瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 求助:老大们,我的IE也被抢了,帮忙分析一下

12   1  /  2  页   跳转

求助:老大们,我的IE也被抢了,帮忙分析一下

收藏
kevinchu
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-06-20
  • 来自:
发表于: 2006-06-20 10:30 | 显示全部 短消息 资料
字号: 1楼

求助:老大们,我的IE也被抢了,帮忙分析一下

我的机子的日志,请分析一下,谢谢!
Logfile of HijackThis v1.99.1
Scan saved at 9:35:27, on 2006-6-20
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\savedump.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\AutoUp.exe
C:\WINNT\AdsNT.exe
C:\WINNT\system32\AlxUp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\TheWorld\TheWorld.exe
C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
E:\HijackThis.exe

O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v14.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Update.URL
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {06926B30-424E-4f1c-8EE3-543CD96573DC} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30 (file missing)
O9 - Extra button: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30 (file missing)
O9 - Extra button: (no name) - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30 (file missing)
O9 - Extra button: P2P分享 - {6713E8D2-850A-101B-AFC0-4210102A8DA7} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%70 (file missing)
O9 - Extra button: 领我上上网 - {7713E8D2-850A-101B-AFC0-4210102A8DA7} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i (file missing)
O9 - Extra button: (no name) - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - http://www.joyo.com/default.asp?source=w-90002765 (file missing)
O9 - Extra button: (no name) - {A9BE2902-C447-420A-BB7F-A5DE921E6138} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30 (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Q币快速冲值 - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - http://rich.qq.com/spr/code_pay.shtml?Spid=sprv1&Comment1=1607042&Comment2=&Comment3=&Comment4= (file missing)
O9 - Extra 'Tools' menuitem: Q币快速冲值 - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - http://rich.qq.com/spr/code_pay.shtml?Spid=sprv1&Comment1=1607042&Comment2=&Comment3=&Comment4= (file missing)
O9 - Extra button: (no name) - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30 (file missing)
O9 - Extra button: (no name) - {e1fc9760-7b95-49cd-80b9-8c9e41017b93} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30 (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30 (file missing)
O9 - Extra button: (no name) - {f58d36c3-40be-4418-a786-d8fbe3eb3554} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30 (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30 (file missing)
O9 - Extra button: (no name) - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30 (file missing)
O9 - Extra button: (no name) - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30 (file missing)
O9 - Extra button: P2P分享 - {6713E8D2-850A-101B-AFC0-4210102A8DA7} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%70 (file missing) (HKCU)
O9 - Extra button: 领我上上网 - {7713E8D2-850A-101B-AFC0-4210102A8DA7} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i (file missing) (HKCU)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

最后编辑2006-06-22 09:09:35
分享到:
gototop
 
kevinchu
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-06-20
  • 来自:
发表于: 2006-06-21 09:41 | 显示全部 短消息 资料
字号: 2楼

谢谢!目前没有问题了,非常感谢!
gototop
 
kevinchu
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-06-20
  • 来自:
发表于: 2006-06-21 10:35 | 显示全部 短消息 资料
字号: 3楼

2006-06-21,10:29:03

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联


启动项目


注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(Internat.exe)(internat.exe) [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(Synchronization Manager)(mobsync.exe /logon) [Microsoft Corporation]
(avast!)(C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe) []
(NeroFilterCheck)(C:\WINNT\system32\NeroCheck.exe) [Ahead Software Gmbh]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
(UserInit)(usrinit.exe) []
(WinAutoUp)(C:\WINNT\AutoUp.exe) []
(adsnt)(C:\WINNT\AdsNT.exe) []
(AlxInit)(C:\WINNT\system32\AlxUp.exe) []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [Microsoft Corporation]
(Userinit)(C:\WINNT\system32\userinit.exe,) [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() []




--------------------------------------------------------------------------------



启动文件夹

[Microsoft Office]
(C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk)(N)
[Windows Update]
(C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Windows Update.URL)(N)



--------------------------------------------------------------------------------



服务

[avast! iAVS4 Control Service / aswUpdSv]
("C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe")(N/A)
[avast! Antivirus / avast! Antivirus]
("C:\Program Files\Alwil Software\Avast4\ashServ.exe")(N/A)
[avast! Mail Scanner / avast! Mail Scanner]
("C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service)(ALWIL Software)
[avast! Web Scanner / avast! Web Scanner]
("C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service)(ALWIL Software)
[Logical Disk Manager Administrative Service / dmadmin]
(C:\WINNT\System32\dmadmin.exe /com)(VERITAS Software Corp.)
gototop
 
kevinchu
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-06-20
  • 来自:
发表于: 2006-06-21 10:37 | 显示全部 短消息 资料
字号: 4楼

浏览器加载项

[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} (C:\WINNT\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD)
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated)
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} (C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD)
[]
{06926B30-424E-4f1c-8EE3-543CD96573DC} (http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30, N/A)
[]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} (http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30, N/A)
[]
{5D73EE86-05F1-49ed-B850-E423120EC338} (http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30, N/A)
[P2P分享]
{6713E8D2-850A-101B-AFC0-4210102A8DA7} (http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%70, N/A)
[领我上上网]
{7713E8D2-850A-101B-AFC0-4210102A8DA7} (http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i, N/A)
[]
{8DE0FCD4-5EB5-11D3-AD25-00002100131B} (http://www.joyo.com/default.asp?source=w-90002765, N/A)
[]
{A9BE2902-C447-420A-BB7F-A5DE921E6138} (http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30, N/A)
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} (, N/A)
[Q币快速冲值]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} (http://rich.qq.com/spr/code_pay.shtml?Spid=sprv1&Comment1=1607042&Comment2=&Comment3=&Comment4=, N/A)
[]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} (http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30, N/A)
[]
{e1fc9760-7b95-49cd-80b9-8c9e41017b93} (http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30, N/A)
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} (http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30, N/A)
[]
{f58d36c3-40be-4418-a786-d8fbe3eb3554} (http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30, N/A)
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} (http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30, N/A)
[]
{FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} (http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30, N/A)
[]
{FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} (http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30, N/A)
[P2P分享]
{6713E8D2-850A-101B-AFC0-4210102A8DA7} (http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%70, N/A)
[领我上上网]
{7713E8D2-850A-101B-AFC0-4210102A8DA7} (http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i, N/A)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINNT\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.)
[&使用迅雷下载]
(C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A)
[&使用迅雷下载全部链接]
(C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A)
[上传到QQ网络硬盘]
(C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A)
[添加到QQ自定义面板]
(C:\Program Files\Tencent\QQ\AddPanel.htm, N/A)
[添加到QQ表情]
(C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A)
[用QQ彩信发送该图片]
(C:\Program Files\Tencent\QQ\SendMMS.htm, N/A)



--------------------------------------------------------------------------------
gototop
 
kevinchu
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-06-20
  • 来自:
发表于: 2006-06-21 10:38 | 显示全部 短消息 资料
字号: 5楼


