|
查看: 2641|回复: 12
|
是不是中了病毒?
[复制链接]
|
|
|
我是已dial up的方式上宽频的,当我一连上网时,电脑就会当机好几分钟,过后又恢复正常...是不是中了病毒?
我已经在safe mode里用了norton,mcafee, nod32 scan 了,都没有找到相关的病毒? 大家有没有遇过相同的情况? |
|
|
|
|
|
|
|
|
|
|
|
发表于 2-4-2006 11:26 PM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 3-4-2006 12:24 AM
|
显示全部楼层
原帖由 湖俊 于 2-4-2006 11:26 PM 发表
dial up的方式上宽频的??
不明白
就是 connect in Bridge Mode
之前都没有这个问题的...
[ 本帖最后由 懃 于 3-4-2006 12:26 AM 编辑 ] |
|
|
|
|
|
|
|
|
|
|
|
发表于 3-4-2006 05:11 PM
|
显示全部楼层
|
用hijack this来scan出一份log放上来大家研究看看。 |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 3-4-2006 06:38 PM
|
显示全部楼层
Logfile of HijackThis v1.99.1
Scan saved at 6:36:43 PM, on 4/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Maxthon\Maxthon.exe
H:\Installer\virusProtect\hijackthis\HijackThis.exe
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: MiniTuoTu.SaveTarget - {0654EACE-5660-4ca2-B673-04B7FC9FE45A} - C:\Program Files\MiniTuoTu\MiniTuoTu.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TuoTuHelper.LDown - {0BECAB3A-E1F8-45E6-8332-38DD750EBA01} - C:\Program Files\Tuotu\TuoTuHelper.dll
O2 - BHO: EventIntercept Class - {3050CDCA-E35E-4696-A544-8B0A589CE885} - C:\WINDOWS\system32\ISIEEdit.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - H:\INSTAL~1\INTERN~1\FLASHG~1.71\jccatch.dll
O2 - BHO: IEHlprObj Class - {C5E5DB7E-46B1-47E6-8447-2E517F269925} - C:\Program Files\Xplus\GETIE.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - H:\INSTAL~1\INTERN~1\FLASHG~1.71\fgiebar.dll
O4 - HKLM\..\Run: [Detect Mode] C:\Program Files\ABIT\ABIT vGuru\OCGuru\DetectMode.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: Add to &Teleport - F:\Program Files\Teleport Pro\teleport.htm
O8 - Extra context menu item: Download All by FlashGet - H:\Installer\Internet tools\FlashGet-v1.71\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - H:\Installer\Internet tools\FlashGet-v1.71\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: RoboFlash Extractor - C:\Program Files\RoboFlash Toolkit\Extractor\InternetExplorer.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: 使用脱兔下载 - C:\Program Files\Tuotu\TT_one.htm
O8 - Extra context menu item: 使用脱兔下载全部链接 - C:\Program Files\Tuotu\TT_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra button: í?í????? - {D5C1CCC2-811B-4bf2-BF22-0D3B89600F5B} - C:\Program Files\Tuotu\TuoTu.exe
O9 - Extra 'Tools' menuitem: &TuoTu - {D5C1CCC2-811B-4bf2-BF22-0D3B89600F5B} - C:\Program Files\Tuotu\TuoTu.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\INSTAL~1\INTERN~1\FLASHG~1.71\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\INSTAL~1\INTERN~1\FLASHG~1.71\flashget.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: RoboFlash Extractor - {F74BF56F-F82F-4ae4-846B-BB8FB1780280} - C:\Program Files\RoboFlash Toolkit\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: RoboFlash Extractor - {F74BF56F-F82F-4ae4-846B-BB8FB1780280} - C:\Program Files\RoboFlash Toolkit\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://I:\components\hidinputmonitorx.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://I:\components\A9.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{00A20C07-77BE-4D02-888A-61237D103D63}: NameServer = 202.188.0.133 202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{00A20C07-77BE-4D02-888A-61237D103D63}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: APIHookDll.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework ·t?? (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 3-4-2006 06:43 PM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
发表于 3-4-2006 08:04 PM
|
显示全部楼层
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: MiniTuoTu.SaveTarget - {0654EACE-5660-4ca2-B673-04B7FC9FE45A} - C:\Program Files\MiniTuoTu\MiniTuoTu.dll
O2 - BHO: TuoTuHelper.LDown - {0BECAB3A-E1F8-45E6-8332-38DD750EBA01} - C:\Program Files\Tuotu\TuoTuHelper.dll
C:\WINDOWS\system32\inetsrv\inetinfo.exe
我觉得这三个很有可疑
请确定你更新你的杀spyware软件后才进入safe mode扫描
怀疑你中了不少spyware |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 3-4-2006 08:38 PM
|
显示全部楼层
原帖由 湖俊 于 3-4-2006 08:04 PM 发表
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: MiniTuoTu.SaveTarget - {0654EACE-5660-4ca2-B673-04B7FC9FE45A} - C:\Prog ...
我已update了才进safe mode scan的,有了Ad-aware, Spybot 和IParmo...有发现一些worm...但都洗掉了...
但问题还是在.... |
|
|
|
|
|
|
|
|
|
|
|
发表于 3-4-2006 08:43 PM
|
显示全部楼层
原帖由 懃 于 3-4-2006 08:38 PM 发表
我已update了才进safe mode scan的,有了Ad-aware, Spybot 和IParmo...有发现一些worm...但都洗掉了...
但问题还是在....
我怀疑只是你的network问题罢了
应该不关病毒事情
建议你观察task manager里面processes的文件的memory n cpu usage |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 3-4-2006 08:49 PM
|
显示全部楼层
原帖由 湖俊 于 3-4-2006 08:43 PM 发表
我怀疑只是你的network问题罢了
应该不关病毒事情
建议你观察task manager里面processes的文件的memory n cpu usage
我会尝试的...但当机时有时连task manager都没办法进入,
System Idle Process一直都用很多CPU usage...
时间没有跑,开档案也不行,问题又不是每一次都发生,但发生的机率非常高...
但一旦正常又不会不会有问题了...
懊恼中... |
|
|
|
|
|
|
|
|
|
|
|
发表于 3-4-2006 10:00 PM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
发表于 4-4-2006 07:50 PM
|
显示全部楼层
原帖由 懃 于 3-4-2006 08:49 PM 发表
我会尝试的...但当机时有时连task manager都没办法进入,
System Idle Process一直都用很多CPU usage...
时间没有跑,开档案也不行,问题又不是每一次都发生,但发生的机率非常高...
但一旦正常又不会不会有问 ...
System Idle Process一直都用很多CPU usage是对的
如果System Idle Process那边的号码很低的话,就代表其他程式占用很多resource。 |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 6-4-2006 11:35 AM
|
显示全部楼层
|
我用gmail send mail 出去时,有时候send不到,而且还一直pop很多很多的ie browers出来...大家有没有遇到过这样的情况? 是不是病毒? |
|
|
|
|
|
|
|
|
|
| |
 本周最热论坛帖子
|
变色卡
千斤顶
1854 
45
