|
查看: 810|回复: 15
|
[間諜:求助HijackThis Log
[复制链接]
|
|
|
Logfile of HijackThis v1.98.2
Scan saved at 01:02:51, on 15/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\PROGRA~1\FASTDE~1\FAST2.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\conime.exe
C:\Documents and Settings\Allen\My Documents\Lonely Season\Wiz_Orc_Bot\modKore-Hybrid.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\eMule\emule.exe
C:\Documents and Settings\Allen\My Documents\My Received Files\HijackThis.exe
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MSNShell] C:\WINDOWS\msnshell.exe autorun
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [FAST Defrag] C:\PROGRA~1\FASTDE~1\FAST2.EXE -tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Norton Utilities\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Norton Utilities\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Norton Utilities\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Norton Utilities\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsof ... e.cab?1102479119125
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/5 ... usecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bi ... Client.cab30149.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://playroom.icq.com/odyssey_web8.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/ ... popcaploader_v5.cab
O16 - DPF: {ED2E4BB5-60EA-4624-9DE2-998E441C699B} (OpenSiteInstall.opensite_install) - http://www.zuvio.com/OpenSiteInstall.CAB
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://download.35mb.com/images/downloadapplet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5B1EF48-A49E-434E-8BFB-E3C98362B337}: NameServer = 202.188.0.133 202.188.1.5
谢谢您的帮忙。在下以试了很多方法,还是无法决解。 |
|
|
|
|
|
|
|
|
|
|
|
发表于 15-1-2005 02:14 AM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
发表于 15-1-2005 02:52 AM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 15-1-2005 09:51 AM
|
显示全部楼层
|
我遇到的问题是ie会跳出来,就是广告。最近ram被吃掉,电脑跑得很慢,连上网速度也慢了很多。我怀疑在我电脑里有很多可疑的东西。谢谢帮忙。 |
|
|
|
|
|
|
|
|
|
|
|
发表于 15-1-2005 10:46 AM
|
显示全部楼层
请用最新的HijackThis 1.99 再做一个log传上来看看
之前的log发现唯一可疑的就是MSN Messenger 了
To Get Rid of the Annoying PopUp Ads:
1. Click Start, and then click Control Panel (or point to Settings, and then click Control Panel).
2. Double-click Administrative Tools.
3. Double-click Services.
4. Double-click Messenger.
5. In the Startup type list, click Disabled.
6. Click Stop, and then click OK. |
|
|
|
|
|
|
|
|
|
|
|
发表于 15-1-2005 10:57 AM
|
显示全部楼层
还有这个
O16 - DPF: {ED2E4BB5-60EA-4624-9DE2-998E441C699B} (OpenSiteInstall.opensite_install) - http://www.zuvio.com/OpenSiteInstall.CAB
Open Site & Page Access Software
The Open Site software will serve you targeted advertising through your browser based on websites you may be viewing. Your privacy is important to us and no data is ever sent back on the habits of our users. All the data from the software is stored locally on your computer to have the software better serve you. To remove the Open Site software from your computer, simply go to Control Panel->Add/Remove Programs and select to remove Open Site. Certain data files may remain in the C:\Program Files\Open Site folder and may be manually deleted after running the uninstall program.
Open Site software can only be downloaded through our partner websites with the permission of the user in the form of a Verisign certified security dialog box. Terms and Conditions which link to this webpage are available from this security dialog box. By clicking "Yes" you consent to view Open Site's selections for featured vendors through your internet browser and to receive periodic updates to this software through the world wide web. For more information, click here. Questions or problems regarding this software can be directed to info@zuvio.com. |
|
|
|
|
|
|
|
|
|
|
|
发表于 15-1-2005 02:20 PM
|
显示全部楼层
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
NCLAUNCH NCLAUNCH.Exe Part of SWF Studio from Northcode Inc - an extension to Flash. Bundled when you create a self-installing screen-saver on Win2K/XP. Is it required?
O4 - HKCU\..\Run: [FAST Defrag] C:\PROGRA~1\FASTDE~1\FAST2.EXE -tray
FAST2.EXE FAST Defrag 3 Fast Defrag 2 Standard (Std) - frees and optimizes RAM (Random Access Memory) and the swap-file usage.
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
mdm.exe Machine Debug Manager 3 Used by developers for debugging. Those who have encountered it have unchecked it with no degradation in performance. May cause your computer to "hang" if you have MS Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendatioon.
我想你用eMule下载东西会很吃资源的 尤其在下载时 那个FAST2.EXE 会不会同时在做defrag呢
你还是用最新的HijackThis 1.99把新的log传上来啊
还有就是用 ctrl+alt+del , processes 看看 mem usage 里哪一个用去了很多的mem |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 15-1-2005 03:22 PM
|
显示全部楼层
austinlim 于 15-1-2005 10:57 AM 说 :
还有这个
O16 - DPF: {ED2E4BB5-60EA-4624-9DE2-998E441C699B} (OpenSiteInstall.opensite_install) - http://www.zuvio.com/OpenSiteInstall.CAB
Open Site & Page Access Software
The ...
Logfile of HijackThis v1.99.0
Scan saved at 15:23:04, on 15/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\PROGRA~1\FASTDE~1\FAST2.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\conime.exe
C:\Documents and Settings\Allen\My Documents\Lonely Season\Wiz_Orc_Bot\modKore-Hybrid.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Allen\My Documents\My Received Files\HijackThis.exe
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MSNShell] C:\WINDOWS\msnshell.exe autorun
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [FAST Defrag] C:\PROGRA~1\FASTDE~1\FAST2.EXE -tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Norton Utilities\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Norton Utilities\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Norton Utilities\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Norton Utilities\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsof ... e.cab?1102479119125
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/5 ... usecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bi ... Client.cab30149.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://playroom.icq.com/odyssey_web8.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/ ... popcaploader_v5.cab
O16 - DPF: {ED2E4BB5-60EA-4624-9DE2-998E441C699B} (OpenSiteInstall.opensite_install) - http://www.zuvio.com/OpenSiteInstall.CAB
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://download.35mb.com/images/downloadapplet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5B1EF48-A49E-434E-8BFB-E3C98362B337}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O16 - DPF: {ED2E4BB5-60EA-4624-9DE2-998E441C699B} (OpenSiteInstall.opensite_install)<-要如何决解?
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe <-不需要,要如何决解?
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe <-不需要,要如何决解?
FAST2.EXE <-目前没有使用。 |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 15-1-2005 03:28 PM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
发表于 15-1-2005 05:35 PM
|
显示全部楼层
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
这个是在Internet Explorer里的Tools,Internet Options,Disable Script Debugging打勾
O16 - DPF: {ED2E4BB5-60EA-4624-9DE2-998E441C699B} (OpenSiteInstall.opensite_install) - http://www.zuvio.com/OpenSiteInstall.CAB
To remove the Open Site software from your computer, simply go to Control Panel->Add/Remove Programs and select to remove Open Site. Certain data files may remain in the C:\Program Files\Open Site folder and may be manually deleted after running the uninstall program.
如果没成功就用这方法:
HijackThis(HJ)里有个按钮config... 点击Make Backups before fixing items 应该是打勾的
所以最好把HJ放到一个新的文件夹里 方便backup和restore
按Back回去 Scan 里 scan
select the items you would like to remove by placing checkmarks in the boxes next to each listing
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
O16 - DPF: {ED2E4BB5-60EA-4624-9DE2-998E441C699B} (OpenSiteInstall.opensite_install) - http://www.zuvio.com/OpenSiteInstall.CAB
在它们前面的空格子里打勾 然后点击Fix Checked
mem图看了 没有不对劲的地方
如果觉得不够mem可以把没用的End process
一般上System,Network Service,Local Service都不好End process |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 16-1-2005 01:31 AM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 16-1-2005 01:59 AM
|
显示全部楼层
我已经照你所说的去做了,甚至delete了:
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [MSNShell] C:\WINDOWS\msnshell.exe autorun
不知道会有问题吗?
我找不到这个 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe |
|
|
|
|
|
|
|
|
|
|
|
发表于 16-1-2005 11:18 AM
|
显示全部楼层
没问题的。
谢谢你提醒 69.20.16.183 这个地址是Look2Me 的 spyware 都除去
请下载这个软件
http://downloads.subratam.org/VX2Finder(126).exe
按Click to Find VX2.BetterInternet 然后把窗口里面的资料传上来
这两个是和MSN Messenger有关的 如果你没有用到 就可以用一下方法除去
O4 - HKLM\..\Run: [MSNShell] C:\WINDOWS\msnshell.exe autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
MSNShell.exe MSNShell 3 MSN Messenger Add-on for many purposes such as show display picture with original size, online MSN simultanouse session.
msnmsgr.exe msnmsgr 2 MSN Messenger utility. If you don't use MSN Messenger, this can be annoying. Available via Start -> Programs. Go to MS Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"
如果不能除去就用HJ打勾的方法除去
找不到这个 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe 没关系。 |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 16-1-2005 07:59 PM
|
显示全部楼层
Files Found---
Additional Files---
Keys Under Notify---
App Paths
crypt32chain
cryptnet
cscdll
ScCertProp
Schedule
sclgntfy
SensLogn
termsrv
wlballoon
Guardian Key--- is called:
User Agent String---
{E164C162-CA93-43ED-B504-EA2EEAAF4829}
以上是用Find VX2.BetterInternet得到的。
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
我有使用msn messenger,适合删除吗? |
|
|
|
|
|
|
|
|
|
|
|
发表于 16-1-2005 08:08 PM
|
显示全部楼层
看来没有问题了。电脑还慢吗?
不用删
O4 - HKLM\..\Run: [MSNShell] C:\WINDOWS\msnshell.exe autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
如果不要让它们在开启电脑时自动执行 应该可以在msn软件里设定的
[ Last edited by austinlim on 16-1-2005 at 08:16 PM ] |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 17-1-2005 08:53 AM
|
显示全部楼层
|
电脑好了很多。谢谢您的帮忙!如有问提将会在请教您。 |
|
|
|
|
|
|
|
|
|
| |
 本周最热论坛帖子
|
变色卡
千斤顶
1453 
27
![波德申禁止搭露营帐篷[+视频]](https://u2023.cari.com.my/data/avatar/001/55/96/42_avatar_small.jpg){kind=avatar}
