应该是病毒,高手请进,谢谢
raiky 2003-10-19 07:34:00 域网里的机子(Win2000系统)感染上一种病毒,不能复制、粘贴文件,打网页后不能打开下一层链接,而且打开F盘和WINNT时在状态栏显示有多少个文件,但显示什么都没有,有的文件夹显示的图标在左边。而且有时候声卡突然会不工作,没法听MP3。每次机器重新启动后就好了,但是过会儿就不对了,我用了很多专杀工具,也用毒霸2003(最新病毒库)全面杀毒,都没用。wins目录下没有程序,附hijackthis的LOG,高手请分析一下!谢谢了,一周内两次了都!!!
StartupList report, 2004-10-19, 18:43:40
StartupList version: 1.52
Started from : D:\Documents and Settings\Administrator\桌面\HijackThis.EXE
Detected: Windows 2000 SP3 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\msdtc.exe
D:\WINNT\System32\svchost.exe
D:\KAV2003\KAVSvc.EXE
D:\WINNT\System32\llssrv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
D:\WINNT\System32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\inetsrv\inetinfo.exe
D:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
D:\WINNT\System32\nutsrv4.exe
D:\WINNT\system32\Dfssvc.exe
D:\WINNT\Explorer.EXE
D:\WINNT\System32\svchost.exe
D:\Program Files\SkyNet\FireWall\PFW.exe
D:\WINNT\SOUNDMAN.EXE
D:\WINNT\system32\internat.exe
D:\KAV2003\KAVSvcUI.EXE
E:\Program Files\广州城市热点资讯有限公司\Dr.COM 客户端软件\ishare_user.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Administrator\桌面\HijackThis.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = D:\WINNT\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SKYNET Personal FireWall = D:\Program Files\SkyNet\FireWall\PFW.exe
SoundMan = SOUNDMAN.EXE
KAVRun = D:\KAV2003\KAVRun.EXE
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Internat.exe = internat.exe
--------------------------------------------------
Shell & screensaver key from D:\WINNT\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=explorer.exe
SCRNSAVE.EXE=D:\WINNT\DUBA2003.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - D:\Program Files\Xi\Net Transport\NTIEHelper.dll - {C56CB6B0-0D96-11D6-8C65-B2868B609932}
--------------------------------------------------
Enumerating Download Program Files:
[DNLCertificate Control]
InProcServer32 = D:\WINNT\DOWNLO~1\DNLCER~1.OCX
CODEBASE = http://www.fmn-media.com/campaigns/winpl/sites/pops/A001/DNLCertificate.ocx
[{BC207F7D-3E63-4ACA-99B5-FB5F8428200C}]
CODEBASE = http://bar.baidu.com/update/IESearch.cab
[Shockwave Flash Object]
InProcServer32 = D:\WINNT\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
--------------------------------------------------
Enumerating Winsock LSP files:
Protocol #12: D:\WINNT\system32\nutafun4.dll
Protocol #13: D:\WINNT\system32\nutafun4.dll
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
Network.ConnectionTray: D:\WINNT\system32\NETSHELL.dll
WebCheck: D:\WINNT\System32\webcheck.dll
SysTray: stobject.dll
--------------------------------------------------
End of report, 4,597 bytes
Report generated in 0.171 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only