瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 太多问题了。。哎。。。请看日志。。

1   1  /  1  页   跳转

太多问题了。。哎。。。请看日志。。

收藏
centa
头像
初生襁褓狮
  • 帖子:41
  • 注册: 2006-08-14
  • 来自:
发表于: 2006-09-10 00:07 | 只看楼主 短消息 资料
字号: 1楼

太多问题了。。哎。。。请看日志。。

HijackThis_815汉化版扫描日志 V1.99.1
保存于      23:46:24, 日期 2006-9-9
操作系统:  Windows XP  (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 (6.00.2600.0000)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\rundll32.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\intranet.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\SVOHOST.exe
C:\WINDOWS\System32\win32bootcfg.exe
C:\dfndrff_15.exe
C:\kybrdff_17.exe
C:\WINDOWS\System32\scvhost9.exe
C:\nwnmff_17.exe
C:\WINDOWS\System32\taskmngr32.exe
C:\WINDOWS\System32\taskwiz.exe
C:\WINDOWS\System32\algs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\WINDOWS\bGl1\command.exe
C:\WINDOWS\system32\lssc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ssmc.exe
C:\WINDOWS\system32\service.exe
C:\WINDOWS\win32host.exe
C:\WINDOWS\alg.exe
C:\WINDOWS\taskmor.exe
F:\HijackThis1991zww.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\winlogin.exe

R3 - URLSearchHook: (no name) - {626D8BC2-CBC2-46AE-8B09-B9334D4BCDF1} - C:\WINDOWS\System32\Tnesrt.dll
R3 - URLSearchHook: (no name) - {71509B5D-6E03-4EA8-B7D1-16230F16BE80} - C:\WINDOWS\System32\Ljqfuz.dll
R3 - URLSearchHook: (no name) - {7919A124-C750-4ECC-9E99-FD23D7C9B613} - C:\WINDOWS\System32\Xhhr.dll
R3 - URLSearchHook: (no name) - {401BD693-516D-4634-9CF5-0E281CEC12A0} - C:\WINDOWS\System32\Thgiq.dll
R3 - URLSearchHook: (no name) - {6A468672-9F93-4315-95E1-6D6BE7C632DC} - C:\WINDOWS\System32\Blhbc.dll
R3 - URLSearchHook: (no name) - {DAEBBD3C-D934-4EBB-A9EC-2BF5242CB622} - C:\WINDOWS\System32\Nkct.dll
R3 - URLSearchHook: (no name) - {3A0F5A45-1A9D-409C-94B6-FCEDBDACE92D} - C:\WINDOWS\System32\Uzoqz.dll
R3 - URLSearchHook: (no name) - {23CD0FB2-EC4C-4F89-B37C-5B6A281F7E71} - C:\WINDOWS\System32\Rsgfbc.dll
R3 - URLSearchHook: (no name) - {9BF81A2E-A74E-4B97-8A68-0560262904D5} - C:\WINDOWS\System32\Rravfd.dll
R3 - URLSearchHook: (no name) - {A0007C66-9D6A-40CB-8B49-FE9232AAF82D} - C:\WINDOWS\System32\Arrd.dll
R3 - URLSearchHook: (no name) - {F1CABEDA-3CEA-4D6A-AB0C-CF38CF5F708E} - C:\WINDOWS\System32\Pqbgb.dll
R3 - URLSearchHook: (no name) - {A9688E79-8C90-4274-8C2F-4DAF3E337AD5} - C:\WINDOWS\System32\Cfjxz.dll
R3 - URLSearchHook: (no name) - {04982839-E02D-4D91-831F-4D4487A61405} - C:\WINDOWS\System32\Kasmaf.dll
R3 - URLSearchHook: (no name) - {0B43666D-97C8-4062-B2B7-C323DA0FFA7B} - C:\WINDOWS\System32\Fenqhu.dll
R3 - URLSearchHook: (no name) - {074B647C-907E-41BB-88ED-C652EF61DDD2} - C:\WINDOWS\System32\Mwyve.dll
R3 - URLSearchHook: (no name) - {96AB76A4-8559-497E-8BC4-9A6563EF9FAA} - C:\WINDOWS\System32\Bxfrd.dll
R3 - URLSearchHook: (no name) - {0CA07800-9FA1-41D9-9589-358F6C8FA1E0} - C:\WINDOWS\System32\Pbst.dll
R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr1.dll (file missing)
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O1 - Hosts: 61.129.75.124 mir.100888290cs.com
O1 - Hosts: 61.129.75.124 woool.100888290cs.com
O1 - Hosts: 61.129.75.124 www.mir5173.com
O1 - Hosts: 61.129.75.124 ert0003.e76.163ns.com
O1 - Hosts: 222.73.4.246 www.chenshijituan.com
O1 - Hosts: 59.36.96.132 qq.etsoft.com.cn
O1 - Hosts: 61.129.75.124 www.wg581.com
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\hggdaxw.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: (no name) - {ED0B958B-B7B5-4511-85F4-FC786FBF5C0F} - C:\WINDOWS\System32\awvtr.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O4 - 启动项HKLM\\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [RfwMain] "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [Intranet] C:\WINDOWS\intranet.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [SoundMam] C:\WINDOWS\System32\SVOHOST.exe
O4 - 启动项HKLM\\Run: [Windows Core Kernel Update] C:\WINDOWS\System32\win32bootcfg.exe
O4 - 启动项HKLM\\Run: [defender] C:\\dfndrff_15.exe
O4 - 启动项HKLM\\Run: [keyboard] C:\\kybrdff_17.exe
O4 - 启动项HKLM\\Run: [Generic Host Process9 System Backup] scvhost9.exe
O4 - 启动项HKLM\\Run: [newname] C:\\nwnmff_17.exe
O4 - 启动项HKLM\\Run: [Task Manager Win32] C:\WINDOWS\System32\taskmngr32.exe
O4 - 启动项HKLM\\Run: [Windows Update Manager] taskwiz.exe
O4 - 启动项HKLM\\Run: [Application Layer Gateway Service] C:\WINDOWS\System32\algs.exe
O4 - 启动项HKLM\\RunServices: [Generic Host Process9 System Backup] scvhost9.exe
O4 - 启动项HKLM\\RunServices: [Windows Update Manager] taskwiz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Explore.exe] C:\WINDOWS\explore.exe
O4 - HKCU\..\Run: [Taskmor.exe] C:\WINDOWS\taskmor.exe
O4 - HKCU\..\Run: [Generic Host Process9 System Backup] scvhost9.exe
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O16 - DPF: {2BFAA61B-5C83-4865-8281-D8BDBF863061} (PGEdit Class) - https://www.gnetpg.com/PlugIn/PG_ATL.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC483340-3D6F-45E3-84AA-BD1A502B208D}: NameServer = 202.96.128.86 202.96.128.166

最后编辑2006-09-10 00:02:30
分享到:
gototop
 
westbeck
头像
初生襁褓狮
  • 帖子:3572
  • 注册: 2006-07-27
  • 来自:
发表于: 2006-09-10 00:10 | 短消息 资料
字号: 2楼

病毒太多了,建议重装
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT