1   1  /  1  页   跳转

请版主帮我看看我的电脑

收藏
德国
头像
初生襁褓狮
  • 帖子:37
  • 注册: 2005-10-05
  • 来自:
发表于: 2005-10-23 14:14 | 显示全部 短消息 资料
字号: 1楼

请版主帮我看看我的电脑

请版主帮忙,谢谢!!
Logfile of HijackThis v1.99.1
Scan saved at 14:05:15, on 2005-10-23
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
D:\RISING\RAV\Ravmond.exe
D:\RISING\RAV\RavStub.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
D:\RISING\RAV\CCENTER.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\3721\Dlaccel\YDownloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
D:\RISING\RAV\RAVTIMER.EXE
D:\RISING\RAV\RAVMON.EXE
C:\Program Files\江苏铁通宽带拨号软件\HNMainUI.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\zh-cn\msnappau.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\软件安装\oicq\qq\QQ.exe
D:\软件安装\oicq\qq\TIMPlatform.exe
D:\软件安装\oicq\qq\QQexternal.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\软件安装\新建文件夹\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.367\HijackThis.exe

R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O1 - Hosts: 218.85.133.109www.vodfans.com
O1 - Hosts: 218.85.133.109vodfans.com
O1 - Hosts: 218.85.133.109www.k234.com
O1 - Hosts: 218.85.133.109k234.com
O1 - Hosts: 218.85.133.109www.goodwww.com
O1 - Hosts: 218.85.133.109goodwww.com
O1 - Hosts: 218.85.133.109www.tv66.org
O1 - Hosts: 218.85.133.109tv66.org
O1 - Hosts: 218.85.133.109www.w555.com
O1 - Hosts: 218.85.133.109w555.com
O1 - Hosts: 218.85.133.109www.tkfilm.com
O1 - Hosts: 218.85.133.109tkfilm.com
O1 - Hosts: 218.85.133.109www.163.zhao117.com
O1 - Hosts: 218.85.133.109163.zhao117.com
O1 - Hosts: 218.85.133.109www.v.wg818.com
O1 - Hosts: 218.85.133.109v.wg818.com
O1 - Hosts: 218.85.133.109www.7122.com
O1 - Hosts: 218.85.133.1097122.com
O1 - Hosts: 218.85.133.109www.v.wg818.com
O1 - Hosts: 218.85.133.109v.wg818.com
O1 - Hosts: 218.85.133.109www.hot.3721.com
O1 - Hosts: 218.85.133.109hot.3721.com
O1 - Hosts: 218.85.133.109www.99770.com
O1 - Hosts: 218.85.133.10999770.com
O1 - Hosts: 218.85.133.109www.kk369.net
O1 - Hosts: 218.85.133.109kk369.net
O1 - Hosts: 218.85.133.109www.xunlei.com
O1 - Hosts: 218.85.133.109xunlei.com
O1 - Hosts: 218.85.133.109www.92bt.com
O1 - Hosts: 218.85.133.10992bt.com
O1 - Hosts: 218.85.133.109www.search.onlinedown.net
O1 - Hosts: 218.85.133.109search.onlinedown.net
O1 - Hosts: 218.85.133.109www.ent.da163.net
O1 - Hosts: 218.85.133.109ent.da163.net
O1 - Hosts: 218.85.133.109www.lbxx.net
O1 - Hosts: 218.85.133.109lbxx.net
O1 - Hosts: 218.85.133.109www.44489.com
O1 - Hosts: 218.85.133.10944489.com
O1 - Hosts: 218.85.133.109www.avvip.com
O1 - Hosts: 218.85.133.109avvip.com
O1 - Hosts: 218.85.133.109www.film21cn.com
O1 - Hosts: 218.85.133.109film21cn.com
O1 - Hosts: 218.85.133.109www.y256.com
O1 - Hosts: 218.85.133.109y256.com
O1 - Hosts: 218.85.133.109www.newsw.net
O1 - Hosts: 218.85.133.109newsw.net
O1 - Hosts: 218.85.133.109www.vod99.com
O1 - Hosts: 218.85.133.109vod99.com
O1 - Hosts: 218.85.133.109www.80666666.com
O1 - Hosts: 218.85.133.10980666666.com
O1 - Hosts: 218.85.133.109www.88ty.com
O1 - Hosts: 218.85.133.10988ty.com
O1 - Hosts: 218.85.133.109www.xinglove.com
O1 - Hosts: 218.85.133.109xinglove.com
O1 - Hosts: 218.85.133.109www.99755.com
O1 - Hosts: 218.85.133.10999755.com
O1 - Hosts: 218.85.133.109www.loveba.com
O1 - Hosts: 218.85.133.109loveba.com
O1 - Hosts: 218.85.133.109www.fx120.net
O1 - Hosts: 218.85.133.109fx120.net
O1 - Hosts: 218.85.133.109www.feifanyu.com
O1 - Hosts: 218.85.133.109feifanyu.com
O1 - Hosts: 218.85.133.109www.wg818.com
O1 - Hosts: 218.85.133.109wg818.com
O1 - Hosts: 218.85.133.109www.shan-hua.com.cn
O1 - Hosts: 218.85.133.109shan-hua.com.cn
O1 - Hosts: 218.85.133.109www.7122.com
O1 - Hosts: 218.85.133.1097122.com
O1 - Hosts: 218.85.133.109www.pic21.net
O1 - Hosts: 218.85.133.109pic21.net
O1 - Hosts: 218.85.133.109www.9see.com
O1 - Hosts: 218.85.133.1099see.com
O1 - Hosts: 218.85.133.109www.pztu.com
O1 - Hosts: 218.85.133.109pztu.com
O1 - Hosts: 218.85.133.109www.xunlei.com
O1 - Hosts: 218.85.133.109xunlei.com
O1 - Hosts: 218.85.133.109www.image.yisou.com
O1 - Hosts: 218.85.133.109image.yisou.com
O1 - Hosts: 218.85.133.109www.yes358.com
O1 - Hosts: 218.85.133.109yes358.com
O1 - Hosts: 218.85.133.109www.supsky.com
O1 - Hosts: 218.85.133.109supsky.com
O1 - Hosts: 218.85.133.109www.7c8.com
O1 - Hosts: 218.85.133.1097c8.com
O1 - Hosts: 218.85.133.109www.ccliao.com
O1 - Hosts: 218.85.133.109ccliao.com
O1 - Hosts: 218.85.133.109www.tvliao.com
O1 - Hosts: 218.85.133.109tvliao.com
O1 - Hosts: 218.85.133.109www.dreamdate.com
O1 - Hosts: 218.85.133.109dreamdate.com
O1 - Hosts: 218.85.133.109www.dreamdate.com
O1 - Hosts: 218.85.133.109dreamdate.com
O1 - Hosts: 218.85.133.109www.readnovel.com
O1 - Hosts: 218.85.133.109readnovel.com
O1 - Hosts: 218.85.133.109www.3tom.com
O1 - Hosts: 218.85.133.1093tom.com
O1 - Hosts: 218.85.133.109www.126ww.com
O1 - Hosts: 218.85.133.109126ww.com
O1 - Hosts: 218.85.133.109www.fa123.net
O1 - Hosts: 218.85.133.109fa123.net
O1 - Hosts: 218.85.133.109www.kk119.com


最后编辑2005-10-23 20:19:40
分享到:
gototop
 
德国
头像
初生襁褓狮
  • 帖子:37
  • 注册: 2005-10-05
  • 来自:
发表于: 2005-10-23 14:15 | 显示全部 短消息 资料
字号: 2楼

