瑞星卡卡安全论坛在线技术支持在线技术支持[已关闭] 各位帮忙看看中了trojan.dl.mnless.all病毒怎么也杀不死

1   1  /  1  页   跳转

各位帮忙看看中了trojan.dl.mnless.all病毒怎么也杀不死

各位帮忙看看中了trojan.dl.mnless.all病毒怎么也杀不死

每次开机都特别慢,按CTRL+ALT+DEL任务管理器也不跑出来。在安全模式下杀毒杀出一堆,不过反复杀还是有一个病毒。文件是Explorer.exe.病毒trojan.dl.mnless.all,这个病毒好像是在内存中的,每次都自动运行,每次杀完之后都显示清除成功,但是再杀还是有。还有瑞星显示的病毒文件的目录也很怪,看不明白,不知道那位高手能解答一下Explorer.exe>>c:\windows\kb928002.log.下面呈上ÔìÖ|@w«ÒŠbbs.ikaka.com!†]VÜÉ 6¢
最后编辑2007-06-29 14:00:01
分享到:
gototop
 

[Main]
Program=超 级 兔 子 IE 修 复 专 家
Version=V7.99
WindowsVersion=Windows XP
IEVersion=6.0.2900.2180
WinDir=C:\WINDOWS\
WinSystemDir=C:\WINDOWS\system32\
USERPROFILE=C:\Documents and Settings\Administrator
Admin=1
Detail=1
Date=2005-06-27
Time=12:48:01
Code=,
CDCode=,
Reg=0

[Soft]
Max=0

[IE]
1_HKey=HKEY_CURRENT_USER
1_Key=Software\Microsoft\Internet Explorer\Main
1_Name=Window Title
1_Value=Microsoft Internet Explorer
2_HKey=HKEY_CURRENT_USER
2_Key=Software\Microsoft\Internet Explorer\Main
2_Name=Local Page
2_Value=about:blank
3_HKey=HKEY_CURRENT_USER
3_Key=Software\Microsoft\Internet Explorer\Main
3_Name=Search Page
3_Value=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
4_HKey=HKEY_CURRENT_USER
4_Key=Software\Microsoft\Internet Explorer\Main
4_Name=Start Page
4_Value=about:blank
5_HKey=HKEY_CURRENT_USER
5_Key=Software\Microsoft\Internet Explorer\Main
5_Name=Default_page_url
5_Value=http://www.microsoft.com/windows/ie_intl/cn/start/
6_HKey=HKEY_CURRENT_USER
6_Key=Software\Microsoft\Internet Explorer\Main
6_Name=First Home Page
6_Value=
7_HKey=HKEY_LOCAL_MACHINE
7_Key=Software\Microsoft\Internet Explorer\Main
7_Name=Search Page
7_Value=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
8_HKey=HKEY_LOCAL_MACHINE
8_Key=Software\Microsoft\Internet Explorer\Main
8_Name=Start Page
8_Value=about:blank
9_HKey=HKEY_LOCAL_MACHINE
9_Key=Software\Microsoft\Internet Explorer\Main
9_Name=Default_page_url
9_Value=http://www.microsoft.com/windows/ie_intl/cn/start/
10_HKey=HKEY_LOCAL_MACHINE
10_Key=Software\Microsoft\Internet Explorer\Main
10_Name=First Home Page
10_Value=
11_HKey=HKEY_LOCAL_MACHINE
11_Key=Software\Microsoft\Internet Explorer\Main
11_Name=Search Page
11_Value=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
12_HKey=HKEY_LOCAL_MACHINE
12_Key=Software\Microsoft\Internet Explorer\Main
12_Name=Start Page
12_Value=about:blank
Max=12

[IE2]
1_HKey=HKEY_CURRENT_USER
1_Key=Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
1_Name={01E04581-4EEE-11D0-BFE9-00AA005B4383}
1_FileName=%SystemRoot%\system32\browseui.dll
1_FileSize=1016832
1_FileDate=2005-4-14
1_FileVersion=6.0.2900.2627
1_FileCompanyName=Microsoft Corporation
2_HKey=HKEY_CURRENT_USER
2_Key=Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
2_Name={0E5CBF21-D15F-11D0-8301-00AA005B4383}
2_FileName=%SystemRoot%\system32\SHELL32.dll
2_FileSize=8241664
2_FileDate=2005-4-14
2_FileVersion=6.0.2900.2180
2_FileCompanyName=Microsoft Corporation
3_HKey=HKEY_CURRENT_USER
3_Key=Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
3_Name={42A2F05F-E171-4CEF-852F-02475F698C24}
3_FileName=
3_FileVersion=
3_FileCompanyName=
4_HKey=HKEY_CURRENT_USER
4_Key=Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
4_Name={01E04581-4EEE-11D0-BFE9-00AA005B4383}
4_FileName=%SystemRoot%\system32\browseui.dll
4_FileSize=1016832
4_FileDate=2005-4-14
4_FileVersion=6.0.2900.2627
4_FileCompanyName=Microsoft Corporation
Max=4

[IE3]
1_HKey=HKEY_CURRENT_USER
1_Key=Software\Microsoft\Internet Explorer\MenuExt\上传到QQ网络硬盘
1_FileName=D:\QQDownload\AddToNetDisk.htm
1_FileSize=534
1_FileDate=2007-2-2 19:04:24
1_FileVersion=
1_FileCompanyName=
2_HKey=HKEY_CURRENT_USER
2_Key=Software\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Office Excel(&X)
2_FileName=res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
2_FileVersion=
2_FileCompanyName=
3_HKey=HKEY_CURRENT_USER
3_Key=Software\Microsoft\Internet Explorer\MenuExt\添加到QQ自定义面板
3_FileName=D:\QQDownload\AddPanel.htm
3_FileSize=1815
3_FileDate=2007-2-2 19:04:24
3_FileVersion=
3_FileCompanyName=
4_HKey=HKEY_CURRENT_USER
4_Key=Software\Microsoft\Internet Explorer\MenuExt\添加到QQ表情
4_FileName=D:\QQDownload\AddEmotion.htm
4_FileSize=534
4_FileDate=2007-2-2 19:04:24
4_FileVersion=
4_FileCompanyName=
5_HKey=HKEY_CURRENT_USER
5_Key=Software\Microsoft\Internet Explorer\MenuExt\用QQ彩信发送该图片
5_FileName=D:\QQDownload\SendMMS.htm
5_FileSize=519
5_FileDate=2007-2-2 19:04:36
5_FileVersion=
5_FileCompanyName=
6_HKey=HKEY_CURRENT_USER
6_Key=SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
6_Clsid=
6_ButtonText=
6_MenuText=
6_FileName=
6_FileVersion=
6_FileCompanyName=
7_HKey=HKEY_LOCAL_MACHINE
7_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54EBD53A-9BC1-480B-966A-843A333CA162}
7_Clsid=腾讯QQ
7_FileName=C:\WINDOWS\QQIEHelper.dll
7_FileVersion=
7_FileCompanyName=
8_HKey=HKEY_LOCAL_MACHINE
8_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{40292922-7F71-4943-A411-21F2BD2A1813}
8_NameServer=
8_Clsid=
8_FileName=
8_FileVersion=
8_FileCompanyName=
9_HKey=HKEY_LOCAL_MACHINE
9_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7D3BF6A0-85CA-4858-94B3-4217C85C8A24}
9_NameServer=
9_Clsid=
9_FileName=
9_FileVersion=
9_FileCompanyName=
10_HKey=HKEY_LOCAL_MACHINE
10_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AE1E2102-DD4E-4B0A-B1A6-CCAD25D70A92}
10_NameServer=
10_Clsid=
10_FileName=
10_FileVersion=
10_FileCompanyName=
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D8A2F467-792A-4FB1-819F-0E34016DFBB3}
11_NameServer=
11_Clsid=
11_FileName=
11_FileVersion=
11_FileCompanyName=
12_HKey=HKEY_LOCAL_MACHINE
12_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DCE705C2-D62A-44E7-902E-BF9993FBBFDD}
12_NameServer=
12_Clsid=
12_FileName=
12_FileVersion=
12_FileCompanyName=
Max=12

