瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 高手大哥、大姐们,帮我看看我是不是中灰鸽子了~??~?~

1   1  /  1  页   跳转

高手大哥、大姐们,帮我看看我是不是中灰鸽子了~??~?~

收藏
暗夜精灵使
头像
初生襁褓狮
  • 帖子:49
  • 注册: 2005-02-01
  • 来自:
发表于: 2005-10-31 15:21 | 只看楼主 短消息 资料
字号: 1楼

高手大哥、大姐们,帮我看看我是不是中灰鸽子了~??~?~

小弟的电脑现在算是完了~
开一个QQ,CPU的使用率会上100%,机子运行速度是前所未见的~~~奇慢无比!!!!
不知道是不是灰鸽子病毒,请大哥、大姐指点一二。。。。。

这是Hijackthis扫描的结果。。。。
Logfile of HijackThis v1.99.0
Scan saved at 15:19:20, on 2005-10-31
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
F:\瑞星\RISING\RAV\Ravmond.exe
F:\瑞星\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
F:\瑞星\RISING\RAV\CCENTER.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\SAN\diskman.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\cfgwin.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sandai Technologies Inc\ThunderMini\ThunderMini.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
F:\瑞星\RISING\RAV\RAVTIMER.EXE
F:\瑞星\RISING\RAV\RAVMON.EXE
C:\WINDOWS\System32\ctfmon.exe
F:\IPQQ\qq\QQ.exe
F:\IPQQ\qq\TIMPlatform.exe
F:\IPQQ\qq\QQ.exe
C:\WINDOWS\System32\taskmgr.exe
F:\TT\TTraveler.exe
F:\999\HijackThis.exe

附件附件:

下载次数:0
文件类型:application/octet-stream
文件大小:
上传时间:2005-10-31 15:21:02
描述:



最后编辑2005-10-31 15:22:45
分享到:
gototop
 
暗夜精灵使
头像
初生襁褓狮
  • 帖子:49
  • 注册: 2005-02-01
  • 来自:
发表于: 2005-10-31 15:22 | 只看楼主 短消息 资料
字号: 2楼

