引用 | 編輯
jaster0217
2008-01-13 02:48 |
樓主
▼ |
||
x0
一開機便會自動出現撥接程式 然後我的最愛會出現2個亂碼網站雖然知道中了什麼木馬 但殺不乾淨 請教一下大大們 如何完整處理 謝謝 另外 在sreng System Repair分頁中的Browser Add-ons裡的 [Info cache] {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 明?科技有限公司> 按了刪除後 再刷新一次 發現還是存在 請問該如何正確刪除 第一次發帖 如果不檔 請多見諒 請多指教 謝謝大家 複製程式 2008-01-13,01:35:33 System Repair Engineer 2.5.16.900 Smallfrogs ([url]http://www.KZTechs.com[/url]) Windows XP Professional Service Pack 2 (Build 2600) - 管理許可權用戶 - 完整功能 以下內容被選中: 所有的啟動項目(包括註冊表、開機檔案夾、服務等) 流覽器載入項 正在運行的進程(包括進程模組資訊) 文件關聯 Winsock 提供者 Autorun.inf HOSTS 文件 進程特權掃描 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <nwiz><nwiz.exe /install> [] <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Publisher] <ShStatEXE><"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE> [Network Associates, Inc.] <Network Associates Error Reporting Service><"C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"> [Network Associates, Inc.] <High Definition Audio Property Page Shortcut><HDAShCut.exe> [(Verified)Microsoft Windows XP Publisher] <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A] <PHIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\Phonetic\TINTLCFG.EXE /PHIMETIPSync> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{DE6CBE17-8690-487F-AA5D-B6B8C93EE38A}><C:\Program Files\Internet Explorer\SIGNUP\INSTALI.sys> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] <Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <ClubBox><; C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <DAEMON Tools Pro Agent><; "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher] <McAfeeUpdaterUI><; "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey> [Network Associates, Inc.] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh] <PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher] <PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher] <QuickTime Task><; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.] <RemoteControl><; "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"> [Cyberlink Corp.] <SoundMAX><; "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> [Analog Devices, Inc.] <SoundMAXPnP><; C:\Program Files\Analog Devices\Core\smax4pnp.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <wcmdmgr><; C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch> [WildTangent, Inc.] <WinampAgent><; C:\Program Files\Winamp\winampa.exe> [] ================================== 開機檔案夾 N/A ================================== 服務 [Human Interface Device Access / HidServ][Stopped/Disabled] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation> [McAfee Framework Service / McAfeeFramework][Running/Auto Start] <C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart><Network Associates, Inc.> [Network Associates McShield / McShield][Running/Auto Start] <"C:\Program Files\Network Associates\VirusScan\Mcshield.exe"><Network Associates, Inc.> [Network Associates Task Manager / McTaskManager][Stopped/Manual Start] <"C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"><Network Associates, Inc.> [NVIDIA Display Driver Service / NVSvc][Stopped/Manual Start] <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation> [StarWind iSCSI Service / StarWindService][Stopped/Manual Start] <C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe><Rocket Division Software> ================================== 驅動程式 [6cqa2sv5yf / 6cqa2sv5yf][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\6cqa2sv5yf.sys><N/A> [acpidisk / acpidisk][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A> [ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start] <system32\drivers\ADIHdAud.sys><Analog Devices, Inc.