请教：桌面自动刷新并关闭程序

显示全部楼层 · 发表于 2008-1-6 09:20:10

尊敬的各位前辈：

我用的是WIN Xp sp2。最近出现了问题，具体现象为。打开任何文件夹（可以正常显示），然后单击某一应有程序后总是自动关闭，并且刷新桌面（感觉就像EXPLORER进程被关闭然后打开）一样。比如说，从文件夹c盘下面的tools文件夹中双击刚刚下载的av终结者专杀（DubaTool_AV_Killer2.COM）。马上桌面自动刷新，所有窗口被关闭，任务栏右下角的图表挨个儿出现（就好像刚开机进入桌面的情况）。

请各位前辈赐教一下该怎么做？万分感谢！！！

显示全部楼层 · 发表于 2008-1-6 09:54:32

扫个sreng的日志贴上来。我签名有下载链接。

显示全部楼层 · 发表于 2008-1-6 10:07:05

刚扫描的，麻烦大哥了...

显示全部楼层 · 发表于 2008-1-6 10:24:59

删除下面的启动项：
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Internet Security Service><; msq32.exe>  [N/A]
<Windows Service Agent><; tcsohv.exe>  [N/A]
<msvccc66><; svcchosst.exe>  [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<MSDEG32><LYLoader.exe>  [N/A]
<MSDWG32><LYLoadbr.exe>  [N/A]
<MSDCG32 ><LYLeador.exe>  [N/A]
<MSDOG32><LYLoador.exe>  [N/A]
<MSDSG32><LYLoadar.exe>  [N/A]
<MSDHG32><LYLoadhr.exe>  [N/A]
<MSDQG32><LYLoadqr.exe>  [N/A]

删除c:\windows\system32\com\services.exe文件。先结束进程。

用江民杀毒、再用360清理恶意软件。楼主的电脑是康柏？好像有卡巴的残留。

显示全部楼层 · 发表于 2008-1-6 10:27:56

下次不用附件，直接贴出来就行，我帮你贴上来了，高手也给看看吧！
[CODE]

2008-01-06,03:04:20

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>  [N/A]
<run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
<PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
<ATIModeChange><Ati2mdxx.exe>  [N/A]
<ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
<hkss><C:\Program Files\Compaq\Hotkey Software\hkss.exe>  [Compaq Computer Corporation]
<KVMON><E:\Program Files\JiangMin\AntiVirus\KVMonXP.kxp>  [Jiangmin Co.Ltd]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Internet Security Service><; msq32.exe>  [N/A]
<Windows Service Agent><; tcsohv.exe>  [N/A]
<msvccc66><; svcchosst.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<MSDEG32><LYLoader.exe>  [N/A]
<MSDWG32><LYLoadbr.exe>  [N/A]
<MSDCG32 ><LYLeador.exe>  [N/A]
<MSDOG32><LYLoador.exe>  [N/A]
<MSDSG32><LYLoadar.exe>  [N/A]
<MSDHG32><LYLoadhr.exe>  [N/A]
<MSDQG32><LYLoadqr.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><explorer.exe>  [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\System32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{ACADABAF-1000-0010-8000-10AA006D2EA4}><>  [N/A]
<{ACADABAF-1100-0010-8000-10AA006D2EA4}><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<AVP><; "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [N/A]
<AVPSrv><; >  [N/A]
<cmdbcs><; >  [N/A]
<DbgHlp32><; >  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<DWQueuedReporting><; "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<gemstrmw><; >  [N/A]
<GenProtect><; >  [N/A]
<Internet Security Service><; msq32.exe>  [N/A]
<KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [N/A]
<KvMonXP><; >  [N/A]
<Kvsc3><; >  [N/A]
<LotusHlp><; >  [N/A]
<mppds><; >  [N/A]
<msccrt><; >  [N/A]
<MsIMMs32><; >  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<msnmsgr><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<msvccc66><; svcchosst.exe>  [N/A]
<Office Monitors><; >  [N/A]
<pdfFactory Pro 分配器 v2><; "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM>  [N/A]
<RealTray><; >  [N/A]
<rfw><; C:\Program Files\rising\Rfw\Rfw.exe>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Skype><; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<SoundService><; rundll32.exe "C:\WINDOWS\System32\lrrgkpdt.dll",setvm>  [N/A]
<Spooler SubSystem App><; >  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Super Rabbit IEPro><; E:\Program Files\sr801\SRIECLI.EXE /LOAD>  [Super Rabbit Soft]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Super Rabbit SRRestore><; >  [N/A]
<SvcManager><; algss6.exe>  [N/A]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>  [N/A]
<upxdnd><; >  [N/A]
<Vita><; >  [N/A]
<WebThunder><; >  [N/A]
<Winamp Agent><; C:\WINDOWS\System32\winamp.exe>  [N/A]
<Windows Logon Application><; >  [N/A]
<Windows Network Firewall><; C:\WINDOWS\System32\firewall.exe>  [N/A]
<Windows Service Agent><; tcsohv.exe>  [N/A]
<WinSysM><; >  [N/A]
<XiaoiDesktop><; C:\Program Files\Incesoft\XiaoiAlerts\XiaoiUpdater.exe /hide>  [N/A]

