用了黄山IE修复器打不开HijackThis，跳出连不上动态数据库Msvbvm60.dll bbs.ikaka.com

bloodsky - 2005-12-6 9:31:00

现在系统启动就变成自动安装office2000了，奇怪了，连HijackThis也打不开了

bloodsky - 2005-12-6 9:33:00

现在把KAKA扫描日志发上来
Logfile of Kaka v2. 0. 0. 2 Scan Module v2. 0. 0. 1
Scan saved at 09:21:46, on 2005-12-06
Platform: Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)
MSIE: Internet Explorer v6.00 SP1;Q867801;Q903235;Q837009; (6.00.2800.1106)

Running processes:
[smss.exe]
CommandLine =

[csrss.exe]
CommandLine = D:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[winlogon.exe]
CommandLine = winlogon.exe

[services.exe]
CommandLine = D:\WINNT\system32\services.exe

[lsass.exe]
CommandLine = D:\WINNT\system32\lsass.exe

[Ravmond.exe]
CommandLine = "E:\PROGRAM FILES\RISING\RAV\Ravmond.exe"

[RavStub.exe]
CommandLine = "E:\PROGRAM FILES\RISING\RAV\RavStub.exe" /RAVMOND

[rfwsrv.exe]
CommandLine = "e:\program files\rising\rfw\rfwsrv.exe"

[svchost.exe]
CommandLine = D:\WINNT\system32\svchost -k rpcss

[spoolsv.exe]
CommandLine = D:\WINNT\system32\spoolsv.exe

[svchost.exe]
CommandLine = D:\WINNT\System32\svchost.exe -k netsvcs

[nvsvc32.exe]
CommandLine = D:\WINNT\System32\nvsvc32.exe

[CCENTER.EXE]
CommandLine = "E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"

[WinMgmt.exe]
CommandLine = D:\WINNT\System32\WBEM\WinMgmt.exe

[svchost.exe]
CommandLine = D:\WINNT\system32\svchost.exe -k wugroup

[Explorer.EXE]
CommandLine = D:\WINNT\Explorer.EXE

[RfwMain.exe]
CommandLine = -StartUp

[internat.exe]
CommandLine = "D:\WINNT\system32\internat.exe"

[QQ.exe]
CommandLine = "E:\Program Files\TENCENT1\QQ\QQ.exe"

[TIMPlatform.exe]
CommandLine = "E:\Program Files\TENCENT1\QQ\TIMPlatform.exe" -Embedding

[svchost.exe]
CommandLine = D:\WINNT\System32\svchost.exe -k BITSgroup

[iexplore.exe]
CommandLine = "D:\Program Files\Internet Explorer\iexplore.exe"

[RavMon.exe]
CommandLine = "E:\PROGRAM FILES\RISING\RAV\RAVMON.EXE"

[KkScan.exe]
CommandLine = "D:\Program Files\Rising\KakaToolBar\KkScan.exe"

R3 - Default URLSearchHook is missing

bloodsky - 2005-12-6 9:34:00

R3 - Default URLSearchHook is missing
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.139cn.com
O1 - Hosts: 127.0.0.1 www.7liao.com
O1 - Hosts: 127.0.0.1 chat.51liao.net
O1 - Hosts: 127.0.0.1 www.51liao.net
O1 - Hosts: 127.0.0.1 www.7liao.net
O1 - Hosts: 127.0.0.1 www.6see.com
O1 - Hosts: 127.0.0.1 bliao.com
O1 - Hosts: 127.0.0.1 www.bliao.com
O1 - Hosts: 127.0.0.1 www.hao222.net
O1 - Hosts: 127.0.0.1 www.hao222.com
O1 - Hosts: 127.0.0.1 www.v111.com
O1 - Hosts: 127.0.0.1 music.v111.com
O1 - Hosts: 127.0.0.1 www.qq165.com
O1 - Hosts: 127.0.0.1 www.xicu.com
O1 - Hosts: 127.0.0.1 www.haodx.com
O1 - Hosts: 127.0.0.1 www.haohz.com
O1 - Hosts: 127.0.0.1 www.265.com
O1 - Hosts: 127.0.0.1 www.dj99.com
O1 - Hosts: 127.0.0.1 www.dj99.net
O1 - Hosts: 127.0.0.1 265.com
O1 - Hosts: 127.0.0.1 www.yqdj.com
O1 - Hosts: 127.0.0.1 www.qq530.com
O1 - Hosts: 127.0.0.1 www.tt67.com
O1 - Hosts: 127.0.0.1 ad.t2t2.com
O1 - Hosts: 127.0.0.1 www.yexr.com
O1 - Hosts: 127.0.0.1 chat.9see.com
O1 - Hosts: 127.0.0.1 www.ok816.com
O1 - Hosts: 127.0.0.1 www.3399.net
O1 - Hosts: 127.0.0.1 www.ads8.com
O1 - Hosts: 127.0.0.1 www.5566.net
O1 - Hosts: 127.0.0.1 www.t2t2.com
O1 - Hosts: 127.0.0.1 popad.qq.com
O1 - Hosts: 127.0.0.1 v.jsdownload.com
O1 - Hosts: 127.0.0.1 www.linktoad.com
O1 - Hosts: 127.0.0.1 club.homeway.com.cn
O1 - Hosts: 127.0.0.1 sms1.ctn.com.cn
O1 - Hosts: 127.0.0.1 sms2.ctn.com.cn
O1 - Hosts: 127.0.0.1 sms3.ctn.com.cn
O1 - Hosts: 127.0.0.1 www.331122.com
O1 - Hosts: 127.0.0.1 mmpic.uni.cc
O1 - Hosts: 127.0.0.1 www.love34.com
O1 - Hosts: 127.0.0.1 www.free-movie.org
O1 - Hosts: 127.0.0.1 www.skyhits.com
O1 - Hosts: 127.0.0.1 www.rd18.com
O1 - Hosts: 127.0.0.1 tadsweb.tencent.com
O1 - Hosts: 127.0.0.1 www.vlike.com
O1 - Hosts: 127.0.0.1 www.chinasee.net
O1 - Hosts: 127.0.0.1 www.japansky.net
O1 - Hosts: 127.0.0.1 www.3721.com
O1 - Hosts: 127.0.0.1 cnsmin.3721.com
O1 - Hosts: 127.0.0.1 download.3721.com
O1 - Hosts: 127.0.0.1 union.3721.com
O1 - Hosts: 127.0.0.1 3721.net
O1 - Hosts: 127.0.0.1 address.3721.com
O1 - Hosts: 127.0.0.1 assistant.3721.com

