瑞星只有托盘里有,点出来闪一下又没了,附hijackthis扫描日志,高手帮忙看下,重装系统太麻烦了
日志文件 Trend Micro HijackThis v 2.0.2
日志保存时间: 21:59:57,2008-11-11
操作系统: Windows XP SP2 (WinNT 5.01.2600)
IE版本: Internet Explorer v6.00 SP2 (6.00.2900.2180)
启动模式: 正常
正在运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\BoBoTurbo\BoBoTurbo.exe
C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\flexnet\i486_nt\obj\ptc_d.exe
C:\WINDOWS\system32\BoBoTurbo\BoBoTurboUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\Rav\CCenter.exe
E:\Tencent22\QQ\QQ.exe
E:\Tencent22\QQ\TXPlatform.exe
C:\PROGRAM FILES\RISING\RAV\ravmond.exe
C:\Program Files\Rising\Rav\RAVMON.EXE
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Administrator\桌面\hijackthis_v2.02h\HijackThis.exe
R3 - URLSearchHook: Bhotest.bhoSearch - {9F6E4456-7942-4AA7-9AD2-547C2BEA32B6} - C:\WINDOWS\system32\flg32.dll
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - e:\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\Thunder\ComDlls\xunleiBHO_Now.dll
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-2052] "E:\D-Tools\daemon.exe"  -lang 2052
O4 - HKLM\..\Run: [HBService32] System.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [nwiz] ailin.exe
O4 - HKLM\..\Policies\Explorer\Run: [svt234] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3146035
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - 扩展右键菜单项: 使用迅雷下载 - E:\Thunder\Program\geturl.htm
O8 - 扩展右键菜单项: 使用迅雷下载全部链接 - E:\Thunder\Program\getallurl.htm
O8 - 扩展右键菜单项: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - 额外的按钮: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - e:\Thunder\Thunder.exe
O9 - 额外的“工具”菜单项目: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - e:\Thunder\Thunder.exe
O9 - 额外的按钮: 雨林木风 - {C3F1448C-58E9-4F6D-A622-9DE26B846DA9} - http://www.ylmf.com/index.htm(文件不存在) (HKCU)
O23 - NT 服务:  BoBoTurbo - 广州易播信息科技有限公司 - C:\WINDOWS\system32\BoBoTurbo\BoBoTurbo.exe
O23 - NT 服务:  Transaction Provisioning Service (DNSTransaction) - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ghk4fhfe1.exe
O23 - NT 服务:  FLEXlm server for PTC - Macrovision Corporation - C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
O23 - NT 服务:  NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务:  Rising Process Communication Center (RsCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务:  Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务:  ci (tcim) - Unknown owner - C:\WINDOWS\system32\tcim.exe
--
文件结束 - 3770 字节         


用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

System.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3146035
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ghk4fhfe1.exe
C:\WINDOWS\system32\tcim.exe
有些问题，提交到可疑文件交流区，或者提交给瑞星，地址如下：http://mailcenter.rising.com.cn/index.shtml