正在运行的进程

[PID: 140][\SystemRoot\System32\smss.exe] (Microsoft Corporation)(5.00.2195.6601)
[PID: 164][\??\C:\WINNT\system32\csrss.exe] (Microsoft Corporation)(5.00.2195.6601)
[PID: 184][\??\C:\WINNT\system32\winlogon.exe] (Microsoft Corporation)(5.00.2195.6997)
[PID: 212][C:\WINNT\system32\services.exe] (Microsoft Corporation)(5.00.2195.7035)
[C:\WINNT\system32\dmserver.dll] (VERITAS Software Corp.)(2195.6605.297.3)
[PID: 224][C:\WINNT\system32\lsass.exe] (Microsoft Corporation)(5.00.2195.7011)
[PID: 400][C:\WINNT\system32\svchost.exe] (Microsoft Corporation)(5.00.2134.1)
[PID: 428][C:\WINNT\system32\spoolsv.exe] (Microsoft Corporation)(5.00.2195.7013)
[C:\WINNT\system32\AdobePDF.dll] (Adobe Systems Incorporated.)(6.0.000)
[C:\Program Files\Adobe\Acrobat 6.0\Distillr\AdistRes.CHS] (N/A)(N/A)
[C:\WINNT\system32\spool\PRTPROCS\W32X86\vprproc.dll] (Windows (R) 2000 DDK provider)(5.00.2195.1620)
[PID: 480][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] (N/A)(N/A)
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] (ALWIL Software)(4, 7, 800, 0)
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] (ALWIL Software)(4, 7, 824, 0)
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] (ALWIL Software)(4, 7, 824, 0)
[PID: 496][C:\Program Files\Alwil Software\Avast4\ashServ.exe] (N/A)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] (ALWIL Software)(4, 6, 763, 0)
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] (ALWIL Software)(4, 7, 824, 0)
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] (ALWIL Software)(4, 7, 824, 0)
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] (ALWIL Software)(4, 7, 835, 0)
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] (ALWIL Software)(4, 7, 800, 0)
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\aswInteg.dll] (ALWIL Software)(4, 6, 763, 0)
[C:\Program Files\Alwil Software\Avast4\aswIdle.dll] (ALWIL Software)(4, 6, 665, 0)
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll] (ALWIL Software)(4, 7, 800, 0)
[C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] (N/A)(N/A)
[C:\Program Files\Alwil Software\Avast4\AhResJs.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\ahResMes.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\AhResNS.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\AhResOut.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\AhResStd.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\AhResWS.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] (ALWIL Software)(4, 6, 763, 0)
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] (ALWIL Software)(4, 6, 763, 0)
[PID: 520][C:\WINNT\system32\svchost.exe] (Microsoft Corporation)(5.00.2134.1)
[PID: 576][C:\WINNT\system32\regsvc.exe] (Microsoft Corporation)(5.00.2195.6701)
[PID: 600][C:\WINNT\system32\MSTask.exe] (Microsoft Corporation)(4.71.2195.6972)
[PID: 656][C:\WINNT\System32\WBEM\WinMgmt.exe] (Microsoft Corporation)(1.50.1085.0100)
[PID: 708][C:\WINNT\system32\svchost.exe] (Microsoft Corporation)(5.00.2134.1)
[PID: 872][C:\WINNT\Explorer.EXE] (Microsoft Corporation)(5.00.3700.6690)
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] (ALWIL Software)(4, 6, 763, 0)
[C:\WINNT\system32\xunleibho_v14.dll] (Thunder Networking Technologies,LTD)(4, 6, 0, 62)
[C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll] (Adobe Systems Incorporated)(6.0.0.2003051500)
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] (Thunder Networking Technologies,LTD)(5, 0, 0, 1)
[C:\Program Files\WinRAR\rarext.dll] (N/A)(N/A)
[C:\Program Files\Alwil Software\Avast4\ashShell.dll] (ALWIL Software)(4, 7, 835, 0)
[C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll] (Adobe Systems Inc.)(1.0.0.2003051500)
[C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.chs] (Adobe Systems Inc.)(1.0.0.2003051500)
[PID: 952][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\ashUInt.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] (ALWIL Software)(4, 7, 824, 0)