显示全部楼层 · 发表于 2008-1-6 10:28:28

==================================
启动文件夹
N/A

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Disabled]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\System32\Ati2evxx.exe><>
[E313BD7A / E313BD7A][Stopped/Auto Start]
  <><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[KVSrvXP / KVSrvXP][Running/Auto Start]
  <E:\Program Files\JiangMin\AntiVirus\kvsrvxp.exe /Service><Jiangmin Co., Ltd.>
[ms_2fax / ms_2fax][Stopped/Auto Start]
  <C:\WINDOWS\system32\e6991.exe><N/A>
[NetWork Service / nkserv][Stopped/Auto Start]
  <c:\program files\common files\system\serv.exe -system><Microsoft Corporation>
[PnpWMmng / PnpWMmng][Stopped/Disabled]
  <E:\PROGRA~2\wmxz\PnpWMmng.exe><完美卸载>
[Windows svcs RunThem / svcs][Stopped/Auto Start]
  <><N/A>
[WebPrint / WebPrint][Stopped/Disabled]
  <><N/A>
[Windows Live Setup Service / WLSetupSvc][Stopped/Disabled]
  <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><>

==================================
驱动程序
[68o054azn / 68o054azn][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\68o054azn.sys><N/A>
[ESS Allegro Audio Driver (WDM) / allegro][Running/Manual Start]
  <system32\drivers\es198x.sys><ESS Technology, Inc.>
[标准 IDE/ESDI 硬盘控制器 / atapi][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\atapi.sys><N/A>
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[ClntMgmt.sys / ClntMgmt.sys][Running/System Start]
  <\SystemRoot\System32\Drivers\ClntMgmt.sys><Compaq Computer Corp>
[d346bus / d346bus][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\d346bus.sys><>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[ezysynt85 / ezysynt85e][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ezysynt85e.sys><N/A>
[Huawei DataCard USB Modem and USB Serial / hwdatacard][Running/Manual Start]
  <System32\DRIVERS\ewusbmdm.sys><Huawei Technologies Co., Ltd.>
[KRegEx / KRegEx][Running/Auto Start]
  <\??\E:\Program Files\JiangMin\antivirus\KRegEx.sys><Jiangmin Co. Ltd.>
[Jiangmin Antivirus Software - SysCall Services / KSysCall][Running/System Start]
  <\??\E:\Program Files\JiangMin\common\KSysCall.sys><Jiangmin Co.,  Ltd.>
[Jiangmin Antivirus Software - System Monitor / KSysMon][Running/System Start]
  <\??\E:\Program Files\JiangMin\AntiVirus\KSysMon.sys><Jiangmin Co., Ltd.>
[Jiangmin Antivirus Software - File Tracer / KSysTrace][Running/System Start]
  <\??\E:\Program Files\JiangMin\AntiVirus\KSysTrace.sys><Jiangmin Co., Ltd.>
[LT Modem Driver / ltmodem5][Running/Manual Start]
  <System32\DRIVERS\ltmdmnt.sys><LT>
[MS / MS][Stopped/Manual Start]
  <\??\C:\DOCUME~1\XP\LOCALS~1\Temp\tmp12.tmp><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\E:\tools\CoralQQ_5.0_diy\npkcrypt.sys><INCA Internet Co., Ltd.>
[320 SPACEC@M / ovt519][Stopped/Manual Start]
  <System32\Drivers\ov519vid.sys><N/A>
[PnpWmkDrv / PnpWmkDrv][Running/System Start]
  <\??\C:\WINDOWS\System32\drivers\PnpWmkDrv.sys><Windows (R) 2000 DDK provider>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ROCKEYNT / ROCKEYNT][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\Rockeynt.sys><FeiTian Tech Co.,Ltd>
[Secdrv / Secdrv][Running/Auto Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[SMC IrCC Miniport Device Driver / SMCIRDA][Running/Manual Start]
  <System32\DRIVERS\smcirda.sys><SMC>
[Jiangmin AntiVirus Software - System Guard / SysGuard][Running/Boot Start]
  <\SystemRoot\system32\Drivers\SysGuard.sys><Jiangmin Co., Ltd.>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><N/A>
[U.S. Robotics 802.11g Wireless Turbo Adapter / USR11G][Stopped/Manual Start]
  <System32\DRIVERS\USR11G.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[Veo Mobile/Advanced Web Camera / XIRLINK][Stopped/Manual Start]
  <System32\DRIVERS\ucdnt.sys><Xirlink, Inc>
[XPROTECTOR / XPROTECTOR][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\Oreans.sys><N/A>
[KVFileGuard From Jiangmin / KVFileGuard][Running/Manual Start]
  <\??\E:\Program Files\JiangMin\AntiVirus\KVfg.sys><Jiangmin Co., Ltd.>
[KVREDIR / KVREDIR][Running/System Start]
  <\??\E:\Program Files\JiangMin\AntiVirus\KVREDIR.sys><Jiangmin Co., Ltd.>

