以下是日制:
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run>
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation>
<caishowmanage><C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE> [>
<91cast><> [>
<svc><C:\WINDOWS\svchost.exe> [>
<Syss><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ehuupdate.exe> [>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows>
<load><> [>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run>
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.>
<LtcyCfgApply><"D:\Program Files\PCI Latency Tool 2\LtcyCfg.exe" /a> [>
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation>
<nwiz><; nwiz.exe /install> [>
<NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation>
<MSService_v1.0><C:\WINDOWS\system\vfp104.exe> [>
<91cast><> [>
<svc><C:\WINDOWS\svchost.exe> [>
<sysmini><C:\WINDOWS\system32\sysmini.exe> [>
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation>
<KAVPersonal50><; "d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize> [Kaspersky Lab>
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation>
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
<shell><Explorer.exe> [Microsoft Corporation>
<Userinit><C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\difd.exe> [>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows>
<AppInit_DLLs><> [>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
<UIHost><logonui.exe> [Microsoft Corporation>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad>
<Vision><> [>
==================================
启动文件夹
服务
[kavsvc / kavsvc>
<"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[Macromedia Licensing Service / Macromedia Licensing Service>
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[NVIDIA Display Driver Service / NVSvc>
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
接上面;
==================================
浏览器加载项
[internet explorer helper>
{02C9B9AB-6372-46C5-B356-773FAF3B6B1E} <C:\WINDOWS\fonts\msshapi.dll, >
[CaiShowBH Class>
{3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>>
[IE Browser Helper>
{3CE496D1-1746-41CD-9489-3C0B93DF10E2} <C:\WINDOWS\Downlo~1\wudxub76.dll, N/A>
[NetAccelerate Class>
{5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\wuwebex.dll, Microsoft Corporation>
[IEYHlprObj Class>
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation>
[ActiveBHO Class>
{63C55A7F-6E29-8D4F-5C76-4F850F28D13A} <C:\Progra~1\DoDoorRSSFinder\ActiveBandObject.dll, >
[EyeOnIE Class>
{6E28339B-7A2A-47B6-AEB2-46BA53782379} <D:\PROGRA~1\IS\BhoPlugin.dll, >
[MSHlper Class>
{721E6521-4CAD-4A8D-A7F1-4E230B31EF19} <C:\WINDOWS\system32\MSHLP.DLL, >
[IEHlprObj Class>
{999ADFA2-8AD1-47ff-97FC-69FB847458F4} <C:\Progra~1\NetMeeting\nmview.dll, Microsoft Corporation>
[WinSC Class>
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC.dll, N/A>
[Internet_Explorer_Service>
{9E1E1371-9D8F-4421-81B9-F8D2E1773A59} <C:\WINDOWS\system32\HelperService.dll, N/A>
[estAliveObj Class>
{A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, Eastday Corporation>
[GzpWgaiq Class>
{BB715F56-23B5-0CDD-C5CD-A3EBCB10809E} <C:\WINDOWS\DOWNLO~1\wjqj.dll, qeyxasoft>
[Webacc Class>
{CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, >
[Yahoo Bar>
{F60FAB6F-115D-4797-9ED1-89793B930876} <C:\WINDOWS\ODBINT.dll, N/A>
[google bar>
{FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A>
[浩方对战平台>
{0A155D3C-68E2-4215-A47A-E800A446447A} <E:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[比较购物搜索(&C)>
{A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} <C:\WINDOWS\YayaBands.dll, Eastday Corporation>
[QQ>
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class>
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[Messenger>
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[系统标准按钮(&E)>