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] (ALWIL Software)(4, 7, 824, 0)
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] (ALWIL Software)(4, 7, 800, 0)
[C:\Program Files\Alwil Software\Avast4\XT1922.dll] (Codejock Software)(1, 9, 4, 0)
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] (ALWIL Software)(4, 6, 763, 0)
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll] (ALWIL Software)(4, 7, 800, 0)
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] (ALWIL Software)(4, 7, 835, 0)
[C:\Program Files\Alwil Software\Avast4\ChineseS\Lang.dll] (ALWIL Software)(4, 7, 824, 0)
[C:\Program Files\Alwil Software\Avast4\ChineseS\langmai.dll] (ALWIL Software)(4, 7, 800, 0)
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] (ALWIL Software)(4, 6, 763, 0)
[PID: 1036][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] (ALWIL Software)(4, 7, 824, 0)
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] (ALWIL Software)(4, 7, 824, 0)
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] (ALWIL Software)(4, 7, 800, 0)
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] (ALWIL Software)(4, 6, 763, 0)
[C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll] (ALWIL Software)(4, 7, 800, 0)
[C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] (ALWIL Software)(4, 7, 835, 0)
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] (ALWIL Software)(4, 7, 835, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] (ALWIL Software)(4, 7, 844, 0)
[PID: 1100][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] (N/A)(5, 0, 0, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] (ALWIL Software)(4, 7, 824, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] (ALWIL Software)(4, 7, 824, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] (ALWIL Software)(4, 7, 800, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] (ALWIL Software)(4, 6, 763, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll] (ALWIL Software)(4, 7, 800, 0)
[C:\Program Files\Alwil Software\Avast4\ChineseS\Lang.dll] (ALWIL Software)(4, 7, 824, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] (ALWIL Software)(4, 7, 835, 0)
[c:\program files\alwil software\avast4\ahruijs.dll] (N/A)(4, 7, 844, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] (Codejock Software)(1, 9, 4, 0)
[c:\program files\alwil software\avast4\ahruimai.dll] (ALWIL Software)(4, 7, 844, 0)
[c:\program files\alwil software\avast4\ahruimes.dll] (ALWIL Software)(4, 7, 844, 0)
[c:\program files\alwil software\avast4\ahruins.dll] (ALWIL Software)(4, 7, 844, 0)
[c:\program files\alwil software\avast4\ahruiout.dll] (ALWIL Software)(4, 7, 844, 0)
[c:\program files\alwil software\avast4\ahruip2p.dll] (ALWIL Software)(4, 7, 844, 0)
[c:\program files\alwil software\avast4\ahruistd.dll] (ALWIL Software)(4, 7, 844, 0)
[c:\program files\alwil software\avast4\ahruiws.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] (ALWIL Software)(4, 6, 763, 0)
[PID: 1184][C:\WINNT\system32\internat.exe] (Microsoft Corporation)(5.00.2920.0000)
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] (ALWIL Software)(4, 6, 763, 0)
[PID: 1280][C:\PROGRA~1\TheWorld\TheWorld.exe] (Phoenix Studio)(1, 2, 3, 5)
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] (ALWIL Software)(4, 6, 763, 0)
[C:\WINNT\system32\Macromed\Flash\Flash8b.ocx] (Macromedia, Inc.)(8,0,24,0)
[C:\Program Files\Alwil Software\Avast4\AhAScr.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] (ALWIL Software)(4, 7, 824, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] (ALWIL Software)(4, 7, 824, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] (ALWIL Software)(4, 7, 800, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] (ALWIL Software)(4, 6, 763, 0)
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] (Thunder Networking Technologies,LTD)(5, 0, 0, 1)
[PID: 1420][E:\SREng2-v2.021\SREng.exe] (Smallfrogs Studio)(2.0.21.505)
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] (ALWIL Software)(4, 6, 763, 0)
gototop
 
