发表于: 2007-01-05 11:04 | 只看楼主 短消息 资料
字号: 1楼

求助!!win2000

系统是win2000正常开机一到欢迎界面就马上重启,安全模式就没事。系统肯定是中毒了,但是怎么弄也没有反应。希望各位大虾多多指点。

HijackThis_815汉化版扫描日志 V1.99.1
保存于      14:34:31, 日期 2006-1-4
操作系统:  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器:    Internet Explorer v6.00 SP1 (6.00.2800.1106)
当前运行的进程:         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\program files\internet explorer\iexplore.exe
\192.168.0.55\temp\ske\TrojanAssistant.exe
F:\HijackThis1991zww.exe

F2 - REG:system.ini: UserInit=userinit.exe,rundll32.exe C:\WINNT\system32\winsys16_061130.dll start
O1 - Hosts: 202.109.114.142 survey88.allyes.com
O1 - Hosts: 202.109.114.142 adtaobao.allyes.com
O1 - Hosts: 202.109.114.142 smarttaobao.allyes.com
O1 - Hosts: 202.109.114.142 code.qihoo.com
O1 - Hosts: 202.109.114.142 union.mop.com
O1 - Hosts: 202.109.114.142 js.kkunion.com
O1 - Hosts: 202.109.114.142 v.kkunion.com
O1 - Hosts: 202.109.114.142 v.21cn.com
O1 - Hosts: 202.109.114.142 iplusms.allyes.com
O1 - Hosts: 202.109.114.142 mms.t2t2.com
O1 - Hosts: 202.109.114.142 ivr.dobig.net
O1 - Hosts: 202.109.114.142 www.u8u.com
O1 - Hosts: 202.109.114.142 u.u8u.com
O1 - Hosts: 202.109.114.142 img.zhangxiu.com
O1 - Hosts: 202.109.114.142 tl.linktone.com
O1 - Hosts: 202.109.114.142 channel.e78.com
O1 - Hosts: 202.109.114.142 u.7town.com
O1 - Hosts: 202.109.114.142 union.95ol.com.cn
O1 - Hosts: 202.109.114.142 mms1.95ol.com.cn
O1 - Hosts: 202.109.114.142 mfs.95ol.com.cn
O1 - Hosts: 202.109.114.142 tl.a8.com
O1 - Hosts: 202.109.114.142 ad01.a8.com
O1 - Hosts: 202.109.114.142 u2.caiku.com
O1 - Hosts: 202.109.114.142 mms.caiku.com
O1 - Hosts: 202.109.114.142 code1.caiku.com
O1 - Hosts: 202.109.114.142 pub.lele.com
O1 - Hosts: 202.109.114.142 u.lele.com
O1 - Hosts: 202.109.114.142 7town.com
O1 - Hosts: 202.109.114.142 tvsend.7town.com
O1 - Hosts: 202.109.114.142 ivrsend.7town.com
O1 - Hosts: 202.109.114.142 tlt.7town.com
O1 - Hosts: 202.109.114.142 gsend.7town.com
O1 - Hosts: 202.109.114.142 smssend.7town.com
O1 - Hosts: 202.109.114.142 mmssend.moyu.com
O1 - Hosts: 202.109.114.142 91ivr.com
O1 - Hosts: 202.109.114.142 myad.91ivr.com
O1 - Hosts: 202.109.114.142 u.91ivr.com
O1 - Hosts: 202.109.114.142 union.91ivr.com
O1 - Hosts: 203.191.146.205 corep.dmcast.com
O1 - Hosts: 203.191.146.205 m081.dmcast.com
O1 - Hosts: 203.191.146.205 dcww.dmcast.com
O1 - Hosts: 203.191.146.205 renren.dmcast.com
O1 - Hosts: 203.191.146.205 files.henbang.net
O1 - Hosts: 203.191.146.205 bannerbox.cn
O1 - Hosts: 203.191.146.205 www.bannerbox.cn
O1 - Hosts: 203.191.146.205 action.coopen.cn
O1 - Hosts: 203.191.146.205 u4.sky99.cn
O1 - Hosts: 203.191.146.205 u1.sky99.cn
O1 - Hosts: 203.191.146.205 u2.sky99.cn
O1 - Hosts: 203.191.146.205 u3.sky99.cn
O1 - Hosts: 203.191.146.205 sky99.cn
O1 - Hosts: 203.191.146.205 u.sky99.cn
O1 - Hosts: 203.191.146.205 u.ete.cn
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 www.365tan.com
O1 - Hosts: 203.191.146.205 www.winopen.cn
O1 - Hosts: 203.191.146.205 www.tanip.com
O1 - Hosts: 203.191.146.205 alexaanywhere.com
O1 - Hosts: 203.191.146.205 jssb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ns250.alexaanywhere.com
O1 - Hosts: 203.191.146.205 sb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 pop.9v.cn
O1 - Hosts: 203.191.146.205 xuni.myad.cn
O1 - Hosts: 203.191.146.205 iebar.t2t2.com
O1 - Hosts: 203.191.146.205 error.newcell.cn
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 cns.3721.com
O1 - Hosts: 203.191.146.205 seek.3721.com
O1 - Hosts: 203.191.146.205 name.cnnic.cn
O1 - Hosts: 203.191.146.205 toolsbar.kuaiso.com
O1 - Hosts: 203.191.146.205 www.kuaiso.com
O1 - Hosts: 203.191.146.205 kuaiso.com
O1 - Hosts: 203.191.146.205 www.copyso.com
O1 - Hosts: 203.191.146.205 union.copyso.com
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 ok.mop-hz.com
O1 - Hosts: 203.191.146.205 www.ncast.cn
O1 - Hosts: 203.191.146.205 www.ads3721.com
O1 - Hosts: 203.191.146.205 360.ads3721.com
O1 - Hosts: 203.191.146.205 www.maohehe.com
O1 - Hosts: 203.191.146.205 www.5566.net
O1 - Hosts: 203.191.146.205 5566.net
O1 - Hosts: 203.191.146.205 www.gjj.cc
O1 - Hosts: 203.191.146.205 gjj.cc
O1 - Hosts: 203.191.146.205 www.9495.com
O1 - Hosts: 203.191.146.205 9495.com
