用金山毒霸可以清除,但过几分钟又会出现,导致系统越来越慢,特别是在无人值守的情况下与网洛脱机。
急求赐教!!!
Logfile of HijackThis v1.97.6
Scan saved at 23:21:29, on 2003-11-15
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesRealUpdate_OB ealsched.exe
C:WINDOWSSystem32cisvc.exe
C:WINDOWSSystem32ctfmon.exe
C:KAV2003KAVPFW.EXE
C:WINDOWSSystem32inetsrvinetinfo.exe
C:KAV2003KAVSvc.EXE
C:KAV2003KAVSvcUI.exe
C:WINDOWSSystem32 cpsvcs.exe
C:KAV2003KAVPlus.exe
C:KAV2003MailMon.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:WINDOWSSystem32cidaemon.exe
C:WINDOWSSystem32cidaemon.exe
E:下载HijackThis.exe
R3 - URLSearchHook: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:WINDOWSDOWNLO~1CnsHook.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:PROGRA~1COMMON~1RealToolbar ealbar.dll
O2 - BHO: (no name) - {57E91B41-F40A-11D1-B792-444553540000} - D:Program FilesNetAntsAntAPI.dll
O2 - BHO: 3721
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:PROGRA~1FLASHGETjccatch.dll
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:Program FilesXiNet TransportNTIEHelper.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:WINDOWSDOWNLO~1CnsHook.dll
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:PROGRA~1COMMON~1RealToolbar ealbar.dll
O3 - Toolbar: ????? - {A9BE2902-C447-420A-BB7F-A5DE921E6138} - C:KAV2003KAIEPlus.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:PROGRA~1FLASHGETfgiebar.dll
O4 - HKLM..Run: [KAVRun] C:KAV2003KAVRun.EXE
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB ealsched.exe" -o*****oot
O4 - HKLM..Run: [iDuba Personal FireWall] C:KAV2003KAVPFW.EXE
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: NTUSER.DAT.LOG
O4 - Startup: ntuser.ini
O8 - Extra context menu item: &Download by NetAnts - D:PROGRA~1NETANTSNAGet.htm
O8 - Extra context menu item: Download &All by NetAnts - D:PROGRA~1NETANTSNAGetAll.htm
O8 - Extra context menu item: Save解霸实时播放 - d:HEROSOFTHero3000MPURLGET.HTM
O8 - Extra context menu item: 使用影音传送带下载 - D:PROGRA~1XINETTRA~1NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - D:PROGRA~1XINETTRA~1NTAddList.html
O8 - Extra context menu item: 使用网文快捕保存... - D:Program FilesWebCatcherscriptsavex.htm
O8 - Extra context menu item: 使用网文快捕保存当前网页... - D:Program FilesWebCatcherscriptsave.htm
O8 - Extra context menu item: 使用网文快捕保存选中部分... - D:Program FilesWebCatcherscriptsavesel.htm
O8 - Extra context menu item: 使用网际快车下载 - D:Program FilesFlashGetjc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:Program FilesFlashGetjc_all.htm
O8 - Extra context menu item: 解霸实时播放 - d:HEROSOFTHero3000MPURLGET.HTM
O9 - Extra button: NetAnts (HKLM)
O9 - Extra 'Tools' menuitem: &NetAnts (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: QQ (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O10 - Unknown file in Winsock LSP: c:windowsvmaildog.dll
O10 - Unknown file in Winsock LSP: c:windowsvmaildog.dll
O10 - Unknown file in Winsock LSP: c:windowsvmaildog.dll
O10 - Unknown file in Winsock LSP: c:windowsvmaildog.dll
O11 - Options group: [!CNS]
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsof ... AB?37931.1714467593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/p ... s/flash/swflash.cab
--文学城www.wenxuecity.com--
急求赐教!!!
Logfile of HijackThis v1.97.6
Scan saved at 23:21:29, on 2003-11-15
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesRealUpdate_OB ealsched.exe
C:WINDOWSSystem32cisvc.exe
C:WINDOWSSystem32ctfmon.exe
C:KAV2003KAVPFW.EXE
C:WINDOWSSystem32inetsrvinetinfo.exe
C:KAV2003KAVSvc.EXE
C:KAV2003KAVSvcUI.exe
C:WINDOWSSystem32 cpsvcs.exe
C:KAV2003KAVPlus.exe
C:KAV2003MailMon.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:WINDOWSSystem32cidaemon.exe
C:WINDOWSSystem32cidaemon.exe
E:下载HijackThis.exe
R3 - URLSearchHook: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:WINDOWSDOWNLO~1CnsHook.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:PROGRA~1COMMON~1RealToolbar ealbar.dll
O2 - BHO: (no name) - {57E91B41-F40A-11D1-B792-444553540000} - D:Program FilesNetAntsAntAPI.dll
O2 - BHO: 3721
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:PROGRA~1FLASHGETjccatch.dll
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:Program FilesXiNet TransportNTIEHelper.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:WINDOWSDOWNLO~1CnsHook.dll
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:PROGRA~1COMMON~1RealToolbar ealbar.dll
O3 - Toolbar: ????? - {A9BE2902-C447-420A-BB7F-A5DE921E6138} - C:KAV2003KAIEPlus.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:PROGRA~1FLASHGETfgiebar.dll
O4 - HKLM..Run: [KAVRun] C:KAV2003KAVRun.EXE
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB ealsched.exe" -o*****oot
O4 - HKLM..Run: [iDuba Personal FireWall] C:KAV2003KAVPFW.EXE
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: NTUSER.DAT.LOG
O4 - Startup: ntuser.ini
O8 - Extra context menu item: &Download by NetAnts - D:PROGRA~1NETANTSNAGet.htm
O8 - Extra context menu item: Download &All by NetAnts - D:PROGRA~1NETANTSNAGetAll.htm
O8 - Extra context menu item: Save解霸实时播放 - d:HEROSOFTHero3000MPURLGET.HTM
O8 - Extra context menu item: 使用影音传送带下载 - D:PROGRA~1XINETTRA~1NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - D:PROGRA~1XINETTRA~1NTAddList.html
O8 - Extra context menu item: 使用网文快捕保存... - D:Program FilesWebCatcherscriptsavex.htm
O8 - Extra context menu item: 使用网文快捕保存当前网页... - D:Program FilesWebCatcherscriptsave.htm
O8 - Extra context menu item: 使用网文快捕保存选中部分... - D:Program FilesWebCatcherscriptsavesel.htm
O8 - Extra context menu item: 使用网际快车下载 - D:Program FilesFlashGetjc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:Program FilesFlashGetjc_all.htm
O8 - Extra context menu item: 解霸实时播放 - d:HEROSOFTHero3000MPURLGET.HTM
O9 - Extra button: NetAnts (HKLM)
O9 - Extra 'Tools' menuitem: &NetAnts (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: QQ (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O10 - Unknown file in Winsock LSP: c:windowsvmaildog.dll
O10 - Unknown file in Winsock LSP: c:windowsvmaildog.dll
O10 - Unknown file in Winsock LSP: c:windowsvmaildog.dll
O10 - Unknown file in Winsock LSP: c:windowsvmaildog.dll
O11 - Options group: [!CNS]
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsof ... AB?37931.1714467593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/p ... s/flash/swflash.cab
选择“Disable on www.wenxuecity.com”
选择“don't run on pages on this domain”
