貌似我的电脑中毒了。。 电脑中毒, 网页, 请教

no-name

可怜的我的电脑中毒。。。开有些网页会出现这些图。。。。

应该不是问题。。不过不知道啥杀。。。。

请教。。

辉少

应该是中了插件了
http://bbs.aihaozhe.NET/thread-16612-1-1.html
用这里的两个软件清理一下啦
下个360帮忙一起清理

no-name

我刚刚。。用360查了一下，，没有，发现有啥恶评插件。。。

no-name

2007-12-21 星期五,18:29:10.98
              
----------------进程及其启动命令--------------
  PROCESS            PID COMMAND LINE
smss.exe             548 \SystemRoot\System32\smss.exe
csrss.exe            608 C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllinitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe         636 winlogon.exe
services.exe         680 C:\WINDOWS\system32\services.exe
lsass.exe            692 C:\WINDOWS\system32\lsass.exe
Ati2evxx.exe         824 C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe          860 C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe          948 C:\WINDOWS\system32\svchost -k rpcss
CCenter.exe         1044 "D:\Program Files\Rising\Rav\CCenter.exe"
svchost.exe         1060 C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe         1200 C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe         1320 C:\WINDOWS\system32\svchost.exe -k LocalService
Ravmond.exe         1364 "D:\PROGRAM FILES\RISING\RAV\Ravmond.exe"
RavStub.exe         1640 "D:\PROGRAM FILES\RISING\RAV\RavStub.exe" /RAVMOND=1023
spoolsv.exe         1660 C:\WINDOWS\system32\spoolsv.exe
Explorer.EXE         180 C:\WINDOWS\Explorer.EXE
mDNSResponder.exe      244 "D:\Program Files\Bonjour\mDNSResponder.exe"
SMAgent.exe          424 "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe"
svchost.exe          488 C:\WINDOWS\system32\svchost.exe -k imgsvc
RavTask.exe         1164 "D:\Program Files\Rising\Rav\RavTask.exe" -system
ctfmon.exe          1172 "C:\WINDOWS\system32\ctfmon.exe"
Ravmon.exe          1220 "D:\Program Files\Rising\Rav\Ravmon.exe" -SYSTEM
alg.exe             1028 C:\WINDOWS\System32\alg.exe
辉少查毒.EXE        3792 "E:\个人资料\恭\辉少查毒\辉少查毒.EXE"
conime.exe          1732 C:\WINDOWS\system32\conime.exe
cmd.exe             2872 cmd.exe /c D:\Temp\bt7463.bat
辉少查毒.com        3120 "辉少查毒.com" -l
-
-------------------注册表启动项-------------------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    RavTask        REG_SZ        "D:\Program Files\Rising\Rav\RavTask.exe" -system

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    ctfmon.exe        REG_SZ        C:\WINDOWS\system32\ctfmon.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
-
-------------------引导执行----------------------------
-
-------------------初始程序----------------------------
-
-------------------资源管理器加载项---------------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    {32CD708B-60A7-4C00-9377-D73EAA495F0F}        REG_SZ        Rising Execute File Exts hook

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    PostBootReminder        REG_SZ        {7849596a-48ea-486e-8937-a2a3009f31a9}
    CDBurn        REG_SZ        {fbeb8a05-beee-4442-804e-409d6c4515e9}
    WebCheck        REG_SZ        {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    SysTray        REG_SZ        {35CEC8A3-2BE6-11D2-8773-92E220524153}
-
-------------------IE加载项----------------------------

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlSearchHooks

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
-
-------------------映像劫持----------------------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jAvai.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVIDEoFX.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qFinder.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE
-
-------------------HOSTS文件内容----------------------------
-
-------------------各个盘的autorun.inf----------------------------

辉少

mDNSResponder.exe      244 "D:\Program Files\Bonjour\mDNSResponder.exe"
你把这个关掉试试

另外，你打开什么网页呀？
电脑没事就是你打开的网页有代码的

no-name

刚才好像又没有，了

我没有啥东西。。

奇怪。。

还有。你说的。关掉的，那个，在进程。里面。为什么是。。。system的。。。。。

辉少

不会吧?
好象不太可能哦
现在好了吗?

no-name

前几天是好了。。。我刚才看了一下又有那个进程。。一样的，。还是system的。。


气死我了。。。

还有。。。。装那个的文件夹。。我一直删不掉。。

然后我用你说的那个。。清理助手。。强删。。。结果还是没有删掉。。。而且删出问题。。来了。。

每次开别的程序。。的话。就会跳出那个。。文件里面的东西。出错。。。真的是郁闷。。。

no-name

还有。。用那个恶意软件清理的。。。查不出有啥的。。。

那个。。。。360也是一样的。。

辉少

是system的一般的都没问题的
你可以用unlock之类的删除
然后用优化大师优化一下看看
你之前那个问题现在没事了吧?