瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】我该删除哪些啊?请教明白人!

1   1  /  1  页   跳转

【求助】我该删除哪些啊?请教明白人!

收藏
为我最毒
头像
快乐黄口狮
  • 帖子:179
  • 注册: 2005-04-20
  • 来自:
发表于: 2005-10-22 18:31 | 只看楼主 短消息 资料
字号: 1楼

【求助】我该删除哪些啊?请教明白人!

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      18:25:27, 日期 2005-10-22
操作系统:  Windows XP  (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 (6.00.2600.0000)

当前运行的进程:         
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\Program Files\Rising\Rfw\rfwsrv.exe
C:\WINDOWS.000\Explorer.EXE
C:\WINDOWS.000\system32\spoolsv.exe
C:\WINDOWS.000\SYSTEM32\ShellExt\svchs0t.exe
C:\WINDOWS.000\System32\ctfmon.exe
C:\Program Files\Rising\Rfw\RfwMain.exe
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
F:\myIE\Maxthon\Maxthon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
D:\下载文件\补丁\HijackThis1991汉化版\HijackThis1991zww.exe

F2 - REG:system.ini: Shell=
O1 - Hosts: 222.89.109.112 www.99bb.com
O1 - Hosts: 222.89.109.112 99bb.com
O1 - Hosts: 222.89.109.112 www.zdao.com
O1 - Hosts: 222.89.109.112 zdao.com
O1 - Hosts: 222.89.109.112 www.aisex.com
O1 - Hosts: 222.89.109.112 aisex.com
O1 - Hosts: 222.89.109.112 www.qq190.com
O1 - Hosts: 222.89.109.112 qq190.com
O1 - Hosts: 222.89.109.112 www.wanmm.com
O1 - Hosts: 222.89.109.112 wanmm.com
O1 - Hosts: 222.89.109.112 www.qq163.com
O1 - Hosts: 222.89.109.112 qq163.com
O1 - Hosts: 222.89.109.112 www.sex141.com
O1 - Hosts: 222.89.109.112 sex141.com
O1 - Hosts: 222.89.109.112 www.my990.com
O1 - Hosts: 222.89.109.112 my990.com
O1 - Hosts: 222.89.109.112 ad.my990.com
O1 - Hosts: 222.89.109.112 www.ttjj.com
O1 - Hosts: 222.89.109.112 ttjj.com
O1 - Hosts: 222.89.109.112 www.7t7t.com
O1 - Hosts: 222.89.109.112 7t7t.com
O1 - Hosts: 222.89.109.112 www.123987.com
O1 - Hosts: 222.89.109.112 www.123987.com/7sese/
O1 - Hosts: 222.89.109.112 www.oursm.com
O1 - Hosts: 222.89.109.112 oursm.com
O1 - Hosts: 222.89.109.112 www.palacemoon.com
O1 - Hosts: 222.89.109.112 palacemoon.com
O1 - Hosts: 222.89.109.112 18dy.com
O1 - Hosts: 222.89.109.112 www.18dy.com
O1 - Hosts: 222.89.109.112 49m.cn
O1 - Hosts: 222.89.109.112 www.49m.cn
O1 - Hosts: 222.89.109.112 123.xuanji8.com
O1 - Hosts: 222.89.109.112 ohkk.xuanji8.com
O1 - Hosts: 222.89.109.112 123.52lhc.com
O1 - Hosts: 222.89.109.112 7sese.com222.89.109.112 www.7sese.com
O1 - Hosts: 222.89.109.112 www.hao119.com
O1 - Hosts: 222.89.109.112 7sese.com
O1 - Hosts: 222.89.109.112 www.7sese.com
O1 - Hosts: 222.89.109.112 www.hao358.com
O1 - Hosts: 222.89.109.112 www.ee456.com
O1 - Hosts: 222.89.109.112 video.12san.com
O1 - Hosts: 222.89.109.112 www.eachz.com
O1 - Hosts: 222.89.109.112 www.avl.cn
O1 - Hosts: 222.89.109.112 avl.cn
O1 - Hosts: 222.89.109.112 www.98756.net
O1 - Hosts: 222.89.109.112 7sese.org
O1 - Hosts: 222.89.109.112 www.7sese.org
O1 - Hosts: 222.89.109.112 kanvcd.com
O1 - Hosts: 222.89.109.112 www.kanvcd.com
O1 - Hosts: 222.89.109.112 cn.movies.yahoo
O1 - Hosts: 222.89.109.112 www.zfvod.com
O1 - Hosts: 222.89.109.112 zfvod.com
O1 - Hosts: 222.89.109.112 media.netandtv.com
O1 - Hosts: 222.89.109.112 p2p.55660.com
O1 - Hosts: 222.89.109.112 media.netandtv.com
O1 - Hosts: 222.89.109.112 www.sol.sohu.com
O1 - Hosts: 222.89.109.112 www.sexhu.cn
O1 - Hosts: 222.89.109.112 sexhu.cn
O1 - Hosts: 222.89.109.112 www.blogchina.com
O1 - Hosts: 222.89.109.112 5blogchina.com
O1 - Hosts: 222.89.109.112 www.5806.net
O1 - Hosts: 222.89.109.112 zhao999.com
O1 - Hosts: 222.89.109.112 www.zhao999.com
