瑞星卡卡安全论坛
hbhs - 2006-7-31 12:45:00
Logfile of HijackThis v1.99.0
Scan saved at 12:36:37, on 2006-7-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ServeHost.exe
C:\Program Files\SearchNet\SearchNet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\jj4\jjsvr4.exe
C:\Program Files\HuaCi\huaci\zsearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\wnwb2005\wnwb.exe
D:\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
R3 - URLSearchHook: bho Class - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll
R3 - URLSearchHook: BdSearchHook Class - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - C:\PROGRA~1\baidu\iexp\BDSrHook.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: BdSearch - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - C:\PROGRA~1\baidu\iexp\BDSrHook.dll
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: IE Address Browser Helper - {2A0176FE-008B-4706-90F5-BBA532A49731} - C:\Program Files\SearchNet\SNHpr.dll
O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll
O2 - BHO: CAISHOW TOOLBAR - {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} - C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll
O2 - BHO: IE Browser Helper - {3CE496D1-1746-41CD-9489-3C0B93DF10E2} - C:\WINDOWS\Downlo~1\mou75j3n.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: 网络加速 - {5673A7C0-95CC-4646-BB07-3BD71234CEF9} - C:\WINDOWS\system32\wuwebex.dll
O2 - BHO: HSProgSDT - {5D15CEAC-3B27-4863-AAEA-93A4C8A6C57D} - C:\WINDOWS\system32\hssdtobm.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: MEobjectSDT - {D4D5C535-BA95-4327-870D-A33826FDD17A} - C:\WINDOWS\system32\obwbkya.dll
O2 - BHO: update wnwb - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [mscfs] RUNDLL32 C:\WINDOWS\system32\msibm\cfsys.dll,cfs
O4 - HKLM\..\Run: [BIE] RUNDLL32.EXE C:\PROGRA~1\baidu\iexp\BDSrHook.dll,Rundll32
O4 - HKLM\..\Run: [wjvh8] RunDll32 "C:\WINDOWS\Downlo~1\wjvh8.dll",Run
O4 - HKLM\..\Run: [SearchNet_Up] "C:\Program Files\SearchNet\ServeUp.exe"
O4 - HKLM\..\Run: [Desktop] C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [pyjj] E:\jj4\jjsvr4.exe
O4 - Startup: 划词搜索.lnk = C:\Program Files\HuaCi\huaci\zsearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\飘云IP简装优化版\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\飘云IP简装优化版\AddEmotion.htm
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\飘云IP简装优化版\SendMMS.htm
O8 - Extra context menu item: 用炫彩图铃发送该图片 - C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=206671_1006 (file missing)
O9 - Extra button: 百度首页 - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - http://baidu.com/index.php?tn=bainiudg (file missing)
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O11 - Options group: [!IESearch] 百度搜索伴侣
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/
O17 - HKLM\System\CCS\Services\Tcpip\..\{62F6C27D-287A-4F75-A132-5D0257D64753}: NameServer = 218.2.135.1,61.147.37.1
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Database information combine - 易易加速科技有限公司 - C:\WINDOWS\dbmsinfo.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Log - Beijing zhongsou online software - C:\WINDOWS\system32\ServeHost.exe
O23 - Service: Rising Personal Firewall Service - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: SDAgent Service - 北京兴华基业软件技术有限公司 - C:\Program Files\Common Files\smartde\sde.exe
Latyas - 2006-7-31 12:48:00
装了过多垃圾造成,你新手吧。。。。以后用hijackthis的时候请把目前的程序都关了
C:\Program Files\HuaCi\huaci\zsearch.exe
:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\ServeHost.exe
C:\Program Files\SearchNet\SearchNet.exe
hbhs - 2006-7-31 12:51:00
噢,我是新手啊,那些乱七八糟的东西我也不知道怎么自己装上去的,在任务管理器里关你说的那些程序吗?
