用卡巴,EWIDO都杀不了 自己动手删完,过段时间又出现,恢复注册表也没用
C:\Program Files\Internet Explorer 下会出现A1.EXE A2.EXE A3.EXE A4.EXE A5.EXE,5个文件
C:\WINDOWS\system32 下有nmhxy.dll wldll.dll tdll.dll msdll.dll
C:\windows\Download\svhost32.exe
C:\Program Files\Microsoft\svhost32.exe
C:\windows\Intel\rundll32.exe
C:\windows\command\rundll32.exe
最先是中了一个jijy.exe,接着就来了这一堆...救命啊
Logfile of HijackThis v1.99.1
Scan saved at 12:30:10 上午, on 2006-10-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
e:\ewido anti-spyware 4.0\guard.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\HFGameOPT\GameClient.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\windows\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Gungnir\LOCALS~1\Temp\Rar$EX00.672\HijackThis.exe
R3 - URLSearchHook: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
O2 - BHO: (no name) - _{9C9F9B89-B243-4613-9710-87060F137118} - (no file)
O2 - BHO: (no name) - _{E730189A-9973-4121-B046-AD1C161EC3AF} - (no file)
O2 - BHO: (no name) - _{F2E37336-BFDB-409B-8D0E-6F013C438B20} - (no file)
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - E:\KuGoo3\KuGoo3DownXControl.ocx
O2 - BHO: conimehlp Class - {B10343BD-1DC6-442F-9BA2-D44C708CEE83} - C:\windows\system32\mskey32.dll
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\PROGRA~1\SKYNET\FIREWALL\PFW.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - HKLM\..\Run: [wl] C:\windows\Download\svhost32.exe
O4 - HKLM\..\Run: [rzt] C:\windows\Intel\rundll32.exe
O4 - HKLM\..\Run: [!ewido] "E:\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [Tray] C:\windows\command\rundll32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &使用迅雷下载 - E:\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\Thunder\getAllurl.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - E:\KuGoo3\KuGoo3DownX.htm
O9 - Extra button: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 播霸电视 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O14 - IERESET.INF: START_PAGE_URL=
about:blank
O15 - Trusted Zone: http://www.icbc.com.cn
O16 - DPF: _{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FB851A2-0987-493E-BE80-DD03DCB7AB86}: NameServer = 202.103.224.68,202.103.225.67
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - e:\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
