以下是扫描的日志,hosts文件中有几处被改,大侠们看看是哪个病毒?哪些可以删掉呢?谢谢了!
Logfile of HijackThis v1.99.1
Scan saved at 21:00:07, on 2006-10-12
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Rising\Rav\CCenter.exe
D:\Program Files\Rising\Rav\Ravmond.exe
D:\Program Files\Rising\Rav\RavStub.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\soundman.exe
D:\PROGRA~1\KV2005\KVSrvXP.exe
D:\Program Files\联想\联想键盘驱动\Ps2Kbdriver.exe
E:\程序\FireWall\PFWMain.exe
D:\Program Files\Rising\Rav\RavService.exe
D:\Program Files\Rising\Rav\RavTray.exe
D:\Program Files\联想\联想键盘驱动\TGESrvLogon.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rav\Ravmon.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe
D:\WINDOWS\System32\rundll32.exe
C:\Program Files\eMule\emule.exe
D:\Program Files\KV2005\KVCenter.kxp
D:\WINDOWS\System32\DllHost.exe
D:\Program Files\KV2005\KvXP.kxp
D:\WINDOWS\msagent\AgentSvr.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\hua\ha_hijackthis_1991\HijackThis.exe
R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
O1 - Hosts: 59.34.148.98 www.hao123.com
O1 - Hosts: 59.34.148.98 www.4199.com
O1 - Hosts: 59.34.148.98 www.9505.com
O1 - Hosts: 59.34.148.98 www.7322.com
O1 - Hosts: 218.5.76.175 www.huoche.com.cn
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - D:\Program Files\P4P\sodaie.dll (file missing)
O2 - BHO: (no name) - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - (no file)
O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - D:\Program Files\KV2005\KvShell.dll
O2 - BHO: FlashGet Soft - {827311F0-5C31-4748-86B5-77332CA557F2} - D:\WINDOWS\System32\win32api.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - F:\lNetTransport\NetTransport\NTIEHelper.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - D:\Program Files\KV2005\KvShell.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [HuaShanTGEKBDPS2] D:\Program Files\联想\联想键盘驱动\Ps2Kbdriver.exe
O4 - HKLM\..\Run: [SKYNET Personal FireWall] E:\程序\FireWall\PFWMain.exe
O4 - HKLM\..\Run: [RavTray] "D:\Program Files\Rising\Rav\RavTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RavTask] "D:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [6646789] D:\WINDOWS\System32\6646789.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [KvXP] D:\Program Files\KV2005\KvXP.kxp /ScanBoot /ScanSys
O4 - Global Startup: IE-Bar.lnk = D:\Program Files\Common Files\IE-Bar\iebar.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用迅雷下载 - F:\新建文件夹\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - F:\新建文件夹\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - F:\hua\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用影音传送带下载 - F:\lNetTransport\NetTransport\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - F:\lNetTransport\NetTransport\NTAddList.html
O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - F:\hua\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - F:\hua\QQ\AddEmotion.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: 江民在线杀毒 - {06926B30-424E-4f1c-8EE3-543CD96573DC} - http://online.jiangmin.com/online.asp (file missing)
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\浩方对战平台\gameclient.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\JetCar-v1.65\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\JetCar-v1.65\flashget.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\kvwspxp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\kvwspxp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\kvwspxp.dll
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} (BlueskyVideo Control) - http://www.bluesky.cn/download/v2_60.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} - http://61.152.96.82:1995/talk.cab
O16 - DPF: {88734439-46D0-42C0-A13F-7E881EE550CF} (Filetran Control) - http://www.bluesky.cn/download/filetran.cab
O16 - DPF: {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} (LiveMediaOcx Control) - http://dl_dir.qq.com/qqtv/QQLiveOcxSetup.exe
O16 - DPF: {991481A7-4669-4E15-8C24-100404E1F5CB} (Blueskyvoice Control) - http://www.bluesky.cn/download/blueskyvoice_60.cab
O16 - DPF: {BA0F088C-72C1-475A-92F8-42391DEF6961} (Blueskyvoice Control) - http://www.bluesky.cn/download/blueskyvoice_27.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan
Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} (KvScanOnline Control) - http://online.jiangmin.com/KvDown.cab
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} - http://218.85.138.27/vqqsdl1009.cab
O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} - http://xbs.mtree.com/mt/dialers/fc/MultiDistFC.CAB
O20 - Winlogon Notify: ZGNotify - D:\WINDOWS\MyNotification.dll
O21 - SSODL: DLMon - {590498A3-4131-4D8F-BA4B-36791A0803B1} - D:\WINDOWS\System32\DLMain.dll (file missing)
O21 - SSODL: DVDBurn - {790448C3-4239-45AF-C98B-367991A8B103} - D:\WINDOWS\Downloaded Program Files\AfxEdit.dll (file missing)
O23 - Service: KVSrvXP - JiangMin New Tech Ltd. - D:\PROGRA~1\KV2005\KVSrvXP.exe
O23 - Service: RavService - Unknown owner - D:\Program Files\Rising\Rav\RavService.exe" /service (file missing)
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: TGE CardReader Mgr Host v2 (TGECardReaderMgrHost.2) - Unknown owner - D:\Program Files\联想\联想键盘驱动\TGESrvLogon.exe
O23 - Service: VNN Client Service (VNNC) - Unknown owner - D:\Program Files\VNN\VNN Client 3.0\VNNClientC.exe" -service (file missing)
