本页主题: 各位大虾救救~!!!!文件删不了呀~! 打印 | 加为IE收藏 | 复制链接 | 收藏主题 | 上一主题 | 下一主题

show
级别: 新手上路


精华: 0
发帖: 10
威望: 2 点
金钱: 81 静电币
支持度: 0 点
在线时间:3(小时)
注册时间:2005-09-28
最后登录:2005-10-10

 各位大虾救救~!!!!文件删不了呀~!

偶是新手,前几天上机老弹出广告,发现是DUDU加速器的缘故,却怎么删都删不了~!!!
还有可能是朋友浏览了什么网站,现在又多出了个酷猴(KUHO)的`!!!删了后下次重启它有鬼魂般出现!
望各大虾救救小弟~!
用HijackThis扫描日记结果见下:
Logfile of HijackThis v1.99.1
Scan saved at 12:55:03, on 2005-9-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
g:\KAV2005\KWatch.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
g:\KAV2005\KPfwSvc.EXE
C:\Program Files\mst software\mst Defrag\mstDfrgS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\svchost_ts015.exe
G:\KAV2005\KAVStart.exe
C:\WINDOWS\system32\ctfmon.exe
G:\KAV2005\KavPFW.exe
G:\KAV2005\KMailMon.EXE
C:\WINDOWS\system32\msiexec.exe
C:\DOCUME~1\SovieT\LOCALS~1\Temp\remotesetup.exe
C:\Program Files\Kuho\dudupros.exe
C:\Program Files\Kuho\kuho.exe
E:\Maxthon\Maxthon.exe
E:\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v5.dll
O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\system32\NaviHelper.dll (file missing)
O2 - BHO: DuDu.com - {6BDE1669-B490-48E3-B668-456314F2D6C3} - C:\Program Files\DuDu\DddClient\dddiemon.dll (file missing)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [DTService] rundll32.exe C:\WINDOWS\system32\dtservic.dll,Load
O4 - HKLM\..\Run: [ExFilter] Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll",ExecFilter solo
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\svchost_ts015.exe
O4 - HKLM\..\Run: [KavStart] "g:\KAV2005\KAVStart.exe" -startup
O4 - HKLM\..\Run: [wins] C:\Program Files\win\wins.exe
O4 - HKLM\..\Run: [迅雷4] C:\Program Files\Sandai Technologies Inc\Thunder\MediaIssue\TDUpdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KavPFW] "G:\KAV2005\KavPFW.exe"
O4 - Global Startup: DuDu下载加速器.lnk = C:\Program Files\DuDu\DddClient\DuDuAcc.exe
O4 - Global Startup: 酷猴.lnk = C:\Program Files\Kuho\kuho.exe
O8 - Extra context menu item: &使用DuDu 加速器下载 - res://C:\Program Files\DuDu\DddClient\dddmext.dll/202
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Sandai Technologies Inc\Thunder\getAllurl.htm
O8 - Extra context menu item: &使用酷猴下载... - res://C:\Program Files\Kuho\mbmon.dll/202
O8 - Extra context menu item: 使用Kugoo下载 - E:\KuGoo2\KugooDownX.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\qq\SendMMS.htm
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - G:\浩方\HFGame3\GameClient.exe
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} (LiveMediaOcx Control) - http://219.133.60.95:1080/qqtv/QQLive1.0Beta01.exe
O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\system32\mbprot.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - g:\KAV2005\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - g:\KAV2005\KWatch.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mst Defrag Service (mstDfrgS) - mst software, Martin Stiemerling, Germany - C:\Program Files\mst software\mst Defrag\mstDfrgS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Posted: 2005-09-28 12:58 | [楼 主]
bbsriver
杀人游戏MVP勋章I 杀人游戏MVP勋章II
级别: 管理员


精华: 52
发帖: 17391
威望: 8729 点
金钱: 7064 静电币
支持度: 19801 点
在线时间:13725(小时)
注册时间:2002-11-21
最后登录:2016-12-22

 

这几项都应该修复,然后把对应的文件删除:
O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\system32\NaviHelper.dll (file missing)
O2 - BHO: DuDu.com - {6BDE1669-B490-48E3-B668-456314F2D6C3} - C:\Program Files\DuDu\DddClient\dddiemon.dll (file missing)
O4 - HKLM\..\Run: [DTService] rundll32.exe C:\WINDOWS\system32\dtservic.dll,Load
O4 - Global Startup: DuDu下载加速器.lnk = C:\Program Files\DuDu\DddClient\DuDuAcc.exe
O4 - Global Startup: 酷猴.lnk = C:\Program Files\Kuho\kuho.exe
O8 - Extra context menu item: &使用DuDu 加速器下载 - res://C:\Program Files\DuDu\DddClient\dddmext.dll/202
O8 - Extra context menu item: &使用酷猴下载... - res://C:\Program Files\Kuho\mbmon.dll/202
O8 - Extra context menu item: 使用Kugoo下载 - E:\KuGoo2\KugooDownX.htm
O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\system32\mbprot.dll

这两项暂时还不清楚是什么:
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\svchost_ts015.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
Posted: 2005-09-28 14:42 | 1 楼
bbsriver
杀人游戏MVP勋章I 杀人游戏MVP勋章II
级别: 管理员


精华: 52
发帖: 17391
威望: 8729 点
金钱: 7064 静电币
支持度: 19801 点
在线时间:13725(小时)
注册时间:2002-11-21
最后登录:2016-12-22

 

修复就是在Hijackthis里把文件前的小方格里打上钩然后点“修复选项”的按钮
删除就是按C:\Program Files\Kuho\kuho.exe这样的地址在电脑里找到那个文件用鼠标左键选中后按键盘上的[Del]键。
Posted: 2005-09-29 06:58 | 2 楼
bbsriver
杀人游戏MVP勋章I 杀人游戏MVP勋章II
级别: 管理员


精华: 52
发帖: 17391
威望: 8729 点
金钱: 7064 静电币
支持度: 19801 点
在线时间:13725(小时)
注册时间:2002-11-21
最后登录:2016-12-22

 

再贴一遍现在的Hijackthis报告出来~
Posted: 2005-09-30 09:03 | 3 楼
bbsriver
杀人游戏MVP勋章I 杀人游戏MVP勋章II
级别: 管理员


精华: 52
发帖: 17391
威望: 8729 点
金钱: 7064 静电币
支持度: 19801 点
在线时间:13725(小时)
注册时间:2002-11-21
最后登录:2016-12-22

 

O16 - DPF: {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} (LiveMediaOcx Control) - http://219.133.60.95:1080/qqtv/QQLive1.0Beta01.exe

把这个干掉~
Posted: 2005-10-01 12:23 | 4 楼
bbsriver
杀人游戏MVP勋章I 杀人游戏MVP勋章II
级别: 管理员


精华: 52
发帖: 17391
威望: 8729 点
金钱: 7064 静电币
支持度: 19801 点
在线时间:13725(小时)
注册时间:2002-11-21
最后登录:2016-12-22

 

把楼主全部的注册表项都扫了一遍:

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v5.dll
讯雷的插件

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
Acrobat的东东

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
都是智能输入法

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
都是NVIDIA nView控制面板在NVIDA显卡驱动中被安装,用于调整和设定。

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
soundman.exe is a installed with Sound cards made by Realtek.

O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
输入法相关

O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mobsync.exe is a process associated with Internet Explorer and is used to synchronize the offline pages you have chosen to be stored locally with the matching online pages.


O4 - HKLM\..\Run: [ExFilter] Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll",ExecFilter solo
CNNIC的东东……不用CNNIC的话就删掉吧

O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\svchost_ts015.exe
这个是什么?我仍然不知道。从名称和位置来看,很奇怪的东西,删掉看看吧。

O4 - HKLM\..\Run: [KavStart] "g:\KAV2005\KAVStart.exe" -startup
KingSoft Personal Firewall——金山的东东

O4 - HKLM\..\Run: [迅雷4] C:\Program Files\Sandai Technologies Inc\Thunder\MediaIssue\TDUpdate.exe
讯雷的自动更新

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Realone的自动更新

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
ctfmon.exe是Microsoft Office产品套装的一部分。它可以选择用户文字输入程序,和微软Office XP语言条。

O4 - HKCU\..\Run: [KavPFW] "G:\KAV2005\KavPFW.exe"
金山KAV2005组件

O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Acrobat组件

O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Sandai Technologies Inc\Thunder\getAllurl.htm
都是讯雷的东东

O8 - Extra context menu item: 使用Kugoo下载 - E:\KuGoo2\KugooDownX.htm
楼主喜欢用酷狗吗?不用的话咔嚓掉吧。

O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000
MS Office的东东,不说什么了

O8 - Extra context menu item: 添加到QQ自定义面板 - E:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\qq\SendMMS.htm
都是QQ的东西

O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - G:\浩方\HFGame3\GameClient.exe豪
浩方

O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL
refiebar.dll is a module which allows you to use the Microsoft Office Research Library and its collection of information services from Microsoft Internet Explorer

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
都是MSN

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
公认的spyware,咔嚓吧

O16 - DPF: {BA0F088C-72C1-475A-92F8-42391DEF6961} (BlueskyAudio Class) - http://202.96.140.88/vchat/blueskyvoice.dll
蓝天语音,国人的东西,没用过不评论

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
Autodesk的东东,不说什么了

O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - g:\KAV2005\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - g:\KAV2005\KWatch.EXE
金山的东东

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
Macromedia也不用解释了了

O23 - Service: mst Defrag Service (mstDfrgS) - mst software, Martin Stiemerling, Germany - C:\Program Files\mst software\mst Defrag\mstDfrgS.exe
Maxthon的东东

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
NVIDIA Driver Helper Service
Posted: 2005-10-12 02:05 | 5 楼
bbsriver
杀人游戏MVP勋章I 杀人游戏MVP勋章II
级别: 管理员


精华: 52
发帖: 17391
威望: 8729 点
金钱: 7064 静电币
支持度: 19801 点
在线时间:13725(小时)
注册时间:2002-11-21
最后登录:2016-12-22

 

应该修复的:O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab

建议修复的:O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\svchost_ts015.exe

最好修复的:O4 - HKLM\..\Run: [ExFilter] Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll",ExecFilter solo
O8 - Extra context menu item: 使用Kugoo下载 - E:\KuGoo2\KugooDownX.htm
O16 - DPF: {BA0F088C-72C1-475A-92F8-42391DEF6961} (BlueskyAudio Class) - http://202.96.140.88/vchat/blueskyvoice.dll

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab虽然是spyware,但这是外国人开发的东西,应该和楼主看到的中文广告没有直接关系。可疑的还是国产的这些小软件。如果还有问题的话,把蓝天语音、酷狗、CNNIC这些来路不正或者有前科的东东咔嚓掉。这个广告应该不是金山、讯雷或者QQ带来的——不过QQ不好说,我对它没好印象。
Posted: 2005-10-12 02:10 | 6 楼
帖子浏览记录 版块浏览记录
狗狗静电BBS - wwW.DoGGiEhoMe.CoM » 电脑全方位 Computer Guide

沪ICP备05008186号
Powered by PHPWind Styled by MagiColor