O1 - Hosts: 203.191.146.205 my123.com
O1 - Hosts: 203.191.146.205 www.my123.com
O1 - Hosts: 203.191.146.205 7b.com.cn
O1 - Hosts: 203.191.146.205 www.7b.com.cn
O1 - Hosts: 203.191.146.205 www.3567.com
O1 - Hosts: 203.191.146.205 3567.com
O1 - Hosts: 203.191.146.205 www.37021.com
O1 - Hosts: 203.191.146.205 37021.com
O1 - Hosts: 203.191.146.205 www.haourl.com
O1 - Hosts: 203.191.146.205 haourl.com
O1 - Hosts: 203.191.146.205 www.37021.net
O1 - Hosts: 203.191.146.205 37021.net
O1 - Hosts: 203.191.146.205 www.4199.com
O1 - Hosts: 203.191.146.205 4199.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IEMonitor Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\Program Files\DeskAdTop\deskipn.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush1.dll
O2 - BHO: CNNIC 网络工具Drag - {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} - C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: (no name) - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}? - (no file)
O2 - BHO: 实用搜索 - {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} - C:\Program Files\superutilbar\superutilbar.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3B151~1\Bar888.dll
O2 - BHO: xvhf - {CB980193-E052-4604-BBBD-F74BAB09D2DE} - C:\PROGRA~1\gbqo\kfus.dll
O2 - BHO: IEHlprObj Class - {DE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINNT\POPNTS.DLL
O2 - BHO: (no name) - {E5A7A15F-213F-4FCF-8DE7-D388F9FB09EB} - C:\WINNT\system32\cnwin.dll (file missing)
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE工具栏增项: 实用搜索工具条2.0 - {03465FF5-00AE-411a-9C34-960ED566EC03} - C:\Program Files\superutilbar\superutilbar.dll
O3 - IE工具栏增项: Abobe Flash Play 9 - {772546DC-8719-4F80-B82F-B3A92AAC96C7} - C:\Program Files\Abobe Flash Play 9\Cab301b48.dll (file missing)
O3 - IE工具栏增项: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3B151~1\Bar888.dll
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [RavTray] "C:\Program Files\Rav\RavTray.exe"
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [CnsMHlp.exe] C:\WINNT\Downloaded Program files\CnsMHlp.exe
O4 - 启动项HKLM\\RunOnce: [CCenterInst] "C:\Program Files\Rav\CCenter.exe" -install
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSNShell] ; C:\Program Files\MSNShell\Bin\MSNShell.exe autorun
O4 - HKCU\..\Run: [winsamps] C:\WINNT\winamps.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: 设为 Messenger Live 头像 - C:\Program Files\MSNShell\Bin\SetMSNDP.htm
O8 - IE右键菜单中的新增项目: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - 浏览器额外的按钮: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - 浏览器额外的“工具”菜单项: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - 浏览器额外的按钮: (no name) - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}? - (no file)
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\cdnns.dll
O11 - Options group: [CDNCLIENT]  中文上网
O16 - DPF: {2BFAA61B-5C83-4865-8281-D8BDBF863061} (PGEdit Class) - https://www.gnetpg.com/PG_ATL.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150444567625
O16 - DPF: {8CFEC00F-7A38-4199-A6E9-BD73DC652978} (PGCs Class) - https://www.gnetpg.com/PlugIn/PGCsATL.cab
O16 - DPF: {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} (Submit Class) - https://pbank.95559.com.cn/personbank/ocx/safe.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B8EEBCE-85C6-498D-BA73-154DD795E7F1}: NameServer = 61.144.56.101,202.96.128.68
O18 - 列举现有的协议: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KuGoo3\InExtend\KUGOO3~1.OCX
O20 - Winlogon Notify: ScCardLogn - C:\WINNT\ScNotify.dll
O20 - Winlogon Notify: Scryptnat - C:\WINNT\SYSTEM32\Scryptnat.dll
O23 - NT 服务: 92E4A218 - Unknown owner - C:\WINNT\system32\92E4A218.EXE (file missing)
O23 - NT 服务: CMServerToXPM (CMServerToXP) - Unknown owner - C:\Windows\system32\KRZFNU.EXE
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: VOTUSUM NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - NT 服务: RavService - Unknown owner - C:\Program Files\Rav\RavService.exe" /service (file missing)
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rav\Ravmond.exe
O23 - NT 服务: Provisioning Transaction Service (ttt_21) - Unknown owner - C:\WINNT\system32\winrar.exe
最后编辑2007-01-05 11:04:39.340000000