是不是流氓软件阿,爱蹦新网页,广告得!
Logfile of HijackThis v1.99.1
Scan saved at 22:57:57, on 2006-12-1
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\应用程序\网络工具\Thunder\Program\Thunder5.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\jj4\jjsvr4.exe
D:\应用程序\杀毒防黑\HijackThis.exe
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\应用程序\网络工具\Thunder\ComDlls\XunLeiBHO_002.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [ioloDelayModule] D:\应用程序\系统工具及补丁\iolo\System Mechanic 6.0s\delay.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 使用迅雷下载 - D:\应用程序\网络工具\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - D:\应用程序\网络工具\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - D:\应用程序\网络工具\BitSpirit\bsurl.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A7A4B91-F247-4FA2-AC55-F4A673CECC45}: NameServer = 202.99.160.68 202.99.166.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A7A4B91-F247-4FA2-AC55-F4A673CECC45}: NameServer = 202.99.160.68 202.99.166.4
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
其中O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)删不掉阿,之前发现过svchost.exe得进程好不容易弄掉了,然后又有windows下得\m\ie.exe文件,老是删不掉,从注册表里删除后发现又有这个东西,请问还有问题吗,倒是不总蹦广告网页了,就是默认搜索页好像被改调了,不知道是不是木马一类得东西阿,原来差得好像有五毒虫变种,但是专杀后没有发现,现在还有类似进程,请高手指教!!!
