【问题已经解决】帮忙看下还有没有病毒|-站长天下

首页 ┆ 文章中心 ┆ 下载中心 ┆ 娱乐八卦 ┆ 本站论坛 ┆ 拜仁联盟 ┆ 球迷社区 ┆ 博客日志 ┆ 建站服务 ┆ 域名抢注 ┆ 繁體中文

载入中…

E-mail:WebMaster#fcbu.com

\|	源码下载 \| 工具下载 \| 素材下载 \| 教程下载 \| ASP 源码 \| PHP 源码 \| JSP 源码 \| ASP 教程 \| .NET教程 \| PHP 教程 \| 服务器教程 \|
\|	网络资讯 \| 网站运营 \| 网页制作 \| 数据库 \| 网络编程 \| 图象媒体 \| 操作系统 \| 网络应用 \| 软件教学 \| 火爆影视 \| 五花八门\|
\|	电脑医院 \| 系统攻略 \| 网管技术 \| 电脑硬件 \| 软件天地 \| 网络知识 \| 网页制作 \| 编程讨论 \| 综合问题 \| 职场生涯 \| 数码手机\|

载入中…

当前位置:站长天下 -> 电脑医院 -> 【问题已经解决】帮忙看下还有没有病毒

【问题已经解决】帮忙看下还有没有病毒

作者：TTXS(Fcbu.Com)　　来源：互联网　　发表时间：2006-08-23　　

今天早上发现病毒，江民杀毒软件检测出有TrojanDownloader.Small.mf、TrojanDownloader.Adload.kc、TrojanDownloader.Agent.ads、TrojanDownloader.Agent.adi，删除一些临时文件重启后没有发现病毒，但只要一打开IE浏览器又发现病毒。后来发现spoolsv进程可疑，就把其启动项去掉并删除了c:\windows\system32\spoolsv文件夹，之后打开IE未发现病毒，请帮忙看看还有无病毒，附上扫描日志。
HijackThis_815汉化版扫描日志 V1.99.1
保存于　　　　11:03:34, 日期 2006-7-14
操作系统：　　Windows XP SP2 (WinNT 5.01.2600)
浏览器：　　 Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程：　　　　　　
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\KV2006\KVSrvXP.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\VIPTray.exe
C:\Program Files\KV2006\KVMonXP.kxp
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\KV2006\TrojDie.kxp
C:\Program Files\KV2006\KRegEx.exe
C:\Program Files\KV2006\UIHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\temp\realsched.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\wincup\wincup.exe
C:\Program Files\Tencent\TM\TMDlls\TM.exe
C:\Program Files\Tencent\TM\TMDlls\TIMPlatform.exe
E:\HijackThis汉华版\HijackThis1991zww.exe
R3 - URLSearchHook: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: BrowserHelper Class - {2D99E8F4-56B7-457B-9A92-61B5D247D263} - C:\WINDOWS\system32\WinDefendor.dll
O2 - BHO: FiltrateWebObj Class - {42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} - C:\Program Files\KV2006\kvbho.dll
O2 - BHO: IEYHlprObj Class - {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} - C:\WINDOWS\IEYHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O2 - BHO: MSHlper Class - {721E6521-4CAD-4A8D-A7F1-4E230B31EF19} - C:\WINDOWS\system32\MSHLP.DLL
O2 - BHO: CpapView Class - {77962960-536E-47EC-9DDB-52651519705F} - C:\WINDOWS\system32\cacb.dll
O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - C:\Program Files\KV2006\KvShell.dll
O2 - BHO: estAliveObj Class - {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} - C:\WINDOWS\estAlive.dll
O2 - BHO: iehelper - {C1DE9E98-839F-4055-AEDF-781852C25895} - C:\WINDOWS\system32\aperferer.dll
O2 - BHO: Yahoo Bar - {F60FAB6F-115D-4797-9ED1-89793B930876} - C:\WINDOWS\ODBINT.dll
O2 - BHO: google bar - {FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} - C:\WINDOWS\vwwreg.dll
O3 - IE工具栏增项: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - C:\Program Files\KV2006\KvShell.dll
O4 - 启动项HKLM\\Run: [KvMonXP> ＂C:\Program Files\KV2006\KVMonXP.kxp＂ /auto
O4 - 启动项HKLM\\Run: [spoolsv> C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - HKCU\..\Run: [KvXP> ＂C:\Program Files\KV2006\KvXP.kxp＂ /ScanBoot /ScanSys
O4 - HKCU\..\Run: [ctfmon.exe> C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: IE-BAR.lnk = C:\WINDOWS\system32\rundll32.exe
O8 - IE右键菜单中的新增项目: ＞＞彩信发送＜＜ - res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(＆X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - 浏览器额外的按钮: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - 浏览器额外的“工具”菜单项: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - 浏览器额外的按钮: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - 浏览器额外的“工具”菜单项: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: 易趣购物 - {DE607144-AC19-424e-863A-3D70ABDF119A} - (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {DE607144-AC19-424e-863A-3D70ABDF119A} - (file missing)
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAFF28C1-575A-47BF-9289-AD44B83A4AFB}: NameServer = 192.168.0.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\System32\stdup.dll
O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O21 - SSODL: SysTime - {724C75F1-B757-408D-A50A-4CF99DA35D73} - C:\PROGRA~1\WinKld\WinKld.dll
O23 - NT 服务: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - NT 服务: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - NT 服务: KVSrvXP - Jiangmin Co. Ltd - C:\Program Files\KV2006\KVSrvXP.exe
O23 - NT 服务: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - NT 服务: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - NT 服务: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation　　- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - NT 服务: VIPTray - Unknown owner - C:\WINDOWS\System32\VIPTray.exe
O23 - NT 服务: WinWrCup - MsWinCup - C:\WINDOWS\wincup\wincup.exe
O23 - NT 服务: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
[ 本帖最后由红桃jacker 于 2006-7-15 21:33 编辑 > O23 - NT 服务: VIPTray - Unknown owner - C:\WINDOWS\System32\VIPTray.exe
O23 - NT 服务: WinWrCup - MsWinCup - C:\WINDOWS\wincup\wincup.exe
O21 - SSODL: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\System32\stdup.dll
O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O21 - SSODL: SysTime - {724C75F1-B757-408D-A50A-4CF99DA35D73} - C:\PROGRA~1\WinKld\WinKld.dll
O4 - Global Startup: IE-BAR.lnk = C:\WINDOWS\system32\rundll32.exe
O4 - 启动项HKLM\\Run: [spoolsv> C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
R3 - URLSearchHook: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: BrowserHelper Class - {2D99E8F4-56B7-457B-9A92-61B5D247D263} - C:\WINDOWS\system32\WinDefendor.dll
O2 - BHO: IEYHlprObj Class - {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} - C:\WINDOWS\IEYHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O2 - BHO: MSHlper Class - {721E6521-4CAD-4A8D-A7F1-4E230B31EF19} - C:\WINDOWS\system32\MSHLP.DLL
O2 - BHO: CpapView Class - {77962960-536E-47EC-9DDB-52651519705F} - C:\WINDOWS\system32\cacb.dll
O2 - BHO: estAliveObj Class - {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} - C:\WINDOWS\estAlive.dll
O2 - BHO: iehelper - {C1DE9E98-839F-4055-AEDF-781852C25895} - C:\WINDOWS\system32\aperferer.dll 谢谢版主的回复，另还有不明之处。
O23 - NT 服务: VIPTray - Unknown owner - C:\WINDOWS\System32\VIPTray.exe
O23 - NT 服务: WinWrCup - MsWinCup - C:\WINDOWS\wincup\wincup.exe
O21 - SSODL: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\System32\stdup.dll
O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O21 - SSODL: SysTime - {724C75F1-B757-408D-A50A-4CF99DA35D73} - C:\PROGRA~1\WinKld\WinKld.dll
O4 - Global Startup: IE-BAR.lnk = C:\WINDOWS\system32\rundll32.exe
O4 - 启动项HKLM\\Run: [spoolsv> C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
上面的几个是流氓软件吧，是不是强行删除。
R3 - URLSearchHook: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: BrowserHelper Class - {2D99E8F4-56B7-457B-9A92-61B5D247D263} - C:\WINDOWS\system32\WinDefendor.dll
O2 - BHO: IEYHlprObj Class - {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} - C:\WINDOWS\IEYHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O2 - BHO: MSHlper Class - {721E6521-4CAD-4A8D-A7F1-4E230B31EF19} - C:\WINDOWS\system32\MSHLP.DLL
O2 - BHO: CpapView Class - {77962960-536E-47EC-9DDB-52651519705F} - C:\WINDOWS\system32\cacb.dll
O2 - BHO: estAliveObj Class - {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} - C:\WINDOWS\estAlive.dll
O2 - BHO: iehelper - {C1DE9E98-839F-4055-AEDF-781852C25895} - C:\WINDOWS\system32\aperferer.dll
