jerryne - 2006-8-22 12:58:00
近期很不幸发现自己碰上了“橙色八月”
网上也查了很多解决方法 用专杀在安全模式查杀了多次 但一重启又有
注册表都被我禁用了~~~
这是最近的杀毒记录(貌似很多人和我一样)
我顺便贴上Hijackthis日志 麻烦高手看下!!!救命啊啊啊(听说重装也不行,一滴汗)
病毒名称 处理结果 发现日期 扫描方式 路径 文件
Trojan.PSW.QQPass.ppw 忽略 2006-08-10 01:10 文件监控 C:\System Volume Information\_restore{344CC294-9D99-44F9-BDBD-FA50A83E882C}\RP38 A0021250.sys
Trojan.PSW.QQPass.ppw 忽略 2006-08-10 03:53 文件监控 C:\System Volume Information\_restore{344CC294-9D99-44F9-BDBD-FA50A83E882C}\RP38 A0021250.sys
Trojan.PSW.QQPass.ppw 忽略 2006-08-10 04:22 文件监控 C:\System Volume Information\_restore{344CC294-9D99-44F9-BDBD-FA50A83E882C}\RP38 A0021250.sys
Trojan.PSW.QQPass.ppw 忽略 2006-08-10 05:22 文件监控 C:\System Volume Information\_restore{344CC294-9D99-44F9-BDBD-FA50A83E882C}\RP38 A0021250.sys
Trojan.PSW.QQPass.ppw 忽略 2006-08-10 06:10 文件监控 C:\System Volume Information\_restore{344CC294-9D99-44F9-BDBD-FA50A83E882C}\RP38 A0021250.sys
Trojan.PSW.QQPass.ppw 忽略 2006-08-17 01:03 文件监控 C:\System Volume Information\_restore{344CC294-9D99-44F9-BDBD-FA50A83E882C}\RP38 A0021250.sys
Trojan.PSW.QQPass.ppw 忽略 2006-08-17 17:48 文件监控 C:\System Volume Information\_restore{344CC294-9D99-44F9-BDBD-FA50A83E882C}\RP38 A0021250.sys
Trojan.PSW.QQPass.ppw 忽略 2006-08-17 18:33 文件监控 C:\System Volume Information\_restore{344CC294-9D99-44F9-BDBD-FA50A83E882C}\RP38 A0021250.sys
Trojan.PSW.QQPass.ppw 忽略 2006-08-19 11:56 文件监控 C:\System Volume Information\_restore{344CC294-9D99-44F9-BDBD-FA50A83E882C}\RP38 A0021250.sys
Trojan.PSW.QQPass.ppw 忽略 2006-08-19 12:45 文件监控 C:\System Volume Information\_restore{344CC294-9D99-44F9-BDBD-FA50A83E882C}\RP38 A0021250.sys
Trojan.PSW.QQPass.ppw 忽略 2006-08-19 13:45 文件监控 C:\System Volume Information\_restore{344CC294-9D99-44F9-BDBD-FA50A83E882C}\RP38 A0021250.sys
Trojan.PSW.QQPass.ppw 忽略 2006-08-21 01:03 文件监控 C:\System Volume Information\_restore{344CC294-9D99-44F9-BDBD-FA50A83E882C}\RP38 A0021250.sys
Trojan.PSW.ZhengTu.fs 删除成功 2006-08-21 15:00 文件监控 C:\WINDOWS\system32 1.dLl
Trojan.PSW.ZhengTu.fs 删除成功 2006-08-21 15:25 文件监控 C:\WINDOWS\system32 1.dLl
Trojan.PSW.LMir.kyd 删除成功 2006-08-21 15:26 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp 32q121.exe
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 16:26 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 16:30 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 16:35 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 16:41 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 16:46 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 16:51 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 16:55 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 17:00 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 17:06 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 17:11 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 17:15 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 17:21 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 17:25 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 17:30 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 17:35 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 17:40 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 17:45 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 17:50 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 17:55 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 18:00 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 18:05 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 18:10 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 18:15 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.ZhengTu.fs 删除成功 2006-08-21 21:22 文件监控 C:\WINDOWS\system32 1.dLl
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 22:22 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 22:27 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 22:32 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 22:37 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 22:42 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 22:47 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 22:52 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 22:57 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 23:02 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 23:07 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 23:12 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 23:17 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.QQPass.gen 删除成功 2006-08-21 23:22 文件监控 C:\DOCUME~1\jerry\LOCALS~1\Temp shua.jpg>>Unpack
Trojan.PSW.ZhengTu.fs 删除成功 2006-08-22 01:24 文件监控 C:\WINDOWS\system32 1.dLl
Dropper.Microjoiner.jo 删除成功 2006-08-22 01:50 文件监控 C:\System Volume Information\_restore{344CC294-9D99-44F9-BDBD-FA50A83E882C}\RP38 A0021256.exe
Backdoor.Agent.djg 删除成功 2006-08-22 01:50 文件监控 C:\System Volume Information\_restore{344CC294-9D99-44F9-BDBD-FA50A83E882C}\RP38 A0021254.exe
Trojan.PSW.LMir.kxp 删除成功 2006-08-22 01:50 文件监控 C:\System Volume Information\_restore{344CC294-9D99-44F9-BDBD-FA50A83E882C}\RP38 A0021253.DLL
Trojan.PSW.QQPass.gen 删除成功 2006-08-22 01:50 文件监控 C:\System Volume Information\_restore{344CC294-9D99-44F9-BDBD-FA50A83E882C}\RP38 A0021251.exe>>VEUnpackFile
Trojan.PSW.QQPass.ppw 删除成功 2006-08-22 01:50 文件监控 C:\System Volume Information\_restore{344CC294-9D99-44F9-BDBD-FA50A83E882C}\RP38 A0021250.sys
Dropper.Lmir.mtv 删除成功 2006-08-22 01:50 文件监控 C:\System Volume Information\_restore{344CC294-9D99-44F9-BDBD-FA50A83E882C}\RP38 A0021249.exe
Trojan.PSW.Lmir.kvl 删除成功 2006-08-22 01:50 文件监控 C:\System Volume Information\_restore{344CC294-9D99-44F9-BDBD-FA50A83E882C}\RP38 A0021245.exe
Backdoor.Agent.djg 删除成功 2006-08-22 01:50 文件监控 C:\System Volume Information\_restore{344CC294-9D99-44F9-BDBD-FA50A83E882C}\RP45 A0025322.dll
Trojan.PSW.ZhengTu.fs 删除成功 2006-08-22 01:57 文件监控 C:\WINDOWS\system32 1.dLl
Trojan.PSW.ZhengTu.fs 删除成功 2006-08-22 12:01 文件监控 C:\WINDOWS\system32 1.dLl
Trojan.PSW.ZhengTu.fs 删除成功 2006-08-22 12:09 文件监控 C:\WINDOWS\system32 1.dLl
jerryne - 2006-8-22 13:01:00
HijackThis_815汉化版扫描日志 V1.99.1
保存于 PM 12:47:15, 日期 22/8/2006
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Unable to get Internet Explorer version!
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\Rising\Rav\CCenter.exe
E:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
E:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe
C:\Program Files\Nexon\NexonPlug\NexonPlug.exe
E:\Program Files\Rising\Rav\Ravmon.exe
E:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nexon\Common\NMService.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\conime.exe
E:\Program Files\Rising\Rav\Rav.exe
E:\Program Files\Rising\Rav\RsLogVw.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
D:\Hijackthis1991zww\HijackThis1991zww.exe
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\BaiduBar.dll
O3 - IE工具栏增项: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\BaiduBar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - 启动项HKLM\\Run: [RavTask] "E:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
O4 - 启动项HKLM\\Run: [ProxyThorn] ; E:\Program Files\ProxyThorn\ProxyThorn.exe
O4 - 启动项HKLM\\Run: [DAEMON Tools] ; "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - 启动项HKLM\\Run: [Logitech Utility] ; LOGI_MWX.EXE
O4 - 启动项HKLM\\Run: [PCSuiteTrayApplication] ; E:\PROGRA~1\Nokia\NOKIAP~2\LAUNCH~2.EXE -startup
O4 - 启动项HKLM\\Run: [StormCodec_Helper] ; "E:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [zBrowser Launcher] ; E:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ProxyCap] E:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe
O4 - HKCU\..\Run: [NexonPlug] C:\Program Files\Nexon\NexonPlug\NexonPlug.exe
O4 - HKCU\..\Run: [PcSync] ; E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: 瑞星监控中心.lnk = E:\Program Files\Rising\Rav\RavMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - E:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - E:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: Download Using &BitSpirit - E:\Program Files\BitSpirit\bsurl.htm
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - E:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用比特精灵下载(&B) - E:\Program Files\BitSpirit\bsurl.htm
O9 - 浏览器额外的按钮: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - E:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - E:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'w2pxdrv.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.baidu.com
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156173475652
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {987ECFCE-E607-4D52-B2C5-2EA1F6F303C4} (WinlessActiveX Control) - http://www.pangya.com/PangyaLauncher/PangyaLauncher.cab
O16 - DPF: {A352D8E5-25DE-4B83-872F-98842905DE04} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{09243843-EF4E-4297-9C15-C84F87F34409}: NameServer = 202.101.6.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{09243843-EF4E-4297-9C15-C84F87F34409}: NameServer = 202.101.6.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{09243843-EF4E-4297-9C15-C84F87F34409}: NameServer = 202.101.6.2
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - E:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
jerryne - 2006-8-22 13:08:00
现在我觉得最大麻烦是我不知道是什么自动生成的病毒文件
所以杀了也白杀 因为开机又有了 5555
jerryne - 2006-8-22 13:12:00
启动项报告: 22/8/2006, PM 1:00:20
启动项扫描器版本: 1.52.2
开始于: D:\Hijackthis1991zww\HijackThis1991zww.EXE
系统检测: Windows XP SP2 (WinNT 5.01.2600)
系统检测: Unable to get Internet Explorer version!
