.Qqr639
开机不久就会被攻击,过段时间就会上不了网,有高手能解释一下吗
HijackThis_815汉化版扫描日志 V1.99.1
保存于 19:00:20, 日期 2006-9-15
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
F:\tools\Tencent\QQ\QQ.exe
F:\tools\Tencent\QQ\TIMPlatform.exe
C:\WINDOWS\regedit.exe
F:\tools\BitComet\BitComet.exe
F:\download\病毒防治\HijackThis汉华版\HijackThis1991zww.exe
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - F:\tools\Tencent\QQ\QQIEHelper.dll (www.dngz.net)版权所有
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - F:\tools\KuGoo3\KuGoo3DownXControl.ocx
O2 - BHO: DownloadBHO T2BHO - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINDOWS\Downloaded Program Files\barhelp24.0.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\tools\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: (no name) - {4DA4C479-8C9D-4766-B760-40CE0698C4CE} - (no file)
O3 - IE工具栏增项: (no name) - {0C2B3984-303D-4131-BF1B-BE0D5623D922} - (no file)
O3 - IE工具栏增项: (no name) - {56A7DC70-E102-4408-A34A-AE06FEF01586} - (no file)
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [KAVPersonal50] "F:\tools\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
dngz.net您的电脑医生
O4 - 启动项HKLM\\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - 启动项HKLM\\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [SKYNET Personal FireWall] F:\tools\SkyNet\FireWall\PFW.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Xplus_spy] "F:\tools\mimi\xvcclip.exe" /min
O4 - Startup: 腾讯QQ.lnk = F:\tools\Tencent\QQ\QQ.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - F:\tools\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - F:\tools\KuGoo3\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - F:\tools\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - F:\tools\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - F:\tools\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - F:\tools\Tencent\QQ\AddEmotion.htm dngz.net版权所有
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - F:\tools\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - F:\game\浩方对战平台\GameClient.exe
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\tools\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\tools\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\tools\FLASHGET\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\tools\FLASHGET\flashget.exe
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\tools\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\tools\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe dngz.net您的电脑医生
O15 - “受信任的站点”中添加项: http://www.icbc.com.cn
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mimi-conan.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {53AF6E02-F18F-4228-AC13-3E79773FBE50} (CMCBooter Object) - http://download.mysee.com/plugin/booter.cab
O16 - DPF: {74060AB6-3060-4800-BE28-B2B3147E2469} (QiconInstallerVer1 Control) - http://qicon.cn/setup/QiconInstallerVer1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} (photo_uploader Control) - http://upload.photo.163.com/photoup.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab ;
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D34AFF0-9DE2-4D07-8D15-CAB0FD8EFCFC}: NameServer = 202.96.209.6,202.96.209.133
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - NT 服务: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: kavsvc - Kaspersky Lab - F:\tools\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
注册表启动项里IMJPMIG8.1 PHIME2002A PHIME2002ASync不知道是什么
还有我是局域网
有可能是ARP攻击
看下资料再看看自己的情况
好象是中ARP~~~
开机可以上网但是不久受攻击后就上不了了~~~
我用Antiarp没查到有攻击啊
就是天网防火墙一直显示有人试图连接本机,没多久就上不了了
C:\WINDOWS\system32\alg.exe这个是什么程序