又有一个新问题了.救命!!

wujinbin52 · 发表于 2006-8-24 00:12:58

什么都能打开了..但是只有上网战的那个打不开。.还有每次开始都弹出一个找不开1的文件.请单击开始
查找..是什么回事?就这个上网的打不开。..要想打开就等重启让那个找不到1的弹出来...才能打开上网站的这个...老毛桃和6618两问大虾在救救我吧

还有那个特咯伊木马要怎么杀啊???教教我!!!

[ 本帖最后由 wujinbin52 于 2006-8-24 12:14 AM 编辑 ]

6618 · 发表于 2006-8-24 00:15:08

用你刚才下载的hijackthis扫描机子，把日志传上来。

wujinbin52 · 发表于 2006-8-24 00:18:55

怎么还没扫描了.就自己关了?

wujinbin52 · 发表于 2006-8-24 00:27:30

怎么现在我下载的东西.一打开就自己关了>?大虾!救命

6618 · 发表于 2006-8-24 00:35:05

病毒仍未清除干净，用我上传的hijackthis看能否打开，附件中下载：

wujinbin52 · 发表于 2006-8-24 00:38:33

Logfile of HijackThis v1.99.0
Scan saved at 0:42:31, on 2006-8-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Herosoft\HeroV8\SysExplr.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Realplayer.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\WinRAR\WinRAR.exe
F:\计算机资料\桌面\hijackthis.scr

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
F2 - REG:system.ini: Shell=Explorer.exe 1
F3 - REG:win.ini: load=C:\WINDOWS\system32\bd9ica7.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\userint.exe
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v6.dll
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - E:\kugou\KuGoo3DownXControl.ocx
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\system\bd9oca70.dll
O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O4 - HKLM\..\Run: [KAVPersonal50] "d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe
O4 - HKLM\..\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - HKLM\..\Run: [intranet] C:\WINDOWS\system32\intranet.exe
O4 - HKLM\..\Run: [Desktop] C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
O4 - HKLM\..\Run: [wdfmgr32] C:\WINDOWS\system32\wdfmgr32.exe
O4 - HKLM\..\Run: [SysExplr] C:\Herosoft\HeroV8\SysExplr.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe
O4 - Global Startup: IE-Bar.lnk = C:\Program Files\Common Files\IE-Bar\iebar.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - E:\kugou\KuGoo3DownX.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
O8 - Extra context menu item: 雅虎搜索 - res://C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll/203
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS] 网络实名
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D0F8759-1C0A-477C-B95E-BDEBE125B576}: NameServer = 61.137.94.195 61.137.94.196
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D0F8759-1C0A-477C-B95E-BDEBE125B576}: NameServer = 61.137.94.195 61.137.94.196
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\system\bd9dca70.dll
O23 - Service: kavsvc - Kaspersky Lab - d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

下步要怎么做?

6618 · 发表于 2006-8-24 00:50:34

你等等，病毒不少，看到我眼都花了，等会给你答案。

wujinbin52 · 发表于 2006-8-24 00:51:48

好的。麻烦你了。6618大虾

6618 · 发表于 2006-8-24 01:05:32

你的机子中了几种毒，你的卡巴司机杀毒软件都搞不定它。其中的“落雪”病毒是新病毒，前段时间我也中过（我是没装杀毒软件的，现在也没装），这里传一个KV的专杀工具给你，你先用它来杀毒试试，杀完后再用hijcakthis直接修复下面的选项，修完后，再扫描，再把日志传上来，让我看看杀干净了没有（注：你的机子的病毒不易杀，可能要杀几次）
:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
F2 - REG:system.ini: Shell=Explorer.exe 1
F3 - REG:win.ini: load=C:\WINDOWS\system32\bd9ica7.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\userint.exe
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\system\bd9oca70.dll
O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - HKLM\..\Run: [intranet] C:\WINDOWS\system32\intranet.exe
O4 - HKLM\..\Run: [Desktop] C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
O4 - Global Startup: IE-Bar.lnk = C:\Program Files\Common Files\IE-Bar\iebar.exe
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\system\bd9dca70.dll

wujinbin52 · 发表于 2006-8-24 01:19:23

Logfile of HijackThis v1.99.0
Scan saved at 1:23:45, on 2006-8-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\Realplayer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
F:\计算机资料\桌面\hijackthis.scr

O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe
O4 - HKCU\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS] 网络实名
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D0F8759-1C0A-477C-B95E-BDEBE125B576}: NameServer = 61.137.94.195 61.137.94.196
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D0F8759-1C0A-477C-B95E-BDEBE125B576}: NameServer = 61.137.94.195 61.137.94.196

wujinbin52 · 发表于 2006-8-24 01:20:19

晚上辛苦你了６６１８大虾．．．

朋友不用客气，我经常很晚才睡！这几天我都放假，明天不用上班！

[ 本帖最后由 6618 于 2006-8-24 01:29 AM 编辑 ]

6618 · 发表于 2006-8-24 01:27:12

已经好了很多了,还有下面的这个也是病毒Realplayer.exe（伪装Realplayer.exe,正常不是在system32下的），用hijackthis直接修复下面的选项，然后再用hijackthish扫描机子，再把日志传上来让我看看杀干净了没有！
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe
O4 - HKCU\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS] 网络实名

[ 本帖最后由 6618 于 2006-8-24 02:30 AM 编辑 ]

wujinbin52 · 发表于 2006-8-24 01:30:46

Logfile of HijackThis v1.99.0
Scan saved at 1:35:07, on 2006-8-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\计算机资料\桌面\hijackthis.scr

O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe
O4 - HKCU\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe
O11 - Options group: [!CNS] 网络实名

好象少了很多啊．．．谢谢你啊．．．辛苦你了

6618 · 发表于 2006-8-24 01:37:04

O4 - HKLM\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe
O4 - HKCU\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe

还有上面的没杀掉，你到下面的网址把KILLBOX下载下来，那一帖5楼和6楼有说怎么使用KILLBOX的，你要这个路径粘上去C:\WINDOWS\system32\Realplayer.exe

http://bbs.wuyou.net/forum.php?m ... &extra=page%3D4

wujinbin52 · 发表于 2006-8-24 01:40:11

你说的那贴已经看不了．．．不如你在告诉我去那下吧！

6618 · 发表于 2006-8-24 01:42:06

不可能啊，我试了还行的，你再试多几次，可能是暂时的网络问题，不行再跟帖。我上传给你。
http://bbs.wuyou.net/forum.php?m ... &extra=page%3D4

[ 本帖最后由 6618 于 2006-8-24 01:43 AM 编辑 ]

wujinbin52 · 发表于 2006-8-24 01:43:19

以下是6618私人给的东东：
先用KILLBOX删掉msibm.dll，重启删除后，再用我给的批处理删除相关的病毒，最后运行MSCONFIG去掉病毒在注册表中的自启项，这两个东东在附件中下载，KILLBOX的使用方法看下帖：

附件: 您所在的用户组无法下载或查看附件

那贴是这样显示的。我重上了好几次还是不行

6618 · 发表于 2006-8-24 01:47:44

那是因为你再打开那个网页时你是以客人的身份登陆的，那就这样吧，你等等我，我把KILLBOX和用法传上来，因用法要我自已再帖图，所以朋友你要等一会。

6618 · 发表于 2006-8-24 01:52:39

请看附件和看图：

magictek · 发表于 2006-8-24 16:26:28

哈哈，6618每次都叫人扫描，我每次都叫别人重做

6618 · 发表于 2006-8-25 01:09:28

原帖由 magictek 于 2006-8-24 04:26 PM 发表
哈哈，6618每次都叫人扫描，我每次都叫别人重做

哈哈————————————————

147600850 · 发表于 2006-9-5 18:10:18

我看了很多6618的处理方法,大部分都是清楚病毒为基础,,在不装系统的情况下,还有没有,更好的维护

董立群 · 发表于 2006-9-12 23:43:47

刚装机那会儿，我一个星期至少重装三次系统，现在的系统快有三年没有重装了，依然很好。

一遇到问题就重装，结果下次还是没招，会失去许多长进的机会。我最惨的一次三天没睡觉，最后终于解决了问题，心中好生得意，呵呵。

[ 本帖最后由董立群于 2006-9-12 11:45 PM 编辑 ]

dgxhls · 发表于 2006-9-13 00:38:06

原帖由 magictek 于 2006-8-24 04:26 PM 发表
哈哈，6618每次都叫人扫描，我每次都叫别人重做

高人各有各的必杀技！

rock_boy · 发表于 2006-9-13 01:15:29

帮忙看看我的，谢谢啦
Logfile of HijackThis v1.99.0
Scan saved at 1:14:11, on 2006-9-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
e:\Program Files\Rising\Rav\RavService.exe
E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
e:\Program Files\文件加密大师\SVOHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
E:\Program Files\Rising\Rav\RavTray.exe
E:\Program Files\Rising\Rav\RavTimer.exe
E:\Program Files\Rising\Rav\RavMon.exe
E:\Program Files\比特精灵\BitSpirit.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\桌面翠鸟.exe
E:\Program Files\泡泡鼠标\泡泡鼠标.EXE
E:\Program Files\桌面小猫\养猫.exe
E:\Program Files\Tencent\TT\TTraveler.exe
E:\Program Files\Tencent\QQ\QQ.exe
e:\Program Files\Tencent\QQ\TIMPlatform.exe
E:\Program Files\木马杀客\mmsk.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\y\LOCALS~1\Temp\Rar$DI00.078\hijackthis.scr

R3 - URLSearchHook: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
R3 - URLSearchHook: (no name) - {F089B932-1435-43CE-8BEB-C8A373D596BE} - C:\WINDOWS\system32\Hvfnrv.dll
R3 - URLSearchHook: (no name) - {F4CD275C-95A8-444C-96F6-429CDEBBFDBA} - C:\WINDOWS\system32\Jwkytu.dll
R3 - URLSearchHook: (no name) - {89CBB1BD-D303-46B9-9952-C590E1AD86D1} - C:\WINDOWS\system32\Kihnn.dll
R3 - URLSearchHook: (no name) - {E063B532-547E-4DE1-BDC1-8FBE588AE1AB} - C:\WINDOWS\system32\Xfysy.dll
R3 - URLSearchHook: (no name) - {EDEBAE1F-1379-4883-ABF5-23544F3F5321} - C:\WINDOWS\system32\Xlftv.dll
R3 - URLSearchHook: (no name) - {9E3E8222-7A9E-41B9-9619-18D83F80A46D} - C:\WINDOWS\system32\Mwnvb.dll
R3 - URLSearchHook: (no name) - {45BC37BF-67DE-4820-8DF2-13A457B624BB} - C:\WINDOWS\system32\Jfgsq.dll
R3 - URLSearchHook: (no name) - {C5D79CAD-0B8D-409B-A4BC-1745415BCAAD} - C:\WINDOWS\system32\Sumumx.dll
R3 - URLSearchHook: (no name) - {80610DCC-2352-4DFE-8FFD-EDBAD5D97484} - C:\WINDOWS\system32\Xinm.dll
R3 - URLSearchHook: (no name) - {A4F78DDD-8524-45F4-8674-7603CB25D103} - C:\WINDOWS\system32\Mkaymj.dll
R3 - URLSearchHook: (no name) - {C961B400-DA88-435C-9CA2-22CFAFCDC62F} - C:\WINDOWS\system32\Buphos.dll
R3 - URLSearchHook: (no name) - {FF31C09B-F98F-460B-9A6E-B40AE183D057} - C:\WINDOWS\system32\Qmqk.dll
R3 - URLSearchHook: (no name) - {79B2CC31-B6C9-455C-BEAE-3C69B77F225A} - C:\WINDOWS\system32\Xvhg.dll
R3 - URLSearchHook: (no name) - {B19B0D90-93B3-4E44-9CC0-AA9F99DC89D7} - C:\WINDOWS\system32\Xnqv.dll
R3 - URLSearchHook: (no name) - {48AB1B7A-F88E-4886-83D7-4522F63EB286} - C:\WINDOWS\system32\Giucp.dll
R3 - URLSearchHook: (no name) - {A2AC2832-58A4-43A5-9E6E-F6F7FB73BC08} - C:\WINDOWS\system32\Qucy.dll
R3 - URLSearchHook: (no name) - {CD9FFAA1-819E-4165-ABE6-B4FC7E4FBB58} - C:\WINDOWS\system32\Esnu.dll
R3 - URLSearchHook: (no name) - {5B9D2E35-C035-4602-BDC2-DD2ACFC55741} - C:\WINDOWS\system32\Xhob.dll
R3 - URLSearchHook: (no name) - {7A2F4E6A-DE1F-41C4-B29C-FF93214AB0F8} - C:\WINDOWS\system32\Iavpj.dll
R3 - URLSearchHook: (no name) - {6C32CE86-8247-4FC3-AB13-B68115A71094} - C:\WINDOWS\system32\Eeino.dll
R3 - URLSearchHook: (no name) - {B7AE0C81-C9FA-43FC-87F1-7F4E9DAD4AC7} - C:\WINDOWS\system32\Zokwb.dll
R3 - URLSearchHook: (no name) - {8E54760F-FC3E-4E3D-9096-3F391A4667F9} - C:\WINDOWS\system32\Vyihxn.dll
R3 - URLSearchHook: (no name) - {431BEC06-6C92-44EC-96AD-09509EB797DE} - C:\WINDOWS\system32\Mamjx.dll
R3 - URLSearchHook: (no name) - {D6DC38C9-7858-4362-9A56-0AD04B174FD2} - C:\WINDOWS\system32\Ojtjku.dll
R3 - URLSearchHook: (no name) - {E007518C-34DF-450A-A7F3-59BB0EF131F7} - C:\WINDOWS\system32\Dyun.dll
R3 - URLSearchHook: (no name) - {8C0FDB94-B4CE-474C-8DCF-7ED0DDD63E89} - C:\WINDOWS\system32\Lmyj.dll
R3 - URLSearchHook: (no name) - {A56E7590-491B-4AA7-A526-7A404B2C07B3} - C:\WINDOWS\system32\Lzww.dll
R3 - URLSearchHook: (no name) - {469FB2B9-F282-47F0-BACD-ADB404A3EC34} - C:\WINDOWS\system32\Fzuyu.dll
R3 - URLSearchHook: (no name) - {6068E9E7-DF08-4735-9B7D-8AB0A06C6682} - C:\WINDOWS\system32\Zqynvn.dll
R3 - URLSearchHook: (no name) - {D634C96E-60F0-4A67-8081-34F30E6163E8} - C:\WINDOWS\system32\Rwuaw.dll
R3 - URLSearchHook: (no name) - {96E73EC4-6CFF-4092-B4B7-ED2F5F081D3F} - C:\WINDOWS\system32\Eerk.dll
R3 - URLSearchHook: (no name) - {CBD0A2BB-9B36-420C-B5E5-EF32E9BB43E0} - C:\WINDOWS\system32\Kufgnw.dll
R3 - URLSearchHook: (no name) - {69FEBC02-4E36-434B-A0F9-D4ACE83BA2A0} - C:\WINDOWS\system32\Yrdb.dll
R3 - URLSearchHook: (no name) - {5C828140-6175-4E41-A00F-A77A7ADFBE23} - C:\WINDOWS\system32\Wecozq.dll
R3 - URLSearchHook: (no name) - {E9626003-4143-4FF3-8B06-59C6FE2714EA} - C:\WINDOWS\system32\Rhhs.dll
R3 - URLSearchHook: (no name) - {4F1A2DD5-2158-44C4-B8C7-4DCCA6C37D8F} - C:\WINDOWS\system32\Rccynv.dll
R3 - URLSearchHook: (no name) - {D466DC51-B546-4A0F-9E5B-31B4EE5DD4B4} - C:\WINDOWS\system32\Scil.dll
R3 - URLSearchHook: (no name) - {A5F3EC8B-369A-446D-AA4C-55D752A6A053} - C:\WINDOWS\system32\Nruw.dll
R3 - URLSearchHook: (no name) - {E8D9FAED-6FC2-4BDA-B6E2-0772EDA3F228} - C:\WINDOWS\system32\Ktjvji.dll
R3 - URLSearchHook: (no name) - {45B4A125-95A2-4BCA-81E6-3B0374AAB8F7} - C:\WINDOWS\system32\Erghbg.dll
R3 - URLSearchHook: (no name) - {CFE6F666-313B-42F9-883C-8FE2635D4A6B} - C:\WINDOWS\system32\Ifkh.dll
R3 - URLSearchHook: (no name) - {184F60A1-E16C-4693-BD9F-1C9075EDC1E4} - C:\WINDOWS\system32\Rkhfx.dll
R3 - URLSearchHook: (no name) - {A974F46C-F2FD-45A7-80C1-48F070E995C8} - C:\WINDOWS\system32\Yrbv.dll
R3 - URLSearchHook: (no name) - {30399267-0F87-468B-B94B-DD9E2A389672} - C:\WINDOWS\system32\Ikqzf.dll
R3 - URLSearchHook: (no name) - {4C6036B6-2252-4BB3-9486-62484827391E} - C:\WINDOWS\system32\Dqtof.dll
R3 - URLSearchHook: (no name) - {5A6AB808-9A5D-4860-9110-CF108906CEB4} - C:\WINDOWS\system32\Jmaik.dll
R3 - URLSearchHook: (no name) - {5D9FBF8C-AD5F-42C4-88E3-259469CBBDD9} - C:\WINDOWS\system32\Plcrt.dll
R3 - URLSearchHook: (no name) - {A8077052-2D82-4054-B2F7-6AFD4919F101} - C:\WINDOWS\system32\Ptmot.dll
R3 - URLSearchHook: (no name) - {1404D81A-5C2E-4DF6-BCBE-ED1529E78C2C} - C:\WINDOWS\system32\Zfuev.dll
R3 - URLSearchHook: (no name) - {5036FD91-554B-416F-87A3-010437F82721} - C:\WINDOWS\system32\Lpcfbh.dll
R3 - URLSearchHook: (no name) - {C700C4EB-A126-4114-86C2-32A494CAEFD3} - C:\WINDOWS\system32\Ujewuw.dll
R3 - URLSearchHook: (no name) - {93C7C07A-29BB-4995-96EE-DDFC4BA2C7C5} - C:\WINDOWS\system32\Vddvug.dll
R3 - URLSearchHook: (no name) - {2B827248-B17F-4C4C-8FA4-36A6109539D0} - C:\WINDOWS\system32\Lekjc.dll
R3 - URLSearchHook: (no name) - {E84C71E0-EE8C-406A-9FD8-56AC1DCA7CC2} - C:\WINDOWS\system32\Ivgnc.dll
R3 - URLSearchHook: (no name) - {24A5D34E-842C-4EFC-9825-D734897FF610} - C:\WINDOWS\system32\Zvavch.dll
R3 - URLSearchHook: (no name) - {2DCA2231-4E65-4FCD-ADB5-3085716C9EC5} - C:\WINDOWS\system32\Crprf.dll
R3 - URLSearchHook: (no name) - {1A90938F-2540-4345-835D-9E614E9019E9} - C:\WINDOWS\system32\Yaxic.dll
R3 - URLSearchHook: (no name) - {499A175D-B56F-41E9-9ED9-85C2170042A8} - C:\WINDOWS\system32\Asdhue.dll
R3 - URLSearchHook: (no name) - {09DBE03B-54D5-469B-883D-DE3D9A23B54B} - C:\WINDOWS\system32\Wlmi.dll
R3 - URLSearchHook: (no name) - {53310471-A14F-4F27-A9E2-0E41D2531E7A} - C:\WINDOWS\system32\Lbat.dll
R3 - URLSearchHook: (no name) - {B41A7EC8-A0C4-4430-BD60-096A11D103FE} - C:\WINDOWS\system32\Gqcvsi.dll
R3 - URLSearchHook: (no name) - {97C674B2-A7F4-4418-AE4F-146D9FEA2AA2} - C:\WINDOWS\system32\Zwxw.dll
R3 - URLSearchHook: (no name) - {0E138B8F-D322-48FC-9FA3-ECB539B975A0} - C:\WINDOWS\system32\Hvoew.dll
R3 - URLSearchHook: (no name) - {C5D6DA11-0FA4-4665-8160-D702BF30B1AB} - C:\WINDOWS\system32\Kivz.dll
R3 - URLSearchHook: (no name) - {B6996FD6-C657-490C-82F0-033EB331A192} - C:\WINDOWS\system32\Sgly.dll
R3 - URLSearchHook: (no name) - {2FBC7DB5-8D81-42E8-A48F-6A507048CBBF} - C:\WINDOWS\system32\Ilbhnb.dll
R3 - URLSearchHook: (no name) - {6F7FF839-DE95-4596-83C9-5D5B14396402} - C:\WINDOWS\system32\Qawovb.dll
R3 - URLSearchHook: (no name) - {32725F0C-582B-42F6-916E-EC0981D906F2} - C:\WINDOWS\system32\Nagamq.dll
R3 - URLSearchHook: (no name) - {0036D0EE-0CC4-4C03-9C77-5F9E0FE4990D} - C:\WINDOWS\system32\Npci.dll
R3 - URLSearchHook: (no name) - {3347A2E0-3A04-4543-BB89-CD3F342FEEB4} - C:\WINDOWS\system32\Ywpt.dll
R3 - URLSearchHook: (no name) - {561B431A-FB18-43B3-AF4C-357A90A148F2} - C:\WINDOWS\system32\Mgata.dll
R3 - URLSearchHook: (no name) - {E66DEEA7-4934-4FDA-A53E-2E928D73BDA8} - C:\WINDOWS\system32\Awapkh.dll
R3 - URLSearchHook: (no name) - {CB460921-90ED-452A-8629-CD8EDBF436FE} - C:\WINDOWS\system32\Nahiy.dll
R3 - URLSearchHook: (no name) - {DCF1BFF7-9C73-41CB-90A3-8160FF8C160C} - C:\WINDOWS\system32\Bzspwv.dll
R3 - URLSearchHook: (no name) - {E7E3983E-EDD6-42D9-ACAC-098F3887D211} - C:\WINDOWS\system32\Izxav.dll
R3 - URLSearchHook: (no name) - {7C154726-A5AB-4574-BB8B-18A4FF84ED55} - C:\WINDOWS\system32\Dftz.dll
R3 - URLSearchHook: (no name) - {32E3AD0B-8301-4C23-9F7A-5090EA774096} - C:\WINDOWS\system32\Gzilbg.dll
R3 - URLSearchHook: (no name) - {95160E91-BB18-4709-897F-941E41D19498} - C:\WINDOWS\system32\Yulpj.dll
R3 - URLSearchHook: (no name) - {5DD62D6F-E715-4530-886B-D7ECC2A55469} - C:\WINDOWS\system32\Xrjyk.dll
R3 - URLSearchHook: (no name) - {199D7B88-CBB5-4C21-8109-ABABBD7F1EFC} - C:\WINDOWS\system32\Tphf.dll
R3 - URLSearchHook: (no name) - {89CAF991-EB08-42B0-85B8-1CBFD4A453B7} - C:\WINDOWS\system32\Qoaqs.dll
R3 - URLSearchHook: (no name) - {AF01D386-AC71-4C15-BD74-DB41B1B1AD81} - C:\WINDOWS\system32\Enlt.dll
R3 - URLSearchHook: (no name) - {FF7FF065-80DB-40D7-B9E1-B6EB8C324A17} - C:\WINDOWS\system32\Nsql.dll
R3 - URLSearchHook: (no name) - {CA27FBEE-E9A6-4164-8E81-70AC5AF3FF07} - C:\WINDOWS\system32\Gxspl.dll
R3 - URLSearchHook: (no name) - {32249DE5-B338-467E-8AE8-01CC6AFBDE19} - C:\WINDOWS\system32\Kaayy.dll
R3 - URLSearchHook: (no name) - {191145AB-F515-4A03-A767-BF091F5B7717} - C:\WINDOWS\system32\Gblgvm.dll
R3 - URLSearchHook: (no name) - {57994368-3027-4619-8EA6-4A50C75680B1} - C:\WINDOWS\system32\Sykimy.dll
R3 - URLSearchHook: (no name) - {8A5452EF-EBF7-4FCC-B6D6-50E3696DF1F7} - C:\WINDOWS\system32\Xlwoi.dll
R3 - URLSearchHook: (no name) - {C8E2A573-AB0C-416A-B626-30781263B328} - C:\WINDOWS\system32\Kxrwxe.dll
R3 - URLSearchHook: (no name) - {F1122705-7153-4634-86FA-31178FAE62F4} - C:\WINDOWS\system32\Asidp.dll
R3 - URLSearchHook: (no name) - {2492A69D-E776-40B3-81B4-12A664636FF7} - C:\WINDOWS\system32\Tzrcyo.dll
R3 - URLSearchHook: (no name) - {1B72E91B-306E-444B-99D3-D7310F7A5CDF} - C:\WINDOWS\system32\Oyte.dll
R3 - URLSearchHook: (no name) - {664A4041-A98F-48B2-B457-3A0382C4FA3A} - C:\WINDOWS\system32\Tpwsf.dll
R3 - URLSearchHook: (no name) - {DE09526A-02AB-407D-8B87-C088D80D72D1} - C:\WINDOWS\system32\Jcvm.dll
R3 - URLSearchHook: (no name) - {E3FA49F9-1133-4FEC-BBFF-DD305E2917B2} - C:\WINDOWS\system32\Ooevby.dll
R3 - URLSearchHook: (no name) - {5FEB75DE-3FC2-443D-85F5-E59BF53F6DCB} - C:\WINDOWS\system32\Oazux.dll
R3 - URLSearchHook: (no name) - {2074E5B8-9243-4DE8-89F7-EDF176B7BBA8} - C:\WINDOWS\system32\Gkfbk.dll
R3 - URLSearchHook: (no name) - {F5557D6C-9998-4E40-9E87-0A3875466840} - C:\WINDOWS\system32\Koswm.dll
R3 - URLSearchHook: (no name) - {326D4ED6-15F5-43D2-87A0-D14886F86E9D} - C:\WINDOWS\system32\Iqkxa.dll
R3 - URLSearchHook: (no name) - {72994AFF-6E02-4C6D-B041-BEB3660E4770} - C:\WINDOWS\system32\Ylnr.dll
R3 - URLSearchHook: (no name) - {6BE2EFF1-C4C1-4E66-B408-4904E76C23DC} - C:\WINDOWS\system32\Npgzd.dll
R3 - URLSearchHook: (no name) - {384FC07D-6E20-4E9C-BCD1-28A2581E2AB3} - C:\WINDOWS\system32\Uuooi.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,"e:\Program Files\文件加密大师\SVOHOST.EXE" un userinit.exe
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {384FC07D-6E20-4E9C-BCD1-28A2581E2AB3} - C:\WINDOWS\system32\Uuooi.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - e:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - E:\Program Files\超级兔子\haokanbar.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Program Files\Baidu\Bar\BaiduBar.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - E:\Program Files\Kingsoft\FastAIT 2006\IEBand.dll
O3 - Toolbar: (no name) - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - (no file)
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - E:\Program Files\超级兔子\haokanbar.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files\Baidu\Bar\BaiduBar.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [RavTray] e:\Program Files\Rising\Rav\RavTray.exe
O4 - HKLM\..\Run: [RavTimer] e:\Program Files\Rising\Rav\RavTimer.exe
O4 - HKLM\..\Run: [RavMon] e:\Program Files\Rising\Rav\RavMon.exe -system
O4 - HKLM\..\Run: [CBitSpirit] "E:\Program Files\比特精灵\BitSpirit.exe" /start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 桌面翠鸟.exe.lnk = ?
O4 - Startup: 泡泡鼠标.EXE.lnk = ?
O4 - Startup: MeowPal.LNK = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - E:\Program Files\比特精灵\bsurl.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra 'Tools' menuitem: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - e:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - e:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - e:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - e:\Program Files\Tencent\QQ\QQIEHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7876ED8F-F176-4BF0-9689-06AAEC89BA8B}: NameServer = 202.106.46.151 202.106.0.20
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: RavService - Beijing Rising Technology Co., Ltd. - e:\Program Files\Rising\Rav\RavService.exe
O23 - Service: Rising Process Communication Center - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe

kkly · 发表于 2006-9-14 21:38:29

楼上的一溜R3 - URLSearchHook:都该清理，还有
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,"e:\Program Files\文件加密大师\SVOHOST.EXE" un userinit.exe
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {384FC07D-6E20-4E9C-BCD1-28A2581E2AB3} - C:\WINDOWS\system32\Uuooi.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

用３６０安全卫士搞一下吧，系统里很多流氓软件

rock_boy · 发表于 2006-9-15 02:36:34

我试试吧，谢谢

		自动登录	找回密码
密码			注册