请高手门相助!!!谢谢!(附:hijackthis 报告) bbs.ikaka.com

gamza - 2007-6-24 21:30:00

各位高手:
我安装的是瑞星正版,电脑一直自动重启,但瑞星却查不出,后来升级为最新版本,杀了两个病毒,但是情况仍然依旧.在安全模式下,打开ie的话,过一会会出现内存不能read等窗口,自动关闭浏览器.请高手门相助!!!谢谢!

附hijackthis 报告

Logfile of HijackThis v1.99.1
Scan saved at 20:53:52, on 2005-6-24
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\userinit.exe
C:\WINNT\Explorer.EXE
D:\ha_hijackthis_1991\HijackThis.exe
D:\ha_hijackthis_1991\HijackThis.exe

O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - D:\nettranster\NetXfer\NXIEHelper.dll
O3 - Toolbar: (no name) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - (no file)
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [AntiARPStandalone] D:\AntiARP\AntiARP.exe
O4 - HKLM\..\Run: [SKYNET Personal FireWall] D:\SKYNET\FIREWALL\pfw.exe
O4 - HKCU\..\Run: [ctfmon.exe] CTFMON.EXE
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX04.211\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网络传送带下载 - D:\nettranster\NetXfer\NXAddLink.html
O8 - Extra context menu item: 使用网络传送带下载全部链接 - D:\nettranster\NetXfer\NXAddList.html
O8 - Extra context menu item: 使用迅雷下载 - D:\迅雷\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - D:\迅雷\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 导出当前页到超星阅览器(&A) - D:\SSREADER36\ss_all.htm
O8 - Extra context menu item: 导出选中部分到超星阅览器(&S) - D:\SSREADER36\ss_select.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX04.211\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX04.211\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX04.211\QQ\SendMMS.htm
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {4B48CEDD-EB09-4FD3-AA22-5BDE98EDEF90} (EZXSActiveX Control) - http://www.kotra.or.kr/main/ezxssso/install/ezxsactivex.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160048961654
O16 - DPF: {7781F64F-2C0E-4776-B40E-A302CD48F76B} (Cc114 Control) - http://210.51.167.108/webmeeting/cc114.cab
O16 - DPF: {79C871A6-F9C8-44DA-B2C9-CD9438D9642C} (EZXSInstaller Control) - http://www.kotra.or.kr/main/ezxssso/install/ezxsinstaller.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} -
O16 - DPF: {8C9D5912-EED6-4488-B778-2D74EF9B859D} (CHtmlIp3View Object) - http://www.drcnet.com.cn/fish_dll/Ip3HtmlView.dll
O16 - DPF: {913BF18F-672D-4676-9855-F9A192A88886} (IMBCContents Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {A00B2A53-60D9-4477-ADA3-60490770C5E0} (Hanmail Upload Control) - http://mail.daum.net/hanmail-ax/hanmail.cab
O16 - DPF: {B8C4B31D-6DCE-4DF0-BF73-44686849F67D} (PDRInst1 Class) - http://imgcdn.pandora.tv/pan_img/p3player/package/pdrinst.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,2
O16 - DPF: {E75D308D-B903-11D4-BD46-0050BA6E0CA5} (BtecKBase Class) - http://www.drcnet.com.cn/fish_dll/bteckbasec.dll
O16 - DPF: {F707D836-1E2B-4ADD-94BB-24E6CAF11A1A} (IMBCCaptionDumy Control) - http://caption.imbc.com/Caption/IMBCCaption.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5B860DD-299A-47DE-AEE4-3E1CAFFF540A}: NameServer = 202.198.192.10,202.98.0.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9B9FD2B-2475-4429-8066-7BED66F8AB20}: NameServer = 202.198.192.10,202.98.0.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{A5B860DD-299A-47DE-AEE4-3E1CAFFF540A}: NameServer = 202.198.192.10,202.98.0.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{A5B860DD-299A-47DE-AEE4-3E1CAFFF540A}: NameServer = 202.198.192.10,202.98.0.68
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - J:\其他\软件\AVGAntiSpyware7513620070611(2)\AVG Anti-Spyware\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - d:\ENTERN~2\app\pppoeservice.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

瑞星卡卡安全论坛