杀毒后每次都找人看HijackThis日志,但怎么简单的看出,什么样的是正常的?
这次又中了
病毒 2006-01-15 20:25:31 C:\Program Files\qq\Setup_w0011\IExplorer.exe Win32.Troj.StartPage.c.40960 清除成功
病毒 2006-01-15 20:25:31 注册表查毒过程查到在位于 "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" 的键值 "IMJPMIG8.2" (键值数据为 "C:\Program Files\qq\Setup_w0011\IExplorer.exe" 含有病毒 Win32.Troj.StartPage.c.40960 键值已删除
病毒 2006-01-16 13:01:07 C:\WINDOWS\system32\dtse.dll Win32.Troj.DongTian.f.35840 清除成功
中间其他原因断过点,我自己看见HJ日志中01里全是乱码,就都修复了次。
Logfile of HijackThis v1.99.1
Scan saved at 12:57:06, on 2006-1-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\KAV2006\KWatch.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\KAV2006\KAVStart.exe
C:\WINDOWS\system32\ctfmon.exe
C:\KAV2006\KMailMon.EXE
C:\WINDOWS\system32\conime.exe
C:\KAV2006\KPfwSvc.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\KAV2006\KPFW32.EXE
D:\原程序\杀毒\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\安装2号Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll (file missing)
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll
O2 - BHO: MacroMediapd - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINDOWS\system32\microapmddt.dll
O4 - HKLM\..\Run: [Super Rabbit SRRestore] C:\anzhuang3\Super Rabbit\MagicSet\srrest.exe /autosave
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDATE\Update.exe
O4 - HKLM\..\Run: [res] C:\WINDOWS\system32\bsd.exe
O4 - HKLM\..\Run: [KavStart] "C:\KAV2006\KAVStart.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\安装二号传输工具\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\安装二号传输工具\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\安装二号传输工具\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\安装二号传输工具\Tencent\qq\SendMMS.htm
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll (file missing)
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll (file missing)
O9 - Extra button: 卓越 - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\WINDOWS\system32\IEPlugin.dll
O9 - Extra button: ZDNet - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\WINDOWS\system32\IEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{931B79DD-74D6-410B-BA2B-C6E33456EA32}: NameServer = 211.98.4.1 211.98.127.101
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\KAV2006\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\KAV2006\KWatch.EXE
现在日志如上。
请问是什么病毒?太麻烦的话又要装系统了,累哦