kevinchu
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-06-20
  • 来自:
发表于: 2006-06-21 10:38 | 显示全部 短消息 资料
字号: 6楼

--------------------------------------------------------------------------------



文件关联

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
gototop
 
kevinchu
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-06-20
  • 来自:
发表于: 2006-06-21 10:42 | 显示全部 短消息 资料
字号: 7楼

老大,以上是扫描结果,刚才我重启机子之后就又出现自动打开IE了。下面是Logfile of HijackThis 扫描结果。
Logfile of HijackThis v1.99.1
Scan saved at 10:38:45, on 2006-6-21
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\internat.exe
C:\PROGRA~1\TheWorld\TheWorld.exe
E:\SREng2-v2.021\SREng.exe
E:\HijackThis.exe

O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v14.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Update.URL
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {06926B30-424E-4f1c-8EE3-543CD96573DC} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30 (file missing)
O9 - Extra button: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30 (file missing)
O9 - Extra button: (no name) - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30 (file missing)
O9 - Extra button: P2P分享 - {6713E8D2-850A-101B-AFC0-4210102A8DA7} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%70 (file missing)
O9 - Extra button: 领我上上网 - {7713E8D2-850A-101B-AFC0-4210102A8DA7} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i (file missing)
O9 - Extra button: (no name) - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - http://www.joyo.com/default.asp?source=w-90002765 (file missing)
O9 - Extra button: (no name) - {A9BE2902-C447-420A-BB7F-A5DE921E6138} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30 (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Q币快速冲值 - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - http://rich.qq.com/spr/code_pay.shtml?Spid=sprv1&Comment1=1607042&Comment2=&Comment3=&Comment4= (file missing)
O9 - Extra 'Tools' menuitem: Q币快速冲值 - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - http://rich.qq.com/spr/code_pay.shtml?Spid=sprv1&Comment1=1607042&Comment2=&Comment3=&Comment4= (file missing)
O9 - Extra button: (no name) - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30 (file missing)
O9 - Extra button: (no name) - {e1fc9760-7b95-49cd-80b9-8c9e41017b93} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30 (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30 (file missing)
O9 - Extra button: (no name) - {f58d36c3-40be-4418-a786-d8fbe3eb3554} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30 (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30 (file missing)
O9 - Extra button: (no name) - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30 (file missing)
O9 - Extra button: (no name) - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%30 (file missing)
O9 - Extra button: P2P分享 - {6713E8D2-850A-101B-AFC0-4210102A8DA7} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i&%75=%70 (file missing) (HKCU)
O9 - Extra button: 领我上上网 - {7713E8D2-850A-101B-AFC0-4210102A8DA7} - http://%72%65%64%69%72%65%63%74%2e%30%35%33%33%35%2e%63%6f%6d/%72%65%64%69%72%65%63%74/?%61=■&%6d=i (file missing) (HKCU)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
gototop
 
kevinchu
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-06-20
  • 来自:
发表于: 2006-06-21 16:26 | 显示全部 短消息 资料
字号: 8楼

我按照您的说明已经更改,重启后又有IE弹出,连接网站。
以下为扫描日志。
Logfile of HijackThis v1.99.1
Scan saved at 16:16:05, on 2006-6-21
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\internat.exe
E:\HijackThis.exe

O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v14.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Update.URL
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
gototop
 
kevinchu
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-06-20
  • 来自:
发表于: 2006-06-21 16:26 | 显示全部 短消息 资料
字号: 9楼

2006-06-21,16:17:37

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联


启动项目


注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(Internat.exe)(internat.exe) [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(Synchronization Manager)(mobsync.exe /logon) [Microsoft Corporation]
(avast!)(C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe) []
(NeroFilterCheck)(C:\WINNT\system32\NeroCheck.exe) [Ahead Software Gmbh]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
(UserInit)(usrinit.exe) []
(WinAutoUp)(C:\WINNT\AutoUp.exe) []
(adsnt)(C:\WINNT\AdsNT.exe) []
(AlxInit)(C:\WINNT\system32\AlxUp.exe) []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [Microsoft Corporation]
(Userinit)(C:\WINNT\system32\userinit.exe,) [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() []




--------------------------------------------------------------------------------



启动文件夹

[Microsoft Office]
(C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk)(N)
[Windows Update]
(C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Windows Update.URL)(N)



--------------------------------------------------------------------------------



服务

[avast! iAVS4 Control Service / aswUpdSv]
("C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe")(N/A)
[avast! Antivirus / avast! Antivirus]
("C:\Program Files\Alwil Software\Avast4\ashServ.exe")(N/A)
[avast! Mail Scanner / avast! Mail Scanner]
("C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service)(ALWIL Software)
[avast! Web Scanner / avast! Web Scanner]
("C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service)(ALWIL Software)
[Logical Disk Manager Administrative Service / dmadmin]
(C:\WINNT\System32\dmadmin.exe /com)(VERITAS Software Corp.)



--------------------------------------------------------------------------------



浏览器加载项

[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} (C:\WINNT\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD)
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated)
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} (C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINNT\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.)
[&使用迅雷下载]
(C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A)
[&使用迅雷下载全部链接]
(C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A)
[上传到QQ网络硬盘]
(C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A)
[添加到QQ自定义面板]
(C:\Program Files\Tencent\QQ\AddPanel.htm, N/A)
[添加到QQ表情]
(C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A)
gototop
 
kevinchu
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-06-20
  • 来自:
发表于: 2006-06-21 16:27 | 显示全部 短消息 资料
字号: 10楼

正在运行的进程

[PID: 140][\SystemRoot\System32\smss.exe] (Microsoft Corporation)(5.00.2195.6601)
[PID: 164][\??\C:\WINNT\system32\csrss.exe] (Microsoft Corporation)(5.00.2195.6601)
[PID: 184][\??\C:\WINNT\system32\winlogon.exe] (Microsoft Corporation)(5.00.2195.6997)
[PID: 212][C:\WINNT\system32\services.exe] (Microsoft Corporation)(5.00.2195.7035)
[C:\WINNT\system32\dmserver.dll] (VERITAS Software Corp.)(2195.6605.297.3)
[PID: 224][C:\WINNT\system32\lsass.exe] (Microsoft Corporation)(5.00.2195.7011)
[PID: 400][C:\WINNT\system32\svchost.exe] (Microsoft Corporation)(5.00.2134.1)
[PID: 424][C:\WINNT\system32\spoolsv.exe] (Microsoft Corporation)(5.00.2195.7013)
[C:\WINNT\system32\AdobePDF.dll] (Adobe Systems Incorporated.)(6.0.000)
[C:\Program Files\Adobe\Acrobat 6.0\Distillr\AdistRes.CHS] (N/A)(N/A)
[C:\WINNT\system32\spool\PRTPROCS\W32X86\vprproc.dll] (Windows (R) 2000 DDK provider)(5.00.2195.1620)
[PID: 476][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] (N/A)(N/A)
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] (ALWIL Software)(4, 7, 800, 0)
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] (ALWIL Software)(4, 7, 824, 0)
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] (ALWIL Software)(4, 7, 824, 0)
[PID: 492][C:\Program Files\Alwil Software\Avast4\ashServ.exe] (N/A)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] (ALWIL Software)(4, 6, 763, 0)
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] (ALWIL Software)(4, 7, 824, 0)
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] (ALWIL Software)(4, 7, 824, 0)
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] (ALWIL Software)(4, 7, 835, 0)
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] (ALWIL Software)(4, 7, 800, 0)
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\aswInteg.dll] (ALWIL Software)(4, 6, 763, 0)
[C:\Program Files\Alwil Software\Avast4\aswIdle.dll] (ALWIL Software)(4, 6, 665, 0)
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll] (ALWIL Software)(4, 7, 800, 0)
[C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] (N/A)(N/A)
[C:\Program Files\Alwil Software\Avast4\AhResJs.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\ahResMes.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\AhResNS.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\AhResOut.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\AhResStd.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\AhResWS.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] (ALWIL Software)(4, 6, 763, 0)
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] (ALWIL Software)(4, 6, 763, 0)
[PID: 512][C:\WINNT\system32\svchost.exe] (Microsoft Corporation)(5.00.2134.1)
[PID: 572][C:\WINNT\system32\regsvc.exe] (Microsoft Corporation)(5.00.2195.6701)
[PID: 596][C:\WINNT\system32\MSTask.exe] (Microsoft Corporation)(4.71.2195.6972)
[PID: 648][C:\WINNT\System32\WBEM\WinMgmt.exe] (Microsoft Corporation)(1.50.1085.0100)
[PID: 708][C:\WINNT\system32\svchost.exe] (Microsoft Corporation)(5.00.2134.1)
[PID: 884][C:\WINNT\Explorer.EXE] (Microsoft Corporation)(5.00.3700.6690)
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] (ALWIL Software)(4, 6, 763, 0)
[C:\WINNT\system32\xunleibho_v14.dll] (Thunder Networking Technologies,LTD)(4, 6, 0, 62)
[C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll] (Adobe Systems Incorporated)(6.0.0.2003051500)
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] (Thunder Networking Technologies,LTD)(5, 0, 0, 1)
[PID: 948][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] (ALWIL Software)(4, 7, 824, 0)
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] (ALWIL Software)(4, 7, 824, 0)
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] (ALWIL Software)(4, 7, 800, 0)
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] (ALWIL Software)(4, 6, 763, 0)
[C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll] (ALWIL Software)(4, 7, 800, 0)
[C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] (ALWIL Software)(4, 7, 835, 0)
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] (ALWIL Software)(4, 7, 835, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] (ALWIL Software)(4, 7, 844, 0)
[PID: 996][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\ashUInt.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] (ALWIL Software)(4, 7, 824, 0)
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] (ALWIL Software)(4, 7, 824, 0)
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] (ALWIL Software)(4, 7, 800, 0)
[C:\Program Files\Alwil Software\Avast4\XT1922.dll] (Codejock Software)(1, 9, 4, 0)
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] (ALWIL Software)(4, 6, 763, 0)
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll] (ALWIL Software)(4, 7, 800, 0)
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] (ALWIL Software)(4, 7, 835, 0)
[C:\Program Files\Alwil Software\Avast4\ChineseS\Lang.dll] (ALWIL Software)(4, 7, 824, 0)
[C:\Program Files\Alwil Software\Avast4\ChineseS\langmai.dll] (ALWIL Software)(4, 7, 800, 0)
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] (ALWIL Software)(4, 6, 763, 0)
[PID: 1116][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] (N/A)(5, 0, 0, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] (ALWIL Software)(4, 7, 824, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] (ALWIL Software)(4, 7, 824, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] (ALWIL Software)(4, 7, 800, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] (ALWIL Software)(4, 6, 763, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll] (ALWIL Software)(4, 7, 800, 0)
[C:\Program Files\Alwil Software\Avast4\ChineseS\Lang.dll] (ALWIL Software)(4, 7, 824, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] (ALWIL Software)(4, 7, 835, 0)
[c:\program files\alwil software\avast4\ahruijs.dll] (N/A)(4, 7, 844, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] (Codejock Software)(1, 9, 4, 0)
[c:\program files\alwil software\avast4\ahruimai.dll] (ALWIL Software)(4, 7, 844, 0)
[c:\program files\alwil software\avast4\ahruimes.dll] (ALWIL Software)(4, 7, 844, 0)
[c:\program files\alwil software\avast4\ahruins.dll] (ALWIL Software)(4, 7, 844, 0)
[c:\program files\alwil software\avast4\ahruiout.dll] (ALWIL Software)(4, 7, 844, 0)
[c:\program files\alwil software\avast4\ahruip2p.dll] (ALWIL Software)(4, 7, 844, 0)
[c:\program files\alwil software\avast4\ahruistd.dll] (ALWIL Software)(4, 7, 844, 0)
[c:\program files\alwil software\avast4\ahruiws.dll] (ALWIL Software)(4, 7, 844, 0)
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] (ALWIL Software)(4, 6, 763, 0)
[PID: 1104][C:\WINNT\system32\internat.exe] (Microsoft Corporation)(5.00.2920.0000)
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] (ALWIL Software)(4, 6, 763, 0)
[PID: 1272][E:\SREng2-v2.021\SREng.exe] (Smallfrogs Studio)(2.0.21.505)
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] (ALWIL Software)(4, 6, 763, 0)



--------------------------------------------------------------------------------
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT