〖求助〗高手帮忙啊
海院有没有什么电脑服务部啊 ?小弟的电脑中毒了,怎么杀也杀不掉,谁能帮忙啊 希望有好人帮你去杀毒,呵呵 帮你顶顶 ........... 谢谢楼上两位大哥这是我的日记
System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows XP Professional- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
启动项目
注册表
<ctfmon.exe><G:\WINDOWS\System32\ctfmon.exe>
<MSMSGS><; "G:\Program Files\Messenger\msmsgs.exe" /background>
<Super Rabbit IEPro><; G:\PROGRA~1\SUPERR~1\MagicSet\SRIECLI.EXE /LOAD>
<load><>
<run><>
<PHIME2002ASync><G:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
<PHIME2002A><G:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
<TkBellExe><; "G:\Program Files\Common Files\Real\Update_OB\realsched.exe"-osboot>
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>
<jiahu><; G:\WINDOWS\System32\svchqst.exe>
<systwseh><; G:\WINDOWS\System32\algetgti.exe>
<KAVPersonal50><; "G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize>
<TProgram><; G:\WINDOWS\SMSS.EXE>
<shell><Explorer.exe 1>
<Userinit><G:\WINDOWS\system32\userinit.exe,>
<AppInit_DLLs><>
==================================
启动文件夹
服务
<"G:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk, Inc.>
<G:\WINDOWS\G_Server1.23.exe><N/A>
<><N/A>
<><N/A>
<G:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
<"G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
<G:\WINDOWS\system\SVCHOST.exe><N/A>
<G:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
<><N/A>
==================================
浏览器加载项
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <G:\PROGRA~1\SUPERR~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
{77FEF28E-EB96-44FF-B511-3185DEA48697} <G:\Progra~1\Baidu\bar\BaiDuBar.dll, Baidu.com, Inc.>
[相关站点]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <G:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <G:\Progra~1\Baidu\bar\BaiDuBar.dll, Baidu.com, Inc.>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <G:\PROGRA~1\SUPERR~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
{3D8F74EE-8692-4F8F-B8D2-7522E732519E} <G:\WINDOWS\System32\WEBACT~1.OCX, QQ>
{D27CDB6E-AE6D-11CF-96B8-444553540000} <G:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\getallurl.htm, N/A>
[上传到QQ网络硬盘]
<E:\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\OFFICE\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<E:\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<E:\Tencent\QQ\SendMMS.htm, N/A>
==================================
正在运行的进程
[\SystemRoot\System32\smss.exe]<Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[\??\G:\WINDOWS\system32\csrss.exe]<Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[\??\G:\WINDOWS\system32\winlogon.exe]<Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
<Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
<Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
<Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
<Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
<Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
<Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
<Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
<Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
<N/A><N/A>
<N/A><N/A>
<Kaspersky Lab><5.0.383.1>
<Baidu.com, Inc.><2, 0, 2, 76>
<PWer><0.00.0069>
<N/A><N/A>
<Kaspersky Lab><5.0.1.18>
<Kaspersky Lab><5.0.383.1>
<Kaspersky Lab><5.0.383.0>
<Kaspersky Lab><5.0.383.0>
<Kaspersky Lab><5.0.383.1>
<Kaspersky Lab><5.0.383.0>
<Kaspersky Lab><5.0.383.1>
<Kaspersky Lab><5.0.383.2>
<Kaspersky Lab><5.0.383.1>
<Kaspersky Lab><5.0.383.0>
<Kaspersky Lab><5.0.383.0>
<Kaspersky Lab><5.0.383.0>
<Kaspersky Lab><5.0.383.0>
<Kaspersky Lab><5.0.383.0>
<Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
<Autodesk, Inc.><2.51.000>
<Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
<N/A><N/A>
<N/A><N/A>
<NVIDIA Corporation><6.14.10.4403>
<Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
<Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
<Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
<Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
<Baidu.com, Inc.><2, 0, 2, 76>
<Xiang Feng Technology><2, 0, 0, 1>
<N/A><N/A>
<Kaspersky Lab><5.0.1.18>
<Kaspersky Lab><5.0.383.1>
<Kaspersky Lab><5.0.383.0>
<Kaspersky Lab><5.0.383.0>
<Kaspersky Lab><5.0.383.1>
<Kaspersky Lab><5.0.383.0>
<Kaspersky Lab><5.0.383.1>
<Kaspersky Lab><5.0.383.2>
<Kaspersky Lab><5.0.383.1>
<Kaspersky Lab><5.0.383.0>
<Kaspersky Lab><5.0.383.0>
<Kaspersky Lab><5.0.383.0>
<Kaspersky Lab><5.0.383.0>
<Kaspersky Lab><5.0.383.0>
<Kaspersky Lab><5.0.383.0>
<Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
<Baidu.com, Inc.><2, 0, 2, 76>
<Xiang Feng Technology><2, 0, 0, 1>
<Kaspersky Lab><5.0.1.18>
<Kaspersky Lab><5.0.383.1>
<Kaspersky Lab><5.0.383.0>
<Kaspersky Lab><5.0.383.0>
<Kaspersky Lab><5.0.383.1>
<Kaspersky Lab><5.0.383.0>
<Kaspersky Lab><5.0.383.1>
<Kaspersky Lab><5.0.383.2>
<Kaspersky Lab><5.0.383.1>
<Kaspersky Lab><5.0.383.0>
<Kaspersky Lab><5.0.383.0>
<Kaspersky Lab><5.0.383.0>
<Kaspersky Lab><5.0.383.0>
<Kaspersky Lab><5.0.383.0>
<Kaspersky Lab><5.0.383.0>
<Smallfrogs Studio><2.0.12.350>
<N/A><N/A>
==================================
文件关联
.TXTOK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXEError.
.COMOK. ["%1" %*]
.PIFOK. ["%1" %*]
.REGOK.
.BATOK. ["%1" %*]
.SCROK. ["%1" /S]
.CHMOK. ["G:\WINDOWS\hh.exe" %1]
.HLPOK. [%SystemRoot%\system32\winhlp32.exe %1]
.INIOK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INFOK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBSOK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JSOK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNKOK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
================================== 能看懂的帮忙分析一下,不胜感激
好象是灰鸽子 但杀不掉
哪位大侠帮忙重装一下系统吧实在不行
俺是新手很菜啊,
重装也不会
<MSMSGS><; "G:\Program Files\Messenger\msmsgs.exe" /background>
MSN,没必要随机启动。
<Super Rabbit IEPro><; G:\PROGRA~1\SUPERR~1\MagicSet\SRIECLI.EXE /LOAD>
超级兔子,没必要随机器启动。
<TkBellExe><; "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>
realone自动更新,没必要随机启动。
<jiahu><; G:\WINDOWS\System32\svchqst.exe>
这个trojan立刻删除http://www.dofile.com/svchqst/
<systwseh><; G:\WINDOWS\System32\algetgti.exe>
可疑进程,立刻删除。
<TProgram><; G:\WINDOWS\SMSS.EXE>
可疑进程,立刻删除。真正的路径是%systemroot%\system32\
<G:\WINDOWS\G_Server1.23.exe><N/A>
灰鸽子服务端。运行services.msc可查看。
下查找G_Server关键字删除。
IE加载很多BHO(Browser Helper Objects)浏览器劫持对象。
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <G:\PROGRA~1\SUPERR~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
{77FEF28E-EB96-44FF-B511-3185DEA48697} <G:\Progra~1\Baidu\bar\BaiDuBar.dll, Baidu.com, Inc.>
[相关站点]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <G:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <G:\Progra~1\Baidu\bar\BaiDuBar.dll, Baidu.com, Inc.>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <G:\PROGRA~1\SUPERR~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
{3D8F74EE-8692-4F8F-B8D2-7522E732519E} <G:\WINDOWS\System32\WEBACT~1.OCX, QQ>
全部删除。 ............. <N/A><N/A>
IE被插入驱动级可疑文件。
<N/A><N/A>
可疑木马程序。路径应该是%system%\system32\
立刻删除。
呵呵,你哪里下的卡巴啊,不至于这么差的卡巴啊? 同学给俺的啊?还有更好的吗 ?大侠我现在这个样子还有救吗
页:
[1]
2