我的xp系统开机时间是XP啊,为什么开机之后有2个iexplore.exe运行?

点击联系发帖人 时间:2014-11-05 11:25
xp系统取消开机密码
电脑开机后XP系统常见的进程列表
本帖回复0次,查看422次
听众数精华0最后登录主题帖子鲜花0 臭蛋0 贡献0 在线时间2 小时注册时间
尚未落伍(少量栏能回帖), 积分 -20, 距离下一级还需 10 积分
帖子鲜花0 贡献0 注册时间
&&&&&&&&&&&&&&&&&&&&&&&&&&&&
相信各位在开机之前经常会发现一些Windows XP系统 常见进程列表问题,而这些问题该怎么解决?下面我们将一一为你解答!
& & (1) notepad.exe
& & 是windows自带的记事本程序。是windows默认用来打开和编辑文本文件的程序。
& & (2)realplay.exe
& &&&是Real Networks公司相关程序,Real Player用于播放视频文件,例如MPEG和AVI。
& & (3)services.exe
& & 是微软windows操作系统的一部分。用于管理启动和停止服务。该进程也会处理在计算机启动和关机时运行的服务。这个程序对你系统的正常运行是非常重要的。& &
& & 注意:services也可能是w32.randex.r(储存在%systemroot%\system32\目录)和sober.p (储存在%systemroot%\connection wizard\status\目录)木马。该木马允许攻击者访问你的计算机,窃取密码和个人数据。该进程的安全等级是建议立即删除.
& & (4)smss.exe
& & 是微软windows操作系统的一部分。该进程调用对话管理子系统和负责操作你系统的对话。这个程序对你系统的正常运行是非常重要的。
& & 注意:smss.exe也可能是win32.ladex.a木马。该木马允许攻击者访问你的计算机,窃取密码和个人数据。请注意此进程所在的文件夹,正常的进程应该是在windows的system32和servicepackfiles\i386下面.
& & (5)spoolsv.exe
& & 用于将windows打印机任务发送给本地打印机。
& & 注意:spoolsv.exe也有可能是backdoor.ciadoor.b木马。该木马允许攻击者访问你的计算机,窃取密码和个人数据。请注意此进程所在的文件夹,正常的进程应该是在windows的system32和servicepackfiles\i386下面。如果出现在spoolsv目录下,则可能一些ie插件的文件,建议使用反间谍进行扫描。
& & (6)StarWindService.exe
& & 是Alcohol 120%光盘刻录软件相关程序.如果想要禁用此进程:只要在alcohol120%的选项中,去掉自动检查当前版本状态项,然后“开始”-“运行”-services.msc,在系统服务中将名为StarWind iSCSI Service的进程设为“禁用”,重启后就不会看到这个进程.
& & (7)svchost.exe(6个)
& & 是一个属于微软windows操作系统的系统程序,用于执行dll文件。这个程序对你系统的正常运行是非常重要的。
& & 注意:svchost.exe也有可能是w32.welchia.worm病毒,它利用windowslsass漏洞,制造缓冲区溢出,导致你计算机关机。请注意此进程的名字,还有一个病毒是svch0st.exe,名字中间的是数字0,而不是英文字母o。请注意此进程所在的文件夹,正常的进程应该是在windows的system32和servicepackfiles\i386下面.
& & (8)system
& &&&是windows页面内存管理进程,拥有0级优先。
& & (9)system Idle process
& & 它更多用于是显示剩余的cpu资源情况。无法删除该进程。
& & (10)taskmgr.exe
& & 用于windows任务管理器。它显示你系统中正在运行的进程。该程序使用ctrl+alt+del打开,这不是纯粹的系统程序,但是如果终止它,可能会导致不可知的问题。
& & (11)360tray.exe
& & 360安全卫士应用程序实时保护模块.
& & (12)alg.exe
& & 是微软windows操作系统自带的程序。它用于处理微软windows网络连接共享和网络连接防火墙。这个程序对你系统的正常运行是非常重要的。
(13)avgas.exe
& & 是 AVG 7.5(德国)查杀木马软件的相关程序。
& & (14)avp.exe(2个)
& &是卡巴斯基杀毒软件的相关程序。
& &但如果没有安装该软件,则可能是病毒的文件,它本身是一个压缩文件,如果打开压缩文件,就会变成136kb的文件。
& & (15)ca.exe
& &是etrustezfirewall防火墙的一部分,用于保护你的计算机免受网络攻击。此进程对电脑的正常运行及安全起着重要作用,不能终止。
& & (16)csrss.exe
& &是微软客户端/服务端运行时子系统。该进程管理windows图形相关任务。这个程序对你系统的正常运行是非常重要的。
& & 注意:csrss.exe也有可能是w32.netsky.ab@mm、w32.webus木马、win32.ladex.a等病毒创建的。该病毒通过email邮件进行传播,当你打开附件时,即被感染。该蠕虫会在受害者机器上建立smtp服务,用以自身传播。该病毒允许攻击者访问你的计算机,窃取木马和个人数据。请注意此进程所在的文件夹,正常的进程应该是在windows的system32和servicepackfiles\i386下面.
& & (17)ULCDRSvr.exe
& & 是uleaddvdworkshop相关产品的一部分。该程序用于烧录dvd和cd媒体。这不是纯粹的系统程序,但是如果终止它,可能会导致不可知的问题。
& & (18)vsmon.exe
& & 是ZoneAlarm个人防火墙的一部分。它用于监视网络浏览和对网络攻击进行警报。
& & (19)winlogon.exe
& & 是windows域登陆管理器。它用于处理你登陆和退出系统过程。该进程在你系统的作用是非常重要的。
& & (20)ctfmon.exe
& & 是microsoft office产品套装的一部分。它可以选择用户文字输入程序,和微软office xp语言条。这不是纯粹的系统程序,但是如果终止它,可能会导致不可知的问题。
& & (21)explorer.exe
& & 是windows程序管理器或者windows资源管理器,它用于管理windows图形壳,包括开始菜单、任务栏、桌面和文件管理。删除该程序会导致windows图形界面无法适用。
& & 注意:explorer.exe也有可能是w32.codered和w32.mydoom.b@mm病毒。该病毒通过email邮件传播,当你打开附件时,就会被感染。该蠕虫会在受害者机器上建立smtp服务,用于更大范围的传播。该蠕虫允许攻击者访问你的计算机,窃取密码和个人数据。请注意此进程所在的文件夹,正常的进程应该是在windows和servicepackfiles\i386下面。
& & (22)guard.exe
& & 是 AVG 7.5(德国)查杀木马软件启动的监控进程。
& & (23)iexplore.exe
& & 是microsoft internet explorer的主程序。这个微软windows应用程序让你在网上冲浪,和访问本地interanet网络。这不是纯粹的系统程序,但是如果终止它,可能会导致不可知的问题,
iexplore.exe同时也是avant网络浏览器的一部分,这是一个免费的基于internet explorer的浏览器。
& & 注意:iexplore.exe也有可能是木马.killav.b病毒,该病毒会终止你的反病毒软件,和一些windows系统工具。正常的进程应该是在\programfiles\internetexplorer和system32\dllcache下面.
& & (24)lsass.exe
& & 是一个关于微软安全机制的系统进程,主要处理一些特殊的安全机制和登录策略。
& & 以上这些是不是我们经常看到过的一些报毒软件的代码呢,现在尽管是魔高一尺但是有了这些的经验,我相信对于你们的帮助肯定是道高一丈了!
参考资料:/course/143.html
资料来源:/
论坛事务客服(8:30-17:00):
&&&&商务广告客服(8:30-21:00,限广告合作):
落伍者创建于,本站内容均为会员发表,并不代表落伍立场!
拒绝任何人以任何形式在本论坛发表与中华人民共和国法律相抵触的言论!
落伍官方微信:2030286 邮箱:(|)
浙ICP备号 BBS专项电子公告通信管[号
  落伍法律顾问:
Powered by开机显示2个iexplore.exe进程
瑞星卡卡安全论坛
17:02:00开机显示2个iexplore.exe进程,用户名都是system,然后经常断网,手动关上2个进程后又能正常上网。请问怎么解决?
zgr稳得起 -
17:11:00扫描日志看看
17:13:00扫描后没发现什么。。。
叶·幽思 -
17:23:00引用:【houdan的贴子】扫描后没发现什么。。。………………扫SREng日志最新版的:
17:29:00用SREng扫描日志了,不太懂怎么看有没有问题。。
叶·幽思 -
17:30:00引用:【houdan的贴子】用SREng扫描日志了,不太懂怎么看有没有问题。。………………你扫上来我看
17:32:00启动项目注册表[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]& & &ctfmon.exe&&C:\WINDOWS\system32\ctfmon.exe&& [(Verified)Microsoft Corporation]& & &KuGoo3&&; "C:\PROGRA~1\KuGoo3\KuGoo.exe"&& []& & &MsnMsgr&&; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background&& [Microsoft Corporation]& & &MSMSGS&&; "C:\Program Files\Messenger\msmsgs.exe" /background&& [(Verified)Microsoft Corporation][HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]& & &load&&&& [N/A]& & &run&&&& [N/A][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]& & &IMJPMIG8.1&&; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32&& [(Verified)Microsoft Corporation]& & &PHIME2002ASync&&; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC&& [(Verified)Microsoft Corporation]& & &PHIME2002A&&; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName&& [(Verified)Microsoft Corporation]& & &NvCplDaemon&&RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup&& [(Verified)NVIDIA Corporation]& & &nwiz&&; nwiz.exe /install&& [N/A]& & &SoundMan&&SOUNDMAN.EXE&& [(Verified)Realtek Semiconductor Corp.]& & &NVRaidService&&; C:\WINDOWS\system32\nvraidservice.exe&& [NVIDIA Corporation]& & &RavTask&&"C:\Program Files\Rising\Rav\RavTask.exe" -system&& [Beijing Rising Technology Co., Ltd.]& & &Super Rabbit SRRestore&&C:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave&& [Super Rabbit Soft]& & &KernelFaultCheck&&; %systemroot%\system32\dumprep 0 -k&& [N/A]& & &KuGoo3&&; C:\PROGRA~1\KuGoo3\KuGoo.exe&& []& & &YOKAssiant&&; Rundll32.exe C:\PROGRA~\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant&& [N/A]& & &QuickTime Task&&; "C:\WINDOWS\system32\qttask.exe" -atboottime&& [Apple Computer, Inc.]& & &NvMediaCenter&&; RunDLL32.exe NvMCTray.dll,NvTaskbarInit&& [(Verified)NVIDIA Corporation][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]& & &CheckFaultKernel&&C:\WINDOWS\system32\mswdm.exe&& [N/A][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]& & &shell&&Explorer.exe&& [Microsoft Corporation]& & &Userinit&&C:\WINDOWS\system32\userinit.exe,&& [(Verified)Microsoft Corporation][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]& & &AppInit_DLLs&&&& [N/A][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]& & &UIHost&&logonui.exe&& [Microsoft Corporation][HKEY_CURRENT_USER\Control Panel\Desktop]& & &SCRNSAVE.EXE&&C:\WINDOWS\system32\Flurry.scr&& [Matt Ginzton]==================================启动文件夹N/A==================================服务[Human Interface Device Access / HidServ]& &C:\WINDOWS\System32\svchost.exe -k netsvcs--&%SystemRoot%\System32\hidserv.dll&&N/A&[Network System Info / NetSys]& &C:\WINDOWS\system32\NetSys.exe&&Microsoft Corporation&[Network System / NetSystem]& &C:\WINDOWS\system32\NetSystem.exe&&Microsoft Corporation&[NVIDIA Display Driver Service / NVSvc]& &C:\WINDOWS\system32\nvsvc32.exe&&NVIDIA Corporation&[P4P Service / P4P Service]& &C:\Program Files\Common Files\Sogou PXP\p2psvr.exe&& Inc.&[PDEngine / PDEngine]& &"C:\Program Files\Raxco\PerfectDisk\PDEngine.exe"&&Raxco Software, Inc.&[PDScheduler / PDSched]& &"C:\Program Files\Raxco\PerfectDisk\PDSched.exe"&&Raxco Software, Inc.&[Rising Process Communication Center / RsCCenter]& &"C:\Program Files\Rising\Rav\CCenter.exe"&&Beijing Rising Technology Co., Ltd.&[RsRavMon Service / RsRavMon]& &"C:\Program Files\Rising\Rav\Ravmond.exe"&&Beijing Rising Technology Co., Ltd.&==================================驱动程序[Service for Realtek AC97 Audio (WDM) / ALCXWDM]& &system32\drivers\ALCXWDM.SYS&&Realtek Semiconductor Corp.&[BaseTDI / BaseTDI]& &\??\C:\WINDOWS\system32\drivers\basetdi.sys&&Beijing Rising Technology Co., Ltd.&[Defrag32 / Defrag32]& &C:\WINDOWS\SYSTEM32\DRIVERS\Defrag32.SYS&&Raxco Software, Inc.&[Defrag32Boot / Defrag32b]& &C:\WINDOWS\SYSTEM32\DRIVERS\Defrag32b.SYS&&Raxco Software, Inc.&[dtscsi / dtscsi]& &\SystemRoot\System32\Drivers\dtscsi.sys&&N/A&[ExpScaner / ExpScaner]& &\??\C:\Program Files\Rising\Rav\ExpScan.sys&&&[HookCont / HookCont]& &\??\C:\Program Files\Rising\Rav\HOOKCONT.sys&&Rising tech Co. ltd&[HookReg / HookReg]& &\??\C:\Program Files\Rising\Rav\HookReg.sys&&&[HookSys / HookSys]& &\??\C:\Program Files\Rising\Rav\HookSys.sys&&Rising&[MEMSCAN / MEMSCAN]& &\??\C:\Program Files\Rising\Rav\MEMSCAN.sys&&瑞星软件有限公司&[npkcrypt / npkcrypt]& &\??\C:\Program Files\Tencent\qq\npkcrypt.sys&&N/A&[nv / nv]& &system32\DRIVERS\nv4_mini.sys&&NVIDIA Corporation&[nvatabus / nvatabus]& &\SystemRoot\system32\DRIVERS\nvatabus.sys&&NVIDIA Corporation&[NVIDIA nForce Networking Controller Driver / NVENETFD]& &system32\DRIVERS\NVENETFD.sys&&NVIDIA Corporation&[NVIDIA Network Bus Enumerator / nvnetbus]& &system32\DRIVERS\nvnetbus.sys&&NVIDIA Corporation&[NVIDIA nForce(tm) RAID Class Driver / nvraid]& &\SystemRoot\system32\DRIVERS\nvraid.sys&&NVIDIA Corporation&[Direct Parallel Link Driver / Ptilink]& &system32\DRIVERS\ptilink.sys&&Parallel Technologies, Inc.&[RivaTuner32 / RivaTuner32]& &\??\C:\Program Files\RivaTuner v2.0 RC 15.6\RivaTuner32.sys&&N/A&[Secdrv / Secdrv]& &system32\DRIVERS\secdrv.sys&&N/A&[sptd / sptd]& &\SystemRoot\System32\Drivers\sptd.sys&&N/A&
17:33:00浏览器加载项[Google Toolbar Helper]& {AA58ED58-01DD-4d91-8333-CF} &c:\program files\google\googletoolbar3.dll, Google Inc.&[QQIEFloatBarCfgCmd Class]& {DEDEB80D-FA35-45d9-A8AFE6} &C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司&[BitCometBar]& {3F1ABCDB-A875-46c1-7E486} &C:\Program Files\BitComet\BitCometBar\BitCometBar0.2.dll, N/A&[超级兔子上网精灵]& {FEDF637B-F631-CC828D42DB} &C:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~1.DLL, 超级兔子&[珊瑚虫工具栏]& {F869BB38-FFEF-0B7AD0ADA2} &C:\PROGRA~\SUPERS~1\YOK_SuperSearch.dll, N/A&[&Google]& {--9B18-CD4F} &c:\program files\google\googletoolbar3.dll, Google Inc.&[Edit Class]& {0CA54D3F-CEAE-48AF-9A2B-3D} &C:\WINDOWS\system32\CMBEdit.dll, &[Minesweeper Flags Class]& {2917297F-F02B-4B9D-81DF-494B6333150B} &C:\WINDOWS\Downloaded Program Files\minesweeper.dll, Microsoft Corporation&[MessengerStatsClient Class]& {8E0D4DE5--A327-4DFAD1796A8D} &C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll, Microsoft Corporation&[Shockwave Flash Object]& {D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.&[Solitaire Showdown Class]& {F6BF0D00-0B2A-4A75-BF7B-FAF} &C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll, Microsoft Corporation&[ThunderIEHelper Class]& {0005A87D-D626-4B3A-84F9-1D} &C:\WINDOWS\system32\xunleibho_v5.dll, &[Google Script Object]& {00EF-47C0-BD25-CF2D5D657FEB} &c:\program files\google\googletoolbar3.dll, Google Inc.&[Edit Class]& {0CA54D3F-CEAE-48AF-9A2B-3D} &C:\WINDOWS\system32\CMBEdit.dll, &[Windows Media Player]& {22D6F312-B0F6-11D0-94AB-E95} &C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation&[&Google]& {--9B18-CD4F} &c:\program files\google\googletoolbar3.dll, Google Inc.&[HTML Document]& {F9-11CF-8FD0-00AA00686F13} &%SystemRoot%\system32\mshtml.dll, N/A&[DHTML Edit Control Safe for Scripting for IE5]& {2D360201-FFF5-11D1-8D03-00A0C959BC0A} &C:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation&[RealPlayer RAM Download Handler]& {2F542A2E-EDC9-4BF7-8CB1-87C} &C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.&[Tabular Data Control]& {333C7BC4-460F-11D0-BC04-} &C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation&[BitCometBar]& {3F1ABCDB-A875-46C1-7E486} &C:\Program Files\BitComet\BitCometBar\BitCometBar0.2.dll, N/A&[HHCtrl Object]& {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} &C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation&[XML Document]& {4D9-11D1-A6B3-00C04FD91555} &%SystemRoot%\system32\msxml3.dll, N/A&[QQBrowserHelperObject Class]& {54EBD53A-9BC1-480B-966A-843A333CA162} &C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司&[Shell Name Space]& {DE-11D1-B9F2-00A0C98BC547} &%SystemRoot%\system32\shdocvw.dll, N/A&[Windows Media Player]& {6BF52A52-394A-11D3-B153-00C04F79FAA6} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&[珊瑚虫工具栏]& {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} &C:\PROGRA~\SUPERS~1\YOK_SuperSearch.dll, N/A&[Microsoft Web 浏览器]& {A-11D0-A96B-00C04FD705A2} &C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation&[]& {ACF0-42A0-A10D-4F} &C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A&[Google Toolbar Helper]& {AA58ED58-01DD-4D91-8333-CF} &c:\program files\google\googletoolbar3.dll, Google Inc.&[Microsoft Scriptlet Component]& {AE24FDAE-03C6-11D1-8B76-} &C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation&[SearchAssistantOC]& {B45FF030--85DE-00C04FA35C89} &%SystemRoot%\system32\shdocvw.dll, N/A&[RDS.DataSpace]& {BD96C556-65A3-11D0-983A-00C04FC29E36} &C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation&[AUDIO__MP3 Moniker Class]& {CD3AFA76-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&[AUDIO__WAV Moniker Class]& {CD3AFA7B-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&[AUDIO__X_MS_WMA Moniker Class]& {CD3AFA84-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&[VIDEO__X_MS_ASF Moniker Class]& {CD3AFA8F-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&[VIDEO__X_MS_WMV Moniker Class]& {CD3AFA94-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&[RealPlayer G2 Control]& {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} &C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.&[Shockwave Flash Object]& {D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.&[珊瑚虫工具栏]& {F869BB38-FFEF-0B7AD0ADA2} &C:\PROGRA~\SUPERS~1\YOK_SuperSearch.dll, N/A&[超级兔子上网精灵]& {FEDF637B-F631-CC828D42DB} &C:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~1.DLL, 超级兔子&[&使用迅雷下载]& &C:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm, N/A&[&使用迅雷下载全部链接]& &C:\Program Files\Sandai Technologies Inc\Thunder\getAllurl.htm, N/A&[上传到QQ网络硬盘]& &C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A&[添加到QQ自定义面板]& &C:\Program Files\Tencent\qq\AddPanel.htm, N/A&[添加到QQ表情]& &C:\Program Files\Tencent\qq\AddEmotion.htm, N/A&[用QQ彩信发送该图片]& &C:\Program Files\Tencent\qq\SendMMS.htm, N/A&
17:34:00正在运行的进程[PID: 416][\SystemRoot\System32\smss.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 480][\??\C:\WINDOWS\system32\csrss.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 504][\??\C:\WINDOWS\system32\winlogon.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 556][C:\WINDOWS\system32\services.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 568][C:\WINDOWS\system32\lsass.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 728][C:\WINDOWS\system32\svchost.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 784][C:\WINDOWS\system32\svchost.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 852][C:\Program Files\Rising\Rav\CCenter.exe]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3][PID: 868][C:\WINDOWS\System32\svchost.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 944][C:\WINDOWS\system32\svchost.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 1044][C:\WINDOWS\system32\svchost.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 1064][C:\Program Files\Rising\Rav\Ravmond.exe]& [Beijing Rising Technology Co., Ltd., 18, 0, 1, 35]& & [C:\Program Files\Rising\Rav\BWList.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]& & [C:\Program Files\Rising\Rav\RsCommX.dll]& [rising, 18, 0, 0, 1]& & [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]& & [C:\Program Files\Rising\Rav\CfgDll.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]& & [C:\Program Files\Rising\Rav\RSCOMMON.DLL]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]& & [C:\Program Files\Rising\Rav\RsLog.