Logfile of HijackThis v1.99.0
Scan saved at 15:20:23, on 2005-10-31
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
F:\瑞星\RISING\RAV\Ravmond.exe
F:\瑞星\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
F:\瑞星\RISING\RAV\CCENTER.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\SAN\diskman.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\cfgwin.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sandai Technologies Inc\ThunderMini\ThunderMini.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
F:\瑞星\RISING\RAV\RAVTIMER.EXE
F:\瑞星\RISING\RAV\RAVMON.EXE
C:\WINDOWS\System32\ctfmon.exe
F:\IPQQ\qq\QQ.exe
F:\IPQQ\qq\TIMPlatform.exe
F:\IPQQ\qq\QQ.exe
C:\WINDOWS\System32\taskmgr.exe
F:\TT\TTraveler.exe
F:\999\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R3 - URLSearchHook: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
R3 - URLSearchHook: (no name) - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - (no file)
O1 - Hosts: 218.5.76.51 ctt900.com
O1 - Hosts: 218.5.76.51 www.ctt900.com
O1 - Hosts: 218.5.76.51 ctt900.com
O1 - Hosts: 218.5.76.51 www.ctt900.com
O1 - Hosts: 218.5.76.51 zhao123.com
O1 - Hosts: 218.5.76.51 www.zhao123.com
O1 - Hosts: 218.5.76.51 zhao123.com
O1 - Hosts: 218.5.76.51 www.zhao123.com
O1 - Hosts: 218.5.76.51 4399.com
O1 - Hosts: 218.5.76.51 www.4399.com
O1 - Hosts: 218.5.76.51 4399.com
O1 - Hosts: 218.5.76.51 www.4399.com
O1 - Hosts: 218.5.76.51 chinagames.net
O1 - Hosts: 218.5.76.51 www.chinagames.net
O1 - Hosts: 218.5.76.51 chinagames.net
O1 - Hosts: 218.5.76.51 www.chinagames.net
O1 - Hosts: 218.5.76.51 tiexue.net
O1 - Hosts: 218.5.76.51 www.tiexue.net
O1 - Hosts: 218.5.76.51 tiexue.net
O1 - Hosts: 218.5.76.51 www.tiexue.net
O1 - Hosts: 218.5.76.51 qq163.com
O1 - Hosts: 218.5.76.51 www.qq163.com
O1 - Hosts: 218.5.76.51 qq163.com
O1 - Hosts: 218.5.76.51 www.qq163.com
O1 - Hosts: 218.5.76.51 flashmi.net
O1 - Hosts: 218.5.76.51 www.flashmi.net
O1 - Hosts: 218.5.76.51 flashmi.net
O1 - Hosts: 218.5.76.51 www.flashmi.net
O1 - Hosts: 218.5.76.51 chinamp3.com
O1 - Hosts: 218.5.76.51 www.chinamp3.com
O1 - Hosts: 218.5.76.51 chinamp3.com
O1 - Hosts: 218.5.76.51 www.chinamp3.com
O1 - Hosts: 218.5.76.51 pg168.com
O1 - Hosts: 218.5.76.51 www.pg168.com
O1 - Hosts: 218.5.76.51 pg168.com
O1 - Hosts: 218.5.76.51 www.pg168.com
O1 - Hosts: 218.5.76.51 yymp3.com
O1 - Hosts: 218.5.76.51 www.yymp3.com
O1 - Hosts: 218.5.76.51 yymp3.com
O1 - Hosts: 218.5.76.51 www.yymp3.com
O1 - Hosts: 218.5.76.51 yy138.com
O1 - Hosts: 218.5.76.51 www.yy138.com
O1 - Hosts: 218.5.76.51 yy138.com
O1 - Hosts: 218.5.76.51 www.yy138.com
O1 - Hosts: 218.5.76.51 dj99.com
O1 - Hosts: 218.5.76.51 www.dj99.com
O1 - Hosts: 218.5.76.51 dj99.com
O1 - Hosts: 218.5.76.51 www.dj99.com
O1 - Hosts: 218.5.76.51 sogua.com
O1 - Hosts: 218.5.76.51 www.sogua.com
O1 - Hosts: 218.5.76.51 sogua.com
O1 - Hosts: 218.5.76.51 www.sogua.com
O1 - Hosts: 218.5.76.51 snsn.net
O1 - Hosts: 218.5.76.51 www.snsn.net
O1 - Hosts: 218.5.76.51 snsn.net
O1 - Hosts: 218.5.76.51 www.snsn.net
O1 - Hosts: 218.5.76.51 flash8.net
O1 - Hosts: 218.5.76.51 www.flash8.net
O1 - Hosts: 218.5.76.51 flash8.net
O1 - Hosts: 218.5.76.51 www.flash8.net
O1 - Hosts: 218.5.76.51 mop.com
O1 - Hosts: 218.5.76.51 www.mop.com
O1 - Hosts: 218.5.76.51 mop.com
O1 - Hosts: 218.5.76.51 www.mop.com
O1 - Hosts: 218.5.76.51 tianyaclub.com
O1 - Hosts: 218.5.76.51 www.tianyaclub.com
O1 - Hosts: 218.5.76.51 tianyaclub.com
O1 - Hosts: 218.5.76.51 www.tianyaclub.com
O1 - Hosts: 218.5.76.51 xici.net
O1 - Hosts: 218.5.76.51 www.xici.net
O1 - Hosts: 218.5.76.51 xici.net
O1 - Hosts: 218.5.76.51 www.xici.net
O1 - Hosts: 218.5.76.51 ucanlove.com
O1 - Hosts: 218.5.76.51 www.ucanlove.com
O1 - Hosts: 218.5.76.51 ucanlove.com
O1 - Hosts: 218.5.76.51 www.ucanlove.com
O1 - Hosts: 218.5.76.51 cmfu.com
O1 - Hosts: 218.5.76.51 www.cmfu.com
O1 - Hosts: 218.5.76.51 cmfu.com
O1 - Hosts: 218.5.76.51 www.cmfu.com
O1 - Hosts: 218.5.76.51 21red.net
O1 - Hosts: 218.5.76.51 www.21red.net
O1 - Hosts: 218.5.76.51 21red.net
O1 - Hosts: 218.5.76.51 www.21red.net
O1 - Hosts: 218.5.76.51 pconline.com.cn
O1 - Hosts: 218.5.76.51 www.pconline.com.cn
O1 - Hosts: 218.5.76.51 pconline.com.cn
O1 - Hosts: 218.5.76.51 www.pconline.com.cn
O1 - Hosts: 218.5.76.51 donews.com
O1 - Hosts: 218.5.76.51 www.donews.com
O1 - Hosts: 218.5.76.51 donews.com
O1 - Hosts: 218.5.76.51 www.donews.com
O1 - Hosts: 218.5.76.51 pcauto.com.cn
O1 - Hosts: 218.5.76.51 www.pcauto.com.cn
O1 - Hosts: 218.5.76.51 pcauto.com.cn
O1 - Hosts: 218.5.76.51 www.pcauto.com.cn
O1 - Hosts: 218.5.76.51 265.com
O1 - Hosts: 218.5.76.51 www.265.com
O1 - Hosts: 218.5.76.51 265.com
O1 - Hosts: 218.5.76.51 www.265.com
O1 - Hosts: 218.5.76.51 wo99.com
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v8.dll
O2 - BHO: 上网助手 - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - (no file)
gototop
 
