麻烦大家看看我日志我电脑是中毒了吗 ? bbs.ikaka.com

elvira - 2006-1-27 4:06:00

HijackThis_815汉化版扫描日志 V1.99.1
保存于 3:57:22, 日期 2006-1-27
操作系统： Windows XP SP2 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\Rundll32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\KAV6\KAVSvc.EXE
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\KAV6\Kulansyn.EXE
D:\KAV6\KpopMon.EXE
D:\KAV6\KWatchUI.EXE
D:\KAV6\KAVPFW.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
D:\KAV6\MailMon.EXE
D:\WINDOWS\system32\rundll32.exe
D:\KAV6\KAVPlus.EXE
D:\Program Files\ChinaNet\VnetClient.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\MSN\MSNCoreFiles\msn6.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
F:\Program Files\FlashGet\flashget.exe
F:\Program Files\RealPlay.exe
F:\Program Files\Tencent\2006\QQ.exe
F:\Program Files\Tencent\2006\TIMPlatform.exe
F:\Program Files\Tencent\2006\QQ.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\rundll32.exe
D:\Documents and Settings\01\桌面\HijackThis1991汉化版\HijackThis1991zww.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - D:\WINDOWS\system32\xunleibho_v13.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - d:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - F:\Program Files\Tencent\2006\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - D:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - F:\PROGRA~1\FLASHGET\JCCATCH.DLL
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: MSN 工具栏 - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar\01.01.1601.0\zh-cn\msntb.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] ; D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [SysExplr] ; f:\HEROSOFT\Hero3000\SYSEXPLR.EXE
O4 - 启动项HKLM\\Run: [KAVRun] D:\KAV6\KAVRun.EXE
O4 - 启动项HKLM\\Run: [Kulansyn] D:\KAV6\Kulansyn.EXE
O4 - 启动项HKLM\\Run: [KpopMon] D:\KAV6\KpopMon.EXE
O4 - 启动项HKLM\\Run: [iDuba Personal FireWall] D:\KAV6\KAVPFW.EXE
O4 - 启动项HKLM\\Run: [QuickTime Task] "H:\canon修改声音录象\qttask.exe" -atboottime
O4 - 启动项HKLM\\Run: [msnappau] ; "D:\Program Files\MSN Apps\Updater\01.02.0002.1001\zh-cn\msnappau.exe"
O4 - 启动项HKLM\\Run: [EPSON Stylus C43 Series] ; D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O6 "USB001" /M "Stylus C43"
O4 - 启动项HKLM\\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [DAEMON Tools-1033] ; "H:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - 启动项HKLM\\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - 启动项HKLM\\Run: [helper.dll] ; D:\WINDOWS\system32\rundll32.exe D:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKCU\..\Run: [iDuba Personal FireWall] D:\KAV6\KAVPFW.EXE
O4 - Startup: 腾讯QQ.lnk = F:\Program Files\Tencent\2006\QQ.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - F:\Program Files\Tencent\2006\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - F:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - F:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - F:\Program Files\Tencent\2006\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - F:\Program Files\Tencent\2006\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - F:\Program Files\Tencent\2006\SendMMS.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{D68F36E3-45D5-4373-AFBE-CA9EBF949BE5}: NameServer = 218.30.19.40 61.134.1.4
O23 - NT 服务: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - NT 服务: Kingsoft AntiVirus Service (KAVSvc) - kingsoft Antivirus - D:\KAV6\KAVSvc.EXE

麻烦大家帮我看看弹跳网页频率很快而且跳出的网址不是一些广告或者垃圾网站大多MICROSOFT INTERNET EXPLORER标题的我用的杀毒软件防火墙都没有提示有病毒~!
最近我用电驴比较多跟电驴有关系吗?
而且网页不是一直跳它是如果每次跳跳的很凶一秒种能跳出几个一会就跳出几十个都来不及关但是今天只跳过2会似乎每次BBS回帖之后跳的~!很奇怪~~!
麻烦大家帮我看看 ~!想想解决办法~!这是木马病毒吗?能不能彻底解决这个问题~!

魔法学徒 - 2006-1-27 8:07:00

log无异常

麦黄火烧 - 2006-1-27 8:08:00

让魔法兄来看！

elvira - 2006-1-27 15:12:00

HijackThis_815汉化版扫描日志 V1.99.1
保存于 20:40:15, 日期 2006-1-26
操作系统： Windows XP SP2 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\Rundll32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\KAV6\KAVSvc.EXE
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\KAV6\Kulansyn.EXE
D:\KAV6\KpopMon.EXE
D:\KAV6\KWatchUI.EXE
D:\KAV6\KAVPFW.EXE
H:\canon修改声音录象\qttask.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
D:\KAV6\MailMon.EXE
D:\WINDOWS\system32\rundll32.exe
D:\KAV6\KAVPlus.EXE
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\ChinaNet\VnetClient.exe
F:\Program Files\Tencent\2006\QQ.exe
F:\Program Files\Tencent\2006\TIMPlatform.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\System32\svchost.exe
F:\Program Files\FlashGet\flashget.exe
D:\Documents and Settings\01\桌面\HB_Hijackthis1991zww8152.exe
D:\Documents and Settings\01\桌面\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - D:\WINDOWS\system32\xunleibho_v13.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - d:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - F:\Program Files\Tencent\2006\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - D:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - F:\PROGRA~1\FLASHGET\JCCATCH.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - D:\WINDOWS\DOWNLO~1\CnsHook.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: MSN 工具栏 - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar\01.01.1601.0\zh-cn\msntb.dll
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll (file missing)
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] ; D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [SysExplr] ; f:\HEROSOFT\Hero3000\SYSEXPLR.EXE
O4 - 启动项HKLM\\Run: [KAVRun] D:\KAV6\KAVRun.EXE
O4 - 启动项HKLM\\Run: [Kulansyn] D:\KAV6\Kulansyn.EXE
O4 - 启动项HKLM\\Run: [KpopMon] D:\KAV6\KpopMon.EXE
O4 - 启动项HKLM\\Run: [iDuba Personal FireWall] D:\KAV6\KAVPFW.EXE
O4 - 启动项HKLM\\Run: [QuickTime Task] "H:\canon修改声音录象\qttask.exe" -atboottime
O4 - 启动项HKLM\\Run: [msnappau] ; "D:\Program Files\MSN Apps\Updater\01.02.0002.1001\zh-cn\msnappau.exe"
O4 - 启动项HKLM\\Run: [EPSON Stylus C43 Series] ; D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O6 "USB001" /M "Stylus C43"
O4 - 启动项HKLM\\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [YLive.exe] D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [DAEMON Tools-1033] ; "H:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - 启动项HKLM\\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - 启动项HKLM\\Run: [helper.dll] ; D:\WINDOWS\system32\rundll32.exe D:\PROGRA~1\3721\helper.dll,Rundll32
O4 - 启动项HKLM\\Run: [CnsMin] Rundll32.exe D:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKCU\..\Run: [iDuba Personal FireWall] D:\KAV6\KAVPFW.EXE
O4 - Startup: 腾讯QQ.lnk = F:\Program Files\Tencent\2006\QQ.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - F:\Program Files\Tencent\2006\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - F:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - F:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - F:\Program Files\Tencent\2006\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - F:\Program Files\Tencent\2006\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - F:\Program Files\Tencent\2006\SendMMS.htm
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll/246
O9 - 浏览器额外的按钮: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=209660_1006 (file missing)
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - 浏览器额外的按钮: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=?allyesPara=816 (file missing)
O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] 上网助手-地址栏搜索
O16 - DPF: {098A3F72-3110-4004-B954-2F9DC44934B4} (AddSHCARoot Control) - http://vchat.xaonline.com/AddSHCARootCert.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://cn.download.yahoo.com/dl/install/yinst0401.cab
O16 - DPF: {5467862B-C477-437F-886E-EC5006B37DCA} (PwdEdit Control) - https://business.cmbc-online.com.cn:8103/PwdEdit.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.imageus.cn/common/ImageUploader3.cab
O16 - DPF: {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} (Kingsoft DUBA OnlineScan) - http://online.kingsoft.com/antiscan/kavclean.cab
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D68F36E3-45D5-4373-AFBE-CA9EBF949BE5}: NameServer = 218.30.19.40 61.134.1.4
O23 - NT 服务: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - NT 服务: Kingsoft AntiVirus Service (KAVSvc) - kingsoft Antivirus - D:\KAV6\KAVSvc.EXE

这是我最开始出现弹跳网页的日志楼上的是我修复了部分之后的日志 ~

今天偶一开机旧出来一个记事本标题是desktop.ini-记事本内容是[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
不知道什么意思

偶电脑是不是中病毒了????

闪电风暴 - 2006-1-27 17:58:00

把流氓软件清理一下

elvira - 2006-1-27 18:36:00

不好意思什么是流氓软件???

HijackThis_815汉化版扫描日志 V1.99.1
保存于 16:30:11, 日期 2006-1-27
操作系统： Windows XP SP2 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\KAV6\Kulansyn.EXE
D:\KAV6\KpopMon.EXE
H:\canon修改声音录象\qttask.exe
D:\KAV6\KWatchUI.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\NIW.exe
D:\KAV6\MailMon.EXE
D:\KAV6\KAVPlus.EXE
D:\Program Files\ChinaNet\VnetClient.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\01\桌面\HijackThis1991汉化版\HijackThis1991zww.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - D:\WINDOWS\system32\xunleibho_v13.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - d:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - F:\Program Files\Tencent\2006\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - D:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - F:\PROGRA~1\FLASHGET\JCCATCH.DLL
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: MSN 工具栏 - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar\01.01.1601.0\zh-cn\msntb.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] ; D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [SysExplr] ; f:\HEROSOFT\Hero3000\SYSEXPLR.EXE
O4 - 启动项HKLM\\Run: [KAVRun] D:\KAV6\KAVRun.EXE
O4 - 启动项HKLM\\Run: [Kulansyn] D:\KAV6\Kulansyn.EXE
O4 - 启动项HKLM\\Run: [KpopMon] D:\KAV6\KpopMon.EXE
O4 - 启动项HKLM\\Run: [iDuba Personal FireWall] D:\KAV6\KAVPFW.EXE
O4 - 启动项HKLM\\Run: [QuickTime Task] "H:\canon修改声音录象\qttask.exe" -atboottime
O4 - 启动项HKLM\\Run: [msnappau] ; "D:\Program Files\MSN Apps\Updater\01.02.0002.1001\zh-cn\msnappau.exe"
O4 - 启动项HKLM\\Run: [EPSON Stylus C43 Series] ; D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O6 "USB001" /M "Stylus C43"
O4 - 启动项HKLM\\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [DAEMON Tools-1033] ; "H:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - 启动项HKLM\\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - 启动项HKLM\\Run: [helper.dll] ; D:\WINDOWS\system32\rundll32.exe D:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKCU\..\Run: [iDuba Personal FireWall] D:\KAV6\KAVPFW.EXE
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NIW] D:\WINDOWS\NIW.exe
O4 - Startup: 腾讯QQ.lnk = F:\Program Files\Tencent\2006\QQ.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - F:\Program Files\Tencent\qq正式版\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - F:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - F:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - F:\Program Files\Tencent\qq正式版\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - F:\Program Files\Tencent\qq正式版\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - F:\Program Files\Tencent\qq正式版\SendMMS.htm
O23 - NT 服务: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - NT 服务: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe

这是今天的日志

之后我按这个方法执行""""看看你的进程里有没有NIW.EXE 和%Windows%下有没有NIW.EXE文件.

98系统的:先使用任意一个结束进程的工具,把 NIW.EXE 进程结束掉(这时候千万别再打开记事本,因为病毒文件与修改了记事本的关联,打开记事本就会再次启动NIW.EXE进程),然后把C:\Windows\System\impai.exe 删掉,然后再把 C:\windows\NIW.EXE 删掉,这时候差不多了!再试试打开记事本看看,已经是打不开的了!最后是修复注册表的文件关联,先打开regedit.exe注册表,展开到 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command
把右边的 "默认"字符串值改为: c:\windows\notepad.exe
最后.分别展开到HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
把 NIW.EXE 删除,到这里完全清除了,最后重新启动系统.
XP系统的:和98差不多,可以用自带的任务管理器结束掉NIW.EXE进程. """"""""""""""""""""""""""""

偶照我上边帖的办法操作
有2个没有操作成功具体是
D:\WINDOWS\SYSTEM\IMPAI.EXE 没有删除因为这个文件夹没有找到这个文件
还有就是注册表里边的HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 也没有删除删除因为注册表里也没找到
其他项都按照上边操作了然后现在开机还是会出现记事本标题是desktop.ini-记事本内容是[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787

下边是我抓图任务管理器里边的进程

下边我再扫一下日志
日志弹出记事本已经是空白的了所以我抓的图

现在我该怎么办机子还是有问题的~!

瑞星卡卡安全论坛