发表于: 2006-04-24 07:57 | 显示全部 短消息 资料
字号: 1楼

疑有病毒 .各位大哥帮忙看看

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      7:48:18, 日期 2006-4-24
操作系统:  Windows 2003  (WinNT 5.02.3790)
浏览器:    Internet Explorer v6.00 (6.00.3790.0000)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\rzx\Net110\SysMon.exe
C:\Octopus\Server.exe
C:\Octopus\Bkdb.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Octopus\rzxsurename.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\rzx\Net110\LSParser.exe
C:\Program Files\rzx\Net110\Lsui.exe
C:\Program Files\Tencent\qq\QQ.exe
C:\Program Files\Tencent\qq\TIMPlatform.exe
C:\Documents and Settings\Administrator\桌面\HijackThis1991汉化版\HijackThis1991zww.exe

O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - 启动项HKLM\\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - 启动项HKLM\\Run: [SYSMON] C:\Program Files\rzx\Net110\SysMon.exe
O4 - 启动项HKLM\\Run: [ssServ] C:\Octopus\Server.exe
O4 - 启动项HKLM\\Run: [BackupDB] C:\Octopus\Bkdb.exe -h
O4 - 启动项HKLM\\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - 启动项HKLM\\Run: [MSConfig] "C:\Documents and Settings\Administrator\桌面\msconfig.exe" /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - 浏览器额外的按钮: 就要你 - {42CE9921-7259-11D6-B76A-0010A48548DC} - url:http://www.91ni.com (file missing)
O9 - 浏览器额外的按钮: 网吧.net计划 - {64187580-726B-11D6-B76A-0010A48548DC} - url:http://www.sicent.net (file missing)
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O9 - 浏览器额外的按钮: 易趣购物 - {EE60714F-AC19-427e-861A-FD60ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {EE60714F-AC19-427e-861A-FD60ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O16 - DPF: {3D812B3C-B008-4A21-ACF0-9E3389ACE6E5} (PopKart Control) - http://popkart.tiancity.com/homepage/js/PopKartX.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {48FE89A0-486C-48DF-9DEC-BED22BDC6057} (XIsOro Control) - http://www.sinago.com/download/OroCheck.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} (Qzone Media Tools) - http://imgcache.qq.com/music/QQMusicSetup.exe
O16 - DPF: {EBD84F58-8D2B-4C66-85F1-73BC8125709D} - http://sh.800j.com/DownLoad/pcVerify.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{294AF661-7970-410B-B060-8F9D33374A87}: NameServer = 211.137.64.163,211.137.58.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{46B24E28-33FE-4E32-B682-832ACAAF0606}: NameServer = 211.137.64.163,211.137.58.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCD1A0D5-5B98-480D-90C2-9410E7097C02}: NameServer = 218.200.68.35,211.136.17.107
O17 - HKLM\System\CS1\Services\Tcpip\..\{294AF661-7970-410B-B060-8F9D33374A87}: NameServer = 211.137.64.163,211.137.58.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{294AF661-7970-410B-B060-8F9D33374A87}: NameServer = 211.137.64.163,211.137.58.20
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - NT 服务: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - NT 服务: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - NT 服务: RzxSevce - 深圳任子行网络技术有限公司 - C:\Program Files\rzx\Net110\rzxsevce.exe
O23 - NT 服务: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

最后编辑2006-04-24 08:01:43