瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 江湖告急,请斑竹和各位大峡帮忙看看日志把!

1   1  /  1  页   跳转

江湖告急,请斑竹和各位大峡帮忙看看日志把!

收藏
jkkkk
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2005-07-29
  • 来自:
发表于: 2005-08-09 05:23 | 只看楼主 短消息 资料
字号: 1楼

江湖告急,请斑竹和各位大峡帮忙看看日志把!

请帮我看看把。偶都快愁死了,从一个星期前开始,每天第一次开机10几分钟后就无故关机了,[就算不上网,大开我的电脑或打开MP3听一会又没有执行大型的任务操作都一样,一看CPU的使用率高的惊人百分之百就无故自动关机了,只有冷启动,但是第2次启动后什么问题都没了,不会无故关机了]请朋友门帮着分析一下把!谢谢你们了!
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\3721\Assist\Angling.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O2 - BHO: MyIEtoolbar Class - {DAFE0426-96F6-472E-B98D-EF873EB7CFF2} - C:\WINDOWS\system32\toolbar.dll
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\yisou\yisoub.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O3 - Toolbar: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\yisou\yisou.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [17lelestart] C:\PROGRA~1\VISION~1\17lele\system\17lele.exe 17LELEMIN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTimer] E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] E:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [MoveSearch] C:\Program Files\wsearch\Search.exe
O4 - HKLM\..\Run: [YDTMain.exe] C:\PROGRA~1\YDT\YDTMain.exe
O4 - HKLM\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O4 - HKLM\..\Run: [MS-4011 Memory Patch] C:\RavSasser.exe -Patch
O4 - HKLM\..\Run: [迅雷4] C:\Program Files\Sandai Technologies Inc\Thunder\MediaIssue\TDUpdate.exe
O4 - HKCU\..\Run: [Kugoo] C:\PROGRA~1\KUGOO2\KUGOO.EXE
O4 - HKCU\..\Run: [ws_d] C:\WINDOWS\ws32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: !搜一搜(&S) - res://C:\Program Files\yisou\yisou.dll/232
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Sandai Technologies Inc\Thunder\getAllurl.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\浩方对战平台\GameClient.exe
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: 17lele免费休闲娱乐中心 - {DAFE0427-96F7-472F-B98E-EF873EB7CFF3} - http://www.17lele.com (file missing)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra button: 百万图库 - {6713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/p (file missing) (HKCU)
O9 - Extra button: 铃声图片下载 - {7713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.7169.com/sms/index.htm (file missing) (HKCU)
O11 - Options group: [!CNS] 上网助手-地址栏搜索
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://2awm.com/pop/chm/nikoxxsp.chm::/on-line.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://pcastdl.dudu.com/files/pCastCtl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CA2593A-859A-4145-9856-54293B7878D0}: NameServer = 211.98.2.4 211.98.4.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: windows - Unknown owner - C:\WINDOWS\windows.exe (file missing)
现在我的瑞星在正常模式下没杀到在安全模式下杀到一个,杀到后马上关的系统还原,系统还原不会起作用了把,?不是杀之前关的,是杀到之后关的。[另外手工删除灰鸽子为什么一定要在安全模式下啊,在普通模式下不行吗]偶是菜鸟,不舍赐教

最后编辑2005-08-09 11:28:09
分享到:
gototop
 
jkkkk
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2005-07-29
  • 来自:
发表于: 2005-08-09 05:28 | 只看楼主 短消息 资料
字号: 2楼

对了,把上半部分也贴上,请老大们全面分析一 下把!帮帮我!
Logfile of HijackThis v1.99.1
Scan saved at 3:31:06, on 2005-8-9
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
E:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rfw\RfwMain.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
E:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Tencent\qq\QQ.exe
C:\Program Files\Tencent\qq\TIMPlatform.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\zzz\LOCALS~1\Temp\Rar$EX11.234\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,"C:\Program Files\HFEE\SVOHOST.EXE" un userinit.exe
O1 - Hosts: 61.152.169.139 www.99bb.com
O1 - Hosts: 61.152.169.139 99bb.com
O1 - Hosts: 61.152.169.139 www.zdao.com
O1 - Hosts: 61.152.169.139 zdao.com
O1 - Hosts: 61.152.169.139 www.aisex.com
O1 - Hosts: 61.152.169.139 aisex.com
O1 - Hosts: 61.152.169.139 www.qq190.com
O1 - Hosts: 61.152.169.139 qq190.com
O1 - Hosts: 61.152.169.139 www.wanmm.com
O1 - Hosts: 61.152.169.139 wanmm.com
O1 - Hosts: 61.152.169.139 www.qq163.com
O1 - Hosts: 61.152.169.139 qq163.com
O1 - Hosts: 61.152.169.139 www.sex141.com
O1 - Hosts: 61.152.169.139 sex141.com
O1 - Hosts: 61.152.169.139 www.my990.com
O1 - Hosts: 61.152.169.139 my990.com
O1 - Hosts: 61.152.169.139 ad.my990.com
O1 - Hosts: 61.152.169.139 www.ttjj.com
O1 - Hosts: 61.152.169.139 ttjj.com
O1 - Hosts: 61.152.169.139 www.7t7t.com
O1 - Hosts: 61.152.169.139 7t7t.com
O1 - Hosts: 61.152.169.139 www.123987.com
O1 - Hosts: 61.152.169.139 www.123987.com/7sese/
O1 - Hosts: 61.152.169.139 www.oursm.com
O1 - Hosts: 61.152.169.139 oursm.com
O1 - Hosts: 61.152.169.139 www.palacemoon.com
O1 - Hosts: 61.152.169.139 palacemoon.com
O1 - Hosts: 61.152.169.139 18dy.com
O1 - Hosts: 61.152.169.139 www.18dy.com
O1 - Hosts: 61.152.169.139 49m.cn
O1 - Hosts: 61.152.169.139 www.49m.cn
O1 - Hosts: 61.152.169.139 123.xuanji8.com
O1 - Hosts: 61.152.169.139 ohkk.xuanji8.com
O1 - Hosts: 61.152.169.139 123.52lhc.com
O1 - Hosts: 61.152.169.139 7sese.com61.152.169.139 www.7sese.com
O1 - Hosts: 61.152.169.139 www.hao119.com
O1 - Hosts: 61.152.169.139 7sese.com
O1 - Hosts: 61.152.169.139 www.7sese.com
O1 - Hosts: 61.152.169.139 www.hao358.com
O1 - Hosts: 61.152.169.139 www.ee456.com
O1 - Hosts: 61.152.169.139 video.12san.com
O1 - Hosts: 61.152.169.139 www.eachz.com
O1 - Hosts: 61.152.169.139 www.avl.cn
O1 - Hosts: 61.152.169.139 avl.cn
O1 - Hosts: 61.152.169.139 www.98756.net
O1 - Hosts: 61.152.169.139 7sese.org
O1 - Hosts: 61.152.169.139 www.7sese.org
O1 - Hosts: 61.152.169.139 kanvcd.com
O1 - Hosts: 61.152.169.139 www.kanvcd.com
O1 - Hosts: 61.152.169.139 cn.movies.yahoo
O1 - Hosts: 61.152.169.139 www.zfvod.com
O1 - Hosts: 61.152.169.139 zfvod.com
O1 - Hosts: 61.152.169.139 media.netandtv.com
O1 - Hosts: 61.152.169.139 p2p.55660.com
O1 - Hosts: 61.152.169.139 media.netandtv.com
O1 - Hosts: 61.152.169.139 www.sol.sohu.com
O1 - Hosts: 61.152.169.139 www.sexhu.cn
O1 - Hosts: 61.152.169.139 sexhu.cn
O1 - Hosts: 61.152.169.139 www.blogchina.com
O1 - Hosts: 61.152.169.139 5blogchina.com
O1 - Hosts: 61.152.169.139 www.5806.net
O1 - Hosts: 61.152.169.139 zhao999.com
O1 - Hosts: 61.152.169.139 www.zhao999.com
O1 - Hosts: 61.152.169.139 movie.xmfdc.net
O1 - Hosts: 61.152.169.139 www.movie110.com
O1 - Hosts: 61.152.169.139 movie110.com
O1 - Hosts: 61.152.169.139 www.yesky.com
O1 - Hosts: 61.152.169.139 yesky.com
O1 - Hosts: 61.152.169.139 www.178ya.com
O1 - Hosts: 61.152.169.139 178ya.com
O1 - Hosts: 61.152.169.139 www.3668.cn
O1 - Hosts: 61.152.169.139 3668.cn
O1 - Hosts: 61.152.169.139 www.hao45.com
O1 - Hosts: 61.152.169.139 hao45.com
O1 - Hosts: 61.152.169.139 www.5sese.com
O1 - Hosts: 61.152.169.139 5sese.com
O1 - Hosts: 61.152.169.139 woyy.51.net
O1 - Hosts: 61.152.169.139 3668.cn
O1 - Hosts: 61.152.169.139 www.3668.cn
O1 - Hosts: 61.152.169.139 tu68.com
O1 - Hosts: 61.152.169.139 www.tu68.com
O1 - Hosts: 61.152.169.139 avxiu.com
O1 - Hosts: 61.152.169.139 www.avxiu.com
O1 - Hosts: 61.152.169.139 18dy.net
O1 - Hosts: 61.152.169.139 www.18dy.net
O1 - Hosts: 61.152.169.139 avxiu.com
O1 - Hosts: 61.152.169.139 www.avxiu.com
O1 - Hosts: 61.152.169.139 hk.18dy.com
O1 - Hosts: 61.152.169.139 dianying.gghggh.com
O1 - Hosts: 61.152.169.139 lady3.****net
O1 - Hosts: 61.152.169.139 kan56.zj.com
O1 - Hosts: 61.152.169.139 88848.net
O1 - Hosts: 61.152.169.139 www.88848.net
O1 - Hosts: 61.152.169.139 xonline.org
O1 - Hosts: 61.152.169.139 www.xonline.org
O1 - Hosts: 61.152.169.139 dy.nuoy.com
O1 - Hosts: 61.152.169.139 www.korea-av.com
O1 - Hosts: 61.152.169.139 korea-av.com
O1 - Hosts: 61.152.169.139 movie.bucuo.org
O1 - Hosts: 61.152.169.139 mv888.com
O1 - Hosts: 61.152.169.139 www.mv888.com
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v5.dll
gototop
 
獅子王
头像
初生襁褓狮
  • 帖子:82
  • 注册: 2005-07-16
  • 来自:
发表于: 2005-08-09 10:50 | 短消息 资料
字号: 3楼

修复
O1 - Hosts: 61.152.169.139 www.99bb.com
O1 - Hosts: 61.152.169.139 99bb.com
O1 - Hosts: 61.152.169.139 www.zdao.com
O1 - Hosts: 61.152.169.139 zdao.com
O1 - Hosts: 61.152.169.139 www.aisex.com
O1 - Hosts: 61.152.169.139 aisex.com
O1 - Hosts: 61.152.169.139 www.qq190.com
O1 - Hosts: 61.152.169.139 qq190.com
O1 - Hosts: 61.152.169.139 www.wanmm.com
O1 - Hosts: 61.152.169.139 wanmm.com
O1 - Hosts: 61.152.169.139 www.qq163.com
O1 - Hosts: 61.152.169.139 qq163.com
O1 - Hosts: 61.152.169.139 www.sex141.com
O1 - Hosts: 61.152.169.139 sex141.com
O1 - Hosts: 61.152.169.139 www.my990.com
O1 - Hosts: 61.152.169.139 my990.com
O1 - Hosts: 61.152.169.139 ad.my990.com
O1 - Hosts: 61.152.169.139 www.ttjj.com
O1 - Hosts: 61.152.169.139 ttjj.com
O1 - Hosts: 61.152.169.139 www.7t7t.com
O1 - Hosts: 61.152.169.139 7t7t.com
O1 - Hosts: 61.152.169.139 www.123987.com
O1 - Hosts: 61.152.169.139 www.123987.com/7sese/
O1 - Hosts: 61.152.169.139 www.oursm.com
O1 - Hosts: 61.152.169.139 oursm.com
O1 - Hosts: 61.152.169.139 www.palacemoon.com
O1 - Hosts: 61.152.169.139 palacemoon.com
O1 - Hosts: 61.152.169.139 18dy.com
O1 - Hosts: 61.152.169.139 www.18dy.com
O1 - Hosts: 61.152.169.139 49m.cn
O1 - Hosts: 61.152.169.139 www.49m.cn
O1 - Hosts: 61.152.169.139 123.xuanji8.com
O1 - Hosts: 61.152.169.139 ohkk.xuanji8.com
O1 - Hosts: 61.152.169.139 123.52lhc.com
O1 - Hosts: 61.152.169.139 7sese.com61.152.169.139 www.7sese.com
O1 - Hosts: 61.152.169.139 www.hao119.com
O1 - Hosts: 61.152.169.139 7sese.com
O1 - Hosts: 61.152.169.139 www.7sese.com
O1 - Hosts: 61.152.169.139 www.hao358.com
O1 - Hosts: 61.152.169.139 www.ee456.com
O1 - Hosts: 61.152.169.139 video.12san.com
O1 - Hosts: 61.152.169.139 www.eachz.com
O1 - Hosts: 61.152.169.139 www.avl.cn
O1 - Hosts: 61.152.169.139 avl.cn
O1 - Hosts: 61.152.169.139 www.98756.net
O1 - Hosts: 61.152.169.139 7sese.org
O1 - Hosts: 61.152.169.139 www.7sese.org
O1 - Hosts: 61.152.169.139 kanvcd.com
O1 - Hosts: 61.152.169.139 www.kanvcd.com
O1 - Hosts: 61.152.169.139 cn.movies.yahoo
O1 - Hosts: 61.152.169.139 www.zfvod.com
O1 - Hosts: 61.152.169.139 zfvod.com
O1 - Hosts: 61.152.169.139 media.netandtv.com
O1 - Hosts: 61.152.169.139 p2p.55660.com
O1 - Hosts: 61.152.169.139 media.netandtv.com
O1 - Hosts: 61.152.169.139 www.sol.sohu.com
O1 - Hosts: 61.152.169.139 www.sexhu.cn
O1 - Hosts: 61.152.169.139 sexhu.cn
O1 - Hosts: 61.152.169.139 www.blogchina.com
O1 - Hosts: 61.152.169.139 5blogchina.com
O1 - Hosts: 61.152.169.139 www.5806.net
O1 - Hosts: 61.152.169.139 zhao999.com
O1 - Hosts: 61.152.169.139 www.zhao999.com
O1 - Hosts: 61.152.169.139 movie.xmfdc.net
O1 - Hosts: 61.152.169.139 www.movie110.com
O1 - Hosts: 61.152.169.139 movie110.com
O1 - Hosts: 61.152.169.139 www.yesky.com
O1 - Hosts: 61.152.169.139 yesky.com
O1 - Hosts: 61.152.169.139 www.178ya.com
O1 - Hosts: 61.152.169.139 178ya.com
O1 - Hosts: 61.152.169.139 www.3668.cn
O1 - Hosts: 61.152.169.139 3668.cn
O1 - Hosts: 61.152.169.139 www.hao45.com
O1 - Hosts: 61.152.169.139 hao45.com
O1 - Hosts: 61.152.169.139 www.5sese.com
O1 - Hosts: 61.152.169.139 5sese.com
O1 - Hosts: 61.152.169.139 woyy.51.net
O1 - Hosts: 61.152.169.139 3668.cn
O1 - Hosts: 61.152.169.139 www.3668.cn
O1 - Hosts: 61.152.169.139 tu68.com
O1 - Hosts: 61.152.169.139 www.tu68.com
O1 - Hosts: 61.152.169.139 avxiu.com
O1 - Hosts: 61.152.169.139 www.avxiu.com
O1 - Hosts: 61.152.169.139 18dy.net
O1 - Hosts: 61.152.169.139 www.18dy.net
O1 - Hosts: 61.152.169.139 avxiu.com
O1 - Hosts: 61.152.169.139 www.avxiu.com
O1 - Hosts: 61.152.169.139 hk.18dy.com
O1 - Hosts: 61.152.169.139 dianying.gghggh.com
O1 - Hosts: 61.152.169.139 lady3.****net
O1 - Hosts: 61.152.169.139 kan56.zj.com
O1 - Hosts: 61.152.169.139 88848.net
O1 - Hosts: 61.152.169.139 www.88848.net
O1 - Hosts: 61.152.169.139 xonline.org
O1 - Hosts: 61.152.169.139 www.xonline.org
O1 - Hosts: 61.152.169.139 dy.nuoy.com
O1 - Hosts: 61.152.169.139 www.korea-av.com
O1 - Hosts: 61.152.169.139 korea-av.com
O1 - Hosts: 61.152.169.139 movie.bucuo.org
O1 - Hosts: 61.152.169.139 mv888.com
O1 - Hosts: 61.152.169.139 www.mv888.com
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://2awm.com/pop/chm/nikoxxsp.chm::/on-line .exe   
Nasty  This entry is possibly nasty.
  Should be fixed.
  O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe 
gototop
 
花落花又开
头像
社区嘉宾
  • 帖子:6782
  • 注册: 2005-04-16
  • 来自:
发表于: 2005-08-09 10:51 | 短消息 资料
字号: 4楼

【回复“jkkkk”的帖子】

修复所有F2,01项,

O4 - HKLM\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O4 - HKCU\..\Run: [ws_d] C:\WINDOWS\ws32.exe
O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O23 - Service: windows - Unknown owner - C:\WINDOWS\windows.exe (file missing)

删除文件:(如果有的话)

C:\$NtUninstallQ5926809$\整个目录
C:\WINDOWS\ws32.exe
C:\WINDOWS\windows.exe
C:\WINDOWS\windows.dll
C:\WINDOWS\windowskey.dll
C:\WINDOWS\windows_Hook.dll

停止服务:开始--控制面版--管理工具--服务--找到"windows "属性--改成"已禁用"

展开注册表HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services下查找“windows.exe”,然后删除,重新启动.
gototop
 
飞跃迷离
头像
社区嘉宾
  • 帖子:7351
  • 注册: 2004-10-15
  • 来自:
发表于: 2005-08-09 11:28 | 短消息 资料
字号: 5楼

下面几项也请楼主修复:
请关闭所有IE界面,重新使用HijackThis扫描一次,选中下面建议修复的项目,让HijackThis修复,修复前请允许HijackThis保留备份。(如果楼主知道是安全的可以不必勾选)
O2 - BHO: MyIEtoolbar Class - {DAFE0426-96F6-472E-B98D-EF873EB7CFF2} - C:\WINDOWS\system32\toolbar.dll
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://2awm.com/pop/chm/nikoxxsp.chm::/on-line.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://pcastdl.dudu.com/files/pCastCtl.cab

然后打开我的电脑。。再点工具。。打开文件夹选项。。。查看。。。把隐藏受保护的系统文件(推荐)和隐藏已知文件类型的扩展名的勾去掉。再显示所有文件。 用WINDOWS的查找功能进行查找并删除:
C:\WINDOWS\system32\toolbar.dll
C:\Recycled\Q330995.exe

O4 - 启动项HKLM\\Run: [MoveSearch] C:\Program Files\wsearch\Search.exe
是“网络猪”的项目(也可能是划词搜索),如果楼主不想使用,请到开始-->设置-->控制面板-->添加删除程序, 卸载
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT