电脑爱好者论坛's Archiver

辉少 发表于 2007-12-7 03:59

帮你查病毒

如果你怀疑你的电脑中病毒了,或已经中了病毒但不知道怎么办
请下载解压下面的附件,运行里面的"辉少查毒.exe"程序,然后
[size=4][color=Red]把该目录下的"辉少查毒.txt"的内容重新开张帖发上来。[/color][/size]
我们可以帮你初步断定是否中毒,及查杀方法。
希望有杀毒经验的朋友能进来帮忙解答。
由于我们的经验也有限
所以有不便之处,敬请原谅

[size=4][color=Red]在此我就要特别的感谢我的师兄doudoukiki的大力支持[/color][/size]

为了更容易更准确的帮你查看
请你在运行前要关闭其他程序和先清理插件
就是在这
[url]http://bbs.aihaozhe.net/thread-16612-1-1.html[/url]
下载这两个绿色小软件清理完再运行<辉少查毒>

注:
这个只是只是查查进程,启动项目,IE加载项,资源管理器加载项,映像劫持,HOSTS文件内容,autorun病毒;另外会帮你解锁注册表,打开隐藏文件,清理垃圾,自动连接到本论坛.本软件并不能非常准确的判断你的电脑有没有病毒,仅作参考而已.

此软件还有待改进,发现还有一些需要添加的,如果朋友有兴趣可以提出建议,好让我加以改进

08年3月10奉上新修改的版本

[[i] 本帖最后由 辉少 于 2008-3-10 16:33 编辑 [/i]]

fkegw 发表于 2007-12-7 09:16

进来看看,好好学习一下

tiacy000 发表于 2007-12-7 11:31

瞄瞄。。。。

辉少 发表于 2007-12-7 19:01

请大家在这里
[url]http://bbs.aihaozhe.net/forum-87-1.html[/url]
重新开一张新贴

请下载解压下面的附件,运行里面的"辉少查毒.exe"程序,然后把该目录下的"辉少查毒.txt"的内容重新开张帖发上来

辉少 发表于 2007-12-7 20:18

[quote]原帖由 [i]2721945999[/i] 于 2007-12-7 18:00 发表 [url=http://bbs.aihaozhe.net/redirect.php?goto=Findpost&pid=69157&ptid=16614][img]http://bbs.aihaozhe.net/images/common/back.gif[/img][/url]
2007-12-07 星期五,17:55:53.14
              
----------------进程及其启动命令--------------
  PROCESS            PID COMMAND LINE
smss.exe             684 \SystemRoot\System32\smss.exe
csrss.exe ... [/quote]

你的启动项比较多,如果你觉得比较慢的话
可以在运行中输入"msconfig"在启动那减少一些
删掉这个吧,HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe
其他的基本上没问题
如果你觉得有问题的话再PM我吧

阿j 发表于 2007-12-8 00:55

我发了贴了
麻烦帮我看看

燕子 发表于 2007-12-8 19:37

有这么好??

辉少 发表于 2007-12-8 23:34

[quote]原帖由 [i]燕子[/i] 于 2007-12-8 19:37 发表 [url=http://bbs.aihaozhe.NET/redirect.php?goto=Findpost&pid=69289&ptid=16614][img]http://bbs.aihaozhe.net/images/common/back.gif[/img][/url]
有这么好?? [/quote]

不敢说百分百的
尽量罗
希望可以能帮到大家
一般的都可以的哦

辉少 发表于 2007-12-9 01:27

为了避免贴子的编幅太长,把两位坛友的回贴去掉了
在这里说声不好意思了

燕子 发表于 2007-12-9 17:10

谢谢了
:victory:

我很受伤 发表于 2007-12-9 23:12

支持一下

baozhu 发表于 2007-12-10 09:16

回复 1# 的帖子

:) :) 好的,谢谢支持

364258977 发表于 2007-12-11 13:20

:loveliness:

辉少 发表于 2007-12-13 13:58

856523
110924

心要流浪 发表于 2007-12-14 23:03

我用了一下.不错有点意思.:loveliness:

辉少 发表于 2007-12-14 23:06

[quote]原帖由 [i]心要流浪[/i] 于 2007-12-14 23:03 发表 [url=http://bbs.aihaozhe.net/redirect.php?goto=findpost&pid=70138&ptid=16614][img]http://bbs.aihaozhe.net/images/common/back.gif[/img][/url]
我用了一下.不错有点意思.:loveliness: [/quote]

用了就发上来我帮你看看啊

阿j 发表于 2007-12-15 00:22

人气不怎么好

xiaohuang124 发表于 2007-12-15 22:14

怎么也不介绍介绍你这个软件都能查,杀什么病毒之类的呢
不过我也顶一顶了

大海之鱼 发表于 2007-12-16 16:30

[quote]原帖由 [i]我很受伤[/i] 于 2007-12-9 21:12 发表 [url=http://bbs.aihaozhe.net/redirect.php?goto=findpost&pid=69418&ptid=16614][img]http://bbs.aihaozhe.net/images/common/back.gif[/img][/url]
支持一下 [/quote]

PS和尚 发表于 2007-12-16 23:09

2007-12-16 星期日,0
              
----------------进程及其启动命令--------------
  PROCESS            PID COMMAND LINE
smss.exe             472 \SystemRoot\System32\smss.exe
csrss.exe            604 C:\windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllinitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe         660 winlogon.exe
services.exe         752 C:\windows\system32\services.exe
lsass.exe            764 C:\windows\system32\lsass.exe
svchost.exe         1120 C:\windows\system32\svchost -k DcomLaunch
svchost.exe         1228 C:\windows\system32\svchost -k rpcss
svchost.exe         1448 C:\windows\system32\svchost.exe -k netsvcs
svchost.exe         1496 C:\windows\system32\svchost.exe -k NetworkService
ShadowService.exe      288 C:\WINDOWS\system32\shadow\ShadowService.exe
Explorer.EXE        1300 C:\windows\Explorer.EXE
360Tray.exe         1408 "D:\Program Files\360safe\safemon\360Tray.exe" /start
SOUNDMAN.EXE        1416 "C:\windows\SOUNDMAN.EXE"
ShadowTip.exe       1480 "C:\windows\system32\Shadow\ShadowTip.exe"
ctfmon.exe          1464 "C:\windows\system32\ctfmon.exe"
svchost.exe         1960 C:\windows\system32\svchost.exe -k imgsvc
QQDownload.exe      1756 "D:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart
QQ.exe              1520 "D:\Program Files\Tencent\QQ\QQ.exe"
AssistantGUI.exe     2808 "D:\Program Files\淘宝网\淘宝助理3\AssistantGUI.exe"
WangWang.exe        1572 "D:\Program Files\Alisoft\WangWang\WangWang.exe"
Maxthon.exe         2380 "D:\Program Files\Maxthon2\Maxthon.exe" "http://member1.taobao.com/member/login.jhtml?v=c0b6c9abcce1c7d9bbc6c1e1202020202020202020202020202020202020202047651f1e383230323566636234333137393631343032653732376533363630336638346602&TPL_redirect_url=http%3A%2F%2Fstore.taobao.com%2Fshop%2Fview_shop.htm%3Fasker%3Dwangwang%26shop_nick%3D%25C0%25B6%25C9%25AB%25CC%25E1%25C7%25D9%25BB%25C6%25C1%25E1&action=authenticator&event_submit_do_login=anything"
KingTrans.exe        964 "D:\Program Files\Kingsoft\FastAIT 2006\KingTrans.exe"
辉少查毒.EXE        3612 "C:\Documents and Settings\Administrator\桌面\辉少查毒\辉少查毒.EXE"
conime.exe          2548 C:\windows\system32\conime.exe
cmd.exe             1000 cmd.exe /c C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bt8547.bat
辉少查毒.com        3188 "辉少查毒.com" -l
-
-------------------注册表启动项-------------------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    360Safetray        REG_SZ        D:\Program Files\360safe\safemon\360Tray.exe /start
    SoundMan        REG_SZ        SOUNDMAN.EXE
    RunShadowTip        REG_SZ        C:\windows\system32\Shadow\ShadowTip.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    ctfmon.exe        REG_SZ        C:\windows\system32\ctfmon.exe

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
-
-------------------引导执行----------------------------
-
-------------------初始程序----------------------------
-
-------------------资源管理器加载项---------------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    {AEB6717E-7E19-11d0-97EE-00C04FD91972}        REG_SZ       

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    PostBootReminder        REG_SZ        {7849596a-48ea-486e-8937-a2a3009f31a9}
    CDBurn        REG_SZ        {fbeb8a05-beee-4442-804e-409d6c4515e9}
    WebCheck        REG_SZ        {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    SysTray        REG_SZ        {35CEC8A3-2BE6-11D2-8773-92E220524153}
    WPDShServiceObj        REG_SZ        {AAA288BA-9A4C-45B0-95D7-94D524869DB5}

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
    {438755C2-A8BA-11D1-B96B-00A0C90312E1}        REG_SZ        Browseui 预加?
    {8C7461EF-2B13-11d2-BE35-3078302C2030}        REG_SZ        组件类别
-
-------------------IE加载项----------------------------

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlSearchHooks
    {78B2F60E-AFA5-4d3d-A49E-2BFF013D9D23}        REG_SZ        coolbar
    {CFBFAE00-17A6-11D0-99CB-00C04FD64497}        REG_SZ       

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions
-
-------------------映像劫持----------------------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jAvai.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVIDEoFX.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE
-
-------------------HOSTS文件内容----------------------------
#本文件由《Windows优化大师》生成,您也可以在此处手动编辑该文件
#格式为IP地址 域名
218.75.76.205 [url]www.10jqka.com.cn[/url]
-
-------------------各个盘的autorun.inf----------------------------


x谢谢帮我看看

页: [1] 2 3 4 5

Powered by Discuz! Archiver 7.0.0  © 2001-2007 Comsenz Inc.