遭遇XP-664129A8.EXE

遭遇XP-664129A8.EXE

  前两天一位的同事电脑出了问题:鼠标可以动使用,但系统失去响应,无法关机。请偶帮忙检修。

  关掉电脑电源,再打开,进入带网络连接的安全模式,下载pe_xscan 扫描log并分析,发现如下可疑项:


pe_xscan 10-03-26 by Purple Endurer
2010-6-29 17:13:42
Windows XP Service Pack 3(5.1.2600)
MSIE:6.0.2900.5512
管理员用户组
带网络连接的安全模式

O2 - IeAddOn(HklmExPr) - JsObject Class - {11CC93E4-0BE6-4f8f-82AA-D577FB955B05}
= C:\Program Files\Baidu\AddressBar\AddressBar.dll | 2010-5-23 21:35:59 | AddressSearch Module | 1, 0, 2, 15 | AddressSearch Module | Copyright 2009 | 1, 0, 2, 15| ?| ? | AddressSearch | AddressBar.DLL
O2 - IeAddOn(HklmExPr) - 百度工具栏辅助对象 - {A7F05EE4-0426-454F-8013-C41E3596E9E9}
= C:\Program Files\Baidu\Toolbar\BaiduBarX.dll | 2010-5-23 21:37:53 | Baidu Toolbar | 2, 0, 5, 32 | Baidu Toolbar For IE | Copyright 2009 | 2, 0, 5, 32| ?| ? | BaiduBarX | BaiduBarX.DLL
O2 - IeAddOn(HklmExPr) - 百度工具栏个性化首页支持组件 - {E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46}
= C:\Program Files\Baidu\Toolbar\BaiduBarX.dll | 2010-5-23 21:37:53 | Baidu Toolbar | 2, 0, 5, 32 | Baidu Toolbar For IE | Copyright 2009 | 2, 0, 5, 32| ?| ? | BaiduBarX | BaiduBarX.DLL
O2 - IeAddOn(HkcuExSt) - SearchHook Class - {00000000-0593-4356-9CF7-1D8C2B3343C0}
= C:\Program Files\Baidu\AddressBar\AddressBar.dll | 2010-5-23 21:35:59 | AddressSearch Module | 1, 0, 2, 15 | AddressSearch Module | Copyright 2009 | 1, 0, 2, 15| ?| ? | AddressSearch | AddressBar.DLL
O2 - IeAddOn(HkcuExSt) - Baidu Toolbar BHO - {77FEF28E-EB96-44FF-B511-3185DEA48697}
= C:\Program Files\Baidu\Toolbar\BaiduBarX.dll | 2010-5-23 21:37:53 | Baidu Toolbar | 2, 0, 5, 32 | Baidu Toolbar For IE | Copyright 2009 | 2, 0, 5, 32| ?| ? | BaiduBarX | BaiduBarX.DLL
O2 - IeAddOn(HkcuExSt) - 百度工具栏辅助对象 - {A7F05EE4-0426-454F-8013-C41E3596E9E9}
= C:\Program Files\Baidu\Toolbar\BaiduBarX.dll | 2010-5-23 21:37:53 | Baidu Toolbar | 2, 0, 5, 32 | Baidu Toolbar For IE | Copyright 2009 | 2, 0, 5, 32| ?| ? | BaiduBarX | BaiduBarX.DLL
O2 - IeAddOn(HkcuExSt) - Baidu Toolbar - {B580CF65-E151-49C3-B73F-70B13FCA8E86}
= C:\Program Files\Baidu\Toolbar\BaiduBarX.dll | 2010-5-23 21:37:53 | Baidu Toolbar | 2, 0, 5, 32 | Baidu Toolbar For IE | Copyright 2009 | 2, 0, 5, 32| ?| ? | BaiduBarX | BaiduBarX.DLL
O3 - IE工具栏: 12 - {B580CF65-E151-49C3-B73F-70B13FCA8E86}
= C:\Program Files\Baidu\Toolbar\BaiduBarX.dll | 2010-5-23 21:37:53 | Baidu Toolbar | 2, 0, 5, 32 | Baidu Toolbar For IE | Copyright 2009 | 2, 0, 5, 32| ?| ? | BaiduBarX | BaiduBarX.DLL

O4 - HKLM\..\run: [XP-664129A8] C:\WINDOWS\system32\XP-664129A8.EXE

O4 - Startup:  .lnk -> C:\WINDOWS\system32\XP-664129A8.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions 存在 IE或Internet选项可能受到限制
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions 存在 IE或Internet选项可能受到限制

O23 - 服务: HidServ (Human Interface Device Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs | 2008-4-14 12:0:0 | Microsoft? Windows? Operating System | 5.1.2600.5512 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.5512 (xpsp.080413-2111) | Microsoft Corporation| ? | svchost.exe | svchost.exe
-> C:\WINDOWS\System32\hidserv.dll(引导)

O29 - HKCU-Default_Page_URL = hxxp://ssdao.com/

  居然有百毒的东东,卸掉没商量!

  没有找C:\WINDOWS\system32\XP-664129A8.EXE,进入注册表编辑器删除第一个O4项。

  第二个O4项的lnk文件无法删除,用bat_do延时删除。

  O6项用HijackThis修复。

  O23项中的hidserv.dll好像文件丢失了,把这个服务禁用了。

  O29项也是进注册表编辑器修复。

  重启电脑,正常了!

你可能感兴趣的:(c,windows,XP,IE,百度)