show |
2005-09-28 12:58 |
偶是新手,前几天上机老弹出广告,发现是DUDU加速器的缘故,却怎么删都删不了~!!! 还有可能是朋友浏览了什么网站,现在又多出了个酷猴(KUHO)的`!!!删了后下次重启它有鬼魂般出现! 望各大虾救救小弟~! 用HijackThis扫描日记结果见下: Logfile of HijackThis v1.99.1 Scan saved at 12:55:03, on 2005-9-28 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe g:\KAV2005\KWatch.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe g:\KAV2005\KPfwSvc.EXE C:\Program Files\mst software\mst Defrag\mstDfrgS.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\svchost_ts015.exe G:\KAV2005\KAVStart.exe C:\WINDOWS\system32\ctfmon.exe G:\KAV2005\KavPFW.exe G:\KAV2005\KMailMon.EXE C:\WINDOWS\system32\msiexec.exe C:\DOCUME~1\SovieT\LOCALS~1\Temp\remotesetup.exe C:\Program Files\Kuho\dudupros.exe C:\Program Files\Kuho\kuho.exe E:\Maxthon\Maxthon.exe E:\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v5.dll O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\system32\NaviHelper.dll (file missing) O2 - BHO: DuDu.com - {6BDE1669-B490-48E3-B668-456314F2D6C3} - C:\Program Files\DuDu\DddClient\dddiemon.dll (file missing) O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [DTService] rundll32.exe C:\WINDOWS\system32\dtservic.dll,Load O4 - HKLM\..\Run: [ExFilter] Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll",ExecFilter solo O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\svchost_ts015.exe O4 - HKLM\..\Run: [KavStart] "g:\KAV2005\KAVStart.exe" -startup O4 - HKLM\..\Run: [wins] C:\Program Files\win\wins.exe O4 - HKLM\..\Run: [迅雷4] C:\Program Files\Sandai Technologies Inc\Thunder\MediaIssue\TDUpdate.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [KavPFW] "G:\KAV2005\KavPFW.exe" O4 - Global Startup: DuDu下载加速器.lnk = C:\Program Files\DuDu\DddClient\DuDuAcc.exe O4 - Global Startup: 酷猴.lnk = C:\Program Files\Kuho\kuho.exe O8 - Extra context menu item: &使用DuDu 加速器下载 - res://C:\Program Files\DuDu\DddClient\dddmext.dll/202 O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Sandai Technologies Inc\Thunder\getAllurl.htm O8 - Extra context menu item: &使用酷猴下载... - res://C:\Program Files\Kuho\mbmon.dll/202 O8 - Extra context menu item: 使用Kugoo下载 - E:\KuGoo2\KugooDownX.htm O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 添加到QQ自定义面板 - E:\qq\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - E:\qq\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\qq\SendMMS.htm O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - G:\浩方\HFGame3\GameClient.exe O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab O16 - DPF: {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} (LiveMediaOcx Control) - http://219.133.60.95:1080/qqtv/QQLive1.0Beta01.exe O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\system32\mbprot.dll O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - g:\KAV2005\KPfwSvc.EXE O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - g:\KAV2005\KWatch.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: mst Defrag Service (mstDfrgS) - mst software, Martin Stiemerling, Germany - C:\Program Files\mst software\mst Defrag\mstDfrgS.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe |
|