bloodsky - 2005-12-6 9:34:00

O1 - Hosts: 127.0.0.1 www.225.com.cn
O1 - Hosts: 127.0.0.1 ads.china.com
O1 - Hosts: 127.0.0.1 www.yes521.com
O1 - Hosts: 127.0.0.1 www.today6.com
O1 - Hosts: 127.0.0.1 www.h2004.com
O1 - Hosts: 127.0.0.1 www.movie4.com
O1 - Hosts: 127.0.0.1 www.rm88.com
O1 - Hosts: 127.0.0.1 www.qq300.com
O1 - Hosts: 127.0.0.1 www.qq500.com
O1 - Hosts: 127.0.0.1 www.av126.com
O1 - Hosts: 127.0.0.1 www.kissmm.com
O1 - Hosts: 127.0.0.1 www.cn808.net
O1 - Hosts: 127.0.0.1 www.hao168.com
O1 - Hosts: 127.0.0.1 www.mm91.com
O1 - Hosts: 127.0.0.1 www.huole.com
O1 - Hosts: 127.0.0.1 www.kan69.com
O1 - Hosts: 127.0.0.1 ulinkdir.tom.com
O1 - Hosts: 127.0.0.1 cpc.sohu.com
O1 - Hosts: 127.0.0.1 images.sohu.com
O1 - Hosts: 127.0.0.1 adv.pconline.com.cn
O1 - Hosts: 127.0.0.1 goto.sohu.com
O1 - Hosts: 127.0.0.1 images2.sohu.com
O1 - Hosts: 127.0.0.1 www.sexy-books.com
O1 - Hosts: 127.0.0.1 www.xxbooks.com
O1 - Hosts: 127.0.0.1 www.18it.com
O1 - Hosts: 127.0.0.1 www.cnxxx.com
O1 - Hosts: 127.0.0.1 www.18-girl.net
O1 - Hosts: 127.0.0.1 ad.tom.com
O1 - Hosts: 127.0.0.1 ad4.sina.com.cn
O1 - Hosts: 127.0.0.1 sina.allyes.com
O1 - Hosts: 127.0.0.1 adtaobao.allyes.com
O1 - Hosts: 127.0.0.1 smarttrade.allyes.com
O1 - Hosts: 127.0.0.1 tom.allyes.com
O1 - Hosts: 127.0.0.1 szwindow.allyes.com
O1 - Hosts: 127.0.0.1 eachnetmember.allyes.com
O1 - Hosts: 127.0.0.1 iplus.allyes.com
O1 - Hosts: 127.0.0.1 sinatest.allyes.com
O1 - Hosts: 127.0.0.1 casting9.allyes.com
O1 - Hosts: 127.0.0.1 yinsha.allyes.com
O1 - Hosts: 127.0.0.1 stockstar.allyes.com
O1 - Hosts: 127.0.0.1 www.001x.com
O1 - Hosts: 127.0.0.1 www.hksexweb.com
O1 - Hosts: 127.0.0.1 www.99adultx.com
O1 - Hosts: 127.0.0.1 www2.xfreehosting.com
O1 - Hosts: 127.0.0.1 www1.xfreehosting.com
O1 - Hosts: 127.0.0.1 www.w555.net
O1 - Hosts: 127.0.0.1 www.excitecity.com
O1 - Hosts: 127.0.0.1 www.0xing.com
O1 - Hosts: 127.0.0.1 sba.3322.net
O1 - Hosts: 127.0.0.1 www.zgxl.net
O1 - Hosts: 127.0.0.1 www.qqpic.com
O1 - Hosts: 127.0.0.1 webspacecn.com
O1 - Hosts: 127.0.0.1 www.yeapple.com
O1 - Hosts: 127.0.0.1 manage.link8.com
O1 - Hosts: 127.0.0.1 www.web888.org
O1 - Hosts: 127.0.0.1 www.432.cn
O1 - Hosts: 127.0.0.1 www.kan123.com
O1 - Hosts: 127.0.0.1 www.3tom.com
O1 - Hosts: 127.0.0.1 www.sotop.com
O1 - Hosts: 127.0.0.1 www3.7789.com
O1 - Hosts: 127.0.0.1 www.66036.com
O1 - Hosts: 127.0.0.1 www1.66036.com
O1 - Hosts: 127.0.0.1 www2.66036.com
O1 - Hosts: 127.0.0.1 www3.66036.com
O1 - Hosts: 127.0.0.1 www4.66036.com
O1 - Hosts: 127.0.0.1 www5.66036.com
O1 - Hosts: 127.0.0.1 www6.66036.com
O1 - Hosts: 127.0.0.1 www7.66036.com
O1 - Hosts: 127.0.0.1 www8.66036.com
O1 - Hosts: 127.0.0.1 www9.66036.com
O1 - Hosts: 127.0.0.1 www10.66036.com
O1 - Hosts: 127.0.0.1 tj4.7789.com
