瑞星卡卡安全论坛
我非常郁闷 - 2005-7-14 9:48:00
HijackThis@Qoo的扫描日志 V1.97.7
Scan saved at 9:46:01, on 2005-7-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\rising\rav\CCenter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\rising\rav\RavMonD.exe
C:\WINDOWS\System32\IExplorer.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Tencent\qq\QQ.exe
C:\Program Files\Tencent\qq\TIMPlatform.exe
C:\Program Files\Tencent\qq\QQexternal.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\bak\飘云IP简装优化版\QQ.exe
G:\bak\飘云IP简装优化版\QQ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\zwb\LOCALS~1\Temp\Rar$EX35.2484\HijackThis.exe
R3 - URLSearchHook:
O1 - Hosts: 61.177.56.251 popme.163.com
O1 - Hosts: 61.177.56.251 www.xk99.com
O1 - Hosts: 61.177.56.251 www.006.net
O1 - Hosts: 61.177.56.251 006.net
O1 - Hosts: 61.177.56.251 www.cmfu.com
O1 - Hosts: 61.177.56.251 www.free120.com
O1 - Hosts: 61.177.56.251 www.4577.com
O1 - Hosts: 61.177.56.251 www.9617.com
O1 - Hosts: 61.177.56.251 www.fjwz.com
O1 - Hosts: 61.177.56.251 partner.cpc.sohu.com
O1 - Hosts: 61.177.56.251 ad4.sina.com.cn
O1 - Hosts: 61.177.56.251 music.17o8.comer.cpc.sohu.com
O1 - Hosts: 61.177.56.251 ad.tom.com
O1 - Hosts: 61.177.56.251 search.union.3721.com
O1 - Hosts: 61.177.56.251 post.baidu.com
O1 - Hosts: 61.177.56.251 mp3.baidu.com
O1 - Hosts: 61.177.56.251 image.baidu.com
O1 - Hosts: 61.177.56.251 site.google.com
O1 - Hosts: 61.177.56.251 flash.baidu.com
O1 - Hosts: 61.177.56.251 assistant.3721.com
O1 - Hosts: 61.177.56.251 pfp.sina.com.cn
O1 - Hosts: 61.177.56.251 cn.websearch.yahoo.com
O1 - Hosts: 61.177.56.251 sms.qq.com
O1 - Hosts: 61.177.56.251 www.qq.com
O1 - Hosts: 61.177.56.251 partner.lead2.com.cn
O1 - Hosts: 61.177.56.251 ad.cn.doubleclick.net
O1 - Hosts: 61.177.56.251 auto.search.msn.com
O1 - Hosts: 61.177.56.251 www.ourgame.com
O1 - Hosts: 61.177.56.251 www.the9.com
O1 - Hosts: 61.177.56.251 www.flashempire.com
O1 - Hosts: 61.177.56.251 www.qq163.com
O1 - Hosts: 61.177.56.251 www.9sky.com
O1 - Hosts: 61.177.56.251 www.tom-1.com
O1 - Hosts: 61.177.56.251 www.17173.com
O1 - Hosts: 61.177.56.251 www.yaotou.com
O1 - Hosts: 61.177.56.251 union.3721.com
O1 - Hosts: 61.177.56.251 music.feifa.com
O1 - Hosts: 61.177.56.251 www.vodfans.com
O1 - Hosts: 61.177.56.251 www.sogua.com
O1 - Hosts: 61.177.56.251 fm974.tom.com
O1 - Hosts: 61.177.56.251 ent.tom.com
O1 - Hosts: 61.177.56.251 music.tyfo.com
O1 - Hosts: 61.177.56.251 www.wanwa.com
O1 - Hosts: 61.177.56.251 www.guang.org
O1 - Hosts: 61.177.56.251 www.wz.zj.cn
O1 - Hosts: 61.177.56.251 www.3189.net
O1 - Hosts: 61.177.56.251 music.17o8.com
