请各位高手帮忙分析一下,怎么查杀?
日志文件: 趋势科技 HijackThis v2.0.0 (BETA)
保存时间: 16:51:35, on 2009-9-3
操作系统: Windows XP SP3 (WinNT 5.01.2600)
启动模式: 正常
正在运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kingsoft\Kingsoft Internet Security\webshield\KSWebShield.exe
C:\Program Files\Kingsoft\Kingsoft Internet Security\KPfwSvc.EXE
C:\Program Files\Kingsoft\Kingsoft Internet Security\KWatch.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\tuv\sohu\暴风\stormliv.exe
C:\Program Files\Kingsoft\Kingsoft Internet Security\KISSvc.EXE
C:\WINDOWS\Explorer.EXE
D:\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Kingsoft\Kingsoft Internet Security\KAVStart.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kingsoft\Kingsoft Internet Security\KPFW32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\KVDownScan\Kernel\KVPreScan.exe
C:\WINDOWS\system32\conime.exe
D:\Program Files\KWMUSIC\KwMusic.exe
D:\Program Files\KWMUSIC\kwmv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kingsoft\Kingsoft Internet Security\KABackReport.EXE
C:\Program Files\Tencent\QQDownload\QQDownload.exe
D:\迅雷\Program\Thunder5.exe
E:\安装文件\HA_HijackThisv2_PP\HiJackThis_v2.exe
R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\SSPlus\SAddr1.dll
O2 - BHO: QQCycloneHelper - {00000000-12C9-4305-82F9-43058F20E8D2} - C:\Program Files\Tencent\QQDownload\QQIEHelper02.dll
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\迅雷\ComDlls\TDAtOnce_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\SSPlus\SAddr1.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\迅雷\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: kingsoft browser shield - {D963BE1A-6B35-47DB-B002-49FAE71D85CC} - C:\Program Files\Kingsoft\Kingsoft Internet Security\KASBrowserShield.DLL
O3 - 工具栏: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - 工具栏: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [KavStart] "C:\Program Files\Kingsoft\Kingsoft Internet Security\KAVStart.exe" -startup
O4 - HKLM\..\Run: [stup.exe] Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll,Rundll32 R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KavPFW] "C:\Program Files\Kingsoft\Kingsoft Internet Security\KPFW32.EXE" -startup
O4 - HKCU\..\Run: [QQ2009] "C:\Program Files\Tencent\QQ\Bin\QQ.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O4 - Startup: RsAutorunsDisabled
O4 - Startup: QQ游戏启动加速程序.lnk = ?
O8 - 扩展右键菜单项: &使用超级旋风下载 - C:\Program Files\Tencent\QQDownload\geturl.htm
O8 - 扩展右键菜单项: &使用超级旋风下载全部链接 - C:\Program Files\Tencent\QQDownload\getAllurl.htm
O8 - 扩展右键菜单项: 使用迅雷下载 - D:\迅雷\Program\geturl.htm
O8 - 扩展右键菜单项: 使用迅雷下载全部链接 - D:\迅雷\Program\getallurl.htm
O8 - 扩展右键菜单项: 导出到 Microsoft Office Excel(&X) - res://D:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O8 - 扩展右键菜单项: 添加到QQ表情 - C:\Program Files\Tencent\QQ\Bin\AddEmotion.htm
O8 - 扩展右键菜单项: 转换为 Adobe PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - 扩展右键菜单项: 转换为现有 PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - 扩展右键菜单项: 转换选定的链接为 Adobe PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - 扩展右键菜单项: 转换选定的链接为现有 PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - 扩展右键菜单项: 转换选项为 Adobe PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - 扩展右键菜单项: 转换选项为现有 PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - 扩展右键菜单项: 转换链接目标为 Adobe PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - 扩展右键菜单项: 转换链接目标为现有 PDF - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\迅雷\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\迅雷\Thunder.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: (未命名) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [TBH] 中文搜搜
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) -
http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dllO16 - DPF: {CA234A53-E68D-44D5-A07C-481C051D0C7B} (KVFileUpdate Class) -
http://online1.jiangmin.com/online/OLDOWN.CABO16 - DPF: {D82303B7-A754-4DCB-8AFC-8CF99435AACE} (KUpdateObj2 Class) -
http://shadu.duba.net/kosclean_v2/KOSInit.cabO18 - Protocol: mbox - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mboxflash - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\ANTIWPA.DLL
O22 - SharedTaskScheduler: Browseui 预加载程序 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: 组件类别缓存程序 - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - D:\tuv\sohu\暴风\stormliv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kingsoft Basic Service (kaccore) - Kingsoft Corporation - C:\Program Files\Kingsoft\KAC\Service\kaccore.exe
O23 - Service: Kingsoft Antivirus WebShield Service - Kingsoft Corporation - C:\Program Files\Kingsoft\Kingsoft Internet Security\webshield\KSWebShield.exe
O23 - Service: Kingsoft Internet Security Common Service (KISSvc) - Kingsoft Corporation - C:\Program Files\Kingsoft\Kingsoft Internet Security\KISSvc.EXE
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\Program Files\Kingsoft\Kingsoft Internet Security\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\Program Files\Kingsoft\Kingsoft Internet Security\KWatch.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6; QQDownload 1.7)