* 使用默认选项
==================================================
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\Rising\Rav\CCenter.exe
E:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
E:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe
C:\Program Files\Nexon\NexonPlug\NexonPlug.exe
E:\Program Files\Rising\Rav\Ravmon.exe
E:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nexon\Common\NMService.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\conime.exe
E:\Program Files\Rising\Rav\Rav.exe
E:\Program Files\Rising\Rav\RsLogVw.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Hijackthis1991zww\HijackThis1991zww.exe
--------------------------------------------------
文件夹中的启动项
Shell folders Startup:
[C:\Documents and Settings\jerry\「开始」菜单\程序\启动]
瑞星监控中心.lnk = E:\Program Files\Rising\Rav\RavMon.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\SYSTEM32\Userinit.exe,
--------------------------------------------------
注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
ATIPTA = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
RavTask = "E:\Program Files\Rising\Rav\RavTask.exe" -system
IMSCMIG40W = C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
ProxyThorn = ; E:\Program Files\ProxyThorn\ProxyThorn.exe
DAEMON Tools = ; "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
Logitech Utility = ; LOGI_MWX.EXE
PCSuiteTrayApplication = ; E:\PROGRA~1\Nokia\NOKIAP~2\LAUNCH~2.EXE -startup
StormCodec_Helper = ; "E:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
zBrowser Launcher = ; E:\Program Files\Logitech\iTouch\iTouch.exe
--------------------------------------------------
注册表中的启动项:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
ProxyCap = E:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe
NexonPlug = C:\Program Files\Nexon\NexonPlug\NexonPlug.exe
PcSync = ; E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=* 未找到INI相关项目值 *
run=* 未找到INI相关项目值 *
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *
HKLM\..\Windows\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *
HKLM\..\Windows\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *
HKCU\..\Windows\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *
HKCU\..\Windows\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=* 未找到相关注册表键值 *
HKLM\..\Windows NT\CurrentVersion\Windows: load=* 未找到相关注册表键值 *
HKLM\..\Windows NT\CurrentVersion\Windows: run=* 未找到相关注册表键值 *
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
外壳扩展和屏幕保护程序的键值 从 C:\WINDOWS\SYSTEM.INI:
Shell=* 未找到INI相关项目值 *
SCRNSAVE.EXE=* 未找到INI相关项目值 *
drivers=* 未找到INI相关项目值 *
外壳扩展和屏幕保护程序的键值 从 注册表
Shell=EXPLORER.EXE
SCRNSAVE.EXE=* 未找到相关注册表键值 *
drivers=* 未找到相关注册表键值 *
Policies Shell key:
HKCU\..\Policies: Shell=* 未找到相关注册表键值 *
HKLM\..\Policies: Shell=* 未找到相关注册表键值 *
--------------------------------------------------
列举IE浏览器辅助对象(BHO模块):
(no name) - C:\PROGRA~1\baidu\bar\BaiduBar.dll - {77FEF28E-EB96-44FF-B511-3185DEA48697}
--------------------------------------------------
列举下载的程序文件:
[Nexon Package Manager Control]
InProcServer32 = C:\WINDOWS\nxpm.ocx
CODEBASE = http://file.nx.com/activex/public_new/nxpm.cab
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156173475652
[AxInputControl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL
CODEBASE = https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
[WinlessActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\WINLES~1.OCX
CODEBASE = http://www.pangya.com/PangyaLauncher/PangyaLauncher.cab
[NlsComm Component Class]
InProcServer32 = C:\WINDOWS\system32\hanbiton\NLS_Comm1_0_2.dll
CODEBASE = http://login.hanbiton.com/cab/NLSnSSO.cab
--------------------------------------------------
列举 Winsock LSP 文件:
Protocol #1: w2pxdrv.dll (file MISSING)
Protocol #2: w2pxdrv.dll (file MISSING)
Protocol #3: w2pxdrv.dll (file MISSING)
Protocol #4: w2pxdrv.dll (file MISSING)
Protocol #23: w2pxdrv.dll (file MISSING)
--------------------------------------------------
列举 ShellServiceObjectDelayLoad 项目:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
--------------------------------------------------
报告完毕,共 7,090 字节
报告生成用时:0.070秒
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
现在进行时 - 2006-8-22 13:15:00
楼主先关闭系统还原。清空相关的临时文件夹C:\DOCUME~1\jerry\LOCALS~1\Temp然后再杀一次试试。
jerryne - 2006-8-22 13:19:00
好的 我试试 thanks
jerryne - 2006-8-22 17:34:00
又杀了一下午 一点起色没有
总之一开机 临时文件夹就会自动生成“111.dat 222.dat 333.dat 1.exe 2.exe 3.exe”
还有这些东东也是删了又有的
system32/1.dll
system32/3.dll
internet explorer/winhook.sys winhook.jmp(这个我还是用瑞星橙色八月杀的,结果让人心寒,显示Deleted 可是文件夹内的病毒文件赫然摆在原地,太讽刺了)
网上说是落雪 下了专杀 还是老样子 删了的一重启肯定又回来了
附件:
4658672006822172621.bmp
jerryne - 2006-8-22 17:47:00
up
© 2000 - 2026 Rising Corp. Ltd.