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]& & [C:\Program Files\Rising\Rav\HOOKSYS.dll]& [Beijing Rising Technology Co., Ltd., 18, 1, 0, 11]& & [C:\Program Files\Rising\Rav\Scanner.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]& & [C:\Program Files\Rising\Rav\libload.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]& & [C:\Program Files\Rising\Rav\VirusLib.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]& & [C:\Program Files\Rising\Rav\regmon.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]& & [C:\Program Files\Rising\Rav\HookWeb.dll]& [rising, 18, 0, 0, 2]& & [C:\Program Files\Rising\Rav\MemMon.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]& & [C:\Program Files\Rising\Rav\expscan.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]& & [C:\Program Files\Rising\Rav\mPorts.dll]& [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]& & [C:\Program Files\Rising\Rav\MailMon.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]& & [C:\Program Files\Rising\Rav\SpamEng.dll]& [N/A, 18, 0, 0, 6]& & [C:\Program Files\Rising\Rav\engine.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 34]& & [C:\Program Files\Rising\Rav\PostTrt.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 15]& & [C:\Program Files\Rising\Rav\UnExe.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]& & [C:\Program Files\Rising\Rav\ScanExec.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]& & [C:\Program Files\Rising\Rav\ScanEx.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]& & [C:\Program Files\Rising\Rav\RSUnpack.dll]& [Beijing Rising Technology Co., Ltd., 1, 0, 0, 13]& & [C:\Program Files\Rising\Rav\NvFile.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]& & [C:\Program Files\Rising\Rav\ScanMac.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 9]& & [C:\Program Files\Rising\Rav\ScanSct.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]& & [C:\Program Files\Rising\Rav\Unpacker.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4][PID: 1324][C:\WINDOWS\Explorer.EXE]& [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]& & [C:\WINDOWS\system32\nvcpl.dll]& [NVIDIA Corporation, 6.14.10.9147]& & [C:\WINDOWS\system32\NVRSZHC.DLL]& [NVIDIA Corporation, 6.14.10.9147]& & [C:\WINDOWS\system32\nvapi.dll]& [N/A, N/A]& & [C:\WINDOWS\system32\nvshell.dll]& [N/A, N/A][PID: 1364][C:\WINDOWS\system32\spoolsv.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 1644][C:\WINDOWS\SOUNDMAN.EXE]& [Realtek Semiconductor Corp., 5.1.0.34][PID: 1672][C:\Program Files\Rising\Rav\RavTask.exe]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]& & [C:\Program Files\Rising\Rav\RSCOMMON.DLL]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]& & [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]& & [C:\Program Files\Rising\Rav\CfgDll.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]& & [C:\Program Files\Rising\Rav\RsCommX.dll]& [rising, 18, 0, 0, 1][PID: 1692][C:\Program Files\Rising\Rav\Ravmon.exe]& [Beijing Rising Technology Co., Ltd., 18, 0, 1, 33]& & [C:\Program Files\Rising\Rav\RsGuiLib.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]& & [C:\Program Files\Rising\Rav\BWList.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]& & [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]& & [C:\Program Files\Rising\Rav\CfgDll.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]& & [C:\Program Files\Rising\Rav\RSCOMMON.DLL]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]& & [C:\Program Files\Rising\Rav\RsCommX.dll]& [rising, 18, 0, 0, 1]& & [C:\Program Files\Rising\Rav\PngDll.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5][PID: 1708][C:\WINDOWS\system32\ctfmon.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 1012][C:\WINDOWS\system32\NetSys.exe]& [Microsoft Corporation, 5.2.][PID: 1056][C:\WINDOWS\system32\NetSystem.exe]& [Microsoft Corporation, 5.2.][PID: 1152][C:\WINDOWS\system32\nvsvc32.exe]& [NVIDIA Corporation, 6.14.10.9147]& & [C:\WINDOWS\system32\nvapi.dll]& [N/A, N/A][PID: 1204][C:\Program Files\Common Files\Sogou PXP\p2psvr.exe]& [ Inc., 2, 0, 0, 24]& & [C:\Program Files\Sogou PXP\vodsvr.dll]& [ Inc., 2, 0, 0, 21]& & [C:\Program Files\Sogou PXP\pxpnet.dll]& [ Inc., 1, 0, 0, 3]& & [C:\Program Files\Sogou PXP\p2pclient.dll]& [ Inc., 1, 0, 0, 6][PID: 1236][C:\WINDOWS\System32\alg.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 3912][C:\Program Files\Internet Explorer\iexplore.exe]& [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]& & [c:\program files\google\googletoolbar3.dll]& [Google Inc., 4, 0, ]& & [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]& [Macromedia, Inc., 8,0,22,0][PID: 3152][C:\Program Files\Internet Explorer\IEXPLORE.EXE]& [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]& & [c:\program files\google\googletoolbar3.dll]& [Google Inc., 4, 0, ]& & [C:\WINDOWS\system32\NetSys.dll]& [N/A, N/A][PID: 3788][C:\Program Files\Internet Explorer\IEXPLORE.EXE]& [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]& & [c:\program files\google\googletoolbar3.dll]& [Google Inc., 4, 0, ]& & [C:\WINDOWS\system32\NetSystem.dll]& [N/A, N/A][PID: 2228][D:\World of Warcraft\wow.exe]& [Blizzard Entertainment, 1, 12, 0, 5595]& & [D:\World of Warcraft\DivxDecoder.dll]& [N/A, N/A]& & [D:\World of Warcraft\fmod.dll]& [Firelight Technologies Pty, Ltd, 3.75][PID: 1280][C:\DOCUME~1\侯晓丹\LOCALS~1\Temp\Rar$EX00.984\SREng\SREng.exe]& [Smallfrogs Studio, 2.2.6.605]==================================文件关联.TXT& OK. [%SystemRoot%\system32\NOTEPAD.EXE %1].EXE& OK. ["%1" %*].COM& OK. ["%1" %*].PIF& OK. ["%1" %*].REG& OK. [regedit.exe "%1"].BAT& OK. ["%1" %*].SCR& OK. ["%1" /S].CHM& OK. ["C:\WINDOWS\hh.exe" %1].HLP& OK. [%SystemRoot%\System32\winhlp32.exe %1].INI& OK. [%SystemRoot%\System32\NOTEPAD.EXE %1].INF& OK. [%SystemRoot%\System32\NOTEPAD.EXE %1].VBS& OK. [%SystemRoot%\System32\WScript.exe "%1" %*].JS& OK. [%SystemRoot%\System32\WScript.exe "%1" %*].LNK& OK. [{0-}]