[Link]
1_HKey=HKEY_CLASSES_ROOT
1_Key=.exe
1_Name=
1_Value=exefile
1_HKeyLink=HKEY_CLASSES_ROOT
1_KeyLink=exefile\shell\open\command
1_NameLink=
1_ValueLink="%1" %*
2_HKey=HKEY_CLASSES_ROOT
2_Key=.com
2_Name=
2_Value=comfile
2_HKeyLink=HKEY_CLASSES_ROOT
2_KeyLink=comfile\shell\open\command
2_NameLink=
2_ValueLink="%1" %*
3_HKey=HKEY_CLASSES_ROOT
3_Key=.lnk
3_Name=
3_Value=lnkfile
3_HKeyLink=HKEY_CLASSES_ROOT
3_KeyLink=lnkfile\CLSID
3_NameLink=
3_ValueLink={00021401-0000-0000-C000-000000000046}
4_HKey=HKEY_CLASSES_ROOT
4_Key=.txt
4_Name=
4_Value=txtfile
4_HKeyLink=HKEY_CLASSES_ROOT
4_KeyLink=txtfile\shell\open\command
4_NameLink=
4_ValueLink=%SystemRoot%\system32\NOTEPAD.EXE %1
4_FileSizeLink=66560
4_FileDateLink=2005-4-14
4_FileVersionLink=5.1.2600.2180
4_FileCompanyNameLink=Microsoft Corporation
5_HKey=HKEY_CLASSES_ROOT
5_Key=.htm
5_Name=
5_Value=htmlfile
5_HKeyLink=HKEY_CLASSES_ROOT
5_KeyLink=htmlfile\shell\open\command
5_NameLink=
5_ValueLink="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
5_FileSizeLink=93184
5_FileDateLink=2005-4-14 8:00:00
5_FileVersionLink=6.0.2900.2180
5_FileCompanyNameLink=Microsoft Corporation
6_HKey=HKEY_CLASSES_ROOT
6_Key=.html
6_Name=
6_Value=htmlfile
6_HKeyLink=HKEY_CLASSES_ROOT
6_KeyLink=htmlfile\shell\open\command
6_NameLink=
6_ValueLink="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
6_FileSizeLink=93184
6_FileDateLink=2005-4-14 8:00:00
6_FileVersionLink=6.0.2900.2180
6_FileCompanyNameLink=Microsoft Corporation
7_HKey=HKEY_CLASSES_ROOT
7_Key=.url
7_Name=
7_Value=InternetShortcut
7_HKeyLink=HKEY_CLASSES_ROOT
7_KeyLink=InternetShortcut\shell\open\command
7_NameLink=
7_ValueLink=rundll32.exe shdocvw.dll,OpenURL %l
8_HKey=HKEY_CLASSES_ROOT
8_Key=PROTOCOLS\Filter\text/html
8_Name=CLSID
8_Value=
9_HKey=HKEY_CLASSES_ROOT
9_Key=PROTOCOLS\Filter\text/plain
9_Name=CLSID
9_Value=
10_HKey=HKEY_LOCAL_MACHINE
10_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
10_Name=
10_Value=http://
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes
11_Name=www
11_Value=http://
Max=11ÔìÖ|@w«ÒŠbbs.ikaka.com!†]VÜÉ 6¢
gototop
 

[Notify]
Max=0

[Shdoclc]
1_FileSize=498176
1_FileDate=2005-4-14
1_FileVersion=6.0.2900.2180
1_FileCompanyName=Microsoft Corporation
Max=1

[AppInit_DLLs]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
1_Name=AppInit_DLLs
1_Value=
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
2_Name=Userinit
2_Value=C:\WINDOWS\system32\userinit.exe,
2_FileSize=23552
2_FileDate=2005-4-14
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
3_Name=Shell
3_Value=Explorer.exe
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
4_Name=System
3_Value=
Max=4

[WinSock2NameSpace]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
1_Name=DisplayString
1_Value=Tcpip
1_Enabled=1
1_LibraryPath=%SystemRoot%\System32\mswsock.dll
1_FileSize=240640
1_FileDate=2005-4-14
1_FileVersion=5.1.2600.2180
1_FileCompanyName=Microsoft Corporation
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
2_Name=DisplayString
2_Value=NTDS
2_Enabled=1
2_LibraryPath=%SystemRoot%\System32\winrnr.dll
2_FileSize=16896
2_FileDate=2005-4-14
2_FileVersion=5.1.2600.2180
2_FileCompanyName=Microsoft Corporation
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
3_Name=DisplayString
3_Value=网络位置知晓 (NLA) 名称空间
3_Enabled=1
3_LibraryPath=%SystemRoot%\System32\mswsock.dll
3_FileSize=240640
3_FileDate=2005-4-14
3_FileVersion=5.1.2600.2180
3_FileCompanyName=Microsoft Corporation
Max=3

[WinSock2Protocol]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
1_Name=PackedCatalogItem
1_FileName=%SystemRoot%\system32\mswsock.dll c a m v i d 3 0 . i n f
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
2_Name=PackedCatalogItem
2_FileName=%SystemRoot%\system32\mswsock.dll c a m v i d 3 0 . i n f
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
3_Name=PackedCatalogItem
3_FileName=%SystemRoot%\system32\mswsock.dll c a m v i d 3 0 . i n f
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
4_Name=PackedCatalogItem
4_FileName=%SystemRoot%\system32\rsvpsp.dll
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
5_Name=PackedCatalogItem
5_FileName=%SystemRoot%\system32\rsvpsp.dll
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
6_Name=PackedCatalogItem
6_FileName=%SystemRoot%\system32\mswsock.dll c a m v i d 3 0 . i n f
7_HKey=HKEY_LOCAL_MACHINE
7_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
7_Name=PackedCatalogItem
7_FileName=%SystemRoot%\system32\mswsock.dll c a m v i d 3 0 . i n f
8_HKey=HKEY_LOCAL_MACHINE
8_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
8_Name=PackedCatalogItem
8_FileName=%SystemRoot%\system32\mswsock.dll c a m v i d 3 0 . i n f
9_HKey=HKEY_LOCAL_MACHINE
9_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
9_Name=PackedCatalogItem
9_FileName=%SystemRoot%\system32\mswsock.dll c a m v i d 3 0 . i n f
10_HKey=HKEY_LOCAL_MACHINE
10_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
10_Name=PackedCatalogItem
10_FileName=%SystemRoot%\system32\mswsock.dll c a m v i d 3 0 . i n f
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
11_Name=PackedCatalogItem
11_FileName=%SystemRoot%\system32\mswsock.dll c a m v i d 3 0 . i n f
Max=11

[WinSock2Winsock]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=System\CurrentControlSet\Services\Winsock2\Winsock
1_Name=PathName
1_Value=
1_Found=0
Max=1

[WOW]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Control\WOW
1_Name=cmdline
1_Value=%SystemRoot%\system32\ntvdm.exe -o
1_Filename=C:\WINDOWS\SYSTEM32\NTVDM.EXE
1_FileSize=417280
1_FileDate=2005-4-14
1_FileVersion=5.1.2600.2180
1_FileCompanyName=Microsoft Corporation
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Control\WOW
2_Name=wowcmdline
2_Value=%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
2_Filename=C:\WINDOWS\SYSTEM32\NTVDM.EXE
2_FileSize=417280
2_FileDate=2005-4-14
2_FileVersion=5.1.2600.2180
2_FileCompanyName=Microsoft Corporation
Max=2

[ShellExecuteHooks]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
1_Name={AEB6717E-7E19-11d0-97EE-00C04FD91972}
1_ClsidName=URL 执行挂钩
1_FileName=C:\WINDOWS\system32\shell32.dll
1_FileSize=8241664
1_FileDate=2005-4-14
Max=1

[ShellServiceObjectDelayLoad]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
1_Name=PostBootReminder
1_Value={7849596a-48ea-486e-8937-a2a3009f31a9}
1_ClsidName=PostBootReminder 对象
1_FileName=%SystemRoot%\system32\SHELL32.dll
1_FileSize=8241664
1_FileDate=2005-4-14
1_FileVersion=6.0.2900.2180
1_FileCompanyName=Microsoft Corporation
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
2_Name=CDBurn
2_Value={fbeb8a05-beee-4442-804e-409d6c4515e9}
2_ClsidName=烧 CD 的 ShellFolder
2_FileName=%SystemRoot%\system32\SHELL32.dll
2_FileSize=8241664
2_FileDate=2005-4-14
2_FileVersion=6.0.2900.2180
2_FileCompanyName=Microsoft Corporation
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
3_Name=WebCheck
3_Value={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
3_ClsidName=WebCheck
3_FileName=%SystemRoot%\system32\webcheck.dll
3_FileSize=265728
3_FileDate=2005-4-14
3_FileVersion=6.0.2900.2180
3_FileCompanyName=Microsoft Corporation
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
4_Name=SysTray
4_Value={35CEC8A3-2BE6-11D2-8773-92E220524153}
4_ClsidName=SysTray
4_FileName=C:\WINDOWS\system32\stobject.dll
4_FileSize=121344
4_FileDate=2005-4-14
4_FileVersion=5.1.2600.2180
4_FileCompanyName=Microsoft Corporation
Max=4

[SharedTaskScheduler]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
1_Name={438755C2-A8BA-11D1-B96B-00A0C90312E1}
1_Value=Browseui 预加载程序
1_FileName=%SystemRoot%\system32\browseui.dll
1_FileSize=1016832
1_FileDate=2005-4-14
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
2_Name={8C7461EF-2B13-11d2-BE35-3078302C2030}
2_Value=组件类别缓存程序
2_FileName=%SystemRoot%\system32\browseui.dll
2_FileSize=1016832
2_FileDate=2005-4-14
Max=2

[ProtocolDefaults]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
1_Name=http
1_Value=3
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
2_Name=https
2_Value=3
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
3_Name=ftp
3_Value=3
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
4_Name=file
4_Value=3
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
5_Name=@ivt
5_Value=1
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
6_Name=shell
6_Value=0
Max=6ÔìÖ|@w«ÒŠbbs.ikaka.com!†]VÜÉ 6¢
gototop
 

[BootExecute]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Control\Session Manager
1_Name=BootExecute
1_Value=autocheck autochk *
Max=1

[Startup]
Max=0

[AutoRun]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=Software\Microsoft\Windows\CurrentVersion\Run
1_Name=PHIME2002ASync
1_Value=c:\windows\system32\ime\tintlgnt\tintsetp.exe /sync
1_FileSize=455168
1_FileDate=2005-4-14 8:00:00
1_FileVersion=5.2.0.2801
1_FileCompanyName=Microsoft Corporation
2_HKey=HKEY_LOCAL_MACHINE
2_Key=Software\Microsoft\Windows\CurrentVersion\Run
2_Name=PHIME2002A
2_Value=c:\windows\system32\ime\tintlgnt\tintsetp.exe /imename
2_FileSize=455168
2_FileDate=2005-4-14 8:00:00
2_FileVersion=5.2.0.2801
2_FileCompanyName=Microsoft Corporation
3_HKey=HKEY_LOCAL_MACHINE
3_Key=Software\Microsoft\Windows\CurrentVersion\Run
3_Name=RavTask
3_Value="d:\rising\rav\ravtask.exe" -system
3_FileSize=118784
3_FileDate=2005-6-26 14:00:30
3_FileVersion=19.0.0.9
3_FileCompanyName=Beijing Rising Technology Co., Ltd.
4_HKey=HKEY_LOCAL_MACHINE
4_Key=Software\Microsoft\Windows\CurrentVersion\RunOnce
4_Name=mspora
4_Value=%systemroot%\system32\rundll32.exe %systemroot%\system32\mspora.dll,dllunregisterserver
4_FileSize=40960
4_FileDate=2005-6-26 17:47:56
4_FileVersion=5.1.2600.2945
4_FileCompanyName=Microsoft Corporation
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
5_Name=MSDWG32
5_Value=lyloadbr.exe
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
6_Name=MSDCG32   
6_Value=lyleador.exe
7_HKey=HKEY_LOCAL_MACHINE
7_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
7_Name=MSDOG32
7_Value=lyloador.exe
8_HKey=HKEY_LOCAL_MACHINE
8_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
8_Name=MSDSG32
8_Value=lyloadar.exe
9_HKey=HKEY_LOCAL_MACHINE
9_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
9_Name=MSDHG32
9_Value=lyloadhr.exe
10_HKey=HKEY_LOCAL_MACHINE
10_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
10_Name=MSDQG32
10_Value=lyloadqr.exe
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
11_Name=visin
11_Value=c:\windows\system32\visin.exe
11_FileSize=25625
11_FileDate=2007-3-8 23:37:22
11_FileVersion=5.1.2600.0
11_FileCompanyName=Microsoft Corporation
12_HKey=HKEY_LOCAL_MACHINE
12_Key=Software\Microsoft\Windows NT\CurrentVersion\Windows
12_Name=load
12_Value=
13_HKey=HKEY_LOCAL_MACHINE
13_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
13_Name=run
13_Value=
14_HKey=HKEY_CURRENT_USER
14_Key=Software\Microsoft\Windows\CurrentVersion\Run
14_Name=ctfmon.exe
14_Value=c:\windows\system32\ctfmon.exe
14_FileSize=15360
14_FileDate=2005-4-14
14_FileVersion=5.1.2600.2180
14_FileCompanyName=Microsoft Corporation
15_HKey=HKEY_CURRENT_USER
15_Key=Software\Microsoft\Windows NT\CurrentVersion\Windows
15_Name=load
15_Value=
Max=15

