双击C D E F盘的时候不能打开,有手工修复的方法么?
可以参考 http://bbs.dngz.net/thread-134034-1-1.html 完美解决双击盘符无法打开分区的问题! 建议修复前扫描一个sreng的报告看看,hijackthis的06项目直接修复 023服务(file missing)直接修复。 O4 - 启动项HKLM\\Run: [ASocksrv] ; SocksA.exe 可疑,
楼主电脑速度怎么样?一个咔吧,一个诺顿?
就一个卡巴,5.0390版本,现在也无法更新病毒库. 刚装的系统, 今天发现老重启才知道中了木马,可是找了半天没找到解决方法,打开D,E,F的时候依旧是 AOTU的方式,,
2007-01-04,14:54:03
dngz.net版权所有
System Repair Engineer 2.2.6.605 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] <run><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation] <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation] <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation] <ccApp><; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [(Verified)Symantec Corporation] <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)NVIDIA Corporation] <nwiz><; nwiz.exe /install> [N/A] <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)NVIDIA Corporation] <ASocksrv><; SocksA.exe> [N/A] <KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize> [Kaspersky Lab] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Corporation] ; <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [(Verified)Microsoft Corporation] ================================== 启动文件夹 [腾讯QQ] <C:\Documents and Settings\aaaaa\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\qq\QQ.exe [TENCENT]><N> ================================== 服务 [Automatic LiveUpdate Scheduler / Automatic LiveUpdate Scheduler] <"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"><N/A> [Symantec Event Manager / ccEvtMgr] <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation> [Symantec Password Validation / ccPwdSvc] <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation> [Symantec Settings Manager / ccSetMgr] <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation> [Human Interface Device Access / HidServ] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [kavsvc / kavsvc] <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab> [LiveUpdate / LiveUpdate] <"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><N/A> [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> ================================== 驱动程序 [VIA Rhine-Family Fast Ethernet Adapter Driver Service / FETND5BV] <system32\DRIVERS\fetnd5bv.sys><VIA Technologies, Inc.> [VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS] 欢迎来到(www.dngz.net) <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.> [Kl1 / Kl1] <\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab> [Klif / Klif] <System32\drivers\klif.sys><Kaspersky Labs> [Klmc / Klmc] <System32\drivers\klmc.sys><Kaspersky Lab> [ATK0110 ACPI UTILITY / MTsensor] <system32\DRIVERS\ASACPI.sys><> [nv / nv] <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation> [Direct Parallel Link Driver / Ptilink] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [Secdrv / Secdrv] <system32\DRIVERS\secdrv.sys><N/A> [SPBBCDrv / SPBBCDrv] <\?\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation> [SymEvent / SymEvent] <\?\C:\Program Files\Symantec\SYMEVENT.SYS><N/A> [SYMIDSCO / SYMIDSCO] <\?\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20061215.005\symidsco.sys><N/A> [ViaIde / ViaIde] <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation> ================================== 浏览器加载项 [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\qq\QQ.EXE, TENCENT> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.> [添加到QQ自定义面板] <D:\qq\AddPanel.htm, N/A> [添加到QQ表情] <D:\qq\AddEmotion.htm, N/A> [用QQ彩信发送该图片] <D:\qq\SendMMS.htm, N/A> ================================== 正在运行的进程 [PID: 580][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 636][\?\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 660][\?\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] dngz.net [PID: 704][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 716][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 872][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 968][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1064][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1152][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1208][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1320][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe] [Symantec Corporation, 103.0.2.10] [C:\Program Files\Common Files\Symantec Shared\ccL30.dll] [Symantec Corporation, 103.0.2.10] [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.0.2.10] [PID: 1356][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe] [Symantec Corporation, 103.0.2.10] [C:\Program Files\Common Files\Symantec Shared\ccL30.dll] [Symantec Corporation, 103.0.2.10] [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.0.2.10] [PID: 1616][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1764][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.8265] [C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.8265] [C:\WINDOWS\system32\nvshell.dll] [N/A, N/A] [C:\Program Files\WinRAR\rarext.dll] [N/A, N/A] ; [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] [Kaspersky Lab, 5.0.388.1] [C:\WINDOWS\system32\msdmo.dll] [N/A, N/A] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] [Kaspersky Lab, 5.0.1.18] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll] [Kaspersky Lab, 5.0.388.1] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] [Kaspersky Lab, 5.0.388.0] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll] [Kaspersky Lab, 5.0.388.0] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll] [Kaspersky Lab, 5.0.388.1] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] [Kaspersky Lab, 5.0.388.0] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll] [Kaspersky Lab, 5.0.388.1] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll] [Kaspersky Lab, 5.0.388.2] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll] [Kaspersky Lab, 5.0.388.1] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll] [Kaspersky Lab, 5.0.388.0] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl] [Kaspersky Lab, 5.0.388.0] [c:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl] [Kaspersky Lab, 5.0.388.0] [c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl] [Kaspersky Lab, 5.0.388.0] [c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl] [Kaspersky Lab, 5.0.388.0] [c:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl] [Kaspersky Lab, 5.0.388.0] [PID: 1868][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]dngz.net
[PID: 2044][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.8265] [PID: 1304][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1636][C:\WINDOWS\system32\wscntfy.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1904][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] [Kaspersky Lab, 5.0.1.18] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll] [Kaspersky Lab, 5.0.388.1] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] [Kaspersky Lab, 5.0.388.0] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll] [Kaspersky Lab, 5.0.388.0] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll] [Kaspersky Lab, 5.0.388.1] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] [Kaspersky Lab, 5.0.388.0] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll] [Kaspersky Lab, 5.0.388.1] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll] [Kaspersky Lab, 5.0.388.2] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll] [Kaspersky Lab, 5.0.388.1] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll] [Kaspersky Lab, 5.0.388.0] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl] [Kaspersky Lab, 5.0.388.0] [c:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl] [Kaspersky Lab, 5.0.388.0] [c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl] [Kaspersky Lab, 5.0.388.0] [c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl] [Kaspersky Lab, 5.0.388.0] www.dngz.net [c:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl] [Kaspersky Lab, 5.0.388.0] [C:\WINDOWS\system32\macromed\flash\flash.ocx] [Macromedia, Inc., 6,0,79,0] [C:\WINDOWS\system32\msdmo.dll] [N/A, N/A] [PID: 1828][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1844][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] [Kaspersky Lab, 5.0.1.18] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll] [Kaspersky Lab, 5.0.388.1] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] [Kaspersky Lab, 5.0.388.0] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll] [Kaspersky Lab, 5.0.388.0] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll] [Kaspersky Lab, 5.0.388.1] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] [Kaspersky Lab, 5.0.388.0] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll] [Kaspersky Lab, 5.0.388.1] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll] [Kaspersky Lab, 5.0.388.2] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll] [Kaspersky Lab, 5.0.388.1] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll] [Kaspersky Lab, 5.0.388.0] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl] [Kaspersky Lab, 5.0.388.0] [c:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl] [Kaspersky Lab, 5.0.388.0] [c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl] [Kaspersky Lab, 5.0.388.0] dngz.net版权所有 [c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl] [Kaspersky Lab, 5.0.388.0] [c:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl] [Kaspersky Lab, 5.0.388.0] [C:\WINDOWS\system32\macromed\flash\flash.ocx] [Macromedia, Inc., 6,0,79,0] [C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.8265] [C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.8265] [C:\WINDOWS\system32\nvshell.dll] [N/A, N/A] [PID: 1612][F:\扫描工具\nvidia_fw8265b_32\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf [C:\] [AutoRun] open=tel.xls.exe shellexecute=tel.xls.exe shell\Auto\command=tel.xls.exe shell=Auto [D:\] [AutoRun] open=tel.xls.exe shellexecute=tel.xls.exe shell\Auto\command=tel.xls.exe shell=Auto [E:\] [AutoRun] open=tel.xls.exe shellexecute=tel.xls.exe shell\Auto\command=tel.xls.exe shell=Auto [F:\] [AutoRun] open=tel.xls.exe dngz.net您的电脑医生 shellexecute=tel.xls.exe shell\Auto\command=tel.xls.exe shell=Auto ================================== HOSTS 文件 127.0.0.1 localhost ==================================就是这病毒:<ASocksrv><; SocksA.exe> [N/A] http://cache.baidu.com/c?word=socksa;.;exe&url=http://www.8848hr.com/px/club/bbsview.asp?bbspid=1533&p=8b2a964081951cf008e2927b454e8d&user=baidu
tel.xls.exe <ASocksrv><; SocksA.exe> [N/A]
我去安全模式下手工操作看看,谢谢版主!