下载了一个视频转换软件,换来了一大群不知明的病毒,请高手们帮我看看吧,我痛苦死了!!!!
HijackThis@Qoo的扫描日志 V1.97.7
Scan saved at 14:31:07, on 2006-8-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\mouser.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\WINDOWS\System\svchost.exe
C:\Program Files\MiniPPGou\MiniPPGou.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\Mcshield.exe
D:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\BitComet\BitComet.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
d:\Temp\Rar$EX03.672\HijackThis.exe
D:\Program Files\MYIE2\MyIE.exe
C:\WINDOWS\system32\rundll32.exe
E:\6280\cwshredder.exe
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02C9B9AB-6372-46C5-B356-773FAF3B6B1E} - C:\WINDOWS\fonts\msshapi.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll (file missing)
O2 - BHO: (no name) - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\WINDOWS\system32\SYSREA~1.DLL
O2 - BHO: (no name) - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4700.dll
O2 - BHO: CAISHOW TOOLBAR - {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} - C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll (file missing)
O2 - BHO: (no name) - {3E290290-1728-4C1E-863A-AA12526333F6} - C:\WINDOWS\system32\ControlPanel.{21EC2020-3AEA-1069-A2DD-08002B30309d}\ControlPanel\ADDeliverer.dll
O2 - BHO: (no name) - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\system32\NaviHelper.dll
O2 - BHO: Kmedia - {42D25F15-CF07-4A72-B191-DB0792BF310C} - C:\WINDOWS\system32\Kmedia.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO:
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\System32\stdup.dll
O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} - C:\PROGRA~1\baigoo\BaigooBH.dll (file missing)
O2 - BHO: (no name) - {92FB5F8F-8254-4978-9C50-03D9B0405062} - C:\PROGRA~1\MINIPP~1\MINIPP~1.DLL
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: (no name) - {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} - C:\WINDOWS\estAlive.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: (no name) - {A697BC46-BC93-4833-93F5-1E365011E88A} - C:\WINDOWS\DBINT.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: (no name) - {AA158CA5-93B4-4cd4-8D8C-BB6F9F515213} - C:\WINDOWS\System32\wabimp.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - d:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Letscool System Helper - {F0C15012-7DBD-4068-95A2-0A82DB03AC35} - C:\WINDOWS\system32\CoolBho.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: ????? - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\Program Files\Kingsoft\FastAIT 2006\IEBand.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll
O3 - Toolbar: ????? - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\WINDOWS\system32\amstreamxb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AutoRunSS] "d:\Program Files\StarStation\AutoRunSS.exe"
O4 - HKLM\..\Run: [KuGoo3] D:\Program Files\KuGoo3\KuGoo.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [LetsCool] C:\Program Files\LetsCool\LetsCool.exe
O4 - HKLM\..\Run: [ourmini] C:\WINDOWS\System\svchost.exe
O4 - HKLM\..\Run: [MiniPPGou.exe] C:\Program Files\MiniPPGou\MiniPPGou.exe
O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\msn\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnnt] C:\WINDOWS\Updatec.exe
O4 - HKCU\..\Run: [MyShares] c:\program Files\
O4 - Startup: NTUSER.DAT
O4 - Startup: NTUSER.DAT.LOG
O4 - Startup: ntuser.ini
O4 - Global Startup: Down(2147344384).exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - D:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 使用影音传送带下载 - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - D:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: QQ (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wshcon32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wshcon32.dll
O14 - IERESET.INF: START_PAGE_URL=
about:blank
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE321F42-987B-44D0-A3D3-EBA04B158F7B}: NameServer = 202.109.15.135 202.96.209.134
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll
