瑞星卡卡安全论坛
文源 - 2005-12-7 12:19:00
前几天我的电脑因不小心打开了一些那些六合彩的网页,弄得现在一启动电脑就自动打开那些网页,而桌面上也多了很多类似网页的快捷键,原本我的主页是百度的,可一打开就是六合彩的,网址却还是百度的,我试了IE修复,可修复不了,都不知怎么办,烦死了,望各各高手能帮忙解决!
飞跃迷离 - 2005-12-7 12:25:00
建议您下载并使用HijackThis1.99.1
HijackThis下载地址请参考:
【必读】本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
HijackThis的使用方法-----请参考--瑞星HijackThis专题
http://it.rising.com.cn/newSite/Channels/anti_virus/Antivirus_Faq/TopicExplorerPagePackage/hijackthis.htm
运行HijackThis,先点[扫描]或[Scan]按钮,扫描完成后,[扫描]或[Scan]按钮会变为[保存Log]或[Save Log]按钮,点击它,LOG将会在记事本中显示,再从记事本里复制/粘贴到贴子里。
如果LOG比较长,一贴发不完,你可以分成几个部分发在回贴里。
天使之剑 - 2005-12-7 12:25:00
【回复“文源”的帖子】
请您先下载HijackThis1.99.1(它是免费的):
http://www.spywareinfo.com/~merijn/files/hijackthis.zip将它解压到一个非临时性的文件夹(比如C:\Program Files\HijackThis\HijackThis.exe)。然后双击HijackThis.exe图标,选择Do a system scan and save a logfile,将产生的文本文件中的日志帖上来。如果一个帖子贴不下,可以将剩余的部分另开一帖。
文源 - 2005-12-7 13:59:00
Logfile of HijackThis v1.99.1
Scan saved at 13:56:23, on 2005-12-7
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\KAV2005\KWatch.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\KAV2005\KPfwSvc.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\Common Files\SAND\client.exe
D:\KAV2005\KAVStart.exe
D:\WINDOWS\rundll32.exe
D:\Program Files\Ahead\InCD\InCD.exe
D:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
D:\WINDOWS\System32\rundll32.exe
D:\WINDOWS\System32\ctfmon.exe
D:\KAV2005\KMailMon.EXE
D:\WINDOWS\System32\Rundll32.exe
D:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
D:\Program Files\TTPlayer\TTPlayer.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
D:\Program Files\IE修复专家\IE修复专家.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Tencent\QQ\QQexternal.exe
D:\Documents and Settings\hdc\Local Settings\Temp\hijackthis.zip 的临时
目录 1\HijackThis.exe
D:\Program Files\Kingsoft\FastAIT 2005\FastAIT.exe
R3 - Default URLSearchHook is missing
O1 - Hosts: 205.177.72.132 www.32012.com/1/2.htm
O1 - Hosts: 205.177.72.132 www.16700.net/189.htm
O1 - Hosts: 205.177.72.132 www.32012.com/1/1.htm
O1 - Hosts: 205.177.72.132 www.fc987.com/cp135.htm
O1 - Hosts: 205.177.72.132 www.34111.com/dy8.htm
O1 - Hosts: 205.177.72.132 1.334456.com/i.htm
O1 - Hosts: 205.177.72.132 www.60066.com/666.htm
O1 - Hosts: 205.177.72.132 www.mark68.net/3.htm
O1 - Hosts: 205.177.72.132 www.fc987.com/cp134.htm
O1 - Hosts: 205.177.72.132 www.4894.com/l.htm
O1 - Hosts: 205.177.72.132 www.55399.com/65.asp
O1 - Hosts: 205.177.72.132 www.34111.com/dy.htm
O1 - Hosts: 205.177.72.132 www.66823.com/11.htm
O1 - Hosts: 205.177.72.132 www.66823.com/33.htm
O1 - Hosts: 205.177.72.132 www1.31339.com
O1 - Hosts: 205.177.72.132 www.v8885.cn/222.htm
O1 - Hosts: 205.177.72.132 www.fc987.com/cp136.htm
O1 - Hosts: 205.177.72.132 2.31339.com
O1 - Hosts: 205.177.72.132 www.60066.com/63.asp
O1 - Hosts: 205.177.72.132 www.v088.com/index1.htm
O1 - Hosts: 205.177.72.132 www.kai888.com/www.kai888.com
O1 - Hosts: 205.177.72.132 k3838338.com/donghua.htm
O1 - Hosts: 205.177.72.132 www.55399.com/64.asp
O1 - Hosts: 205.177.72.132 www.97118.com/3000.htm
O1 - Hosts: 205.177.72.132 www.kai888.com/www.kai888.com/www.kai888.com
O1 - Hosts: 205.177.72.132 k3838338.com/donghua1.htm
O1 - Hosts: 205.177.72.132 www.60066.com/64.asp
O1 - Hosts: 205.177.72.132 55399.com/63.asp
O1 - Hosts: 205.177.72.132 www.60066.com/66.htm
O1 - Hosts: 205.177.72.132 www.118y.com/33.htm
O1 - Hosts: 205.177.72.132 www.v8885.cn/111.htm
O1 - Hosts: 205.177.72.132 www.q3721.com/index1.htm
O1 - Hosts: 205.177.72.132 www.fc987.com/cp133.htm
O1 - Hosts: 205.177.72.132 58665.com/1.htm
O1 - Hosts: 205.177.72.132 www.hk256.com/6.htm
O1 - Hosts: 205.177.72.132 www.389988.com/ab.htm
O1 - Hosts: 205.177.72.132 www.66823.com/44.htm
O1 - Hosts: 205.177.72.132 www.mark68.net/1.htm
O1 - Hosts: 205.177.72.132 www.mt007.com
O1 - Hosts: 205.177.72.132 www.v088.com
O1 - Hosts: 205.177.72.132 www.118y.com/11.htm
O1 - Hosts: 205.177.72.132 www.xg169.com
O1 - Hosts: 205.177.72.132 www.hk6777.com/index6.htm
O1 - Hosts: 205.177.72.132 www.hk8777.com/index6.htm
O1 - Hosts: 205.177.72.132 www.hk6777.com
O1 - Hosts: 205.177.72.132 www.hk3777.com/index3.htm
O1 - Hosts: 205.177.72.132 www.920888.com
O1 - Hosts: 205.177.72.132 hk256.com
O1 - Hosts: 205.177.72.132 100049.com/66.htm
O1 - Hosts: 205.177.72.132 www.hk256.com/66.htm
O1 - Hosts: 205.177.72.132 www.mark68.net/5.htm
O1 - Hosts: 205.177.72.132 www.118y.com/44.htm
O1 - Hosts: 205.177.72.132 www.60066.com/61.asp
O1 - Hosts: 205.177.72.132 www.hk256.com
O1 - Hosts: 205.177.72.132 qq665.com/1.htm
O1 - Hosts: 205.177.72.132 004466.com/htm31.htm
O1 - Hosts: 205.177.72.132 it889.com/101.htm
O1 - Hosts: 205.177.72.132 yao38.com/index1.htm
O1 - Hosts: 205.177.72.132 www.60066.com/62.asp
O1 - Hosts: 205.177.72.132 389988.com/88.htm
O1 - Hosts: 205.177.72.132 www.hk723.com/44.htm
O1 - Hosts: 205.177.72.132 www.4894.com/l.htm
O1 - Hosts: 205.177.72.132 www.mark68.net/2.htm
O1 - Hosts: 205.177.72.132 www.mt007.com/ring
O1 - Hosts: 205.177.72.132 55399.com/62.asp
O1 - Hosts: 205.177.72.132 www.hk8777.com
O1 - Hosts: 205.177.72.132 www.xg169.com
O1 - Hosts: 205.177.72.132 www.vv166.com/4.htm
O1 - Hosts: 205.177.72.132 www.138130.com/dy/168.htm
O1 - Hosts: 205.177.72.132 www.66823.com/22.htm
O1 - Hosts: 205.177.72.132 www.hk723.com/11.htm
O1 - Hosts: 205.177.72.132 004466.com/htm34.htm
O1 - Hosts: 205.177.72.132 004466.com/htm32.htm
O1 - Hosts: 205.177.72.132 55399.com/61.asp
O1 - Hosts: 205.177.72.132 60066.com/6.asp
O1 - Hosts: 205.177.72.132 www.mark68.net/4.htm
O1 - Hosts: 205.177.72.132 hk6777.com
O1 - Hosts: 205.177.72.132 www.1396.net/indexl.htm
O1 - Hosts: 205.177.72.132 www.hk723.com/33.htm
O1 - Hosts: 205.177.72.132 www.58665.com/1.htm
O1 - Hosts: 205.177.72.132 www.so516.com/ls.htm
O1 - Hosts: 205.177.72.132 www.hk723.com/22.htm
O1 - Hosts: 205.177.72.132 004466.com/htm35.htm
O1 - Hosts: 205.177.72.132 it889.com/101.htm
O1 - Hosts: 205.177.72.132 004466.com/htm33.htm
O1 - Hosts: 205.177.72.132 www.hk256.com/666.htm
O1 - Hosts: 205.177.72.132 www.h828.net/yi88
O1 - Hosts: 205.177.72.132 www.hk3777.com/index3.htm
O1 - Hosts: 205.177.72.132 hk8777.com
O1 - Hosts: 205.177.72.132 www.hk256.com/6666.htm
O1 - Hosts: 205.177.72.132 225568.com/01.htm
O1 - Hosts: 205.177.72.132 www.118y.com/22.htm
O1 - Hosts: 205.177.72.132 www1.53777.com
O1 - Hosts: 205.177.72.132 www.xgccc.com
O1 - Hosts: 205.177.72.132 3953.com/2
O1 - Hosts: 205.177.72.132 tk9933.com/d.htm
O1 - Hosts: 205.177.72.132 www1.53777.com
O1 - Hosts: 205.177.72.132 www.vv166.com/5.htm
O1 - Hosts: 205.177.72.132 hao339.com/tu/index.htm
O1 - Hosts: 205.177.72.132 tk399.net/07.htm
O1 - Hosts: 205.177.72.132 www.68q.net/44.htm
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-
843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: Router Layer - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} -
D:\WINDOWS\System32\aclayer.dll
O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} -
D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} -
D:\PROGRA~1\MMSASS~1\MMSASS~2.DLL
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} -
D:\WINDOWS\SYSTEM32\stdup.dll
O2 - BHO: BrowserHAP Class - {AEF6F648-78D8-4456-BEE7-5ADE23D209FD} -
D:\PROGRA~1\HBClient\hapast.dll
O2 - BHO: IEHlprObj Class - {EE7C3CF0-4B15-11D1-ABED-709549C10000} -
D:\PROGRA~1\INTERN~1\hmapi.dll (file missing)
O2 - BHO: AdSwpr - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} -
D:\PROGRA~1\IE修复~1\IERBar.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} -
D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} -
D:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O3 - Toolbar: &IE修复专家 - {123249EB-F891-44C4-946F-450064F9080E} -
D:\PROGRA~1\IE修复~1\IERBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
/Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32
\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32
\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KavStart] "D:\KAV2005\KAVStart.exe" -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O4 - HKLM\..\Run: [Update] D:\Program Files\Common
Files\UPDATE\Update.exe
O4 - HKLM\..\Run: [hbpassport] D:\PROGRA~1\HBClient\hbast.exe
O4 - HKLM\..\Run: [rx] D:\WINDOWS\rundll32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ExFilter] Rundll32.exe "D:\PROGRA~1
\CNNIC\Cdn\cdnspie.dll,ExecFilter solo"
O4 - HKLM\..\Run: [DataLayer] D:\PROGRA~1\COMMON~1\PCSuite\DATALA~1
\DATALA~1.EXE
O4 - HKLM\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KsgUpdateRun] D:\Program Files\Common
Files\kingsoft\KSG\Client.exe
O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O4 - HKCU\..\Run: [KavPFW] "D:\KAV2005\KAVPFW.EXE"
O4 - Startup: 腾讯QQ.lnk = D:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft
Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions
present
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program
Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program
Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program
Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} -
D:\PROGRA~1\MMSASS~1\MMSASS~2.DLL
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d
-A7CF-5587F9B7E191} - D:\PROGRA~1\MMSASS~1\MMSASS~2.DLL
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) -
http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O23 - Service: .Net Boot Service - Unknown owner - D:\WINDOWS\System32
\big5_gb2312.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program
Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG -
D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft
Corporation - D:\KAV2005\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft
Corporation - D:\KAV2005\KWatch.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Print Controller (Universal Disk Manager) - Unknown
owner - D:\Program Files\Common Files\SAND\client.exe
文源 - 2005-12-7 14:18:00
我现在一打开网页就出现http://cctv28.net的网址,点转到百度网址就出现无法显示,关闭网页后就出现自解压文件的窗口:"无法解压HMAPI.dLL 无法创建HMAPI.dLL 正在解压Licenses.txt"
魔法学徒 - 2005-12-7 14:41:00
开始→控制面板→性能和维护→管理工具→服务→查找.Net Boot Service、Print Controller (Universal Disk Manager)→右击→属性→启动类型→禁止→应用→停止→确定。
进入控制面版的添加删除程序中卸载 “MMSAssist”“Winstdup”
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
运行Hijackthis,扫描结束后在下列选项前打上勾,然后选修复“Fix Checked”:
R3 - Default URLSearchHook is missing
所有01项
O2 - BHO: Router Layer - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} - D:\WINDOWS\System32\aclayer.dll
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - D:\PROGRA~1\MMSASS~1\MMSASS~2.DLL
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - D:\WINDOWS\SYSTEM32\stdup.dll
O2 - BHO: BrowserHAP Class - {AEF6F648-78D8-4456-BEE7-5ADE23D209FD} - D:\PROGRA~1\HBClient\hapast.dll
O2 - BHO: IEHlprObj Class - {EE7C3CF0-4B15-11D1-ABED-709549C10000} - D:\PROGRA~1\INTERN~1\hmapi.dll (file missing)
O4 - HKLM\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O4 - HKLM\..\Run: [Update] D:\Program Files\Common Files\UPDATE\Update.exe
O4 - HKLM\..\Run: [hbpassport] D:\PROGRA~1\HBClient\hbast.exe
O4 - HKLM\..\Run: [rx] D:\WINDOWS\rundll32.exe
O4 - HKLM\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - D:\PROGRA~1\MMSASS~1\MMSASS~2.DLL
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - D:\PROGRA~1\MMSASS~1\MMSASS~2.DLL
显示隐藏文件
双击我的电脑--工具---文件夹选项--查看选项卡--单击选取"显示隐藏文件或文件夹"--清除"隐藏受保护的操作系统文件(推荐)"复选框。在提示您确定更改时,单击“是”--单击“确定”。
然后找到如下文件并删除(如果有的话)。
D:\WINDOWS\System32\aclayer.dll
D:\WINDOWS\System32\aclayer.exe
D:\PROGRA~1\MMSASS~1\整个目录
D:\WINDOWS\SYSTEM32\stdup.dll
D:\PROGRA~1\HBClient\整个目录
C:\$NtUninstallQ5926809$\整个目录
D:\Program Files\Common Files\UPDATE\整个目录
D:\WINDOWS\rundll32.exe
D:\Program Files\Common Files\SAND\整个目录
D:\WINDOWS\System32\big5_gb2312.exe(请将此文件在删除前用winrar压缩打包,密码设为:virus.发给我,谢谢。lymofaxuetu@163.com)
文源 - 2005-12-7 15:12:00
不好意思,我不会压缩打包,而且我电脑现在也上不了网易,我的邮箱也是163的,发不了怎么办?
じ☆帥氣寶貝♂づ - 2005-12-7 15:23:00
6楼的哥们,你不会打包??右键点不就出来了吗?你还不如说你不会玩电脑呢?!