O1 - Hosts: 222.89.109.112 movie.xmfdc.net
O1 - Hosts: 222.89.109.112 www.movie110.com
O1 - Hosts: 222.89.109.112 movie110.com
O1 - Hosts: 222.89.109.112 www.yesky.com
O1 - Hosts: 222.89.109.112 yesky.com
O1 - Hosts: 222.89.109.112 www.178ya.com
O1 - Hosts: 222.89.109.112 178ya.com
O1 - Hosts: 222.89.109.112 www.3668.cn
O1 - Hosts: 222.89.109.112 3668.cn
O1 - Hosts: 222.89.109.112 www.hao45.com
O1 - Hosts: 222.89.109.112 hao45.com
O1 - Hosts: 222.89.109.112 www.5sese.com
O1 - Hosts: 222.89.109.112 5sese.com
O1 - Hosts: 222.89.109.112 woyy.51.net
O1 - Hosts: 222.89.109.112 3668.cn
O1 - Hosts: 222.89.109.112 www.3668.cn
O1 - Hosts: 222.89.109.112 tu68.com
O1 - Hosts: 222.89.109.112 www.tu68.com
O1 - Hosts: 222.89.109.112 avxiu.com
O1 - Hosts: 222.89.109.112 www.avxiu.com
O1 - Hosts: 222.89.109.112 18dy.net
O1 - Hosts: 222.89.109.112 www.18dy.net
O1 - Hosts: 222.89.109.112 avxiu.com
O1 - Hosts: 222.89.109.112 www.avxiu.com
O1 - Hosts: 222.89.109.112 hk.18dy.com
O1 - Hosts: 222.89.109.112 dianying.gghggh.com
O1 - Hosts: 222.89.109.112 lady3.****net
O1 - Hosts: 222.89.109.112 kan56.zj.com
O1 - Hosts: 222.89.109.112 88848.net
O1 - Hosts: 222.89.109.112 www.88848.net
O1 - Hosts: 222.89.109.112 xonline.org
O1 - Hosts: 222.89.109.112 www.xonline.org
O1 - Hosts: 222.89.109.112 dy.nuoy.com
O1 - Hosts: 222.89.109.112 www.korea-av.com
O1 - Hosts: 222.89.109.112 korea-av.com
O1 - Hosts: 222.89.109.112 movie.bucuo.org
O1 - Hosts: 222.89.109.112 mv888.com
O1 - Hosts: 222.89.109.112 www.mv888.com
O2 - BHO: (no name) - {1272F701-349D-4DB3-BBCD-10CBDCD049FE} - (no file)
O2 - BHO: MEobjectSDT - {4136C3F6-7636-49bf-A122-D4DA53B1ADDF} - (no file)
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - (no file)
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\System32\msdxm.ocx
O3 - IE工具栏增项: (no name) - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - (no file)
O3 - IE工具栏增项: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINDOWS.000\WORLD2\TOOLBAR\hmtoolbar.dll
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [MSConfig] C:\WINDOWS.000\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - 启动项HKLM\\Run: [迅雷4] E:\迅雷\MediaIssue\TDUpdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.000\System32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - E:\迅雷\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - E:\迅雷\getAllurl.htm
O8 - IE右键菜单中的新增项目: 使用影音传送带下载 - E:\迅雷\StreamboxVcrSuite2\NetTransport 2\NTAddLink.html
O8 - IE右键菜单中的新增项目: 使用影音传送带下载全部链接 - E:\迅雷\StreamboxVcrSuite2\NetTransport 2\NTAddList.html
O10 - 未知的文件在 Winsock LSP: c:\windows.000\system32\wintcp.dll
O10 - 未知的文件在 Winsock LSP: c:\windows.000\system32\wintcp.dll
O10 - 未知的文件在 Winsock LSP: c:\windows.000\system32\wintcp.dll
O10 - 未知的文件在 Winsock LSP: c:\windows.000\system32\wintcp.dll
O10 - 未知的文件在 Winsock LSP: c:\windows.000\system32\wintcp.dll
O12 - IE插件,支持文件类型.pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Win32 Classes -
O17 - HKLM\System\CCS\Services\Tcpip\..\{472B0CF3-1E7C-4D6C-BCFA-8AD177147DB3}: NameServer = 202.102.152.3 202.102.128.68
O18 - 列举现有的协议: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - (no file)
O18 - 列举现有的协议: mbox - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS.000\SYSTEM32\igfxsrvc.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - NT 服务: Gray_Pigeon_Server2.0 (GrayPigeonServer2.0) - Unknown owner - C:\WINDOWS.000\G_Server2.0.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe

最后编辑2005-10-24 18:56:51
分享到:
gototop
 
haihong1210
头像
锋芒艾服狮
  • 帖子:87
  • 注册: 2001-03-19
  • 来自:
发表于: 2005-10-22 18:47 | 短消息 资料
字号: 2楼

修复以下项目:
C:\WINDOWS.000\SYSTEM32\ShellExt\svchs0t.exe
F2 - REG:system.ini: Shell=
O1 - Hosts: 222.89.109.112 www.99bb.com
O1 - Hosts: 222.89.109.112 99bb.com
O1 - Hosts: 222.89.109.112 www.zdao.com
O1 - Hosts: 222.89.109.112 zdao.com
O1 - Hosts: 222.89.109.112 www.aisex.com
O1 - Hosts: 222.89.109.112 aisex.com
O1 - Hosts: 222.89.109.112 www.qq190.com
O1 - Hosts: 222.89.109.112 qq190.com
O1 - Hosts: 222.89.109.112 www.wanmm.com
O1 - Hosts: 222.89.109.112 wanmm.com
O1 - Hosts: 222.89.109.112 www.qq163.com
O1 - Hosts: 222.89.109.112 qq163.com
O1 - Hosts: 222.89.109.112 www.sex141.com
O1 - Hosts: 222.89.109.112 sex141.com
O1 - Hosts: 222.89.109.112 www.my990.com
O1 - Hosts: 222.89.109.112 my990.com
O1 - Hosts: 222.89.109.112 ad.my990.com
O1 - Hosts: 222.89.109.112 www.ttjj.com
O1 - Hosts: 222.89.109.112 ttjj.com
O1 - Hosts: 222.89.109.112 www.7t7t.com
O1 - Hosts: 222.89.109.112 7t7t.com
O1 - Hosts: 222.89.109.112 www.123987.com
O1 - Hosts: 222.89.109.112 www.123987.com/7sese/
O1 - Hosts: 222.89.109.112 www.oursm.com
O1 - Hosts: 222.89.109.112 oursm.com
O1 - Hosts: 222.89.109.112 www.palacemoon.com
O1 - Hosts: 222.89.109.112 palacemoon.com
O1 - Hosts: 222.89.109.112 18dy.com
O1 - Hosts: 222.89.109.112 www.18dy.com
O1 - Hosts: 222.89.109.112 49m.cn
O1 - Hosts: 222.89.109.112 www.49m.cn
O1 - Hosts: 222.89.109.112 123.xuanji8.com
O1 - Hosts: 222.89.109.112 ohkk.xuanji8.com
O1 - Hosts: 222.89.109.112 123.52lhc.com
O1 - Hosts: 222.89.109.112 7sese.com222.89.109.112 www.7sese.com
O1 - Hosts: 222.89.109.112 www.hao119.com
O1 - Hosts: 222.89.109.112 7sese.com
O1 - Hosts: 222.89.109.112 www.7sese.com
O1 - Hosts: 222.89.109.112 www.hao358.com
O1 - Hosts: 222.89.109.112 www.ee456.com
O1 - Hosts: 222.89.109.112 video.12san.com
O1 - Hosts: 222.89.109.112 www.eachz.com
O1 - Hosts: 222.89.109.112 www.avl.cn
O1 - Hosts: 222.89.109.112 avl.cn
O1 - Hosts: 222.89.109.112 www.98756.net
O1 - Hosts: 222.89.109.112 7sese.org
O1 - Hosts: 222.89.109.112 www.7sese.org
O1 - Hosts: 222.89.109.112 kanvcd.com
O1 - Hosts: 222.89.109.112 www.kanvcd.com
O1 - Hosts: 222.89.109.112 cn.movies.yahoo
O1 - Hosts: 222.89.109.112 www.zfvod.com
O1 - Hosts: 222.89.109.112 zfvod.com
O1 - Hosts: 222.89.109.112 media.netandtv.com
O1 - Hosts: 222.89.109.112 p2p.55660.com
O1 - Hosts: 222.89.109.112 media.netandtv.com
O1 - Hosts: 222.89.109.112 www.sol.sohu.com
O1 - Hosts: 222.89.109.112 www.sexhu.cn
O1 - Hosts: 222.89.109.112 sexhu.cn
O1 - Hosts: 222.89.109.112 www.blogchina.com
O1 - Hosts: 222.89.109.112 5blogchina.com
O1 - Hosts: 222.89.109.112 www.5806.net
O1 - Hosts: 222.89.109.112 zhao999.com
O1 - Hosts: 222.89.109.112 www.zhao999.com
O1 - Hosts: 222.89.109.112 movie.xmfdc.net
O1 - Hosts: 222.89.109.112 www.movie110.com
O1 - Hosts: 222.89.109.112 movie110.com
O1 - Hosts: 222.89.109.112 www.yesky.com
O1 - Hosts: 222.89.109.112 yesky.com
O1 - Hosts: 222.89.109.112 www.178ya.com
O1 - Hosts: 222.89.109.112 178ya.com
O1 - Hosts: 222.89.109.112 www.3668.cn
O1 - Hosts: 222.89.109.112 3668.cn
O1 - Hosts: 222.89.109.112 www.hao45.com
O1 - Hosts: 222.89.109.112 hao45.com
O1 - Hosts: 222.89.109.112 www.5sese.com
O1 - Hosts: 222.89.109.112 5sese.com
O1 - Hosts: 222.89.109.112 woyy.51.net
O1 - Hosts: 222.89.109.112 3668.cn
O1 - Hosts: 222.89.109.112 www.3668.cn
O1 - Hosts: 222.89.109.112 tu68.com
O1 - Hosts: 222.89.109.112 www.tu68.com
O1 - Hosts: 222.89.109.112 avxiu.com
O1 - Hosts: 222.89.109.112 www.avxiu.com
O1 - Hosts: 222.89.109.112 18dy.net
O1 - Hosts: 222.89.109.112 www.18dy.net
O1 - Hosts: 222.89.109.112 avxiu.com
O1 - Hosts: 222.89.109.112 www.avxiu.com
O1 - Hosts: 222.89.109.112 hk.18dy.com
O1 - Hosts: 222.89.109.112 dianying.gghggh.com
O1 - Hosts: 222.89.109.112 lady3.****net
O1 - Hosts: 222.89.109.112 kan56.zj.com
O1 - Hosts: 222.89.109.112 88848.net
O1 - Hosts: 222.89.109.112 www.88848.net
O1 - Hosts: 222.89.109.112 xonline.org
O1 - Hosts: 222.89.109.112 www.xonline.org
O1 - Hosts: 222.89.109.112 dy.nuoy.com
O1 - Hosts: 222.89.109.112 www.korea-av.com
O1 - Hosts: 222.89.109.112 korea-av.com
O1 - Hosts: 222.89.109.112 movie.bucuo.org
O1 - Hosts: 222.89.109.112 mv888.com
O1 - Hosts: 222.89.109.112 www.mv888.com

