高手们帮看看谢谢 bbs.ikaka.com

我是绿色 - 2005-11-21 14:16:00

最近电脑总是运行中就到了用户登陆那里,XP系统.好象是自动切换用户,不停的这样.
Logfile of HijackThis v1.99.1
Scan saved at 14:14:34, on 2005-11-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ZAccess\AccessLinker ADSL\CnxDslTb.exe
C:\WINDOWS\system32\ctfmon.exe
D:\KAV2005\KAVPFW.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\KAV2005\KPfwSvc.EXE
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Iparmor\Iparmor.exe
D:\KAV2005\KMailMon.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\影视\My Documents\HijackThis\HijackThis.exe

O1 - Hosts: 202.85.22.10 bbs.100free.net
O1 - Hosts: 202.85.22.10 100free.net
O1 - Hosts: 202.85.22.10 www.100free.net
O2 - BHO: IEHttpCOM Utility - {1C1105D5-AEC0-4255-AF0C-1DA95EEAF8BD} - C:\Program Files\Internet Explorer\HUDC1008.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\ZAccess\AccessLinker ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [iparmor] C:\Program Files\Iparmor\Iparmor.exe mini
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KavPFW] "D:\KAV2005\KAVPFW.EXE"
O8 - Extra context menu item: 使用影音传送带下载 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 推荐给朋友，收藏到亿友响客 - http://x.yeeyoo.com/MouseAdd/
O9 - Extra button: 微软 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03D3A007-B028-4378-B41B-014347424D74}: NameServer = 61.134.1.9 219.150.32.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{03D3A007-B028-4378-B41B-014347424D74}: NameServer = 61.134.1.9 219.150.32.132
O20 - AppInit_DLLs: APIHookDll.dll
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - D:\KAV2005\KPfwSvc.EXE

瑞星卡卡安全论坛