【回复“007黄金眼”的帖子】

您好,请您先暂时关闭系统还原,重启按F8进入安全模式:

停止服务:开始--控制面版--管理工具--服务--找到＂svchost.exe＂属性--改成＂已禁用＂

运行hijackthis修复以下:(如果是您知道的请不用修复)

O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\zolker005.dll

O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\System32\ztoolb005.dll

O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe

O4 - HKLM\..\Run: [load32] C:\WINDOWS\System32\winldra.exe

O4 - HKCU\..\Run: [wupd] rem C:\WINDOWS\System32\symcsvc.exe

O21 - SSODL: System - {59981032-7D0C-4377-938C-C3DBFCDD6FD1} - vr_sys.dll (file missing)

O23 - Service: svchost.exe (moto) - Unknown owner - C:\WINDOWS\svchost.exe

删除文件:(如果有的话)

C:\WINDOWS\System32\kernels32.exe

C:\WINDOWS\System32\winldra.exe

C:\WINDOWS\System32\symcsvc.exe

C:\WINDOWS\svchost.exe

C:\WINDOWS\svchost.dll

C:\WINDOWS\svchostkey.dll

C:\WINDOWS\svchost_Hook.dll


把注册表展开到HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services下查找“svchost.EXE”，然后删除，重新启动.

C:\WINDOWS\svchost.dll

C:\WINDOWS\svchostkey.dll

C:\WINDOWS\svchost_Hook.dl


这三个是否是灰鸽子?
http://forum.ikaka.com/topic.asp?board=28&artid=5666824  参考手工删除灰鸽子的方法!

【回复“爱证明一切”的帖子】

应该说O23 - Service: svchost.exe (moto) - Unknown owner - C:\WINDOWS\svchost.exe此项可能是灰鸽子.

【回复“爱证明一切”的帖子】在刚一上网的时候电脑会发出猛烈的报警声，上网不久就会弹出一个没有关闭按钮的英文窗口，过不多久又会出现一个，当我想用任务管理器结束它时，又会被告知任务管理器已被系统管理员停用了。另外在桌面上还会生成许多乱七八糟的东西。多谢大虾指教！！！
Logfile of HijackThis v1.99.1
Scan saved at 23:20:19, on 2005-7-28
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\HEROSOFT\Hero3000\SYSEXPLR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\3721\assistse.exe
C:\Program Files\DFVSX\DFVSX.exe
C:\WINDOWS\System32\winldra.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\KAV2003\KAVSvc.EXE
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\3721\ske\TrojanAssistant.exe
C:\KAV2003\KAVSvcUI.EXE
G:\杀毒软件文件夹\下载杀毒软件文件夹\248783200522382732\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\zolker005.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\assist\asbar.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\System32\ztoolb005.dll
O3 - Toolbar: 金山毒霸 - {A9BE2902-C447-420A-BB7F-A5DE921E6138} - C:\KAV2003\KAIEPlus.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SysExplr] C:\HEROSOFT\Hero3000\SYSEXPLR.EXE
O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\Program Files\SkyNet\FireWall\PFWmain.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [assistse] "C:\PROGRA~1\3721\assistse.exe"
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [TkBellExe] rem "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\Run: [dfvsx] "C:\Program Files\DFVSX\DFVSX.exe" -Min
O4 - HKLM\..\Run: [load32] C:\WINDOWS\System32\winldra.exe
O4 - HKLM\..\Run: [KAVRUN] rem C:\KAV2003\KAVRUN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] rem C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [KVFW] C:\Program Files\KVFW\kvfw.exe -silent
O4 - HKCU\..\Run: [wupd] rem C:\WINDOWS\System32\symcsvc.exe
O8 - Extra context menu item: !搜一搜 - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O8 - Extra context menu item: 使用Kugoo下载 - C:\PROGRA~1\KUGOO2\KugooDownX.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: 金山毒霸网站 - {1ff190e7-38ab-423e-b59c-4d166c2ea5f1} - url:http://www.duba.net (file missing)
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: 金山卓越 - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - url:http://www.joyo.com (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: 在线查毒 IE版 - {f58d36c3-40be-4418-a786-d8fbe3eb3554} - C:\KAV2003\KAVIE.htm
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://c:default.mht!http://www.wearehosters.com/v230/dropper.chm::/dropper.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14e96164a3298a516005/netzip/RdxIE601_cn.cab
O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://origin-www.ahn.com.cn/aspservice/plugin/myv3.cab
O16 - DPF: {9BBD100C-E820-4930-9937-E8F3AA40E584} (DFVSScanFile Control) - http://antivirus3.sunv.com/dfvsolDown/dfvsol.cab
O16 - DPF: {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} (Kingsoft DUBA OnlineScan) - http://211.152.52.102/duba/antiscan/update/OCX/KAVClean.CAB
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O21 - SSODL: System - {59981032-7D0C-4377-938C-C3DBFCDD6FD1} - vr_sys.dll (file missing)
O21 - SSODL: FlashGet(JetCar) - {4D84AC8B-E08C-BD78-A395-DE9E0B1ADD92} - c:\progra~1\flashget\xbvlh32.dll
O23 - Service: Kingsoft iDuba Service (KAVService) - Kingsoft Co., Ltd - C:\KAV2003\KAVSvc.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: svchost.exe (moto) - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

【回复“007黄金眼”的帖子】

您好,请照10楼的方法操作.

解决任务管理器的方法:开始菜单→运行→gpedit.msc→用户配置/管理模板/系统/Ctrl+Alt+Del选项→移除任务管理器，双击，选择已禁止

【回复“花落花又开”的帖子】上网的时候电脑会突然发出猛烈的报警声，并同时出现一个：microsoft windows security warning的窗口。上网不久就会弹出一个没有关闭按钮的英文窗口，过不多久又会出现一个，当我想用任务管理器结束它时，又会被告知任务管理器已被系统管理员停用了。另外在桌面上还会生成许多乱七八糟的东西。多谢大虾指教！！！

【回复“时间time”的帖子】请问该如何解决？多谢！

【回复“花落花又开”的帖子】你好！任务管理器的问题已经解决，多谢高人指点，晚安。

请参考 花落花又开 朋友的意见

解锁任务管理器

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
在右边的窗框中是否有“DisableTaskMgr”？删除

【回复“花落花又开”的帖子】你好！任务管理器的问题已经解决，多谢高人指点，晚安。