O1 - Hosts: 127.0.0.1 tj5.7789.com
O1 - Hosts: 127.0.0.1 tj6.7789.com
O1 - Hosts: 127.0.0.1 tj7.7789.com
O1 - Hosts: 127.0.0.1 www.7789.com
O1 - Hosts: 127.0.0.1 count.zhao123.com
O1 - Hosts: 127.0.0.1 count1.zhao123.com
O1 - Hosts: 127.0.0.1 count2.zhao123.com
O1 - Hosts: 127.0.0.1 count3.zhao123.com
O1 - Hosts: 127.0.0.1 count4.zhaocount.com
O1 - Hosts: 127.0.0.1 count5.zhaocount.com
O1 - Hosts: 127.0.0.1 count6.zhaocount.com
O1 - Hosts: 127.0.0.1 count7.zhaocount.com
O1 - Hosts: 127.0.0.1 count8.zhaocount.com
O1 - Hosts: 127.0.0.1 count9.zhaocount.com
O1 - Hosts: 127.0.0.1 count10.zhaocount.com
O1 - Hosts: 127.0.0.1 count11.zhaocount.com
O1 - Hosts: 127.0.0.1 tj1.mytongji.com
O1 - Hosts: 127.0.0.1 count1.99count.com
O1 - Hosts: 127.0.0.1 www.99count.com
O1 - Hosts: 127.0.0.1 bar.baidu.com
O1 - Hosts: 127.0.0.1 www2.7789.com
O1 - Hosts: 127.0.0.1 www.guang.org
O1 - Hosts: 127.0.0.1 www.dlmovie.com
O1 - Hosts: 127.0.0.1 www.91look.com
O1 - Hosts: 127.0.0.1 www.kan51.com
O1 - Hosts: 127.0.0.1 www.mewo.com
O1 - Hosts: 127.0.0.1 coolsite21.com
O1 - Hosts: 127.0.0.1 www.t3j4.com
O1 - Hosts: 127.0.0.1 www.yun8.com
O1 - Hosts: 127.0.0.1 film.yun8.com
O1 - Hosts: 127.0.0.1 www.wo123.com
O1 - Hosts: 127.0.0.1 www.da123.com
O1 - Hosts: 127.0.0.1 www.huole.com
O1 - Hosts: 127.0.0.1 www.1ya.cn
O1 - Hosts: 127.0.0.1 www.sleazydream.com
O1 - Hosts: 127.0.0.1 www.easypic2.com
O1 - Hosts: 127.0.0.1 serv.sexushost.com
O1 - Hosts: 127.0.0.1 www.xfreehosting.com
O1 - Hosts: 127.0.0.1 www.888txt.com
O1 - Hosts: 127.0.0.1 asiafriendfinder.com
O1 - Hosts: 127.0.0.1 www3.cool168.com
O1 - Hosts: 127.0.0.1 www2.cool168.com
O1 - Hosts: 127.0.0.1 www1.cool168.com
O1 - Hosts: 127.0.0.1 www.happy8.cn
O1 - Hosts: 127.0.0.1 www.topsex2k.com
O1 - Hosts: 127.0.0.1 topxxx.sexushost.com
O1 - Hosts: 127.0.0.1 www.cool168.com
O1 - Hosts: 127.0.0.1 www.s6.cn
O1 - Hosts: 127.0.0.1 popme.163.com
O1 - Hosts: 127.0.0.1 adclient.163.com
O1 - Hosts: 127.0.0.1 fadama.com
O1 - Hosts: 127.0.0.1 www.66vv.com
O1 - Hosts: 127.0.0.1 www.qqee.com
O1 - Hosts: 127.0.0.1 www.sohu123.com
O1 - Hosts: 127.0.0.1 www.xgmm.com
O1 - Hosts: 127.0.0.1 www.7t7t.com
O1 - Hosts: 127.0.0.1 www.cnimg.com
O1 - Hosts: 127.0.0.1 www.love34.com
O1 - Hosts: 127.0.0.1 cdn2.cnnic.cn
O1 - Hosts: 127.0.0.1 cool.vv66.com
O1 - Hosts: 127.0.0.1 www.vv66.com
O1 - Hosts: 127.0.0.1 www.freepicturepage.com
O1 - Hosts: 127.0.0.1 www.snasty.com
O1 - Hosts: 127.0.0.1 www.yourcage.com
O1 - Hosts: 127.0.0.1 www.shagadelic.com
O1 - Hosts: 127.0.0.1 hualiao.net
O1 - Hosts: 127.0.0.1 www.qq163.com
O1 - Hosts: 127.0.0.1 www.qq163.net
O1 - Hosts: 127.0.0.1 www.superdown.com
O1 - Hosts: 127.0.0.1 web.114.com.cn
O1 - Hosts: 127.0.0.1 www.114.com.cn
O1 - Hosts: 127.0.0.1 9see.com
O1 - Hosts: 127.0.0.1 www.91f.cn

