1   1  /  1  页   跳转

拯救下我吧``神人``

收藏
QQ有毒
头像
初生襁褓狮
  • 帖子:1
  • 注册: 2006-11-10
  • 来自:
发表于: 2006-11-10 10:35 | 只看楼主 短消息 资料
字号: 1楼

拯救下我吧``神人``

我的IE老是有广告用瑞星杀了还有,每次一打开IE就要弹出来广告,什么淫荡护士啦什么的,我家人有时候拿我电脑看股票弄的我好尴尬```不知道怎么解决啊
Logfile of Kaka v2. 0. 0. 9 Scan Module v2. 0. 0. 1
Scan saved at 10:24:10, on 2006-11-10
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))


Running processes:
[smss.exe]
CommandLine =

[csrss.exe]
CommandLine = C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[winlogon.exe]
CommandLine = winlogon.exe

[SERVICES.EXE]
CommandLine = C:\WINDOWS\system32\services.exe

[LSASS.EXE]
CommandLine = C:\WINDOWS\system32\lsass.exe

[Ati2evxx.exe]
CommandLine = C:\WINDOWS\system32\Ati2evxx.exe

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\system32\svchost -k DcomLaunch

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\system32\svchost -k rpcss

[CCenter.exe]
CommandLine = "F:\Rising\Rav\CCenter.exe"

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\System32\svchost.exe -k netsvcs

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\system32\svchost.exe -k NetworkService

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\system32\svchost.exe -k LocalService

[RavMonD.exe]
CommandLine = "F:\Rising\Rav\Ravmond.exe"

[spoolsv.exe]
CommandLine = C:\WINDOWS\system32\spoolsv.exe

[RavStub.exe]
CommandLine = F:\Rising\Rav\RavStub.exe /RAVMOND

[rundllfromwin2000.exe]
CommandLine = C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\ZPKHOO76.DLL,Export 1087

[ULCDRSvr.exe]
CommandLine = "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe"

[wdfmgr.exe]
CommandLine = C:\WINDOWS\system32\wdfmgr.exe

[alg.exe]
CommandLine = C:\WINDOWS\System32\alg.exe

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\system32\svchost.exe -k imgsvc

[Ati2evxx.exe]
CommandLine = Ati2evxx.exe -Client

[EXPLORER.EXE]
CommandLine = C:\WINDOWS\Explorer.EXE

[RavTask.exe]
CommandLine = "F:\RISING\RAV\RAVTASK.EXE" -SYSTEM

[RavMon.exe]
CommandLine = "F:\Rising\Rav\Ravmon.exe" -SYSTEM

[Dialterminal.exe]
CommandLine = "C:\Program Files\ChinaNetSn\bin\Dialterminal.exe"

[iexplore.exe]
CommandLine = "C:\Program Files\Internet Explorer\iexplore.exe"

[Thunder5.exe]
CommandLine = "F:\新建文件夹 (3)\Program\Thunder5.exe"  /222.90.130.90MICROSOF-54F7BB7EB

[iexplore.exe]
CommandLine = "C:\Program Files\Internet Explorer\iexplore.exe" about:blank

[WinRAR.exe]
CommandLine = "C:\Program Files\WinRAR\WinRAR.exe"  "C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\UPU5UPCB\supercleaner_2.95H[1].rar"

[KkScan.exe]
CommandLine = "F:\Rising\KkScan.exe"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.7255.com/
R3 - Default URLSearchHook is missing
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: Promote Class - {0FA24E3E-422C-4D94-A125-104F32352C90} - C:\WINDOWS\system32\promote.dll
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} -  (file missing)
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - F:\新建文件夹\MagicSet\haokanbar.dll
O2 - BHO: Thunder Browser Helper - {889D2FEB-5411-4565-8998-1DD2C5261283} - F:\新建文件夹 (3)\ComDlls\XunLeiBHO_002.dll
O2 - BHO:  - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - E:\新建文~2\KuGoo3\KUGOO3~1.OCX
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\aa3o22a0.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - F:\新建文件夹\MagicSet\haokanbar.dll
O4 - HKLM\..\Run: [RavTask] "F:\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [S-Plus] "E:\新建文件夹 (4)\SPlus\SPlus.exe"
O4 - Startup: LunaPhone.lnk = E:\新建文件夹 (4)\LunaPhone\LunaPhone.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用迅雷下载 - F:\新建文件夹 (3)\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - F:\新建文件夹 (3)\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - F:\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - E:\新建文件夹 (2)\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 使用Web迅雷下载 - F:\新建文件夹 (3)\GetUrl.htm
O8 - Extra context menu item: 使用Web迅雷下载全部链接 - F:\新建文件夹 (3)\GetAllUrl.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - F:\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - F:\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\QQ\SendMMS.htm
O9 - Extra Button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - F:\新建文件夹 (3)\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - F:\新建文件夹 (3)\Thunder.exe
O9 - Extra Button: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra Button: 酷标 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\coolsign\coolsign.dll
O9 - Extra Button: 雅虎WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra Button: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - Extra 'Tools' menuitem: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - Extra Button: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\QQ\QQ.EXE
O9 - Extra Button: (no name) - {D54fe181-2b1e-23f5-b31a-11bbcc2a264b} -
O9 - Extra Button: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\新建文件夹 (4)\qq\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\新建文件夹 (4)\qq\QQIEHelper.dll (file missing)
O9 - Extra Button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {0E15E2DC-068C-4D6D-8E4D-A8C60658EA48} - http://down.lingtel.com/cab/WebTunnel.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {444689BB-651F-4087-8F30-CBF21CD2DC82} (MyP2T Control) - http://dial.koocall.com/new_activeX/p2t2.cab
O16 - DPF: {616465C5-57BD-4B2B-A118-BC59CE0FDA56} (CommandTunnel Class) - http://down.lingtel.com/cab/WebTunnel.cab
O16 - DPF: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} - http://ps.itv.mop.com/dn/files/vodupdate_1.0.0.9_20060425.cab
O16 - DPF: {A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} (Qzone Media Tools) - http://qz-photo.qq.com/qzone3/QzoneMediaTools.cab
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BFFC102-23C7-414D-B163-8659D40487F0}: NameServer = 218.30.19.40 61.134.1.4
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O20 - Winlogon Notify: AtiExtEvent
O21 - SSODL: DVDBurn - {790448C3-4239-45AF-C98B-367991A8B103} - C:\WINDOWS\Downloaded Program Files\AfxEdit.dll
O23 - Service: Ati HotKey Poller (Ati HotKey Poller) - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart (ATI Smart) -  - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Network Logons (NetWorkLogons) -  - rundll32.exe KB27861012.log,start
O23 - Service: Intranet Messenger (NHLAP) -  - C:\WINDOWS\system32\rundllfromwin2000.exe c:\windows\system32\wbem\zpkhoo76.dll,export 1087
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "F:\Rising\Rav\CCenter.exe"
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - "F:\Rising\Rav\Ravmond.exe"
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
这个是我的日志,谢谢了偶像们```
最后编辑2006-11-10 18:53:20
分享到:
gototop
 
建能
头像
横据古稀狮
  • 帖子:5755
  • 注册: 2005-04-01
  • 来自:
发表于: 2006-11-10 12:54 | 短消息 资料
字号: 2楼

O23 - Service: Network Logons (NetWorkLogons) - - rundll32.exe KB27861012.log,start
O21 - SSODL: DVDBurn - {790448C3-4239-45AF-C98B-367991A8B103} - C:\WINDOWS\Downloaded Program Files\AfxEdit.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\aa3o22a0.dll
O2 - BHO: Promote Class - {0FA24E3E-422C-4D94-A125-104F32352C90} - C:\WINDOWS\system32\promote.dll
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - (file missing)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.7255.com/
R3 - Default URLSearchHook is missing
修复上面各项
gototop
 
xp123
头像
初生襁褓狮
  • 帖子:1151
  • 注册: 2006-06-14
  • 来自:
发表于: 2006-11-10 13:04 | 短消息 资料
字号: 3楼

O23 - Service: Intranet Messenger (NHLAP) - - C:\WINDOWS\system32\rundllfromwin2000.exe c:\windows\system32\wbem\zpkhoo76.dll,export 1087
也不正常哦

另外
光修复好象只是解决短期问题
gototop
 
xp123
头像
初生襁褓狮
  • 帖子:1151
  • 注册: 2006-06-14
  • 来自:
发表于: 2006-11-10 13:04 | 短消息 资料
字号: 4楼

O23 - Service: Intranet Messenger (NHLAP) - - C:\WINDOWS\system32\rundllfromwin2000.exe c:\windows\system32\wbem\zpkhoo76.dll,export 1087
也不正常哦

另外
光修复好象只是解决短期问题
gototop
 
秋日里的蓝天
头像
卡卡技术团队
  • 帖子:7349
  • 注册: 2004-09-30
  • 来自:
发表于: 2006-11-10 19:01 | 短消息 资料
字号: 5楼

请下载Hijackthis1.99.1汉化版
下载地址:http://free5.ys168.com/?ufwihgu168

重新启动电脑,自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。)


控制面板--管理工具--服务--查找--
Network Logons
Intranet Messenger
--启动类型--设置为已禁止--服务类型--设置为停止


运行Hijackthis,把下面的选中打上钩,修复
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\aa3o22a0.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O23 - Service: Network Logons (NetWorkLogons) - - rundll32.exe KB27861012.log,start
O23 - Service: Intranet Messenger (NHLAP) - - C:\WINDOWS\system32\rundllfromwin2000.exe c:\windows\system32\wbem\zpkhoo76.dll,export 1087


删除
c:\windowsKB27861012.log
C:\WINDOWS\system32\rundllfromwin2000.exe
c:\windows\system32\wbem\zpkhoo76.dll
C:\WINDOWS\aa3o22a0.dll
C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\UPU5UPCB\supercleaner_2.95H[1].rar
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT