朋友的机子上网就来事,而且经常重启.这是hijackthis扫的LOG:Logfile of HijackThis v1.99.0
Scan saved at 19:42:17, on 2006-1-21
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\taskcntr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\wce.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\taskmgr.exe
H:\smartAP.exe
d:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\System32\conime.exe
C:\DOCUME~1\JFX~1.BIL\LOCALS~1\Temp\Rar$EX07.953\HijackThis.exe
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O1 - Hosts: 61.152.241.124 www.
O1 - Hosts: 61.152.241.124
O1 - Hosts: 61.152.241.124 www.baidu99.com
O1 - Hosts: 61.152.241.124 baidu99.com
O1 - Hosts: 61.152.241.124 www.tt135.com/dd/dy2.htm
O1 - Hosts: 61.152.241.124 tt135.com/dd/dy2.htm
O1 - Hosts: 61.152.241.124 www.38dianying.com/dy/dy11.htm
O1 - Hosts: 61.152.241.124 38dianying.com/dy/dy11.htm
O1 - Hosts: 61.152.241.124 www.365ting.com
O1 - Hosts: 61.152.241.124 365ting.com
O1 - Hosts: 61.152.241.124 www.hlj169.com
O1 - Hosts: 61.152.241.124 hlj169.com
O1 - Hosts: 61.152.241.124 www.oscar.com
O1 - Hosts: 61.152.241.124 oscar.com
O1 - Hosts: 61.152.241.124 www.kan163.net
O1 - Hosts: 61.152.241.124 kan163.net
O1 - Hosts: 61.152.241.124 www.hn2008.com
O1 - Hosts: 61.152.241.124 hn2008.com
O1 - Hosts: 61.152.241.124 www.qq2008.net
O1 - Hosts: 61.152.241.124 qq2008.net
O1 - Hosts: 61.152.241.124 www.tom2008.com/dianyingyuan.htm
O1 - Hosts: 61.152.241.124 tom2008.com/dianyingyuan.htm
O1 - Hosts: 61.152.241.124 www.kk018.com/shipin.htm
O1 - Hosts: 61.152.241.124 kk018.com/shipin.htm
O1 - Hosts: 61.152.241.124 www.tt131.blogdriver.com
O1 - Hosts: 61.152.241.124 tt131.blogdriver.com
O1 - Hosts: 61.152.241.124 www.yy125.com/dy/
O1 - Hosts: 61.152.241.124 yy125.com/dy/
O1 - Hosts: 61.152.241.124 www.7517.net
O1 - Hosts: 61.152.241.124 7517.net
O1 - Hosts: 61.152.241.124 www.k8588.com
O1 - Hosts: 61.152.241.124 k8588.com
O1 - Hosts: 61.152.241.124 www.wo111.com/v/dv1.htm
O1 - Hosts: 61.152.241.124 wo111.com/v/dv1.htm
O1 - Hosts: 61.152.241.124 www.235938.com
O1 - Hosts: 61.152.241.124 235938.com
O1 - Hosts: 61.152.241.124 www.7sese.qq38.com/21cn3.htm
O1 - Hosts: 61.152.241.124 7sese.qq38.com/21cn3.htm
O1 - Hosts: 61.152.241.124 www.tzshw.net
O1 - Hosts: 61.152.241.124 tzshw.net
O1 - Hosts: 61.152.241.124 www.1v6.com/movie/9735-1.htm
O1 - Hosts: 61.152.241.124 1v6.com/movie/9735-1.htm
O1 - Hosts: 61.152.241.124 www.zhao112.com/wz/s21cn.htm
O1 - Hosts: 61.152.241.124 zhao112.com/wz/s21cn.htm
O1 - Hosts: 61.152.241.124 www.dy699.com/movie1.htm
O1 - Hosts: 61.152.241.124 dy699.com/movie1.htm
O1 - Hosts: 61.152.241.124 www.33166.net/movie7.htm
O1 - Hosts: 61.152.241.124 33166.net/movie7.htm
O1 - Hosts: 61.152.241.124 www.lalaring.zj.com
O1 - Hosts: 61.152.241.124 lalaring.zj.com
O1 - Hosts: 61.152.241.124 www.268vod.blogdriver.com/268vod/index.html
O1 - Hosts: 61.152.241.124 268vod.blogdriver.com/268vod/index.html
O1 - Hosts: 61.152.241.124 www.500dy.com
O1 - Hosts: 61.152.241.124 500dy.com
O1 - Hosts: 61.152.241.124 www.31show.com
O1 - Hosts: 61.152.241.124 31show.com
O1 - Hosts: 61.152.241.124 www.2000qq.com/index.htm
O1 - Hosts: 61.152.241.124 2000qq.com/index.htm
O1 - Hosts: 61.152.241.124 www.tt516.com
O1 - Hosts: 61.152.241.124 tt516.com
O1 - Hosts: 61.152.241.124 www.q162.com/ads/
O1 - Hosts: 61.152.241.124 q162.com/ads/
O1 - Hosts: 61.152.241.124 www.dy5.com
O1 - Hosts: 61.152.241.124 dy5.com
O1 - Hosts: 61.152.241.124 www.cc500.com/
O1 - Hosts: 61.152.241.124 cc500.com/
O1 - Hosts: 61.152.241.124 www.265dy.com
O1 - Hosts: 61.152.241.124 265dy.com
O1 - Hosts: 61.152.241.124 www.2kok.com
O1 - Hosts: 61.152.241.124 2kok.com
O1 - Hosts: 61.152.241.124 www.99fx.net
O1 - Hosts: 61.152.241.124 99fx.net
O1 - Hosts: 61.152.241.124 www.v.2791.com
O1 - Hosts: 61.152.241.124 v.2791.com
O1 - Hosts: 61.152.241.124 www.movie2000.cn
O1 - Hosts: 61.152.241.124 movie2000.cn
O1 - Hosts: 61.152.241.124 www.smh6.com
O1 - Hosts: 61.152.241.124 smh6.com
O1 - Hosts: 61.152.241.124 www.ye78.com
O1 - Hosts: 61.152.241.124 ye78.com
O1 - Hosts: 61.152.241.124 www.sogo8.blogdriver.com/sogo8/index.html
O1 - Hosts: 61.152.241.124 sogo8.blogdriver.com/sogo8/index.html
O1 - Hosts: 61.152.241.124 www.36900.cn
O1 - Hosts: 61.152.241.124 36900.cn
O1 - Hosts: 61.152.241.124 www.dy502.com/movie21.asp
O1 - Hosts: 61.152.241.124 dy502.com/movie21.asp
O1 - Hosts: 61.152.241.124 www.dy07008.com
O1 - Hosts: 61.152.241.124 dy07008.com
O1 - Hosts: 61.152.241.124 www.dy8884.blogdriver.com
O1 - Hosts: 61.152.241.124 dy8884.blogdriver.com
O1 - Hosts: 61.152.241.124 www.89989.com
O1 - Hosts: 61.152.241.124 89989.com
O1 - Hosts: 61.152.241.124 www.pjbuy.com/00033
O1 - Hosts: 61.152.241.124 pjbuy.com/00033
O1 - Hosts: 61.152.241.124 www.3012.net/00848/00000.htm
O1 - Hosts: 61.152.241.124 3012.net/00848/00000.htm
O1 - Hosts: 61.152.241.124 www.30128.com
O1 - Hosts: 61.152.241.124 30128.com
O1 - Hosts: 61.152.241.124 www.f998.com
O1 - Hosts: 61.152.241.124 f998.com
O1 - Hosts: 61.152.241.124 www.zhangshan.2288.org/ads/reg.htm
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows ASN Services] wce.exe
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\update.exe
O4 - HKLM\..\RunServices: [Windows ASN Services] wce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: 扑克 - {12341234-1234-5678-9012-123456789012} - C:\www.ufocn.com\开心斗地主\开心斗地主.exe
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] 上网助手-地址栏搜索
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {88734439-46D0-42C0-A13F-7E881EE550CF} (Filetran Control) - http://www.bluesky.cn/download/filetran.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=2663
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
