高考问答动漫图片男生高清壁纸:hijackthis扫描报告 大虾帮忙分析
来源:百度文库 编辑:高考问答 时间:2024/04/20 16:11:03
Scan saved at 10:29:33, on 2006-8-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\VM_STI.EXE
C:\WINPENJR\win32\pphidpad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINPENJR\Win32\PenKeybd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Founder\Emergency Center\Hotkey.exe
C:\PROGRA~1\founder\IP_Phone\slpc.exe
D:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\founder\LOCALS~1\Temp\Rar$EX79.797\HijackThis.exe
F3 - REG:win.ini: run=C:\WINPENJR\win32\custom.exe
F2 - REG:system.ini: UserInit=userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\nfdlf.exe
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - (no file)
O2 - BHO: FltSetUp Class - {1D49D58D-5C84-4B50-8359-D9809BEB2B32} - C:\Program Files\Internet Explorer\Connection Wizard\icwuti1.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: IEHlprObj Class - {D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF} - C:\Progra~1\NetMeeting\conf.dll
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKLM\..\Run: [kc32update] rundll32 C:\WINDOWS\system32\kc32update.dll,AppMain
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: 蒙恬快速键.lnk = ?
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: 江民在线杀毒 - {06926B30-424E-4f1c-8EE3-543CD96573DC} - http://online.jiangmin.com/online.asp (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
怀疑为病毒.正常的应该是小写的
F3 - REG:win.ini: run=C:\WINPENJR\win32\custom.exe
F2 - REG:system.ini: UserInit=userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\nfdlf.exe
F3里的custom.exe 对应的是F2里的nfdlf.exe启动项目,请搞清楚nfdlf.exe是什么,如果不是自己想打开的程序,建议删掉.因为nfdlf.exe在你的userinit.exe(用户启动登陆文件)后面+了个尾巴.
再看02里面:
NO1:xunleibho_v14.dll 迅雷IE辅助(不管它)
NO2:Tencent Browser Helper腾讯搜索引擎(NOTHING)
NO3:FltSetUp Class恶意广告这个要删
NO4:QQIEHelperQQ网络助手
NO5:IEHlprObj Classhk582病毒(具体删除方法网上有,这里我懒得说了)
04里面:
NO1:USB PC Camera(USB设相头驱动)
NO2:kc32update.dll(病毒,名字为Troj_DLOADER.kc32 自己去找删除方法)
NO3:RavTask.exe(瑞星)
NO4:pphidpad(也是设想头工具)
NO5:ctfmon(OFFICE XP工具)
后面基本没什么了,一共发现一个疑似木马,一个病毒,请注意查杀,有什么问题可以联系我QQ:278528554
C:\WINDOWS\system32\rundll32.exe
F2 - REG:system.ini: UserInit=userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\nfdlf.exe
tbcaaa8@tom.com
很正常嘛,没什么问题