Latyas - 2006-7-31 12:52:00
最好直接DEL掉。。你装其他软件或上网的时候 强行给你装上的。。对于这些流氓。。一个字,杀!
hbhs - 2006-7-31 12:59:00
这是用任务管理器关掉上面的进程后的日志,帮忙看一下啊,下一步应该怎么做啊,期待指导。
Logfile of HijackThis v1.99.0
Scan saved at 12:48:49, on 2006-7-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\jj4\jjsvr4.exe
C:\WINDOWS\System32\svchost.exe
D:\HijackThis.exe
C:\Program Files\wnwb2005\wnwb.exe
R3 - URLSearchHook: bho Class - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll
R3 - URLSearchHook: BdSearchHook Class - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - C:\PROGRA~1\baidu\iexp\BDSrHook.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: BdSearch - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - C:\PROGRA~1\baidu\iexp\BDSrHook.dll
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: IE Address Browser Helper - {2A0176FE-008B-4706-90F5-BBA532A49731} - C:\Program Files\SearchNet\SNHpr.dll
O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll
O2 - BHO: CAISHOW TOOLBAR - {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} - C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll
O2 - BHO: IE Browser Helper - {3CE496D1-1746-41CD-9489-3C0B93DF10E2} - C:\WINDOWS\Downlo~1\mou75j3n.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: 网络加速 - {5673A7C0-95CC-4646-BB07-3BD71234CEF9} - C:\WINDOWS\system32\wuwebex.dll
O2 - BHO: HSProgSDT - {5D15CEAC-3B27-4863-AAEA-93A4C8A6C57D} - C:\WINDOWS\system32\hssdtobm.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: MEobjectSDT - {D4D5C535-BA95-4327-870D-A33826FDD17A} - C:\WINDOWS\system32\obwbkya.dll
O2 - BHO: update wnwb - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [mscfs] RUNDLL32 C:\WINDOWS\system32\msibm\cfsys.dll,cfs
O4 - HKLM\..\Run: [BIE] RUNDLL32.EXE C:\PROGRA~1\baidu\iexp\BDSrHook.dll,Rundll32
O4 - HKLM\..\Run: [wjvh8] RunDll32 "C:\WINDOWS\Downlo~1\wjvh8.dll",Run
O4 - HKLM\..\Run: [SearchNet_Up] "C:\Program Files\SearchNet\ServeUp.exe"
O4 - HKLM\..\Run: [Desktop] C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [pyjj] E:\jj4\jjsvr4.exe
O4 - Startup: 划词搜索.lnk = C:\Program Files\HuaCi\huaci\zsearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\飘云IP简装优化版\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\飘云IP简装优化版\AddEmotion.htm
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\飘云IP简装优化版\SendMMS.htm
O8 - Extra context menu item: 用炫彩图铃发送该图片 - C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=206671_1006 (file missing)
O9 - Extra button: 百度首页 - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - http://baidu.com/index.php?tn=bainiudg (file missing)
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O11 - Options group: [!IESearch] 百度搜索伴侣
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/
O17 - HKLM\System\CCS\Services\Tcpip\..\{62F6C27D-287A-4F75-A132-5D0257D64753}: NameServer = 218.2.135.1,61.147.37.1
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Database information combine - 易易加速科技有限公司 - C:\WINDOWS\dbmsinfo.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Log - Beijing zhongsou online software - C:\WINDOWS\system32\ServeHost.exe
O23 - Service: Rising Personal Firewall Service - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: SDAgent Service - 北京兴华基业软件技术有限公司 - C:\Program Files\Common Files\smartde\sde.exe
hbhs - 2006-7-31 13:18:00
高手帮忙看一下啊,谢先了!
Latyas - 2006-7-31 13:19:00
E:\jj4\jjsvr4.exe 这个是。。
奉劝你吧 那些乱七八糟的全删了 再截来。 什么YAHOO助手,,什么鸟加速器,那些东西最容易挂上流氓
hbhs - 2006-7-31 13:23:00
以上都不是我装的,不知不觉就装上了。E:\jj4\jjsvr4.exe 这个直接删了?
Latyas - 2006-7-31 13:26:00
删。
hbhs - 2006-7-31 13:29:00
在添加删除程序里没看到,直接把目录一起删了行吗?
