Q:
CPU無援無故100%
開機 我按CTRL+ALT+DELETE CPU就100% 過了一秒 CPU有正常 關掉再按
CPU又100% 鬱悶 機卡。。。
我的系統是WINXP 是不是病毒?
A:
可能中了間諜程式..不過先用hijackthis掃瞄'
1.下載最新官方版本HijackThis 1.99.1:
http://www.merijn.org/files/hijackthis.zip
2.解開hijackthis.zip,執行HijackThis.exe
3.點擊 Do a system scan and save a logfile
4.掃瞄完成後,一個記事本彈出來,把裡面的Log發上來
Q:
你看看哪個工作行程佔了大量的CPU啊
A:
工作行程都沒有特別大的
Logfile of HijackThis v1.99.1
Scan saved at 16:30:10, on 2006-6-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\VIPTray.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Thunder Network\Thunder\Thunder.exe
D:\121\HijackThis.exe
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_8888.dll
O2 - BHO: BrowserHelper Class - {2D99E8F4-56B7-457B-9A92-61B5D247D263} - C:\WINDOWS\system32\WinDefendor.dll
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O2 - BHO: CAISHOW TOOLBAR - {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} - C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll
O2 - BHO: 網路加速 - {5673A7C0-95CC-4646-BB07-3BD71234CEF9} - C:\WINDOWS\system32\MicrosoftNet.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [caishowmanage] C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE
O4 - Global Startup: IE-BAR.lnk = ?
O8 - Extra context menu item: &使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\QQ2005\AddToNetDisk.htm
O8 - Extra context menu item: 使用影音傳送帶下載 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音傳送帶下載全部鏈接 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 匯出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\QQ2005\AddPanel.htm
O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\QQ2005\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\QQ2005\SendMMS.htm
O8 - Extra context menu item: 用炫彩圖鈴發送該圖片 - C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm
O9 - Extra button: 中文上網 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - Extra 'Tools' menuitem: 中文上網 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - Extra button: 微軟 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} -
http://www.microsoft.com/china/index.htm (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\QQ2005\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 騰訊QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\QQ2005\QQ.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [CDNCLIENT] 中文上網
O17 - HKLM\System\CCS\Services\Tcpip\..\{A668D9A3-C551-438A-8088-8212FEA42836}: NameServer = 202.100.192.68 202.100.199.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{A67DBC2B-1ECB-447A-A753-36E5C307F052}: NameServer = 202.100.192.68,202.100.192.8
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: VIPTray - Unknown owner - C:\WINDOWS\System32\VIPTray.exe
Q:
可是之前沒有啊。。。
A:
暈,你按CTRL+ALT+DELETE,會出現短暫如是100%正常現象啊
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [CDNCLIENT] 中文上網
O23 - Service: VIPTray - Unknown owner - C:\WINDOWS\System32\VIPTray.exe
這個幹掉
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_8888.dll
O2 - BHO: BrowserHelper Class - {2D99E8F4-56B7-457B-9A92-61B5D247D263} - C:\WINDOWS\system32\WinDefendor.dll
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O2 - BHO: CAISHOW TOOLBAR - {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} - C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll
O23 - Service: VIPTray - Unknown owner - C:\WINDOWS\System32\VIPTray.exe
修復這些,使用惡意軟件清理助手(有鏈接)卸載流氓軟件
卸載 IE-BAR
用HijackThis修復下面項
O2 - BHO: BrowserHelper Class - {2D99E8F4-56B7-457B-9A92-61B5D247D263} - C:\WINDOWS\system32\WinDefendor.dll
O23 - Service: VIPTray - Unknown owner - C:\WINDOWS\System32\VIPTray.exe
下載Dr.Web CureIT!
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
執行殺毒,先會自動掃瞄記憶體工作行程和啟動項,自動掃瞄結束後,手工選中所有的硬碟分區再次殺毒.
最後把殺毒報告發上來 File->Save report list
刪除下面文件
C:\WINDOWS\system32\WinDefendor.dll
C:\WINDOWS\System32\VIPTray.exe