瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【原创】急啊!上某些网站C盘一下子就爆满!下线停一下就又恢复了!

1   1  /  1  页   跳转

【原创】急啊!上某些网站C盘一下子就爆满!下线停一下就又恢复了!

收藏
束手无册啊
头像
初生襁褓狮
  • 帖子:5
  • 注册: 2006-02-21
  • 来自:
发表于: 2006-02-24 22:00 | 只看楼主 短消息 资料
字号: 1楼

【原创】急啊!上某些网站C盘一下子就爆满!下线停一下就又恢复了!


各位高人,我上某些网站C盘一下子就爆满!下线停一下就又恢复了!如上星期上yahoo
C盘一下子就爆,前两天蒙卡卡社区永不言弃指教,关了系统还原系统,好了两天,现在又犯了!不过现在上yahoo不爆,上卡卡社区就爆啊!我用瑞星18.15.42版本查杀,没有发现病毒啊!现在用HijackThis扫描日志如下,请高手帮忙!(我试过关闭还原系统,还是不行)
HijackThis_zww汉化版扫描日志 V1.99.1
保存于      21:33:45, 日期 2006-2-24
操作系统:  Windows ME (Win9x 4.90.3000)
浏览器:    Internet Explorer v5.50 (5.50.4134.0100)

当前运行的进程:         
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IGFXTRAY.EXE
C:\WINDOWS\SYSTEM\HKCMD.EXE
C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
D:\HIJACKTHIS\HIJACKTHIS1991ZWW.EXE

