瑞星的 RavMond.exe 总是占100%的资源咋个办?? bbs.ikaka.com

btwolf03 - 2005-8-15 23:17:00

谢谢大侠们

garnett21 - 2005-8-15 23:24:00

卸载干净然后重装一下，杀毒试下

btwolf03 - 2005-8-16 0:18:00

谢谢另外查出来俩病毒 Trojan.DL.Agent.vs

Backdoor.Gpigeon.5.bz 这都是什么病毒?? 第一个搞定了第二个不知道是不是灰鸽子变种啊?

魔法学徒 - 2005-8-16 0:29:00

是灰鸽子

请参考

灰鸽子2005手工查杀方法总结
http://219.238.233.252/topic.asp?board=28&artid=5666824

借助IceSword杀死“灰鸽子2005”
http://219.238.233.252/topic.asp?board=28&artid=6043640

btwolf03 - 2005-8-16 0:37:00

O17 - HKLM\System\CCS\Services\Tcpip\..\{5DC22205-2202-4669-9C7D-4849482CE723}: NameServer = 210.82.8.1,210.82.5.1
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - e:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

可是我找不到啊我以前也种过灰鸽子但是这回的跟上回都不一样另外第一个病毒是不是直接查杀就搞定??

魔法学徒 - 2005-8-16 0:49:00

请将瑞星的杀毒日志以及完整的LOG贴上来

btwolf03 - 2005-8-16 0:54:00

Logfile of HijackThis v1.99.1
Scan saved at 0:52:58, on 2005-8-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
E:\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\JJOL\IME\JJSvr.EXE
E:\Maxthon\Maxthon.exe
E:\Tencent\qq\QQ.exe
E:\Tencent\qq\TIMPlatform.exe
F:\BitTorrent\btdownloadgui.exe
C:\WINDOWS\system32\conime.exe
C:\Documents and Settings\user\桌面\1903632005219183744\HijackThis.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v4.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\FlashGet\fgiebar.dll
O3 - Toolbar: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINDOWS\WORLD2\TOOLBAR\hmtoolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [StorageGuard] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: 使用网际快车下载 - E:\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Tencent\qq\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\浩方对战平台\GameClient.exe
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Tencent\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Tencent\qq\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FlashGet\flashget.exe
O9 - Extra button: 易趣购物 - {EE60714F-AC19-427e-861A-FD60ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {EE60714F-AC19-427e-861A-FD60ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A2D850D-D25F-48A1-BF92-4EB99B706F7D}: NameServer = 210.82.5.1 202.106.196.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DC22205-2202-4669-9C7D-4849482CE723}: NameServer = 210.82.8.1,210.82.5.1
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - e:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

btwolf03 - 2005-8-16 0:55:00

2005-06-20 12:56:11 实时监控 1 1\
2005-06-20 13:00:18 手动扫描 5 5\182952
2005-06-20 13:32:26 手动扫描 0 0\677
2005-06-20 14:09:37 快捷扫描 0 0\1
2005-06-20 14:26:01 手动扫描 0 0\641
2005-06-20 14:27:00 快捷扫描 0 0\641
2005-06-20 17:44:28 实时监控 2 1\
2005-06-20 18:02:18 快捷扫描 0 0\7
2005-06-20 18:02:25 快捷扫描 0 0\3
2005-06-20 18:12:36 手动扫描 1 1\181232
2005-06-20 19:11:05 快捷扫描 0 0\1
2005-06-20 20:33:19 快捷扫描 0 0\1
2005-06-20 21:16:38 屏幕保护 0 0\2
2005-06-20 22:06:27 屏幕保护 0 0\2877
2005-06-20 22:23:07 屏幕保护 0 0\36501
2005-06-21 00:30:19 实时监控 2 1\
2005-06-21 01:15:49 手动扫描 0 0\329
2005-06-21 01:16:14 手动扫描 1 1\37365
2005-06-21 01:24:02 手动扫描 0 0\
2005-06-21 08:16:47 手动扫描 0 0\1
2005-06-21 08:16:57 快捷扫描 0 0\1
2005-06-21 09:01:05 屏幕保护 0 0\14039
2005-06-21 10:31:21 屏幕保护 0 0\3497
2005-06-21 10:43:28 屏幕保护 0 0\8979
2005-06-21 16:34:15 快捷扫描 0 0\3
2005-06-21 16:45:56 快捷扫描 0 0\1
2005-06-21 19:39:33 快捷扫描 0 0\16
2005-06-22 17:30:19 快捷扫描 0 0\1
2005-06-22 21:44:39 快捷扫描 0 0\1
2005-06-22 22:47:51 快捷扫描 0 0\1
2005-06-22 22:47:59 快捷扫描 0 0\1
2005-06-22 22:48:06 快捷扫描 0 0\1
2005-06-22 23:58:36 快捷扫描 0 0\1
2005-06-24 21:00:19 快捷扫描 0 0\72
2005-06-25 19:02:19 快捷扫描 0 0\13
2005-06-25 21:07:51 快捷扫描 0 0\1
2005-06-25 21:15:44 快捷扫描 0 0\3
2005-06-25 21:15:57 快捷扫描 0 0\3
2005-06-25 21:32:19 快捷扫描 0 0\1
2005-06-25 21:54:33 快捷扫描 0 0\1
2005-06-26 18:10:39 快捷扫描 2 2\23
2005-06-26 18:10:58 快捷扫描 0 0\21
2005-06-28 10:14:57 快捷扫描 0 0\9
2005-06-28 19:28:29 快捷扫描 0 0\1
2005-06-28 19:34:18 快捷扫描 0 0\1
2005-06-28 21:21:31 手动扫描 0 0\1
2005-06-28 21:21:47 快捷扫描 0 0\1
2005-07-01 18:54:05 快捷扫描 0 0\1
2005-07-03 19:22:13 快捷扫描 0 0\1
2005-07-06 16:40:00 快捷扫描 0 0\4
2005-07-07 22:48:37 手动扫描 0 0\1
2005-07-07 22:48:44 快捷扫描 0 0\1
2005-07-07 23:11:04 手动扫描 0 0\1
2005-07-08 23:52:43 快捷扫描 0 0\17
2005-07-09 23:58:00 快捷扫描 0 0\21
2005-07-10 00:57:23 快捷扫描 0 0\1
2005-07-12 02:22:25 快捷扫描 2 2\11
2005-07-12 02:22:58 快捷扫描 0 0\5
2005-07-12 02:23:04 快捷扫描 0 0\5
2005-07-12 02:23:44 快捷扫描 0 0\1
2005-07-12 02:24:22 快捷扫描 0 0\9
2005-07-12 02:24:30 快捷扫描 0 0\9
2005-07-12 03:38:51 实时监控 2 2\
2005-07-12 03:40:58 实时监控 3 2\
2005-07-12 03:41:27 手动扫描 3 3\178236
2005-07-12 15:14:19 实时监控 1 1\
2005-07-12 15:18:42 手动扫描 0 0\178219
2005-07-13 12:48:42 实时监控 3 2\
2005-07-13 12:50:48 快捷扫描 0 0\1
2005-07-13 12:53:05 实时监控 2 2\
2005-07-13 16:00:01 实时监控 1 1\
2005-07-13 20:02:31 实时监控 1 1\
2005-07-14 02:49:36 快捷扫描 0 0\1
2005-07-14 02:51:07 快捷扫描 0 0\1
2005-07-14 16:09:16 快捷扫描 0 0\46
2005-07-14 17:50:39 实时监控 1 1\
2005-07-14 17:53:22 实时监控 1 1\
2005-07-14 18:18:58 实时监控 1 1\
2005-07-15 01:36:04 实时监控 1 1\
2005-07-15 12:12:30 实时监控 1 1\
2005-07-15 15:04:21 实时监控 1 1\
2005-07-15 17:07:58 实时监控 1 1\
2005-07-15 17:08:12 实时监控 1 1\

btwolf03 - 2005-8-16 0:55:00

2005-07-15 17:08:44 手动扫描 53 53\175615
2005-07-15 17:51:08 实时监控 3 2\
2005-07-15 17:51:31 手动扫描 2 2\175553
2005-07-15 18:21:59 手动扫描 0 0\
2005-07-15 18:23:33 实时监控 1 1\
2005-07-15 18:24:09 手动扫描 0 0\175543
2005-07-15 18:58:49 实时监控 1 1\
2005-07-15 21:01:52 手动扫描 0 0\22752
2005-07-16 11:38:22 实时监控 1 1\
2005-07-16 11:48:47 手动扫描 0 0\180446
2005-07-16 12:22:48 实时监控 1 1\
2005-07-16 16:44:57 实时监控 1 1\
2005-07-16 16:45:23 系统启动扫毒 0 0\486
2005-07-16 16:45:54 手动扫描 0 0\182037
2005-07-16 20:25:47 实时监控 1 1\
2005-07-16 23:54:51 实时监控 1 1\
2005-07-17 19:37:59 快捷扫描 0 0\8
2005-07-18 17:46:48 手动扫描 0 0\1
2005-07-18 17:47:14 快捷扫描 0 0\1
2005-07-18 18:03:42 快捷扫描 0 0\4
2005-07-18 18:04:42 手动扫描 0 0\4
2005-07-18 18:05:03 快捷扫描 0 0\4
2005-07-18 19:31:34 快捷扫描 0 0\8
2005-07-19 18:57:25 快捷扫描 0 0\1
2005-07-20 01:05:19 快捷扫描 0 0\1
2005-07-20 01:15:08 快捷扫描 0 0\1
2005-07-20 01:19:06 快捷扫描 0 0\1
2005-07-20 01:20:07 快捷扫描 0 0\1
2005-07-20 01:23:40 快捷扫描 0 0\1
2005-07-20 01:23:46 快捷扫描 0 0\1
2005-07-20 01:29:13 快捷扫描 0 0\2
2005-07-20 01:34:38 快捷扫描 0 0\1
2005-07-20 01:50:17 快捷扫描 0 0\1
2005-07-20 15:21:56 快捷扫描 0 0\24
2005-07-20 15:41:52 手动扫描 0 0\4
2005-07-21 00:34:06 手动扫描 0 0\1
2005-07-22 21:49:19 快捷扫描 0 0\1
2005-07-22 22:11:26 快捷扫描 0 0\1
2005-07-22 22:41:05 快捷扫描 0 0\1
2005-07-23 00:55:00 快捷扫描 0 0\1
2005-07-23 22:24:58 快捷扫描 0 0\1
2005-07-27 00:00:00 实时监控 1 1\
2005-07-27 00:17:46 手动扫描 0 0\179369
2005-08-02 23:13:38 快捷扫描 0 0\1
2005-08-04 21:44:47 手动扫描 0 0\1
2005-08-04 21:45:20 快捷扫描 0 0\1
2005-08-06 15:29:12 手动扫描 0 0\3
2005-08-07 11:15:39 快捷扫描 0 0\14
2005-08-14 16:10:52 手动扫描 0 0\1
2005-08-14 16:16:45 手动扫描 0 0\1
2005-08-14 16:22:14 手动扫描 0 0\3
2005-08-15 12:19:21 手动扫描 0 0\3
2005-08-15 21:09:41 手动扫描 2 2\171760
2005-08-15 21:48:13 手动扫描 0 0\
2005-08-15 23:34:35 快捷扫描 0 0\34561
2005-08-16 00:02:35 手动扫描 0 0\1
2005-08-16 00:40:19 快捷扫描 0 0\12

魔法学徒 - 2005-8-16 1:01:00

修复
O3 - Toolbar: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINDOWS\WORLD2\TOOLBAR\hmtoolbar.dll
删除
C:\WINDOWS\WORLD2\整个目录

请将您查到那两个病毒的杀毒日志贴上来

btwolf03 - 2005-8-16 1:06:00

处理结果发现日期扫描方式路径文件病毒来源
删除成功 05-08-15 21:34 手动扫描 C:\WINDOWS windows.exe>>Unpack\本机

处理结果发现日期扫描方式路径文件病毒来源
删除成功 05-08-15 21:32 手动扫描 C:\WINDOWS\system32aclayer.exe\本机

魔法学徒 - 2005-8-16 1:13:00

显示已清除，应该没问题。

btwolf03 - 2005-8-16 1:14:00

嗯但是上回的灰鸽子用瑞星直接杀完还有然后才用那种方法杀的这回的我瑞星杀完从启好几遍都没有所以上来问问我以为是变种

魔法学徒 - 2005-8-16 1:20:00

灰鸽子的变种较多，有一些瑞星可直接清除

btwolf03 - 2005-8-16 1:25:00

好的谢谢您

bobo无极限 - 2005-8-16 2:25:00

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [StorageGuard] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

您觉得您的机器慢吗?

btwolf03 - 2005-8-16 20:04:00

慢啊有什么办法解决吗??? 是不是自动加载的软件太多了 ? 我的是IBM的笔记本

好多程序我也不敢关啊您能给些建议吗?

bobo无极限 - 2005-8-16 20:28:00

O17 - HKLM\System\CCS\Services\Tcpip\..\{3A2D850D-D25F-48A1-BF92-4EB99B706F7D}: NameServer = 210.82.5.1 202.106.196.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DC22205-2202-4669-9C7D-4849482CE723}: NameServer = 210.82.8.1,210.82.5.1

不知道为什么有两个不相同的本机网络设置

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - e:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O9 - Extra button: 易趣购物 - {EE60714F-AC19-427e-861A-FD60ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {EE60714F-AC19-427e-861A-FD60ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)

请修复此项

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
这个不知道是不是你自己装的

bobo无极限 - 2005-8-16 20:30:00

本人也是菜鸟

别的看不出什么

btwolf03 - 2005-8-16 20:32:00

那个是我小区宽带的设置没什么问题谢谢

瑞星卡卡安全论坛