这些天隔三差五就“被迫”倒计时重启～～而且它发作的时间非常没有规律，有时开机3分钟就发作，有时却在几小时后才出来捣乱

偶第一反应是中了蠕虫，马上下了Zotob的专杀，可结果啥米毒都没找到

可还是重启啊！！救命ing～～请各位大虾帮帮偶8～～拜谢拜谢

偶把日志复制好啦，可一点都看不懂＝＝
请教各位大虾啦～拜谢拜谢！！！


Logfile of HijackThis v1.99.1
Scan saved at 0:12:02, on 2005-9-20
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\Explorer.EXE
d:\program files\rising\rfw\RfwMain.exe
D:\WINNT\system32\rundll32.exe
D:\Program Files\rising\Rav\RavTimer.exe
D:\Program Files\rising\Rav\RavMon.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINNT\system32\ctfmon.exe
D:\WINNT\system32\conime.exe
D:\WINNT\system32\Rundll32.exe
C:\Downloads\software\HijackThis.exe

R3 - URLSearchHook: BDSrchHook Class - {2C5AA40E-8814-4EB6-876E-7EFB8B3F9662} - D:\WINNT\DOWNLO~1\BDSrHook.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - D:\PROGRA~1\3721\Assist\asbar.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - D:\WINNT\downlo~1\CnsHook.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\zh-cn\msntb.dll
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - D:\PROGRA~1\3721\Assist\asbar.dll
O4 - HKLM\..\Run: [helper.dll] D:\WINNT\system32\rundll32.exe D:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [RavTimer] D:\Program Files\rising\Rav\RavTimer.exe
O4 - HKLM\..\Run: [RavMon] D:\Program Files\rising\Rav\RavMon.exe -system
O4 - HKLM\..\Run: [rfw] D:\Program Files\rising\Rfw\Rfw.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Super Rabbit SRRestore] C:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave
O4 - HKLM\..\Run: [RfwMain] "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\RunServices: [Wins Ndis System] xpfidexz.exe
O4 - HKLM\..\RunOnce: [RavStub] "D:\PROGRAM FILES\RISING\RAV\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 下载编码内容(&D.S.Lite) - C:\Downloads\software\DSLite2\dl_text.html
O8 - Extra context menu item: 下载编码文件内容(&D.S.Lite) - C:\Downloads\software\DSLite2\dl_url.html
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra 'Tools' menuitem: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra 'Tools' menuitem: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://rd.3721.com/taobao.rd?http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/buy1.php (file missing)
O9 - Extra 'Tools' menuitem: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://rd.3721.com/taobao.rd?http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/buy1.php (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra button: 雅虎邮箱通 - {D1B76CE4-CCCA-4B22-9ECB-09F85C140904} - yminimsgr:ClickIEBT (file missing)
O9 - Extra 'Tools' menuitem: 雅虎邮箱通 - {D1B76CE4-CCCA-4B22-9ECB-09F85C140904} - yminimsgr:ClickIEBT (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra 'Tools' menuitem: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Downloads\software\DSLite2\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Downloads\software\DSLite2\DSLite.exe
O9 - Extra button: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FFBB5F9-E0B8-45C4-9736-D318753C0F69}: Domain = bnu.edu.cn
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FFBB5F9-E0B8-45C4-9736-D318753C0F69}: NameServer = 202.112.80.106
O20 - Winlogon Notify: NavLogon - D:\WINNT\System32\NavLogon.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: Microsoft    NetWork  FireWall  Services - Unknown owner - Net_Services.exe (file missing)
O23 - Service: Microsoft NetWork FireWall Services - Unknown owner - NetServices.exe (file missing)
O23 - Service: NetMeeting  Remote  Desktop  (RPC)  Sharing - Unknown owner - Rundll32.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Unknown owner - D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (file missing)
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: Windows  Management  Service - Unknown owner - llssrver.exe (file missing)

是啊，以前安装了一次诺顿，后来想删除，可一直都不能彻底>0<

是这个原因吗？？？那有没有中毒啊，该如何解决？？这几天都要抓狂啦

因为没办法查毒杀毒，偶只能先把445和139端口给禁止了·～
这是刚才报警的信息，是不是说由于别人中了毒的电脑和偶的连上，才会造成重启呢？？

至于大人说到的修复文件～汗哦，原文件早没了，怎么修复啊？？
不会用修复工具哦，可以请大人介绍一下吗？？

引用:

【子阳的贴子】一般联网计算机都会受到来自网络的各种攻击，防火墙已经将相关的攻击拦截下来了，并给予相关提示，所以不用担心计算机被侵入。 你先关闭诺顿只开瑞星试试?(其他的先不修复) ...........................

自从砍了诺顿一次后，偶现在只用瑞星了
可能是注册表那里的残余数据吧？？！！偶平时一般都不敢贸然修改里面的数据～～不知道该如何关闭啊

子阳大啊～～那偶的小电现在有没有中招啊，日志上能看出来吗？？

超级感谢你这么热心帮偶啊～万分感激！！！！！！

引用:

【真命小虫的贴子】请问楼主被迫“重启”有没有倒计时？ 杀软有没有提示病毒？ ...........................

是倒计时那种～～而且从防火墙拦截的攻击端口，不是139，就是445
和Zotob的症状很相像


偶用的是瑞星提供的专杀，可结果啥米都没有查出来！！！

引用:

【jijip的贴子】修复 O4 - HKLM\..\RunServices: [Wins Ndis System] xpfidexz.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present 安全模式下 运行--regedit--HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\runservices下删除Wins Ndis System这个键值 查找并删除xpfidexz.exe（用windows搜索功能） 清空临时文件夹 打冲击波震荡波和微软MS05-039补丁 ...........................

感谢感谢哈～～！！！

那偶目前的情况应该不算太严重吧～

引用:

【真命小虫的贴子】请楼主提供倒计时贴图 ...........................

当时一片混乱，忘了>0<～～
现在可不想再来一次～～

图片的话，和瑞星发布的Zotob病毒发作的倒计时是一摸一样的～～因为偶现在用的就是Win2000系统～