O1 - Hosts: 61.152.241.124 www.
O1 - Hosts: 61.152.241.124
O1 - Hosts: 61.152.241.124 www.baidu99.com
O1 - Hosts: 61.152.241.124 baidu99.com
O1 - Hosts: 61.152.241.124 www.tt135.com/dd/dy2.htm
O1 - Hosts: 61.152.241.124 tt135.com/dd/dy2.htm
O1 - Hosts: 61.152.241.124 www.38dianying.com/dy/dy11.htm
O1 - Hosts: 61.152.241.124 38dianying.com/dy/dy11.htm
O1 - Hosts: 61.152.241.124 www.365ting.com
O1 - Hosts: 61.152.241.124 365ting.com
O1 - Hosts: 61.152.241.124 www.hlj169.com
O1 - Hosts: 61.152.241.124 hlj169.com
O1 - Hosts: 61.152.241.124 www.oscar.com
O1 - Hosts: 61.152.241.124 oscar.com
O1 - Hosts: 61.152.241.124 www.kan163.net
O1 - Hosts: 61.152.241.124 kan163.net
O1 - Hosts: 61.152.241.124 www.hn2008.com
O1 - Hosts: 61.152.241.124 hn2008.com
O1 - Hosts: 61.152.241.124 www.qq2008.net
O1 - Hosts: 61.152.241.124 qq2008.net
O1 - Hosts: 61.152.241.124 www.tom2008.com/dianyingyuan.htm
O1 - Hosts: 61.152.241.124 tom2008.com/dianyingyuan.htm
O1 - Hosts: 61.152.241.124 www.kk018.com/shipin.htm
O1 - Hosts: 61.152.241.124 kk018.com/shipin.htm
O1 - Hosts: 61.152.241.124 www.tt131.blogdriver.com
O1 - Hosts: 61.152.241.124 tt131.blogdriver.com
O1 - Hosts: 61.152.241.124 www.yy125.com/dy/
O1 - Hosts: 61.152.241.124 yy125.com/dy/
O1 - Hosts: 61.152.241.124 www.7517.net
O1 - Hosts: 61.152.241.124 7517.net
O1 - Hosts: 61.152.241.124 www.k8588.com
O1 - Hosts: 61.152.241.124 k8588.com
O1 - Hosts: 61.152.241.124 www.wo111.com/v/dv1.htm
O1 - Hosts: 61.152.241.124 wo111.com/v/dv1.htm
O1 - Hosts: 61.152.241.124 www.235938.com
O1 - Hosts: 61.152.241.124 235938.com
O1 - Hosts: 61.152.241.124 www.7sese.qq38.com/21cn3.htm
O1 - Hosts: 61.152.241.124 7sese.qq38.com/21cn3.htm
O1 - Hosts: 61.152.241.124 www.tzshw.net
O1 - Hosts: 61.152.241.124 tzshw.net
O1 - Hosts: 61.152.241.124 www.1v6.com/movie/9735-1.htm
O1 - Hosts: 61.152.241.124 1v6.com/movie/9735-1.htm
O1 - Hosts: 61.152.241.124 www.zhao112.com/wz/s21cn.htm
O1 - Hosts: 61.152.241.124 zhao112.com/wz/s21cn.htm
O1 - Hosts: 61.152.241.124 www.dy699.com/movie1.htm
O1 - Hosts: 61.152.241.124 dy699.com/movie1.htm
O1 - Hosts: 61.152.241.124 www.33166.net/movie7.htm
O1 - Hosts: 61.152.241.124 33166.net/movie7.htm
O1 - Hosts: 61.152.241.124 www.lalaring.zj.com
O1 - Hosts: 61.152.241.124 lalaring.zj.com
O1 - Hosts: 61.152.241.124 www.268vod.blogdriver.com/268vod/index.html
O1 - Hosts: 61.152.241.124 268vod.blogdriver.com/268vod/index.html
O1 - Hosts: 61.152.241.124 www.500dy.com
O1 - Hosts: 61.152.241.124 500dy.com
O1 - Hosts: 61.152.241.124 www.31show.com
O1 - Hosts: 61.152.241.124 31show.com
O1 - Hosts: 61.152.241.124 www.2000qq.com/index.htm
O1 - Hosts: 61.152.241.124 2000qq.com/index.htm
O1 - Hosts: 61.152.241.124 www.tt516.com
O1 - Hosts: 61.152.241.124 tt516.com
O1 - Hosts: 61.152.241.124 www.q162.com/ads/
O1 - Hosts: 61.152.241.124 q162.com/ads/
O1 - Hosts: 61.152.241.124 www.dy5.com
O1 - Hosts: 61.152.241.124 dy5.com
O1 - Hosts: 61.152.241.124 www.cc500.com/
O1 - Hosts: 61.152.241.124 cc500.com/
O1 - Hosts: 61.152.241.124 www.265dy.com
O1 - Hosts: 61.152.241.124 265dy.com
O1 - Hosts: 61.152.241.124 www.2kok.com
O1 - Hosts: 61.152.241.124 2kok.com
O1 - Hosts: 61.152.241.124 www.99fx.net
O1 - Hosts: 61.152.241.124 99fx.net
O1 - Hosts: 61.152.241.124 www.v.2791.com
O1 - Hosts: 61.152.241.124 v.2791.com
O1 - Hosts: 61.152.241.124 www.movie2000.cn
O1 - Hosts: 61.152.241.124 movie2000.cn
O1 - Hosts: 61.152.241.124 www.smh6.com
O1 - Hosts: 61.152.241.124 smh6.com
O1 - Hosts: 61.152.241.124 www.ye78.com
O1 - Hosts: 61.152.241.124 ye78.com
O1 - Hosts: 61.152.241.124 www.sogo8.blogdriver.com/sogo8/index.html
O1 - Hosts: 61.152.241.124 sogo8.blogdriver.com/sogo8/index.html
O1 - Hosts: 61.152.241.124 www.36900.cn
O1 - Hosts: 61.152.241.124 36900.cn
O1 - Hosts: 61.152.241.124 www.dy502.com/movie21.asp
O1 - Hosts: 61.152.241.124 dy502.com/movie21.asp
O1 - Hosts: 61.152.241.124 www.dy07008.com
O1 - Hosts: 61.152.241.124 dy07008.com
O1 - Hosts: 61.152.241.124 www.dy8884.blogdriver.com
O1 - Hosts: 61.152.241.124 dy8884.blogdriver.com
O1 - Hosts: 61.152.241.124 www.89989.com
O1 - Hosts: 61.152.241.124 89989.com
O1 - Hosts: 61.152.241.124 www.pjbuy.com/00033
O1 - Hosts: 61.152.241.124 pjbuy.com/00033
O1 - Hosts: 61.152.241.124 www.3012.net/00848/00000.htm
O1 - Hosts: 61.152.241.124 3012.net/00848/00000.htm
O1 - Hosts: 61.152.241.124 www.30128.com
O1 - Hosts: 61.152.241.124 30128.com
O1 - Hosts: 61.152.241.124 www.f998.com
O1 - Hosts: 61.152.241.124 f998.com
O1 - Hosts: 61.152.241.124 www.zhangshan.2288.org/ads/reg.htm
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YDRAGS~1.DLL (file missing)
O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YPHTB.DLL (file missing)
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O2 - BHO: QuickBtn - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} - C:\PROGRAM FILES\COOLWEBSITE\QUICKLINK.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - 启动项HKLM\\Run: [internat.exe] internat.exe
O4 - 启动项HKLM\\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - 启动项HKLM\\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - 启动项HKLM\\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - 启动项HKLM\\Run: [SystemTray] SysTray.Exe
O4 - 启动项HKLM\\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - 启动项HKLM\\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - 启动项HKLM\\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [Update] C:\Program Files\Common Files\UPDATE\Update.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - 启动项HKLM\\RunServices: [SchedulingAgent] mstask.exe
O4 - 启动项HKLM\\RunServices: [RsCcenter] "C:\Program Files\Rising\Rav\CCenter.exe"
O4 - 启动项HKLM\\RunServices: [RavMond] "C:\Program Files\Rising\Rav\RavMond.exe"
O4 - 启动项HKLM\\RunServices: [RavMon] "C:\Program Files\Rising\Rav\RavMon.exe" -system
O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\PROGRAM FILES\FLASHGET\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\PROGRAM FILES\IPQQ2005\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\PROGRAM FILES\IPQQ2005\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\PROGRAM FILES\IPQQ2005\QQ\SendMMS.htm
O8 - IE右键菜单中的新增项目:  >> 彩信发送 << - res://C:\PROGRAM FILES\MMSASSIST\MMSASS~1.DLL/mms.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\PROGRAM FILES\IPQQ2005\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - IE右键菜单中的新增项目: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - IE右键菜单中的新增项目: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - IE右键菜单中的新增项目: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - IE右键菜单中的新增项目: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - IE右键菜单中的新增项目: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O9 - 浏览器额外的“工具”菜单项: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - 浏览器额外的按钮: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - 浏览器额外的按钮: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - 浏览器额外的“工具”菜单项: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - 浏览器额外的按钮: 实用网址导航 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\PROGRAM FILES\COOLWEBSITE\QUICKLINK.DLL
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 202.96.128.134,202.96.128.68,192.168.1.151


最后编辑2006-03-04 09:50:16
分享到:
gototop
 
束手无册啊
头像
初生襁褓狮
  • 帖子:5
  • 注册: 2006-02-21
  • 来自:
发表于: 2006-02-26 16:41 | 只看楼主 短消息 资料
字号: 2楼

各位大哥啊!给点主意吧
gototop
 
独孤豪侠
头像
横据古稀狮
  • 帖子:11896
  • 注册: 2005-08-10
  • 来自:花果山
发表于: 2006-02-26 16:46 | 短消息 资料
字号: 3楼

个人建议修复所有01项,
你的windows me的系统日志偶不太会看.
gototop
 
天天泡泡
头像
卡卡技术团队
  • 帖子:17486
  • 注册: 2004-01-21
  • 来自:安徽安庆
论坛8周年活动礼物卡卡名人堂
发表于: 2006-02-26 16:51 | 短消息 资料
字号: 4楼

修复O1
修复O4 - 启动项HKLM\\Run: [Update] C:\Program Files\Common Files\UPDATE\Update.exe
并删除对应文件
gototop
 
束手无册啊
头像
初生襁褓狮
  • 帖子:5
  • 注册: 2006-02-21
  • 来自:
发表于: 2006-03-04 09:50 | 只看楼主 短消息 资料
字号: 5楼

谢谢各位大虾,我改装win2000了
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT