1   1  /  1  页   跳转

【求助】

收藏
zmbnh
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2005-08-22
  • 来自:
发表于: 2005-08-22 16:06 | 只看楼主 短消息 资料
字号: 1楼

【求助】

本人局域网上网,别的机器网速很好,就我这台网速狂忙,我不知道是不是中了什么病毒!请老鸟指点?(注:我用瑞星杀过了,没找到病毒。)
最后编辑2005-08-22 16:23:30
分享到:
gototop
 
子阳
头像
雄霸杖朝狮
  • 帖子:14755
  • 注册: 2004-04-13
  • 来自:
发表于: 2005-08-22 16:07 | 短消息 资料
字号: 2楼

请下载并使用HijackThis1.99.1,把HijackThis
                  1.99.1生成的log日志文件的内容贴上来,方便大家分析。

                  有关操作方法可参考:
                  【推荐】反浏览器劫持的一些常用操作
                  http://forum.ikaka.com/topic.asp?board=67&artid=6490491
gototop
 
zmbnh
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2005-08-22
  • 来自:
发表于: 2005-08-22 16:23 | 只看楼主 短消息 资料
字号: 3楼

Logfile of HijackThis v1.99.1
Scan saved at 16:23:05, on 2005-8-22
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
D:\PROGRAM FILES\RISING\RAV\RavStub.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\PROGRA~1\YDT\YDTMain.exe
D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
D:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and

Settings\administrator.SERVER\桌面\248783200522382732\HijackThis.exe

O1 - Hosts: 202.103.67.180 auto.search.msn.com
O2 - BHO: 搜索助手 - {04844102-FC0B-4f44-9E93-0C4293BB5E80} -

C:\PROGRA~1\YDT\YDT.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} -

C:\PROGRA~1\3721\Assist\asbar.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} -

C:\WINNT\DOWNLO~1\CnsHook.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} -

C:\PROGRA~1\3721\Assist\asbar.dll
O4 - HKLM\..\Run: [CnsMin] rem Rundll32.exe

C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [helper.dll] C:\WINNT\system32\rundll32.exe

C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [SyGateManager] C:\Program

Files\SyGate\SHN\Sygate.exe
O4 - HKLM\..\Run: [YDTMain.exe] C:\PROGRA~1\YDT\YDTMain.exe
O4 - HKLM\..\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RfwMain] "d:\Program Files\Rising\Rfw\rfwmain.exe"

-Startup
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [91Funny.exe] C:\Documents and

Settings\administrator.SERVER\桌面\91funny2110\91Funny.exe
O4 - Startup: FICQ.lnk = D:\Program Files\FICQ\FICQ.exe
O8 - Extra context menu item: !搜一搜 -

res://C:\WINNT\DOWNLO~1\CnsMinEx.dll/1003
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} -

http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: 网址大全 - {1FBA04EE-3024-11D2-8F1F-0000F87ABD18} -

http://www.coc.cc (file missing)
O9 - Extra button: Yahoo 1G电邮 -

{507F9113-CD77-4866-BA92-0E86DA3D0B97} -

http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26}

- http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} -

http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenge

r.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} -

http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 -

{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} -

http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} -

http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 -

{FD00D911-7529-4084-9946-A29F1BDF4FE5} -

http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) -

http://vod.58028.net/plugin/PowerPlr.ocx
O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) -

http://www.ahn.com.cn/aspservice/plugin/myv3.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (趋势科技在线扫毒程序

) - http://www.trendmicro.com.cn/housecall/xscan53.cab
O16 - DPF: {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} (Kingsoft DUBA

OnlineScan) -

http://211.152.52.102/duba/antiscan/update/OCX/KAVClean.CAB
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan

Object) -

http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2

005.cab
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy

Class) - http://218.85.138.27/vqqsdl1009.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{430241E1-9368-4943-9B12-CE787AE7730A

}: NameServer = 202.102.3.141,202.102.3.144
O17 -

HKLM\System\CCS\Services\Tcpip\..\{DCE4E8E1-150D-4966-97AC-588CAF1508B2

}: NameServer = 202.102.3.141
O17 -

HKLM\System\CS1\Services\Tcpip\..\{430241E1-9368-4943-9B12-CE787AE7730A

}: NameServer = 202.102.3.141,202.102.3.144
O17 -

HKLM\System\CS2\Services\Tcpip\..\{430241E1-9368-4943-9B12-CE787AE7730A

}: NameServer = 202.102.3.141,202.102.3.144
O20 - AppInit_DLLs: APIHookDll.dll
O23 - Service: ccdudl - Unknown owner -

\\218.93.123.98\E$\bcvsrv32.exe" -service (file missing)
O23 - Service: CommandService - Unknown owner -

C:\WINNT\System32\CmdService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -

VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare

Development - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner -

C:\WINNT\G_Server.exe (file missing)
O23 - Service: Intel PDS - Unknown owner -

C:\WINNT\System32\cba\pds.exe (file missing)
O23 - Service: KDDelegateService - Unknown owner - d:\Program

Files\Kingdee\K3ERP\KDDelegateService.exe (file missing)
O23 - Service: Network DDE (NetDDE) - Unknown owner -

C:\WINNT\system32\netdde.exe (file missing)
O23 - Service: Network DDE DSDM (NetDDEdsdm) - Unknown owner -

C:\WINNT\system32\netdde.exe (file missing)
O23 - Service: PSEXESVC - Sysinternals - C:\WINNT\System32\PSEXESVC.EXE
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing

Rising Technology Corporation Limited - d:\program

files\rising\rfw\rfwsrv.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) -

Unknown owner - C:\WINNT\System32\locator.exe (file missing)
O23 - Service: Rising Process Communication Center (RsCCenter) - rising

- D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology

Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: QoS RSVP (RSVP) - Unknown owner -

C:\WINNT\System32\rsvp.exe (file missing)
O23 - Service: Remote Administrator Service (r_server) - Unknown owner

- C:\WINNT\system32\r_server.exe" /service (file missing)
O23 - Service: SyGateService (SaService) - Unknown owner - C:\Program

Files\SyGate\SHN\sgserv.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner -

C:\WINNT\System32\SCardSvr.exe (file missing)
O23 - Service: Utility Manager (UtilMan) - Unknown owner -

C:\WINNT\System32\UtilMan.exe (file missing)
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT