瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 ------不知哪里中毒了,不断兰屏。HELP

1   1  /  1  页   跳转

------不知哪里中毒了,不断兰屏。HELP

收藏
docomo
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2006-09-08
  • 来自:
发表于: 2006-09-08 03:19 | 只看楼主 短消息 资料
字号: 1楼

------不知哪里中毒了,不断兰屏。HELP

Logfile of HijackThis v1.99.1
Scan saved at 2:40:48, on 2006-9-8
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WebCatcher\WebCatcherHelper.exe
F:\Download20060518\virus scam + spyware\ha_hijackthis_1991\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: 世界网络工具条 BHO - {92AB6385-AB63-4EDD-9403-E80ACC09A237} - C:\PROGRA~1\LINKWA~1\LINKWA~1.DLL
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\justDo\Jd2002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CWebToolsBHO Class - {C49A89A1-D366-4151-904C-16F69B1C444E} - C:\Documents and Settings\Haru\My Documents\让你的IE变成多窗口浏览器\ie plus\WebTools.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: CyberArticle Express - {769A6A36-ED24-4376-BC7C-80225BF35698} - C:\Program Files\CyberArticle\CAExp.dll
O3 - Toolbar: Microgarden WebTools - {E929661E-3728-4E52-BCCB-AE4058F75466} - C:\Documents and Settings\Haru\My Documents\让你的IE变成多窗口浏览器\ie plus\WebTools.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: 世界网络工具条 - {B20BBFC3-88B6-44E7-8C65-A686A352F706} - C:\PROGRA~1\LINKWA~1\LINKWA~1.DLL
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download All Links with IDM - D:\BACKUPED OK 可删除\Internet Download Manager v5.01 绿色特别版\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\BACKUPED OK 可删除\Internet Download Manager v5.01 绿色特别版\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: 下载页面上的ED2(&K)链接 - C:\Program Files\eMule\ed2k.html
O8 - Extra context menu item: 使用影音传送带下载 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 使用网文快捕保存 - C:\Program Files\WebCatcher\script\savex.htm
O8 - Extra context menu item: 使用网文快捕保存当前网页 - C:\Program Files\WebCatcher\script\save.htm
O8 - Extra context menu item: 使用网文快捕保存选中部分 - C:\Program Files\WebCatcher\script\savesel.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 保存: 更多保存内容... - C:\Program Files\CyberArticle\script\SaveAuto.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: 收藏夹备份大师 - {00000000-0000-0000-0000-197805250420} - C:\Program Files\收藏夹备份大师V1.2.4\FavoriteBackup.exe
O9 - Extra 'Tools' menuitem: 收藏夹备份大师(&F) - {00000000-0000-0000-0000-197805250420} - C:\Program Files\收藏夹备份大师V1.2.4\FavoriteBackup.exe
O9 - Extra button: 音乐搜索 - {00000000-0000-0000-0001-197805250420} - mp3search.exe (file missing)
O9 - Extra 'Tools' menuitem: &MP3音乐搜索 - {00000000-0000-0000-0001-197805250420} - mp3search.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: 使用网文快捕保存当前网页 - {0246d4c7-57d6-41eb-ae55-cc9a883929da} - C:\Program Files\WebCatcher\script\save.htm (HKCU)
O9 - Extra button: 使用网文快捕保存 - {0246d4c7-57d6-41eb-ae55-cc9a883929db} - C:\Program Files\WebCatcher\script\savex.htm (HKCU)
O9 - Extra button: (no name) - {0246d4c7-57d6-41eb-ae55-cc9a883929dc} - C:\Program Files\WebCatcher\script\save.htm (HKCU)
O9 - Extra 'Tools' menuitem: 使用网文快捕保存当前网页 - {0246d4c7-57d6-41eb-ae55-cc9a883929dc} - C:\Program Files\WebCatcher\script\save.htm (HKCU)
O9 - Extra button: (no name) - {0246d4c7-57d6-41eb-ae55-cc9a883929dd} - C:\Program Files\WebCatcher\script\savex.htm (HKCU)
O9 - Extra 'Tools' menuitem: 使用网文快捕保存 - {0246d4c7-57d6-41eb-ae55-cc9a883929dd} - C:\Program Files\WebCatcher\script\savex.htm (HKCU)
O9 - Extra button: (no name) - {0246d4c7-57d6-41eb-ae55-cc9a883929de} - C:\Program Files\WebCatcher\WebCatcher.exe (HKCU)
O9 - Extra 'Tools' menuitem: 运行网文快捕 - {0246d4c7-57d6-41eb-ae55-cc9a883929de} - C:\Program Files\WebCatcher\WebCatcher.exe (HKCU)
O12 - Plugin for .exe: C:\Program Files\Opera7\PLUGINS\NPFgc1.dll
O12 - Plugin for .rar: C:\Program Files\Opera7\PLUGINS\NPFgc1.dll
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe




还请高手,帮分析看看,原因何在。不胜感激啊。
最后编辑2006-09-08 15:48:00
分享到:
gototop
 
docomo
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2006-09-08
  • 来自:
发表于: 2006-09-08 15:56 | 只看楼主 短消息 资料
字号: 2楼

顶一下
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT