在一个视频中出现了不明的病毒,被加了许多插件,乱七八糟的网页不断冒出。用瑞星也没啥效果。请高手帮忙解决!
日志:
HijackThis_815汉化版扫描日志 V1.99.1
保存于 10:54:18, 日期 2007-4-5
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\CMDLL32.EXE
C:\WINDOWS\system32\mshtmlsed.exe
C:\WINDOWS\system32\ieagent.exe
C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RpcS.exe
C:\WINDOWS\system32\hhfssdf.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\MSRundll.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\MSRundll.exe
C:\WINDOWS\system32\Svchost.exe
C:\WINDOWS\system32\MSRundll.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Thunder Network\tfelkjd.exe
C:\Program Files\Common Files\{2D221706-095E-2052-0611-040609040056}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE
C:\Program Files\Ipwindows\ipwins.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\MSRundll.exe
F:\新建文件夹\HijackThis1991zww.exe
R3 - URLSearchHook: 1697 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4982ntos.dll
F2 - REG:system.ini: Shell=Explorer.exe asp.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070402.dll start
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)
O2 - BHO: HelpIE Class - {589A6FED-A214-4FE3-8D1E-CD07BC634D89} - C:\WINDOWS\system32\HelpIE.dll
O2 - BHO: 实用搜索 - {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} - C:\Program Files\superutilbar\superutilbar.dll
O2 - BHO: IE6Image Class - {CD6C2ABD-F988-40CA-B834-74C3EF0F5B14} - C:\WINDOWS\system32\BR0WSEU1.DLL
O2 - BHO: (no name) - {d04ba14b-1248-4562-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4562cfsb.dll
O2 - BHO: (no name) - {dcce10af-1697-4982-ae2b-1b294ae19f4f} - C:\WINDOWS\system32\4982ntos.dll
O3 - IE工具栏增项: 实用搜索工具条2.0 - {03465FF5-00AE-411a-9C34-960ED566EC03} - C:\Program Files\superutilbar\superutilbar.dll
O3 - IE工具栏增项: 1697 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4982ntos.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - 启动项HKLM\\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - 启动项HKLM\\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - 启动项HKLM\\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [zijunw93] %systemroot%\system32\Rundll32.exe "%systemroot%\system32\zijunw93.dll",Start
O4 - 启动项HKLM\\Run: [tfelkjd] C:\Program Files\Thunder Network\tfelkjd.exe
O4 - 启动项HKLM\\Run: [piujzz19] %systemroot%\system32\Rundll32.exe "%systemroot%\system32\piujzz19.dll",Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ravshelll] C:\Progra~1\Eset\eexplore.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ruango.lnk = ?
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的按钮: 豪杰超级解霸9 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Program Files\Herosoft\Hero 9\STHSDVD.EXE
O9 - 浏览器额外的“工具”菜单项: 豪杰超级解霸9 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Program Files\Herosoft\Hero 9\STHSDVD.EXE
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing
O16 - DPF: {43E839C5-E10F-443A-BC1F-F09CFD2ABC77} (updatePanelX Control) - http://www.uusee.com/player/updateC.cab
O16 - DPF: {DC7094C6-8F61-42ED-AECE-63F5EEF647C5} (UpdateC2 Control) - http://www.uusee.com/player/updateC2.cab
O20 - Winlogon Notify: mqutil - C:\WINDOWS\SYSTEM32\vqornjd27.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O23 - NT 服务: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0002317 (file missing)
O23 - NT 服务: COMMAND DLL32 (CMD_DLL32) - Unknown owner - C:\WINDOWS\system32\CMDLL32.EXE
O23 - NT 服务: Cryptographic Server (CryptographicServer) - Unknown owner - C:\WINDOWS\system32\mshtmlsed.exe
O23 - NT 服务: IEAgent service (IEAgent) - Unknown owner - C:\WINDOWS\system32\ieagent.exe
O23 - NT 服务: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Unknown owner - C:\Program Files\Rising\Rfw\rfwsrv.exe (file missing)
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - NT 服务: SYS ATTRlB (SYSATTRlB) - Unknown owner - C:\WINDOWS\system32\ATTRlB.EXE (file missing)
O23 - NT 服务: WinWMService - Unknown owner - C:\WINDOWS\system32\RAVWM.EXE
