瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 我用HijackThis扫描了日志,请帮我看一下是什么病毒?
小豆腐干 - 2007-3-31 15:33:00
Logfile of HijackThis v1.99.1
Scan saved at 15:19:21, on 2007-3-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
E:\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
E:\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] ; ; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] ; ; nwiz.exe /install
O4 - HKLM\..\Run: [RavTask] ; ; ; ; "E:\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [SoundMan] ; ; SOUNDMAN.EXE
O4 - HKLM\..\Run: [upxdnd] ; ; ; ; C:\DOCUME~1\new\LOCALS~1\Temp\upxdnd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下载 - E:\Thunder\Program\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - E:\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - E:\Thunder\Thunder.exe
O9 - Extra button: 微软 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\QQ2007\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\QQ2007\QQ.EXE
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A933E853-585D-48A3-80FC-9FE0442CEA86}: NameServer = 202.103.224.68 202.103.229.40
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - E:\Rising\Rav\CCenter.exe
有毒必问 - 2007-3-31 15:35:00
C:\DOCUME~1\new\LOCALS~1\Temp\upxdnd.exe
龙神在天 - 2007-3-31 16:05:00
O4 - HKLM\..\Run: [upxdnd] ; ; ; ; C:\DOCUME~1\new\LOCALS~1\Temp\upxdnd.exe
我是来来 - 2007-3-31 16:48:00
C:\WINDOWS\system32\nvsvc32.exe
紫墨蓝尘 - 2007-3-31 17:00:00
SRENG日志上来
Enao2005 - 2007-3-31 17:08:00
修复
O4 - HKLM\..\Run: [upxdnd] ; ; ; ; C:\DOCUME~1\new\LOCALS~1\Temp\upxdnd.exe

安全模式下
删除
C:\DOCUME~1\new\LOCALS~1\Temp\upxdnd.exe

清空 C:\DOCUME~1\new\LOCALS~1\Temp\ 下所有文件
1
查看完整版本: 我用HijackThis扫描了日志,请帮我看一下是什么病毒?
© 2000 - 2026 Rising Corp. Ltd.