==================================
浏览器加载项
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[Invoke Class]
  {5FB8C5D4-929F-4870-89E2-7E3EE26EE701} <C:\WINDOWS\system32\be61.dll, N/A>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <E:\Program Files\JiangMin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[]
  {8F776B2A-72DF-40C1-BD69-EDB642A706D7} <C:\WINDOWS\system32\bho.dll, N/A>
[Adobe Common Objects]
  {C86488AF-13D5-4FEF-9DDF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_7493.dll, Microsoft Corporation>
[RegisterHelper Class]
  {FF354A24-B490-4D4F-8EEC-B3ACD6E681A4} <E:\Program Files\JiangMin\AntiVirus\UrlGuard.dll, Jiangmin Co., Ltd.>
[Flash2X Flash Hunter]
  {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} <, N/A>
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <E:\Program Files\JiangMin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[MSN Photo Upload Tool]
  {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[IMCv1 Control]
  {6924091F-CD97-41E1-B1D4-D9079409D413} <C:\WINDOWS\DOWNLO~1\imcv1.dll, 北京莲塘软件技术有限公司 Liantang Software Tech. Inc. (http://www.lotuspond.com.cn)>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\System32\muweb.dll, Microsoft Corporation>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[Hotmail Attachments Control]
  {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} <C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx, Microsoft Corporation>
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <, N/A>
[Thunder5下载]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\WINDOWS\ThunderBHONew.dll, N/A>
[Invoke Class]
  {5FB8C5D4-929F-4870-89E2-7E3EE26EE701} <C:\WINDOWS\system32\be61.dll, N/A>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <E:\Program Files\JiangMin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[]
  {8F776B2A-72DF-40C1-BD69-EDB642A706D7} <C:\WINDOWS\system32\bho.dll, N/A>
[]
  {A0CB0C8A-BA9D-4B91-B659-5A6556C6F477} <C:\Program Files\scNine\Boos.dll, >
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <E:\Program Files\JiangMin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[Adobe Common Objects]
  {C86488AF-13D5-4FEF-9DDF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_7493.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[RegisterHelper Class]
  {FF354A24-B490-4D4F-8EEC-B3ACD6E681A4} <E:\Program Files\JiangMin\AntiVirus\UrlGuard.dll, Jiangmin Co., Ltd.>
[上传到QQ网络硬盘]
  <E:\tools\CoralQQ_5.0_diy\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <E:\tools\CoralQQ_5.0_diy\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\tools\CoralQQ_5.0_diy\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\tools\CoralQQ_5.0_diy\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 684][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 772][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 800][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 848][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 864][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1060][C:\WINDOWS\System32\Ati2evxx.exe]  [, ]
