BYR Achieve · 镜像论坛

当前运行的进程： C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\notepad.exe C:\WINDOWS\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe d:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\chinchin\LOCALS~1\Temp\Rar$EX00.156\HijackThis.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- 注册表中的启动项: HKLM\Software\Microsoft\Windows\CurrentVersion\Run IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName IgfxTray = C:\WINDOWS\system32\igfxtray.exe HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe kav = "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" (Default) = KTPWare = C:\Program Files\Elantech\ktp.exe SoundMan = SOUNDMAN.EXE TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot Acrobat Assistant 8.0 = "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" SunJavaUpdateSched = E:\workshop\Java\jre1.5.0_06\bin\jusched.exe IMSCMig = C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload {0228e555-4f9c-4e35-a3ec-b109a192b4c2} = D:\Program Files\Google\Gmail Notifier\gnotify.exe 360Safetray = D:\Program Files\360安全卫士\safemon\360Tray.exe /start -------------------------------------------------- 注册表中的启动项: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [360Disabled] Yacc = rem d:\Program Files\亿目加速器\YACC.exe DAEMON Tools = rem "d:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 [OptionalComponents] * 未找到值 * -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [360Disabled] MsnMsgr = rem "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background -------------------------------------------------- 文件打开方式关联 for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (黙认) = C:\WINDOWS\notepad.exe %1 -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=* 未找到INI相关项目值 * run=* 未找到INI相关项目值 * Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 * HKLM\..\Windows NT\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 * HKLM\..\Windows\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 * HKLM\..\Windows\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 * HKCU\..\Windows NT\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 * HKCU\..\Windows NT\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 * HKCU\..\Windows\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 * HKCU\..\Windows\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 * HKCU\..\Windows NT\CurrentVersion\Windows: load=* 未找到相关注册表键值 * HKCU\..\Windows NT\CurrentVersion\Windows: run=* 未找到相关注册表键值 * HKLM\..\Windows NT\CurrentVersion\Windows: load=* 未找到相关注册表键值 * HKLM\..\Windows NT\CurrentVersion\Windows: run=* 未找到相关注册表键值 * HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=apihookdll.dll -------------------------------------------------- 外壳扩展和屏幕保护程序的键值从 C:\WINDOWS\SYSTEM.INI: Shell=* 未找到INI相关项目值 * SCRNSAVE.EXE=* 未找到INI相关项目值 * drivers=* 未找到INI相关项目值 * 外壳扩展和屏幕保护程序的键值从注册表 Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr drivers=* 未找到相关注册表键值 * Policies Shell key: HKCU\..\Policies: Shell=* 未找到相关注册表键值 * HKLM\..\Policies: Shell=* 未找到相关注册表键值 * -------------------------------------------------- 列举IE浏览器辅助对象(BHO模块): (no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - E:\workshop\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045} (no name) - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910} (no name) - C:\WINDOWS\DOWNLO~1\BaiDuBar.dll - {B580CF65-E151-49C3-B73F-70B13FCA8E86} (no name) - D:\Program Files\360安踩全卫朗士縗\safemon\safemon.dll (file missing) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -------------------------------------------------- 列举下载的程序文件： [Edit Class] InProcServer32 = C:\WINDOWS\system32\CMBEdit.dll CODEBASE = https://site.cmbchina.com/download/CMBEdit.cab [AxInputControl Class] InProcServer32 = C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL CODEBASE = https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: C:\DOCUME~1\chinchin\LOCALS~1\Temp\_iu14D2N.tmp|||C -------------------------------------------------- 列举 ShellServiceObjectDelayLoad 项目： PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll

求助 帮看看电脑有啥不正常的

求助帮看看电脑有啥不正常的