电脑中木马病毒,因急用电脑,寻找各位大侠的紧急帮助!!!!日志附下:
启动项报告: 2006-07-20, 22:55:06
启动项扫描器版本: 1.52.2
开始于: D:\anquan\Hijackthis1991zww\HijackThis1991zww.EXE
系统检测: Windows 2000 SP4 (WinNT 5.00.2195)
系统检测: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* 使用默认选项
==================================================
当前运行的进程:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\CAPRPCSK.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\NOTEPAD.EXE
D:\anquan\Hijackthis1991zww\HijackThis1991zww.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\ChinaNet\VnetClient.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\SYSTEM32\Userinit.exe,
--------------------------------------------------
Load/Run keys from C:\WINNT\WIN.INI:
load=* 未找到INI相关项目值 *
run=* 未找到INI相关项目值 *
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *
HKLM\..\Windows\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *
HKLM\..\Windows\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *
HKCU\..\Windows\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *
HKCU\..\Windows\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: load=
HKLM\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
外壳扩展和屏幕保护程序的键值 从 C:\WINNT\SYSTEM.INI:
Shell=* 未找到INI相关项目值 *
SCRNSAVE.EXE=* 未找到INI相关项目值 *
drivers=* 未找到INI相关项目值 *
外壳扩展和屏幕保护程序的键值 从 注册表
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINNT\system32\花的屛保[1].scr
drivers=* 未找到相关注册表键值 *
Policies Shell key:
HKCU\..\Policies: Shell=* 未找到相关注册表键值 *
HKLM\..\Policies: Shell=* 未找到相关注册表键值 *
--------------------------------------------------
列举下载的程序文件:
[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
[Shockwave Flash
Object]
InProcServer32 = C:\WINNT\system32\Macromed\Flash\Flash9.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
--------------------------------------------------
列举 Winsock LSP 文件:
Protocol #1: C:\WINNT\xboxcenter.dll
Protocol #2: C:\WINNT\xboxcenter.dll
Protocol #3: C:\WINNT\xboxcenter.dll
Protocol #4: C:\WINNT\xboxcenter.dll
Protocol #5: C:\WINNT\xboxcenter.dll
--------------------------------------------------
列举 ShellService
ObjectDelayLoad 项目:
Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
WebCheck: C:\WINNT\system32\webcheck.dll
SysTray: st
object.dll
--------------------------------------------------
报告完毕,共 4,316 字节
报告生成用时:0.016秒
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