这是什么服务?
O23 - NT 服务: Gray_Pigeon_Server2.0 (GrayPigeonServer2.0) - Unknown owner - C:\WINDOWS.000\G_Server2.0.exe不确认也可以修复。
gototop
 
飞跃迷离
头像
社区嘉宾
  • 帖子:7351
  • 注册: 2004-10-15
  • 来自:
发表于: 2005-10-22 19:21 | 短消息 资料
字号: 3楼

haihong1210 朋友已经指出可疑项目,另外几项也请修复

重新启动到安全模式(进入安全模式的方法:重新启动电脑, 开机自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。)

开始→控制面板→性能和维护→管理工具→服务→查找Gray_Pigeon_Server2.0→右击→属性→启动类型→禁止→应用→停止→确定。

先终止下面的进程(关闭所有窗口,同时按下CTRL+ALT+DELETE,在打开的窗口中选中要终止的进程,然后按下“结束任务”或者“结束进程”,最后关闭该窗口。
C:\WINDOWS.000\SYSTEM32\ShellExt\svchs0t.exe

请关闭所有IE界面,重新使用HijackThis扫描一次,选中下面建议修复的项目,让HijackThis修复,修复前请允许HijackThis保留备份。(如果楼主知道是安全的可以不必勾选)
F2 - REG:system.ini: Shell=
所有01项
O2 - BHO: (no name) - {1272F701-349D-4DB3-BBCD-10CBDCD049FE} - (no file)
O2 - BHO: MEobjectSDT - {4136C3F6-7636-49bf-A122-D4DA53B1ADDF} - (no file)
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - (no file)
O3 - IE工具栏增项: (no name) - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - (no file)
O3 - IE工具栏增项: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINDOWS.000\WORLD2\TOOLBAR\hmtoolbar.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O10 - 未知的文件在 Winsock LSP: c:\windows.000\system32\wintcp.dll
O18 - 列举现有的协议: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - (no file)
O18 - 列举现有的协议: mbox - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - (no file)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - NT 服务: Gray_Pigeon_Server2.0 (GrayPigeonServer2.0) - Unknown owner - C:\WINDOWS.000\G_Server2.0.exe

然后打开我的电脑→再点工具→打开文件夹选项→查看→把隐藏受保护的系统文件(推荐)和隐藏已知文件类型的扩展名的勾去掉→再显示所有文件→找到以下文件并删除:(如果有的话)
C:\WINDOWS.000\G_Server2.0.exe
C:\WINDOWS.000\G_Server2.0.dll
C:\WINDOWS.000\G_Server2.0_hook.dll
C:\WINDOWS.000\G_Server2.0key.dll
C:\WINDOWS.000\SYSTEM32\ShellExt\svchs0t.exe
删除文件夹C:\WINDOWS.000\WORLD2

关于
O10 - 未知的文件在 Winsock LSP: c:\windows.000\system32\wintcp.dll
请到本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
下载LSPFix这个软件来修复
gototop
 
为我最毒
头像
快乐黄口狮
  • 帖子:179
  • 注册: 2005-04-20
  • 来自:
发表于: 2005-10-24 18:42 | 只看楼主 短消息 资料
字号: 4楼

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      18:40:32, 日期 2005-10-24
操作系统:  Windows XP  (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 (6.00.2600.0000)

当前运行的进程:         
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\Program Files\Rising\Rfw\rfwsrv.exe
C:\WINDOWS.000\system32\spoolsv.exe
C:\WINDOWS.000\Explorer.EXE
C:\Program Files\Rising\Rfw\RfwMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\WINDOWS.000\SOUNDMAN.EXE
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINDOWS.000\System32\RUNDLL32.exe
C:\WINDOWS.000\System32\MsPMSPSv.exe
C:\WINDOWS.000\System32\ctfmon.exe
F:\myIE\Maxthon\Maxthon.exe
C:\WINDOWS.000\System32\svchost.exe
D:\下载文件\补丁\HijackThis1991汉化版\HijackThis1991zww.exe

O2 - BHO: (no name) - {1272F701-349D-4DB3-BBCD-10CBDCD049FE} - (no file)
O2 - BHO: MEobjectSDT - {4136C3F6-7636-49bf-A122-D4DA53B1ADDF} - (no file)
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - (no file)
O3 - IE工具栏增项: (no name) - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - (no file)
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [SystemTray] SysTray.Exe
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [RfwMain] C:\Program Files\Rising\Rfw\rfwmain.exe
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS.000\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS.000\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [internat.exe] internat.exe
O4 - 启动项HKLM\\Run: [迅雷4] E:\迅雷\MediaIssue\TDUpdate.exe
O4 - 启动项HKLM\\Run: [advapi32] RUNDLL32 C:\WINDOWS.000\Downlo~1\_IS_ISC.dll,isc
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.000\System32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - E:\迅雷\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - E:\迅雷\getAllurl.htm
O8 - IE右键菜单中的新增项目: 使用影音传送带下载 - E:\迅雷\StreamboxVcrSuite2\NetTransport 2\NTAddLink.html
O8 - IE右键菜单中的新增项目: 使用影音传送带下载全部链接 - E:\迅雷\StreamboxVcrSuite2\NetTransport 2\NTAddList.html
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - E:\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - E:\QQ\SendMMS.htm
O10 - 未知的文件在 Winsock LSP: c:\windows.000\system32\wintcp.dll
O10 - 未知的文件在 Winsock LSP: c:\windows.000\system32\wintcp.dll
O10 - 未知的文件在 Winsock LSP: c:\windows.000\system32\wintcp.dll
O10 - 未知的文件在 Winsock LSP: c:\windows.000\system32\wintcp.dll
O10 - 未知的文件在 Winsock LSP: c:\windows.000\system32\wintcp.dll
O12 - IE插件,支持文件类型.pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Win32 Classes -
O17 - HKLM\System\CCS\Services\Tcpip\..\{472B0CF3-1E7C-4D6C-BCFA-8AD177147DB3}: NameServer = 202.102.152.3 202.102.128.68
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - NT 服务: ewido security suite control - Unknown owner - F:\传奇霸主3最新破解版\security suite\ewidoctrl.exe (file missing)
O23 - NT 服务: ewido security suite guard - Unknown owner - F:\传奇霸主3最新破解版\security suite\ewidoguard.exe (file missing)
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe





那么这些我有可以删除的吗?其中那个RUNDLL32是删除不了
gototop
 
飞跃迷离
头像
社区嘉宾
  • 帖子:7351
  • 注册: 2004-10-15
  • 来自:
发表于: 2005-10-24 18:56 | 短消息 资料
字号: 5楼

重新启动到安全模式(进入安全模式的方法:重新启动电脑, 开机自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。)

请关闭所有IE界面,重新使用HijackThis扫描一次,选中下面建议修复的项目,让HijackThis修复,修复前请允许HijackThis保留备份。(如果楼主知道是安全的可以不必勾选)
O2 - BHO: (no name) - {1272F701-349D-4DB3-BBCD-10CBDCD049FE} - (no file)
O2 - BHO: MEobjectSDT - {4136C3F6-7636-49bf-A122-D4DA53B1ADDF} - (no file)
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - (no file)
O3 - IE工具栏增项: (no name) - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)


关于O10 - 未知的文件在 Winsock LSP: c:\windows.000\system32\wintcp.dll
请到本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
下载LSPFix这个软件来修复

请关闭所有IE界面和文件夹界面后运行LSPFix,运行后,把wintcp.dll项从左边转到右边,点“Finish”即可。(不过这之前,需要在“I know what I`m doing”前面打勾。)

千万注意,以上操作可能造成无法上网,必要时请删除现有网络连接、重新添加TCP/IP协议后重新建立连接

O4 - 启动项HKLM\\Run: [advapi32] RUNDLL32 C:\WINDOWS.000\Downlo~1\_IS_ISC.dll,isc
请参考:
【推荐】日志项中有_IS_ISC.dll的朋友来看看(反chaxun.com劫持)
http://forum.ikaka.com/topic.asp?board=67&artid=6909890
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT