瑞星卡卡安全论坛

请教大师个问题好急哟 ~  哥哥姐姐门  为虾米 偶地机器打开网页不久(大概开3-4个网页) 就CPU100%呢
就死机哦  而且IEXPLORE占用98%
偶是正版瑞星用户 杀过了 没中毒
而且偶已经打上了所有的系统补丁了
机器是WINXP SP3的系统
配置 P4 3.0 内存512
为虾米会出现这种情况呢?
HIJACKTHIS1.99.1扫描入下


Logfile of HijackThis v1.99.1
Scan saved at 17:07:40, on 2005-8-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\瑞醒\RISING\RAV\Ravmond.exe
E:\瑞醒\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\瑞醒\RISING\RAV\RAVTIMER.EXE
E:\瑞醒\RISING\RAV\RAVMON.EXE
C:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Thunder\Thunder.exe
C:\Program Files\P4P\p2psvr.exe
E:\瑞醒\RISING\RAV\CCENTER.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\qq\QQ.exe
F:\qq\TIMPlatform.exe
C:\Program Files\Chinanet\VnetClient.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\HijackThis.exe

R3 - URLSearchHook: MyURLSearchHook Class - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - C:\PROGRA~1\P4P\ToolBar.dll
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\SoDAIE.dll
O3 - Toolbar: 搜狗直通车 - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} - C:\PROGRA~1\P4P\ToolBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RavTimer] E:\瑞醒\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] E:\瑞醒\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [iDuba Personal FireWall] E:\金山毒霸\KAVPFW.EXE
O4 - Startup: 迅雷4.lnk = G:\Program Files\Thunder\Thunder.exe
O4 - Global Startup: 月光LuLu登陆器.lnk = ?
O8 - Extra context menu item: &使用迅雷下载 - G:\Program Files\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - G:\Program Files\Thunder\getAllurl.htm
O8 - Extra context menu item: 使用搜狗直通车下载 - C:\PROGRA~1\P4P\dl.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - F:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - F:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\qq\SendMMS.htm
O9 - Extra button: SoQ - {8F67DCF3-B1DF-4A39-A787-3775784BF737} - http://www.soq.com (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0908053E-C181-4A95-87FE-6417E1390515}: NameServer = 202.102.192.68 202.102.199.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CE88D0C-2518-4A60-B0B0-4A06F995FB63}: NameServer = 211.91.88.129,211.90.88.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{0908053E-C181-4A95-87FE-6417E1390515}: NameServer = 202.102.192.68 202.102.199.68
O20 - AppInit_DLLs: C:\WINDOWS\system32\SoDAHK.DLL
O23 - Service: P4P Service - Sohu R&D - C:\Program Files\P4P\p2psvr.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - E:\瑞醒\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\瑞醒\RISING\RAV\Ravmond.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

求高手帮偶解决啊 偶机器刚买不久呀55555555555!

而且偶2个系统 偶把一个系统格式化 重新装了 再浏览网页 开始半小时都没事 后来又出现相同地情况了...

请楼主用HIJACKTHIS1.99.1扫描您的log上来
方便朋友们帮助您分析.
hijackthis1.99.1在反浏览器劫持论坛上有提供下载

更新病毒库，断开网络在安全模式下彻底查杀。

谢谢大家帮忙 偶病毒库已经是最新的了

偶机器好象中过TROJAN- 一类的毒 小草也不懂 哎

引用:

【天使小草的贴子】请教大师个问题好急哟 ~  哥哥姐姐门  为虾米 偶地机器打开网页不久(大概开3-4个网页) 就CPU100%呢 就死机哦  而且IEXPLORE占用98% 偶是正版瑞星用户 杀过了 没中毒 而且偶已经打上了所有的系统补丁了 机器是WINXP SP3的系统 配置 P4 3.0 内存512 为虾米会出现这种情况呢? HIJACKTHIS1.99.1扫描入下 Logfile of HijackThis v1.99.1 Scan saved at 17:07:40, on 2005-8-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe E:\瑞醒\RISING\RAV\Ravmond.exe E:\瑞醒\RISING\RAV\RavStub.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe E:\瑞醒\RISING\RAV\RAVTIMER.EXE E:\瑞醒\RISING\RAV\RAVMON.EXE C:\WINDOWS\system32\ctfmon.exe G:\Program Files\Thunder\Thunder.exe C:\Program Files\P4P\p2psvr.exe E:\瑞醒\RISING\RAV\CCENTER.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe F:\qq\QQ.exe F:\qq\TIMPlatform.exe C:\Program Files\Chinanet\VnetClient.exe C:\WINDOWS\system32\RUNDLL32.exe C:\Program Files\Internet Explorer\iexplore.exe E:\HijackThis.exe R3 - URLSearchHook: MyURLSearchHook Class - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - C:\PROGRA~1\P4P\ToolBar.dll O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\SoDAIE.dll O3 - Toolbar: 搜狗直通车 - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} - C:\PROGRA~1\P4P\ToolBar.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RavTimer] E:\瑞醒\RISING\RAV\RAVTIMER.EXE O4 - HKLM\..\Run: [RavMon] E:\瑞醒\RISING\RAV\RAVMON.EXE -SYSTEM O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iDuba Personal FireWall] E:\金山毒霸\KAVPFW.EXE O4 - Startup: 迅雷4.lnk = G:\Program Files\Thunder\Thunder.exe O4 - Global Startup: 月光LuLu登陆器.lnk = ? O8 - Extra context menu item: &使用迅雷下载 - G:\Program Files\Thunder\geturl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - G:\Program Files\Thunder\getAllurl.htm O8 - Extra context menu item: 使用搜狗直通车下载 - C:\PROGRA~1\P4P\dl.htm O8 - Extra context menu item: 添加到QQ自定义面板 - F:\qq\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - F:\qq\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\qq\SendMMS.htm O9 - Extra button: SoQ - {8F67DCF3-B1DF-4A39-A787-3775784BF737} - http://www.soq.com (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{0908053E-C181-4A95-87FE-6417E1390515}: NameServer = 202.102.192.68 202.102.199.68 O17 - HKLM\System\CCS\Services\Tcpip\..\{7CE88D0C-2518-4A60-B0B0-4A06F995FB63}: NameServer = 211.91.88.129,211.90.88.129 O17 - HKLM\System\CS1\Services\Tcpip\..\{0908053E-C181-4A95-87FE-6417E1390515}: NameServer = 202.102.192.68 202.102.199.68 O20 - AppInit_DLLs: C:\WINDOWS\system32\SoDAHK.DLL O23 - Service: P4P Service - Sohu R&D - C:\Program Files\P4P\p2psvr.exe O23 - Service: Rising Process Communication Center (RsCCenter) - rising - E:\瑞醒\RISING\RAV\CCENTER.EXE O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\瑞醒\RISING\RAV\Ravmond.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe ...........................

你好,IESP3偶没用过,日志上也没问题,个人建议卸载: 搜狗直通车 (步骤)_
修复O9 - Extra button: SoQ - {8F67DCF3-B1DF-4A39-A787-3775784BF737} - http://www.soq.com (file missing)
R3 - URLSearchHook: MyURLSearchHook Class - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - C:\PROGRA~1\P4P\ToolBar.dll
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\SoDAIE.dll
O3 - Toolbar: 搜狗直通车 - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} - C:\PROGRA~1\P4P\ToolBar.dll

重启电脑,进安全模式,断网.关闭系统还原,删除C:\PROGRA~1目录下P4P整个文件夹.....

还是出现相同问题哦!偶应该怎么办列 求救ING~~~~

【回复“天使小草”的帖子】
O4 - HKCU\..\Run: [iDuba Personal FireWall] E:\金山毒霸\KAVPFW.EXE
O4 - HKLM\..\Run: [RavTimer] E:\瑞醒\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] E:\瑞醒\RISING\RAV\RAVMON.EXE -SYSTEM
请楼主把启动项瑞星与毒霸二中求一,试试,个人认为可能是2个杀软的兼容问题,要不请卸载掉一个杀软试试

偶把金山删了 还是无行....5555555555555555

..........偶把金山删了还是无行哇 55555555555555555