========Title========
【求助】病毒~真烦人
========Content========
我的电脑最近每隔一段时间就有人喊话:“我如果真的是孙悟空话,就不会在这被你耍了,我一定会…… ”再过一段时间又有人唱歌:"爱我别走,你听我说,如果你不爱我."杀毒和清除恶意软件都到找不到,求助各位大哥高手出招,小弟万分感谢!!
登录项:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
+ rdpclip RDP Clip Monitor Microsoft Corporation C:\WINDOWS\system32\RDPCLIP.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
+ C:\WINDOWS\system32\userinit.exe Userinit Logon Application Microsoft Corporation C:\WINDOWS\SYSTEM32\USERINIT.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
+ Explorer.exe Windows Explorer Microsoft Corporation C:\WINDOWS\EXPLORER.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ RavTask RavTimer Beijing Rising Technology Co., Ltd. D:\瑞星杀毒\RAVTASK.EXE
+ runeip Rising AntiSpyware Monitor Beijing Rising Technology Co., Ltd. C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
+ KKDelay RunOnce Application Beijing Rising Technology Co., Ltd. C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNONCE.EXE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ ctfmon.exe CTF Loader Microsoft Corporation C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\WINDOWS\SYSTEM.INI
+ shell Windows Explorer Microsoft Corporation C:\WINDOWS\EXPLORER.EXE
应用程序劫持项:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
+ Your Image File Name Here without a path Symbolic Debugger for Windows 2000 Microsoft Corporation C:\WINDOWS\system32\NTSD.EXE
引导执行:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\BootExecute
+ autocheck autochk * Auto Check Utility Microsoft Corporation C:\WINDOWS\system32\AUTOCHK.EXE
+ bsmain BootScan Beijing Rising Technology Co., Ltd. C:\WINDOWS\system32\BSMAIN.EXE
+ KKNative.exe NativeAp Beijing Rising Technology Co., Ltd. C:\WINDOWS\SYSTEM32\KKNATIVE.EXE
IE浏览器插件:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects
+ 超级兔子上网精灵 HaoKanBar Toolbar Module Xiang Feng Technology D:\兔子魔法\HAOKANBAR.DLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks
+ Microsoft Url 搜索挂接 Shell Doc
Object and Control Library Microsoft Corporation C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
+ 超级兔子上网精灵 HaoKanBar Toolbar Module Xiang Feng Technology D:\兔子魔法\HAOKANBAR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
+ 每日提示(&T) Shell Doc
Object and Control Library Microsoft Corporation C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
登录通知项:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
+ logonui.exe Windows Logon UI Microsoft Corporation C:\WINDOWS\SYSTEM32\LOGONUI.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ crypt32chain Crypto API32 Microsoft Corporation C:\WINDOWS\SYSTEM32\CRYPT32.DLL
+ cryptnet Crypto Network Related API Microsoft Corporation C:\WINDOWS\SYSTEM32\CRYPTNET.DLL
+ cscdll Offline Network Agent Microsoft Corporation C:\WINDOWS\SYSTEM32\CSCDLL.DLL
+ ScCertProp Common DLL to receive Winlogon notifications Microsoft Corporation C:\WINDOWS\SYSTEM32\WLNOTIFY.DLL
+ Schedule Common DLL to receive Winlogon notifications Microsoft Corporation C:\WINDOWS\SYSTEM32\WLNOTIFY.DLL
+ sclgntfy Secondary Logon Service Notification DLL Microsoft Corporation C:\WINDOWS\SYSTEM32\SCLGNTFY.DLL
+ SensLogn Common DLL to receive Winlogon notifications Microsoft Corporation C:\WINDOWS\SYSTEM32\WLNOTIFY.DLL
+ termsrv Common DLL to receive Winlogon notifications Microsoft Corporation C:\WINDOWS\SYSTEM32\WLNOTIFY.DLL
+ wlballoon Common DLL to receive Winlogon notifications Microsoft Corporation C:\WINDOWS\SYSTEM32\WLNOTIFY.DLL
HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE
+ C:\WINDOWS\system32\ssmypics.scr My Pictures Slideshow Screensaver Microsoft Corporation C:\WINDOWS\SYSTEM32\SSMYPICS.SCR
资源管理器插件:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0
ABOUT:HOME.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ 显示摇曳 CPL 扩展 DESKPAN.DLL
+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. C:\WINDOWS\SYSTEM32\HTICONS.DLL
+ RealOne Player Context Menu Class RealPlayer Shell Extensions RealNetworks, Inc. C:\PROGRAM FILES\REAL\REALPLAYER\RPSHELL.DLL
+ WinRAR C:\PROGRAM FILES\WINRAR\RAREXT.DLL
