Kabbah has been prompted early in the morning, the beginning of the "delete" Kabbah project, then only "restore" and "skip", the virus, from the Win3.exe has been changing, as long as you press skip, 20 seconds before the pop-up next combination. Fainted ...
There are pictures, this is what virus how to killing? There is no solution to the online search. Master Help. Thanks
Copy Code code as follows:
HIJACKTHIS_ZWW-Chinese version of the scan log V1.99.1
Saved in 11:01:38, date 2006-9-12
Operating system: Windows XP SP2 (WinNT 5.01.2600)
Browser: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Currently running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4mon.exe
C:\Program Files\kaspersky Lab\kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\tencent\qq\qq.exe
D:\Program files\ every day toy Net edition Popo\popo.exe
C:\Program Files\kaspersky Lab\kaspersky Anti-Virus 6.0\avp.exe
D:\Program Files\tencent\qq\timplatfrom.exe
C:\docume~1\xucx\locals~1\temp\win31.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win32.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win48.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win49.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win4a.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win4b.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win4c.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win4e.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win4f.exe
C:\WINDOWS\system32\winasse.exe
C:\WINDOWS\system32\svchost.exe
C:\docume~1\xucx\locals~1\temp\win50.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win52.exe
C:\WINDOWS\system32\winasse.exe
C:\Program files\internet Explorer\iexplore. Exe
C:\docume~1\xucx\locals~1\temp\win53.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win54.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win55.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win56.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win57.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win58.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win59.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win5a.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win5c.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win61.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win62.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win63.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win64.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win66.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win6a.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win6b.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win6c.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win6d.exe
C:\WINDOWS\system32\winasse.exe
C:\docume~1\xucx\locals~1\temp\win70.exe
C:\WINDOWS\system32\winasse.exe
C:\Program Files\winrar\winrar.exe
C:\docume~1\xucx\locals~1\temp\rar$ex00.419\hijackthis1991zww.exe
C:\docume~1\xucx\locals~1\temp\win71.exe
O4-Startup Item Hklm\\run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG. EXE "/spoil/remadvdef/migration32
O4-Startup Item Hklm\\run: [Phime2002async] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP. Exe/sync
O4-Startup Item Hklm\\run: [phime2002a] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP. Exe/imename
O4-Startup Item Hklm\\run: [Trackpointsrv] Tp4mon.exe
O4-Boot entry hklm\\run: [Kav] "C:\Program Files\kaspersky Lab\kaspersky Anti-Virus-6.0\avp.exe"
O4-Startup Item Hklm\\run: [POPO2004] D:\Program files\ every day Toys Web Edition Popo\start.exe
O4-hkcu\.. \run: [Ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4-hkcu\.. \run: [MSNMSGR] "C:\Program files\msn messenger\msnmsgr.exe"/background
O4-startup: Tencent Qq.lnk = D:\Program Files\tencent\qq\qq.exe
O4-global startup:microsoft Office.lnk = C:\Program Files\Microsoft Office\office\osa9. Exe
O8-ie the new item in the right-click menu: upload to QQ network hard drive-D:\Program files\tencent\qq\addtonetdisk.htm
O9-Browser Extra button: Web Antivirus protection-{1f460357-8a94-4d71-9ca3-aa4acf32ed8e}-C:\Program Files\kaspersky Lab\kaspersky 6. 0\scieplugin.dll
O14-iereset. Inf:start_page_url=about:blank
O16-DPF: {1e0dffcf-27ff-4574-849b-55007349feda} (Itruspta Class)-Https://img.alipay.com/download/1007/aliedit.cab
O17-hklm\system\ccs\services\tcpip\.. \{C212AC4E-3A7D-40B9-B9BC-5647968415B7}: NameServer = 61.144.56.100
O18-Enumerate existing protocols: Msnim-{828030a1-22c1-4009-854f-8e305202313f}-"C:\progra~1\msnmes~1\msgrapp.dll" (File missing)
O20-winlogon Notify:klogon-c:\windows\system32\klogon.dll
O23-NT Service: Kaspersky Anti-Virus software 6.0 (AVP)-Unknown owner-c:\program Files\kaspersky Lab\kaspersky Anti-Virus 6.0\avp.exe "-R" (fil E missing)
O23-NT Service: Kaspersky Anti-Virus software 6.0 (AVP)-Unknown owner-c:\program Files\kaspersky Lab\kaspersky Anti-Virus 6.0\avp.exe "-R" (fil E missing)
Repair
C:\WINDOWS\system32\winasse.exe
I'll check it out.
Solution in the previous article