不知道中了什么病毒,CPU占有100%,什么都奇慢无比,且不能上网,用杀客杀掉后重起又是原样。日志
Logfile of HijackThis v1.99.1
Scan saved at 8:14:17, on 2006-9-3
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
c:\windows\system32\inetsrv\csrss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\TY40A1.EXE
C:\WINDOWS\system32\netconn.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\WINDOWS\system32\svchost.exe
I:\木马杀客\mmsk.exe
C:\Program Files\Super Rabbit\MagicSet\winspeed.exe
C:\WINDOWS\system32\conime.exe
N:\HijackThis.exe
C:\WINDOWS\system32\ipdcl.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
R3 - URLSearchHook: Micrsoft SearchBar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Micrsoft SearchBar\SearchBar.dll (file missing)
O2 - BHO: Shockwave Flash
Object - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - C:\WINDOWS\system32\ieencode32.dll (file missing)
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4896.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: JMX.JmxCenter - {63859236-76BF-493C-A587-DF479EBA2D4B} - C:\WINDOWS\system32\EJMX.dll
O2 - BHO: BHOImp Class - {70AFF2CB-9DA2-499C-8D15-900729FCE83D} - C:\WINDOWS\system32\YHBO.dll
O2 - BHO: XBTP03129 - {B07D1F6B-6B8C-4904-8EE8-5E5A2B4624B3} - C:\PROGRA~1\MICRSO~1\SEARCH~1.DLL (file missing)
O2 - BHO: Sun Java2 - {C61A70F3-505E-4B90-916F-627A8706B4BC} - c:\WINDOWS\system32\COMBoHEvent.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: (no name) - {EF72500A-C234-46C4-BF0A-9AA6913DDF34} - (no file)
O3 - Toolbar: Micrsoft SearchBar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Micrsoft SearchBar\SearchBar.dll (file missing)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [C:\WINDOWS\2041.exe] ; C:\WINDOWS\2041.exe
O4 - HKLM\..\Run: [C:\WINDOWS\setup_110017.exe] ; C:\WINDOWS\setup_110017.exe
O4 - HKLM\..\Run: [C:\WINDOWS\SearchBar06049.exe] ; C:\WINDOWS\SearchBar06049.exe
O4 - HKLM\..\Run: [C:\WINDOWS\wenzi17.exe] ; C:\WINDOWS\wenzi17.exe
O4 - HKLM\..\Run: [C:\WINDOWS\cocomuisc.exe] ; C:\WINDOWS\cocomuisc.exe
O4 - HKLM\..\Run: [C:\WINDOWS\110045setup.exe] ; C:\WINDOWS\110045setup.exe
O4 - HKLM\..\Run: [C:\WINDOWS\tshz168.exe] ; C:\WINDOWS\tshz168.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\sdss\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: 哇哇网址导航 - {f15c22ef-534e-414d-ab5d-1425cd806e41} - http://www.51viva.com/plugin/red ... tp://114.yesky.com/ (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: 哇哇网址导航 - {f15c22ef-534e-414d-ab5d-1425cd806e41} - http://www.51viva.com/plugin/red ... tp://114.yesky.com/ (file missing) (HKCU)
O9 - Extra button: 哇哇软件下载 - {f15c22ef-534e-414d-ab5d-1425cd806e42} - http://www.51viva.com/plugin/red ... p://www.mydown.com/ (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: 哇哇软件下载 - {f15c22ef-534e-414d-ab5d-1425cd806e42} - http://www.51viva.com/plugin/red ... p://www.mydown.com/ (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\msplus.dll' missing
O11 - Options group: [CDNCLIENT] 中文上网
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} - http://iebar.t2t2.com/iebar.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{89234CFC-848D-45A6-818C-07DA6FAA844B}: NameServer = 202.99.192.68
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: OfficeScanNT 实时扫描 (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OfficeScanNT 个人防火墙 (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Inventory Management Service (Servicewrapper) - Unknown owner - C:\WINDOWS\system32\ipdcl.exe
O23 - Service: OfficeScanNT 侦听程序 (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