[Process]
1_FileName=C:\WINDOWS\SYSTEM32\SMSS.EXE
1_FileSize=50688
1_FileDate=2005-4-14
1_FileVersion=5.1.2600.2180
1_FileCompanyName=Microsoft Corporation
2_FileName=C:\WINDOWS\SYSTEM32\CSRSS.EXE
2_FileSize=6144
2_FileDate=2005-4-14
2_FileVersion=5.1.2600.2180
2_FileCompanyName=Microsoft Corporation
3_FileName=C:\WINDOWS\SYSTEM32\WINLOGON.EXE
3_FileSize=487424
3_FileDate=2005-4-14
3_FileVersion=5.1.2600.2180
3_FileCompanyName=Microsoft Corporation
4_FileName=C:\WINDOWS\SYSTEM32\SERVICES.EXE
4_FileSize=108032
4_FileDate=2005-4-14
4_FileVersion=5.1.2600.2180
4_FileCompanyName=Microsoft Corporation
5_FileName=C:\WINDOWS\SYSTEM32\LSASS.EXE
5_FileSize=13312
5_FileDate=2005-4-14
5_FileVersion=5.1.2600.2180
5_FileCompanyName=Microsoft Corporation
6_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
6_FileSize=14336
6_FileDate=2005-4-14
6_FileVersion=5.1.2600.2180
6_FileCompanyName=Microsoft Corporation
7_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
7_FileSize=14336
7_FileDate=2005-4-14
7_FileVersion=5.1.2600.2180
7_FileCompanyName=Microsoft Corporation
8_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
8_FileSize=14336
8_FileDate=2005-4-14
8_FileVersion=5.1.2600.2180
8_FileCompanyName=Microsoft Corporation
9_FileName=C:\WINDOWS\EXPLORER.EXE
9_FileSize=976896
9_FileDate=2005-4-14
9_FileVersion=6.0.2900.2180
9_FileCompanyName=Microsoft Corporation
10_FileName=C:\PROGRAM FILES\SUPER RABBIT\MAGICSET\SRIEH.EXE
10_FileSize=792576
10_FileDate=2007-6-3 22:45:42
10_FileVersion=7.99.0.0
10_FileCompanyName=Super Rabbit Soft
11_FileName=[SYSTEM PROCESS]
Max=11

[Hosts]
HostsFile=C:\WINDOWS\system32\Drivers\Etc\Hosts
1_Host=127.0.0.1      localhost
Max=1

[Service]
1_ServiceName=5181C0A4
1_DisplayName=5181C0A4
1_Description=29886D40
1_Status=停止
1_StartType=已禁用
1_ServiceDll=
1_ImagePath=C:\WINDOWS\SYSTEM32\6EC8C0F0.EXE -K

2_ServiceName=919mm
2_DisplayName=Provisioning Transaction Service
2_Description=客户端和服务器之间的 NET SEND 和 Alerter 服务消息。此服务与 Windows Messenger 无关。如果服务停止,Alerter 消息不会被传输。如果服务被禁用,任何直接依赖于此服务的服务将无法启动。
2_Status=停止
2_StartType=已禁用
2_ServiceDll=
2_ImagePath=

3_ServiceName=AAA30D10
3_DisplayName=AAA30D10
3_Description=101132D8
3_Status=停止
3_StartType=自动
3_ServiceDll=
3_ImagePath=C:\WINDOWS\SYSTEM32\D4A5AA90.EXE -P

4_ServiceName=BRC_Services
4_DisplayName=BlackHole Remote Control Services
4_Description=BlackHole Remote Control Services
4_Status=停止
4_StartType=已禁用
4_ServiceDll=
4_ImagePath="C:\WINDOWS\SYSTEM32\BRC_SERVER.EXE" /SERVICE

5_ServiceName=kusn33sd
5_DisplayName=kusn33sd
5_Description=k1
5_Status=停止
5_StartType=自动
5_ServiceDll=
5_ImagePath=C:\WINDOWS\SYSTEM32\KUSN33SD.EXE -J

6_ServiceName=MSDebugsvc
6_DisplayName=Win32 Debug Service
6_Description=为计算机系统提供32位调试服务。如果此服务被禁用,所有明确依赖它的服务都将不能启动。
6_Status=停止
6_StartType=自动
6_ServiceDll=
6_ImagePath=C:\WINDOWS\SYSTEM32\RUNDLL32.EXE MSDEBUG.DLL,INPUT

7_ServiceName=msdmo
7_DisplayName=ms dmo
7_Description=msdmo
7_Status=停止
7_StartType=已禁用
7_ServiceDll=
7_ImagePath=C:\WINDOWS\SYSTEM32\MSDMO.EXE

8_ServiceName=ms_2fax
8_DisplayName=Fax 2Client
8_Description=
8_Status=停止
8_StartType=已禁用
8_ServiceDll=
8_ImagePath=

9_ServiceName=ose
9_DisplayName=Office Source Engine
9_Description=可保存用于更新和修复的安装文件,并且在下载安装程序更新和 Watson 错误报告时必须使用。
9_Status=停止
9_StartType=已禁用
9_ServiceDll=
9_ImagePath="C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\SOURCE ENGINE\OSE.EXE"

10_ServiceName=Plug Connection
10_DisplayName=Windows Connection Manager
10_Description=
10_Status=停止
10_StartType=已禁用
10_ServiceDll=
10_ImagePath=C:\WINDOWS\SYSTEM32\K11197779332.EXE

11_ServiceName=RsCCenter
11_DisplayName=Rising Process Communication Center
11_Description=
11_Status=停止
11_StartType=自动
11_ServiceDll=
11_ImagePath="D:\RISING\RAV\CCENTER.EXE"

12_ServiceName=RsRavMon
12_DisplayName=Rising RealTime Monitor
12_Description=
12_Status=停止
12_StartType=自动
12_ServiceDll=
12_ImagePath="D:\RISING\RAV\RAVMOND.EXE"

13_ServiceName=WinWLServiceNow
13_DisplayName=WinWLServiceNow
13_Description=
13_Status=停止
13_StartType=已禁用
13_ServiceDll=
13_ImagePath=

14_ServiceName=WinWMServiceNow
14_DisplayName=WinWMServiceNow
14_Description=
14_Status=停止
14_StartType=已禁用
14_ServiceDll=
14_ImagePath=

Max=14

[Driver]
1_ServiceName=BaseTDI
1_DisplayName=Rising TDI Base Driver
1_Description=
1_ServiceDll=
1_ImagePath=SYSTEM32\DRIVERS\BASETDI.SYS
2_ServiceName=bconusb
2_DisplayName=bconusb
2_Description=
2_ServiceDll=
2_ImagePath=C:\WINDOWS\SYSTEM32\MSCACHE\DISKMAN.SYS
3_ServiceName=Bluesky
3_DisplayName=Bluesky
3_Description=
3_ServiceDll=
3_ImagePath=C:\WINDOWS\SYSTEM32\WINCAB.SYS
4_ServiceName=CmBatt
4_DisplayName=Microsoft AC Adapter Driver
4_Description=
4_ServiceDll=
4_ImagePath=SYSTEM32\DRIVERS\CMBATT.SYS
5_ServiceName=E100B
5_DisplayName=Intel(R) PRO Adapter Driver
5_Description=
5_ServiceDll=
5_ImagePath=SYSTEM32\DRIVERS\E100B325.SYS
6_ServiceName=ev19x8mp
6_DisplayName=Creative SB AudioPCI Audio Driver (WDM)
6_Description=
6_ServiceDll=
6_ImagePath=SYSTEM32\DRIVERS\EV19X8MP.SYS
7_ServiceName=ExpScaner
7_DisplayName=ExpScaner
7_Description=
7_ServiceDll=
7_ImagePath=D:\RISING\RAV\EXPSCAN.SYS
8_ServiceName=HookCont
8_DisplayName=HookCont
8_Description=
8_ServiceDll=
8_ImagePath=D:\RISING\RAV\HOOKCONT.SYS
9_ServiceName=HookReg
9_DisplayName=HookReg
9_Description=
9_ServiceDll=
9_ImagePath=D:\RISING\RAV\HOOKREG.SYS
10_ServiceName=HookSys
10_DisplayName=HookSys
10_Description=
10_ServiceDll=
10_ImagePath=D:\RISING\RAV\HOOKSYS.SYS
11_ServiceName=MEMSCAN
11_DisplayName=MEMSCAN
11_Description=
11_ServiceDll=
11_ImagePath=D:\RISING\RAV\MEMSCAN.SYS
12_ServiceName=mspora
12_DisplayName=
12_Description=
12_ServiceDll=
12_ImagePath=SYSTEM32\DRIVERS\MSPORA.SYS
13_ServiceName=NPF
13_DisplayName=Netgroup Packet Filter
13_Description=
13_ServiceDll=
13_ImagePath=SYSTEM32\DRIVERS\NPF.SYS
14_ServiceName=npkycryp
14_DisplayName=npkycryp
14_Description=
14_ServiceDll=
14_ImagePath=C:\WINDOWS\SYSTEM32\NPKYCRYP.SYS
15_ServiceName=P3
15_DisplayName=Intel PentiumIII Processor Driver
15_Description=
15_ServiceDll=
15_ImagePath=SYSTEM32\DRIVERS\P3.SYS
16_ServiceName=RsAntiSpyware
16_DisplayName=RsAntiSpyware
16_Description=
16_ServiceDll=
16_ImagePath=SYSTEM32\DRIVERS\RSBOOT.SYS
17_ServiceName=RsNTGDI
17_DisplayName=RsNTGDI
17_Description=
17_ServiceDll=
17_ImagePath=SYSTEM32\DRIVERS\RSNTGDI.SYS
18_ServiceName=RSPPSYS
18_DisplayName=RSPPSYS
18_Description=
18_ServiceDll=
18_ImagePath=D:\RISING\RAV\RSPPSYS.SYS
19_ServiceName=smimini
19_DisplayName=
19_Description=
19_ServiceDll=
19_ImagePath=SYSTEM32\DRIVERS\SMIMINIB.SYS
Max=19

[END]
Max=1ÔìÖ|@w«ÒŠbbs.ikaka.com!†]VÜÉ 6¢
gototop
 

好不容易发完了,帮忙看看。还有就是在正常模式下不能打开网页,在带网络连接的安全模式下可以上网ÔìÖ|@w«ÒŠbbs.ikaka.com!†]VÜÉ 6¢
gototop
 

瑞星卡卡不能打开,冰刀打开出错,生成的检测报告是在安全模试下得到的不知道对生成的报告有没有影响ÔìÖ|@w«ÒŠbbs.ikaka.com!†]VÜÉ 6¢
gototop
 

怎么没人理我呀。还是我发错地方了,瑞星怎么杀病毒越杀越多了。昨天关机,今天早上再杀又有不少,都是worm.win32之类,还有trojan这种病毒,昨天我没上网,安全模式还是能进的,显示隐藏文件和文件夹也不见了,虽然按照网上流传的办法做了一遍还是没有解决。
昨天杀了好几遍才杀到一个病毒早上开机又杀出很多,每次瑞星都显示删除成功但是关机之后再开机病毒还会遍地开花。好像只杀了皮毛没有伤到病毒的精骨,这样杀起来真太累了。
ÔìÖ|@w«ÒŠbbs.ikaka.com!†]VÜÉ 6¢
gototop
 

引用:
【小乡飞花的贴子】怎么没人理我呀。还是我发错地方了,瑞星怎么杀病毒越杀越多了。昨天关机,今天早上再杀又有不少,都是worm.win32之类,还有trojan这种病毒,昨天我没上网,安全模式还是能进的,显示隐藏文件和文件夹也不见了,虽然按照网上流传的办法做了一遍还是没有解决。
昨天杀了好几遍才杀到一个病毒早上开机又杀出很多,每次瑞星都显示删除成功但是关机之后再开机病毒还会遍地开花。好像只杀了皮毛没有伤到病毒的精骨,这样杀起来真太累了。

………………

没错,是发错地方了,应该发到反病毒区。
顺便说下,你那些日志没用,试下SRENG扫描日志吧,发到反病毒区,以下是方法:
下载 System Repair Engineer系统扫描工具软件,下载地址如下:
http://www.kztechs.com/sreng/download.html
扫描和上传日志的方法:
1、解压缩所下载的sreng2.zip压缩包;
2、请确认当前你机的系统时间是和真实时间一致的,如果被病毒篡改为1980年、1990年、2005年等不正常的时间(这里先要排除主板电池没电的原因,辨别方法是看BIOS中的时间和登陆系统后系统显示的时间是否一致,如果不一致则为病毒影响,如果一致则可能电池没电),请双击系统托盘的时间图标将系统时间改为正常。
3、打开已经解压缩的SRENG文件夹,双击运行其中的SREng.exe(如果不能运行,请删除已经用压缩包解压的SRENG文件夹和其包含的所有文件,重新下载新的压缩包或用已下载的压缩包重新解压,解压时请将解压后的文件夹名改为111,解压后,进入111文件夹,不要运行其中的SREng.exe这个可执行文件,先将其直接改名为111.bat、111.scr、111.com或111.pif,或者改为111.exe,然后再双击运行);
4、依次按“智能扫描”、“扫描”、“保存报告”,将日志保存到硬盘上;
5、找到并打开日志,把日志中的内容用“复制”--“粘贴”命令拷贝到帖子上,不要修改地传上来(日志很长,一个帖子搞不完,请手动将全部内容分多个回复帖子传上来)。
友情提示:
1、扫描日志前关闭所有手工打开的软件(如QQ什么的)和窗口。
2、注意在没有进一步提示前,请勿用SRENG工具胡乱修复,否则系统可能变的情况更糟。
3、SRENG操作图文详解:http://forum.ikaka.com/topic.asp?board=67&artid=8125594

ÔìÖ|@w«ÒŠbbs.ikaka.com!†]VÜÉ 6¢
gototop
 

晕,WINRAR被瑞星杀坏了,不能用了,不过还是谢谢ÔìÖ|@w«ÒŠbbs.ikaka.com!†]VÜÉ 6¢
gototop
 
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT