瑞星监控不断提示:Trojan.PSW.Agent.jvs
Trojan.PSW.WorldOnline.ey
Trojan.PSW.OnlineGames.ath
Trojan.PSW.OnlineGames.axn
Trojan.PSW.OnlineGames.aye
可总是杀不了,重启又有,伤透脑筋啦~~~~~~~~~~~~~~~~
[CODE]
2005-05-03,00:37:25
System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows XP Publisher]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows XP Publisher]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows XP Publisher]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<nwiz><nwiz.exe /install> []
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SKYNET Personal FireWall><F:\天网\FIREWALL\pfw.exe> [N/A]
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<RavTask><"F:\瑞星杀毒\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<upxdnd><C:\DOCUME~1\tt\LOCALS~1\Temp\upxdnd.exe> []
<mppds><C:\WINDOWS\mppds.exe> []
<winform><C:\WINDOWS\winform.exe> []
<msccrt><C:\WINDOWS\msccrt.exe> []
<ronney><C:\WINDOWS\ronney.exe /i> []
<!AVG Anti-Spyware><"F:\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
<Userinit><C:\WINDOWS\System32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]
==================================
启动文件夹
[快捷方式 到 avgas]
<C:\Documents and Settings\tt\「开始」菜单\程序\启动\快捷方式 到 avgas.lnk --> F:\AVGANT~1.5\avgas.exe [Anti-Malware Development a.s.]><N>
==================================
服务
[41D01BE6 / 41D01BE6][Stopped/Auto Start]
<C:\WINDOWS\System32\41D01BE6.EXE -k><Microsoft Corporation>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
<F:\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"F:\瑞星杀毒\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"F:\瑞星杀毒\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
<\??\F:\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[BaseTDI / BaseTDI][Running/Auto Start]
<\??\C:\WINDOWS\System32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\F:\瑞星杀毒\RISING\RAV\ExpScan.sys><>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start]
<System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookCont / HookCont][Running/Auto Start]
<\??\F:\瑞星杀毒\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\F:\瑞星杀毒\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\F:\瑞星杀毒\RISING\RAV\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\F:\瑞星杀毒\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[nv / nv][Running/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\F:\瑞星杀毒\RISING\RAV\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
==================================
浏览器加载项
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Tencent Safety Online Base Module]
{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash
Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
<E:\2005QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<E:\2005QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\2005QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<E:\2005QQ\SendMMS.htm, N/A>
