发表于: 2005-11-22 00:16 | 显示全部 短消息 资料
字号: 1楼

懂HijackThis高手看看!

高手看看是中毒了吗?为什么用Windows木马清道夫 老提示中了发现木马病毒 Adware.CDN19968.d
C:\WINDOWS\System32\nsp.dll
删NSP.LL都删不了~~安全模式下也不行~~

Logfile of HijackThis v1.98.2
Scan saved at 0:11:48, on 2005-11-22
Platform: Windows XP SP 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

正在运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\KV2005\KVSrvXP_1.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\capp.exe
D:\KV2005\KVMonXP.kxp
C:\Program Files\KVFW\kvfw.exe
D:\QQ\Maxthon\Maxthon.exe
C:\WINDOWS\regedit.exe
E:\ftc\Trojanwall.exe
C:\WINDOWS\System32\conime.exe
G:\杀毒工具\HijackThis\HijackThis V1.98.2汉化版.exe

R3 - URLSearchHook: (no name) - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (no file)
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v8.dll
O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - D:\KV2005\KVShell_1.dll
O2 - BHO: 百度搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\WINDOWS\DOWNLO~1\BaiDuBar.dll
O3 - Toolbar: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - D:\KV2005\KVShell_1.dll
O3 - Toolbar: (no name) - {56A7DC70-E102-4408-A34A-AE06FEF01586} - (no file)
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - D:\BitSpirit\BitComet\BitCometBar\BitCometBar0.2.dll
O3 - Toolbar: 百度搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\WINDOWS\DOWNLO~1\BaiDuBar.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CApp] C:\WINDOWS\System32\capp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KvMonXP] D:\KV2005\KVMonXP.kxp /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [KvXP] D:\KV2005\KvXP_1.kxp /ScanBoot
O4 - HKCU\..\Run: [KVFW] C:\Program Files\KVFW\kvfw.exe -silent
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &使用迅雷下载 - D:\雷迅\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\雷迅\getallurl.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\QQ\SendMMS.htm
O8 - Extra context menu item: 百度Flash搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/FLASHSEARCH.HTM
O8 - Extra context menu item: 百度mp3搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度信息快递搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIE.HTM
O8 - Extra context menu item: 百度图片搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度新闻搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 解霸实时播放 - e:\Hero3000\MPURLGET.HTM
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\浩方对战平台\GameClient.exe
O9 - Extra button: 解霸 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - e:\Hero3000\MPLAYER.EXE
O9 - Extra 'Tools' menuitem: 超级解霸 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - e:\Hero3000\MPLAYER.EXE
O9 - Extra button: 网址大全 - {C18CB140-0BBB-11D4-8FE8-0088CC102438} - http://www.k369.com (file missing)
O9 - Extra 'Tools' menuitem: 网址大全 - {C18CB140-0BBB-11D4-8FE8-0088CC102438} - http://www.k369.com (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\kvwspxp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\kvwspxp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\kvwspxp.dll
O11 - Options group: [!IESearch] !IESearch
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D8C8DC-2256-4B01-A40E-528638E2F231}: NameServer = 60.191.244.4 60.191.244.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D8C8DC-2256-4B01-A40E-528638E2F231}: NameServer = 60.191.244.4 60.191.244.2
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)

最后编辑2005-11-22 00:27:08