1   1  /  1  页   跳转

折磨我好几天了,求助高手帮忙

收藏
imsun
头像
初生襁褓狮
  • 帖子:41
  • 注册: 2006-03-31
  • 来自:
发表于: 2006-09-22 09:01 | 只看楼主 短消息 资料
字号: 1楼

折磨我好几天了,求助高手帮忙

用了几种专杀,也手动查杀过可收效不大.以下是扫描日志帮忙分析解决
2006-09-22,08:46:05

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [Microsoft Corporation]
    <msnnt><C:\WINDOWS\winampa.exe>  []
    <svc><C:\WINDOWS\svchost.exe>  []
    <updatereal><C:\WINDOWS\realupdate.exe other>  []
    <msq><C:\WINDOWS\System32\iExplorer.exe>  []
    <daemon><C:\WINDOWS\daemon.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <wow><C:\WINDOWS\System32\Launcher.exe>  []
    <zz><C:\WINDOWS\System32\intenet.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><C:\WINDOWS\rundl132.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera>  []
    <Desktop><C:\WINDOWS\System32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll>  []
    <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>  []
    <spoolsv><C:\WINDOWS\System32\spoolsv\spoolsv.exe -printer>  [广州傲讯信息科技有限公司]
    <svc><C:\WINDOWS\svchost.exe>  []
    <Tray><C:\WINDOWS\command\rundll32.exe>  []
    <CnsMHlp.exe><C:\WINDOWS\Downloaded Program files\CnsMHlp.exe>  [3721.com]
    <softbox><C:\WINDOWS\System32\softbox.exe>  [bcnet]
    <MSService_v1.0><C:\WINDOWS\system\realsched.exe>  []
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <RichMedia><C:\WINDOWS\System32\Rundll32.exe  "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows>  []
    <Update><C:\Program Files\Common Files\UPDATE2\Update.exe>  []
    <WindowOutNew><C:\WINDOWS\System32\windowoutnew.exe>  [Solid]
    <pbmini><C:\Program Files\pcast\PodcastbarMini\PodcastBar.exe -hide>  [Podcast Bar Team]
    <SoundMam><C:\WINDOWS\System32\SVOHOST.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <kokv><C:\WINDOWS\system\3ddi593.exe>  []
    <Galaxy><rundll32.exe C:\WINDOWS\System32\ppgaxea.dll,Su>  []
    <Power><rundll32.exe C:\WINDOWS\System32\alxklt.dll,Start>  []
    <popBlockHlp><rundll32.exe C:\WINDOWS\system32\wbem\wmipop.dll,_S1>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]

==================================
启动文件夹
[Service Manager]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Service Manager.lnk><H>
[AutoCAD 启动加速器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk><H>
[WinZip Quick Pick]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\WinZip Quick Pick.lnk><H>
[IE-Bar]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\IE-Bar.lnk><N>

==================================
服务
[Autodesk Licensing Service / Autodesk Licensing Service]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk, Inc.>
[JMediaService / JMediaService]
  <C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service><N/A>
[Distributed Application Client / lDOMANE]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL,Export 1087><N/A>
[MSSQLSERVER / MSSQLSERVER]
  <C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -sMSSQLSERVER><N/A>
[MSSQLServerADHelper / MSSQLServerADHelper]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><N/A>
[Norton AntiVirus Auto Protect Service / navapsvc]
  <"C:\Program Files\Norton AntiVirus\navapsvc.exe"><N/A>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy  Service / RfwProxySrv]
  <d:\瑞星\rising\rfw\rfwproxy.exe><N/A>
[Rising Personal Firewall Service / RfwService]
  <D:\瑞星\Rising\Rfw\rfwsrv.exe><N/A>
[Rising Process Communication Center / RsCCenter]
  <"D:\瑞星\Rising\Rav\CCenter.exe"><N/A>
[RsRavMon Service / RsRavMon]
  <"D:\瑞星\Rising\Rav\Ravmond.exe"><N/A>
[SQLSERVERAGENT / SQLSERVERAGENT]
  <C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -i MSSQLSERVER><N/A>
[SVCHAST / SystemInspect]
  <C:\Program Files\SystemInspect\SVCHAST.exe><N/A>
[Windows User Mode Driver Framework / UMWdf]
  <><N/A>