暗夜精灵使
头像
初生襁褓狮
  • 帖子:49
  • 注册: 2005-02-01
  • 来自:
发表于: 2005-10-31 15:22 | 只看楼主 短消息 资料
字号: 3楼

O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - F:\FASTAI~1\IEBand.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - Toolbar: (no name) - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] rem C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] rem C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [NvCplDaemon] rem RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] rem nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] rem RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [MGFOLDER.EXE] F:\文件夹保护\MgFolder\MgFolder.exe
O4 - HKLM\..\Run: [thunder_mini] C:\Program Files\Sandai Technologies Inc\ThunderMini\ThunderMini.exe
O4 - HKLM\..\Run: [MoveSearch] C:\DOCUME~1\fh\LOCALS~1\Temp\Rar$EX02.734\wsearch\Search.exe
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [Knight V] x?
O4 - HKLM\..\Run: [sysupate] C:\WINDOWS\System32\NtSysUpdate.exe
O4 - HKLM\..\Run: [RavTimer] F:\瑞星\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] F:\瑞星\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [Windows Ndis Device] cfgwin.exe
O4 - HKLM\..\RunServices: [Windows Ndis Device] cfgwin.exe
O4 - HKLM\..\RunOnce: [Windows Ndis Device] cfgwin.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Ndis Device] cfgwin.exe
O4 - HKCU\..\RunOnce: [Windows Ndis Device] cfgwin.exe
O4 - Startup: 娱乐心空.lnk = C:\Program Files\yulexk\Run.exe
O8 - Extra context menu item: &使用迅雷下载 - F:\迅雷5\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - F:\迅雷5\getallurl.htm
O8 - Extra context menu item: &使用迷你迅雷下载 - C:\Program Files\Sandai Technologies Inc\ThunderMini\geturl.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with &Shareaza - res://F:\BT\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - F:\IPQQ\qq\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - F:\IPQQ\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - F:\IPQQ\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\IPQQ\qq\SendMMS.htm
O8 - Extra context menu item: 豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm (file missing)
O9 - Extra button: 手机短信 - {5DA5CC16-90A8-4c78-AB5E-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\qq\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\qq\QQ.EXE (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm (file missing)
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{159AE2B0-9B7D-45A7-9FCB-79EB093594A6}: NameServer = 202.101.115.55,202.101.98.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE6C5012-00EF-4EBC-A938-1AE72AA8C2B8}: NameServer = 218.85.157.99 202.101.98.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{159AE2B0-9B7D-45A7-9FCB-79EB093594A6}: NameServer = 202.101.115.55,202.101.98.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{159AE2B0-9B7D-45A7-9FCB-79EB093594A6}: NameServer = 202.101.115.55,202.101.98.55
O17 - HKLM\System\CS3\Services\Tcpip\..\{159AE2B0-9B7D-45A7-9FCB-79EB093594A6}: NameServer = 202.101.115.55,202.101.98.55
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Process Communication Center - rising - F:\瑞星\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service - Beijing Rising Technology Co., Ltd. - F:\瑞星\RISING\RAV\Ravmond.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Universal Disk Manager - Unknown - C:\Program Files\Common Files\SAN\diskman.exe
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT