1   1  /  1  页   跳转

我是新手,请高手帮忙

我是新手,请高手帮忙

用HijackThis扫描如下:
Logfile of HijackThis v1.99.0
Scan saved at 21:21:21, on 2005-9-3
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\KAV2005\KWatch.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\hkcmd.exe
D:\KAV2005\KPfwSvc.EXE
D:\WINDOWS\system32\slserv.exe
D:\KAV2005\KAVStart.exe
D:\Program Files\CNNIC\Cdn\cdnup.exe
D:\WINDOWS\System32\BCUP.exe
D:\PROGRA~1\3721\assistse.exe
D:\WINDOWS\System32\ctfmon.exe
D:\KAV2005\KMailMon.EXE
D:\WINDOWS\System32\conime.exe
E:\qq\TIMPlatform.exe
D:\Program Files\Winamp\Winamp.exe
E:\qq\QQ.exe
E:\qq\89604822\MyRecvFiles\HijackThis\HijackThis.exe

R3 - URLSearchHook: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - D:\Program Files\3721\Assist\asbar.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - D:\WINDOWS\System32\xunleibho_v4.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - D:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - D:\Program Files\3721\Assist\Angling.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\qq\QQIEHelper.dll
O2 - BHO: 3721中文邮 - {6231D512-E4A4-4DF2-BE62-5B8F0EE348EF} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - D:\Program Files\3721\Assist\asbar.dll
O2 - BHO: (no name) - {BBBD6117-22DC-4500-9E43-71E2620F20C1} - D:\WINDOWS\DOWNLO~1\IEUBTM~1.DLL
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O2 - BHO: IEHlprObj Class - {EE7C3CF0-4B15-11D1-ABED-709549C10000} - D:\PROGRA~1\INTERN~1\IEDETE~1.DLL
O3 - Toolbar: 博采 - {4DA2EE61-6399-4C39-AEB9-0D990E610D29} - D:\WINDOWS\System32\BoCaiToolbar.dll
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - D:\Program Files\3721\Assist\asbar.dll
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [RavTimer] C:\Program Files\rising\rav\RavTimer.exe
O4 - HKLM\..\Run: [KavStart] "D:\KAV2005\KAVStart.exe" -startup
O4 - HKLM\..\Run: [CdnCtr] D:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [BCUpdate] D:\WINDOWS\System32\BCUP.exe
O4 - HKLM\..\Run: [ADShow] D:\WINDOWS\System32\bcsysnote.ex
O4 - HKLM\..\Run: [renewup] D:\Program Files\CNNIC\Cdn\cdnrenew.exe
O4 - HKLM\..\Run: [assistse] "D:\PROGRA~1\3721\assistse.exe"
O4 - HKLM\..\Run: [Super Rabbit IEPro] D:\Program Files\Super Rabbit\IEPro\iepro.exe /load
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\qq\SendMMS.htm
O9 - Extra button: 商机直通车 - {13b0c05c-ef05-4bf6-b0ea-f6111af25544} - d:\windows\system32\alitb\__new\bar.dll
O9 - Extra button: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - D:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - D:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\cdnns.dll
O11 - Options group: [!CNS]  网络实名
O11 - Options group: [CDNCLIENT]  中文上网
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E95EC63-6571-46C3-91EF-23714279842E}: NameServer = 202.101.98.54,202.101.98.55
O23 - Service: Kingsoft Personal Firewall Service - Kingsoft Corporation - D:\KAV2005\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service - Kingsoft Corporation - D:\KAV2005\KWatch.EXE
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: www.jiaozhu.net - Unknown - D:\WINDOWS\System32\SVCH0ST.EXE (file missing)


机子一开网页,就会出现六合彩网页,而且是盖在自己开的其他网页上面,有的时候连不开网页,那六合彩网页也会跳出来
有两个垃圾网站最近经常跳出来
http://tm286.com/
http://www.99244.com/
请大家帮个忙,谢谢
最后编辑2005-09-03 22:48:18
分享到:
gototop
 

修复以下项D:\WINDOWS\System32\hkcmd.exe
D:\WINDOWS\System32\BCUP.exe
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: (no name) - {BBBD6117-22DC-4500-9E43-71E2620F20C1} - D:\WINDOWS\DOWNLO~1\IEUBTM~1.DLL
O4 - HKLM\..\Run: [BCUpdate] D:\WINDOWS\System32\BCUP.exe
O4 - HKLM\..\Run: [ADShow] D:\WINDOWS\System32\bcsysnote.ex

O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O2 - BHO: IEHlprObj Class - {EE7C3CF0-4B15-11D1-ABED-709549C10000} - D:\PROGRA~1\INTERN~1\IEDETE~1.DLL
O3 - Toolbar: 博采 - {4DA2EE61-6399-4C39-AEB9-0D990E610D29} - D:\WINDOWS\System32\BoCaiToolbar.dll
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe

O10 - Unknown file in Winsock LSP: d:\windows\system32\cdnns.dll

O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: www.jiaozhu.net - Unknown - D:\WINDOWS\System32\SVCH0ST.EXE (file missing)
另外看看反病毒论坛置顶贴的灰鸽子手工方法
gototop
 

恩,谢谢,我试试
对了,我想问下,系统盘下的HOSTS文件名怪怪的,一般文件名是HOSTS,可我的机子下是LMHOST,是什么原因?
gototop
 

【回复“lyven22”的帖子】
老大。。。你真厉害,,3721,上网助手,。。。你全安装啦,,
我这里有个注册表查询工具,相当不错。。
你要是无法清楚干净,你在对我说,我传送给你。
哦,,对了,,,你再仔细看看,你电脑里也许还有3721。。安装的一个自动安装程序,一定有的,,你仔细找找,,,
佩服,,佩服,,,我对你的佩服犹如滔滔江水,,,,
你慢慢删除吧。。。呵呵。。。
gototop
 

您说的是HOSTS文件而不是lmhosts文件

开始--运行--notepad %SystemRoot%\system32\drivers\etc\hosts

看看能否打开,HOSTS文件不是系统必须的,有些电脑中可能没有这个文件。
gototop
 
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT