我是来自山东网通的,用ADSL上网,最近用netstat -an检查发现异常情况:有两个IP,一个是218.59.82.60(这是本机的IP,每次启动都会变化)另一个是169.254.225.181(不明IP,此IP不随电脑的启动变化)我将此不明IP在瑞星防火墙里设为禁止与外间通讯,结果发现此IP在电脑启动后总是自动且不停的与IP169.254.255.255的地址进行连接。同时发现IE浏览器经常报错,用3721修复也无济于事,更可恶的是电脑在运行一段时间后(大约1小时左右)就自动重起或是死机。用正版瑞星也查不出来!呜呜呜。。。现在把用hijackthis扫描的日志发上来,请闪电风暴和其他高手给看看,帮忙给个解决方案!千万不要建议重装系统啊!先谢谢啦!
Logfile of HijackThis v1.99.1
Scan saved at 14:21:04, on 2006-7-23
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
e:\program files\rising\rfw\rfwsrv.exe
E:\WINNT\system32\svchost.exe
E:\Program Files\Rising\Rav\CCenter.exe
E:\Program Files\Rising\Rav\Ravmond.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\system32\drivers\CDAC11BA.EXE
E:\Program Files\cFosSpeed\spd.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\nvsvc32.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\svchost.exe
E:\Program Files\Rising\Rav\RavStub.exe
E:\Program Files\Real\RealPlayer\RealPlay.exe
E:\WINNT\Explorer.EXE
e:\program files\rising\rfw\RfwMain.exe
E:\Program Files\Rising\Rav\RavTask.exe
E:\Program Files\cFosSpeed\cFosSpeed.exe
E:\Program Files\Rising\Rav\Ravmon.exe
E:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\WINNT\system32\internat.exe
E:\Program Files\Rising\Rav\Rav.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\Vision\桌面\HijackThis.exe
R3 - Default URLSearchHook is missing
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - E:\WINNT\system32\xunleibho_v13.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - E:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\Program Files\Thunder Network\Thunder\ComDlls\XUNLEIBHO_002.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - E:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - E:\WINNT\system32\KakaTool.dll
O4 - HKLM\..\Run: [RfwMain] "E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "E:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [cFosSpeed] E:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Global Startup: DuDu下载加速器.lnk = E:\Program Files\DuDu\DddClient\DuDuAcc.exe
O8 - Extra context menu item: &使用迅雷下载 - E:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - E:\Program Files\KuGoo3\KuGoo3DownX.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\QQ\QQ.EXE
O10 - Broken Internet access because of LSP provider 'w2pxdrv.dll' missing
O15 - Trusted Zone: http://www.time.ac.cn
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143465843828
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B106BF12-A48A-4445-BDDE-DD9243986BEB}: NameServer = 202.102.128.68 202.102.134.68
O23 - Service: C-DillaCdaC11BA - Macrovision - E:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - E:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINNT\system32\nvsvc32.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - e:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - e:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - E:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\Program Files\Rising\Rav\Ravmond.exe