> [AEAudio Service / AEAudioService][Running/Manual Start] <system32\drivers\AEAudio.sys><Andrea Electronics Corporation> [Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start] <system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider> [Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start] <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider> [jatmlano / jatmlano][Stopped/Manual Start] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jatmlano.sys><N/A> [ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start] <System32\DRIVERS\ASACPI.sys><> [NaiAvFilter1 / NaiAvFilter1][Running/Manual Start] <system32\drivers\naiavf5x.sys><Network Associates, Inc.> [NaiAvTdi1 / NaiAvTdi1][Running/System Start] <system32\drivers\mvstdi5x.sys><Network Associates, Inc.> [npkcrypt / npkcrypt][Running/Auto Start] <\??\C:\Program Files\Gamania\MapleStory\npkcrypt.sys><INCA Internet Co., Ltd.> [nv / nv][Running/Manual Start] <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation> [NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start] <System32\DRIVERS\NVENETFD.sys><NVIDIA Corporation> [NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start] <System32\DRIVERS\nvnetbus.sys><NVIDIA Corporation> [直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start] <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [Secdrv / Secdrv][Stopped/Manual Start] <System32\DRIVERS\secdrv.sys><N/A> [SenFilt Service / SenFiltService][Running/Manual Start] <system32\drivers\Senfilt.sys><Sensaura> [StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start] <\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology> [StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start] <\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology> [StarForce Protection Synchronization Driver (version 3.x) / sfsync03][Running/Boot Start] <\SystemRoot\System32\drivers\sfsync03.sys><Protection Technology> [sptd / sptd][Running/Boot Start] <\SystemRoot\System32\Drivers\sptd.sys><N/A> [st3tgbus / st3tgbus][Stopped/Manual Start] <system32\DRIVERS\st3tgbus.sys><> [st3tiger / st3tiger][Stopped/Manual Start] <system32\DRIVERS\st3tiger.sys><> [ui2di7h / ui2di7ha][Running/Boot Start] <\SystemRoot\System32\DRIVERS\ui2di7ha.sys><N/A> [Motorola USB Modem Driver for MPT / usbsermpt][Stopped/Manual Start] <system32\DRIVERS\usbsermpt.sys><Microsoft Corporation> [EntDrv51 / EntDrv51][Running/Manual Start] <\??\C:\WINDOWS\system32\drivers\EntDrv51.sys><Network Associates, Inc> ================================== 流覽器載入項 [Yahoo! Toolbar Helper] {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.> [Info cache] {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 明?科技有限公司> [IeCatch2 Class] {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft> [ALiBaBar_Helper] {CE439C63-384A-747A-A357-23D96B5D652B} <C:\PROGRA~1\ALiBaBar\ALiBaBar.dll, Alfred, C. S. Li> [FlashGet] {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\flashget.exe, Amaze Soft> [Yahoo! Messenger] {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe, Yahoo! Inc.> [FlashGet Bar] {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft> [Yahoo! Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.> [ALiBaBar] {0A1375E1-56C2-11D6-8E45-8933A0FB5235} <C:\PROGRA~1\ALiBaBar\ALiBaBar.dll, Alfred, C. S. Li> [NowStarter Control] {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} <C:\WINDOWS\DOWNLO~1\GNOWST~1.OCX, (C) NOWCOM> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.> [Yahoo! Toolbar Helper] {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.> [ALiBaBar] {0A1375E1-56C2-11D6-8E45-8933A0FB5235} <C:\PROGRA~1\ALiBaBar\ALiBaBar.dll, Alfred, C. S. Li> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation> [Info cache] {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 明?科技有限公司> [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\System32\shdocvw.dll, N/A> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation> [NowStarter Control] {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} <C:\WINDOWS\DOWNLO~1\GNOWST~1.OCX, (C) NOWCOM> [IeCatch2 Class] {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A> [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [ALiBaBar_Helper] {CE439C63-384A-747A-A357-23D96B5D652B} <C:\PROGRA~1\ALiBaBar\ALiBaBar.dll, Alfred, C. S. Li> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.