1   1  /  1  页   跳转

求助啊

收藏
phoenixiori
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2005-07-09
  • 来自:
发表于: 2007-04-14 22:27 | 显示全部 短消息 资料
字号: 1楼

求助啊

前两天中毒了,杀了半天杀不了,然后重装了系统,格式化了C盘,没想到现在又出来啊,晕啊。
症状是在system32下产生大量的1176xxxxxx.exe这样的文件,而且在Prefetch里面也有很多11765738892.EXE-31E2453B.pf这样的文件,怎么搞啊......


Logfile of HijackThis v1.99.1
Scan saved at 22:14:09, on 2007-4-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
G:\National Instruments\MAX\nimxs.exe
G:\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
G:\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Adobe\Acrobat 7.0\Distillr\acrotray.exe
G:\QQ2006\QQ.exe
G:\Foxmail\Foxmail.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
G:\National Instruments\LabVIEW 8.0\LabVIEW.exe
G:\MATLAB\R2006b\bin\win32\MATLAB.exe
C:\Program Files\Maxthon\Maxthon.exe
F:\software\fterm-memory2\fterm\FTERM.exe
G:\Microsoft Office\Office10\WINWORD.EXE
G:\Kingsoft\PowerWord 2006\XDict.exe
G:\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\Documents and Settings\phoenixkyo\桌面\hijackthis\HijackThis.exe

O1 - Hosts: 219.129.239.223 www.npjxjy.com
O1 - Hosts: 219.129.239.223 quxiuu.com
O1 - Hosts: 219.129.239.223 www.23b.cn
O1 - Hosts: 219.129.239.223 www.baidulink.com
O1 - Hosts: 219.129.239.223 www.ookkw.com
O1 - Hosts: 219.129.239.223 www.97725.com
O1 - Hosts: 219.129.239.223 www.54699.com
O1 - Hosts: 219.129.239.223 www.wu7x.cn
O1 - Hosts: 219.129.239.223 d.qbbd.com
O1 - Hosts: 219.129.239.223 w.qbbd.com
O1 - Hosts: 219.129.239.223 web.77276.com
O1 - Hosts: 219.129.239.223 www.77276.com
O1 - Hosts: 219.129.239.223 www.npjxjy.com
O1 - Hosts: 219.129.239.223 www.baidulink.com
O1 - Hosts: 219.129.239.223 www.ookkw.com
O1 - Hosts: 219.129.239.223 www.wu7x.cn
O1 - Hosts: 219.129.239.223 www.wwwlm.net
O1 - Hosts: 219.129.239.223 dm1.yiall.com
O1 - Hosts: 219.129.239.223 www.my6688.cn
O1 - Hosts: 219.129.239.223 www.union123.com
O1 - Hosts: 219.129.239.223 www.ktan.cn
O1 - Hosts: 219.129.239.223 www.2t2t.cn
O1 - Hosts: 219.129.239.223 www.cq530.com
O1 - Hosts: 219.129.239.223 www.365tc.com
O1 - Hosts: 219.129.239.223 ad.qucha.net
O1 - Hosts: 219.129.239.223 www.tan8.cn
O1 - Hosts: 219.129.239.223 www.itjj.net
O1 - Hosts: 219.129.239.223 www.start188.com
O1 - Hosts: 219.129.239.223 www.at58.cn
O1 - Hosts: 219.129.239.223 union.yxad.com
O1 - Hosts: 219.129.239.223 www.iptan.com
O1 - Hosts: 219.129.239.223 www.ip2008.net
O1 - Hosts: 219.129.239.223 www.yqif.com
O1 - Hosts: 219.129.239.223 www.2t2t.cn
O1 - Hosts: 219.129.239.223 www.688ip.com
O1 - Hosts: 219.129.239.223 www.17tc.com
O1 - Hosts: 219.129.239.223 www1.6tan.com
O1 - Hosts: 219.129.239.223 www2.6tan.com
O1 - Hosts: 219.129.239.223 www.6tan.com
O1 - Hosts: 219.129.239.223 www.163se.net
O1 - Hosts: 219.129.239.223 www.168080.com
O1 - Hosts: 219.129.239.223 www.baidu8.org
O1 - Hosts: 219.129.239.223 www.qqwei.com
O1 - Hosts: 219.129.239.223 10.166.cn
O1 - Hosts: 219.129.239.223 9.166.cn
O1 - Hosts: 219.129.239.223 8.166.cn
O1 - Hosts: 219.129.239.223 7.166.cn
O1 - Hosts: 219.129.239.223 6.166.cn
O1 - Hosts: 219.129.239.223 5.166.cn
O1 - Hosts: 219.129.239.223 4.166.cn
O1 - Hosts: 219.129.239.223 3.166.cn
O1 - Hosts: 219.129.239.223 2.166.cn
O1 - Hosts: 219.129.239.223 1.166.cn
O1 - Hosts: 219.129.239.223 0.166.cn
O1 - Hosts: 219.129.239.223 pro.89178.com
O1 - Hosts: 219.129.239.223 www.89178.com
O1 - Hosts: 219.129.239.223 666.89178.com
O1 - Hosts: 219.129.239.223 888.89178.com
O1 - Hosts: 219.129.239.223 999.89178.com
O1 - Hosts: 219.129.239.223 net888.89178.com
O1 - Hosts: 219.129.239.223 net888.89178.com
O1 - Hosts: 219.129.239.223 89178.com
O1 - Hosts: 219.129.239.223 www.166.cn
O1 - Hosts: 219.129.239.223 www.so1.cn
O1 - Hosts: 219.129.239.223 new.jixie123.cn
O1 - Hosts: 219.129.239.223 www.x.com.cn
O1 - Hosts: 219.129.239.223 qz.magforum.net
O1 - Hosts: 219.129.239.223 cnnew.zcom.com
O1 - Hosts: 219.129.239.223 flash.btbbt.com
O1 - Hosts: 219.129.239.223 www.joyo.com
O1 - Hosts: 219.129.239.223 www.nze21.com
O1 - Hosts: 219.129.239.223 www.437799.com
O1 - Hosts: 219.129.239.223 www.168080.com
O1 - Hosts: 219.129.239.223 new2.jixie123.cn
O1 - Hosts: 219.129.239.223 info.souvv.cn
O1 - Hosts: 219.129.239.223 www.18dmm.com
O1 - Hosts: 219.129.239.223 www.souxse.cn
O1 - Hosts: 219.129.239.223 x.vvcyin.com
O1 - Hosts: 219.129.239.223 dm1.yiall.com
O1 - Hosts: 219.129.239.223 www.168080.com
O1 - Hosts: 219.129.239.223 www.nze21.com
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Sodui Search - {35EC0410-555E-4402-B372-D9A6E0BF6795} - C:\WINDOWS\system32\winuvn39.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MyFavor Web - {F7F49040-389C-4f1f-A825-06D5328EAE59} - C:\WINDOWS\system32\MyFavor.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SetRoute] C:\Program Files\L2TPHelp\setroute.exe
O4 - HKLM\..\Run: [niDevMon] G:\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "G:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "g:\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [winform] C:\WINDOWS\winform.exe
O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
O4 - HKLM\..\Run: [shuailai] C:\WINDOWS\shuailai.exe /i
O4 - HKLM\..\Run: [jbcs] C:\WINDOWS\jbcs.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [upxmdnd] C:\DOCUME~1\PHOENI~1\LOCALS~1\Temp\upxmdnd.exe
O4 - HKLM\..\Run: [shualai] C:\WINDOWS\shualai.exe /i
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [tt59] C:\DOCUME~1\PHOENI~1\LOCALS~1\Temp\c0nime.exe
O4 - Startup: 腾讯QQ.lnk = G:\QQ2006\QQ.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?SystemRoot%\Installer\{AC76BA86-2052-0000-7760-100000000002}\SC_Acrobat.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: 上传到QQ网络硬盘 - G:\QQ2006\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://G:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - G:\QQ2006\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - G:\QQ2006\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - G:\QQ2006\SendMMS.htm
O8 - Extra context menu item: 转换为 Adobe PDF - res://G:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换为现有 PDF - res://G:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换选定的链接为 Adobe PDF - res://G:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 转换选定的链接为现有 PDF - res://G:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 转换选项为 Adobe PDF - res://G:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换选项为现有 PDF - res://G:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换链接目标为 Adobe PDF - res://G:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换链接目标为现有 PDF - res://G:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - g:\QQ2006\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - g:\QQ2006\QQ.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: 财富通 - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\Program Files\财富通\fcai.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.9991.com/?index.htm
O15 - Trusted Zone: http://www.icbc.com.cn
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF04D2EA-3E3E-4CFE-864A-052E265F32D1}: NameServer = 10.10.0.21
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MicroQC - C:\WINDOWS\SYSTEM32\ss.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\AVG Anti-Spyware\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - G:\National Instruments\MAX\nimxs.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - G:\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - G:\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - G:\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

最后编辑2007-04-14 23:30:13
分享到:
gototop
 
phoenixiori
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2005-07-09
  • 来自:
发表于: 2007-04-14 23:05 | 显示全部 短消息 资料
字号: 2楼

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG Anti-Spyware\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
G:\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
G:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
G:\National Instruments\MAX\nimxs.exe
G:\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
G:\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Maxthon\Maxthon.exe
G:\Adobe\Acrobat 7.0\Acrobat\AcrobatInfo.exe
E:\lingshi\hijackthis\HijackThis.exe

R3 - URLSearchHook: e702 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4d3antos.dll
O1 - Hosts: 219.129.239.223 www.npjxjy.com
O1 - Hosts: 219.129.239.223 quxiuu.com
O1 - Hosts: 219.129.239.223 www.23b.cn
O1 - Hosts: 219.129.239.223 www.baidulink.com
O1 - Hosts: 219.129.239.223 www.ookkw.com
O1 - Hosts: 219.129.239.223 www.97725.com
O1 - Hosts: 219.129.239.223 www.54699.com
O1 - Hosts: 219.129.239.223 www.wu7x.cn
O1 - Hosts: 219.129.239.223 d.qbbd.com
O1 - Hosts: 219.129.239.223 w.qbbd.com
O1 - Hosts: 219.129.239.223 web.77276.com
O1 - Hosts: 219.129.239.223 www.77276.com
O1 - Hosts: 219.129.239.223 www.npjxjy.com
O1 - Hosts: 219.129.239.223 www.baidulink.com
O1 - Hosts: 219.129.239.223 www.ookkw.com
O1 - Hosts: 219.129.239.223 www.wu7x.cn
O1 - Hosts: 219.129.239.223 www.wwwlm.net
O1 - Hosts: 219.129.239.223 dm1.yiall.com
O1 - Hosts: 219.129.239.223 www.my6688.cn
O1 - Hosts: 219.129.239.223 www.union123.com
O1 - Hosts: 219.129.239.223 www.ktan.cn
O1 - Hosts: 219.129.239.223 www.2t2t.cn
O1 - Hosts: 219.129.239.223 www.cq530.com
O1 - Hosts: 219.129.239.223 www.365tc.com
O1 - Hosts: 219.129.239.223 ad.qucha.net
O1 - Hosts: 219.129.239.223 www.tan8.cn
O1 - Hosts: 219.129.239.223 www.itjj.net
O1 - Hosts: 219.129.239.223 www.start188.com
O1 - Hosts: 219.129.239.223 www.at58.cn
O1 - Hosts: 219.129.239.223 union.yxad.com
O1 - Hosts: 219.129.239.223 www.iptan.com
O1 - Hosts: 219.129.239.223 www.ip2008.net
O1 - Hosts: 219.129.239.223 www.yqif.com
O1 - Hosts: 219.129.239.223 www.2t2t.cn
O1 - Hosts: 219.129.239.223 www.688ip.com
O1 - Hosts: 219.129.239.223 www.17tc.com
O1 - Hosts: 219.129.239.223 www1.6tan.com
O1 - Hosts: 219.129.239.223 www2.6tan.com
O1 - Hosts: 219.129.239.223 www.6tan.com
O1 - Hosts: 219.129.239.223 www.163se.net
O1 - Hosts: 219.129.239.223 www.168080.com
O1 - Hosts: 219.129.239.223 www.baidu8.org
O1 - Hosts: 219.129.239.223 www.qqwei.com
O1 - Hosts: 219.129.239.223 10.166.cn
O1 - Hosts: 219.129.239.223 9.166.cn
O1 - Hosts: 219.129.239.223 8.166.cn
O1 - Hosts: 219.129.239.223 7.166.cn
O1 - Hosts: 219.129.239.223 6.166.cn
O1 - Hosts: 219.129.239.223 5.166.cn
O1 - Hosts: 219.129.239.223 4.166.cn
O1 - Hosts: 219.129.239.223 3.166.cn
O1 - Hosts: 219.129.239.223 2.166.cn
O1 - Hosts: 219.129.239.223 1.166.cn
O1 - Hosts: 219.129.239.223 0.166.cn
O1 - Hosts: 219.129.239.223 pro.89178.com
O1 - Hosts: 219.129.239.223 www.89178.com
O1 - Hosts: 219.129.239.223 666.89178.com
O1 - Hosts: 219.129.239.223 888.89178.com
O1 - Hosts: 219.129.239.223 999.89178.com
O1 - Hosts: 219.129.239.223 net888.89178.com
O1 - Hosts: 219.129.239.223 net888.89178.com
O1 - Hosts: 219.129.239.223 89178.com
O1 - Hosts: 219.129.239.223 www.166.cn
O1 - Hosts: 219.129.239.223 www.so1.cn
O1 - Hosts: 219.129.239.223 new.jixie123.cn
O1 - Hosts: 219.129.239.223 www.x.com.cn
O1 - Hosts: 219.129.239.223 qz.magforum.net
O1 - Hosts: 219.129.239.223 cnnew.zcom.com
O1 - Hosts: 219.129.239.223 flash.btbbt.com
O1 - Hosts: 219.129.239.223 www.joyo.com
O1 - Hosts: 219.129.239.223 www.nze21.com
O1 - Hosts: 219.129.239.223 www.437799.com
O1 - Hosts: 219.129.239.223 www.168080.com
O1 - Hosts: 219.129.239.223 new2.jixie123.cn
O1 - Hosts: 219.129.239.223 info.souvv.cn
O1 - Hosts: 219.129.239.223 www.18dmm.com
O1 - Hosts: 219.129.239.223 www.souxse.cn
O1 - Hosts: 219.129.239.223 x.vvcyin.com
O1 - Hosts: 219.129.239.223 dm1.yiall.com
O1 - Hosts: 219.129.239.223 www.168080.com
O1 - Hosts: 219.129.239.223 www.nze21.com
gototop
 
phoenixiori
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2005-07-09
  • 来自:
发表于: 2007-04-14 23:05 | 显示全部 短消息 资料
字号: 3楼

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Sodui Search - {35EC0410-555E-4402-B372-D9A6E0BF6795} - C:\WINDOWS\system32\winuvn39.dll
O2 - BHO: (no name) - {827feca0-e702-4d3a-ae2b-1b294ae19f4f} - C:\WINDOWS\system32\4d3antos.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {c77ef783-c98e-4cf2-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4cf2cfsb.dll
O2 - BHO: MyFavor Web - {F7F49040-389C-4f1f-A825-06D5328EAE59} - C:\WINDOWS\system32\MyFavor.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: e702 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4d3antos.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SetRoute] C:\Program Files\L2TPHelp\setroute.exe
O4 - HKLM\..\Run: [niDevMon] G:\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "G:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "g:\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [winform] C:\WINDOWS\winform.exe
O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
O4 - HKLM\..\Run: [jbcs] C:\WINDOWS\jbcs.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [upxmdnd] C:\DOCUME~1\PHOENI~1\LOCALS~1\Temp\upxmdnd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [3qcqjg82c499j] C:\DOCUME~1\PHOENI~1\LOCALS~1\Temp\c0nime.exe
O4 - Startup: 腾讯QQ.lnk = G:\QQ2006\QQ.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?SystemRoot%\Installer\{AC76BA86-2052-0000-7760-100000000002}\SC_Acrobat.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: 上传到QQ网络硬盘 - G:\QQ2006\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://G:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - G:\QQ2006\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - G:\QQ2006\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - G:\QQ2006\SendMMS.htm
O8 - Extra context menu item: 转换为 Adobe PDF - res://G:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换为现有 PDF - res://G:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换选定的链接为 Adobe PDF - res://G:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 转换选定的链接为现有 PDF - res://G:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 转换选项为 Adobe PDF - res://G:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换选项为现有 PDF - res://G:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换链接目标为 Adobe PDF - res://G:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换链接目标为现有 PDF - res://G:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - g:\QQ2006\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - g:\QQ2006\QQ.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: 财富通 - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\Program Files\财富通\fcai.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.9991.com/?index.htm
O15 - Trusted Zone: http://www.icbc.com.cn
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF04D2EA-3E3E-4CFE-864A-052E265F32D1}: NameServer = 10.10.0.21
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MicroQC - C:\WINDOWS\SYSTEM32\ss.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\AVG Anti-Spyware\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - G:\National Instruments\MAX\nimxs.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - G:\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - G:\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - G:\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
gototop
 
phoenixiori
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2005-07-09
  • 来自:
发表于: 2007-04-14 23:06 | 显示全部 短消息 资料
字号: 4楼

现在连安全模式也进不去,唉
gototop
 
phoenixiori
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2005-07-09
  • 来自:
发表于: 2007-04-14 23:06 | 显示全部 短消息 资料
字号: 5楼

这可是刚刚才装了的系统啊......
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT