来源:蜘蛛抓取(WebSpider)
时间:2016-07-24 19:30
标签:
1067进程意外终止
中了木马 协助一下. c:\windows\system32\services.exe cpu 50%
中了木马 协助一下.
中了一个会记录密码的木马
名称 win32.Troj.Generic.kd.(kcloud)
档名:ycuza.exe
用防毒清除后,
c:\windows\system32\services.exe cpu会使用到50%
木马会把 桌面.开始.和工作管理员等都禁止使用.
请问如何把 services.exe cpu会使用到50%的问题处理好.
附上HijackThis log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 下午 01:34:44, on
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\kingsoft\kingsoft antivirus\kxescore.exe
C:\Program files\KSafe\KSafeSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Qliner Hotkeys\HotKeys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Program Files\eBoostr\eBoostrCP.exe
D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\system32\conime.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\CMBCHINA\WebProtect\WPService.exe
e:\DeltaCopy\DCServce.exe
e:\DeltaCopy\rsync.exe
d:\Program Files\eBoostr\EBstrSvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
D:\UniServer\usr\local\mysql\bin\mysqld-opt.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
D:\UniServer\usr\local\apache2\bin\Apache.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
D:\UniServer\usr\local\apache2\bin\Apache.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\KSafe\KSafeTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\kingsoft\kingsoft antivirus\kxetray.exe
C:\Program Files\ESTsoft\ALZip\ALZip.exe
e:\temp\_AZTMP0_\RootkitRevealer.exe
e:\Temp\UANDWIBEIZ.exe
E:\tool\HijackThis.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
O1 - Hosts: 122.116.16.
O1 - Hosts: 122.116.16.117
O1 - Hosts: 127.94.0.1 client.openvpn.net
O1 - Hosts: 127.94.0.2 openvpn-client.
O2 - BHO: IE7Pro - {8-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD--FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebProtect.IEHlpObj - {CA8-4C7C-B8FC063B} - C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll
O2 - BHO: HaoKanBar BrowserHelper - {B70-4A5B-B789-B25FE09B4AF3} - C:\Program Files\Super Rabbit\IeProt\haokanbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: ALiBaBar_Helper - {CE439C63-384A-747A-A357-23D96B5D652B} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC85b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\15.0.874.121\npchrome_frame.dll
O3 - Toolbar: ALiBaBar - {0AC2-11D6-8E45-35} - (no file)
O3 - Toolbar: Adobe PDF - {C5--0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: GotoYa上网精灵 - {4FD-4F15-9B46-F4E} - C:\Program Files\Super Rabbit\IeProt\haokanbar.dll
O4 - HKLM\..\Run: [00Hotkeys] "C:\Program Files\Qliner Hotkeys\HotKeys.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [kxesc] "c:\program files\kingsoft\kingsoft antivirus\kxetray.exe" -autorun
O4 - HKLM\..\Run: [AntiVirusWmSrv] C:\Program Files\Super Rabbit\MagicSet\KillVirus\killvirus.exe -PowerOn
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [9DAB66F4AA6EBB76ED1B56AC4C9752003DAFA4C9._service_run] "C:\Documents and Settings\gavin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to WebSite-Watcher - C:\Documents and Settings\gavin\Application Data\aignes\WebSite-Watcher\config\settings\wswie.htm
O8 - Extra context menu item: Download All by ASUS Download - C:\Program Files\ASUS\RT-N16 Wireless Router Utilities\ASDownloadAll.htm
O8 - Extra context menu item: Download using ASUS Download - C:\Program Files\ASUS\RT-N16 Wireless Router Utilities\ASDownload.htm
O8 - Extra context menu item: Google 网页注解... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89DAC4.dll/cmsidewiki.html
O8 - Extra context menu item: 下载编码内容(S&martGet) - E:\tool\SmartGet1.45.3\dl_text.html
O8 - Extra context menu item: 使用S&martGet下载 - E:\tool\SmartGet1.45.3\dl_link.htm
O8 - Extra context menu item: 全部使用Smart&Get下载 - E:\tool\SmartGet1.45.3\dl_all.htm
O8 - Extra context menu item: 剪贴簿文字:
简 & 繁 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToTrad
O8 - Extra context menu item: 剪贴簿文字:
繁 & 简 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToSim
O8 - Extra context menu item: 汇出至 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加为广告过滤图片 - C:\Program Files\Super Rabbit\IeProt\AddBlock.htm
O8 - Extra context menu item: 网页:
[简体] 显示 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToSim
O8 - Extra context menu item: 网页:
[繁体] 显示 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToTrad
O8 - Extra context menu item: 转换到现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换连结目标到现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换连结目标为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换选定的连结到现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 转换选定的连结为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 转换选择内容到现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换选择内容为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: IE7Pro Grab and Drag - {-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: Gears 设定(&G) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: 发布至部落格 - {219C-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: 使用 Windows Live Writer 发布至部落格(&B) - {219C-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2EAF5BB1-070F-11D3-FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite - {2EAF5BB1-070F-11D3-FAE2D4F} - (no file)
O9 - Extra button: 建立行动最爱... - {2EAF5BB2-070F-11D3-FAE2D4F} - (no file)
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra button: 参考资料 - {CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra 'Tools' menuitem: 参考资料 - {CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088--f2ba} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088--f2ba} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-3D} (Edit Class) - /download/CMBEdit.cab
O16 - DPF: {0F71B5FF-C4FA-452F-AE38-FDED891A6E62} (PostWebViewer.IFBKWebViewer) - http://ezgo.post.gov.tw/asgiro/Activex/PostWebViewer.CAB
O16 - DPF: {173D9E48-B527-4AA0-A929-30B} (DVRemoteControl Class) - http://kncctv3.no-ip.org/DVRemoteAx.cab
O16 - DPF: {3C232DA1-E9AC-4C74-A792-2A686F7315EE} (GPKICryptATL Class) - http://eservice.nhi.gov.tw/Personal1/System/SMC/FSGPKICryptATL.cab
O16 - DPF: {3D3B42C2-11BF--A} (UploadListView Class) - .tw/s/v/57.11/uploader2.cab
O16 - DPF: {4ABB-401E-9B30-EB} (ErrCodeATL Class) - http://eservice.nhitb.gov.tw/nhiweb1/System/SMC/FSErrCodeATL.cab
O16 - DPF: {7C77A951--A86B-4CAB041CE5D8} (FuDvrOcx Control) - http://114.32.150.171/FuDvrOcx.cab
O16 - DPF: {83154BA7-FA32-42D9-98D0-BA7C9E5A3D0A} (Gcms Control) - http://moica.nat.gov.tw/html/gcms.cab
O16 - DPF: {A6-48B5-B776-16D} (FirstBankATM Class) - .tw/firstbank_ie32.cab
O16 - DPF: {A8C1E502-4FCF-4AF2-ADDB-ABF540CA5BA7} (XVideoShow Control) - http://webcam.www.gov.tw/includes/plugin/xVideoShow.cab
O16 - DPF: {BB76BF14-7D3D-48CA-A8FB040} (FSHCA Class) - http://eservice.nhitb.gov.tw/nhiweb1/System/SMC/FSHCAATL.cab
O16 - DPF: {E2F-4FB0-9522-AC9BF37916A7} - /NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E2884F7F-B5B7-4B55-8DEC-A572DF656CEF} (MitacPKI.MitacGPKI) - http://www.etax.nat.gov.tw/wSite/MitacPKI.CAB
O16 - DPF: {EA9EBB6D-6CBB-4BF8-9A12-E0664FFFF93E} (AresPKIAtx.AtxClient) - http://www.e-services.taipei.gov.tw/AresPKIAtx.cab
O16 - DPF: {FB-4E14-8ED9-96E7A18DB894} (XCSP Class) - .tw/webatm/cabs/esuncsp.cab
O16 - DPF: {F2AE6A46--AD11-8F5C9EAEACBD} (iPointCommentSets Object) - .tw/IPWO.ocx
O16 - DPF: {FC0A62EE-547F-47BE-9B05-F88F61E1BCF7} (Pkcs7Sign Control) - http://nas.immigration.gov.tw/nasf/SmartPKI.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02C7241A-72EE-4970-A3AC-914AD7954187}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{885D96A7-DE7A-452D-93B42F0}: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{02C7241A-72EE-4970-A3AC-914AD7954187}: NameServer = 8.8.8.8
O18 - Protocol: about - {B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\15.0.874.121\npchrome_frame.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9DC8-11D0-A4CC-F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9DC8-11D0-A4CC-F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: ms-itss - {0A6-11D3-05754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {2-49B2-880A-1F} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: skype-ie-addon-data - {5-4E58-B298-A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O22 - SharedTaskScheduler: Browseui preloader - {-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-0} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour 服务 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cmb WebProtect Support (CMBWPS) - China Merchants Bank - C:\Program Files\CMBCHINA\WebProtect\WPService.exe
O23 - Service: DeltaCopy Server (DeltaCopyService) - Synametrics Technologies - e:\DeltaCopy\DCServce.exe
O23 - Service: eBoostr Service (EBOOSTRSVC) -
- d:\Program Files\eBoostr\EBstrSvc.exe
O23 - Service: Google 更新服务 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google 更新 服务 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: iPod 服务 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KSafe service (KSafeSvc) - Kingsoft Corporation - C:\Program files\KSafe\KSafeSvc.exe
O23 - Service: Kingsoft Core Service (kxescore) - Kingsoft Corporation - c:\program files\kingsoft\kingsoft antivirus\kxescore.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: OpenVPN Access Client (OpenVPNAccessClient) - Unknown owner - C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Start BT in service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: UANDWIBEIZ - Sysinternals -
- e:\Temp\UANDWIBEIZ.exe
End of file - 19004 bytes
你都知道是木马了 病毒档名也有ycuza.exe
用防毒杀掉不就可以了?!
这是个砲来砲去的地方...
问题是 cpu 占了 50% c:\windows\system32\services.exe
你先把services.exe压缩+密码后上传上来看看
你可以试试看:
一、首先检查系统服务的状态。
1. 点“开始”–&“执行”,输入“services.msc”后按“确定”。
2. 在服务“Automatic Updates”上点二下。
3. 点选“登入”页签,确定登入身分为“本机系统帐户”且“允许服务与桌面互动”“没有”被选取。
4. 确认服务已在目前的“硬件设定档”中被启用,如果没有,按下“启用”按钮。
5. 点选“一般”页签,确定“启动类型”为“自动”,然后按下“启动”按钮以启动服务。
6. 对“Background Intelligent Transfer Service (BITS) ”服务重复2 ~ 5的步骤。
二、接着重新注册Windwos Update的元件。
1. 点选“开始”–&“执行”。
2. 输入“REGSVR32 WUAPI.DLL”后按Enter。
3. 当看到“DllRegisterServer 在WUAPI.DLL成功” 的讯息后按下“确定”。
4. 重复上述步骤重新注册下列元件
REGSVR32 WUAUENG.DLL
REGSVR32 WUAUENG1.DLL
REGSVR32 ATL.DLL
REGSVR32 WUCLTUI.DLL
REGSVR32 WUPS.DLL
REGSVR32 WUPS2.DLL
REGSVR32 WUWEB.DLL
三、最后更名可能已损坏了的Windows Update暂存目录。
1. 点“开始”–&“执行”,输入“cmd”后按“确定”。
2. 在命令提示字符中键入以下指令。(若出现错误讯息请先重开机后再报执行一次)
net stopWuAuServ
2. 点“开始”–&“执行”,输入“%windir%”后按“确定”。
3. 找到“SoftwareDistribution”并更名为“SDold”。
4. 点“开始”–&“执行”,输入“cmd”后按“确定”,并在在命令提示字符中键入以下指令。
net start WuAuServ
四、大功告成!
一山还有一高,鸡蛋还有鸡蛋糕...!!!
附加压缩档: (登入后即可下载档案)
请帮忙看一下吧.
使用强大的闪电杀毒手扫描清掉可疑程式
网址:/cn/mini/cleantool/index.html
※建议可以下载后完成更新,进入安全模式再操作
/zh-TW/windows-vista/Start-your-computer-in-safe-mode
nokiamobile wrote:
附加压缩档: 201...(恕删)
档案没问题....
上面方法有试过了吗...?~
一山还有一高,鸡蛋还有鸡蛋糕...!!!