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v6.dll
O2 - BHO: 搜索助手 - {04844102-FC0B-4f44-9E93-0C4293BB5E80} - C:\Program Files\ydt\ydt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\软件安装\oicq\qq\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ydragsearch.dll
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINNT\system32\stdup.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: YYBHO - {ADE50A7A-C3A1-4F2F-860A-89C7AC525213} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\downlo~1\CnsHook.dll
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\YiSou\yisoub.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\YiSou\yisou.dll (file missing)
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS KHooker] rem C:\WINNT\system32\khooker.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [YDTMain.exe] rem C:\PROGRA~1\ydt\YDTMain.exe
O4 - HKLM\..\Run: [dl_accel] C:\Program Files\3721\Dlaccel\YDownloader.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [WinsSystem] rem C:\Program Files\Internet Explorer\syssmss.exe
O4 - HKLM\..\Run: [LoadQM] rem loadqm.exe
O4 - HKLM\..\Run: [msnappau] rem "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\zh-cn\msnappau.exe"
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [RavTimer] D:\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] D:\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\sp4custom.dll
O4 - HKLM\..\Run: [csrss] C:\WINNT\csrss.exe
O4 - HKLM\..\RunServices: [csrss] C:\WINNT\csrss.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [csrss] C:\WINNT\csrss.exe
O4 - HKCU\..\RunServices: [csrss] C:\WINNT\csrss.exe
O4 - Startup: 江苏铁通宽带拨号软件.lnk = ?
O4 - Startup: 腾讯QQ.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item:  >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL/mms.htm
O8 - Extra context menu item: &使用下载加速专家下载 - C:\Program Files\3721\Dlaccel\geturl.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 推荐给朋友,收藏到亿友响客 - http://x.yeeyoo.com/MouseAdd/
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\软件安装\oicq\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\软件安装\oicq\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\软件安装\oicq\qq\SendMMS.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_changcheng_66125 (file missing)
O9 - Extra button: 江民在线杀毒 - {06926B30-424E-4f1c-8EE3-543CD96573DC} - http://online.jiangmin.com/online.asp (file missing)
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\软件安装\oicq\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\软件安装\oicq\qq\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O16 - DPF: _{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {1F831FA1-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {6EC14D77-72E0-436D-8C04-3BEE5D75B2F1} (VideoOcx Control) - http://www.hcliao.com/room/roomui/videoocx.ocx
O16 - DPF: {7253A666-8D4A-11D7-A4DC-00E04C504779} (BDC Control) - http://chunliao.com/BDC.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday 控件) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {88734439-46D0-42C0-A13F-7E881EE550CF} (Filetran Control) - http://www.bluesky.cn/download/filetran.cab
O16 - DPF: {AE563722-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} (Kingsoft DUBA OnlineScan) - http://zs.kingsoft.com/duba/OCX/KAVClean.CAB
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O16 - DPF: {E689D735-1487-420D-9049-16ED198FE411} (vc Control) - http://www.viruschina.com/free/vco.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview 控件) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {FA7D78BA-3EA7-4E52-B0E2-0772F577E6CC} (VideoOcx Control) - http://u2.hd118.com/chat/roomui/videoocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{05BAB891-84A4-41E0-B916-76D813B2FF09}: NameServer = 69.50.184.85,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A4494FC-2496-4FEE-AA03-244F30506D54}: NameServer = 218.2.135.1 211.98.2.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FBAC216-1691-4BB0-9C3C-CA8958B66737}: NameServer = 69.50.184.85,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{41F95B3C-CD71-409C-A80E-3101E93BF631}: NameServer = 69.50.184.85,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{D810B61E-19C3-4AB2-BE82-16CC7682D24E}: NameServer = 195.95.218.3,85.255.112.5
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{05BAB891-84A4-41E0-B916-76D813B2FF09}: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CS2\Services\Tcpip\..\{05BAB891-84A4-41E0-B916-76D813B2FF09}: NameServer = 195.95.218.3,85.255.112.5
O17 - HKLM\System\CS3\Services\VxD\MSTCP: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CS3\Services\Tcpip\..\{05BAB891-84A4-41E0-B916-76D813B2FF09}: NameServer = 69.50.184.85,195.225.176.31
O17 - HKLM\System\CS4\Services\VxD\MSTCP: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CS4\Services\Tcpip\..\{05BAB891-84A4-41E0-B916-76D813B2FF09}: NameServer = 69.50.184.85,195.225.176.31
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.197,195.225.176.31
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\RISING\RAV\Ravmond.exe
O23 - Service: sytm - Unknown owner - C:\WINNT\G_Server.exe (file missing)
gototop
 
