刚才我登陆qq是运行了qq医生,下面是可疑文件扫描结果
c:\program files\enigma software group\spyhunter\spyhuntermonitor.dll
c:\windows\ying-uninstall.exe
c:\windows\system32\wnpont.dll
c:\windows\system32\picformat32.dll
c:\windows\system32\drivers\down\1142750.exe
c:\windows\system32\drivers\down\417984.exe
以下是国外网站的一些东西,我没有看明白
Infecté par winupgro.exe et autre virus - [ 翻译此页 ]30 déc 2008 ... [29/12/2008 16:32] - C:\Documents and Settings\pablo\Application Data\drivers\downld\1142750.exe. Found ! [29/12/2008 16:32] - C:\Documents ...
www.pcentraide.com/index.php?showtopic=108789 - 192k - 网页快照 - 类似网页
http://www.google.cn/search?hl=zh-CN&rlz=1T4CULB_zh-CNCN265CN265&newwindow=1&q=417984.exe&btnG=Google+%E6%90%9C%E7%B4%A2&meta=lr%3Dlang_zh-CN%7Clang_zh-TW&aq=f&oq=
http://www.google.cn/search?hl=zh-CN&rlz=1T4CULB_zh-CNCN265CN265&newwindow=1&q=417984.exe&btnG=Google+%E6%90%9C%E7%B4%A2&meta=lr%3Dlang_zh-CN%7Clang_zh-TW&aq=f&oq=
http://img2.tapuz.co.il/forums/1_126482143.doc 我刚下载了HJTInstall.exe
扫描结果如下:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:44, on 2009-4-3
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCENTER.EXE
C:\Program Files\Rising\Rfw\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\RavMonD.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rav\rsnetsvr.exe
C:\Program Files\StormII\stormliv.exe
C:\Program Files\Rising\AntiSpyware\rstray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Rising\Rav\RsTray.exe
C:\Program Files\Rising\Rfw\RsTray.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\360safe\safemon\360Tray.exe
C:\Program Files\Rising\Rfw\RavTask.exe
C:\Program Files\Rising\Rav\ScanFrm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll_1.dll
O2 - BHO: WebDetectorBHO - {43BEAFD9-E005-483D-A367-146BA6C8A32E} - C:\Program Files\Tudou\飞速Tudou\tudouDetector.dll
O2 - BHO: 卡卡上网安全助手 - {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - C:\WINDOWS\system32\UrlFilter.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360safe\safemon\safemon.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup
O4 - HKLM\..\Run: [RavTray] "C:\Program Files\Rising\Rav\RsTray.exe" -system
O4 - HKLM\..\Run: [RFWTray] "C:\Program Files\Rising\Rfw\RsTray.exe" -system
O4 - HKLM\..\Run: [360Safetray] C:\Program Files\360safe\safemon\360Tray.exe /start
O4 - HKLM\..\Run: [360Safebox] "C:\Program Files\360Safebox\safeboxTray.exe" /r
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &U使用纳米机器人下载并收藏 - C:\Program Files\NamiRobot\Data\du.html
O8 - Extra context menu item: 使用快车(Flas&hGet)下载 - C:\Program Files\FlashGet Network\Flashget\ComDlls\Bholink.htm
O8 - Extra context menu item: 使用快车(Flash&Get)下载全部链接 - C:\Program Files\FlashGet Network\Flashget\ComDlls\Bhoall.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用flvcd下载本页的视频 - C:\Program Files\flvcd\flvcd_link.htm
O8 - Extra context menu item: 转换为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换选取内容为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换选取内容到现有的 PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换选定的链接到 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 转换选定的链接到现有的 PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 转换链接目标为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换链接目标到现有的 PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 追加到现有的 PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: 联想 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} -
http://www.lenovo.com (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/
O15 - ESC Trusted Zone:
http://*.update.microsoft.comO16 - DPF: {5AB9367B-DD7F-411D-A030-DF7DE5E17AAE} (ICBC Security Ctrl) -
http://securitycheck.icbc.com.cn/download/NetBankSecurity_cn.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221863417312O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221863488453O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) -
https://mybank.icbc.com.cn/icbc/newperbank/AxSafeControls.cabO16 - DPF: {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} (ScreenCapture Class) -
http://m136.mail.qq.com/zh_CN/activex/TencentMailActiveX.cabO20 - AppInit_DLLs: kmon.dll
O23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - C:\Program Files\StormII\stormliv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rav Process Communication Center (RavCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCENTER.EXE
O23 - Service: Rising RavTask Manager (RavTask) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\RavTask.exe
O23 - Service: Rfw Process Communication Center (RfwCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rfw\CCENTER.EXE
O23 - Service: Rising RfwTask Manager (RfwTask) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rfw\RavTask.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\RavMonD.exe
O23 - Service: Rising Scan Service (RsScanSrv) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\ScanFrm.exe
--
End of file - 8778 bytes
请朋友们老师们帮忙指点指点,谢谢