> [MessengerChecker Class] {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, Yahoo! Inc.> [FlashGet Bar] {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft> [Messenger Class] {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <, N/A> [Yahoo! Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.> [Foxy 下載] <res://C:\Program Files\Foxy\Foxy.exe/download.htm, N/A> [Foxy 搜尋] <res://C:\Program Files\Foxy\Foxy.exe/search.htm, N/A> [使用 FlashGet 下載] <C:\Program Files\FlashGet\jc_link.htm, N/A> [全部使用 FlashGet 下載] <C:\Program Files\FlashGet\jc_all.htm, N/A> [剪貼簿文字: 簡 > 繁] <res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToTrad, N/A> [剪貼簿文字: 繁 > 簡] <res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToSim, N/A> [網頁: [簡體] 顯示] <res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToSim, N/A> [網頁: [繁體] 顯示] <res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToTrad, N/A> ================================== 正在運行的進程 [PID: 620][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 672][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 704][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\winlib .dll] [N/A, ] [PID: 748][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277] [PID: 760][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277] [PID: 912][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277] [PID: 976][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277] [PID: 1060][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277] [PID: 1096][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277] [PID: 1180][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277] [PID: 1456][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\4g40r6cll5.dll] [N/A, ] [C:\Program Files\Internet Explorer\SIGNUP\INSTALI.sys] [N/A, ] [C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277] [C:\PROGRA~1\FlashGet\jccatch.dll] [Amaze Soft, 1, 1, 4, 0] [C:\PROGRA~1\ALiBaBar\ALiBaBar.dll] [Alfred, C. S. Li, 5.1.0.0] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\WinAVI Video Converter\SimpleExt.dll] [N/A, ] [C:\PROGRA~1\Yahoo!\Common\ymmapi.dll] [Yahoo! Inc., 2005, 1, 1, 4] [C:\PROGRA~1\WinZip\WZSHLSTB.DLL] [WinZip Computing, Inc., 3.0 (32-bit)] [C:\Program Files\Network Associates\VirusScan\shext.dll] [Network Associates, Inc., 8.0.0.912] [C:\Program Files\Network Associates\VirusScan\RES04\ShExtRes.dll] [Network Associates, Inc., 8.0.0.912] [C:\Documents and Settings\Administrator\Application Data\Foxy\LinkMaker.dll] [, 1, 1, 1, 0] [C:\PROGRA~1\GlobalSCAPE\CuteFTP\CuteShell.dll] [, 1, 0, 0, 1] [C:\Program Files\completedir\BTShortcut.dll] [, 1, 0, 0, 1] [C:\WINDOWS\System32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.8205] [C:\WINDOWS\system32\NVRSZHT.DLL] [NVIDIA Corporation, 6.14.10.8205] [C:\WINDOWS\system32\nvshell.dll] [, ] [PID: 1624][C:\Program Files\Network Associates\Common Framework\FrameworkService.exe] [Network Associates, Inc., 3.5.0.412] [C:\Program Files\Network Associates\Common Framework\nailog.dll] [Network Associates, Inc., 3.5.0.474] [C:\Program Files\Network Associates\Common Framework\naXML.dll] [Network Associates, Inc., 3.5.0.474] [C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] [Network Associates, Inc., 3.5.0.474] [C:\Program Files\Network Associates\Common Framework\applib.dll] [Network Associates, Inc., 3.5.0.412] [C:\Program Files\Network Associates\Common Framework\0404\AgentRes.dll] [Network Associates, Inc., 3.5.0.412] [C:\Program Files\Network Associates\Common Framework\Logging.dll] [Network Associates, Inc., 3.5.0.412] [C:\Program Files\Network Associates\Common Framework\InternetManager.dll] [Network Associates, Inc., 3.5.0.412] [C:\Program Files\Network Associates\Common Framework\naInet.dll] [Network Associates, Inc., 3.5.0.474] [C:\Program Files\Network Associates\Common