主要症状是 打不开杀毒软件,防火墙,以及某些杀毒辅助的小工具,打不开带有“杀毒”“反病毒”等字样的窗口。安全模式被破坏,不能显示隐藏文件
昨天上千千静音得官方网站下载最新版本得安装文件 也不知道是安装文件得问题还是网页得问题 导致了上边的状况 我重新安装了系统 格式化了c盘 病毒还是在 郁闷
主要路径C:\Program Files\Common Files\System 也会自动关闭 请大哥门指点下怎么能彻底删除这个倒霉得病毒
普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SkyTel = SKYTEL.EXE
RTHDCPL = RTHDCPL.EXE
Alcmtr = ALCMTR.EXE
GBB36X Configure = C:\WINDOWS\SYSTEM32\JMRAIDTOOL.EXE BOOT
runeip = C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE
RavTask = "C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
KKDelay = C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNONCE.EXE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE
AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =
系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> WordPad.Document.1 = "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
其它启动项
D:\Autorun.inf
AUTORUN = hsomklg.exe
E:\Autorun.inf
AUTORUN = hsomklg.exe
F:\Autorun.inf
AUTORUN = hsomklg.exe
WIN.INI
无信息
SYSTEM.INI
SHELL = Explorer.exe
Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE
IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} = C:\PROGRA~1\FlashGet\jccatch.dll
Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{8250E155-B3B1-4B4C-AAC8-596DA8751AB3}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{8250E155-B3B1-4B4C-AAC8-596DA8751AB3}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A9AFDA98-DF59-46F6-B516-1B1E40B47F05}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A9AFDA98-DF59-46F6-B516-1B1E40B47F05}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{19878AD7-FA52-4308-AB02-B32194B54004}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{19878AD7-FA52-4308-AB02-B32194B54004}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
