|
查看: 955|回复: 6
|
[问题;求助] Hijack this files 已经很久了,可以帮帮忙吗?
[复制链接]
|
|
|
Logfile of HijackThis v1.97.7
Scan saved at 6:52:14 AM, on 5/9/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\msstart.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
D:\Program Files\Stop-the-Pop-Up Lite\stopthepop.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Kingsoft\Powerword 2003\XDICT.EXE
C:\PROGRA~1\ICQ\ICQ.exe
d:\GV250\GV250.exe
d:\GV250\BcastTcp.exe
d:\GV250\DmHealthSvr.exe
d:\GV250\DMMailServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\rsvp.exe
C:\Documents and Settings\LIMGOH\My Documents\My Received Files\hijackthis\HijackThis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [msstart] C:\WINDOWS\System32\msstart.exe
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int339890.exe -auto
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [sureshotpopupkiller] "D:\Program Files\Stop-the-Pop-Up Lite\stopthepop.exe" -minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\RunOnce: [KB837272] "C:\WINDOWS\INF\unregmp2.exe" /UpdateWMP
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MultiCam Auto Start.lnk = D:\GV250\DM500Startup.exe
O4 - Global Startup: Powerword 2003.lnk = C:\Program Files\Kingsoft\Powerword 2003\XDICT.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: PowerWord (HKLM)
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/p ... /director/swdir.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsof ... AB?38002.2358796296
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/p ... s/flash/swflash.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60C2F45F-56FC-4033-A1E9-6845B1C5A064}: NameServer = 202.188.1.5 202.188.0.133
谢谢!
[ Last edited by 自由万岁 on 25-5-2004 at 04:20 PM ] |
|
|
|
|
|
|
|
|
|
|
|
发表于 13-5-2004 11:47 AM
|
显示全部楼层
自由万岁 于 9/5/2004 10:24 PM 说 :
Logfile of HijackThis v1.97.7
Scan saved at 6:52:14 AM, on 5/9/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\Syste ...
關閉所有程式,執行 HijackThis,作掃描一次,打勾以下的,按 CHECKED FIX :
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O4 - HKLM\..\Run: [msstart] C:\WINDOWS\System32\msstart.exe
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int339890.exe -auto
O4 - HKLM\..\RunOnce: [KB837272] "C:\WINDOWS\INF\unregmp2.exe" /UpdateWMP
重新啓動電腦,刪除以下的:
C:\WINDOWS\INF\unregmp2.exe <-- 這檔案 (File)
注:若不能刪除,按 CTRL+ALT+DEL,到 PROCESS TAB 內,
End Task 掉 unregmp2.exe,然后再刪除這檔案
C:\Program Files\websx <-- 這文件夾 (Folder)
C:\WINDOWS\System32\msstart.exe <-- 這檔案 (File)
重新啓動電腦,回貼新的 HijackThis Log |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 14-5-2004 11:34 AM
|
显示全部楼层
谢谢你,我已经试了你说的步骤,但间中却遇到了一些问题,不知有没有影响。
1。你说fix checked 02 什么什么 userinit 的,我后来不小心按scan了多一次。却发现它再次出现,而其他三个已经不见了。
2。我开启hijackthis本身就有这么一个问题。
开启时:
An unexpected error has occurred at procedure: frmMain_LoadSettings()
Error #5 - Invalid procedure call or argument
Please email me at [email protected], reporting the following:
* What you were doing when the error occurred
* How you can reproduce the error
Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2600.0000
HijackThis version: 1.97.7
This message has been copied to your clipboard.
Scan时:
An unexpected error has occurred at procedure: modMain_ProcessRuleReg(sRule=>54L|HYIbm#bVRm^YYRaePeSic^H`d'do;:ebVUShF>X+ctúde&^ít5iháQYWt{)
Error #5 - Invalid procedure call or argument
Please email me at [email protected], reporting the following:
* What you were doing when the error occurred
* How you can reproduce the error
Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2600.0000
HijackThis version: 1.97.7
This message has been copied to your clipboard.
3。从新启动电脑后,你要删除的档案有三个:
- c:\windows\inf\unregmp2.exe 这个档案删除了又自动出现,taskmanager process tab 里没有它的名字,所以无法endtask再删除。
- c:\program files\websx folder 这个我根本找不到。它并不存在,I've viewed the folder include hidden files.
- c:\windows\system32\msstart.exe 正常删除了。
以下是现在的log,我把它放在楼下,方便你看。 |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 14-5-2004 11:34 AM
|
显示全部楼层
Logfile of HijackThis v1.97.7
Scan saved at 11:33:50 AM, on 5/14/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kingsoft\Powerword 2003\XDICT.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ICQ\ICQ.exe
d:\GV250\GV250.exe
d:\GV250\BcastTcp.exe
d:\GV250\DmHealthSvr.exe
d:\GV250\DMMailServer.exe
d:\GV250\DMWebCam.exe
d:\GV250\WebCamServer.exe
d:\GV250\AudioServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\LIMGOH\My Documents\My Received Files\hijackthis\HijackThis.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [sureshotpopupkiller] "D:\Program Files\Stop-the-Pop-Up Lite\stopthepop.exe" -minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MultiCam Auto Start.lnk = D:\GV250\DM500Startup.exe
O4 - Global Startup: Powerword 2003.lnk = C:\Program Files\Kingsoft\Powerword 2003\XDICT.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: PowerWord (HKLM)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/p ... /director/swdir.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsof ... AB?38002.2358796296
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/p ... s/flash/swflash.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60C2F45F-56FC-4033-A1E9-6845B1C5A064}: NameServer = 202.188.1.5 202.188.0.133 |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 19-5-2004 02:31 PM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 25-5-2004 04:20 PM
|
显示全部楼层
friends......你在哪里啊?
各位高手。。。你们在哪里啊? |
|
|
|
|
|
|
|
|
|
|
|
发表于 27-5-2004 01:24 AM
|
显示全部楼层
由于这里有大量HIJACK的LOGFILE,我想friends版主可能没时间照料那么多人吧...
friends 好象不是教你干掉 02 ,而是 F2 !!!! (最好是删除.)
个人认为,之后,如果你现在没发现什么异样的话,应该就OK啦.
[ Last edited by HotmailUser on 27-5-2004 at 02:16 AM ] |
|
|
|
|
|
|
|
|
|
| |
 本周最热论坛帖子
|
变色卡
千斤顶
2366 
59