17:34:00都给发上来了~~~帮忙看看,谢谢啦
叶·幽思 -
17:46:00重启到安全模式下用SREng删除启动项:[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]&CheckFaultKernel&&C:\WINDOWS\system32\mswdm.exe& [N/A]显示隐藏文件删除:C:\WINDOWS\system32\mswdm.exe[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]&YOKAssiant&&; Rundll32.exe C:\PROGRA~\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant& [N/A]这个不是你自己装的卸载
17:49:00哦好~我去删下~先谢拉~
叶·幽思 -
17:59:00========Content========服务[Network System Info / NetSys]&C:\WINDOWS\system32\NetSys.exe&&Microsoft Corporation&[Network System / NetSystem]&C:\WINDOWS\system32\NetSystem.exe&&Microsoft Corporation&==================================正在运行的进程[PID: 3912][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][c:\program files\google\googletoolbar3.dll] [Google Inc., 4, 0, ][C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] [Macromedia, Inc., 8,0,22,0][PID: 3152][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][c:\program files\google\googletoolbar3.dll] [Google Inc., 4, 0, ][C:\WINDOWS\system32\NetSys.exe] [N/A, N/A][PID: 3788][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][c:\program files\google\googletoolbar3.dll] [Google Inc., 4, 0, ][C:\WINDOWS\system32\NetSystem.exe] [N/A, N/A]这两个文件C:\WINDOWS\system32\NetSys.exeC:\WINDOWS\system32\NetSystem.exe有点问题到检测
阿诺8979 -
18:07:00mswdm.exe是Troj_Win32.Ipamor.d 该病毒修改注册表创建Policies\Explorer\Run/KernelFaultCheckC:\WINDOWS\system32\ mswdm.exe实现自启动。病毒感染Pe格式的exe文件,集木马和win32病毒于一体。病毒被运行后,首先释放MSWDM.EXE到系统目录,隐藏到后台,继续感染,并监听Udp139端口,并将原来的程序释放到临时目录,然后启动。使用户感觉不到病毒的存在。 该病毒采用高级语言编写,而且该病毒将病毒代码放在被感染的可执行文件的头部,而将正常的可执行文件的代码放在病毒代码的尾部,这一点和其他的病毒是不太一样的。 由于病毒可以根据被感染文件修改自身的图标资源,故感染后文件的图标并不改变,只是病毒仅仅使用了32x32的图标而没有使用16x16的图标,因此小图标会改变并且不大容易分辨。 这是7月31刚刚发现的新病毒 建议升级你的杀毒软件到最新,应该可以删除 C:\WINDOWS\system32\NetSys.exeC:\WINDOWS\system32\NetSystem.exe病毒或者木马。
18:08:00找不到:C:\WINDOWS\system32\mswdm.exe这个文件。。愁
叶·幽思 -
18:09:00扫描后把报告贴上来
叶·幽思 -
18:11:00引用:【houdan的贴子】找不到:C:\WINDOWS\system32\mswdm.exe这个文件。。愁………………删除文件请先取消所有隐藏取消文件隐藏模式方法:1.打开任意文件夹窗口=》工具=》文件夹选项=》查看2.取消隐藏受保护的系统文件前面的钩(出现提示点是)3.选中显示所有文件和文件4.取消隐藏已知文件类型扩展名前面的勾5.确定,再到windows下你会发现,这个文件把C:\WINDOWS\system32\NetSys.exeC:\WINDOWS\system32\NetSystem.exe文件发给我邮箱,之前请压缩加密.
18:14:00启动项目注册表[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]& & &ctfmon.exe&&C:\WINDOWS\system32\ctfmon.exe&& [(Verified)Microsoft Corporation]& & &KuGoo3&&; "C:\PROGRA~1\KuGoo3\KuGoo.exe"&& []& & &MsnMsgr&&; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background&& [Microsoft Corporation]& & &MSMSGS&&; "C:\Program Files\Messenger\msmsgs.exe" /background&& [(Verified)Microsoft Corporation][HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]& & &load&&&& [N/A]& & &run&&&& [N/A][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]& & &IMJPMIG8.1&&; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32&& [(Verified)Microsoft Corporation]& & &PHIME2002ASync&&; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC&& [(Verified)Microsoft Corporation]& & &PHIME2002A&&; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName&& [(Verified)Microsoft Corporation]& & &NvCplDaemon&&RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup&& [(Verified)NVIDIA Corporation]& & &nwiz&&; nwiz.exe /install&& [N/A]& & &SoundMan&&SOUNDMAN.EXE&& [(Verified)Realtek Semiconductor Corp.]& & &NVRaidService&&; C:\WINDOWS\system32\nvraidservice.exe&& [NVIDIA Corporation]& & &RavTask&&"C:\Program Files\Rising\Rav\RavTask.exe" -system&& [Beijing Rising Technology Co., Ltd.]& & &Super Rabbit SRRestore&&C:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave&& [Super Rabbit Soft]& & &KernelFaultCheck&&; %systemroot%\system32\dumprep 0 -k&& [N/A]& & &KuGoo3&&; C:\PROGRA~1\KuGoo3\KuGoo.exe&& []& & &YOKAssiant&&; Rundll32.exe C:\PROGRA~\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant&& [N/A]& & &QuickTime Task&&; "C:\WINDOWS\system32\qttask.exe" -atboottime&& [Apple Computer, Inc.]& & &NvMediaCenter&&; RunDLL32.exe NvMCTray.dll,NvTaskbarInit&& [(Verified)NVIDIA Corporation][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]& & &shell&&Explorer.exe&& [Microsoft Corporation]& & &Userinit&&C:\WINDOWS\system32\userinit.exe,&& [(Verified)Microsoft Corporation][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]& & &AppInit_DLLs&&&& [N/A][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]& & &UIHost&&logonui.exe&& [Microsoft Corporation][HKEY_CURRENT_USER\Control Panel\Desktop]& & &SCRNSAVE.EXE&&C:\WINDOWS\system32\Flurry.scr&& [Matt Ginzton]==================================启动文件夹N/A==================================服务[Human Interface Device Access / HidServ]& &C:\WINDOWS\System32\svchost.exe -k netsvcs--&%SystemRoot%\System32\hidserv.dll&&N/A&[Network System Info / NetSys]& &C:\WINDOWS\system32\NetSys.exe&&Microsoft Corporation&[Network System / NetSystem]& &2 - 系统找不到指定的文件。&&N/A&[NVIDIA Display Driver Service / NVSvc]& &C:\WINDOWS\system32\nvsvc32.exe&&NVIDIA Corporation&[P4P Service / P4P Service]& &C:\Program Files\Common Files\Sogou PXP\p2psvr.exe&& Inc.&[PDEngine / PDEngine]& &"C:\Program Files\Raxco\PerfectDisk\PDEngine.exe"&&Raxco Software, Inc.&[PDScheduler / PDSched]& &"C:\Program Files\Raxco\PerfectDisk\PDSched.exe"&&Raxco Software, Inc.&[Rising Process Communication Center / RsCCenter]& &"C:\Program Files\Rising\Rav\CCenter.exe"&&Beijing Rising Technology Co., Ltd.&[RsRavMon Service / RsRavMon]& &"C:\Program Files\Rising\Rav\Ravmond.exe"&&Beijing Rising Technology Co., Ltd.&==================================驱动程序[Service for Realtek AC97 Audio (WDM) / ALCXWDM]& &system32\drivers\ALCXWDM.SYS&&Realtek Semiconductor Corp.&[BaseTDI / BaseTDI]& &\??\C:\WINDOWS\system32\drivers\basetdi.sys&&Beijing Rising Technology Co., Ltd.&[Defrag32 / Defrag32]& &C:\WINDOWS\SYSTEM32\DRIVERS\Defrag32.SYS&&Raxco Software, Inc.&[Defrag32Boot / Defrag32b]& &C:\WINDOWS\SYSTEM32\DRIVERS\Defrag32b.SYS&&Raxco Software, Inc.&[dtscsi / dtscsi]& &\SystemRoot\System32\Drivers\dtscsi.sys&&N/A&[ExpScaner / ExpScaner]& &\??\C:\Program Files\Rising\Rav\ExpScan.sys&&&[HookCont / HookCont]& &\??\C:\Program Files\Rising\Rav\HOOKCONT.sys&&Rising tech Co. ltd&[HookReg / HookReg]& &\??\C:\Program Files\Rising\Rav\HookReg.sys&&&[HookSys / HookSys]& &\??\C:\Program Files\Rising\Rav\HookSys.sys&&Rising&[MEMSCAN / MEMSCAN]& &\??\C:\Program Files\Rising\Rav\MEMSCAN.sys&&瑞星软件有限公司&[npkcrypt / npkcrypt]& &\??\C:\Program Files\Tencent\qq\npkcrypt.sys&&N/A&[nv / nv]& &system32\DRIVERS\nv4_mini.sys&&NVIDIA Corporation&[nvatabus / nvatabus]& &\SystemRoot\system32\DRIVERS\nvatabus.sys&&NVIDIA Corporation&[NVIDIA nForce Networking Controller Driver / NVENETFD]& &system32\DRIVERS\NVENETFD.sys&&NVIDIA Corporation&[NVIDIA Network Bus Enumerator / nvnetbus]& &system32\DRIVERS\nvnetbus.sys&&NVIDIA Corporation&[NVIDIA nForce(tm) RAID Class Driver / nvraid]& &\SystemRoot\system32\DRIVERS\nvraid.sys&&NVIDIA Corporation&[Direct Parallel Link Driver / Ptilink]& &system32\DRIVERS\ptilink.sys&&Parallel Technologies, Inc.&[RivaTuner32 / RivaTuner32]& &\??\C:\Program Files\RivaTuner v2.0 RC 15.6\RivaTuner32.sys&&N/A&[Secdrv / Secdrv]& &system32\DRIVERS\secdrv.sys&&N/A&[sptd / sptd]& &\SystemRoot\System32\Drivers\sptd.sys&&N/A&
18:15:00浏览器加载项[Google Toolbar Helper]& {AA58ED58-01DD-4d91-8333-CF} &c:\program files\google\googletoolbar3.dll, Google Inc.&[QQIEFloatBarCfgCmd Class]& {DEDEB80D-FA35-45d9-A8AFE6} &C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司&[BitCometBar]& {3F1ABCDB-A875-46c1-7E486} &C:\Program Files\BitComet\BitCometBar\BitCometBar0.2.dll, N/A&[超级兔子上网精灵]& {FEDF637B-F631-CC828D42DB} &C:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~1.DLL, 超级兔子&[珊瑚虫工具栏]& {F869BB38-FFEF-0B7AD0ADA2} &C:\PROGRA~\SUPERS~1\YOK_SuperSearch.dll, N/A&[&Google]& {--9B18-CD4F} &c:\program files\google\googletoolbar3.dll, Google Inc.&[Edit Class]& {0CA54D3F-CEAE-48AF-9A2B-3D} &C:\WINDOWS\system32\CMBEdit.dll, &[Minesweeper Flags Class]& {2917297F-F02B-4B9D-81DF-494B6333150B} &C:\WINDOWS\Downloaded Program Files\minesweeper.dll, Microsoft Corporation&[MessengerStatsClient Class]& {8E0D4DE5--A327-4DFAD1796A8D} &C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll, Microsoft Corporation&[Shockwave Flash Object]& {D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.&[Solitaire Showdown Class]& {F6BF0D00-0B2A-4A75-BF7B-FAF} &C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll, Microsoft Corporation&[ThunderIEHelper Class]& {0005A87D-D626-4B3A-84F9-1D} &C:\WINDOWS\system32\xunleibho_v5.dll, &[Google Script Object]& {00EF-47C0-BD25-CF2D5D657FEB} &c:\program files\google\googletoolbar3.dll, Google Inc.&[Edit Class]& {0CA54D3F-CEAE-48AF-9A2B-3D} &C:\WINDOWS\system32\CMBEdit.dll, &[Windows Media Player]& {22D6F312-B0F6-11D0-94AB-E95} &C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation&[&Google]& {--9B18-CD4F} &c:\program files\google\googletoolbar3.dll, Google Inc.&[HTML Document]& {F9-11CF-8FD0-00AA00686F13} &%SystemRoot%\system32\mshtml.dll, N/A&[DHTML Edit Control Safe for Scripting for IE5]& {2D360201-FFF5-11D1-8D03-00A0C959BC0A} &C:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation&[RealPlayer RAM Download Handler]& {2F542A2E-EDC9-4BF7-8CB1-87C} &C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.&[Tabular Data Control]& {333C7BC4-460F-11D0-BC04-} &C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation&[BitCometBar]& {3F1ABCDB-A875-46C1-7E486} &C:\Program Files\BitComet\BitCometBar\BitCometBar0.2.dll, N/A&[HHCtrl Object]& {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} &C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation&[XML Document]& {4D9-11D1-A6B3-00C04FD91555} &%SystemRoot%\system32\msxml3.dll, N/A&[QQBrowserHelperObject Class]& {54EBD53A-9BC1-480B-966A-843A333CA162} &C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司&[Shell Name Space]& {DE-11D1-B9F2-00A0C98BC547} &%SystemRoot%\system32\shdocvw.dll, N/A&[Windows Media Player]& {6BF52A52-394A-11D3-B153-00C04F79FAA6} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&[珊瑚虫工具栏]& {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} &C:\PROGRA~\SUPERS~1\YOK_SuperSearch.dll, N/A&[Microsoft Web 浏览器]& {A-11D0-A96B-00C04FD705A2} &C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation&[]& {ACF0-42A0-A10D-4F} &C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A&[Google Toolbar Helper]& {AA58ED58-01DD-4D91-8333-CF} &c:\program files\google\googletoolbar3.dll, Google Inc.&[Microsoft Scriptlet Component]& {AE24FDAE-03C6-11D1-8B76-} &C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation&[SearchAssistantOC]& {B45FF030--85DE-00C04FA35C89} &%SystemRoot%\system32\shdocvw.dll, N/A&[RDS.DataSpace]& {BD96C556-65A3-11D0-983A-00C04FC29E36} &C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation&[AUDIO__MP3 Moniker Class]& {CD3AFA76-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&[AUDIO__WAV Moniker Class]& {CD3AFA7B-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&[AUDIO__X_MS_WMA Moniker Class]& {CD3AFA84-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&[VIDEO__X_MS_ASF Moniker Class]& {CD3AFA8F-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&[VIDEO__X_MS_WMV Moniker Class]& {CD3AFA94-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&[RealPlayer G2 Control]& {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} &C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.&[Shockwave Flash Object]& {D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.&[珊瑚虫工具栏]& {F869BB38-FFEF-0B7AD0ADA2} &C:\PROGRA~\SUPERS~1\YOK_SuperSearch.dll, N/A&[超级兔子上网精灵]& {FEDF637B-F631-CC828D42DB} &C:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~1.DLL, 超级兔子&[&使用迅雷下载]& &C:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm, N/A&[&使用迅雷下载全部链接]& &C:\Program Files\Sandai Technologies Inc\Thunder\getAllurl.htm, N/A&[上传到QQ网络硬盘]& &C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A&[添加到QQ自定义面板]& &C:\Program Files\Tencent\qq\AddPanel.htm, N/A&[添加到QQ表情]& &C:\Program Files\Tencent\qq\AddEmotion.htm, N/A&[用QQ彩信发送该图片]& &C:\Program Files\Tencent\qq\SendMMS.htm, N/A&
叶·幽思 -
18:16:00【回复“houdan”的帖子】我说的是到http://virusscan.jotti.org/de/检测后把报告贴上来而不是要你重新扫日志.
18:16:00正在运行的进程[PID: 416][\SystemRoot\System32\smss.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 480][\??\C:\WINDOWS\system32\csrss.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 504][\??\C:\WINDOWS\system32\winlogon.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 556][C:\WINDOWS\system32\services.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 568][C:\WINDOWS\system32\lsass.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 724][C:\WINDOWS\system32\svchost.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 784][C:\WINDOWS\system32\svchost.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 852][C:\Program Files\Rising\Rav\CCenter.exe]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3][PID: 868][C:\WINDOWS\System32\svchost.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 928][C:\WINDOWS\system32\svchost.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 1040][C:\WINDOWS\system32\svchost.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 1284][C:\WINDOWS\Explorer.EXE]& [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][PID: 1360][C:\WINDOWS\system32\spoolsv.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 1624][C:\WINDOWS\SOUNDMAN.EXE]& [Realtek Semiconductor Corp., 5.1.0.34][PID: 1632][C:\Program Files\Rising\Rav\RavTask.exe]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]& & [C:\Program Files\Rising\Rav\RSCOMMON.DLL]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]& & [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]& & [C:\Program Files\Rising\Rav\CfgDll.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]& & [C:\Program Files\Rising\Rav\RsCommX.dll]& [rising, 18, 0, 0, 1][PID: 1704][C:\WINDOWS\system32\ctfmon.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 900][C:\WINDOWS\system32\NetSys.exe]& [Microsoft Corporation, 5.2.][PID: 960][C:\WINDOWS\system32\nvsvc32.exe]& [NVIDIA Corporation, 6.14.10.9147]& & [C:\WINDOWS\system32\nvapi.dll]& [N/A, N/A][PID: 1096][C:\Program Files\Internet Explorer\IEXPLORE.EXE]& [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]& & [c:\program files\google\googletoolbar3.dll]& [Google Inc., 4, 0, ]& & [C:\WINDOWS\system32\NetSys.dll]& [N/A, N/A][PID: 1088][C:\Program Files\Internet Explorer\IEXPLORE.EXE]& [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]& & [c:\program files\google\googletoolbar3.dll]& [Google Inc., 4, 0, ]& & [C:\WINDOWS\system32\NetSystem.dll]& [N/A, N/A][PID: 1112][C:\Program Files\Common Files\Sogou PXP\p2psvr.exe]& [ Inc., 2, 0, 0, 24]& & [C:\Program Files\Sogou PXP\vodsvr.dll]& [ Inc., 2, 0, 0, 21]& & [C:\Program Files\Sogou PXP\pxpnet.dll]& [ Inc., 1, 0, 0, 3]& & [C:\Program Files\Sogou PXP\p2pclient.dll]& [ Inc., 1, 0, 0, 6][PID: 1900][C:\WINDOWS\System32\alg.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 2832][C:\Program Files\Internet Explorer\iexplore.exe]& [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]& & [c:\program files\google\googletoolbar3.dll]& [Google Inc., 4, 0, ]& & [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]& [Macromedia, Inc., 8,0,22,0][PID: 4068][C:\Program Files\Rising\Rav\RAV.EXE]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 75]& & [C:\Program Files\Rising\Rav\PlugIn\RsPgScan.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 17]& & [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]& & [C:\Program Files\Rising\Rav\CfgDll.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]& & [C:\Program Files\Rising\Rav\RsCommX.dll]& [rising, 18, 0, 0, 1]& & [C:\Program Files\Rising\Rav\RavUI.Dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 65]& & [C:\Program Files\Rising\Rav\RsGuiLib.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]& & [C:\Program Files\Rising\Rav\PngDll.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]& & [C:\Program Files\Rising\Rav\RSCOMMON.DLL]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]& & [C:\Program Files\Rising\Rav\Scanner.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]& & [C:\Program Files\Rising\Rav\BWList.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]& & [C:\Program Files\Rising\Rav\RavUIMsg.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 27]& & [C:\Program Files\Rising\Rav\libload.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]& & [C:\Program Files\Rising\Rav\VirusLib.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]& & [C:\Program Files\Rising\Rav\MVEngine.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 15]& & [C:\Program Files\Rising\Rav\Engine.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 34]& & [C:\Program Files\Rising\Rav\ScanExec.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]& & [C:\Program Files\Rising\Rav\Unpacker.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]& & [C:\Program Files\Rising\Rav\UnExe.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]& & [C:\Program Files\Rising\Rav\ScanEx.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 27]& & [C:\Program Files\Rising\Rav\RSUnpack.dll]& [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]& & [C:\Program Files\Rising\Rav\PostTrt.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]& & [C:\Program Files\Rising\Rav\RsLog.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]& & [C:\Program Files\Rising\Rav\NvFile.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]& & [C:\Program Files\Rising\Rav\ScanMac.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]& & [C:\Program Files\Rising\Rav\ScanSct.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]& & [C:\Program Files\Rising\Rav\ExtMail.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]& & [C:\Program Files\Rising\Rav\ExtFile.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]& & [C:\Program Files\Rising\Rav\ExtOLE.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6][PID: 1272][C:\Program Files\Rising\Rav\Ravmond.exe]& [Beijing Rising Technology Co., Ltd., 18, 0, 1, 35]& & [C:\Program Files\Rising\Rav\BWList.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]& & [C:\Program Files\Rising\Rav\RsCommX.dll]& [rising, 18, 0, 0, 1]& & [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]& & [C:\Program Files\Rising\Rav\CfgDll.