中科新闻网网络通信安全管理员:hijackthis 请高手一名
来源:百度文库 编辑:中科新闻网 时间:2024/05/01 12:28:46
HijackThis@Qoo的扫描日志 V1.97.7
Scan saved at 13:49:27, on 2006-3-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\eMule\eMule.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files(2)\tencent\QQ\QQ.exe
D:\Program Files(2)\tencent\QQ\TIMPlatform.exe
F:\新建 公文包\QQPetNurse.exe
D:\Program Files\Winamp\winamp.exe
D:\Program Files(2)\tencent\TT\TTraveler.exe
E:\Program Files\木马杀客2\mmsk.exe
D:\15中上网必备\恶意代码查看工具.EXE
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [eMuleAutoStart] E:\eMule\eMule.exe -AutoStart
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: dxva_sig.txt
O4 - Startup: ntuser.dat
O4 - Startup: ntuser.pol
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files(2)\tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files(2)\tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files(2)\tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files(2)\tencent\QQ\SendMMS.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
Scan saved at 13:49:27, on 2006-3-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\eMule\eMule.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files(2)\tencent\QQ\QQ.exe
D:\Program Files(2)\tencent\QQ\TIMPlatform.exe
F:\新建 公文包\QQPetNurse.exe
D:\Program Files\Winamp\winamp.exe
D:\Program Files(2)\tencent\TT\TTraveler.exe
E:\Program Files\木马杀客2\mmsk.exe
D:\15中上网必备\恶意代码查看工具.EXE
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [eMuleAutoStart] E:\eMule\eMule.exe -AutoStart
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: dxva_sig.txt
O4 - Startup: ntuser.dat
O4 - Startup: ntuser.pol
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files(2)\tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files(2)\tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files(2)\tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files(2)\tencent\QQ\SendMMS.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: dxva_sig.txt
O4 - Startup: ntuser.dat
O4 - Startup: ntuser.pol
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
如上的全部要修复。(安全模式下)
ps:日志还没发完整
将你的完整日志发在病毒吧
http://post.baidu.com/f?kw=%B2%A1%B6%BE