1   1  /  1  页   跳转

请高手来看看啊??????我谢谢了!!!

收藏
红色阿修罗
头像
初生襁褓狮
  • 帖子:24
  • 注册: 2006-07-27
  • 来自:
发表于: 2006-09-07 15:01 | 只看楼主 短消息 资料
字号: 1楼

请高手来看看啊??????我谢谢了!!!

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\stsystra.exe
D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
D:\Program Files\Common Files\UPDATE2\Update.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\svchost.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\WINDOWS\system32\RUNDLL32.exe
D:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
D:\WINDOWS\system32\dwwin.exe
D:\Program Files\陈延军\安装程序\HijackThis.exe

F3 - REG:win.ini: load=D:\WINDOWS\3c4i629.exe
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - D:\WINDOWS\system32\xunleibho_v13.dll
O2 - BHO: Query Class - {01C2F1E8-5C69-4B5C-B052-26941B6C23A6} - D:\WINDOWS\system32\iequery.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - D:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - D:\Program Files\Common Files\CPUSH\cpush.dll
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - D:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5063.dll
O2 - BHO: Yahoo Ie-Bar - {4FCE0A2B-6D48-4B22-AD7A-1ACACABC0B38} - D:\WINDOWS\twuenk_16.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: JMX.JmxCenter - {63859236-76BF-493C-A587-DF479EBA2D4B} - D:\WINDOWS\system32\EJMX.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - D:\PROGRA~1\MMSASS~1\mmsass~1.dll
O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - D:\WINDOWS\SYSTEM32\stdup.dll
O2 - BHO: MSHlper Class - {721E6521-4CAD-4A8D-A7F1-4E230B31EF19} - D:\WINDOWS\system32\MSHLP.DLL
O2 - BHO: CpapView Class - {77962960-536E-47EC-9DDB-52651519705F} - D:\WINDOWS\system32\Rundl132.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O2 - BHO: tkuid Class - {A2DBE85F-37BF-488F-9B0C-AE21AE05658A} - D:\WINDOWS\system32\bsecoder.dll
O2 - BHO: Webacc - {CAC068F3-A608-406B-8581-458788A67694} - D:\WINDOWS\system32\svchost.dll
O2 - BHO: Count Class - {CFF6E0CF-02FB-47F5-95A4-DD8610D59284} - D:\WINDOWS\system32\bsnviewer.dll
O2 - BHO: QuickBtn - {D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} - D:\Program Files\kuzhan\kuzhan.dll
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - D:\WINDOWS\3c4o6290.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [MSService_v1.0] D:\WINDOWS\system\java.exe
O4 - HKLM\..\Run: [spoolsv] D:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - HKLM\..\Run: [Update] D:\Program Files\Common Files\UPDATE2\Update.exe
O4 - HKLM\..\Run: [svc] D:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [svc] D:\WINDOWS\svchost.exe
O4 - Startup: 腾讯QQ.lnk = D:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: IE-Bar.lnk = D:\Program Files\Common Files\IE-Bar\iebar.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
最后编辑2006-09-07 20:06:10
分享到:
gototop
 
红色阿修罗
头像
初生襁褓狮
  • 帖子:24
  • 注册: 2006-07-27
  • 来自:
发表于: 2006-09-07 15:01 | 只看楼主 短消息 资料
字号: 2楼

O8 - Extra context menu item:  >> 彩信发送 << - res://D:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: >>彩信发送<< - res://D:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: 酷站导航 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - D:\Program Files\kuzhan\kuzhan.dll
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - D:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - D:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: 5chaa - {D6E814A0-E0C5-11d4-8D29-0050BA6940E4} - http://www.5chaa.com (file missing)
O9 - Extra 'Tools' menuitem: 5chaa - {D6E814A0-E0C5-11d4-8D29-0050BA6940E4} - http://www.5chaa.com (file missing)
O9 - Extra button: 易趣购物 - {DE607145-AC19-425e-866A-6D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {DE607145-AC19-425e-866A-6D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E1DD8A9-8E58-4F33-AA78-8EAC3D3C31E9}: NameServer = 202.102.154.3 202.102.128.68
O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - D:\WINDOWS\webwork\webwork.dll
O21 - SSODL: themeadp - {64274C93-3CE7-4663-9C8D-CD2DC8A3590B} - D:\WINDOWS\system32\themeadp.dll
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - D:\WINDOWS\system\3c4d6290.dll
O23 - Service: HP Port Resolver - Hewlett-Packard Company - D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
gototop
 
秋日里的蓝天
头像
卡卡技术团队
  • 帖子:7349
  • 注册: 2004-09-30
  • 来自:
发表于: 2006-09-07 20:13 | 短消息 资料
字号: 3楼

运行Hijackthis,把下面的选中打上钩,修复
F3 - REG:win.ini: load=D:\WINDOWS\3c4i629.exe
O2 - BHO: Query Class - {01C2F1E8-5C69-4B5C-B052-26941B6C23A6} - D:\WINDOWS\system32\iequery.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - D:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - D:\Program Files\Common Files\CPUSH\cpush.dll
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - D:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5063.dll
O2 - BHO: Yahoo Ie-Bar - {4FCE0A2B-6D48-4B22-AD7A-1ACACABC0B38} - D:\WINDOWS\twuenk_16.dll
O2 - BHO: MSHlper Class - {721E6521-4CAD-4A8D-A7F1-4E230B31EF19} - D:\WINDOWS\system32\MSHLP.DLL
O2 - BHO: CpapView Class - {77962960-536E-47EC-9DDB-52651519705F} - D:\WINDOWS\system32\Rundl132.dll
O2 - BHO: tkuid Class - {A2DBE85F-37BF-488F-9B0C-AE21AE05658A} - D:\WINDOWS\system32\bsecoder.dll
O2 - BHO: Webacc - {CAC068F3-A608-406B-8581-458788A67694} - D:\WINDOWS\system32\svchost.dll
O2 - BHO: Count Class - {CFF6E0CF-02FB-47F5-95A4-DD8610D59284} - D:\WINDOWS\system32\bsnviewer.dll
O2 - BHO: QuickBtn - {D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} - D:\Program Files\kuzhan\kuzhan.dll
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - D:\WINDOWS\3c4o6290.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [MSService_v1.0] D:\WINDOWS\system\java.exe
O4 - HKLM\..\Run: [spoolsv] D:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - HKCU\..\Run: [svc] D:\WINDOWS\svchost.exe
04 - HKLM\..\Run: [Update] D:\Program Files\Common Files\UPDATE2\Update.exe
O4 - HKLM\..\Run: [svc] D:\WINDOWS\svchost.exe
O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - D:\WINDOWS\webwork\webwork.dll
O21 - SSODL: themeadp - {64274C93-3CE7-4663-9C8D-CD2DC8A3590B} - D:\WINDOWS\system32\themeadp.dll
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - D:\WINDOWS\system\3c4d6290.dll

删除:
D:\WINDOWS\system\java.exe
D:\WINDOWS\system32\spoolsv\spoolsv.exe
D:\WINDOWS\svchost.exe
D:\Program Files\Common Files\UPDATE2\Update.exe
D:\WINDOWS\webwork
D:\WINDOWS\system32\themeadp.dll
D:\WINDOWS\system\3c4d6290.dll
查找stsystra.exe删除
gototop
 
秋日里的蓝天
头像
卡卡技术团队
  • 帖子:7349
  • 注册: 2004-09-30
  • 来自:
发表于: 2006-09-07 20:13 | 短消息 资料
字号: 4楼

O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll
1、开始→控制面板→性能和维护→管理工具→服务→查找StdService→右击→属性→启动类型→禁止→应用→停止→确定。

2、重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
运行Hijackthis,扫描结束后在下列选项前打上勾,然后选修复“Fix Checked”:
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll

3、显示隐藏文件
双击我的电脑--工具---文件夹选项--查看选项卡--单击选取"显示隐藏文件或文件夹"--清除"隐藏受保护的操作系统文件(推荐)"复选框。在提示您确定更改时,单击“是”--单击“确定”。
然后找到如下文件并删除
C:\WINDOWS\SYSTEM32\stdup.dll
C:\WINDOWS\system32\STDSVER.DLL
C:\WINDOWS\system32\stdcache\整个目录


O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
进入控制面版的添加删除程序中卸载,MMSASS~1彩信
关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis,把下面的选中打上钩,修复
C:\PROGRA~1\MMSASS~1\mmsass~1.dll

重启后删除
C:\PROGRA~1\MMSASS~1
如果还是解决不了
下载超级兔子。
http://www.pctutu.com/srmsdown.asp
安装好后,打开“超级兔子清理王”“专业卸载,卸载所有提示的垃圾软件,
卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载。
gototop
 
秋日里的蓝天
头像
卡卡技术团队
  • 帖子:7349
  • 注册: 2004-09-30
  • 来自:
发表于: 2006-09-07 20:14 | 短消息 资料
字号: 5楼

修复后:重启

请下载SREng2 ,使用“智能扫描”,按下“扫描”按钮进行扫描,
扫描完成后按下“保存报告”按钮保存报告日志文件(SREng.LOG),把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完,分次粘完,请不要修改。

下载地址
http://free5.ys168.com/?ufwihgu168
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT