI.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\LANG\KILL\wBkRsrcres.dll]  <冠群金辰软件有限公司><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\InoWMI.dll]  <Computer Associates International, Inc.><7.1.410.4>
    [C:\Program Files\CA\SharedComponents\ScanEngine\InoScan.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\eTrust Antivirus\LANG\KILL\ScanResres.dll]  <冠群金辰软件有限公司><7.1.199.0>
    [C:\Program Files\CA\SharedComponents\ScanEngine\arclib.dll]  <Computer Associates International, Inc.><7.2.1.8>
    [C:\Program Files\CA\SharedComponents\ScanEngine\Avh32dll.dll]  <N/A><N/A>
[PID: 1792][C:\PROGRA~1\CA\ETRUST~1\realmon.exe]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\PROGRA~1\CA\ETRUST~1\InConfig.dll]  <Computer Associates International, Inc.><7.1.410.1>
    [C:\PROGRA~1\CA\ETRUST~1\InoOEM.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\PROGRA~1\CA\ETRUST~1\INOCORE.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\PROGRA~1\CA\ETRUST~1\InDrvCfg.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\Program Files\CA\SharedComponents\ScanEngine\DistCfg.dll]  <Computer Associates International, Inc.><7.1.199.0>
    [C:\PROGRA~1\CA\ETRUST~1\LANG\KILL\Realmonres.dll]  <冠群金辰软件有限公司><7.1.199.0>
    [C:\PROGRA~1\CA\ETRUST~1\secAPI.dll]  <Computer Associates International, Inc.><7.1.199.0>
[PID: 1800][C:\Program Files\InfoSafe\GUS-Client\IsAlarmTip.exe]  <><1, 0, 0, 3>
[PID: 1836][C:\WINDOWS\system32\CTFMON.EXE]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1848][C:\Program Files\MSN Messenger\msnmsgr.exe]  <Microsoft Corporation><7.5.0322>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
[PID: 1900][C:\Program Files\InfoSafe\SNLSP\ISVS.exe]  <INFOSAFE><1, 0, 0, 30>
    [C:\Program Files\InfoSafe\SNLSP\wm_hooks.dll]  <InfoSafe><1, 0, 0, 18>
[PID: 1968][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 280][C:\WINDOWS\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.6172>
[PID: 388][C:\Program Files\InfoSafe\SNLSP\SNLSPGuard.exe]  <INFOSAFE><1, 0, 0, 5>
    [C:\Program Files\InfoSafe\SNLSP\ace.dll]  <N/A><5.4.1>
[PID: 488][C:\Program Files\InfoSafe\SNLSP\SNLSPCtrl.exe]  <InfoSafe><2, 1, 5, 106>
gototop
 
custer0287
头像
初生襁褓狮
  • 帖子:22
  • 注册: 2006-02-13
  • 来自:
发表于: 2006-02-23 09:59 | 只看楼主 短消息 资料
字号: 6楼

最后:

[C:\Program Files\InfoSafe\SNLSP\ace.dll]  <N/A><5.4.1>
    [C:\Program Files\InfoSafe\SNLSP\libdb41.dll]  <Sleepycat Software><4.1.24>
    [C:\Program Files\InfoSafe\SNLSP\zlib.dll]  <N/A><N/A>
    [C:\Program Files\InfoSafe\SNLSP\IsHardWare.dll]  <><1, 0, 0, 1>
    [C:\Program Files\InfoSafe\SNLSP\GetDiskInfo.dll]  <N/A><N/A>
    [C:\Program Files\InfoSafe\SNLSP\Cpuinf32.dll]  <N/A><N/A>
[PID: 516][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]  <Analog Devices, Inc.><3, 2, 6, 0>
[PID: 2792][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.0.2004121400>
    [C:\Program Files\JetCar\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll]  <Adobe Systems Incorporated><7.0.0.0>
    [C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.CHS]  <Adobe Systems Incorporated><7.0.0.0>
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS]  <Adobe Systems, Inc.><7.0.0.0>
[PID: 2460][C:\Program Files\JetCar\FlashGet.exe]  <Amaze Soft><1, 7, 1, 0>
[PID: 1732][D:\Downloads\sreng2\SREng.exe]  <Smallfrogs Studio><2.0.12.350>

==================================
文件关联
.TXT  Error. [NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

谢谢版主帮忙看看!
gototop
 
不言放弃
头像
社区嘉宾
  • 帖子:30678
  • 注册: 2004-09-17
  • 来自:蓝色星球
发表于: 2006-02-23 11:17 | 短消息 资料
字号: 7楼

进入注册表
删除如下自启动项:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Update><; C:\Program Files\Common Files\UPDATE\Update.exe>

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<DTService><rundll32.exe C:\DOCUME~1\ADMINI~1.LEN\LOCALS~1\Temp\RarSFX0\DTSERV~1.DLL,Load>

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<ipsec><rundll32.exe C:\PROGRA~1\COMMON~1\system\msdc32.dll,_S1>


删除
C:\PROGRA~1\COMMON~1\system\msdc32.dll
C:\Program Files\Common Files\UPDATE文件夹
以及C:\DOCUME~1\ADMINI~1.LEN\LOCALS~1\Temp下的所有文件
gototop
 
custer0287
头像
初生襁褓狮
  • 帖子:22
  • 注册: 2006-02-13
  • 来自:
发表于: 2006-02-23 14:19 | 只看楼主 短消息 资料
字号: 8楼

谢谢楼主的,试试去!
gototop
 
custer0287
头像
初生襁褓狮
  • 帖子:22
  • 注册: 2006-02-13
  • 来自:
发表于: 2006-02-23 16:58 | 只看楼主 短消息 资料
字号: 9楼

没找到UPDATE文件夹
不过好像不会弹出网页了
谢谢楼上两位哦
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT