杭州交通信息网柯桥蓝天市心广场:开机出现两个iexplore.exe进程,关不掉,高手帮忙!
来源:百度文库 编辑:杭州交通信息网 时间:2024/05/02 04:59:00
用hijackthis扫描了,结果如下
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\hlx\ha_hijackthis_1991\HijackThis.exe
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - d:\PROGRA~1\chinanet\VNETTR~1.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - E:\新建文件夹 (2)\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{B130E638-0C6E-4D92-877B-CE434097D807}: NameServer = 61.147.37.1 61.177.7.1
O20 - AppInit_DLLs: KB72896M.LOG
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: VKTServ - Unknown owner - C:\WINNT\system32\VKTServ.exe (file missing)
因为两个进程都运行在一个文件夹,而且是正常的但是开机就出现我觉得一定是病毒,因为以前没有过,我今天只装了联众的麻将游戏然后自动重新启动,以后就出现了,两个进程都关不掉,请高手帮忙搞定。到处复制别人帖子的爬!
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\hlx\ha_hijackthis_1991\HijackThis.exe
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - d:\PROGRA~1\chinanet\VNETTR~1.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - E:\新建文件夹 (2)\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{B130E638-0C6E-4D92-877B-CE434097D807}: NameServer = 61.147.37.1 61.177.7.1
O20 - AppInit_DLLs: KB72896M.LOG
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: VKTServ - Unknown owner - C:\WINNT\system32\VKTServ.exe (file missing)
因为两个进程都运行在一个文件夹,而且是正常的但是开机就出现我觉得一定是病毒,因为以前没有过,我今天只装了联众的麻将游戏然后自动重新启动,以后就出现了,两个进程都关不掉,请高手帮忙搞定。到处复制别人帖子的爬!
去安全模式用
ewido 4.0 中文注册版去安全模式杀毒,
最好的杀木马广告自动免费升级软件ewido4.0
下载地址:http://0633.96.cn
一定会搞定的,ewido 4.0的杀木马能力真的很好,卡巴都杀不掉的,ewido 4.0就可以,下载解压,双击下设置.bat即可,不用安装,之后打开升级,然后杀毒,注册码里面附带
O23 - Service: VKTServ - Unknown owner - C:\WINNT\system32\VKTServ.exe (file missing)
木马程序,开始\运行\services.msc\找到VKTserv服务,禁止
hj修复此项
好热闹哦,现在人要上网,不会杀毒的可真够惨的。