HijackThis报告如下,请高手分析!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
e:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\TDdownload\ha_hijackthis_1991\HijackThis.exe
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-***********C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F***********D5} -B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O4 - HKLM\..\Run: [KAVPersonal50] "e:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [!ewido] "E:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O16 - DPF: {74447F9C-5691-4A9A-8BE4-564092E40B03} (VnetAnprIns Class) -http://plugin.vnet.cn/VnetPluginIns.CABO17 - HKLM\System\CCS\Services\Tcpip\..\{1BF1B99F-16E3-4340-9723-2C0FC5F292A3}: NameServer = 61.134.1.4,61.134.1.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{69132EC7-40C4-4364-8223-2EF600F70CDE}: NameServer = 218.30.19.40 61.134.1.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E***********F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E***********F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\WINDOWS\webwork\webwork.dll
O21 - SSODL: themeadp - {64274C93-3CE7-4663-9C8D-CD2DC8A3590B} - C:\WINDOWS\system32\themeadp.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - e:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - e:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
参考答案:8月11日 17:46 修复:
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe 1
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O20 - AppInit_DLLs: KB368717M.LOG
O21 - SSODL: DLMon - {590498A3-4131-4D8F-BA4B-36791A0803B1} - C:\WINDOWS\system32\DLMain.dll (file missing)
O23 - Service: Indexing Network Service (Indexing) - Unknown owner - (no file)
O23 - Service: mosou - Unknown owner - C:\WINDOWS\help\svchost.exe
启动到安全模式删除nvraidservice.exe,C:\WINDOWS\help\svchost.exe,到下载注册表修复工具进行修复,并检查启动项.