这几个如何操作，望版主明示。正常情况下，进程中不会显示C:\WINDOWS\system32\rundll32.exe进程，如果有的话，就有不正常的了，这里应该是哑虎的原因，删除所有哑虎相关和3721流氓吧 O23 - NT 服务: VIPTray - Unknown owner - C:\WINDOWS\System32\VIPTray.exe
O23 - NT 服务: WinWrCup - MsWinCup - C:\WINDOWS\wincup\wincup.exe
关闭服务，强行删除文件，
O21 - SSODL: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\System32\stdup.dll
qq相关，直接修复
O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
直接修复
O21 - SSODL: SysTime - {724C75F1-B757-408D-A50A-4CF99DA35D73} - C:\PROGRA~1\WinKld\WinKld.dll
直接修复后借助汉化版killbox 强行删除这dll文件
R3 - URLSearchHook: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
直接修复
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll
卸载啥桌面传媒
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: BrowserHelper Class - {2D99E8F4-56B7-457B-9A92-61B5D247D263} - C:\WINDOWS\system32\WinDefendor.dll
O2 - BHO: IEYHlprObj Class - {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} - C:\WINDOWS\IEYHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O2 - BHO: MSHlper Class - {721E6521-4CAD-4A8D-A7F1-4E230B31EF19} - C:\WINDOWS\system32\MSHLP.DLL
O2 - BHO: CpapView Class - {77962960-536E-47EC-9DDB-52651519705F} - C:\WINDOWS\system32\cacb.dll
O2 - BHO: iehelper - {C1DE9E98-839F-4055-AEDF-781852C25895} - C:\WINDOWS\system32\aperferer.dll
直接修复，借助汉化版killbox删除对应文件或看到俺在二楼提出的问题，一个一个摆渡一下。谢谢版主，按版主所说的操作后的扫描结果。有点郁闷，其实我已经删除了桌面的那个软件，扫描时还是会出现。桌面那个软件是流氓软件，不能卸载，用了非法手段才把它删了。附扫描报告
ijackThis_815汉化版扫描日志 V1.99.1
保存于　　　　15:12:36, 日期 2006-7-14
操作系统：　　Windows XP SP2 (WinNT 5.01.2600)
浏览器：　　 Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程：　　　　　　
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\KV2006\KVSrvXP.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\KV2006\KVMonXP.kxp
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\KV2006\TrojDie.kxp
C:\Program Files\KV2006\KRegEx.exe
C:\Program Files\KV2006\UIHost.exe
E:\HijackThis汉华版\HijackThis1991zww.exe
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll (file missing)
O2 - BHO: FiltrateWebObj Class - {42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} - C:\Program Files\KV2006\kvbho.dll
O2 - BHO: 网络加速 - {5673A7C0-95CC-4646-BB07-3BD71234CEF9} - C:\WINDOWS\system32\wuwebex.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (file missing)
O2 - BHO: estAliveObj Class - {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} - C:\WINDOWS\estAlive.dll
O2 - BHO: Yahoo Bar - {F60FAB6F-115D-4797-9ED1-89793B930876} - C:\WINDOWS\ODBINT.dll
O2 - BHO: google bar - {FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} - C:\WINDOWS\vwwreg.dll
O3 - IE工具栏增项: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - C:\Program Files\KV2006\KvShell.dll
O4 - 启动项HKLM\\Run: [KvMonXP> ＂C:\Program Files\KV2006\KVMonXP.kxp＂ /auto
O4 - 启动项HKLM\\Run: [BuildBU> ; c:\dell\bldbubg.exe
O4 - 启动项HKLM\\Run: [CAP2ON> ; C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAP2ONN.EXE
O4 - 启动项HKLM\\Run: [CTSVolFE.exe> ; ＂C:\Program Files\Creative\Mixer\CTSVolFE.exe＂ /r
O4 - 启动项HKLM\\Run: [Dell QuickSet> ; C:\Program Files\Dell\QuickSet\quickset.exe
O4 - 启动项HKLM\\Run: [Device Detector> ; ＂C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe＂ -autorun
O4 - 启动项HKLM\\Run: [DLA> ; C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - 启动项HKLM\\Run: [DMXLauncher> ; C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - 启动项HKLM\\Run: [igfxhkcmd> ; C:\WINDOWS\system32\hkcmd.exe
O4 - 启动项HKLM\\Run: [igfxpers> ; C:\WINDOWS\system32\igfxpers.exe
O4 - 启动项HKLM\\Run: [igfxtray> ; C:\WINDOWS\system32\igfxtray.exe
O4 - 启动项HKLM\\Run: [IMJPMIG8.1> ; ＂C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE＂ /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [IMSCMig> ; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [IntelWireless> ; ＂C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe＂ /tf Intel PROSet/Wireless
O4 - 启动项HKLM\\Run: [IntelZeroConfig> ; ＂C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe＂
O4 - 启动项HKLM\\Run: [ISUSPM Startup> ; C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - 启动项HKLM\\Run: [ISUSScheduler> ; ＂C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe＂ -start
O4 - 启动项HKLM\\Run: [PHIME2002A> ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [PHIME2002ASync> ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [SigmatelSysTrayApp> ; stsystra.exe
O4 - 启动项HKLM\\Run: [StormCodec_Helper> ; ＂C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe＂ /S /opti
O4 - 启动项HKLM\\Run: [SunJavaUpdateSched> ; C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - 启动项HKLM\\Run: [SynTPEnh> ; C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [KvXP> ＂C:\Program Files\KV2006\KvXP.kxp＂ /ScanBoot /ScanSys
O4 - HKCU\..\Run: [ctfmon.exe> C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart> ; C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [ModemOnHold> ; C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS> ; ＂C:\Program Files\Messenger\msmsgs.exe＂ /background
O9 - 浏览器额外的按钮: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - 浏览器额外的“工具”菜单项: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: 比较购物搜索 - {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\YayaBands.dll
O9 - 浏览器额外的“工具”菜单项: The AskYaya VerticalBar - {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\YayaBands.dll
O9 - 浏览器额外的按钮: 易趣购物 - {DE607144-AC19-424e-863A-3D70ABDF119A} - (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {DE607144-AC19-424e-863A-3D70ABDF119A} - (file missing)
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的按钮: 时尚精品，体验快感 - {6E5EECAF-8879-4a75-8A88-B44B6382A763} - (file missing) (HKCU)
O9 - 浏览器额外的“工具”菜单项: 易趣时尚购物 - {6E5EECAF-8879-4a75-8A88-B44B6382A763} - (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAFF28C1-575A-47BF-9289-AD44B83A4AFB}: NameServer = 192.168.0.1
O23 - NT 服务: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - NT 服务: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - NT 服务: KVSrvXP - Jiangmin Co. Ltd - C:\Program Files\KV2006\KVSrvXP.exe
O23 - NT 服务: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - NT 服务: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - NT 服务: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation　　- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - NT 服务: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll (file missing)
用hijackthis直接修复
O2 - BHO: Yahoo Bar - {F60FAB6F-115D-4797-9ED1-89793B930876} - C:\WINDOWS\ODBINT.dll
这楼主准备保留？
O4 - 启动项HKLM\\Run: [StormCodec_Helper> ; ＂C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe＂ /S /opti
O4 - HKCU\..\Run: [eMuleAutoStart> ; C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [MSMSGS> ; ＂C:\Program Files\Messenger\msmsgs.exe＂ /background
建议修复，没有必要开机就启动
O4 - 启动项HKLM\\Run: [igfxhkcmd> ; C:\WINDOWS\system32\hkcmd.exe
O4 - 启动项HKLM\\Run: [igfxpers> ; C:\WINDOWS\system32\igfxpers.exe
O4 - 启动项HKLM\\Run: [igfxtray> ; C:\WINDOWS\system32\igfxtray.exe
建议修复
O2 - BHO: 网络加速 - {5673A7C0-95CC-4646-BB07-3BD71234CEF9} - C:\WINDOWS\system32\wuwebex.dll
这不知道有没有作用？
所有后缀(file missing)的直接修复正常情况下，进程中不会显示C:\WINDOWS\system32\rundll32.exe进程，如果有的话，就有不正常的了，这里应该是哑虎的原因，删除所有哑虎相关和3721流氓吧呵呵，谢谢版主，附最新扫描日志。今天换了杀毒软件，换了卡巴斯基的，速度比以前快。
HijackThis_815汉化版扫描日志 V1.99.1
保存于　　　　11:37:36, 日期 2006-7-15
操作系统：　　Windows XP SP2 (WinNT 5.01.2600)
浏览器：　　 Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程：　　　　　　
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tencent\TM\TMDlls\TM.exe
C:\Program Files\Tencent\TM\TMDlls\TIMPlatform.exe
C:\Program Files\Thunder Network\Thunder\Thunder.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
E:\HijackThis\HijackThis1991zww.exe
O2 - BHO: 网络加速 - {5673A7C0-95CC-4646-BB07-3BD71234CEF9} - C:\WINDOWS\system32\wuwebex.dll
O2 - BHO: IEYHlprObj Class - {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} - C:\WINDOWS\IEYHelper.dll
O2 - BHO: estAliveObj Class - {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} - C:\WINDOWS\estAlive.dll
O4 - 启动项HKLM\\Run: [BuildBU> ; c:\dell\bldbubg.exe
O4 - 启动项HKLM\\Run: [CAP2ON> ; C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAP2ONN.EXE
O4 - 启动项HKLM\\Run: [CTSVolFE.exe> ; ＂C:\Program Files\Creative\Mixer\CTSVolFE.exe＂ /r
O4 - 启动项HKLM\\Run: [Dell QuickSet> ; C:\Program Files\Dell\QuickSet\quickset.exe
O4 - 启动项HKLM\\Run: [Device Detector> ; ＂C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe＂ -autorun
O4 - 启动项HKLM\\Run: [DLA> ; C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - 启动项HKLM\\Run: [DMXLauncher> ; C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - 启动项HKLM\\Run: [IMJPMIG8.1> ; ＂C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE＂ /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [IMSCMig> ; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [IntelWireless> ; ＂C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe＂ /tf Intel PROSet/Wireless
O4 - 启动项HKLM\\Run: [IntelZeroConfig> ; ＂C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe＂
O4 - 启动项HKLM\\Run: [ISUSPM Startup> ; C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - 启动项HKLM\\Run: [ISUSScheduler> ; ＂C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe＂ -start
O4 - 启动项HKLM\\Run: [PHIME2002A> ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [PHIME2002ASync> ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [SigmatelSysTrayApp> ; stsystra.exe
O4 - 启动项HKLM\\Run: [SunJavaUpdateSched> ; C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - 启动项HKLM\\Run: [SynTPEnh> ; C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - 启动项HKLM\\Run: [Thunder> ＂C:\Program Files\Thunder Network\Thunder\ThunderShell.exe＂ /s
O4 - HKCU\..\Run: [ctfmon.exe> C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold> ; C:\Program Files\NetWaiting\netWaiting.exe
O8 - IE右键菜单中的新增项目: ＆使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: ＆使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O9 - 浏览器额外的按钮: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - 浏览器额外的“工具”菜单项: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: 比较购物搜索 - {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\YayaBands.dll
O9 - 浏览器额外的“工具”菜单项: The AskYaya VerticalBar - {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\YayaBands.dll
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAFF28C1-575A-47BF-9289-AD44B83A4AFB}: NameServer = 192.168.0.1
O23 - NT 服务: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - NT 服务: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - NT 服务: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - NT 服务: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - NT 服务: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - NT 服务: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation　　- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - NT 服务: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

打印本文　

返回顶部　

加入收藏　

广告位招租

上一篇：【已解决】高手就命啊

下一篇：【问题已经解决】关于杀木马软件Ewido安装后上不了网的问题

关于本站 - 网站帮助 - 广告合作 - 下载声明 - 友情连接 - 网站地图 - 管理登录
联系方式

联系方式

Copyright © 2004-2007 FCBU.Com All Rights Reserved.
版权所有:『站长天下』新凌讯网络;保留所有权利. 赣ICP备05002812