高考问答删除分区后数据恢复:有没有人遇到这个病毒
来源:百度文库 编辑:高考问答 时间:2024/04/29 16:27:32
Logfile of HijackThis v1.97.7
Scan saved at 11:25:20, on 2006-6-14
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\Explorer.EXE
C:\Program Files\Maxthon\Max.exe
D:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\hijackthis\HijackThis.exe
R3 - URLSearchHook: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: ????? - {6B2455FD-3669-4555-8DF8-69FD5BC846F8} - D:\WINNT\system32\SystemToolbar.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [kav] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [cof.updit] Visu0dll.exe
O4 - HKLM\..\RunServices: [cof.updit] Visu0dll.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: ntuser.pol
O4 - Global Startup: ntuser.pol
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\tencent\QQ\SendMMS.htm
O9 - Extra button: Web Anti-Virus (HKLM)
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
其中的[cof.updit] Visu0dll.exe就是病毒程序,我把进程结束,删除源文件,结果重启后还出现,进入安全模式也不行,把注册表锁掉还是不行,他会自动安装进去.......有没有人友好的解决办法或者相同经历啊~~~
这东西越来越疯狂,开始只是一个小进程,现在反复删除几次居然开始发作,cpu使用率100%了,杀度软件根本找不到他!!!
HijackThis.exe是系统扫描软件不是病毒!我要杀的是Visu0dll.exe 根本就没招了,杀了就出来
Scan saved at 11:25:20, on 2006-6-14
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\Explorer.EXE
C:\Program Files\Maxthon\Max.exe
D:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\hijackthis\HijackThis.exe
R3 - URLSearchHook: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: ????? - {6B2455FD-3669-4555-8DF8-69FD5BC846F8} - D:\WINNT\system32\SystemToolbar.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [kav] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [cof.updit] Visu0dll.exe
O4 - HKLM\..\RunServices: [cof.updit] Visu0dll.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: ntuser.pol
O4 - Global Startup: ntuser.pol
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\tencent\QQ\SendMMS.htm
O9 - Extra button: Web Anti-Virus (HKLM)
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
其中的[cof.updit] Visu0dll.exe就是病毒程序,我把进程结束,删除源文件,结果重启后还出现,进入安全模式也不行,把注册表锁掉还是不行,他会自动安装进去.......有没有人友好的解决办法或者相同经历啊~~~
这东西越来越疯狂,开始只是一个小进程,现在反复删除几次居然开始发作,cpu使用率100%了,杀度软件根本找不到他!!!
HijackThis.exe是系统扫描软件不是病毒!我要杀的是Visu0dll.exe 根本就没招了,杀了就出来
HijackThis.exe是什么东东?没有见过这样的名字呀!你可以参考一下我的经历http://hsteach.vicp.net/system%20explore/system_question/killhuigezi
虽然病毒名可能不一样,但我想你一定能把病毒解决掉的!