各位朋友 能帮我的系统也看看吗?有些不正常了,我不会搞这系统。先谢谢了。日志文件: 趋势科技 HijackThis v2.0.0 (BETA)
保存时间: 15:40:52, on 2009-4-4
操作系统: Windows XP SP3 (WinNT 5.01.2600)
启动模式: 正常
正在运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCENTER.EXE
C:\Program Files\Rising\Rfw\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Rising\Rfw\rfwsrv.exe
C:\Program Files\Kingsoft\Kingsoft Internet Security\KPfwSvc.EXE
C:\Program Files\Kingsoft\Kingsoft Internet Security\KWatch.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\StormII\stormliv.exe
C:\Program Files\Kingsoft\Kingsoft Internet Security\KISSvc.EXE
C:\Program Files\Rising\Rfw\RavTask.exe
C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailMon.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\RsTray.exe
C:\Program Files\Rising\Rfw\RsTray.exe
C:\Program Files\Rising\Rfw\rsnetsvr.exe
C:\Program Files\Kingsoft\Kingsoft Internet Security\KAVStart.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kingsoft\Kingsoft Internet Security\KPFW32.EXE
C:\Program Files\Rising\Rav\scanfrm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Kingsoft\Kingsoft Internet Security\Uplive.EXE
C:\Program Files\Kingsoft\Kingsoft Internet Security\KAV32.EXE
C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
G:\ha_hijackthisv2_pp\HA_HijackThisv2_PP\HiJackThis_v2.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Info cache - {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Intel\baiduc.dll (file missing)
O2 - BHO: IEFXZ - {6A49F431-2A2E-41a5-9080-0F41D1A3AEC2} - C:\PROGRA~1\IEfxz\iefxz.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: kingsoft browser shield - {D963BE1A-6B35-47DB-B002-49FAE71D85CC} - C:\Program Files\Kingsoft\Kingsoft Internet Security\KASBrowserShield.DLL
O3 - 工具栏: 百度工具栏 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RavTray] "C:\Program Files\Rising\Rav\RsTray.exe" -system
O4 - HKLM\..\Run: [RFWTray] "C:\Program Files\Rising\Rfw\RsTray.exe" -system
O4 - HKLM\..\Run: [KavStart] "C:\Program Files\Kingsoft\Kingsoft Internet Security\KAVStart.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KavPFW] "C:\Program Files\Kingsoft\Kingsoft Internet Security\KPFW32.EXE" -startup
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: 千千静听.lnk = C:\TTPlayer.exe
O8 - 扩展右键菜单项: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - 扩展右键菜单项: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - 扩展右键菜单项: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 金山网页防挂马模块设置 - {3AECD3C1-7085-4731-96DC-47B6CF7EF749} - C:\Program Files\Kingsoft\Kingsoft Internet Security\IEBuddyExt.DLL
O9 - Extra 'Tools' menuitem: 金山网页防挂马模块设置 - {3AECD3C1-7085-4731-96DC-47B6CF7EF749} - C:\Program Files\Kingsoft\Kingsoft Internet Security\IEBuddyExt.DLL
O9 - Extra button: IE风行者 - {61F0024B-8278-4999-B7E6-2718426D9FE6} - C:\PROGRA~1\IEfxz\iefxz.dll (HKCU)
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) -
https://mybank.icbc.com.cn/icbc/newperbank/AxSafeControls.cabO21 - SSODL: C:\WINDOWS\fonts\udhxuhvw.nls - {6BF8912E-DE56-4948-83E8-90D2C3F5EB3E} - (没有文件)
O21 - SSODL: C:\WINDOWS\fonts\vkhslcif.nls - {6BF8912E-DE56-4948-83E8-90D2C3F5EB3E} - (没有文件)
O22 - SharedTaskScheduler: Browseui 预加载程序 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: 组件类别缓存程序 - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - C:\Program Files\StormII\stormliv.exe
O23 - Service: Kingsoft Basic Service (kaccore) - Kingsoft Corporation - C:\Program Files\Kingsoft\KAC\Service\kaccore.exe
O23 - Service: Kingsoft Internet Security Common Service (KISSvc) - Kingsoft Corporation - C:\Program Files\Kingsoft\Kingsoft Internet Security\KISSvc.EXE
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\Program Files\Kingsoft\Kingsoft Internet Security\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\Program Files\Kingsoft\Kingsoft Internet Security\KWatch.EXE
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe (file missing)
O23 - Service: Rav Process Communication Center (RavCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCENTER.EXE
O23 - Service: Rfw Process Communication Center (RfwCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rfw\CCENTER.EXE
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising RfwTask Manager (RfwTask) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rfw\RavTask.exe
--
文件结束 - 6728 字节
用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