bloodsky - 2005-12-6 9:34:00

O1 - Hosts: 127.0.0.1 wwww.tthao.com
O1 - Hosts: 127.0.0.1 www.91f.org
O1 - Hosts: 127.0.0.1 www.v23.com
O1 - Hosts: 127.0.0.1 cn.yimg.com
O1 - Hosts: 127.0.0.1 auto.search.msn.com
O1 - Hosts: 127.0.0.1 x2.51link.com
O1 - Hosts: 127.0.0.1 x1.51link.com
O1 - Hosts: 127.0.0.1 www.textlink.cn
O1 - Hosts: 127.0.0.1 stat.textclick.com
O1 - Hosts: 127.0.0.1 www.easyhere.com
O1 - Hosts: 127.0.0.1 www.xxx168.com
O1 - Hosts: 127.0.0.1 ally.263.net
O1 - Hosts: 127.0.0.1 www.hualiao.net
O1 - Hosts: 127.0.0.1 www.xchina.com
O1 - Hosts: 127.0.0.1 www.sex.com
O1 - Hosts: 127.0.0.1 www.3xcn.com
O1 - Hosts: 127.0.0.1 www.20girl.com
O1 - Hosts: 127.0.0.1 www.x365x.com
O1 - Hosts: 127.0.0.1 chat.263.net
O1 - Hosts: 127.0.0.1 chat.yinsha.com
O1 - Hosts: 127.0.0.1 chat.tom.com
O1 - Hosts: 127.0.0.1 chat.xilu.com
O1 - Hosts: 127.0.0.1 www.aliao.com
O1 - Hosts: 127.0.0.1 chat.163.com
O1 - Hosts: 127.0.0.1 www.haoliao.com
O1 - Hosts: 127.0.0.1 www.liaoliao.com
O1 - Hosts: 127.0.0.1 www.haoliao.net
O1 - Hosts: 127.0.0.1 www.haoliao.cn
O1 - Hosts: 127.0.0.1 www.qqliao.com
O1 - Hosts: 127.0.0.1 www.qliao.com
O1 - Hosts: 127.0.0.1 www.loveliao.com
O1 - Hosts: 127.0.0.1 www.mmliao.com
O1 - Hosts: 127.0.0.1 mmliao.com
O1 - Hosts: 127.0.0.1 aliao.com
O1 - Hosts: 127.0.0.1 liaoliao.com
O1 - Hosts: 127.0.0.1 chat.qq.com
O1 - Hosts: 127.0.0.1 vchat.xaonline.com
O1 - Hosts: 127.0.0.1 www.loveliao.net
O1 - Hosts: 127.0.0.1 loveliao.net
O1 - Hosts: 127.0.0.1 www.chinamp3.com
O1 - Hosts: 127.0.0.1 www.9sky.com
O1 - Hosts: 127.0.0.1 www.sogua.com
O1 - Hosts: 127.0.0.1 sogua.com
O1 - Hosts: 127.0.0.1 www.99music.net
O1 - Hosts: 127.0.0.1 www.yzskdj.com
O1 - Hosts: 127.0.0.1 loveliao.com
O1 - Hosts: 127.0.0.1 haoliao.com
O1 - Hosts: 127.0.0.1 music.feifa.com
O1 - Hosts: 127.0.0.1 www.aisex.com
O1 - Hosts: 127.0.0.1 www.movie-down.com
O1 - Hosts: 127.0.0.1 www2.movie-down.com
O1 - Hosts: 127.0.0.1 movie-down.com
O1 - Hosts: 127.0.0.1 www.tt90.com
O1 - Hosts: 127.0.0.1 www.tt78.com
O1 - Hosts: 127.0.0.1 www.tiankong.net
O1 - Hosts: 127.0.0.1 tiankong.net
O1 - Hosts: 127.0.0.1 www.qqchat.cn
O1 - Hosts: 127.0.0.1 www.yymp3.com
O1 - Hosts: 127.0.0.1 www.9see.com
O1 - Hosts: 127.0.0.1 www.woliao.net
O1 - Hosts: 127.0.0.1 www.woliao.com
O1 - Hosts: 127.0.0.1 www.kuro.com.cn
O1 - Hosts: 127.0.0.1 www.qq163.com
O1 - Hosts: 127.0.0.1 www.wangzhiku.com
O1 - Hosts: 127.0.0.1 　　 localhost
O1 - Hosts: 127.0.0.1 　 www.qq3344.com # 包含qq病毒
O1 - Hosts: 127.0.0.1 　 www.dj3344.com 　　　# qq病毒
O1 - Hosts: 127.0.0.1 　 www.qq3344.com 　　　# qq病毒
O1 - Hosts: 127.0.0.1 　 www.yysky.net 　　　 # qq病毒
O1 - Hosts: 127.0.0.1 　 www.cnqb.net 　　　　# 禁止你的注册表，改首页，改右键
O1 - Hosts: 127.0.0.1 　 hothack.home.chinaren.com
O1 - Hosts: 127.0.0.1 　 www.777888.com
O1 - Hosts: 127.0.0.1 　 www.5dsoft.com
O1 - Hosts: 127.0.0.1 　 www.wokoo.net
O1 - Hosts: 127.0.0.1 　　 movie.sx.zj.cn
O1 - Hosts: 127.0.0.1 　　 xyxy68.8u8.net
O1 - Hosts: 127.0.0.1 　 www.youmiss.com
O1 - Hosts: 127.0.0.1 　　 www.cctv8.net
O1 - Hosts: 127.0.0.1 　　 www.kuliao.com
O1 - Hosts: 127.0.0.1 　　 www.yyqy.com
O1 - Hosts: 127.0.0.1 　　 www.sunvod.com
O1 - Hosts: 127.0.0.1 　　 www.t168.com
O1 - Hosts: 127.0.0.1 　　 www.wokoo.net
O1 - Hosts: 127.0.0.1 　　 www.coolcdrom.com # 要特别小心这个网站，它会在你启动组里做手脚
O1 - Hosts: 127.0.0.1 　　 www.zhengdian.com
O1 - Hosts: 127.0.0.1 　　 girlchinese.com 　　# 修改ie主页
O1 - Hosts: 127.0.0.1 　　 www.girl008.com
O1 - Hosts: 127.0.0.1 　　 xajh.15888.net
O1 - Hosts: 127.0.0.1 　　 www.51bug.com
O1 - Hosts: 127.0.0.1 　　 www.wplune.com
O1 - Hosts: 127.0.0.1 　　 www.777888.net
O1 - Hosts: 127.0.0.1 　　 pollen.my001.net
O1 - Hosts: 127.0.0.1 　　 www.yule21.com
O1 - Hosts: 127.0.0.1 　　 www.fish3000.com
O1 - Hosts: 127.0.0.1 　　 www.kuliao.com

bloodsky - 2005-12-6 9:35:00

O1 - Hosts: 127.0.0.1 　　 www.666e.com
O1 - Hosts: 127.0.0.1 　　 qm.8ok.com
O1 - Hosts: 127.0.0.1 　　 www.guosir.ccoo.com
O1 - Hosts: 127.0.0.1 　　 www.163mm.com
O1 - Hosts: 127.0.0.1 　　 www.cnooo.com
O1 - Hosts: 127.0.0.1 　　 www.es158.com
O1 - Hosts: 127.0.0.1 　　 www.aisa-girl.net
O1 - Hosts: 127.0.0.1 　　 www.boliwu.com
O1 - Hosts: 127.0.0.1 　　 www.cctv8.net
O1 - Hosts: 127.0.0.1 　　 www.89005.com
O1 - Hosts: 127.0.0.1 　　 www.cctv1.net
O1 - Hosts: 127.0.0.1 　　 www.play.cn.gs 　# 要特别小心这个网站。
O1 - Hosts: 127.0.0.1 　　 newyouth.3322.net
O1 - Hosts: 127.0.0.1 　　 chinabdkx.363.net
O1 - Hosts: 127.0.0.1 　　 www.zknew.com
O1 - Hosts: 127.0.0.1 　　 www.dhchao.com
O1 - Hosts: 127.0.0.1 　　 www.top666.net
O1 - Hosts: 127.0.0.1 　　 www.amoisonic.com
O1 - Hosts: 127.0.0.1 　　 www.markguide.com
O1 - Hosts: 127.0.0.1　　 www.xyxc.ccoo.com
O1 - Hosts: 127.0.0.1 　　 www.flyingwalk.com
O1 - Hosts: 127.0.0.1 　　 www.yezine.net
O1 - Hosts: 127.0.0.1 　　 www.mmgirls.com
O1 - Hosts: 127.0.0.1 　　 www.wa***.net
O1 - Hosts: 127.0.0.1 　　 www.net5w.com
O1 - Hosts: 127.0.0.1 　　 www.fbstu.com
O1 - Hosts: 127.0.0.1 　　 www.qlwl.com
O1 - Hosts: 127.0.0.1 　　 www.yibinren.com # 更可怕，把ie的默认页都改成他的了
O1 - Hosts: 127.0.0.1 　　 www.yinshang.com
O1 - Hosts: 127.0.0.1 　　 www.ncunet.com
O1 - Hosts: 127.0.0.1 　　 www.555666.net
O1 - Hosts: 127.0.0.1 　　 www.fm1058.cc
O1 - Hosts: 127.0.0.1 　　 meim.y365.com
O1 - Hosts: 127.0.0.1 　　 www.qq520.net
O1 - Hosts: 127.0.0.1 　　 jjkafei.longcity.net
O1 - Hosts: 127.0.0.1 　　 chow.yesky.net
O1 - Hosts: 127.0.0.1 　　 oicq.hk.st
O1 - Hosts: 127.0.0.1 　　 www.my288.com
O1 - Hosts: 127.0.0.1 　　 www.youmiss.com
O1 - Hosts: 127.0.0.1 　　 www.laws-online.net
O1 - Hosts: 127.0.0.1 　　 www.hj168.net
O1 - Hosts: 127.0.0.1 　　 16888.6to23.com
O1 - Hosts: 127.0.0.1 　　 www.love520.net
O1 - Hosts: 127.0.0.1 　　 www.qq520.com
O1 - Hosts: 127.0.0.1 　　 www.mmgirls.com
O1 - Hosts: 127.0.0.1 　　 www.555666.net
O1 - Hosts: 127.0.0.1 　　 www.ezhgc.com
O1 - Hosts: 127.0.0.1 　　 www.ezhgc.com
O1 - Hosts: 127.0.0.1 　　 www.eastedu.com.cn
O1 - Hosts: 127.0.0.1 　　 www.435000.com
O1 - Hosts: 127.0.0.1 　　 sdik.8ok.net
O1 - Hosts: 127.0.0.1 　　 feiying.coolwww.net
O1 - Hosts: 127.0.0.1 　　 zhongxuesheng.myrice.com
O1 - Hosts: 127.0.0.1　　 www.laws-online.net
O1 - Hosts: 127.0.0.1 　　 www.youmiss.com
O1 - Hosts: 127.0.0.1　　 www.my288.com
O1 - Hosts: 127.0.0.1 　　 www.yes9999.com 　　
O1 - Hosts: 127.0.0.1 www.nnptt.com
O1 - Hosts: 127.0.0.1 　　 vod.hengshui.com
O1 - Hosts: 127.0.0.1 　　 tv.megajoy.com
O1 - Hosts: 127.0.0.1 　　 www.h444.net 　　# 包含trojan.qqwebaut.a及其变种trojan.qqwebaut
O1 - Hosts: 127.0.0.1 　　 update.myxq.com
O1 - Hosts: 127.0.0.1 　　 www.qq168.net 　
O1 - Hosts: 127.0.0.1 　　 www.777888.com 　
O1 - Hosts: 127.0.0.1　　 www.5dsoft.com 　
O1 - Hosts: 127.0.0.1 　　 www.wokoo.net
O1 - Hosts: 127.0.0.1　　 movie.sx.zj.cn 　　
O1 - Hosts: 127.0.0.1 　　 www.yeapple.com 　 # 黄色网站。都是垃圾，恶意代码不少
O1 - Hosts: 127.0.0.1 　　 xyxy68.8u8.net
O1 - Hosts: 127.0.0.1 　　 www.youmiss.com
O1 - Hosts: 127.0.0.1 　　 www.cctv8.net
O1 - Hosts: 127.0.0.1 　　 www.kuliao.com
O1 - Hosts: 127.0.0.1 　　 www.yyqy.com
O1 - Hosts: 127.0.0.1 　　 winzheng.126.com
O1 - Hosts: 127.0.0.1 　　 www.sunvod.com
O1 - Hosts: 127.0.0.1 　　 www.t168.com
O1 - Hosts: 127.0.0.1 　　 www.boliwo.com
O1 - Hosts: 127.0.0.1 　　 www.coolcdrom.com
O1 - Hosts: 127.0.0.1 　　 www.zhengdian.comoe # 标题栏也没放过
O1 - Hosts: 127.0.0.1 　　 girlchinese.comie 　 # 的主页也被改了
O1 - Hosts: 127.0.0.1 　　 www.yibinren.com 　
O1 - Hosts: 127.0.0.1 　　 www.mtv51.com 　
O1 - Hosts: 127.0.0.1 　　 www.163[1].com 　　 # 也是一个什么音乐网。恶意代码狂，还有病毒
O1 - Hosts: 127.0.0.1 　　 www.37021.com 　　 # 看清楚!不是3721，这个最讨厌!!
O1 - Hosts: 127.0.0.1 　　 www.cnqb.net 　　　 # 禁止你的注册表，...
O1 - Hosts: 127.0.0.1 　　 www.qq3344.com 　　
O1 - Hosts: 127.0.0.1 　　 www.qq3344.net
O1 - Hosts: 127.0.0.1 　　 youlove.3322.net 　# 有恶意代码的特性外还夹带病毒：trojan.pwdbox.d
O1 - Hosts: 127.0.0.1 　　 www.58589.com 　　 # 有恶意代码的特性
O1 - Hosts: 127.0.0.1 　　 tty.yyun.net 　　　# 与上述的危害差不多
O1 - Hosts: 127.0.0.1 　　 www.ftlink.net 　　# 一般性恶意代码
O1 - Hosts: 127.0.0.1 　　 home.kimo.com.tw 　# 一般性恶意代码
O1 - Hosts: 127.0.0.1 　　 www.pixpox.com 　 # 恶性网站并且自动驻留计算机内大量垃圾
O1 - Hosts: 127.0.0.1 　　 www.k163.com 　 # 狩猎者变种和dj344 qq3344 与qq168是一伙的
O1 - Hosts: 127.0.0.1 　　 www.pk.com
O1 - Hosts: 127.0.0.1 www.taobao.com
O1 - Hosts: 127.0.0.1 page.taobao.com
O1 - Hosts: 127.0.0.1 search.taobao.com
O1 - Hosts: 127.0.0.1 taobao.com
O1 - Hosts: 127.0.0.1 www.unionsky.cn
O1 - Hosts: 127.0.0.1 www.allyes.com
O1 - Hosts: 127.0.0.1 　　 www.xxx.com
O1 - Hosts: 127.0.0.1 　　 204.177.92.68
O1 - Hosts: 127.0.0.1 　　 www.fassia.net 　　　　　　
O1 - Hosts: 127.0.0.1 　　 www.ehomeday.com 　　　
O1 - Hosts: 127.0.0.1 　　 www.jinpin.net 　　　　　　
O1 - Hosts: 127.0.0.1 　　 www.happy666.net
O1 - Hosts: 127.0.0.1 　　 update.myxq.com
O1 - Hosts: 127.0.0.1 　　 www.myxq.com
O1 - Hosts: 127.0.0.1 www.taobao.com
O1 - Hosts: 127.0.0.1 dvd.qq92.com
O1 - Hosts: 127.0.0.1 www.16yi.com
O1 - Hosts: 127.0.0.1 www.ye77.com
O1 - Hosts: 127.0.0.1 www.7sese.com
O1 - Hosts: 127.0.0.1 www.1yin.net
O1 - Hosts: 127.0.0.1 www.77ttt.com
O1 - Hosts: 127.0.0.1 www.7mao.com
O1 - Hosts: 127.0.0.1 www.mydj2005.com
O1 - Hosts: 127.0.0.1 www.vv78.com

bloodsky - 2005-12-6 9:35:00

O1 - Hosts: 127.0.0.1 www.v119.com/indexv119.htm
O1 - Hosts: 127.0.0.1 100.332233.com/index.htm
O1 - Hosts: 127.0.0.1 www.cashbackbuddy.com/login.php
O1 - Hosts: 127.0.0.1 www.joyiex.com
O1 - Hosts: 127.0.0.1 mm.227.cn
O1 - Hosts: 127.0.0.1 qq92.com
O1 - Hosts: 127.0.0.1 www.1432.net
O1 - Hosts: 127.0.0.1 qichun.6to23.com
O1 - Hosts: 127.0.0.1 www.53best.com
O1 - Hosts: 127.0.0.1 www.hao213.net
O1 - Hosts: 127.0.0.1 52007.com
O1 - Hosts: 127.0.0.1 www.QQ.5qt.net
O1 - Hosts: 127.0.0.1 4OO.net
O1 - Hosts: 127.0.0.1 dvd.sg51.com
O1 - Hosts: 127.0.0.1 www.qq46.com
O1 - Hosts: 127.0.0.1 www.zhaowo8.com
O1 - Hosts: 127.0.0.1 www.91tg.net
O1 - Hosts: 127.0.0.1 www.h301.com
O1 - Hosts: 127.0.0.1 www.52kuku.com
O1 - Hosts: 127.0.0.1 www.ttjj.com
O1 - Hosts: 127.0.0.1 www.55885.com
O1 - Hosts: 127.0.0.1 www.zb444.com
O1 - Hosts: 127.0.0.1 www.12822.com
O1 - Hosts: 127.0.0.1 www.00855.com
O1 - Hosts: 127.0.0.1 www.363618.com
O1 - Hosts: 127.0.0.1 www.te99.com
O1 - Hosts: 127.0.0.1 www.bb58.com
O1 - Hosts: 127.0.0.1 www.5359.com
O1 - Hosts: 127.0.0.1 www.5359.net
O1 - Hosts: 127.0.0.1 ww.k8k8.com
O1 - Hosts: 127.0.0.1 www.52935.com
O1 - Hosts: 127.0.0.1 www.ourbt.com
O1 - Hosts: 127.0.0.1 www.djjcp.com
O1 - Hosts: 127.0.0.1 www.51115.com
O1 - Hosts: 127.0.0.1 www.wa110.com
O1 - Hosts: 127.0.0.1 www.mtv123.com
O1 - Hosts: 127.0.0.1 www.99love.com
O1 - Hosts: 127.0.0.1 www.53900.com
O1 - Hosts: 127.0.0.1 www.83900.com
O1 - Hosts: 127.0.0.1 991b.511go.com/playmu_wad1.htm
O1 - Hosts: 127.0.0.1 www.mdoing.com/video/
O1 - Hosts: 127.0.0.1 www.daoyi.com.cn
O1 - Hosts: 127.0.0.1 68086.com/
O1 - Hosts: 127.0.0.1 vod.et138.com
O1 - Hosts: 127.0.0.1 vod.soucn.net
O1 - Hosts: 127.0.0.1 www.wu111.com
O1 - Hosts: 127.0.0.1 www.5xt.net
O1 - Hosts: 127.0.0.1 www.17777.com
O1 - Hosts: 127.0.0.1 www.XiuMM.Com
O1 - Hosts: 127.0.0.1 www.opQQ.com/
O1 - Hosts: 127.0.0.1 www.wz116.com
O1 - Hosts: 127.0.0.1 www.benbang.net
O1 - Hosts: 127.0.0.1 www.qq.qqqqqq.cn
O1 - Hosts: 127.0.0.1 www.zzhao.com
O1 - Hosts: 127.0.0.1 hk582.com
O1 - Hosts: 127.0.0.1 www.ttjj.com
O1 - Hosts: 127.0.0.1 www.joyiex.com
O1 - Hosts: 127.0.0.1 www.joyiex.com
O1 - Hosts: 127.0.0.1 mm.227.cn
O1 - Hosts: 127.0.0.1 qq92.com
O1 - Hosts: 127.0.0.1 www.1432.net
O1 - Hosts: 127.0.0.1 qichun.6to23.com
O1 - Hosts: 127.0.0.1 www.53best.com
O1 - Hosts: 127.0.0.1 www.hao213.net
O1 - Hosts: 127.0.0.1 52007.com
O1 - Hosts: 127.0.0.1 www.QQ.5qt.net
O1 - Hosts: 127.0.0.1 4OO.net
O1 - Hosts: 127.0.0.1 dvd.sg51.com
O1 - Hosts: 127.0.0.1 www.qq46.com
O1 - Hosts: 127.0.0.1 dvd.qq92.com
O1 - Hosts: 127.0.0.1 www.16yi.com
O1 - Hosts: 127.0.0.1 www.ye77.com
O1 - Hosts: 127.0.0.1 www.7sese.com
O1 - Hosts: 127.0.0.1 www.1yin.net
O1 - Hosts: 127.0.0.1 www.77ttt.com
O1 - Hosts: 127.0.0.1 www.7mao.com
O1 - Hosts: 127.0.0.1 www.mydj2005.com
O1 - Hosts: 127.0.0.1 www.sun12.com
O1 - Hosts: 127.0.0.1 av.v9v9.cn
O1 - Hosts: 127.0.0.1 www.uu500.com
O1 - Hosts: 127.0.0.1 www.tingcn.com
O1 - Hosts: 127.0.0.1 www.cdzp.com
O1 - Hosts: 127.0.0.1 v.511.cc

bloodsky - 2005-12-6 9:35:00

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - D:\WINNT\system32\xunleibho_v8.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - e:\Program Files\TENCENT1\QQ\QQIEHelper.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - D:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: (file missing)
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - D:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - D:\WINNT\system32\KakaTool.dll
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] D:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB001" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RavTimer] E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] E:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RfwMain] "E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &使用迅雷下载 - e:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - e:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\TENCENT1\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\TENCENT1\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\TENCENT1\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\TENCENT1\QQ\SendMMS.htm
O9 - Extra Button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\Program Files\浩方对战平台\GameClient.exe
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - e:\Program Files\TENCENT1\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - e:\Program Files\TENCENT1\QQ\QQ.EXE
O9 - Extra Button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - e:\Program Files\TENCENT1\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - e:\Program Files\TENCENT1\QQ\QQIEHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/windows/ie_intl/cn/start/
O16 - DPF: DirectAnimation Java Classes - file://D:\WINNT\Java\classes\dajava.cab
O16 - DPF: Internet Explorer Classes for Java - file://D:\WINNT\system32\iejava.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O18 - Filter : application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINNT\System32\mscoree.dll
O18 - Filter : application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINNT\System32\mscoree.dll
O18 - Filter : application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINNT\System32\mscoree.dll
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINNT\System32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - D:\WINNT\System32\urlmon.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINNT\System32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - D:\WINNT\System32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - D:\WINNT\System32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - D:\WINNT\System32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - D:\WINNT\System32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINNT\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINNT\System32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINNT\System32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINNT\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - D:\WINNT\System32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - D:\WINNT\System32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINNT\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINNT\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - D:\WINNT\System32\mshtml.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINNT\System32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - D:\WINNT\System32\msdxm.ocx
O20 - Winlogon Notify: nwprovau
O20 - Winlogon Notify: wzcnotif
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\system32\dmadmin.exe /com
O23 - Service: Macromedia Licensing Service (Macromedia Licensing Service) - - "D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINNT\system32\nvsvc32.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - e:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe

bloodsky - 2005-12-6 9:51:00

这个谁知道怎么回事？

ceo800 - 2005-12-6 10:07:00

http://www.onlinedown.net/soft/1294.htm

下载.

飞跃迷离 - 2005-12-6 11:10:00

请关闭所有IE窗口和文件夹窗口，重新使用HijackThis扫描并修复以下项目:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

HijackThis是用VB开发的, 运行时需要VB的运行库文件MSVBVM60.DLL支持。
请参考ceo800 朋友的建议到

http://www.onlinedown.net/soft/1294.htm

下载MSVBVM60.DLL

瑞星卡卡安全论坛