{6B2455FD-3669-4555-8DF8-69FD5BC846F8} <C:\WINDOWS\system32\SystemToolbar.dll, N/A>
[趋势科技在线扫毒程序>
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} <C:\WINDOWS\DOWNLO~1\xscan53.ocx, Trend Micro Inc.>
[Shockwave Flash Object>
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[internet explorer helper>
{02C9B9AB-6372-46C5-B356-773FAF3B6B1E} <C:\WINDOWS\fonts\msshapi.dll, >
[ActiveMovieControl Object>
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Windows Media Player>
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document>
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[CaiShowBH Class>
{3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>>
[IE Browser Helper>
{3CE496D1-1746-41CD-9489-3C0B93DF10E2} <C:\WINDOWS\Downlo~1\wudxub76.dll, N/A>
[Shell Name Space>
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NetAccelerate Class>
{5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\wuwebex.dll, Microsoft Corporation>
[IEYHlprObj Class>
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation>
[ActiveBHO Class>
{63C55A7F-6E29-8D4F-5C76-4F850F28D13A} <C:\Progra~1\DoDoorRSSFinder\ActiveBandObject.dll, >
[系统标准按钮(&E)>
{6B2455FD-3669-4555-8DF8-69FD5BC846F8} <C:\WINDOWS\system32\SystemToolbar.dll, N/A>
[Windows Media Player>
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[EyeOnIE Class>
{6E28339B-7A2A-47B6-AEB2-46BA53782379} <D:\PROGRA~1\IS\BhoPlugin.dll, >
[MSHlper Class>
{721E6521-4CAD-4A8D-A7F1-4E230B31EF19} <C:\WINDOWS\system32\MSHLP.DLL, >
[Microsoft Web 浏览器>
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[IEHlprObj Class>
{999ADFA2-8AD1-47FF-97FC-69FB847458F4} <C:\Progra~1\NetMeeting\nmview.dll, Microsoft Corporation>
[WinSC Class>
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC.dll, N/A>
[Internet_Explorer_Service>
{9E1E1371-9D8F-4421-81B9-F8D2E1773A59} <C:\WINDOWS\system32\HelperService.dll, N/A>
[estAliveObj Class>
{A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, Eastday Corporation>
[SearchAssistantOC>
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[GzpWgaiq Class>
{BB715F56-23B5-0CDD-C5CD-A3EBCB10809E} <C:\WINDOWS\DOWNLO~1\wjqj.dll, qeyxasoft>
[Webacc Class>
{CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, >
[RealPlayer G2 Control>
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object>
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Yahoo Bar>
{F60FAB6F-115D-4797-9ED1-89793B930876} <C:\WINDOWS\ODBINT.dll, N/A>
[google bar>
{FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} <C:\WINDOWS\vwwreg.dll, N/A>
[&使用迅雷下载>
<d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接>
<d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[>>彩信发送<<>
<res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A>
[上传到QQ网络硬盘>
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用IS下载>
<D:\PROGRA~1\IS\IS.htm, N/A>
[添加到QQ自定义面板>
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情>
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片>
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[用炫彩图铃发送该图片>
<C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm, N/A>
在接上:
==================================
正在运行的进程
[PID: 328>[\SystemRoot\System32\smss.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 384>[\??\C:\WINDOWS\system32\csrss.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 408>[\??\C:\WINDOWS\system32\winlogon.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 452>[C:\WINDOWS\system32\services.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 464>[C:\WINDOWS\system32\lsass.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 616>[C:\WINDOWS\system32\svchost.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 684>[C:\WINDOWS\system32\svchost.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 740>[C:\WINDOWS\system32\svchost.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 756>[C:\WINDOWS\system32\svchost.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 804>[C:\WINDOWS\system32\svchost.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1464>[C:\WINDOWS\system32\ctfmon.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1524>[C:\WINDOWS\explorer.exe> <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[d:\Program Files\WinRAR\rarext.dll> <N/A><N/A>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll> <Kaspersky Lab><5.0.388.1>
