热点科技

标题: [求助] 是不是新型病毒？文件关联无法修复，请教办法 [打印本页]

作者: 78594657 时间: 2006-10-27 11:12
标题: [求助] 是不是新型病毒？文件关联无法修复，请教办法
是不是新型病毒？文件关联无法修复，请教办法
表现为打开IE时自动打开http://files/Internet%20Explorer/IEXPLORE.EXE网址（不存在此网址、也不是主页）等，属EXE、TXT文件关联错误，用SREng和瑞星注册表修复工具修复无效。

此前电脑中过威金病毒，清除后重装过系统。

用NOD32扫描无毒，用TrojanHunter扫描无木马，但运行TrojanHunter扫描器时有提示见图。流氓软件清理助手无法启动。超级兔子原来装的是绿色版提示无流氓软件，改装全版，无法卸载，用优化大师的卸载功能智能卸载后装了好几个绿色版全版都无法运行（提示内存错误），也许与兔子有关？

请看下面截图：

作者: lalibre 时间: 2006-10-27 11:13
这是提示图

作者: 778881644 时间: 2006-10-27 11:14
TrojanHunter提示

作者: royxd 时间: 2006-10-27 11:33
提示: 作者被禁止或删除内容自动屏蔽

作者: zycw 时间: 2006-10-27 11:59
找不到可疑进程，见下图：

作者: ct238 时间: 2006-10-27 12:03

原帖由阿哥于 2006-10-27 11:59 发表
找不到可疑进程，见下图：

system.exe是什么？怎么那么多svchost？

扫个报告放上来吧，最好用sreng

作者: laodao 时间: 2006-10-27 12:30
system.exe是绿鹰PC精灵

sreng 扫描报告如下：

2006-10-27,12:28:49

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Enterprise Edition Service Pack 1 (Build 3790)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目

注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(E:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() [N/A]
(run)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(nod32kui)("E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE) [Eset ]
(THGuard)("E:\Program Files\TrojanHunter\THGuard.exe") [Mischel Internet Security]
(IMSCMig)(E:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Corporation]
(Userinit)(E:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(%SystemRoot%\system32\logonui.exe) [(Verified)Microsoft Corporation]

--------------------------------------------------------------------------------

启动文件夹

[绿鹰PC万能精灵]
(E:\Documents and Settings\All Users\「开始」菜单\程序\启动\绿鹰PC万能精灵.lnk --) E:\PROGRA~1\绿鹰PC~1\system.exe [绿鹰网络])(N)

--------------------------------------------------------------------------------

服务

[Human Interface Device Access / HidServ]
(E:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)
[NOD32 Kernel Service / NOD32krn]
("E:\Program Files\Eset\nod32krn.exe")(Eset)

--------------------------------------------------------------------------------

驱动程序

[Service for WDM 3D Audio Driver / ALCXSENS]
(system32\drivers\ALCXSENS.SYS)(Sensaura)
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
(system32\drivers\ALCXWDM.SYS)(Realtek Semiconductor Corp.)
[AMON / AMON]
(\??\E:\WINDOWS\system32\drivers\amon.sys)(Eset)
[ialm / ialm]
(system32\DRIVERS\ialmnt5.sys)(Intel Corporation)
[IP in IP Tunnel Driver / IpInIp]
(system32\DRIVERS\ipinip.sys)(N/A)
[npkcrypt / npkcrypt]
(\??\D:\Program Files\QQ\npkcrypt.sys)(INCA Internet Co., Ltd.)
[Direct Parallel Link Driver / Ptilink]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
(system32\DRIVERS\RTL8139.SYS)(Realtek Semiconductor Corporation)
[Secdrv / Secdrv]
(system32\DRIVERS\secdrv.sys)(Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

--------------------------------------------------------------------------------

浏览器加载项

[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} (E:\Program Files\Thunder5.2.0.207\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD)
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} (E:\Program Files\FLASHGET1.81\SubDirectory\jccatch.dll, N/A)
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} (E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation)
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} (E:\Program Files\FLASHGET1.81\SubDirectory\FLASHGET.EXE, N/A)
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} (E:\WINDOWS\system32\wuweb.dll, Microsoft Corporation)
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} (E:\WINDOWS\system32\wuweb.dll, Microsoft Corporation)
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} (E:\WINDOWS\system32\msxml3.dll, Microsoft Corporation)
[使用BitComet下载全部链接]
(res://E:\Program Files\BitComet\BitCometBeta.exe/AddAllLink.htm, N/A)
[使用BitComet下载链接(&B)]
(res://E:\Program Files\BitComet\BitCometBeta.exe/AddLink.htm, N/A)
[使用网际快车下载]
(E:\Program Files\FLASHGET1.81\SubDirectory\jc_link.htm, N/A)
[使用网际快车下载全部链接]
(E:\Program Files\FLASHGET1.81\SubDirectory\jc_all.htm, N/A)
[使用迅雷下载]
(E:\Program Files\Thunder5.2.0.207\Program\GetUrl.htm, N/A)
[使用迅雷下载全部链接]
(E:\Program Files\Thunder5.2.0.207\Program\GetAllUrl.htm, N/A)
[导出到 Microsoft Office Excel(&X)]
(res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A)

--------------------------------------------------------------------------------

正在运行的进程

[PID: 312][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 360][\??\E:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 384][\??\E:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[PID: 428][E:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 440][E:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 616][E:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 676][E:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 716][E:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 752][E:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 800][E:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 944][E:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 968][E:\WINDOWS\system32\msdtc.exe] [Microsoft Corporation, 2001.12.4720.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1124][E:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1164][E:\Program Files\Eset\nod32krn.exe] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\nod32krr.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\ps_amon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_amon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\ps_dmon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_dmon.dll] [N/A, N/A]
[E:\Program Files\Eset\ps_emon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_emon.dll] [N/A, N/A]
[E:\WINDOWS\system32\imon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_imon.dll] [N/A, N/A]
[E:\Program Files\Eset\ps_mirr.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_mirr.dll] [N/A, N/A]
[E:\Program Files\Eset\ps_nod32.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\ps_upd.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_upd.dll] [N/A, N/A]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[PID: 1216][E:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1500][E:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447)]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[E:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[E:\PROGRA~1\TROJAN~1\contmenu.dll] [N/A, N/A]
[E:\Program Files\Eset\nodshex.dll] [N/A, N/A]
[E:\Program Files\ACDSee\picaview.dll] [ACD Systems, Ltd., 2, 0, 0, 78]
[E:\WINDOWS\system32\ldf252.dll] [N/A, N/A]
[E:\WINDOWS\system32\lwf214p.dll] [LuraTech GmbH, 2, 0, 11, 14]
[E:\Program Files\ACDSee\PlugIns\IDE_ACDStd.apl] [ACD Systems, Ltd., 3,0,31,0]
[PID: 1736][E:\Program Files\Eset\nod32kui.exe] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\nod32rui.dll] [N/A, N/A]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[E:\Program Files\Eset\pu_amon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_amon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pu_dmon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_dmon.dll] [N/A, N/A]
[E:\Program Files\Eset\pu_emon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_emon.dll] [N/A, N/A]
[E:\Program Files\Eset\pu_imon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_imon.dll] [N/A, N/A]
[E:\Program Files\Eset\pu_mirr.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_mirr.dll] [N/A, N/A]
[E:\Program Files\Eset\pu_nod32.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pu_upd.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_upd.dll] [N/A, N/A]
[PID: 1764][E:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1776][E:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[PID: 1804][E:\Program Files\绿鹰PC万能精灵\system.exe] [绿鹰网络, ]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[PID: 216][E:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[PID: 1480][E:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1644][E:\Program Files\TrojanHunter\THGuard.exe] [Mischel Internet Security, 4.5.0.275]
[E:\Program Files\TrojanHunter\unrar.dll] [N/A, N/A]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[E:\Program Files\TrojanHunter\UNZDLL.DLL] [, 1.7.0.4]
[PID: 1980][D:\Program Files\QQ\QQ.exe] [TENCENT, 0, 0, 0, 0]
[D:\Program Files\QQ\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\QQHelperDll.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\BasicCtrlDll.dll] [Tencent, 5, 0, 200, 14]
[D:\Program Files\QQ\RunJin.dll] [飘云 http://www.pyqq.cn, 飘云]
[D:\Program Files\QQ\ipsearcher.dll] [, 1.0.0.3]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[D:\Program Files\QQ\QQAPI.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[D:\Program Files\QQ\LoginCtrl.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\npkcntc.dll] [INCA Internet Co., Ltd., 2005, 9, 1, 1]
[D:\Program Files\QQ\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]
[D:\Program Files\QQ\QQRes.dll] [tencent, 1, 0, 0, 1]
[D:\Program Files\QQ\QQMainFrame.dll] [N/A, N/A]
[D:\Program Files\QQ\CQQApplication.dll] [N/A, N/A]
[D:\Program Files\QQ\NewSkin.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\HostingMgr.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\CameraDll.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\MailSummary.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\QQSpace.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\QQAllInOne.dll] [N/A, N/A]
[D:\Program Files\QQ\SCCore.dll] [N/A, N/A]
[E:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[D:\Program Files\QQ\QQGroupMng.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\QQSysMsgMng.dll] [N/A, N/A]
[D:\Program Files\QQ\QQConfigPlugin.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\UserDefinedHead.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\QRingMng.dll] [N/A, N/A]
[D:\Program Files\QQ\LongConnection.dll] [tencent, 0, 3, 3, 8]
[D:\Program Files\QQ\QQAvatar.dll] [N/A, N/A]
[D:\Program Files\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[D:\Program Files\QQ\QQPet.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\QQPlugin.dll] [N/A, N/A]
[D:\Program Files\QQ\CommercesMng.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[D:\Program Files\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 141]
[D:\Program Files\QQ\QQCustomFace.dll] [N/A, N/A]
[D:\Program Files\QQ\QQSceneMng.dll] [N/A, N/A]
[D:\Program Files\QQ\GroupConnection.dll] [Tencent, 0, 3, 3, 5]
[D:\Program Files\QQ\QQPhoneHelper.dll] [腾讯科技（深圳）有限公司, 2, 0, 6, 60]
[D:\Program Files\QQ\ImageOle.dll] [TODO: (Company name), 1.0.0.1]
[D:\Program Files\QQ\QQZip.dll] [tencent, 0, 3, 2, 4]
[D:\Program Files\QQ\QQFileTransfer.dll] [Tencent, 0, 3, 3, 5]
[D:\Program Files\QQ\QQMagicFace.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\QQMsgFriendMng.dll] [N/A, N/A]
[PID: 1396][D:\Program Files\QQ\QQ.exe] [TENCENT, 0, 0, 0, 0]
[D:\Program Files\QQ\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\QQHelperDll.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\BasicCtrlDll.dll] [Tencent, 5, 0, 200, 14]
[D:\Program Files\QQ\RunJin.dll] [飘云 http://www.pyqq.cn, 飘云]
[D:\Program Files\QQ\ipsearcher.dll] [, 1.0.0.3]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[D:\Program Files\QQ\QQAPI.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[D:\Program Files\QQ\LoginCtrl.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\npkcntc.dll] [INCA Internet Co., Ltd., 2005, 9, 1, 1]
[D:\Program Files\QQ\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]
[D:\Program Files\QQ\QQRes.dll] [tencent, 1, 0, 0, 1]
[D:\Program Files\QQ\QQMainFrame.dll] [N/A, N/A]
[D:\Program Files\QQ\CQQApplication.dll] [N/A, N/A]
[D:\Program Files\QQ\NewSkin.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\HostingMgr.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\CameraDll.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\MailSummary.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\QQSpace.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\QQAllInOne.dll] [N/A, N/A]
[D:\Program Files\QQ\SCCore.dll] [N/A, N/A]
[E:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[D:\Program Files\QQ\QQGroupMng.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\QQSysMsgMng.dll] [N/A, N/A]
[D:\Program Files\QQ\QQConfigPlugin.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\UserDefinedHead.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\QRingMng.dll] [N/A, N/A]
[D:\Program Files\QQ\QQAvatar.dll] [N/A, N/A]
[D:\Program Files\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[D:\Program Files\QQ\LongConnection.dll] [tencent, 0, 3, 3, 8]
[D:\Program Files\QQ\QQPet.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\QQPlugin.dll] [N/A, N/A]
[D:\Program Files\QQ\CommercesMng.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[D:\Program Files\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 141]
[D:\Program Files\QQ\QQSceneMng.dll] [N/A, N/A]
[D:\Program Files\QQ\QQCustomFace.dll] [N/A, N/A]
[D:\Program Files\QQ\ImageOle.dll] [TODO: (Company name), 1.0.0.1]
[D:\Program Files\QQ\QQFileTransfer.dll] [Tencent, 0, 3, 3, 5]
[D:\Program Files\QQ\GroupConnection.dll] [Tencent, 0, 3, 3, 5]
[D:\Program Files\QQ\QQZip.dll] [tencent, 0, 3, 2, 4]
[D:\Program Files\QQ\QQMagicFace.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\VqqModule.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ\inplus.dll] [Tencent, 1.5.0.0]
[PID: 1132][C:\Program Files\MwIE2007\MwIE.exe] [, 6, 0, 0, 0]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[PID: 1232][D:\1238\1\杀毒\SREng2-v2.2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]

--------------------------------------------------------------------------------

文件关联

.TXT Error. [Notepad.exe %1]
.EXE Error. [%1 %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["E:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

--------------------------------------------------------------------------------

Winsock 提供者

N/A

--------------------------------------------------------------------------------

Autorun.inf

N/A

--------------------------------------------------------------------------------

HOSTS 文件

127.0.0.1 localhost

--------------------------------------------------------------------------------

作者: 464ymy 时间: 2006-10-27 12:32
XP下 svchost是6个

作者: 51077788 时间: 2006-10-27 12:47
可以通过修改注册表来恢复EXE文件。因为EXE文件都无法打开，所以只有先将Windows目录下的注册表编辑器“Regedit.exe”改为“Regedit.com”，然后运行它，依次找到HKEY_CLASSES_ROOT\exefile\shell\open\command，双击“默认”字符串，将其数值改为“"%1" %*”就可以了。另外也可以在DOS下运行“ftype exefile=%1 %*”或“assoc .exe=exefile”命令也可以恢复EXE文件的关联。

作者: yd5577117 时间: 2006-10-27 12:48
看了一下，没发现什么异常。

作者: zsd521369 时间: 2006-10-27 12:53
TXT 文件修复发放

[ 本帖最后由 leo8888 于 2006-10-27 12:58 编辑 ]

作者: shiwang 时间: 2006-10-27 12:56
怎么是没内容?

[ 本帖最后由 leo8888 于 2006-10-27 13:01 编辑 ]

作者: wx68483476 时间: 2006-10-27 13:02
非必要进程都关了再修改啊，你开那么多，谁知道藏哪里了

作者: huantao2008 时间: 2006-10-27 14:28
9、11楼天马流星拳所说方法原已用过无效，其实现在同样可以打开注册表编辑器。

现把除不能关掉的杀毒软件外（NOD32、trojanHunter）都关了，重新扫描，结果如下：

2006-10-27,14:23:37

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Enterprise Edition Service Pack 1 (Build 3790)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目

注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(E:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() [N/A]
(run)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(nod32kui)("E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE) [Eset ]
(THGuard)("E:\Program Files\TrojanHunter\THGuard.exe") [Mischel Internet Security]
(IMSCMig)(E:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Corporation]
(Userinit)(E:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(%SystemRoot%\system32\logonui.exe) [(Verified)Microsoft Corporation]

--------------------------------------------------------------------------------

启动文件夹

[绿鹰PC万能精灵]
(E:\Documents and Settings\All Users\「开始」菜单\程序\启动\绿鹰PC万能精灵.lnk --) E:\PROGRA~1\绿鹰PC~1\system.exe [绿鹰网络])(N)

--------------------------------------------------------------------------------

服务

[Human Interface Device Access / HidServ]
(E:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)
[NOD32 Kernel Service / NOD32krn]
("E:\Program Files\Eset\nod32krn.exe")(Eset)

--------------------------------------------------------------------------------

驱动程序

[Service for WDM 3D Audio Driver / ALCXSENS]
(system32\drivers\ALCXSENS.SYS)(Sensaura)
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
(system32\drivers\ALCXWDM.SYS)(Realtek Semiconductor Corp.)
[AMON / AMON]
(\??\E:\WINDOWS\system32\drivers\amon.sys)(Eset)
[ialm / ialm]
(system32\DRIVERS\ialmnt5.sys)(Intel Corporation)
[IP in IP Tunnel Driver / IpInIp]
(system32\DRIVERS\ipinip.sys)(N/A)
[npkcrypt / npkcrypt]
(\??\D:\Program Files\QQ\npkcrypt.sys)(INCA Internet Co., Ltd.)
[Direct Parallel Link Driver / Ptilink]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
(system32\DRIVERS\RTL8139.SYS)(Realtek Semiconductor Corporation)
[Secdrv / Secdrv]
(system32\DRIVERS\secdrv.sys)(Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

--------------------------------------------------------------------------------

浏览器加载项

[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} (E:\Program Files\Thunder5.2.0.207\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD)
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} (E:\Program Files\FLASHGET1.81\SubDirectory\jccatch.dll, N/A)
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} (E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation)
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} (E:\Program Files\FLASHGET1.81\SubDirectory\FLASHGET.EXE, N/A)
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} (E:\WINDOWS\system32\wuweb.dll, Microsoft Corporation)
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} (E:\WINDOWS\system32\wuweb.dll, Microsoft Corporation)
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} (E:\WINDOWS\system32\msxml3.dll, Microsoft Corporation)
[使用BitComet下载全部链接]
(res://E:\Program Files\BitComet\BitCometBeta.exe/AddAllLink.htm, N/A)
[使用BitComet下载链接(&B)]
(res://E:\Program Files\BitComet\BitCometBeta.exe/AddLink.htm, N/A)
[使用网际快车下载]
(E:\Program Files\FLASHGET1.81\SubDirectory\jc_link.htm, N/A)
[使用网际快车下载全部链接]
(E:\Program Files\FLASHGET1.81\SubDirectory\jc_all.htm, N/A)
[使用迅雷下载]
(E:\Program Files\Thunder5.2.0.207\Program\GetUrl.htm, N/A)
[使用迅雷下载全部链接]
(E:\Program Files\Thunder5.2.0.207\Program\GetAllUrl.htm, N/A)
[导出到 Microsoft Office Excel(&X)]
(res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A)

--------------------------------------------------------------------------------

正在运行的进程

[PID: 312][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 360][\??\E:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 384][\??\E:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[PID: 428][E:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 440][E:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 616][E:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 676][E:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 716][E:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 752][E:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 800][E:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 944][E:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 968][E:\WINDOWS\system32\msdtc.exe] [Microsoft Corporation, 2001.12.4720.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1124][E:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1164][E:\Program Files\Eset\nod32krn.exe] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\nod32krr.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\ps_amon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_amon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\ps_dmon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_dmon.dll] [N/A, N/A]
[E:\Program Files\Eset\ps_emon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_emon.dll] [N/A, N/A]
[E:\WINDOWS\system32\imon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_imon.dll] [N/A, N/A]
[E:\Program Files\Eset\ps_mirr.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_mirr.dll] [N/A, N/A]
[E:\Program Files\Eset\ps_nod32.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\ps_upd.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_upd.dll] [N/A, N/A]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[PID: 1216][E:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1500][E:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447)]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[E:\WINDOWS\system32\ldf252.dll] [N/A, N/A]
[E:\WINDOWS\system32\lwf214p.dll] [LuraTech GmbH, 2, 0, 11, 14]
[PID: 1736][E:\Program Files\Eset\nod32kui.exe] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\nod32rui.dll] [N/A, N/A]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[E:\Program Files\Eset\pu_amon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_amon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pu_dmon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_dmon.dll] [N/A, N/A]
[E:\Program Files\Eset\pu_emon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_emon.dll] [N/A, N/A]
[E:\Program Files\Eset\pu_imon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_imon.dll] [N/A, N/A]
[E:\Program Files\Eset\pu_mirr.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_mirr.dll] [N/A, N/A]
[E:\Program Files\Eset\pu_nod32.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pu_upd.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_upd.dll] [N/A, N/A]
[PID: 1764][E:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1776][E:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[PID: 216][E:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[PID: 1480][E:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1644][E:\Program Files\TrojanHunter\THGuard.exe] [Mischel Internet Security, 4.5.0.275]
[E:\Program Files\TrojanHunter\unrar.dll] [N/A, N/A]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[E:\Program Files\TrojanHunter\UNZDLL.DLL] [, 1.7.0.4]
[PID: 1812][D:\1238\1\杀毒\SREng2-v2.2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]

--------------------------------------------------------------------------------

文件关联

.TXT Error. [Notepad.exe %1]
.EXE Error. [%1 %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["E:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

--------------------------------------------------------------------------------

Winsock 提供者

N/A

--------------------------------------------------------------------------------

Autorun.inf

N/A

--------------------------------------------------------------------------------

HOSTS 文件

127.0.0.1 localhost

--------------------------------------------------------------------------------

作者: su9n 时间: 2006-10-30 07:38
老样子。在重装前GHOST回去却启动不了，只好重装系统，装后就是这样了

作者: nebulehunter 时间: 2006-10-30 10:47
你的系统是装在E盘吗?我想问一下那FREEWB.IME,是个什么东西~1

作者: mendieta 时间: 2006-10-30 14:28
FREEWB应该是极点五笔输入法

欢迎光临热点科技 (https://www.itheat.com/activity/)