[PID: 1076][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1160][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1212][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1256][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1304][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1420][E:\Program Files\JiangMin\AntiVirus\kvsrvxp.exe]  [Jiangmin Co., Ltd., 10, 0, 7, 1113]
[C:\WINDOWS\system32\HiveBase.dll]  [Jiangmin Co., Ltd., 1, 0, 7, 717]
[C:\WINDOWS\system32\kvinstall.dll]  [Jiangmin Co.,Ltd, 2, 0, 7, 831]
[E:\Program Files\JiangMin\AntiVirus\SvcSafe.dll]  [Jiangmin Co., Ltd., 11, 0, 7, 1222]
[E:\Program Files\JiangMin\AntiVirus\lang\SvcSafe0804.lng]  [N/A, ]
[E:\Program Files\JiangMin\Kernel\Scan.dll]  [Jiangmin Co., Ltd., 2, 0, 7, 1104]
[E:\Program Files\JiangMin\Kernel\EngFace.dll]  [Jiangmin Co., Ltd., 2, 0, 7, 1125]
[E:\Program Files\JiangMin\Kernel\UNACE.dll]  [N/A, ]
[E:\Program Files\JiangMin\AntiVirus\FileGuardNT.dll]  [Jiangmin Co., Ltd., 11, 2, 7, 1226]
[E:\Program Files\JiangMin\AntiVirus\NetGuard.dll]  [Jiangmin Co., Ltd., 2, 0, 7, 1206]
[E:\Program Files\JiangMin\KVOL\autoUpdate.dll]  [Jiangmin Co.Ltd, 2, 0, 7, 1218]
[E:\Program Files\JiangMin\common\KvTrustService.dll]  [Jiangmin Co., Ltd., 10, 0, 7, 1224]
[E:\Program Files\JiangMin\common\KvTools.dll]  [Jiangmin Co., Ltd., 2, 0, 7, 1205]
[E:\Program Files\JiangMin\common\KvTxd.dll]  [Jiangmin Co., Ltd., 10.0.6.1106]
[E:\Program Files\JiangMin\antivirus\KVAutoLS.dll]  [Jiangmin Co.Ltd, 2, 0, 7, 904]
[E:\Program Files\JiangMin\AntiVirus\GuardPS.dll]  [Jiangmin Co., Ltd., 2, 0, 7, 822]
[E:\Program Files\JiangMin\common\KvTrust.dll]  [Jiangmin Co., Ltd., 10, 0, 7, 1224]
[E:\Program Files\JiangMin\common\KvTrustServicePS.dll]  [Jiangmin Co., Ltd., 10, 0, 7, 918]
[C:\WINDOWS\system32\MSCOREE.DLL]  [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll]  [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[E:\Program Files\JiangMin\KVOL\UpdatePlugIn.dll]  [Jiangmin Co., Ltd., 1, 0, 6, 831]
[PID: 1528][c:\program files\common files\microsoft shared\vgx\smss.exe]  [Microsoft Corporation, 1.4576.2353]
[C:\WINDOWS\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
[PID: 1844][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 244][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 492][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5062]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5062]
[C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.5062]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5062]