Framework\UserSpace.dll] [Network Associates, Inc., 3.5.0.412] [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] [Network Associates, Inc., 3.5.0.412] [C:\Program Files\Network Associates\Common Framework\Management.dll] [Network Associates, Inc., 3.5.0.412] [C:\Program Files\Network Associates\Common Framework\cmalib.dll] [Network Associates, Inc., 3.5.0.412] [C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll] [Network Associates, Inc., 3.5.0.412] [C:\Program Files\Network Associates\Common Framework\PsApi.dll] [Microsoft Corporation, 4.00] [C:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll] [Network Associates, Inc., 3.5.0.412] [C:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll] [Network Associates, Inc., 3.5.0.412] [C:\Program Files\Network Associates\Common Framework\Scheduler.dll] [Network Associates, Inc., 3.5.0.412] [C:\Program Files\Network Associates\Common Framework\TCSubSys.dll] [Network Associates, Inc., 3.5.0.412] [C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277] [PID: 1672][C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe] [Network Associates, Inc., 3.5.0.412] [C:\PROGRA~1\NETWOR~1\COMMON~1\nailog.dll] [Network Associates, Inc., 3.5.0.474] [C:\PROGRA~1\NETWOR~1\COMMON~1\naCmnLib.dll] [Network Associates, Inc., 3.5.0.474] [C:\PROGRA~1\NETWOR~1\COMMON~1\naXML.dll] [Network Associates, Inc., 3.5.0.474] [C:\PROGRA~1\NETWOR~1\COMMON~1\0404\AgentRes.dll] [Network Associates, Inc., 3.5.0.412] [C:\Program Files\Network Associates\VirusScan\VsPlugin.dll] [Network Associates, Inc., 8.0.0.912] [C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277] [PID: 1688][C:\Program Files\Network Associates\VirusScan\Mcshield.exe] [Network Associates, Inc., 8.0.0.251] [C:\Program Files\Network Associates\VirusScan\Res04\McShield.DLL] [Network Associates, Inc., 8.0.0.251] [C:\Program Files\Network Associates\VirusScan\FTL.Dll] [Network Associates, Inc., 8.0.0.135] [C:\Program Files\Network Associates\VirusScan\naiann.dll] [Network Associates, Inc., 8.0.0.251] [C:\Program Files\Network Associates\VirusScan\mytilus.dll] [Network Associates, Inc., 8.0.0.251] [C:\Program Files\Network Associates\Common Framework\GenEvtInf.dll] [Network Associates, Inc., 3.5.0.412] [C:\Program Files\Network Associates\VirusScan\NaEventU.DLL] [Network Associates, Inc., 8.0.0.342] [C:\Program Files\Network Associates\VirusScan\Res04\naEvtRes.dll] [Network Associates, Inc., 8.0.0.342] [C:\Program Files\Network Associates\VirusScan\VSIDSvr.dll] [Network Associates, Inc., 8.0.0.251] [C:\Program Files\Common Files\Network Associates\Engine\MCSCAN32.DLL] [McAfee, Inc., 5.2.00] [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] [Network Associates, Inc., 3.5.0.412] [C:\Program Files\Network Associates\VirusScan\EntSrv.Dll] [Network Associates, Inc, 8.0.0.277] [C:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9841.0] [PID: 576][C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE] [Network Associates, Inc., 8.0.0.912] [C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] [Network Associates, Inc., 8.0.0.912] [C:\Program Files\Network Associates\VirusScan\naiwmain.dll] [Network Associates, Inc., 8.0.0.912] [C:\Program Files\Network Associates\VirusScan\RES04\shstat.dll] [Network Associates, Inc., 8.0.0.912] [C:\Program Files\Network Associates\VirusScan\RES04\Product.dll] [Network Associates, Inc., 8.0.0.912] [C:\Program Files\Network Associates\VirusScan\RES04\McShield.dll] [Network Associates, Inc., 8.0.0.251] [C:\Program Files\Network Associates\VirusScan\RES04\Shutilrc.dll] [Network Associates, Inc., 8.0.0.912] [C:\Program Files\Network Associates\VirusScan\Graphics.dll] [Network Associates, Inc., 8.0.0.912] [PID: 396][C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe] [Network Associates, Inc., 2.0.275.0] [PID: 676][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1944][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277] [C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll] [明?科技有限公司, 1, 0, 0, 0] [C:\PROGRA~1\FlashGet\jccatch.dll] [Amaze Soft, 1, 1, 4, 0] [C:\PROGRA~1\ALiBaBar\ALiBaBar.dll] [Alfred, C. S. Li, 5.1.0.0] [C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] [Network Associates, Inc., 8.0.0.955] [C:\Program Files\Network Associates\VirusScan\mytilus.dll] [Network Associates, Inc., 8.0.0.251] [C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll] [Network Associates, Inc., 8.0.0.251] [C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll] [McAfee, Inc., 5.2.00] [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0] [C:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9841.0] [C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx] [Apple Computer, Inc., 7.0.4] [C:\Program Files\WinAVI Video Converter\SimpleExt.dll] [N/A, ] [C:\PROGRA~1\Yahoo!\Common\ymmapi.dll] [Yahoo! Inc., 2005, 1, 1, 4] [C:\PROGRA~1\WinZip\WZSHLSTB.DLL] [WinZip Computing, Inc., 3.0 (32-bit)] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\Network Associates\VirusScan\shext.dll] [Network Associates, Inc., 8.0.0.912] [C:\Program Files\Network Associates\VirusScan\RES04\ShExtRes.dll] [Network Associates, Inc., 8.0.0.912] [C:\Documents and Settings\Administrator\Application Data\Foxy\LinkMaker.dll] [, 1, 1, 1, 0] [C:\PROGRA~1\GlobalSCAPE\CuteFTP\CuteShell.dll] [, 1, 0, 0, 1] [C:\Program Files\completedir\BTShortcut.dll] [, 1, 0, 0, 1] [PID: 1316][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277] [PID: 820][C:\Program Files\FlashGet\flashget.exe] [Amaze Soft, 1, 3, 1, 0] [PID: 432][F:\軟體\新資料夾\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [F:\軟體\新資料夾\sreng2\Lang\1028.DLL] [System Repair Engineer, 2.5.16.900] [F:\軟體\新資料夾\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost 127.0.0.1 serial.alcohol-soft.com 127.0.0.1 [url]www.alcohol-soft.com[/url] 127.0.0.1 images.alcohol-soft.com 127.0.0.1 trial.alcohol-soft.com 127.0.0.1 alcohol-soft.com ================================== 進程特權掃描 特殊特權被允許: SeLoadDriverPrivilege [PID = 820, C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE] ================================== API HOOK N/A ================================== 隱藏進程 N/A ================================== x0
|
引用 | 編輯
kerash
2008-01-13 15:21 |
1樓
▲ ▼ |
執行 > Regedit >
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{DE6CBE17-8690-487F-AA5D-B6B8C93EE38A}><C:\Program Files\Internet Explorer\SIGNUP\INSTALI.sys> ↑刪除資料 Sreng > 啟動項目 > 服務 > 驅動程式 [6cqa2sv5yf / 6cqa2sv5yf][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\6cqa2sv5yf.sys> [acpidisk / acpidisk][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\acpidisk.sys> [jatmlano / jatmlano][Stopped/Manual Start] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jatmlano.sys> [ui2di7h / ui2di7ha][Running/Boot Start] <\SystemRoot\System32\DRIVERS\ui2di7ha.sys> ↑停止並刪除服務 以下為需刪除檔案(可用 POWERRMV 或者 OTMoveIt 解決) C:\Program Files\Internet Explorer\SIGNUP\INSTALI.sys C:\WINDOWS\system32\winlib .dll C:\WINDOWS\system32\4g40r6cll5.dll C:\WINDOWS\system32\drivers\6cqa2sv5yf.sys C:\WINDOWS\system32\drivers\acpidisk.sys C:\Documents and Settings\Administrator\Local Settings\Temp\jatmlano.sys C:\WINDOWS\System32\DRIVERS\ui2di7ha.sys 以上做解救參考。 至於 PCtool , 可以先試著把該檔案刪除 (pctool.dll) 再做其他刪除動作。 先把主要的問題解決先:) x0 |
引用 | 編輯
jaster0217
2008-01-14 00:16 |
2樓
▲ ▼ |
謝謝kerash的指教 已經照你所言做初步處理了 狀況是好了不少
不過4g40r6cll5.dll這個檔案 用powerrmv處理裡 會顯示重開機後刪除 只是重開後 一樣還是存在 目前就只剩這個檔案未能處理 x0 |
引用 | 編輯
kerash
2008-01-14 00:35 |
3樓
▲ ▼ |
執行 > CMD
進入到 SYSTEM32 資料夾 (基本的CMD指令應該會吧?) 即假設原本為 c:\Documents and Setting\Administator> 則輸入 "cd.." 兩次,來到 c:\ 接著輸入 cd_windows ,再輸入 cd_system32 (_為空白) 接著輸入 attrib -s -a 4g40r6cll5.dll 再輸入 del 4g40r6cll5.dll 應該有辦法刪除。 x0 |
引用 | 編輯
瘋子·石
2008-01-14 12:04 |
4樓
▲ ▼ |
xdelbox
可以搜索這個工具解決無法刪除的文檔.同樣是重啟後刪除,但失敗率很低. 需要注意的是,重啟刪除文檔時,請拔掉所有可移動存儲設備. x0 |
引用 | 編輯
jaster0217
2008-01-15 01:08 |
5樓
▲ ▼ |
謝謝各位的回答 我參考論壇 置頂文裡的 讓win2k winxp進入dos下殺毒 一文中
照文中所教步驟 已經順利在dos底下將那個檔刪除了 很感謝各位熱心的幫忙 x0 |