风云小站 » 『 求助专区 』 » 机子好像是中毒了,帮一下忙
本页主题: 机子好像是中毒了,帮一下忙 打印 | 加为IE收藏 | 复制链接 | 收藏主题 | 上一主题 | 下一主题

anson
擎云水苑|瓜瓜
级别: 超级会员


精华: 0
发帖: 3487
威望: 1566 点
风云币: 3225 元
专家分: 0 分
论坛群: 擎云水苑
在线时间:672(小时)
注册时间:2006-10-27
最后登录:2008-04-28
引用 推荐 编辑 全看 复制

 机子好像是中毒了,帮一下忙

每次开机卡巴都报图1的样子
1

选择阻止了以后
好像是阻止了
如图2
2

但是进程里多了好多的ie进程
如图3
3

用avg 卡巴扫了也没发现有什么东西
又在安全模式下再做一遍
也没发现
都是全盘扫的
还有系统也重装了2次了
主页被改成了www。haokan123。com/了
郁闷阿........
希望有懂的帮一下忙
[ 此贴被anson在2007-01-17 16:38重新编辑 ]
本帖最近评分记录:
  • 风云币:5(cai504)
    • 顶端 Posted: 2007-01-16 13:49 | [楼 主]
    anson
    擎云水苑|瓜瓜
    级别: 超级会员


    精华: 0
    发帖: 3487
    威望: 1566 点
    风云币: 3225 元
    专家分: 0 分
    论坛群: 擎云水苑
    在线时间:672(小时)
    注册时间:2006-10-27
    最后登录:2008-04-28
    引用 推荐 编辑 全看 复制

     

    好像不是灰鸽子
    avg
    都没报
    顶端 Posted: 2007-01-16 14:07 | 1 楼
    anson
    擎云水苑|瓜瓜
    级别: 超级会员


    精华: 0
    发帖: 3487
    威望: 1566 点
    风云币: 3225 元
    专家分: 0 分
    论坛群: 擎云水苑
    在线时间:672(小时)
    注册时间:2006-10-27
    最后登录:2008-04-28
    引用 推荐 编辑 全看 复制

     

    Quote:
    引用第3楼lfengnet2007-01-16 14:18发表的:
    浏览器被篡改了。还有你的ie有没有开那么多啊。没有的话多半有木马注入。解决的方法如下

      1.到C:WINDOWSsystem32下找到iexplore.exe 和 psinthk.dll 完全删除之。

      2、到注册表中,定位到HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun“mssysint”= iexplore.exe,删除其键值。
    .......



    1跟2里面的东西都没有找到阿.....
    顶端 Posted: 2007-01-16 14:26 | 2 楼
    anson
    擎云水苑|瓜瓜
    级别: 超级会员


    精华: 0
    发帖: 3487
    威望: 1566 点
    风云币: 3225 元
    专家分: 0 分
    论坛群: 擎云水苑
    在线时间:672(小时)
    注册时间:2006-10-27
    最后登录:2008-04-28
    引用 推荐 编辑 全看 复制

     

    系统日志是不是这个


    Logfile of HijackThis v1.99.1
    Scan saved at 12:52:38, on 2007-1-16
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    D:\Program Files\AVG Anti-Spyware 7.5\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\AVG Anti-Spyware 7.5\AVG Anti-Spyware 7.5\guard.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\锐捷网络\Ruijie Supplicant\8021x.exe
    C:\WINDOWS\system32\conime.exe
    D:\green\GreenBrowserGB\GreenBrowser.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\anson\桌面\ha_hijackthis_1991\HijackThis.exe

    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet-v1.72\jccatch.dll (file missing)
    O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] ; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] ; nwiz.exe /install
    O4 - HKLM\..\Run: [PHIME2002A] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet-v1.72\jc_link.htm
    O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet-v1.72\jc_all.htm
    O14 - IERESET.INF: SEARCH_PAGE_URL=
    O14 - IERESET.INF: START_PAGE_URL=
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168876324031
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG Anti-Spyware 7.5\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    顶端 Posted: 2007-01-16 14:28 | 3 楼
    anson
    擎云水苑|瓜瓜
    级别: 超级会员


    精华: 0
    发帖: 3487
    威望: 1566 点
    风云币: 3225 元
    专家分: 0 分
    论坛群: 擎云水苑
    在线时间:672(小时)
    注册时间:2006-10-27
    最后登录:2008-04-28
    引用 推荐 编辑 全看 复制

     

    卡巴有阻止他注入了
    这样能看出来吗?????
    顶端 Posted: 2007-01-16 14:29 | 4 楼
    anson
    擎云水苑|瓜瓜
    级别: 超级会员


    精华: 0
    发帖: 3487
    威望: 1566 点
    风云币: 3225 元
    专家分: 0 分
    论坛群: 擎云水苑
    在线时间:672(小时)
    注册时间:2006-10-27
    最后登录:2008-04-28
    引用 推荐 编辑 全看 复制

     

    Quote:
    引用第8楼lfengnet2007-01-16 14:40发表的:


    那你没有开启IE浏览器时,你的进程中有那么多的IEXPLORE进程吗?



    是啊
    图就是在没开ie时截的
    有没有可能是流氓软件????
    顶端 Posted: 2007-01-16 14:48 | 5 楼
    anson
    擎云水苑|瓜瓜
    级别: 超级会员


    精华: 0
    发帖: 3487
    威望: 1566 点
    风云币: 3225 元
    专家分: 0 分
    论坛群: 擎云水苑
    在线时间:672(小时)
    注册时间:2006-10-27
    最后登录:2008-04-28
    引用 推荐 编辑 全看 复制

     

    D:\green\GreenBrowserGB\GreenBrowser.exe
    用这个
    顶端 Posted: 2007-01-16 14:50 | 6 楼
    anson
    擎云水苑|瓜瓜
    级别: 超级会员


    精华: 0
    发帖: 3487
    威望: 1566 点
    风云币: 3225 元
    专家分: 0 分
    论坛群: 擎云水苑
    在线时间:672(小时)
    注册时间:2006-10-27
    最后登录:2008-04-28
    引用 推荐 编辑 全看 复制

     

    [CODE]

    2007-01-16,14:56:18

    System Repair Engineer 2.3.13.690
    Smallfrogs (http://www.KZTechs.com)

    Windows XP Professional Service Pack 2 (Build 2600)
    - 管理权限用户 - 完整功能

    以下内容被选中:
      所有的启动项目(包括注册表、启动文件夹、服务等)
      浏览器加载项
      正在运行的进程(包括进程模块信息)
      文件关联
      Winsock 提供者
      Autorun.inf
      HOSTS 文件


    启动项目
    注册表
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
      <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
      <MsnMsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
      <load><> [N/A]
      <run><> [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
      <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
      <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
      <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
      <nwiz><; nwiz.exe /install> [N/A]
      <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
      <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
      <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
      <AVP><"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
      <!AVG Anti-Spyware><"D:\Program Files\AVG Anti-Spyware 7.5\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [Anti-Malware Development a.s.]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
      <twin><C:\WINDOWS\system32\twunk32.exe> [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
      <shell><Explorer.exe> [(Verified)Microsoft Corporation]
      <Userinit><C:\WINDOWS\system32\Userinit.exe> [(Verified)Microsoft Corporation]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
      <AppInit_DLLs><> [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
      <UIHost><logonui.exe> [(Verified)Microsoft Corporation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
      <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [Kaspersky Lab]
    [HKEY_CURRENT_USER\Control Panel\Desktop]
      <SCRNSAVE.EXE><C:\WINDOWS\system32\3DWIND~1.SCR> [N/A]

    ==================================
    启动文件夹
    N/A

    ==================================
    服务
    [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
    <D:\Program Files\AVG Anti-Spyware 7.5\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
    [Kaspersky Anti-Virus 6.0 / AVP][Running/Auto Start]
    <"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
    [Human Interface Device Access / HidServ][Stopped/Disabled]
    <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
    [NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
    <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

    ==================================
    驱动程序
    [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
    <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
    [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
    <\??\D:\Program Files\AVG Anti-Spyware 7.5\AVG Anti-Spyware 7.5\guard.sys><N/A>
    [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
    <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
    [kl1 / kl1][Running/Boot Start]
    <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
    [klif / klif][Running/System Start]
    <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
    [npkcrypt / npkcrypt][Running/Auto Start]
    <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
    [nv / nv][Running/Manual Start]
    <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
    [nvata / nvata][Running/Boot Start]
    <\SystemRoot\system32\DRIVERS\nvata.sys><NVIDIA Corporation>
    [NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
    <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
    [NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
    <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
    [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
    [Secdrv / Secdrv][Stopped/Manual Start]
    <system32\DRIVERS\secdrv.sys><N/A>
    [TSP / TSP][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
    [PCANDIS5 NDIS Protocol Driver / PCANDIS5][Running/Manual Start]
    <\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>

    ==================================
    浏览器加载项
    [IeCatch5 Class]
    {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\Program Files\FlashGet-v1.72\jccatch.dll, N/A>
    [WUWebControl Class]
    {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
    [IeCatch5 Class]
    {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\Program Files\FlashGet-v1.72\jccatch.dll, N/A>
    [WUWebControl Class]
    {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
    [Windows Media Player]
    {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [Microsoft Web 浏览器]
    {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
    [SearchAssistantOC]
    {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
    [RealPlayer G2 Control]
    {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
    [Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
    [使用网际快车下载]
    <D:\Program Files\FlashGet-v1.72\jc_link.htm, N/A>
    [使用网际快车下载全部链接]
    <D:\Program Files\FlashGet-v1.72\jc_all.htm, N/A>

    ==================================
    正在运行的进程
    [PID: 616][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 692][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 716][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
      [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
      [C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.1.411]
    [PID: 768][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 780][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
      [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 936][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
      [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 996][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
      [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1088][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
      [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1144][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
      [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1200][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
      [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1464][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
      [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1688][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
      [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
      [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
      [C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.8421]
      [C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.8421]
      [C:\WINDOWS\system32\nvshell.dll] [N/A, N/A]
      [C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
      [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll] [Kaspersky Lab, 6.0.1.411]
      [D:\Program Files\AVG Anti-Spyware 7.5\AVG Anti-Spyware 7.5\context.dll] [Anti-Malware Development a.s., 7, 5, 0, 49]
    [PID: 1800][D:\Program Files\AVG Anti-Spyware 7.5\AVG Anti-Spyware 7.5\avgas.exe] [Anti-Malware Development a.s., 7, 5, 0, 50]
      [D:\Program Files\AVG Anti-Spyware 7.5\AVG Anti-Spyware 7.5\engine.dll] [Anti-Malware Development a.s., 4, 2, 0, 15]
      [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1808][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
      [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 280][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.8421]
      [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 524][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
      [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1644][C:\Program Files\锐捷网络\Ruijie Supplicant\8021x.exe] [锐捷网络, 2, 50, 0, 0]
      [C:\WINDOWS\system32\W32N50.dll] [Printing Communications Assoc., Inc. (PCAUSA), 5.03.16.54]
      [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 2684][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
      [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1984][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
      [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
      [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
    [PID: 3216][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
      [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
      [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
    [PID: 2488][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
      [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
      [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
    [PID: 2380][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
      [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
      [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
    [PID: 2248][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
      [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
      [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
    [PID: 2860][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
      [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
      [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
    [PID: 1564][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
      [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
      [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
    [PID: 3508][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
      [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
      [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
    [PID: 3228][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
      [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1036][D:\green\GreenBrowserGB\GreenBrowser.exe] [MoreQuick, 1, 0, 0, 0]
      [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
      [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
      [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.1.411]
      [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll] [Kaspersky Lab, 6.0.1.411]
      [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.1.411]
      [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.1.411]
      [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.1.411]
      [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.1.411]
      [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.1.411]
      [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163]
      [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.163]
    [PID: 2808][d:\Program Files\360safe\360Safe.exe] [, 2, 3, 0, 1001]
      [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
      [d:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 2, 2, 2, 1000]
      [d:\Program Files\360safe\AntiEng.dll] [360Safe.com, 2, 2, 0, 1000]
      [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
      [d:\Program Files\360safe\CleanHis.dll] [360Safe.com, 2, 0, 0, 1001]
      [d:\Program Files\360safe\AntiActi.dll] [360Safe.com, 2, 0, 0, 3000]
      [d:\Program Files\360safe\safeext.dll] [360Safe.com, 1, 0, 0, 1020]
      [d:\Program Files\360safe\live.dll] [360safe.COM, 1, 0, 0, 1011]
      [d:\Program Files\360safe\LeakCheck.dll] [360Safe.com, 2, 0, 0, 2001]
      [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163]
    [PID: 3888][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
      [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
      [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
      [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.1.411]
      [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll] [Kaspersky Lab, 6.0.1.411]
      [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.1.411]
      [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.1.411]
      [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.1.411]
      [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.1.411]
      [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.1.411]
      [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.1.411]
      [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.1.411]
      [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\basegui.ppl] [Kaspersky Lab, 6.0.1.411]
      [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl] [Kaspersky Lab, 6.0.1.411]
    [PID: 3180][C:\Documents and Settings\anson\桌面\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
      [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
      [C:\Documents and Settings\anson\桌面\sreng2\Plugins\SRECXTMG.SRE] [Smallfrogs Studio, 1, 5, 0, 55]

    ==================================
    文件关联
    .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
    .EXE OK. ["%1" %*]
    .COM OK. ["%1" %*]
    .PIF OK. ["%1" %*]
    .REG OK. [regedit.exe "%1"]
    .BAT OK. ["%1" %*]
    .SCR OK. ["%1" /S]
    .CHM OK. ["C:\WINDOWS\hh.exe" %1]
    .HLP Error. [C:\WINDOWS\winhlp32.exe %1]
    .INI Error. [C:\WINDOWS\NOTEPAD.EXE %1]
    .INF Error. [C:\WINDOWS\NOTEPAD.EXE %1]
    .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    .LNK OK. [{00021401-0000-0000-C000-000000000046}]

    ==================================
    Winsock 提供者
    N/A

    ==================================
    Autorun.inf
    N/A

    ==================================
    HOSTS 文件
    127.0.0.1     localhost

    ==================================
    API HOOK
    警告!System Repair Engineer 提醒
    你下面的函数内容与预期值不符,他
    们可能被一些恶意的软件所修改:
    RVA 错误: LoadLibraryA
    RVA 错误: LoadLibraryExA
    RVA 错误: LoadLibraryExW
    RVA 错误: LoadLibraryW

    ==================================


    [/CODE]
    顶端 Posted: 2007-01-16 14:59 | 7 楼
    anson
    擎云水苑|瓜瓜
    级别: 超级会员


    精华: 0
    发帖: 3487
    威望: 1566 点
    风云币: 3225 元
    专家分: 0 分
    论坛群: 擎云水苑
    在线时间:672(小时)
    注册时间:2006-10-27
    最后登录:2008-04-28
    引用 推荐 编辑 全看 复制

     

    就是这个吧
    顶端 Posted: 2007-01-16 14:59 | 8 楼
    anson
    擎云水苑|瓜瓜
    级别: 超级会员


    精华: 0
    发帖: 3487
    威望: 1566 点
    风云币: 3225 元
    专家分: 0 分
    论坛群: 擎云水苑
    在线时间:672(小时)
    注册时间:2006-10-27
    最后登录:2008-04-28
    引用 推荐 编辑 全看 复制

     

    我的是大写的
    而且在PROGRAMME文件夹下
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    顶端 Posted: 2007-01-16 15:05 | 9 楼
    anson
    擎云水苑|瓜瓜
    级别: 超级会员


    精华: 0
    发帖: 3487
    威望: 1566 点
    风云币: 3225 元
    专家分: 0 分
    论坛群: 擎云水苑
    在线时间:672(小时)
    注册时间:2006-10-27
    最后登录:2008-04-28
    引用 推荐 编辑 全看 复制

     

    我的是大写的
    而且在PROGRAMME文件夹下
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    顶端 Posted: 2007-01-16 15:05 | 10 楼
    anson
    擎云水苑|瓜瓜
    级别: 超级会员


    精华: 0
    发帖: 3487
    威望: 1566 点
    风云币: 3225 元
    专家分: 0 分
    论坛群: 擎云水苑
    在线时间:672(小时)
    注册时间:2006-10-27
    最后登录:2008-04-28
    引用 推荐 编辑 全看 复制

     

    我的是大写的
    而且在PROGRAMME文件夹下
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    顶端 Posted: 2007-01-16 15:05 | 11 楼
    anson
    擎云水苑|瓜瓜
    级别: 超级会员


    精华: 0
    发帖: 3487
    威望: 1566 点
    风云币: 3225 元
    专家分: 0 分
    论坛群: 擎云水苑
    在线时间:672(小时)
    注册时间:2006-10-27
    最后登录:2008-04-28
    引用 推荐 编辑 全看 复制

     

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <twin><C:\WINDOWS\system32\twunk32.exe> [N/A]
    [HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\3DWIND~1.SCR> [N/A]

    .HLP Error. [C:\WINDOWS\winhlp32.exe %1]
    .INI Error. [C:\WINDOWS\NOTEPAD.EXE %1]
    .INF Error. [C:\WINDOWS\NOTEPAD.EXE %1]

    怎么修复阿???
    顶端 Posted: 2007-01-16 15:39 | 12 楼
    anson
    擎云水苑|瓜瓜
    级别: 超级会员


    精华: 0
    发帖: 3487
    威望: 1566 点
    风云币: 3225 元
    专家分: 0 分
    论坛群: 擎云水苑
    在线时间:672(小时)
    注册时间:2006-10-27
    最后登录:2008-04-28
    引用 推荐 编辑 全看 复制

     

    谢谢帮助
    顶端 Posted: 2007-01-16 16:00 | 13 楼
    anson
    擎云水苑|瓜瓜
    级别: 超级会员


    精华: 0
    发帖: 3487
    威望: 1566 点
    风云币: 3225 元
    专家分: 0 分
    论坛群: 擎云水苑
    在线时间:672(小时)
    注册时间:2006-10-27
    最后登录:2008-04-28
    引用 推荐 编辑 全看 复制

     

    Quote:
    引用第20楼lfengnet2007-01-16 15:55发表的:
    修复注册表启动
    点主界面 启动项目 -->注册表 ,找到有问题的,先点黑(选中),再点下面的“删除按钮”

    修复-系统
    点主界面
    .......


    能不能告诉一下我的机子中的是什么毒或是发生了什么事
    好下次遇到的时候自己会解决
    谢谢了
    再次麻烦了
    顶端 Posted: 2007-01-16 16:05 | 14 楼
    anson
    擎云水苑|瓜瓜
    级别: 超级会员


    精华: 0
    发帖: 3487
    威望: 1566 点
    风云币: 3225 元
    专家分: 0 分
    论坛群: 擎云水苑
    在线时间:672(小时)
    注册时间:2006-10-27
    最后登录:2008-04-28
    引用 推荐 编辑 全看 复制

     

    感谢lfengnet的帮助
    问题按照lfengnet的方法已解决
    顶端 Posted: 2007-01-17 16:37 | 15 楼
    帖子浏览记录 版块浏览记录
    风云小站 » 『 求助专区 』
    感谢,曾经的版主
    Total 0.011729(s) query 7, Time now is:11-06 00:28, Gzip enabled 渝ICP备20004412号-1

    Powered by PHPWind v6.3.2 Certificate Code © 2003-07 PHPWind.com Corporation     Skin by Chen Bo