德国
头像
初生襁褓狮
  • 帖子:37
  • 注册: 2005-10-05
  • 来自:
发表于: 2005-10-23 14:22 | 显示全部 短消息 资料
字号: 3楼

我昨晚上结束taskmgr.exe进程后重新启动电脑后QQ尾巴现在没了,但还有其他的一些问题请版主帮忙分析下,谢谢!!
gototop
 
德国
头像
初生襁褓狮
  • 帖子:37
  • 注册: 2005-10-05
  • 来自:
发表于: 2005-10-23 16:49 | 显示全部 短消息 资料
字号: 4楼

谢谢版主,你帮我看看现在没问题了吧?
Logfile of HijackThis v1.99.1
Scan saved at 16:47:05, on 2005-10-23
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
D:\RISING\RAV\Ravmond.exe
D:\RISING\RAV\RavStub.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
D:\RISING\RAV\CCENTER.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\3721\Dlaccel\YDownloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
D:\RISING\RAV\RAVTIMER.EXE
D:\RISING\RAV\RAVMON.EXE
D:\软件安装\oicq\qq\QQ.exe
C:\Program Files\江苏铁通宽带拨号软件\HNMainUI.exe
D:\软件安装\oicq\qq\TIMPlatform.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\zh-cn\msnappau.exe
D:\软件安装\新建文件夹\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.584\HijackThis.exe

R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v6.dll
O2 - BHO: 搜索助手 - {04844102-FC0B-4f44-9E93-0C4293BB5E80} - C:\Program Files\ydt\ydt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\软件安装\oicq\qq\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ydragsearch.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\downlo~1\CnsHook.dll
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\YiSou\yisoub.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\YiSou\yisou.dll (file missing)
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS KHooker] rem C:\WINNT\system32\khooker.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [YDTMain.exe] rem C:\PROGRA~1\ydt\YDTMain.exe
O4 - HKLM\..\Run: [dl_accel] C:\Program Files\3721\Dlaccel\YDownloader.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [LoadQM] rem loadqm.exe
O4 - HKLM\..\Run: [msnappau] rem "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\zh-cn\msnappau.exe"
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [RavTimer] D:\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] D:\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: 江苏铁通宽带拨号软件.lnk = ?
O4 - Startup: 腾讯QQ.lnk = ?
O8 - Extra context menu item: &使用下载加速专家下载 - C:\Program Files\3721\Dlaccel\geturl.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 推荐给朋友,收藏到亿友响客 - http://x.yeeyoo.com/MouseAdd/
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\软件安装\oicq\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\软件安装\oicq\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\软件安装\oicq\qq\SendMMS.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_changcheng_66125 (file missing)
O9 - Extra button: 江民在线杀毒 - {06926B30-424E-4f1c-8EE3-543CD96573DC} - http://online.jiangmin.com/online.asp (file missing)
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\软件安装\oicq\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\软件安装\oicq\qq\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O16 - DPF: _{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {1F831FA1-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {6EC14D77-72E0-436D-8C04-3BEE5D75B2F1} (VideoOcx Control) - http://www.hcliao.com/room/roomui/videoocx.ocx
O16 - DPF: {7253A666-8D4A-11D7-A4DC-00E04C504779} (BDC Control) - http://chunliao.com/BDC.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday 控件) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {88734439-46D0-42C0-A13F-7E881EE550CF} (Filetran Control) - http://www.bluesky.cn/download/filetran.cab
O16 - DPF: {AE563722-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} (Kingsoft DUBA OnlineScan) - http://zs.kingsoft.com/duba/OCX/KAVClean.CAB
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O16 - DPF: {E689D735-1487-420D-9049-16ED198FE411} (vc Control) - http://www.viruschina.com/free/vco.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview 控件) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {FA7D78BA-3EA7-4E52-B0E2-0772F577E6CC} (VideoOcx Control) - http://u2.hd118.com/chat/roomui/videoocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{05BAB891-84A4-41E0-B916-76D813B2FF09}: NameServer = 69.50.184.85,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A4494FC-2496-4FEE-AA03-244F30506D54}: NameServer = 218.2.135.1 211.98.2.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FBAC216-1691-4BB0-9C3C-CA8958B66737}: NameServer = 69.50.184.85,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{41F95B3C-CD71-409C-A80E-3101E93BF631}: NameServer = 69.50.184.85,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{D810B61E-19C3-4AB2-BE82-16CC7682D24E}: NameServer = 195.95.218.3,85.255.112.5
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{05BAB891-84A4-41E0-B916-76D813B2FF09}: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CS2\Services\Tcpip\..\{05BAB891-84A4-41E0-B916-76D813B2FF09}: NameServer = 195.95.218.3,85.255.112.5
O17 - HKLM\System\CS3\Services\VxD\MSTCP: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CS3\Services\Tcpip\..\{05BAB891-84A4-41E0-B916-76D813B2FF09}: NameServer = 69.50.184.85,195.225.176.31
O17 - HKLM\System\CS4\Services\VxD\MSTCP: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CS4\Services\Tcpip\..\{05BAB891-84A4-41E0-B916-76D813B2FF09}: NameServer = 69.50.184.85,195.225.176.31
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.197,195.225.176.31
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\RISING\RAV\Ravmond.exe
gototop
 
