C盘里的boot.inf文件是不是病毒?
据说boot.inf文件是什么磁盘引导还是什么文件,boot.ini 是什么磁盘影射什么东西,反正不懂
情况是这样的,前天安装系统后,用kaka 也检测了补丁,全部打了,
后来突然发现在c盘根下有个boot.inf文件,不知道是做什么的,今天搜索说是什么磁盘文件,不管,前天发现后,里面内容为下:
C:/boot.Inf
===============================
c:\program files\mtvdown831\backup\update.exe
c:\program files\mtvdown831\backup\vbar332.dll
c:\program files\mtvdown831\mtvdown.exe
c:\program files\mtvdown831\mtv下载精灵.exe
c:\program files\mtvdown831\unwise.exe
c:\program files\mtvdown831\update.exe
c:\windows\system32\cmdlgchs.dll
c:\windows\system32\update.exe
c:\windows\system32\winskchs.dll
c:\windows\system32\zwwz.exe
===================================
看到这个,就把其他的都删除了,剩下
c:\windows\system32\cmdlgchs.dll
c:\windows\system32\update.exe
c:\windows\system32\winskchs.dll
三个,今天查 ,这三个前两个有病毒嫌疑,后一个呢查不到,
就请请教下专家,谢谢了,
还有好象我用tt浏览器的快捷键都不起作用了,tab键,还有,ctrl+v,等等,不知道有没有关系,
(tt重新卸了,重新装了,快捷键又好了,我关掉了tt,准备卸了,提示说是没有,看进程,还真在,是不是被劫持了什么的,)
还有系统重装以后也不怎么快,特别刚开机加载完桌面后有有一段时间,打开东西有点慢,要等,反应不快,不如以前
还有下面是个扫描报告,请帮结合诊断下了,谢谢了,
=========================
日志文件: 趋势科技 HijackThis v2.0.0 (BETA)
保存时间: 10:05:46, on 2007-7-8
操作系统: Windows XP SP2 (WinNT 5.01.2600)
启动模式: 正常
正在运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\TMDlls\TIMPlatform.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Tencent\TT\TTraveler.exe
C:\Program Files\Tencent\QQDownload\QQDownload.exe
C:\Program Files\Tencent\QQ\QZone\Qzone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Na\桌面\HA_HijackThisv2_PP\HiJackThis_v2.exe
R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\SSPlus\SAddr.dll
O2 - BHO: QQCycloneHelper - {00000000-12C9-4305-82F9-43058F20E8D2} - C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\SSPlus\SAddr.dll
O2 - BHO: (未命名) - {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\WINDOWS\system32\ssup.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [stup.exe] Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R
O4 - HKLM\..\Run: [exflashservice] "C:\Program Files\EPOX\EFS\EZ_FLASH_SERVICE.exe" "5000"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RsAutorunsDisabled
O8 - 扩展右键菜单项: &使用超级旋风下载 - C:\Program Files\Tencent\QQDownload\geturl.htm
O8 - 扩展右键菜单项: &使用超级旋风下载全部链接 - C:\Program Files\Tencent\QQDownload\getAllurl.htm
O8 - 扩展右键菜单项: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - 扩展右键菜单项: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [TBH] 中文搜搜
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6FBAE7C-DF26-412D-9D89-42C9E8555932}: NameServer = 202.96.128.86,202.96.134.133
O22 - SharedTaskScheduler: Browseui 预加载程序 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: 组件类别缓存程序 - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
--
文件结束 - 5038 字节
=================================================
系统也使用rising 下载版本查杀了两次(可别说推荐升级啊),还有完美卸载,超级兔子都没有什么报告。
如果有病毒,请给个方子,因为这个系统想要用网银证书,怕怕的
