应该是病毒,帮我看看吧,谢谢了!
日志文件 Trend Micro HijackThis v 2.0.2
日志保存时间: 2:00:54,2008-12-6
操作系统: Windows XP SP3 (WinNT 5.01.2600)
IE版本: Internet Explorer v7.00 (7.00.6000.16735)
启动模式: 正常
正在运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\Program Files\CMBCHINA\WebProtect\WPService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRAM FILES\RISING\RAV\RavMon.exe
C:\Program Files\Rising\Rav\RavTask.exe
E:\360safe\safemon\360tray.exe
E:\360safe\antiarp\antiarp.exe
C:\WINDOWS\system32\ctfmon.exe
E:\AliWangWang\aliim.exe
E:\PPStream.AD\ppsap.exe
E:\QQ\QQ.exe
E:\QQ\TXPlatform.exe
E:\AliWangWang\AliUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\AntiSpyware\rstray.exe
C:\WINDOWS\system32\conime.exe
E:\AliWangWang\plugins\11460\wwMail.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user\桌面\HijackThis 汉化版\HijackThis.exe
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - E:\迅雷5\ComDlls\TDAtOnce_Now.dll
O2 - BHO: njna.cpuieg - {1AA41CA6-0876-4438-BB40-083B2FCF93A9} - C:\WINDOWS\system32\pqidsag.dll
O2 - BHO: WebProtect.IEHlpObj - {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} - C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\迅雷5\ComDlls\xunleiBHO_Now.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - E:\360safe\safemon\safemon.dll
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] ; nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] ; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [360Safetray] E:\360safe\safemon\360tray.exe /start
O4 - HKLM\..\Run: [360Antiarp] E:\360safe\antiarp\antiarp.exe /start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [aliim] E:\AliWangWang\aliim.exe
O4 - HKCU\..\Run: [PPS Accelerator] E:\PPStream.AD\ppsap.exe
O4 - HKCU\..\Run: [Live800.exe] E:\易趣通\易趣通.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 百度Hi.lnk = E:\Baidu Hi\BaiduHi.exe
O8 - 扩展右键菜单项: 使用迅雷下载 - E:\迅雷5\Program\geturl.htm
O8 - 扩展右键菜单项: 使用迅雷下载全部链接 - E:\迅雷5\Program\getallurl.htm
O8 - 扩展右键菜单项: 添加到天极收藏夹 - C:\WINDOWS\system32\YeskyComponents\AddFavorite.htm
O9 - 额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 额外的“工具”菜单项目: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) -
https://site.cmbchina.com/download/CMBEdit.cabO16 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} (iTrusPTA Class) -
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{E591F982-51BA-4DD6-A3BB-481A4FB433CB}: NameServer = 202.99.96.68
O20 - AppInit_DLLs: kmon.dll
O23 - NT 服务: Cmb WebProtect Support (CMBWPS) - China Merchants Bank - C:\Program Files\CMBCHINA\WebProtect\WPService.exe
O23 - NT 服务: Network IPSEC Connections (DATEING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE(文件不存在)
O23 - NT 服务: EQService - EQSecure - E:\MagicSet\EQService.exe
O23 - NT 服务: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\system32\foungnu.exe
O23 - NT 服务: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe(文件不存在)
O23 - NT 服务: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe(文件不存在)
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe(文件不存在)
O23 - NT 服务: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe(文件不存在)
O23 - NT 服务: Ql1sssrnch - Parallel Technologies, Inc. - (没有文件)
O23 - NT 服务: Rising Proxy Service (RfwProxySrv) - Beijing Rising Information Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Information Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe(文件不存在)
--
文件结束 - 5765 字节
用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0(Compatible Mozilla/4.0(Compatible-EmbeddedWB 14.59 http://bsalsa.com/ EmbeddedWB- 14.59 from: http://bsalsa.com/ )