[PID: 1612>[C:\Program Files\Internet Explorer\iexplore.exe> <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll> <Kaspersky Lab><5.0.1.18>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll> <Kaspersky Lab><5.0.388.1>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll> <Kaspersky Lab><5.0.388.0>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll> <Kaspersky Lab><5.0.388.0>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll> <Kaspersky Lab><5.0.388.1>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll> <Kaspersky Lab><5.0.388.0>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll> <Kaspersky Lab><5.0.388.1>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll> <Kaspersky Lab><5.0.388.2>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll> <Kaspersky Lab><5.0.388.1>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll> <Kaspersky Lab><5.0.388.0>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl> <Kaspersky Lab><5.0.388.0>
[d:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl> <Kaspersky Lab><5.0.388.0>
[d:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl> <Kaspersky Lab><5.0.388.0>
[d:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl> <Kaspersky Lab><5.0.388.0>
[C:\WINDOWS\system32\msdmo.dll> <N/A><N/A>
[d:\Program Files\Amor AVI DivX to VCD SVCD DVD Converter\RealMediaSplitter.ax> <Gabest><1, 0, 0, 5>
[C:\WINDOWS\system32\ac3filter.ax> <><0.70b>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx> <Macromedia, Inc.><8,0,24,0>
[PID: 1980>[F:\SREng2\SREng.exe> <Smallfrogs Studio><2.0.21.505>
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1>
.EXE OK. ["%1" %*>
.COM OK. ["%1" %*>
.PIF OK. ["%1" %*>
.REG OK. [regedit.exe "%1">
.BAT OK. ["%1" %*>
.SCR OK. ["%1" /S>
.CHM OK. ["C:\WINDOWS\hh.exe" %1>
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1>
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1>
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1>
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*>
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*>
.LNK OK. [{00021401-0000-0000-C000-000000000046}>
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run>
<svc><C:\WINDOWS\svchost.exe> [>
<Syss><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ehuupdate.exe> [>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run>
<MSService_v1.0><C:\WINDOWS\system\vfp104.exe> [>
<91cast><> [>
<svc><C:\WINDOWS\svchost.exe> [>
<sysmini><C:\WINDOWS\system32\sysmini.exe> [>
修复删除
那些流氓软件到安全模式用恶意软件清理助手清理一下!
谢谢版主的辛苦.但<svc><C:\WINDOWS\svchost.exe> [>就是清不掉..
版主请在帮我看看浏览器加载项.一打开IE就会自动跳出许多网页
安全模式下,用KILLBOX强制删除,并清理注册表的两个启动项!同时查看控制面板中的任务计划是否多了一些可疑之项,删之。并清空自己的临时文件和系统临时文件夹。IE缓存
版主我实在无奈了.经过刚刚的删除和清理.现在正常启动.进入以后运行任务程序就死机.我看了下进程有几个例如:
spoolsv.exe svchost.exe等.我现在只有重新扫一个日制给你帮我看看.
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run>
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation>
<caishowmanage><C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE> [>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows>
<load><> [>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run>
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.>
<LtcyCfgApply><"D:\Program Files\PCI Latency Tool 2\LtcyCfg.exe" /a> [>
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation>
<nwiz><; nwiz.exe /install> [>
<NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation>
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation>
<KAVPersonal50><; "d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize> [Kaspersky Lab>
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation>
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation>
<sysser><C:\PROGRA~1\sysdm\sysdm.exe> [>
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [>
<LetsCool><C:\Program Files\LetsCool\LetsCool.exe> [>
<MSService_v1.0><C:\WINDOWS\system\servicess.exe> [>
<系统服务启动><C:\WINDOWS\start.exe> [>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
<shell><Explorer.exe> [Microsoft Corporation>
<Userinit><C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\jmbld.exe> [>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows>
<AppInit_DLLs><> [>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
<UIHost><logonui.exe> [Microsoft Corporation>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad>
<Vision><> [>
==================================
启动文件夹
服务
[kavsvc / kavsvc>
<"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[Macromedia Licensing Service / Macromedia Licensing Service>
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[NVIDIA Display Driver Service / NVSvc>
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
浏览器加载项
[internet explorer helper>
{02C9B9AB-6372-46C5-B356-773FAF3B6B1E} <C:\WINDOWS\fonts\msshapi.dll, >
[CaiShowBH Class>
{3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>>
[IE Browser Helper>
{3CE496D1-1746-41CD-9489-3C0B93DF10E2} <C:\WINDOWS\Downlo~1\wudxub76.dll, N/A>
[NetAccelerate Class>
{5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\wuwebex.dll, Microsoft Corporation>
[IEYHlprObj Class>
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation>
[XBTP03129 Class>
{6029B367-250A-4696-925C-641709CA7381} <C:\PROGRA~1\KUAISO~1\KUAISO~1.DLL, IE Toolbar>
[ActiveBHO Class>
{63C55A7F-6E29-8D4F-5C76-4F850F28D13A} <C:\Progra~1\DoDoorRSSFinder\ActiveBandObject.dll, >
[EyeOnIE Class>
{6E28339B-7A2A-47B6-AEB2-46BA53782379} <D:\PROGRA~1\IS\BhoPlugin.dll, >
[MSHlper Class>
{721E6521-4CAD-4A8D-A7F1-4E230B31EF19} <C:\WINDOWS\system32\MSHLP.DLL, >
[IEHlprObj Class>
{999ADFA2-8AD1-47ff-97FC-69FB847458F4} <C:\Progra~1\NetMeeting\nmview.dll, Microsoft Corporation>
[WinSC Class>
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC.dll, N/A>
[Internet_Explorer_Service>
{9E1E1371-9D8F-4421-81B9-F8D2E1773A59} <C:\WINDOWS\system32\HelperService.dll, N/A>
[estAliveObj Class>
{A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, Eastday Corporation>
[DclCjihj Class>
{D7146C61-E141-5350-EED1-FBD08903BC0A} <C:\WINDOWS\DOWNLO~1\kpcdi.dll, mhrbmsoft>
[Letscool System Helper>
{F0C15012-7DBD-4068-95A2-0A82DB03AC35} <C:\WINDOWS\system32\CoolBho.dll, LETSCOOL Network Technology>
[Messenger>
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[系统标准按钮(&E)>
{6B2455FD-3669-4555-8DF8-69FD5BC846F8} <C:\WINDOWS\system32\SystemToolbar.dll, N/A>
[Kuaiso Toolsbar>
{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\Kuaiso Toolsbar\Kuaiso_06003.dll, IE Toolbar>
[趋势科技在线扫毒程序>
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} <C:\WINDOWS\DOWNLO~1\xscan53.ocx, Trend Micro Inc.>
[Shockwave Flash Object>
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[internet explorer helper>
{02C9B9AB-6372-46C5-B356-773FAF3B6B1E} <C:\WINDOWS\fonts\msshapi.dll, >
[CaiShowBH Class>
{3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>>
[IE Browser Helper>
{3CE496D1-1746-41CD-9489-3C0B93DF10E2} <C:\WINDOWS\Downlo~1\wudxub76.dll, N/A>
[NetAccelerate Class>
{5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\wuwebex.dll, Microsoft Corporation>
[IEYHlprObj Class>
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation>
[XBTP03129 Class>
{6029B367-250A-4696-925C-641709CA7381} <C:\PROGRA~1\KUAISO~1\KUAISO~1.DLL, IE Toolbar>
[ActiveBHO Class>
{63C55A7F-6E29-8D4F-5C76-4F850F28D13A} <C:\Progra~1\DoDoorRSSFinder\ActiveBandObject.dll, >
[系统标准按钮(&E)>
{6B2455FD-3669-4555-8DF8-69FD5BC846F8} <C:\WINDOWS\system32\SystemToolbar.dll, N/A>
[Kuaiso Toolsbar>
{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\Kuaiso Toolsbar\Kuaiso_06003.dll, IE Toolbar>
[EyeOnIE Class>
{6E28339B-7A2A-47B6-AEB2-46BA53782379} <D:\PROGRA~1\IS\BhoPlugin.dll, >
[MSHlper Class>
{721E6521-4CAD-4A8D-A7F1-4E230B31EF19} <C:\WINDOWS\system32\MSHLP.DLL, >
[IEHlprObj Class>
{999ADFA2-8AD1-47FF-97FC-69FB847458F4} <C:\Progra~1\NetMeeting\nmview.dll, Microsoft Corporation>
[WinSC Class>
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC.dll, N/A>
[Internet_Explorer_Service>
{9E1E1371-9D8F-4421-81B9-F8D2E1773A59} <C:\WINDOWS\system32\HelperService.dll, N/A>
[estAliveObj Class>
{A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, Eastday Corporation>
[Shockwave Flash Object>
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[DclCjihj Class>
{D7146C61-E141-5350-EED1-FBD08903BC0A} <C:\WINDOWS\DOWNLO~1\kpcdi.dll, mhrbmsoft>
[Letscool System Helper>
{F0C15012-7DBD-4068-95A2-0A82DB03AC35} <C:\WINDOWS\system32\CoolBho.dll, LETSCOOL Network Technology>
==================================
正在运行的进程
[PID: 332>[\SystemRoot\System32\smss.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 388>[\??\C:\WINDOWS\system32\csrss.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 412>[\??\C:\WINDOWS\system32\winlogon.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 456>[C:\WINDOWS\system32\services.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 468>[C:\WINDOWS\system32\lsass.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 616>[C:\WINDOWS\system32\svchost.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 684>[C:\WINDOWS\system32\svchost.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 740>[C:\WINDOWS\system32\svchost.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 756>[C:\WINDOWS\system32\svchost.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 792>[C:\WINDOWS\system32\svchost.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1020>[C:\WINDOWS\system32\userinit.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1040>[C:\WINDOWS\Explorer.EXE> <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System.dll> <N/A><N/A>
[PID: 1364>[F:\SREng2\SREng.exe> <Smallfrogs Studio><2.0.21.505>
[PID: 1432>[C:\Program Files\Internet Explorer\iexplore.exe> <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
==================================
文件关联
.TXT Error. [C:\WINDOWS\system32\Notepads.exe "%1" >
.EXE Error. [C:\WINDOWS\system32\Explores.exe "%1" %*>
.COM OK. ["%1" %*>
.PIF OK. ["%1" %*>
.REG OK. [regedit.exe "%1">
.BAT OK. ["%1" %*>
.SCR OK. ["%1" /S>
.CHM OK. ["C:\WINDOWS\hh.exe" %1>
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1>
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1>
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1>
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*>
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*>
.LNK OK. [{00021401-0000-0000-C000-000000000046}>
哦忘记了.注意这是在安全模式下的日制.因为正常启动进去什么也做不了.
<sysser><C:\PROGRA~1\sysdm\sysdm.exe> [>
删除起动项!!并删除文件!
<LetsCool><C:\Program Files\LetsCool\LetsCool.exe> [>
流氓软件,酷桌面?
<MSService_v1.0><C:\WINDOWS\system\servicess.exe> [>
servicess - servicess.exe - 进程信息
进程文件: servicess 或 servicess.exe
进程位置: WINDOWS\system
程序名称: Troj_Backdoor.MSService_v1.0
程序用途: 后门木马病毒,监听和远程控制。
程序作者:
系统进程: 否
后台程序: 是
使用网络: 是
硬件相关: 否
安全等级: 低
进程分析: 该病毒修改注册表创建Run/MSService_v1.0项实现自启动。运行后打开端口,恶意攻击者进行监听和远程控制。
文件关联有错误,用SREng修复~~
.TXT Error. [C:\WINDOWS\system32\Notepads.exe "%1" >
.EXE Error. [C:\WINDOWS\system32\Explores.exe "%1" %*>
修复,删除“C:\WINDOWS\system32\Explores.exe”“C:\WINDOWS\system32\Notepads.exe”建议先百度下这二个文件 |
|
设为首页
加入收藏
联系我们
打印本文 
返回顶部 
加入收藏 
关闭窗口
