回复: 求助,疑是恶性病毒
这XP已经是SP2冲击波可以无视了吧
可以5454..............
回复: 求助,疑是恶性病毒
那我期待关机了- -回复: 求助,疑是恶性病毒
关机……太有技术含量了。
回复: 求助,疑是恶性病毒
貌似于中冲击波的现象回复: 求助,疑是恶性病毒
表看到关机倒计时就是冲击波……回复: 求助,疑是恶性病毒
SRE扫描结果如下2006-08-23,13:46:49
System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
启动项目
注册表
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
<KVFW><C:\Program Files\KVFW\kvfw.exe -silent>
<KvXP><"C:\Program Files\KV2006\KvXP.kxp" /ScanBoot /ScanSys>
<load><>[]
<KvMonXP><"C:\Program Files\KV2006\KVMonXP.kxp" /auto>
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"-osboot>
<nwiz><nwiz.exe /install>[]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>
<SoundMan><SOUNDMAN.EXE>
<shell><Explorer.exe>
<Userinit><C:\WINDOWS\system32\userinit.exe,>
<AppInit_DLLs><>[]
<UIHost><logonui.exe>
<SCRNSAVE.EXE><>[]
<DAEMON Tools-2052><; "C:\Program Files\D-Tools\daemon.exe"-lang 2052>
<eMuleAutoStart><; C:\Program Files\eMule\emule.exe -AutoStart>[http://www.emule.org.cn]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
<KvMonXP><; C:\Program Files\KV2006\KVMonXP.kxp /auto>
<MsnMsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
<SoundMan><; SOUNDMAN.EXE>
<SysExplr><; C:\Program Files\HEROSOFT\Hero3000\SYSEXPLR.EXE>[]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"-osboot>
==================================
启动文件夹
服务
<"C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice><Apache Software Foundation>
<"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
<C:\Program Files\KV2006\KVSrvXP.exe /Service><Jiangmin Co. Ltd>
<"C:\Program Files\KV2006\kvwsc.exe"><Jiangmin Co.Ltd>
<C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe><N/A>
<C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe><N/A>
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
==================================
浏览器加载项
{42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} <C:\Program Files\KV2006\KVBHO_1.dll, Jiangmin Co.Ltd>
{80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <C:\Program Files\KV2006\KvShell.dll, Jiangmin Co.Ltd>
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Tencent\QQ\QQ.EXE, TENCENT>
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[江民杀毒工具栏]
{B5A34A93-D538-43A7-8371-864CB6148D12} <C:\Program Files\KV2006\KvShell.dll, Jiangmin Co.Ltd>
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
{42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} <C:\Program Files\KV2006\KVBHO_1.dll, Jiangmin Co.Ltd>
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
{80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <C:\Program Files\KV2006\KvShell.dll, Jiangmin Co.Ltd>
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[江民杀毒工具栏]
{B5A34A93-D538-43A7-8371-864CB6148D12} <C:\Program Files\KV2006\KvShell.dll, Jiangmin Co.Ltd>
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
<D:\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<D:\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Tencent\QQ\SendMMS.htm, N/A>
==================================
正在运行的进程
[\SystemRoot\System32\smss.exe]<Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[\??\C:\WINDOWS\system32\csrss.exe]<Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[\??\C:\WINDOWS\system32\winlogon.exe]<Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
<Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
<Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
<Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
<Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
<Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
<Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
<Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
<Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
<Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
<Jiangmin Co.Ltd><9.0.0.1226>
<Jiangmin Co.Ltd><9.0.6.0113>
<Jiangmin Co.Ltd><9, 0, 0, 1018>
<Jiangmin Co.Ltd><9, 0, 5, 830>
<JiangMin Co.Ltd.><9, 0, 5, 831>
<N/A><N/A>
<JiangMin Ltd.><9.0.0.500>
<Jiangmin Co.Ltd><9, 2, 0, 60103>
<JiangMin Co.Ltd.><9, 0, 5, 831>
<N/A><N/A>
<Jiangmin Co.Ltd><9, 0, 5, 927>
<JiangMin Ltd.><7, 1, 0, 200>
<Jiangmin Co.Ltd><9.0.0.50809>
<Jiangmin Co.Ltd><9, 2, 0, 50817>
<Jiangmin Co. Ltd.><9, 0, 6, 0214>
<JiangMin New Tech.><9.0.0.1213>
<N/A><N/A>
<N/A><2, 16, 6, 7260>
<Jiangmin Co.Ltd><9.0.0.1226>
<Jiangmin Co. Ltd.><9.0.0.921>
<RealNetworks, Inc.><0.1.0.3427>
<Jiangmin Co.Ltd><9.0.0.1226>
<Realtek Semiconductor Corp.><5.1.0.40>
<Jiangmin Co.Ltd><9.0.0.1226>
<Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
<Jiangmin Co.Ltd><9.0.0.1226>
<Beijing Jiangmin.><9.0.5.902>
<><1, 0, 0, 1>
<Jiangmin Co.Ltd><9.0.0.1226>
<Jiangmin Co. Ltd><9.2.0.50822>
<JiangMin Co.Ltd.><9, 0, 5, 831>
<Jiangmin Co. Ltd><9, 2, 0, 51107>
<N/A><N/A>
<Jiangmin Co.Ltd><9, 0, 5, 1212>
<Jiangmin Co., Ltd.><1.0.6.07110>
<Jiangmin Co.Ltd><9.2.0.50809>
<Jiangmin Co. Ltd.><1.0.6.06030>
<N/A><N/A>
<Jiangmin Co. Ltd><9, 2, 0, 50822>
<Jiangmin Co.Ltd><9, 0, 0, 60220>
<Jiangmin Co.Ltd><9, 2, 0, 50817>
<Jiangmin Co., Ltd.><9, 2, 6, 02040>
<Jiangmin Co.Ltd><9, 1, 0, 50822>
<JiangMin Co. Ltd><9, 2, 0, 50822>
<JiangMin Co Ltd.><9, 2, 0, 50822>
<Jiangmin Co. Ltd><9.2.0.503>
<Jiangmin Co. Ltd><9, 2, 0, 50822>
<Jiangmin Co. Ltd.><9, 2, 6, 07050>
<N/A><N/A>
<JiangMin Co. Ltd.><9, 2, 6, 0316>
<JiangMin Co. Ltd.><9, 2, 6, 04020>
<Jiangmin Co. Ltd><9, 0, 6, 04200>
<Jiangmin Co.Ltd><9, 1, 0, 51209>
<Jiangmin Co.Ltd><9, 2, 6, 07110>
<N/A><9, 0, 6, 619>
<N/A><N/A>
<Jiangmin Co.Ltd><9, 0, 5, 908>
<Jiangmin Co.Ltd><9, 2, 0, 50817>
<Jiangmin Co.Ltd><9.0.0.50809>
<JiangMin Co.Ltd.><9, 0, 5, 831>
<N/A><N/A>
<N/A><N/A>
<N/A><N/A>
<NVIDIA Corporation><1, 0, 2, 0>
<N/A><N/A>
<NVIDIA Corporation><1, 0, 1, 0>
<N/A><N/A>
<N/A><N/A>
<NVIDIA Corporation><6.14.10.9137>
<Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
<Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
<NVIDIA Corporation><1, 0, 0, 2>
<N/A><N/A>
<Jiangmin Co.Ltd><9.0.6.0413>
<JiangMin Co.Ltd.><9, 0, 5, 831>
<Jiangmin Co.Ltd><9.0.0.0813>
<Jiangmin Co.Ltd><9, 0, 5, 927>
<JiangMin Ltd.><7, 1, 0, 200>
<Jiangmin Co. Ltd.><9.0.0.921>
<Jiangmin Co.Ltd><9.0.0.1226>
<Jiangmin Ltd.><9. 5. 5. 20>
<Jiangmin Co.Ltd><9, 0, 0, 60220>
<Jiangmin Co.Ltd><9.0.6.210>
<Jiangmin Co. Ltd.><9.0.6.0119>
<Jiangmin Co. Ltd.><9.0.0.825>
<Jiangmin Co.Ltd><9.0.0.1226>
<Jiangmin Co. Ltd><9.2.0.50822>
<Jiangmin Co.Ltd><9.0.0.1226>
<JiangMin Co.Ltd.><9, 0, 5, 831>
<Jiangmin Ltd.><9. 0. 0.509>
<Jiangmin Ltd.><9. 5. 5. 20>
<Jiangmin Co.Ltd><9, 0, 5, 927>
<JiangMin Ltd.><7, 1, 0, 200>
<Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
<Jiangmin Co.Ltd><9.0.0.1226>
<Jiangmin Co.Ltd><9, 0, 5, 830>
<JiangMin Co.Ltd.><9, 0, 5, 831>
<N/A><N/A>
<JiangMin Ltd.><9.0.0.500>
<Jiangmin Co.Ltd><9, 0, 5, 927>
<JiangMin Ltd.><7, 1, 0, 200>
<Jiangmin Co.Ltd><9.0.6.0113>
<Jiangmin Co.Ltd><9, 0, 0, 1018>
<Adobe Systems, Inc.><9,0,16,0>
<Thunder Networking Technologies,LTD><5.1.6.198>
<Thunder Networking Technologies,LTD><1, 0, 1, 3>
<Thunder Networking Technologies,LTD><1, 0, 2, 69>
<><1, 0, 2, 1>
<STLport Consulting, Inc.><4.6.2003.1031>
<N/A><N/A>
<Thunder Networking Technologies,LTD><1, 0, 0, 15>
<Thunder Networking Technologies,LTD><5, 2, 0, 148>
<Jiangmin Co.Ltd><9.0.0.1226>
<Thunder Networking Technologies,LTD><1, 2, 0, 7>
<Thunder Networking Technologies,LTD><1, 0, 0, 2>
< ><1, 0, 0, 5>
< ><2, 1, 0, 29>
<Thunder Networking Technologies,LTD><1, 0, 0, 4>
<Thunder Networking Technologies,LTD><1, 0, 0, 60>
<Adobe Systems, Inc.><9,0,16,0>
<Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
<Jiangmin Co.Ltd><9.0.0.1226>
<Jiangmin Co.Ltd><9, 0, 5, 830>
<JiangMin Co.Ltd.><9, 0, 5, 831>
<N/A><N/A>
<JiangMin Ltd.><9.0.0.500>
<Jiangmin Co.Ltd><9, 0, 5, 927>
<JiangMin Ltd.><7, 1, 0, 200>
<Jiangmin Co.Ltd><9.0.6.0113>
<Jiangmin Co.Ltd><9, 0, 0, 1018>
<Adobe Systems, Inc.><9,0,16,0>
<Smallfrogs Studio><2.0.21.505>
<Jiangmin Co.Ltd><9.0.0.1226>
==================================
文件关联
.TXTOK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXEOK. ["%1" %*]
.COMOK. ["%1" %*]
.PIFOK. ["%1" %*]
.REGOK.
.BATOK. ["%1" %*]
.SCROK. ["%1" /S]
.CHMOK. ["C:\WINDOWS\hh.exe" %1]
.HLPOK. [%SystemRoot%\System32\winhlp32.exe %1]
.INIOK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INFOK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBSOK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JSOK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNKOK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
==================================
回复: 求助,疑是恶性病毒
顺便,显示器还是时不时黑屏一下子……回复: 求助,疑是恶性病毒
顶上来……回复: 求助,疑是恶性病毒
你爲什麽把eMule和超級結巴的托盤都讓他們一開機就啓動了??我都不知道自己打了什麽東西..........
回复: 求助,疑是恶性病毒
超級結巴的托盤这是什么....
回复: 求助,疑是恶性病毒
米虾米不正常D……回复: 求助,疑是恶性病毒
但我就是关机...还有显示器老黑屏.....回复: 求助,疑是恶性病毒
出现那个倒计时。在时间范围内,开始,运行,输入shutdown -a回复: 求助,疑是恶性病毒
RPC漏洞,就是冲击波之类的病毒,看见这个直接在开始-〉运行->输入cmd,在cmd输入shutdown -a,就可以关闭回复: 求助,疑是恶性病毒
shutdown -a的确阻止了关闭,然而系统很多功能失去了,比如IE的“在新窗口中打开”。回复: 求助,疑是恶性病毒
重新安装系统,然后打完所有补丁……:030:回复: 求助,疑是恶性病毒
重新安装系统,然后打完所有补丁……:030:這算是老生常談了.......