kelvinau321
基本會員
積分 84
發文 22
註冊 2007-10-2
狀態 離線
|
#1 〔求助〕NOD32發現了病毒,卻不能刪除,怎麼辦?(附圖)【已解決】
圖中的
C:\WINDOWS\Temporary TegoWeb Files\Downloaded Programs\6a1ec-51870.CAB >>CAB >>svchost.exe - probably a variant of Win32/VB worm
出現了問題,但NOD32卻不能刪除它,我該怎麼辦?
曾經試過有一個svchost.exe令到我的cpu使用率常達七十%以上,
我相信就是這個病毒,
可以教我怎樣刪除它嗎?
[ Last edited by kelvinau321 on 2007-10-17 at 07:17 PM ]
|
|
2007-10-6 05:55 PM |
|
Smiler
高級會員
 
積分 6335
發文 988
註冊 2005-9-7
狀態 離線
|
#2 參考看看!!
您可以試試看在安全模式下使用 NOD32 清除!!
1.在開機時,按下 <F8> 鍵,選擇<安全模式>
2.進入 Windows XP 安全模式以後,《開始》→《所有程式》→《egst》→《NOD32》
3.啟動 NOD32 以後,同時按下<Ctrl> <Alt> <Del> 三個鍵,叫出工作管理員
4.在工作管理員的<處理程序>標籤中,找到 explorer.exe,再按下右下角<結束處理程序>,將 explorer.exe 結束,這時工作列會消失,但是不用理會!!
5.回到 NOD32中,再<設定>標籤中,將<診斷的物件>和<ThreatSense掃描選項>底下所有的選項都打勾
6.按下 NOD32 下的<檢查及清除>按鍵
7.等到執行完畢,一樣按下 <Ctrl> <Alt> <Del> 鍵叫出工作管理員,再按<關機>
8.重新啟動電腦電源
|
|
|
2007-10-6 10:07 PM |
|
ucc_6
一般會員
積分 206
發文 35
註冊 2005-10-14
狀態 離線
|
|
|
2007-10-6 10:52 PM |
|
屠狗輩
資深會員
積分 3554
發文 448
註冊 2007-8-11
狀態 離線
|
|
|
2007-10-7 12:43 AM |
|
ucc_6
一般會員
積分 206
發文 35
註冊 2005-10-14
狀態 離線
|
#5
| Quote: | Originally posted by 屠狗輩 at 2007-10-7 12:43 AM:
多謝樓上提議
已經安裝了SRENG |
|
那個工具不是要安裝的啦 是要掃出報表
然後判斷哪裡有問題
|
|
|
2007-10-7 01:43 AM |
|
kelvinau321
基本會員
積分 84
發文 22
註冊 2007-10-2
狀態 離線
|
#6
上面那位在冒認我嗎= =?
我使用了樓上建議的SRENG
奇怪的是,我一按到啟動專案,
就彈出圖中的字句...↓
「警告!註冊表值 AppInt_DLLs 被修改為非正常值 (預設值是空) 。請檢查你的系統中可能存在的電腦病毒。」
真的有病毒嗎?就是NOD32發現的病毒嗎?還是另一個?怎樣才能刪除它?
掃出的報表在樓下。
|
|
|
2007-10-7 09:42 AM |
|
kelvinau321
基本會員
積分 84
發文 22
註冊 2007-10-2
狀態 離線
|
#7
樓下還有...麻煩你了,幫幫忙>"<
[CODE]
2007-10-07,09:28:37
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理許可權用戶 - 完整功能
以下內容被選中:
所有的啟動項目(包括註冊表、開機檔案夾、服務等)
流覽器載入項
正在運行的進程(包括進程模組資訊)
文件關聯
Winsock 提供者
Autorun.inf
HOSTS 文件
進程特權掃描
啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<PeerGuardian><C:\Program Files\PeerGuardian2\pg2.exe> [Methlabs]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation]
<startup.exe><"C:\WINDOWS\startup.exe" > [N/A]
<BitTorrent><; > [N/A]
<PcSync><; C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<igfxpers><C:\WINDOWS\system32\igfxpers.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<COMODO Firewall Pro><"C:\Program Files\Comodo\Firewall\CPF.exe" /background> [(Verified)Comodo CA Limited]
<StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
<nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE> [Eset ]
<Cmaudio><; RunDll32 cmicnfg.cpl,CMICtrlWnd> [N/A]
<DiskeeperSystray><; "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"> [Diskeeper Corporation]
<EPSON Stylus C41 Series><; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O5 "LPT1:" /M "Stylus C41"> [SEIKO EPSON CORPORATION]
<PCSuiteTrayApplication><; C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup> [N/A]
<Sony Ericsson PC Suite><; "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions> []
<SunServer><; C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><firewall\wl_hook.dll> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
<WinlogonNotify: igfxcui><igfxdev.dll> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\system32\MAT2MD.scr> []
==================================
開機檔案夾
[Battery Doubler]
<C:\Documents and Settings\Kelvin\「開始」功能表\程式集\啟動\Battery Doubler.lnk --> C:\PROGRA~1\DACHSH~1\BATTER~1\BATTER~1.EXE [N/A]><N>
[Hare]
<C:\Documents and Settings\Kelvin\「開始」功能表\程式集\啟動\Hare.lnk --> C:\PROGRA~1\DACHSH~1\Hare\Hare.exe [N/A]><N>
[Zoom]
<C:\Documents and Settings\Kelvin\「開始」功能表\程式集\啟動\Zoom.lnk --> C:\PROGRA~1\DACHSH~1\Zoom\Zoom.exe [N/A]><N>
==================================
服務
[Comodo Application Agent / CmdAgent][Running/Auto Start]
<C:\Program Files\Comodo\Firewall\cmdagent.exe><COMODO>
[Diskeeper / Diskeeper][Running/Auto Start]
<"C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"><Diskeeper Corporation>
[EPSON Printer Status Agent2 / EPSONStatusAgent2][Running/Auto Start]
<C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe><SEIKO EPSON CORPORATION>
[FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"><Macrovision Corporation>
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
<"C:\Program Files\Eset\nod32krn.exe"><Eset>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
<"C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"><Nokia.>
[StarWind iSCSI Service / StarWindService][Running/Auto Start]
<C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe><Rocket Division Software>
==================================
驅動程式
[AMON / AMON][Running/Auto Start]
<\SystemRoot\system32\drivers\amon.sys><Eset>
[Comodo Application Engine / CmdMon][Running/System Start]
<System32\DRIVERS\cmdmon.sys><Comodo Research Lab., Inc.>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
<system32\drivers\cmuda.sys><C-Media Inc>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Comodo Network Engine / Inspect][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\inspect.sys><COMODO>
[IPvE Adapter Driver / IPvE][Running/Manual Start]
<system32\DRIVERS\IPvE.sys><Hongtien>
[Macronix MX987xx Family Fast Ethernet NT Driver / mxnic][Stopped/Manual Start]
<system32\DRIVERS\mxnic.sys><Macronix International Co., Ltd.>
[nod32drv / nod32drv][Running/System Start]
<\SystemRoot\system32\drivers\nod32drv.sys><N/A>
[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]
<system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]
<system32\drivers\nmwcdcm.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]
<system32\drivers\nmwcd.sys><Nokia>
[Nokia USB Port / Nokia USB Port][Stopped/Manual Start]
<system32\drivers\nmwcdcj.sys><Nokia>
[直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RivaTuner32 / RivaTuner32][Stopped/Manual Start]
<\??\C:\DOCUME~1\Kelvin\LOCALS~1\Temp\Rar$EX02.516\RivaTuner 2.0 RC 15.6\RivaTuner_v20RC16\RivaTuner32.sys><N/A>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Sony Ericsson Device 046 Driver driver (WDM) / SE2Ebus][Stopped/Manual Start]
<system32\DRIVERS\SE2Ebus.sys><MCCI>
[Sony Ericsson Device 046 USB WMC Modem Filter / SE2Emdfl][Stopped/Manual Start]
<system32\DRIVERS\SE2Emdfl.sys><MCCI>
[Sony Ericsson Device 046 USB WMC Modem Driver / SE2Emdm][Stopped/Manual Start]
<system32\DRIVERS\SE2Emdm.sys><MCCI>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[LGE Mobile Composite USB Device / usbbus][Stopped/Manual Start]
<system32\DRIVERS\lgusbbus.sys><N/A>
[vaxscsi / vaxscsi][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\vaxscsi.sys><N/A>
[pgfilter / pgfilter][Running/Manual Start]
<\??\C:\Program Files\PeerGuardian2\pgfilter.sys><N/A>
==================================
流覽器載入項
[Thunder Browser Helper]
{02478D37-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[運行迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[研究(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL, Microsoft Corporation>
[Run IMVU]
{d9288080-1baa-4bc4-9cf8-a92d743db949} <C:\Documents and Settings\Kelvin\「開始」功能表\程式集\IMVU\Run IMVU.lnk, N/A>
[Yahoo! 工具列]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[Office Genuine Advantage Validation Tool]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.DLL, >
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[TegoSoft SmartLoader ActiveX Control]
{1C960AA3-FAEE-11D0-9262-00A0243D2412} <C:\WINDOWS\DOWNLO~1\TegoLoad.OCX, TegoSoft Inc. http://www.tegosoft.com>
[UnoCtrl Class]
{5D6F45B3-9043-443D-A792-115447494D24} <C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll, Microsoft>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[MessengerStatsClient Class]
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} <C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll, Microsoft Corporation>
[NowStarter Control]
{A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} <C:\WINDOWS\DOWNLO~1\GNOWST~1.OCX, (C) NOWCOM>
[MSN Games - Installer]
{B8BE5E93-A60C-4D26-A2DC-220313175592} <C:\WINDOWS\Downloaded Program Files\ZIntro.ocx, Microsoft Corporation>
[MessengerStatsClient Class]
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} <C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll, Microsoft Corporation>
[Office Update Installation Engine]
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Thunder Browser Helper]
{02478D37-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\Ringz Studio\Storm Codec\QTSystem\QTPlugin.ocx, Apple Computer, Inc.>
[Office Genuine Advantage Validation Tool]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.DLL, >
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.dll, Microsoft Corporation>
[TegoSoft SmartLoader ActiveX Control]
{1C960AA3-FAEE-11D0-9262-00A0243D2412} <C:\WINDOWS\DOWNLO~1\TegoLoad.OCX, TegoSoft Inc. http://www.tegosoft.com>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[YInstStarter Class]
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} <C:\WINDOWS\cache\yinsthelper.dll, Yahoo! Inc.>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\SHDOCVW.DLL, N/A>
[CKAVReportCtrl Object]
{6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\SHDOCVW.DLL, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[XML DOM Document 4.0]
{88D969C0-F192-11D4-A65F-0040963251E5} <%SystemRoot%\system32\msxml4.dll, N/A>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[NowStarter Control]
{A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} <C:\WINDOWS\DOWNLO~1\GNOWST~1.OCX, (C) NOWCOM>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\SHDOCVW.DLL, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[OWSClientMiscApis Class]
{BDEADE3F-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\Office12\OWSCLT.DLL, Microsoft Corporation>
[OWSBrowserUI Class]
{BDEADE43-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\Office12\OWSCLT.DLL, Microsoft Corporation>
[Office Update Installation Engine]
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[Microsoft Office 12 Authorization Control]
{C9712B19-838B-45A5-ABF2-9A315DDDED50} <C:\PROGRA~1\MICROS~2\Office12\AUTHZAX.DLL, Microsoft Corporation>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Windows Live Sign-in Control]
{D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Yahoo! 工具列]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[&使用BitComet下載本頁視頻]
<res://C:\Documents and Settings\Kelvin\桌面\BitComet\BitComet.exe/AddVideo.htm, N/A>
[&使用迅雷下載]
<C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下載全部鏈接]
<C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[使用BitComet下載全部鏈接]
<res://C:\Documents and Settings\Kelvin\桌面\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[使用BitComet下載鏈接(&B)]
<res://C:\Documents and Settings\Kelvin\桌面\BitComet\BitComet.exe/AddLink.htm, N/A>
[匯出至 Microsoft Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A>
[?出到 Microsoft Office Excel(&X)]
<, N/A>
==================================
|
|
|
2007-10-7 09:43 AM |
|
kelvinau321
基本會員
積分 84
發文 22
註冊 2007-10-2
狀態 離線
|
#8
正在運行的進程
[PID: 912 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 960 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 984 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1028 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 1040 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 1192 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1252 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 1348 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1384 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\wudfsvc.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)]
[c:\windows\system32\WUDFPlatform.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)]
[PID: 1468 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 1528 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 1964 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\EBPMON2.DLL] [SEIKO EPSON CORPORATION, 2, 24, 0, 0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
[PID: 376 / Kelvin][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.0.0.0]
[C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3.0.0.4396]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4396]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4396]
[C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 3.0.0.4396]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4396]
[C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL] [Adobe Systems, Incorporated, 7.0]
[PID: 744 / Kelvin][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.4396]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4396]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4396]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4396]
[PID: 776 / Kelvin][C:\WINDOWS\system32\igfxpers.exe] [Intel Corporation, 3.0.0.4396]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4396]
[PID: 816 / Kelvin][C:\Program Files\Eset\nod32kui.exe] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\nod32rui.dll] [N/A, ]
[C:\Program Files\Eset\pu_amon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_amon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pu_dmon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_dmon.dll] [N/A, ]
[C:\Program Files\Eset\pu_emon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_emon.dll] [N/A, ]
[C:\Program Files\Eset\pu_imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Eset\pu_nod32.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pu_upd.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_upd.dll] [N/A, ]
[PID: 840 / Kelvin][C:\Program Files\PeerGuardian2\pg2.exe] [Methlabs, 1, 0, 6, 4]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 940 / Kelvin][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1908 / SYSTEM][C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe] [Diskeeper Corporation, 11.0.686.0]
[C:\WINDOWS\system32\odbcbcp.dll] [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Diskeeper Corporation\Diskeeper\DKLib.dll] [Diskeeper Corporation, 11.0.686.0]
[C:\Program Files\Diskeeper Corporation\Diskeeper\PrFacade.dll] [Diskeeper Corporation, 11.0.686.0]
[C:\Program Files\Diskeeper Corporation\Diskeeper\Tab.dll] [Executive Software International, Inc., 3.0.32.0]
[C:\Program Files\Diskeeper Corporation\Diskeeper\1033\DkRes.dll] [Diskeeper Corporation, 11.0.686.0]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Diskeeper Corporation\Diskeeper\DkTabProvider.dll] [Diskeeper Corporation, 11.0.686.0]
[PID: 516 / Kelvin][C:\WINDOWS\Integrator.exe] [Dachshund Software, 1.05.0001]
[C:\WINDOWS\system32\MAGE.DLL] [Dachshund Software, 1.0]
[C:\WINDOWS\system32\SYSINFO.OCX] [Microsoft Corporation, 6.00.8169]
[PID: 524 / SYSTEM][C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe] [SEIKO EPSON CORPORATION, 2, 2, 0, 0]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\WINDOWS\system32\EBAPI2.DLL] [SEIKO EPSON CORPORATION, 1, 4, 0, 0]
[C:\Program Files\Common Files\EPSON\EBAPI\EBPLPT.DLL] [SEIKO EPSON CORPORATION, 2, 23, 0, 0]
[PID: 1440 / SYSTEM][C:\Program Files\Eset\nod32krn.exe] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\nod32krr.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\ps_amon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_amon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\ps_dmon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_dmon.dll] [N/A, ]
[C:\Program Files\Eset\ps_emon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_emon.dll] [N/A, ]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Eset\ps_nod32.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\ps_upd.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_upd.dll] [N/A, ]
[PID: 1708 / SYSTEM][C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe] [Rocket Division Software, 2.6.1 Build 0x20050401]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 2028 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1724 / Kelvin][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll] [Yahoo! Inc., 2006, 10, 26, 1]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
[C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Yahoo!\Companion\Installs\cpn0\pubmod.dll] [Yahoo! Inc., 2005, 12, 16, 1]
[C:\Program Files\Yahoo!\Companion\Installs\cpn0\ypubc.dll] [Yahoo! Inc., 2006.1.25.01]
[C:\Program Files\Microsoft Office\Office12\msohevi.dll] [Microsoft Corporation, 12.0.4518.1014]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3368 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 3484 / Kelvin][C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[PID: 2292 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 2128 / Kelvin][C:\WINDOWS\system32\NOTEPAD.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4040 / Kelvin][C:\DOCUME~1\Kelvin\LOCALS~1\Temp\Rar$EX00.641\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\DOCUME~1\Kelvin\LOCALS~1\Temp\Rar$EX00.641\Lang\1028.DLL] [System Repair Engineer, 2.5.16.900]
[C:\DOCUME~1\Kelvin\LOCALS~1\Temp\Rar$EX00.641\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\DOCUME~1\Kelvin\LOCALS~1\Temp\Rar$EX00.641\Plugins\NTFSTREAM.SRE] [Smallfrogs Studio, 1, 0, 0, 5]
==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
NOD32 protected [MSAFD Tcpip [TCP/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [UDP/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 update.asdf.cn
127.0.0.1 msg.asdf.com
==================================
進程特權掃描
特殊特權被允許: SeLoadDriverPrivilege [PID = 816, C:\PROGRAM FILES\ESET\NOD32KUI.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 840, C:\PROGRAM FILES\PEERGUARDIAN2\PG2.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 1908, C:\PROGRAM FILES\DISKEEPER CORPORATION\DISKEEPER\DKSERVICE.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 516, C:\WINDOWS\INTEGRATOR.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 2552, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
==================================
API HOOK
N/A
==================================
隱藏進程
N/A
==================================
[/CODE]
|
|
|
2007-10-7 09:45 AM |
|
ucc_6
一般會員
積分 206
發文 35
註冊 2005-10-14
狀態 離線
|
#9
C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll <---這是正常的檔案路徑
<AppInit_DLLs><firewall\wl_hook.dll> [N/A] <-----這是不正常的檔案路徑,請用搜尋把他找出來,連同下面兩個檔案
<startup.exe><"C:\WINDOWS\startup.exe" > [N/A]
C:\WINDOWS\Temporary TegoWeb Files\Downloaded Programs\6a1ec-51870.CAB
回報給NOD32 或卡巴回報中心
newvirus@kaspersky.com.tw
他們會給你答案
|
|
|
2007-10-7 07:22 PM |
|
kelvinau321
基本會員
積分 84
發文 22
註冊 2007-10-2
狀態 離線
|
#10
| Quote: | Originally posted by Smiler at 2007-10-6 10:07 PM:
您可以試試看在安全模式下使用 NOD32 清除!!
1.在開機時,按下 <F8> 鍵,選擇<安全模式>
2.進入 Windows XP 安全模式以後,《開始》→《所有程式》→《egst》→《NOD32》
3.啟動 NOD32 以後,同時 ... |
|
有另一個問題,
就是我不能進入安全模式,
我發現有很多人也有這個問題...
我一選擇了要進入安全模式,
電腦就自動轉回去普通的window,
該怎樣辦呀?不能進入安全模式就不能使用你的方法!
|
|
|
2007-10-10 06:44 PM |
|
Smiler
高級會員
積分 6335
發文 988
註冊 2005-9-7
狀態 離線
|
|
|
2007-10-10 10:52 PM |
|
kelvinau321
基本會員
積分 84
發文 22
註冊 2007-10-2
狀態 離線
|
#12
本人終於能夠進入安全模式!!!
非常感謝樓上供我參考的軟體!!
我用NOD32在安全模式下真的掃瞄到有三個病毒,
有兩個是可以刪除的
有一個,我可以自己手動去刪除,但我不肯定這檔案有沒有用
它的位置是:C:\WINDOWS\Temporary TegoWeb Files\Downloaded Programs
以下是我掃瞄這個檔案彈出來的視窗↓
我不知道這個檔案是不是非常重要,若不是,我將會刪掉它
希望大家可以解答我這個問題↑
|
|
|
2007-10-14 01:52 PM |
|
ucc_6
一般會員
積分 206
發文 35
註冊 2005-10-14
狀態 離線
|
#13
NOD32 報 WORM 病毒 肯定是個病毒
處理這病毒可要小心了
看你的貼圖 NOD 現在都不敢處理
可以去問 NOD 看看有沒有專殺工具
或是上傳到 KASPERSKY 順便問他有沒有專殺工具
這個病毒可能會去感染其他檔案 所以請小心處理
|
|
|
2007-10-14 04:47 PM |
|
Smiler
高級會員
積分 6335
發文 988
註冊 2005-9-7
狀態 離線
|
#14 參考看看!!
給 kelvinau321 大大,依您的畫面來看,檔案應該是在您桌面上的 6a1ec-51870.CAB 檔,直接刪除應該沒有任何問題的!!
|
|
|
2007-10-17 12:39 AM |
|
kelvinau321
基本會員
積分 84
發文 22
註冊 2007-10-2
狀態 離線
|
|
|
2007-10-17 07:18 PM |
|
ventil
中級會員
積分 1327
發文 122
註冊 2005-9-5
來自 台灣高雄
狀態 離線
|
#16
開啟安全模式的方法
1.[開始]~>[執行]~>輸入 "msconfig" 後,ENTER啟動[系統設定公用程式]
...如圖
2.點選[系統設定公用程式]的[BOOT.INI]標籤將[/SAFEBOOT]打勾(如圖),接
著點選[關閉],系統將提示重新開機,按指示重開機後即進入[安全模式]
3.工作結束後一樣進入[系統設定公用程式]的[BOOT.INI]頁面,將[/SAFEBOOT]
取消,重開機即回復正常啟動
|
|
|
2007-10-17 07:24 PM |
|
saab2006
一般會員
積分 678
發文 123
註冊 2006-3-18
狀態 離線
|
#17
| Quote: | Originally posted by Smiler at 2007-10-10 10:52 PM:
供 kelvinau321 大大參考,您可以試試看 BootSafe 這套軟體!!
這是一套免費而且不用安裝的軟體,執行以後,選擇 <安全模式/Safe Mode>,再重新開機,就會自動以安全模式進入 Windows,但是請注意:
如果要 ... |
|
| Quote: | Originally posted by Smiler at 2007-10-10 10:52 PM:
供 kelvinau321 大大參考,您可以試試看 BootSafe 這套軟體!!
這是一套免費而且不用安裝的軟體,執行以後,選擇 <安全模式/Safe Mode>,再重新開機,就會自動以安全模式進入 Windows,但是請注意:
如果要回到正常模式,您必須重新執行這套程式,並設定為 <正常的重新啟動/Normal Restart>,再重新開機,否則不管您重新開機多少次,它都會依您前一次指定的模式啟動 Windows 喔!!
官方網站:
http://www.superadblocker.com/bootsafe.html
中文化版本:
http://tinyurl.com/el495 |
|
超感謝您的
讓小弟長了知識
也謝謝 ventil 大大
及回文的大大們
[ Last edited by saab2006 on 2007-11-9 at 09:37 PM ]
|
|
|
2007-11-9 09:34 PM |
|
icri
基本會員
積分 126
發文 27
註冊 2006-3-4
狀態 離線
|
#18 有這ㄇ熱心的大大,真好!
有這ㄇ多熱心的大大,台灣這個小社會將因有你們的存在而變得更美好!
|
|
|
2007-11-12 10:55 PM |
|
|