O1 - Hosts: 61.177.56.251 www.99music.net
O1 - Hosts: 61.177.56.251 www.cococ.com
O1 - Hosts: 61.177.56.251 www.qqqq.cn
O1 - Hosts: 61.177.56.251 www.bnb.com.cn
O1 - Hosts: 61.177.56.251 www.z163.com
O1 - Hosts: 61.177.56.251 game.163.com
O1 - Hosts: 61.177.56.251 games.sina.com.cn
O1 - Hosts: 61.177.56.251 www.v111.com
O1 - Hosts: 61.177.56.251 music.v111.com
O1 - Hosts: 61.177.56.251 www.3tom.com
O1 - Hosts: 61.177.56.251 www.xkqq.com
O1 - Hosts: 61.177.56.251 www.verymp3.com
O1 - Hosts: 61.177.56.251 www.91look.com
O1 - Hosts: 61.177.56.251 www.168101.com
O1 - Hosts: 61.177.56.251 www.cmfu.com
O1 - Hosts: 61.177.56.251 www.woogood.com
O1 - Hosts: 61.177.56.251 www.haodx.com
O1 - Hosts: 61.177.56.251 www.yingku.com
O1 - Hosts: 61.177.56.251 www.flash51.com
O1 - Hosts: 61.177.56.251 www.17haha.com
O1 - Hosts: 61.177.56.251 www.432.cn
O1 - Hosts: 61.177.56.251 www.cnxp.com
O1 - Hosts: 61.177.56.251 www.hjsm.net
O1 - Hosts: 61.177.56.251 music.8wa.com
O1 - Hosts: 61.177.56.251 www.66vv.com
O1 - Hosts: 61.177.56.251 www.musicfbi.com
O1 - Hosts: 61.177.56.251 www.vv66.com
O1 - Hosts: 61.177.56.251 www.139mm.com
O1 - Hosts: 61.177.56.251 www.130wg.com
O1 - Hosts: 61.177.56.251 www.flashsea.com
O1 - Hosts: 61.177.56.251 movie.59178.com
O1 - Hosts: 61.177.56.251 www.wo123.com
O1 - Hosts: 61.177.56.251 www.1ya.cn
O1 - Hosts: 61.177.56.251 www.happy8.cn
O1 - Hosts: 61.177.56.251 www.s6.cn
O1 - Hosts: 61.177.56.251 www.hao123.com
O1 - Hosts: 61.177.56.251 www.qqee.com
O1 - Hosts: 61.177.56.251 imgu.21cn.com
O1 - Hosts: 61.177.56.251 www.sohu123.com
O1 - Hosts: 61.177.56.251 www.chinamp3.com
O1 - Hosts: 61.177.56.251 www.18z.net
O1 - Hosts: 61.177.56.251 www.ssxs.com
O1 - Hosts: 61.177.56.251 www.fjwz.net
O1 - Hosts: 61.177.56.251 www.wo365.com
O1 - Hosts: 61.177.56.251 www.zhao99.com
O1 - Hosts: 61.177.56.251 www.cn808.net
O1 - Hosts: 61.177.56.251 www.tt55.net
O1 - Hosts: 61.177.56.251 www.mp3tt.com
O1 - Hosts: 61.177.56.251 www.yi5.com
O1 - Hosts: 61.177.56.251 www.haozs.com
O2 - BHO: (no name) - {4022F902-ABC7-4C79-924F-BB26F1D355A2} - C:\WINDOWS\System32\diybar2\diybar2.dll
O2 - BHO: (no name) - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\FLASHGET\jccatch.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\FLASHGET\fgiebar.dll
O3 - Toolbar: ????? - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINDOWS\System32\diybar2\diybar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Internet Explorer] IExplorer.exe
O4 - HKLM\..\Run: [internet.exe] C:/WINDOWS/systems.hta
O4 - HKCU\..\Run: [Windows32.exe] Windows32.exe
O4 - HKCU\..\Run: [IEXPLORE.EXE] IEXPLORE.EXE http://vod.hy265.com
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: ntuser.pol
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: !搜一搜 - res://C:\WINDOWS\DOWNLO~1\CnsMinEx.dll/1003
O8 - Extra context menu item: 使用网际快车下载 - D:\FLASHGET\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\FLASHGET\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - G:\bak\
O8 - Extra context menu item: 添加到QQ表情 - G:\bak\
O8 - Extra context menu item: 用QQ彩信发送该图片 - G:\bak\
O9 - Extra 'Tools' menuitem: Link Filter (HKLM)
O9 - Extra button: QQ (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O10 - Broken Internet access because of LSP provider '_hook.dll' missing
O11 - Options group: [!CNS]
O16 - DPF: {28E0FA88-ABA8-4937-A247-3031F1A11165} (Installer Class) - http://pi.51.net/download/diybar2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DFE812B-D2B0-4C23-BB5F-62BE85D57FF4}: NameServer = 61.153.177.202 61.153.177.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF18DD9A-B78F-4E66-9DBB-932FDA9B8CBC}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DFE812B-D2B0-4C23-BB5F-62BE85D57FF4}: NameServer = 61.153.177.202 61.153.177.200
哪位高手帮助一下啊,我在地址栏里输入www.qq.com可是打开的却是一个成人电影网站,而且此时地址栏里显示的也是www.qq.com,输入其他网址就不会了.怎么回事啊哪位大侠帮忙看看啊
baohe - 2005-7-14 9:56:00
| 引用: |
【我非常郁闷的贴子】
R3 - URLSearchHook:
O1 - Hosts: 61.177.56.251 popme.163.com
O1 - Hosts: 61.177.56.251 www.xk99.com
O1 - Hosts: 61.177.56.251 www.006.net
O1 - Hosts: 61.177.56.251 006.net
O1 - Hosts: 61.177.56.251 www.cmfu.com
O1 - Hosts: 61.177.56.251 www.free120.com
O1 - Hosts: 61.177.56.251 www.4577.com
O1 - Hosts: 61.177.56.251 www.9617.com
O1 - Hosts: 61.177.56.251 www.fjwz.com
O1 - Hosts: 61.177.56.251 partner.cpc.sohu.com
O1 - Hosts: 61.177.56.251 ad4.sina.com.cn
O1 - Hosts: 61.177.56.251 music.17o8.comer.cpc.sohu.com
O1 - Hosts: 61.177.56.251 ad.tom.com
O1 - Hosts: 61.177.56.251 search.union.3721.com
O1 - Hosts: 61.177.56.251 post.baidu.com
O1 - Hosts: 61.177.56.251 mp3.baidu.com
O1 - Hosts: 61.177.56.251 image.baidu.com
O1 - Hosts: 61.177.56.251 site.google.com
O1 - Hosts: 61.177.56.251 flash.baidu.com
O1 - Hosts: 61.177.56.251 assistant.3721.com
O1 - Hosts: 61.177.56.251 pfp.sina.com.cn
O1 - Hosts: 61.177.56.251 cn.websearch.yahoo.com
O1 - Hosts: 61.177.56.251 sms.qq.com
O1 - Hosts: 61.177.56.251 www.qq.com
O1 - Hosts: 61.177.56.251 partner.lead2.com.cn
O1 - Hosts: 61.177.56.251 ad.cn.doubleclick.net
O1 - Hosts: 61.177.56.251 auto.search.msn.com
O1 - Hosts: 61.177.56.251 www.ourgame.com
O1 - Hosts: 61.177.56.251 www.the9.com
O1 - Hosts: 61.177.56.251 www.flashempire.com
O1 - Hosts: 61.177.56.251 www.qq163.com
O1 - Hosts: 61.177.56.251 www.9sky.com
O1 - Hosts: 61.177.56.251 www.tom-1.com
O1 - Hosts: 61.177.56.251 www.17173.com
O1 - Hosts: 61.177.56.251 www.yaotou.com
O1 - Hosts: 61.177.56.251 union.3721.com
O1 - Hosts: 61.177.56.251 music.feifa.com
O1 - Hosts: 61.177.56.251 www.vodfans.com
O1 - Hosts: 61.177.56.251 www.sogua.com
O1 - Hosts: 61.177.56.251 fm974.tom.com
O1 - Hosts: 61.177.56.251 ent.tom.com
O1 - Hosts: 61.177.56.251 music.tyfo.com
O1 - Hosts: 61.177.56.251 www.wanwa.com
O1 - Hosts: 61.177.56.251 www.guang.org
O1 - Hosts: 61.177.56.251 www.wz.zj.cn
O1 - Hosts: 61.177.56.251 www.3189.net
O1 - Hosts: 61.177.56.251 music.17o8.com
O1 - Hosts: 61.177.56.251 www.99music.net
O1 - Hosts: 61.177.56.251 www.cococ.com
O1 - Hosts: 61.177.56.251 www.qqqq.cn
O1 - Hosts: 61.177.56.251 www.bnb.com.cn
O1 - Hosts: 61.177.56.251 www.z163.com
O1 - Hosts: 61.177.56.251 game.163.com
O1 - Hosts: 61.177.56.251 games.sina.com.cn
O1 - Hosts: 61.177.56.251 www.v111.com
O1 - Hosts: 61.177.56.251 music.v111.com
O1 - Hosts: 61.177.56.251 www.3tom.com
O1 - Hosts: 61.177.56.251 www.xkqq.com
O1 - Hosts: 61.177.56.251 www.verymp3.com
O1 - Hosts: 61.177.56.251 www.91look.com
O1 - Hosts: 61.177.56.251 www.168101.com
O1 - Hosts: 61.177.56.251 www.cmfu.com
O1 - Hosts: 61.177.56.251 www.woogood.com
O1 - Hosts: 61.177.56.251 www.haodx.com
O1 - Hosts: 61.177.56.251 www.yingku.com
O1 - Hosts: 61.177.56.251 www.flash51.com
O1 - Hosts: 61.177.56.251 www.17haha.com
O1 - Hosts: 61.177.56.251 www.432.cn
O1 - Hosts: 61.177.56.251 www.cnxp.com
O1 - Hosts: 61.177.56.251 www.hjsm.net
O1 - Hosts: 61.177.56.251 music.8wa.com
O1 - Hosts: 61.177.56.251 www.66vv.com
O1 - Hosts: 61.177.56.251 www.musicfbi.com
O1 - Hosts: 61.177.56.251 www.vv66.com
O1 - Hosts: 61.177.56.251 www.139mm.com
O1 - Hosts: 61.177.56.251 www.130wg.com
O1 - Hosts: 61.177.56.251 www.flashsea.com
O1 - Hosts: 61.177.56.251 movie.59178.com
O1 - Hosts: 61.177.56.251 www.wo123.com
O1 - Hosts: 61.177.56.251 www.1ya.cn
O1 - Hosts: 61.177.56.251 www.happy8.cn
O1 - Hosts: 61.177.56.251 www.s6.cn
O1 - Hosts: 61.177.56.251 www.hao123.com
O1 - Hosts: 61.177.56.251 www.qqee.com
O1 - Hosts: 61.177.56.251 imgu.21cn.com
O1 - Hosts: 61.177.56.251 www.sohu123.com
O1 - Hosts: 61.177.56.251 www.chinamp3.com
O1 - Hosts: 61.177.56.251 www.18z.net
O1 - Hosts: 61.177.56.251 www.ssxs.com
O1 - Hosts: 61.177.56.251 www.fjwz.net
O1 - Hosts: 61.177.56.251 www.wo365.com
O1 - Hosts: 61.177.56.251 www.zhao99.com
O1 - Hosts: 61.177.56.251 www.cn808.net
O1 - Hosts: 61.177.56.251 www.tt55.net
O1 - Hosts: 61.177.56.251 www.mp3tt.com
O1 - Hosts: 61.177.56.251 www.yi5.com
O1 - Hosts: 61.177.56.251 www.haozs.com
哪位高手帮助一下啊,我在地址栏里输入www.qq.com可是打开的却是一个成人电影网站,而且此时地址栏里显示的也是www.qq.com,输入其他网址就不会了.怎么回事啊哪位大侠帮忙看看啊
........................... |
你的主要问题在这里——hosts文件被窜改的面目全非!请修复这些O1项。
不过这只是现象。问题的根源在于——你的系统中有木马。
C:\WINDOWS\System32\IExplorer.exe
这就是其中一个。请将此文件打包传上来。
其它的,也不是没有问题。日志太乱!看得眼花。待我慢慢看来。
baohe - 2005-7-14 9:58:00
【回复“我非常郁闷”的帖子】
O4 - HKLM\..\Run: [Internet Explorer] IExplorer.exe
O4 - HKLM\..\Run: [internet.exe] C:/WINDOWS/systems.hta
O4 - HKCU\..\Run: [Windows32.exe] Windows32.exe
O4 - HKCU\..\Run: [IEXPLORE.EXE] IEXPLORE.EXE http://vod.hy265.com
这几项必须修复。修复前关闭浏览器及HijackThis以外得所有应用程序。
baohe - 2005-7-14 9:59:00
【回复“我非常郁闷”的帖子】
O10 - Broken Internet access because of LSP provider '_hook.dll' missing
这项要用LSPFix修复。网上可以找到这个工具。
baohe - 2005-7-14 10:01:00
【回复“我非常郁闷”的帖子】
HijackThis V1.97.7版本较低,日志扫不全。建议用HijackThis1.99.1再扫日志贴上来。
广场 - 2005-7-14 10:02:00
这份日志不错,东西挺多。
我非常郁闷 - 2005-7-14 10:04:00
谢谢斑竹啊,真的麻烦你了!
对了打包是什么意思啊
不好意思不会啊
baohe - 2005-7-14 10:08:00
| 引用: |
【我非常郁闷的贴子】谢谢斑竹啊,真的麻烦你了!
对了打包是什么意思啊
不好意思不会啊
........................... |
看这个帖子。
http://forum.ikaka.com/topic.asp?board=28&artid=6267232
我非常郁闷 - 2005-7-14 10:24:00
刚才保存的那个要上传的时候上哪里找呢
我非常郁闷 - 2005-7-14 10:42:00
【回复“baohe”的帖子】
我已经把这四个修复了,还有O1也全部都要修复吗
baohe - 2005-7-14 10:48:00
| 引用: |
【我非常郁闷的贴子】【回复“baohe”的帖子】
我已经把这四个修复了,还有O1也全部都要修复吗
........................... |
对。
我非常郁闷 - 2005-7-14 10:53:00
啊那要不要重启到安全模式再修复
baohe - 2005-7-14 11:01:00
| 引用: |
【我非常郁闷的贴子】啊那要不要重启到安全模式再修复
........................... |
修复O1项,没必要重启到安全模式。重要的是——先将病毒/木马杀净。否则,你修复不完。做事,要讲究章法。
我非常郁闷 - 2005-7-14 13:19:00
我非常郁闷 - 2005-7-14 13:21:00
Logfile of HijackThis v1.99.1
Scan saved at 13:20:39, on 2005-7-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\rising\rav\CCenter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\rising\rav\RavMonD.exe
C:\WINDOWS\System32\IExplorer.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\zwb\LOCALS~1\Temp\Rar$EX00.204\HijackThis.exe
R3 - URLSearchHook: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINDOWS\System32\diybar2\diybar2.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Windows32.exe
O2 - BHO: LinkFilter Class - {4022F902-ABC7-4C79-924F-BB26F1D355A2} - C:\WINDOWS\System32\diybar2\diybar2.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\FLASHGET\jccatch.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\FLASHGET\fgiebar.dll
O3 - Toolbar: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINDOWS\System32\diybar2\diybar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Windows32.exe] Windows32.exe
O4 - Startup: 我的宽带.lnk = ?
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\qq\QQ.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: !搜一搜 - res://C:\WINDOWS\DOWNLO~1\CnsMinEx.dll/1003
O8 - Extra context menu item: 使用网际快车下载 - D:\FLASHGET\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\FLASHGET\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - G:\bak\飘云IP简装优化版\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - G:\bak\飘云IP简装优化版\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - G:\bak\飘云IP简装优化版\SendMMS.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_newhua_5424 (file missing)
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\浩方对战平台\GameClient.exe
O9 - Extra button: (no name) - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Link Filter - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O10 - Broken Internet access because of LSP provider '_hook.dll' missing
O11 - Options group: [!CNS] 网络实名
O16 - DPF: {28E0FA88-ABA8-4937-A247-3031F1A11165} (Installer Class) - http://pi.51.net/download/diybar2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DFE812B-D2B0-4C23-BB5F-62BE85D57FF4}: NameServer = 61.153.177.202 61.153.177.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF18DD9A-B78F-4E66-9DBB-932FDA9B8CBC}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DFE812B-D2B0-4C23-BB5F-62BE85D57FF4}: NameServer = 61.153.177.202 61.153.177.200
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\Program Files\rising\rav\CCenter.exe
O23 - Service: Rising Realtime Monitor Service (RsRavMon) - rising - C:\Program Files\rising\rav\RavMonD.exe
这个是用HijackThis V1.99.1扫描的日志,麻烦斑竹帮忙看看啊
建能 - 2005-7-14 13:35:00
R3 - URLSearchHook: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINDOWS\System32\diybar2\diybar2.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Windows32.exe
O2 - BHO: LinkFilter Class - {4022F902-ABC7-4C79-924F-BB26F1D355A2} - C:\WINDOWS\System32\diybar2\diybar2.dll
O3 - Toolbar: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINDOWS\System32\diybar2\diybar2.dll
O4 - HKCU\..\Run: [Windows32.exe] Windows32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {28E0FA88-ABA8-4937-A247-3031F1A11165} (Installer Class) - http://pi.51.net/download/diybar2.cab
如果使用了系统还原,请先关闭。
请关闭所有浏览器窗口和文件夹窗口, 在安全摸试下修复上面几项)(如果你清楚某项是安全的,可以不处理)
,将隐藏的文件不隐藏。找到下面几项C:\WINDOWS\Windows32.exe
C:\WINDOWS\System32\diybar2\diybar2.dll
把它们删除。
我非常郁闷 - 2005-7-14 14:02:00
谢谢
系统还原是什么意思啊
建能 - 2005-7-14 14:18:00
关闭windows me/xp的系统还原功能
windows me/xp内置了系统还原功能,这个特性使用户在系统出现问题时快速恢复到以前正常状态且不会丢失用户数据。
有些恶意文件也可能会被系统还原功能备份和恢复,这可能会导致我们的修复工作不见效果。
关闭Windows XP 系统还原
单击“开始”。 右击“我的电脑”,然后单击“属性”。
单击“系统还原”选项卡。
选中“关闭系统还原”或“关闭所有驱动器上的系统还原”。
单击“应用”,然后单击“确定”。
如前面指出的,这会将之前所有的还原点清除。单击“是”。
单击“确定”。
冷雨夜阑 - 2005-7-14 14:43:00
郁闷。能不能用最新1.99.1的扫个LOG
我非常郁闷 - 2005-7-14 14:56:00
多谢隔楼的高手,我刚才用安全模式登陆了,分别通过zwb和admin^进去了,可是用HijackThis一扫描,没有发现R3,O6-hkcu\software\policies 点下文件的选项卡,属性也是不可用的.还有在C盘里没找着C:\WINDOWS\SYSTEM32\DIYBAR2\DIYBAR2.DLL 倒是发现了一个C:\WINDOWS\WINDOWS32.DLL 可是删不了. C:\WINDOWS\WINDOWS32.EXE没有发现,是不是一个正方形的框,上半部分是兰色的?
jijip - 2005-7-14 14:58:00
删不掉的请下载killbox强行删除!
如果拿不定主意请压缩备份后删除
我非常郁闷 - 2005-7-14 14:59:00
我就是用1.99.1扫的啊
我非常郁闷 - 2005-7-14 16:01:00
啊这么快就沉了
顶一下,顺便谢谢给我帮助的各位,QQ首页终于能登上去拉!
大家用显卡一般是2D还是3D 呢?
1
© 2000 - 2026 Rising Corp. Ltd.