德国
头像
初生襁褓狮
  • 帖子:37
  • 注册: 2005-10-05
  • 来自:
发表于: 2005-10-23 17:00 | 显示全部 短消息 资料
字号: 5楼

找不到C:\PROGRA~1\MMSASS~1这文件夹
gototop
 
德国
头像
初生襁褓狮
  • 帖子:37
  • 注册: 2005-10-05
  • 来自:
发表于: 2005-10-23 17:54 | 显示全部 短消息 资料
字号: 6楼

版主是否要把C:\Program Files\MMSAssist这个文件夹删掉?另外还有个问题请教下:
我用木马杀客清除木马,每次都是这样的提示,这是怎么回事啊?对电脑有没影响的啊?怎样才能解决啊?谢谢!!
内存监控中......
开始准备杀毒引擎...
开始扫描内存进程...
扫描内存进程 35 个
扫描内存进程完成,没有发现木马.

开始扫描内存模块...
扫描内存模块 259 个
扫描内存模块完成,没有发现木马.

开始扫描硬盘分区C:...
硬盘中发现木马!-=>CNNIC.liumang.adware #3074
C:\WINNT\Downloaded Program Files\CnsHook.dll
木马在硬盘清除失败!木马可能还在内存中运行
C:\WINNT\Downloaded Program Files\CnsHook.dll

硬盘中发现木马!-=>3721.liumang.adware #2348
C:\WINNT\Downloaded Program Files\CnsMin.dll
木马在硬盘清除成功!
C:\WINNT\Downloaded Program Files\CnsMin.dll

硬盘中发现木马!-=>3721.liumang.adware #2142
C:\WINNT\system32\cns.exe
木马在硬盘清除成功!
C:\WINNT\system32\cns.exe

硬盘中发现木马!-=>3721.liumang.adware #2357
C:\WINNT\system32\drivers\CnsMinKP.sys
木马在硬盘清除成功!
C:\WINNT\system32\drivers\CnsMinKP.sys

硬盘分区C:扫描完成.
开始扫描硬盘分区D:...
硬盘分区D:扫描完成.
扫描文件45677个 发现木马4个.
gototop
 
德国
头像
初生襁褓狮
  • 帖子:37
  • 注册: 2005-10-05
  • 来自:
发表于: 2005-10-23 20:19 | 显示全部 短消息 资料
字号: 7楼

谢谢版主
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT