如题。勉强扫描看到了“vb.based病毒”以及“Trojan-Banker/Win32.Banker.ajjj”字样以下附HijackThis日志
HijackThis_zww汉化版扫描日志 V1.99.1
保存于 12:48:33, 日期 2010-5-21
操作系统: Windows XP SP3 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP3 (6.00.2900.5512)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WTouch\WTouchService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\360\360sd\360rp.exe
C:\Program Files\StormII\stormliv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\360\360sd\360sd.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
D:\Program Files\China Mobile\G3 eWalk\G3 eWalk.exe
D:\Tencent\QQ\Bin\QQ.exe
D:\Tencent\QQ\Bin\TXPlatform.exe
D:\Program Files\TheWorld 3\TheWorld.exe
D:\Program Files\TheWorld 3\TheWorld.exe
C:\Program Files\SogouInput\5.0.0.3935\SogouCloud.exe
D:\HijackThis1991zww.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O4 - 启动项HKLM\\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - 启动项HKLM\\Run: [RTHDCPL] RTHDCPL.EXE
O4 - 启动项HKLM\\Run: [Alcmtr] ALCMTR.EXE
O4 - 启动项HKLM\\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [360sd] "D:\Program Files\360\360sd\360sd.exe" /autorun
O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = ?
O8 - IE右键菜单中的新增项目: 使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - IE右键菜单中的新增项目: 使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - 浏览器额外的按钮: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - 浏览器额外的按钮: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - 浏览器额外的“工具”菜单项: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - 浏览器额外的按钮: 百度一下 - {D943E3D8-B612-4F92-A0B6-992EA997B7B3} -
http://www.baidu.com/index.php?tn=sayh_1_dg (file missing) (HKCU)
O16 - DPF: {E689D735-1487-420D-9049-16ED198FE411} (vc Control) -
http://update.viruschina.com/wmsj/vco.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{830EA7AB-0F80-46DB-9DDD-244F119E0DF4}: NameServer = 211.137.32.178 211.136.17.107
O18 - 列举现有的协议: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - 列举现有的协议: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - NT 服务: 360 杀毒实时防护服务 (360rp) - 360.cn - D:\Program Files\360\360sd\360rp.exe
O23 - NT 服务: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - C:\Program Files\StormII\stormliv.exe
O23 - NT 服务: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe (file missing)
O23 - NT 服务: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - NT 服务: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe
用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; TencentTraveler 4.0)