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]& & [C:\Program Files\Rising\Rav\RSCOMMON.DLL]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]& & [C:\Program Files\Rising\Rav\RsLog.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]& & [C:\Program Files\Rising\Rav\HOOKSYS.dll]& [Beijing Rising Technology Co., Ltd., 18, 1, 0, 11]& & [C:\Program Files\Rising\Rav\Scanner.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]& & [C:\Program Files\Rising\Rav\libload.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]& & [C:\Program Files\Rising\Rav\VirusLib.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]& & [C:\Program Files\Rising\Rav\regmon.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]& & [C:\Program Files\Rising\Rav\HookWeb.dll]& [rising, 18, 0, 0, 2]& & [C:\Program Files\Rising\Rav\MemMon.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]& & [C:\Program Files\Rising\Rav\expscan.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]& & [C:\Program Files\Rising\Rav\mPorts.dll]& [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]& & [C:\Program Files\Rising\Rav\MailMon.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]& & [C:\Program Files\Rising\Rav\SpamEng.dll]& [N/A, 18, 0, 0, 6]& & [C:\Program Files\Rising\Rav\engine.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 34]& & [C:\Program Files\Rising\Rav\PostTrt.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]& & [C:\Program Files\Rising\Rav\UnExe.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]& & [C:\Program Files\Rising\Rav\ScanExec.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]& & [C:\Program Files\Rising\Rav\ScanEx.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 27]& & [C:\Program Files\Rising\Rav\RSUnpack.dll]& [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]& & [C:\Program Files\Rising\Rav\NvFile.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]& & [C:\Program Files\Rising\Rav\ScanMac.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]& & [C:\Program Files\Rising\Rav\ScanSct.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]& & [C:\Program Files\Rising\Rav\Unpacker.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5][PID: 1856][C:\Program Files\Rising\Rav\RAVMON.EXE]& [Beijing Rising Technology Co., Ltd., 18, 0, 1, 33]& & [C:\Program Files\Rising\Rav\RsGuiLib.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]& & [C:\Program Files\Rising\Rav\BWList.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]& & [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]& & [C:\Program Files\Rising\Rav\CfgDll.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]& & [C:\Program Files\Rising\Rav\RSCOMMON.DLL]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]& & [C:\Program Files\Rising\Rav\RsCommX.dll]& [rising, 18, 0, 0, 1]& & [C:\Program Files\Rising\Rav\PngDll.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5][PID: 1800][C:\DOCUME~1\侯晓丹\LOCALS~1\Temp\sreng2.zip 的临时目录 1\SREng\SREng.exe]& [Smallfrogs Studio, 2.2.6.605]==================================文件关联.TXT& OK. [%SystemRoot%\system32\NOTEPAD.EXE %1].EXE& OK. ["%1" %*].COM& OK. ["%1" %*].PIF& OK. ["%1" %*].REG& OK. [regedit.exe "%1"].BAT& OK. ["%1" %*].SCR& OK. ["%1" /S].CHM& OK. ["C:\WINDOWS\hh.exe" %1].HLP& OK. [%SystemRoot%\System32\winhlp32.exe %1].INI& OK. [%SystemRoot%\System32\NOTEPAD.EXE %1].INF& OK. [%SystemRoot%\System32\NOTEPAD.EXE %1].VBS& OK. [%SystemRoot%\System32\WScript.exe "%1" %*].JS& OK. [%SystemRoot%\System32\WScript.exe "%1" %*].LNK& OK. [{0-}]
18:30:00Datei:& NetSys.exe& Auslastung:& 0%& & & & 100%&
Status:& INFIZIERT/MALWARE (Anmerkung: diese Datei wurde bereits vorher gescannt. Die Scanergebnisse werden daher nicht in der Datenbank gespeichert.)& Entdeckte Packprogramme:& ASPACK &
AntiVir& Heuristic/Malware gefunden (m&gliche Variante)& ArcaVir& Keine Viren gefunden Avast& Win32:Agent-BPB gefunden& AVG Antivirus& Keine Viren gefunden BitDefender& BehavesLike:Trojan.StartPage gefunden (m&gliche Variante)& ClamAV& Keine Viren gefunden Dr.Web& STPAGE.Trojan gefunden (m&gliche Variante)& F-Prot Antivirus& Possibly a new variant of W32/Rootkit-Backdoor-based!Maximus gefunden& Fortinet& Keine Viren gefunden Kaspersky Anti-Virus& Keine Viren gefunden NOD32& probably unknown NewHeur_PE gefunden (m&gliche Variante)& Norman Virus Control& Sandbox: W32/M [ General information ]* File might be compressed.* Decompressing ASPack.* Accesses executable file from resource section.* File length: 103424 bytes.[ Changes to filesystem ]* Creates file C:\WINDOWS\SYSTEM32\NetSys.exe.* Creates file C:\WINDOWS\SYSTEM32\NetSys.dll.[ Changes to registry ]* Creates key "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel".* Sets value "HomePage"="" in key "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel".* Modifies value "Start Page"="/" in key "HKCU\Software\Microsoft\Internet Explorer\Main".* Modifies value "Start Page"="/" in key "HKLM\Software\Microsoft\Internet Explorer\Main".* Creates key "HKLM\System\CurrentControlSet\Services\NetSys".* Sets value "ImagePath"="C:\WINDOWS\SYSTEM32\NetSys.exe" in key "HKLM\System\CurrentControlSet\Services\NetSys".* Sets value "DisplayName"="Network System Info" in key "HKLM\System\CurrentControlSet\Services\NetSys".[ Process/window information ]* Creates an event called .* Creates service "NetSys (Network System Info)" as "C:\WINDOWS\SYSTEM32\NetSys.exe".* Modifies other process memory.* Creates a remote thread. gefunden& UNA& Keine Viren gefunden VirusBuster& Keine Viren gefunden VBA32& Keine Viren gefunden
18:32:00NetSystem.exe文件,刚才升级了瑞星,查出了病毒给删除了
叶·幽思 -
19:33:00引用:【houdan的贴子】NetSystem.exe文件,刚才升级了瑞星,查出了病毒给删除了 ………………你的问题解决了吗?
19:47:00目前上网还ok,不过进程还是有2个iexplore。。。
叶·幽思 -
19:56:00引用:【houdan的贴子】目前上网还ok,不过进程还是有2个iexplore。。。………………这个"NetSys.exe"你认识吗?如果不认识删除:C:\WINDOWS\SYSTEM32\NetSys.exeC:\WINDOWS\SYSTEM32\NetSys.dll运行:regedit定位到:HKLM\System\CurrentControlSet\Services\NetSys删除:C:\WINDOWS\SYSTEM32\NetSys.exe定位到:HKCU\Software\Microsoft\Internet Explorer\Main右侧的:Start Page双击改成你自定义的主页.下载HijackThis修复06项&
HKCU\Software\Policies\Microsoft\Internet Explorer\Control PanelHijackThis下载地址:第一次看这个日志...还不太会看,新版的SREng日志也是第一次看~~~~
19:57:00ok我试试看~~~
20:30:00一般开始菜单那一条用一个~还有一个用来开文件夹等东西~不过也有的是都在一个进程里的`在文件夹设置里
查看完整版本:}

我要回帖

更多关于 xp系统取消开机密码 的文章

更多推荐

版权声明:文章内容来源于网络,版权归原作者所有,如有侵权请点击这里与我们联系,我们将及时删除。

点击添加站长微信