[PID: 500][C:\Program Files\Compaq\Hotkey Software\hkss.exe]  [Compaq Computer Corporation, 1.1.D3]
[C:\Program Files\Compaq\Hotkey Software\support.dll]  [Compaq Computer Corporation, 1.1.D3]
[C:\Program Files\Compaq\Hotkey Software\hksshook.dll]  [Compaq Computer Corporation, 1.1.D3]
[PID: 528][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1116][G:\PhoneConnectorVMC.exe]  [Vodafone, 2, 1, 6, 1]
[G:\xerces-c_2_7.dll]  [Apache Software Foundation, 2, 7, 0]
[PID: 1392][G:\vmc.exe]  [Vodafone, 2.01.0006]
[C:\WINDOWS\system32\VB6CHS.DLL]  [Microsoft Corporation, 6.00.8988]
[C:\PROGRA~1\Vodafone\VMCLite\UniBox10.ocx]  [Woodbury Associates Limited, 1.0.3.64]
[C:\Program Files\Vodafone\VMCLite\UniBoxVB12.ocx]  [Woodbury Associates Limited, 1.02.0033]
[C:\PROGRA~1\Vodafone\VMCLite\CODEJO~3.OCX]  [Codejock Software, 10, 2, 0, 0]
[C:\PROGRA~1\Vodafone\VMCLite\CODEJO~1.OCX]  [Codejock Software, 10, 2, 0, 0]
[C:\PROGRA~1\Vodafone\VMCLite\CODEJO~2.OCX]  [Codejock Software, 10, 2, 0, 0]
[G:\LanguageManagerDll.dll]  [TODO: <Company name>, 1.0.0.1]
[C:\Program Files\Compaq\Hotkey Software\hksshook.dll]  [Compaq Computer Corporation, 1.1.D3]
[PID: 2472][C:\Documents and Settings\XP\桌面\sreng\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
[C:\Documents and Settings\XP\桌面\sreng\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
[PID: 3900][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\Program Files\JiangMin\AntiVirus\KsPec.dll]  [Jiangmin Co., Ltd., 1, 0, 7, 903]
[E:\Program Files\JiangMin\common\KvTrust.dll]  [Jiangmin Co., Ltd., 10, 0, 7, 1224]
[E:\Program Files\JiangMin\common\KvTools.dll]  [Jiangmin Co., Ltd., 2, 0, 7, 1205]
[C:\WINDOWS\system32\HiveBase.dll]  [Jiangmin Co., Ltd., 1, 0, 7, 717]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  Error. []
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 492, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 500, C:\PROGRAM FILES\COMPAQ\HOTKEY SOFTWARE\HKSS.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1116, G:\PHONECONNECTORVMC.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1392, G:\VMC.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 232, C:\DOCUMENTS AND SETTINGS\XP\桌面\WORK\THEWORLD.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
[513] E:\Program Files\JiangMin\AntiVirus\KVMonXP.kxp
[1520] c:\windows\system32\com\services.exe

==================================

[/CODE]

显示全部楼层 · 发表于 2008-1-6 10:33:08

谢谢大哥，真乃高手，全说对了。

请问“启动项”要如何删除？

显示全部楼层 · 发表于 2008-1-6 10:38:01

进入注册表删,也可用工具

显示全部楼层 · 发表于 2008-1-6 10:39:26

用sreng就删除，或者运行regedit，手动删除。
把病毒库升级到最新，重启到安全模式，断掉网络扫描。再用360、流氓软件清理助手等清理一下。

水平有限，只能看出这些，你的电脑病得不轻，让高手再给把把脉吧！

显示全部楼层 · 发表于 2008-1-6 10:46:28

谢谢大哥，用regedit删除了。但是结束services.exe的时候却弹出窗口说无法中止进程“该进程为关键系统进程，任务管理器无法结束进程”。该如何结束呢？

[已解决] 请教：桌面自动刷新并关闭程序

本帖子中包含更多资源