Latyas - 2006-7-31 13:30:00
对吖。。。。照样删。。。添加删除那只是把那些乱七八糟的删了 什么加速软件,,什么YAHOO助手。。先删了再说
mopery - 2006-7-31 13:34:00
| 引用: |
【Latyas的贴子】
装了过多垃圾造成,你新手吧。。。。以后用hijackthis的时候请把目前的程序都关了
C:\Program Files\HuaCi\huaci\zsearch.exe
:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\ServeHost.exe
C:\Program Files\SearchNet\SearchNet.exe
........................... |
请问下你是新手吧?
Latyas - 2006-7-31 13:35:00
怎?我说的话有错吗?
hbhs - 2006-7-31 13:36:00
该删的都删了,该缷载的也缷了,这是新日程,下一步要怎么做。
hbhs - 2006-7-31 13:37:00
Logfile of HijackThis v1.99.0
Scan saved at 13:26:41, on 2006-7-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\HijackThis.exe
R3 - URLSearchHook: bho Class - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll
O2 - BHO: CAISHOW TOOLBAR - {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} - C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll
O2 - BHO: IE Browser Helper - {3CE496D1-1746-41CD-9489-3C0B93DF10E2} - C:\WINDOWS\Downlo~1\mou75j3n.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: 网络加速 - {5673A7C0-95CC-4646-BB07-3BD71234CEF9} - C:\WINDOWS\system32\wuwebex.dll
O2 - BHO: HSProgSDT - {5D15CEAC-3B27-4863-AAEA-93A4C8A6C57D} - C:\WINDOWS\system32\hssdtobm.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: MEobjectSDT - {D4D5C535-BA95-4327-870D-A33826FDD17A} - C:\WINDOWS\system32\obwbkya.dll
O2 - BHO: update wnwb - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [mscfs] RUNDLL32 C:\WINDOWS\system32\msibm\cfsys.dll,cfs
O4 - HKLM\..\Run: [wjvh8] RunDll32 "C:\WINDOWS\Downlo~1\wjvh8.dll",Run
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [pyjj] E:\jj4\jjsvr4.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\飘云IP简装优化版\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\飘云IP简装优化版\AddEmotion.htm
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\飘云IP简装优化版\SendMMS.htm
O8 - Extra context menu item: 用炫彩图铃发送该图片 - C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=206671_1006 (file missing)
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/
O17 - HKLM\System\CCS\Services\Tcpip\..\{62F6C27D-287A-4F75-A132-5D0257D64753}: NameServer = 218.2.135.1,61.147.37.1
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Database information combine - 易易加速科技有限公司 - C:\WINDOWS\dbmsinfo.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Personal Firewall Service - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: SDAgent Service - 北京兴华基业软件技术有限公司 - C:\Program Files\Common Files\smartde\sde.exe
Latyas - 2006-7-31 13:37:00
根据我常见的弹窗都是rundll32.exe调用了弹窗的DLL文件导致。你用icesword看一下rundll32.exe调用了哪些
hbhs - 2006-7-31 13:39:00
| 引用: |
【Latyas的贴子】根据我常见的弹窗都是rundll32.exe调用了弹窗的DLL文件导致。你用icesword看一下rundll32.exe调用了哪些
........................... |
我不会看啊,怎么操作?
Latyas - 2006-7-31 13:41:00
。。。。。。。。。。。实在不会问那位说我是新手的高人吧。。。或者加我QQ 54460650。。。反正我新手。。哈哈
mopery - 2006-7-31 13:48:00
| 引用: |
【Latyas的贴子】怎?我说的话有错吗?
........................... |
全错...照你这么做电脑不毁才怪..
还是那句话..
你是新手吧?
mopery - 2006-7-31 13:50:00
我今天就看一帖给你看...
这是论坛不要乱误倒人?ok 新手..
Latyas - 2006-7-31 13:50:00
全错?哪错了? 你不看看 那的进程。什么东西你应该知道。都是些流氓软件来的。那些东西不删你想咋地????
全错...照你这么做电脑不毁才怪..
怎?电脑怎么毁?你倒说说。 要想用电脑好,电脑不干净怎么能用?
hbhs - 2006-7-31 13:50:00
| 引用: |
【mopery的贴子】
全错...照你这么做电脑不毁才怪..
还是那句话..你是新手吧?
........................... |
我该怎么办啊,给指点一下啊!
Latyas - 2006-7-31 13:52:00
行。我倒要看看你多么多老手
mopery - 2006-7-31 13:54:00
修复
O2 - BHO: IE Browser Helper - {3CE496D1-1746-41CD-9489-3C0B93DF10E2} - C:\WINDOWS\Downlo~1\mou75j3n.dll
O2 - BHO: 网络加速 - {5673A7C0-95CC-4646-BB07-3BD71234CEF9} - C:\WINDOWS\system32\wuwebex.dll
O2 - BHO: HSProgSDT - {5D15CEAC-3B27-4863-AAEA-93A4C8A6C57D} - C:\WINDOWS\system32\hssdtobm.dll
O2 - BHO: MEobjectSDT - {D4D5C535-BA95-4327-870D-A33826FDD17A} - C:\WINDOWS\system32\obwbkya.dll
O4 - HKLM\..\Run: [wjvh8] RunDll32 "C:\WINDOWS\Downlo~1\wjvh8.dll",Run
删除
C:\WINDOWS\Downlo~1\mou75j3n.dll
C:\WINDOWS\system32\wuwebex.dll
C:\WINDOWS\system32\hssdtobm.dll
C:\WINDOWS\system32\obwbkya.dll
C:\WINDOWS\Downlo~1\wjvh8.dll
(file missing)结尾的勾上修复..
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O4 - HKLM\..\Run: [mscfs] RUNDLL32 C:\WINDOWS\system32\msibm\cfsys.dll,cfs
参考:http://forum.ikaka.com/topic.asp?board=28&artid=7948848
http://www.pctutu.com/srmsdown.asp
下载超级兔子..用超级兔子清理王卸载流氓软件...(安全模式...)
hbhs - 2006-7-31 13:57:00
谢谢,我试试
(file missing)结尾的勾上修复..
这句话是什么意思?不太懂。
Latyas - 2006-7-31 13:58:00
你高手。。。。。SearchNet这个不删等着吧。。该来的都得来。
mopery - 2006-7-31 13:58:00
| 引用: |
【Latyas的贴子】
装了过多垃圾造成,你新手吧。。。。以后用hijackthis的时候请把目前的程序都关了
C:\Program Files\HuaCi\huaci\zsearch.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\ServeHost.exe
C:\Program Files\SearchNet\SearchNet.exe
...........................
最好直接DEL掉。。你装其他软件或上网的时候 强行给你装上的。。对于这些流氓。。一个字,杀!
E:\jj4\jjsvr4.exe 这个是。。
奉劝你吧 那些乱七八糟的全删了 再截来。 什么YAHOO助手,,什么鸟加速器,那些东西最容易挂上流氓
对吖。。。。照样删。。。添加删除那只是把那些乱七八糟的删了 什么加速软件,,什么YAHOO助手。。先删了再说
|
C:\WINDOWS\system32\LEXBCES.EXE
正常的...
C:\Program Files\HuaCi\huaci\zsearch.exe
C:\WINDOWS\system32\ServeHost.exe
C:\Program Files\SearchNet\SearchNet.exe
这三个直接删?>>>我倒想问问你..这三个什么东西你知道不/>直接删??删得掉?
E:\jj4\jjsvr4.exe 这程序楼主自己装的..何况直接删..许多地方会残留...
奉劝你一句...三脚猫工夫别来这...要么看帖学习..不要误倒其他求助的...ok
mopery - 2006-7-31 13:59:00
| 引用: |
【Latyas的贴子】你高手。。。。。SearchNet这个不删等着吧。。该来的都得来。
........................... |
你知道这玩意是什么么? 不懂要问...知道不..
710207 - 2006-7-31 14:02:00
| 引用: |
【Latyas的贴子】你高手。。。。。SearchNet这个不删等着吧。。该来的都得来。
........................... |
你是新手吧,再上一帖就已经误倒楼主.......
SearchNet是一个流氓软件,超级兔子可以卸掉
Latyas - 2006-7-31 14:03:00
我不说恶劣
© 2000 - 2026 Rising Corp. Ltd.