==================================
最后编辑2006-09-22 09:01:43.560000000
分享到:
gototop
 
imsun
头像
初生襁褓狮
  • 帖子:41
  • 注册: 2006-03-31
  • 来自:
发表于: 2006-09-22 09:01 | 只看楼主 短消息 资料
字号: 2楼

浏览器加载项
[MonitorURL Class]
  {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, >
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, N/A>
[Shockwave Flash Object]
  {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} <C:\WINDOWS\system32\c_20936.dll, Macromedia, Inc.>
[MyIEHelper Class]
  {16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5003.dll, CNNIC>
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, N/A>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, N/A>
[]
  {3D898C55-74CC-4B7C-B5F1-45913F368388} <C:\PROGRA~1\SYSTEM~1\SYSTEM~1.DLL, N/A>
[raObject Class]
  {46F194EB-B7DB-4B7A-BD42-5FF39FD17664} <C:\PROGRA~1\pcast\hbcast.dll, N/A>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[Vision]
  {6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[stdup]
  {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} <C:\WINDOWS\System32\stdup.dll, MStdup Co Ltd.>
[实用搜索]
  {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} <C:\Program Files\UtilToolBar\utilbar.dll, Shanghai Leysin Technology Co, Ltd.>
[BHOImp Class]
  {70AFF2CB-9DA2-499C-8D15-900729FCE83D} <C:\WINDOWS\system32\YHBO.dll, YHBO>
[CpapView Class]
  {77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\System32\Rundl132.dll, >
[]
  {8532B305-4486-4388-939F-341C0430CDFC} <C:\WINDOWS\system32\DxBho.dll, N/A>
[龙行工具栏(&L)]
  {86D11CB9-AD67-4F1F-9910-51A9AD9735FD} <C:\WINDOWS\system32\LongT2br.dll, 龙行网>
[ShowBarEx Class]
  {9411F42F-09FF-4FB5-ADD3-30ECAC43DC51} <C:\WINDOWS\system32\QQ3818~1.DLL, >
[perfdp]
  {995FF616-7583-4D6B-9675-EED24EDC93BB} <C:\WINDOWS\System32\perfiup.dll, >
[WinSC Class]
  {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC64.dll, N/A>
[Spoolsv Class]
  {9C363D55-07D7-433d-A13E-D9C105202F6F} <C:\WINDOWS\System32\drivers\spoolsv.dll, >
[DDOC]
  {A64E86D2-203D-4145-AA9B-2425BAF568E9} <C:\WINDOWS\System32\henroer.dll, >
[Macromedia. Flash8 Object]
  {C61A70F3-505E-4B90-916F-627A8706B4BC} <c:\WINDOWS\system32\COMBoHEvent.dll, N/A>
[CIEHelper Object]
  {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} <C:\WINDOWS\System32\ms.dll, N/A>
[Webacc Class]
  {CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\System32\svchost.dll, >
[QuickBtn]
  {D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} <C:\Program Files\kuzhan\kuzhan.dll, Fengcent>
[51导航]
  {D271A289-57EB-4D0E-9131-A0CD25D4D1F8} <C:\WINDOWS\system32\browsewmzero.dll, N/A>
[]
  {D2D5E8D7-7C1A-4EDD-9084-4432B8661384} <C:\WINDOWS\system32\LongT2br.dll, 龙行网>
[珊瑚虫 工具栏]
  {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} <C:\Program Files\Infofo Bar\infofobar.dll, 珊瑚虫工作室 泰格工作室>
[Windows ToyClass]
  {E3DB85B5-C559-4894-B474-42E89FAA1EFD} <C:\WINDOWS\System32\winmsd.dll, Microsoft Corporation>
[BHelper Class]
  {F2E37336-BFDB-409B-8D0E-6F013C438B20} <C:\WINDOWS\System32\3ddo5930.dll, N/A>
[WMHlprObj Class]
  {F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[QuickBtn]
  {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\kuzhan\kuzhan.dll, Fengcent>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[MMSAssistMenu]
  {6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[珊瑚虫 工具栏]
  {8507326C-B5C1-4559-BB91-0919E753836F} <C:\Program Files\Infofo Bar\infofobar.dll, 珊瑚虫工作室 泰格工作室>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\qq\QQ.EXE, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[珊瑚虫 工具栏]
  {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} <C:\Program Files\Infofo Bar\infofobar.dll, 珊瑚虫工作室 泰格工作室>
[BitCometBar]
  {3F1ABCDB-A875-46c1-8345-B72A4567E486} <D:\bit\BitComet\BitCometBar\BitCometBar0.2.dll, N/A>
[实用搜索工具条V2.0]
  {75D82598-4A3C-419e-99D2-3EB56D09CFD0} <C:\Program Files\UtilToolBar\utilbar.dll, Shanghai Leysin Technology Co, Ltd.>
[龙行工具栏(&L)]
  {86D11CB9-AD67-4F1F-9910-51A9AD9735FD} <C:\WINDOWS\system32\LongT2br.dll, 龙行网>
[5940.cn导航]
  {6144F1E9-C6D4-4FF3-9008-AA43F3D287AC} <C:\WINDOWS\system32\QQ3818~1.DLL, >
[XLink Class]
  {18F57D30-EF36-4C0E-9343-7BFA6DF79B4A} <C:\WINDOWS\System32\quartz32.dll, >
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\System32\WEBACT~1.OCX, QQ>
[Malicious Software Removal Tool]
  {4B48D5DF-9021-45F7-A240-60304302A215} <C:\WINDOWS\Downloaded Program Files\WebCleaner.dll, Microsoft Corporation>
[Downloader Class]
  {5932517A-3326-4439-A708-1C98EDB5C549} <C:\WINDOWS\System32\iMopDl.dll, >
[TV Stream Source]
  {BE9535B7-76FB-4572-AD20-B32BADB3643B} <C:\WINDOWS\System32\FAggr.ax, www.sina.com.cn>
[IEDown Class]
  {D0A29C6C-AA71-4423-8C4A-5998B774C448} <C:\WINDOWS\System32\GLIEDown2.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[Ravonline]
  {DA984A6D-508E-11D6-AA49-0050FF3C628D} <C:\WINDOWS\Downloaded Program Files\RsOnline.dll, Beijing Rising Tech. Co., Ltd.>
[KATScan Control]
  {DDA166FA-B3EA-4A3B-8EE2-4F552CDEEE81} <C:\WINDOWS\System32\Kingsoft\KATScan\KATScan.OCX, Kingsoft>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[KvScanOnline Control]
  {EF6205C1-3F17-4829-BCB5-1336ED89E356} <C:\WINDOWS\System32\KvDown.ocx, dreamersoft>
[>>彩信发送<<]
  <res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm, N/A>
[Google 搜索(&G)]
  <res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <D:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <D:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[添加到雅虎订阅(&Y)]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\qq\SendMMS.htm, N/A>
[百度-搜索MP3]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUMP3.HTM, N/A>
[百度-搜索图片]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUIMG.HTM, N/A>
[百度-搜索新闻]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUNEWS.HTM, N/A>
[百度-搜索歌词]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDULYRIC.HTM, N/A>
[百度-搜索网页]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUSEARCH.HTM, N/A>
[百度-搜索贴吧]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUPOST.HTM, N/A>
[百度-词典搜索]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDU_DIC.HTM, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>
[雅虎搜索]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246, N/A>

==================================
正在运行的进程
[PID: 312][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 372][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 396][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.1557 (xpsp2_gdr.040517-1325)>
    [C:\WINDOWS\system32\tssoft32.acm]  <DSP GROUP, INC.><1.01>
    [C:\WINDOWS\system32\tsd32.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\sl_anet.acm]  <Sipro Lab Telecom Inc.><3.02>
    [C:\WINDOWS\system32\L3codeca.acm]  <Kristal Studio><4.20.0000>
    [C:\WINDOWS\system32\DivXa32.acm]  <Kristal Studi><4.2.00.000>
[PID: 440][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\System32\raspapi.dll]  <><4, 1, 0, 0>
[PID: 452][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 608][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\System32\raspapi.dll]  <><4, 1, 0, 0>
    [C:\WINDOWS\System32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
[PID: 660][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 748][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 772][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 976][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\System32\AcSignIcon.dll]  <Autodesk><16.1.63.0>
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  <Autodesk><16.1.63.0>
[PID: 1452][C:\WINDOWS\System32\conime.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\Documents and Settings\lt\桌面\SREng2\SREng2\SREng.com]  <Smallfrogs Studio><2.0.21.505>
    [C:\WINDOWS\System32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [C:\WINDOWS\System32\raspapi.dll]  <><4, 1, 0, 0>
    [C:\WINDOWS\System32\AcSignIcon.dll]  <Autodesk><16.1.63.0>
[PID: 1692][C:\WINDOWS\System32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT