遭遇XP-664129A8.EXE
来源:互联网 发布:淘宝视频营销 编辑:程序博客网 时间:2024/05/16 05:42
遭遇XP-664129A8.EXE
前两天一位的同事电脑出了问题:鼠标可以动使用,但系统失去响应,无法关机。请偶帮忙检修。
关掉电脑电源,再打开,进入带网络连接的安全模式,下载pe_xscan 扫描log并分析,发现如下可疑项:
pe_xscan 10-03-26 by Purple Endurer
2010-6-29 17:13:42
Windows XP Service Pack 3(5.1.2600)
MSIE:6.0.2900.5512
管理员用户组
带网络连接的安全模式O2 - IeAddOn(HklmExPr) - JsObject Class - {11CC93E4-0BE6-4f8f-82AA-D577FB955B05}
= C:/Program Files/Baidu/AddressBar/AddressBar.dll | 2010-5-23 21:35:59 | AddressSearch Module | 1, 0, 2, 15 | AddressSearch Module | Copyright 2009 | 1, 0, 2, 15| ?| ? | AddressSearch | AddressBar.DLL
O2 - IeAddOn(HklmExPr) - 百度工具栏辅助对象 - {A7F05EE4-0426-454F-8013-C41E3596E9E9}
= C:/Program Files/Baidu/Toolbar/BaiduBarX.dll | 2010-5-23 21:37:53 | Baidu Toolbar | 2, 0, 5, 32 | Baidu Toolbar For IE | Copyright 2009 | 2, 0, 5, 32| ?| ? | BaiduBarX | BaiduBarX.DLL
O2 - IeAddOn(HklmExPr) - 百度工具栏个性化首页支持组件 - {E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46}
= C:/Program Files/Baidu/Toolbar/BaiduBarX.dll | 2010-5-23 21:37:53 | Baidu Toolbar | 2, 0, 5, 32 | Baidu Toolbar For IE | Copyright 2009 | 2, 0, 5, 32| ?| ? | BaiduBarX | BaiduBarX.DLL
O2 - IeAddOn(HkcuExSt) - SearchHook Class - {00000000-0593-4356-9CF7-1D8C2B3343C0}
= C:/Program Files/Baidu/AddressBar/AddressBar.dll | 2010-5-23 21:35:59 | AddressSearch Module | 1, 0, 2, 15 | AddressSearch Module | Copyright 2009 | 1, 0, 2, 15| ?| ? | AddressSearch | AddressBar.DLL
O2 - IeAddOn(HkcuExSt) - Baidu Toolbar BHO - {77FEF28E-EB96-44FF-B511-3185DEA48697}
= C:/Program Files/Baidu/Toolbar/BaiduBarX.dll | 2010-5-23 21:37:53 | Baidu Toolbar | 2, 0, 5, 32 | Baidu Toolbar For IE | Copyright 2009 | 2, 0, 5, 32| ?| ? | BaiduBarX | BaiduBarX.DLL
O2 - IeAddOn(HkcuExSt) - 百度工具栏辅助对象 - {A7F05EE4-0426-454F-8013-C41E3596E9E9}
= C:/Program Files/Baidu/Toolbar/BaiduBarX.dll | 2010-5-23 21:37:53 | Baidu Toolbar | 2, 0, 5, 32 | Baidu Toolbar For IE | Copyright 2009 | 2, 0, 5, 32| ?| ? | BaiduBarX | BaiduBarX.DLL
O2 - IeAddOn(HkcuExSt) - Baidu Toolbar - {B580CF65-E151-49C3-B73F-70B13FCA8E86}
= C:/Program Files/Baidu/Toolbar/BaiduBarX.dll | 2010-5-23 21:37:53 | Baidu Toolbar | 2, 0, 5, 32 | Baidu Toolbar For IE | Copyright 2009 | 2, 0, 5, 32| ?| ? | BaiduBarX | BaiduBarX.DLL
O3 - IE工具栏: 12 - {B580CF65-E151-49C3-B73F-70B13FCA8E86}
= C:/Program Files/Baidu/Toolbar/BaiduBarX.dll | 2010-5-23 21:37:53 | Baidu Toolbar | 2, 0, 5, 32 | Baidu Toolbar For IE | Copyright 2009 | 2, 0, 5, 32| ?| ? | BaiduBarX | BaiduBarX.DLLO4 - HKLM/../run: [XP-664129A8] C:/WINDOWS/system32/XP-664129A8.EXE
O4 - Startup: .lnk -> C:/WINDOWS/system32/XP-664129A8.EXE
O6 - HKCU/Software/Policies/Microsoft/Internet Explorer/restrictions 存在 IE或Internet选项可能受到限制
O6 - HKLM/Software/Policies/Microsoft/Internet Explorer/restrictions 存在 IE或Internet选项可能受到限制O23 - 服务: HidServ (Human Interface Device Access) - C:/WINDOWS/System32/svchost.exe -k netsvcs | 2008-4-14 12:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2111) | Microsoft Corporation| ? | svchost.exe | svchost.exe
-> C:/WINDOWS/System32/hidserv.dll(引导)O29 - HKCU-Default_Page_URL = hxxp://ssdao.com/
居然有百毒的东东,卸掉没商量!
没有找C:/WINDOWS/system32/XP-664129A8.EXE,进入注册表编辑器删除第一个O4项。
第二个O4项的lnk文件无法删除,用bat_do延时删除。
O6项用HijackThis修复。
O23项中的hidserv.dll好像文件丢失了,把这个服务禁用了。
O29项也是进注册表编辑器修复。
重启电脑,正常了!
- 遭遇XP-664129A8.EXE
- 遭遇GoogleUpdaterService.exe
- 遭遇WSTTRS(wsttrs.exe)病毒
- a8
- 遭遇 Backdoor.Win32.Agent.amb / serivces.exe
- 遭遇 Svchost.exe 进程占用CPU 100%
- 遭遇 my.exe,svch0st.exe,iexpl0re.exe,rundl13a.exe,LgSym.dll 等
- 遭遇kav32.exe,scvhost.exe,NXD.exe,WINMSCABC.IME,extext74296t.exe等1
- 遭遇kav32.exe,scvhost.exe,NXD.exe,WINMSCABC.IME,extext74296t.exe等2
- XP恢复EXE文件关联
- 关于xp-dbbecfac.exe文件
- 遭遇auto.exe,winforms.dll,zinforms.dll,LYLoader.exe,LYLoadbr.exe等/1
- 遭遇auto.exe,winforms.dll,zinforms.dll,LYLoader.exe,LYLoadbr.exe等/2
- 遭遇auto.exe,winforms.dll,zinforms.dll,LYLoader.exe,LYLoadbr.exe等/3
- 遭遇auto.exe,winforms.dll,zinforms.dll,LYLoader.exe,LYLoadbr.exe等/4
- 遭遇 kangyi.exe/Trojan.Win32.Undef.hmf,smss.exe,SERVICES.EXE等1
- 遭遇 kangyi.exe/Trojan.Win32.Undef.hmf,smss.exe,SERVICES.EXE等2
- 遭遇secuers32.exe,Internet.exe,Explore.exe,pig.vbs,HBKernel.sys,ssqexd.sys等1
- 凡事应有度 浅谈4G内存系统对游戏的影响
- AfxBeginThread的基本用法
- 如何在3个月内拥有3年的工作经验[转]
- 敏捷开发
- FreeTextBox4.0用法
- 遭遇XP-664129A8.EXE
- http status
- 杂乱收藏
- 七月卷 全神贯注
- JXM
- Squid中文权威指南
- 110个oracle常用函数总结
- 提示Microsoft office word 遇到问题需要关闭。还问是否发送错误报告。
- UNIX 高手的另外 10 个习惯