查看: 1102|回复: 10
|
[間諜:求助]HijackThis
[复制链接]
|
|
为何我用不到 HijackThis 它出这个图
是什么问题呢??? |
|
|
|
|
|
|
|
发表于 21-4-2004 01:24 AM
|
显示全部楼层
|
|
|
|
|
|
|
发表于 21-4-2004 03:01 PM
|
显示全部楼层
Joseph_sky 于 21-4-2004 01:24 AM 说 :
restart computer 就没事了
我的电脑也是这样的情况。。restart了还是会出这个
结果我就懒得用这个软件了。。 |
|
|
|
|
|
|
|
发表于 21-4-2004 04:00 PM
|
显示全部楼层
restart 还不可以的话,就试uninstall 看一下可以吗
hahajojo 你的图好大哦 1.37mb ,下次把它换成jpeg
[ Last edited by Joseph_sky on 21-4-2004 at 04:02 PM ] |
|
|
|
|
|
|
|
发表于 21-4-2004 05:22 PM
|
显示全部楼层
|
|
|
|
|
|
|
楼主 |
发表于 22-4-2004 12:38 AM
|
显示全部楼层
Logfile of HijackThis v1.97.7
Scan saved at 8:25:50 PM, on 4/21/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\WinPoET Broadband Connection\WrOS.EXE
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\System32\P2P Networking\P2P Networking.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\VM_STI.EXE
D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
D:\WINDOWS\System32\CTFMON.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Mr Cloud\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://chinese.cari.com.my/myforum/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://mail.yahoo.com/?.redir=ym ... amp;.cldefstat=Def0
R3 - URLSearchHook: Assistant - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - D:\PROGRA~1\3721\Assist\assist.dll
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - D:\Program Files\Kontiki\bin\bh309190.dll (file missing)
O2 - BHO: (no name) - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - D:\PROGRA~1\3721\Assist\assist.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - D:\WINDOWS\DOWNLO~1\CnsHook.dll
O2 - BHO: LBBHO - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - D:\WINDOWS\lbbho.dll
O3 - Toolbar: Assistant - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - D:\PROGRA~1\3721\Assist\assist.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - D:\Program Files\DashBar\DashBar15.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] D:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [helper.dll] D:\WINDOWS\system32\rundll32.exe D:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [P2P Networking] D:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [a-winpoet-service] "D:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe D:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: GStartup.lnk = D:\RECYCLER\NPROTECT\00013100.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PrecisionTime.lnk = D:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Short Message (HKLM)
O9 - Extra button: Instant Messenger (HKLM)
O9 - Extra button: 3721 Assistant (HKLM)
O9 - Extra 'Tools' menuitem: Repair Browser (HKLM)
O9 - Extra 'Tools' menuitem: Clean Internet access record (HKLM)
O11 - Options group: [!CNS] Chinese keywords
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/ssc ... /vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download. ... talls/yinst0401.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/ssc ... ommon/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download. ... /yse/ymmapi_416.dll
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/ssc ... ommon/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/p ... s/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbi ... -us/tools/mcfscan/1,5,0,4326/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30F8D87E-96BA-471E-9BDB-A65F82FC27C2}: NameServer = 202.188.0.132,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{37085CEF-02DE-4CAC-9E2F-8AB93D76B61A}: NameServer = 202.188.0.133 202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{30F8D87E-96BA-471E-9BDB-A65F82FC27C2}: NameServer = 202.188.0.132,202.188.1.5 |
|
|
|
|
|
|
|
发表于 23-4-2004 12:38 PM
|
显示全部楼层
hahajojo 于 22/4/2004 12:38 AM 说 :
Logfile of HijackThis v1.97.7
Scan saved at 8:25:50 PM, on 4/21/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\Syst ...
關閉所有程式,執行 HijackThis,掃描一次,打勾以下的,按 CHECKED FID :
R3 - URLSearchHook: Assistant - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - D:\PROGRA~1\3721\Assist\assist.dll
O2 - BHO: (no name) - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - D:\PROGRA~1\3721\Assist\assist.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - D:\WINDOWS\DOWNLO~1\CnsHook.dll
O2 - BHO: LBBHO - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - D:\WINDOWS\lbbho.dll
O3 - Toolbar: Assistant - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - D:\PROGRA~1\3721\Assist\assist.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - D:\Program Files\DashBar\DashBar15.dll
O4 - HKLM\..\Run: [helper.dll] D:\WINDOWS\system32\rundll32.exe D:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe D:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - Global Startup: GStartup.lnk = D:\RECYCLER\NPROTECT\00013100.exe
O4 - Global Startup: PrecisionTime.lnk = D:\Program Files\PrecisionTime\PrecisionTime.exe
O9 - Extra button: Short Message (HKLM)
O9 - Extra button: Instant Messenger (HKLM)
O9 - Extra button: 3721 Assistant (HKLM)
O9 - Extra 'Tools' menuitem: Repair Browser (HKLM)
O9 - Extra 'Tools' menuitem: Clean Internet access record (HKLM)
O11 - Options group: [!CNS] Chinese keywords
重新啓動電腦(Restart),刪除以下的:
D:\PROGRA~1\3721 <-- 這文件夾 (Folder)
D:\WINDOWS\DOWNLO~1 <-- 這文件夾 (Folder)
D:\WINDOWS\lbbho.dll <-- 這檔案
D:\Program Files\DashBar <-- 這文件夾 (Folder)
D:\Program Files\PrecisionTime <-- 這文件夾 (Folder)
重新啓動電腦,下載并更新 SpyBot S&D,作一次掃描。
亦參閱 【如何使用 SpyBot S&D】
重新啓動電腦,回貼新的 HijackThis Log |
|
|
|
|
|
|
|
楼主 |
发表于 24-4-2004 10:17 AM
|
显示全部楼层
D:\PROGRA~1\3721
D:\WINDOWS\DOWNLO~1
D:\WINDOWS\lbbho.dll
D:\Program Files\DashBar
D:\Program Files\PrecisionTime
为何我找不到这些FILE!我也SEARCH它们,但是它说没有这个FILE!如何清除呢?? |
|
|
|
|
|
|
|
发表于 24-4-2004 12:43 PM
|
显示全部楼层
hahajojo 于 24/4/2004 10:17 AM 说 :
D:\PROGRA~1\3721
D:\WINDOWS\DOWNLO~1
D:\WINDOWS\lbbho.dll
D:\Program Files\DashBar
D:\Program Files\PrecisionTime
为何我找不到这些FILE!我也SEARCH它们,但是它说没有这个FILE!如何清除呢??
沒有的話,那就不必了!
問題解決了嗎? |
|
|
|
|
|
|
|
楼主 |
发表于 25-4-2004 01:03 AM
|
显示全部楼层
Logfile of HijackThis v1.97.7
Scan saved at 6:37:21 PM, on 4/23/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\System32\P2P Networking\P2P Networking.exe
D:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\VM_STI.EXE
D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\WinPoET Broadband Connection\WrOS.EXE
D:\Program Files\Kingsoft\XDict\XDICT.EXE
D:\Documents and Settings\Mr Cloud\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://chinese.cari.com.my/myforum/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://mail.yahoo.com/?.redir=ym ... amp;.cldefstat=Def0
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - D:\Program Files\Kontiki\bin\bh309190.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] D:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [P2P Networking] D:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [a-winpoet-service] "D:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\RunOnce: [SpyBotSnD] "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Short Message (HKLM)
O9 - Extra button: Instant Messenger (HKLM)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{30F8D87E-96BA-471E-9BDB-A65F82FC27C2}: NameServer = 202.188.0.132,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{30F8D87E-96BA-471E-9BDB-A65F82FC27C2}: NameServer = 202.188.0.132,202.188.1.5 |
|
|
|
|
|
|
|
发表于 2-5-2004 03:47 PM
|
显示全部楼层
hahajojo 于 25/4/2004 01:03 AM 说 :
Logfile of HijackThis v1.97.7
Scan saved at 6:37:21 PM, on 4/23/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\Syst ...
關閉所有程式,執行 HijackThis,打勾以下的,按 CHECKED FIX :
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
重新啓動電腦,更新你的視窗:
1) WinXP SP1a (Service Pack 1a) [128MB]
2) WinXP Rollout Update 1 |
|
|
|
|
|
|
| |
本周最热论坛帖子
|