瑞星已经杀掉该毒了,可是重启后,实时监控就不能启动了,手动启动也不好使!
进程中出现两个陌生的项目ptool32和lscnty!防火墙也说有重大错误,打不开了!
重新安装后也只有重启前好使一次!!ptool32程序总是要求连接www.jpzb.com网站!
位置在system32文件夹里,可是怎么都找不到该文件啊~~~隐藏文件早就显示了,
在安全状态下也找不到!!
注册表里有关于ptool32的项目都已经删掉了,可是还是不好使啊~~~
各位大侠帮帮忙吧!!!至少让实时监控能打开运行啊
下面是我的HijackThis结果:
Logfile of HijackThis v1.99.1
Scan saved at 14:01:12, on 2005-10-5
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ptool32.exe
C:\WINDOWS\System32\lscnty.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Kingsoft\kingplayer2003\cdsprite.exe
D:\NORMAL\瑞星杀毒\RAV\RAVTIMER.EXE
D:\NORMAL\瑞星杀毒\RAV\RAVMON.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
D:\normal\防火墙\FIREWALL\PFW.exe
D:\normal\tencent\TT\TTraveler.exe
C:\WINDOWS\System32\mdm.exe
D:\normal\冲击波专杀\HijackThis 1.99.1\HijackThis\HijackThis.exe
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v4.dll
O2 - BHO: WebMiscItem Class - {3CD4296F-6CC3-11D9-B888-000C299AA719} - C:\WINDOWS\system32\WebMisc.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\normal\flashget\FLASHGET\jccatch.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\PROGRA~1\Kingsoft\FASTAI~1\IEBand.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\normal\flashget\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [kpcdst] C:\Program Files\Kingsoft\kingplayer2003\cdsprite.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MS-4011 Memory Patch] D:\normal\冲击波专杀\RavSasser.exe -Patch
O4 - HKLM\..\Run: [RavTimer] D:\NORMAL\瑞星杀毒\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] D:\NORMAL\瑞星杀毒\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [StormCodec_Helper] "D:\给狂侠的软件\暴风影音\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: 使用网际快车下载 - D:\normal\flashget\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\normal\flashget\FlashGet\jc_all.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.thtfpc.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{C116D38B-0C9A-4972-9D07-4A48561236D6}: NameServer = 202.98.0.86 202.98.5.86
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