魔法学徒 - 2005-12-7 15:58:00
不会压缩就算了,直接删除吧
文源 - 2005-12-7 16:58:00
多谢版主的指点,但我照你的方法试过了,但还是不行,现在就不会自动打开网页,我现在一打开网页就出现http://cctv28.net的网址,点转到百度网址就还是会自动转到http://cctv28.net的网址,关闭网页后就出现自解压文件的窗口:"无法解压HMAPI.dLL 无法创建HMAPI.dLL 正在解压Licenses.txt",但可以在收藏夹里打开网页,也可以由收藏夹转其它的网页,但每个网页左上方显示地址的地方会在网址后面加上http://cctv28.net的字,唉,烦呀
魔法学徒 - 2005-12-7 17:01:00
请再扫一个log帖上来
文源 - 2005-12-7 17:05:00
Logfile of HijackThis v1.99.1
Scan saved at 17:03:34, on 2005-12-7
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\KAV2005\KWatch.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\KAV2005\KPfwSvc.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\KAV2005\KAVStart.exe
D:\Program Files\Ahead\InCD\InCD.exe
D:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
D:\Program Files\Common Files\kingsoft\KSG\Client.exe
D:\WINDOWS\System32\rundll32.exe
D:\WINDOWS\System32\ctfmon.exe
D:\KAV2005\KMailMon.EXE
D:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
D:\Program Files\IE修复专家\IE修复专家.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\hdc\Local Settings\Temp\反劫程序.zip 的临时目录 3\HijackThis.exe
O1 - Hosts: 205.177.72.132 www.32012.com/1/2.htm
O1 - Hosts: 205.177.72.132 www.16700.net/189.htm
O1 - Hosts: 205.177.72.132 www.32012.com/1/1.htm
O1 - Hosts: 205.177.72.132 www.fc987.com/cp135.htm
O1 - Hosts: 205.177.72.132 www.34111.com/dy8.htm
O1 - Hosts: 205.177.72.132 1.334456.com/i.htm
O1 - Hosts: 205.177.72.132 www.60066.com/666.htm
O1 - Hosts: 205.177.72.132 www.mark68.net/3.htm
O1 - Hosts: 205.177.72.132 www.fc987.com/cp134.htm
O1 - Hosts: 205.177.72.132 www.4894.com/l.htm
O1 - Hosts: 205.177.72.132 www.55399.com/65.asp
O1 - Hosts: 205.177.72.132 www.34111.com/dy.htm
O1 - Hosts: 205.177.72.132 www.66823.com/11.htm
O1 - Hosts: 205.177.72.132 www.66823.com/33.htm
O1 - Hosts: 205.177.72.132 www1.31339.com
O1 - Hosts: 205.177.72.132 www.v8885.cn/222.htm
O1 - Hosts: 205.177.72.132 www.fc987.com/cp136.htm
O1 - Hosts: 205.177.72.132 2.31339.com
O1 - Hosts: 205.177.72.132 www.60066.com/63.asp
O1 - Hosts: 205.177.72.132 www.v088.com/index1.htm
O1 - Hosts: 205.177.72.132 www.kai888.com/www.kai888.com
O1 - Hosts: 205.177.72.132 k3838338.com/donghua.htm
O1 - Hosts: 205.177.72.132 www.55399.com/64.asp
O1 - Hosts: 205.177.72.132 www.97118.com/3000.htm
O1 - Hosts: 205.177.72.132 www.kai888.com/www.kai888.com/www.kai888.com
O1 - Hosts: 205.177.72.132 k3838338.com/donghua1.htm
O1 - Hosts: 205.177.72.132 www.60066.com/64.asp
O1 - Hosts: 205.177.72.132 55399.com/63.asp
O1 - Hosts: 205.177.72.132 www.60066.com/66.htm
O1 - Hosts: 205.177.72.132 www.118y.com/33.htm
O1 - Hosts: 205.177.72.132 www.v8885.cn/111.htm
O1 - Hosts: 205.177.72.132 www.q3721.com/index1.htm
O1 - Hosts: 205.177.72.132 www.fc987.com/cp133.htm
O1 - Hosts: 205.177.72.132 58665.com/1.htm
O1 - Hosts: 205.177.72.132 www.hk256.com/6.htm
O1 - Hosts: 205.177.72.132 www.389988.com/ab.htm
O1 - Hosts: 205.177.72.132 www.66823.com/44.htm
O1 - Hosts: 205.177.72.132 www.mark68.net/1.htm
O1 - Hosts: 205.177.72.132 www.mt007.com
O1 - Hosts: 205.177.72.132 www.v088.com
O1 - Hosts: 205.177.72.132 www.118y.com/11.htm
O1 - Hosts: 205.177.72.132 www.xg169.com
O1 - Hosts: 205.177.72.132 www.hk6777.com/index6.htm
O1 - Hosts: 205.177.72.132 www.hk8777.com/index6.htm
O1 - Hosts: 205.177.72.132 www.hk6777.com
O1 - Hosts: 205.177.72.132 www.hk3777.com/index3.htm
O1 - Hosts: 205.177.72.132 www.920888.com
O1 - Hosts: 205.177.72.132 hk256.com
O1 - Hosts: 205.177.72.132 100049.com/66.htm
O1 - Hosts: 205.177.72.132 www.hk256.com/66.htm
O1 - Hosts: 205.177.72.132 www.mark68.net/5.htm
O1 - Hosts: 205.177.72.132 www.118y.com/44.htm
O1 - Hosts: 205.177.72.132 www.60066.com/61.asp
O1 - Hosts: 205.177.72.132 www.hk256.com
O1 - Hosts: 205.177.72.132 qq665.com/1.htm
O1 - Hosts: 205.177.72.132 004466.com/htm31.htm
O1 - Hosts: 205.177.72.132 it889.com/101.htm
O1 - Hosts: 205.177.72.132 yao38.com/index1.htm
O1 - Hosts: 205.177.72.132 www.60066.com/62.asp
O1 - Hosts: 205.177.72.132 389988.com/88.htm
O1 - Hosts: 205.177.72.132 www.hk723.com/44.htm
O1 - Hosts: 205.177.72.132 www.4894.com/l.htm
O1 - Hosts: 205.177.72.132 www.mark68.net/2.htm
O1 - Hosts: 205.177.72.132 www.mt007.com/ring
O1 - Hosts: 205.177.72.132 55399.com/62.asp
O1 - Hosts: 205.177.72.132 www.hk8777.com
O1 - Hosts: 205.177.72.132 www.xg169.com
O1 - Hosts: 205.177.72.132 www.vv166.com/4.htm
O1 - Hosts: 205.177.72.132 www.138130.com/dy/168.htm
O1 - Hosts: 205.177.72.132 www.66823.com/22.htm
O1 - Hosts: 205.177.72.132 www.hk723.com/11.htm
O1 - Hosts: 205.177.72.132 004466.com/htm34.htm
O1 - Hosts: 205.177.72.132 004466.com/htm32.htm
O1 - Hosts: 205.177.72.132 55399.com/61.asp
O1 - Hosts: 205.177.72.132 60066.com/6.asp
O1 - Hosts: 205.177.72.132 www.mark68.net/4.htm
O1 - Hosts: 205.177.72.132 hk6777.com
O1 - Hosts: 205.177.72.132 www.1396.net/indexl.htm
O1 - Hosts: 205.177.72.132 www.hk723.com/33.htm
O1 - Hosts: 205.177.72.132 www.58665.com/1.htm
O1 - Hosts: 205.177.72.132 www.so516.com/ls.htm
O1 - Hosts: 205.177.72.132 www.hk723.com/22.htm
O1 - Hosts: 205.177.72.132 004466.com/htm35.htm
O1 - Hosts: 205.177.72.132 it889.com/101.htm
O1 - Hosts: 205.177.72.132 004466.com/htm33.htm
O1 - Hosts: 205.177.72.132 www.hk256.com/666.htm
O1 - Hosts: 205.177.72.132 www.h828.net/yi88
O1 - Hosts: 205.177.72.132 www.hk3777.com/index3.htm
O1 - Hosts: 205.177.72.132 hk8777.com
O1 - Hosts: 205.177.72.132 www.hk256.com/6666.htm
O1 - Hosts: 205.177.72.132 225568.com/01.htm
O1 - Hosts: 205.177.72.132 www.118y.com/22.htm
O1 - Hosts: 205.177.72.132 www1.53777.com
O1 - Hosts: 205.177.72.132 www.xgccc.com
O1 - Hosts: 205.177.72.132 3953.com/2
O1 - Hosts: 205.177.72.132 tk9933.com/d.htm
O1 - Hosts: 205.177.72.132 www1.53777.com
O1 - Hosts: 205.177.72.132 www.vv166.com/5.htm
O1 - Hosts: 205.177.72.132 hao339.com/tu/index.htm
O1 - Hosts: 205.177.72.132 tk399.net/07.htm
O1 - Hosts: 205.177.72.132 www.68q.net/44.htm
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O2 - BHO: CAP Class - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - D:\WINDOWS\System32\dtap.dll
O2 - BHO: IEHlprObj Class - {EE7C3CF0-4B15-11D1-ABED-709549C10000} - D:\PROGRA~1\INTERN~1\hmapi.dll
O2 - BHO: AdSwpr - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - D:\PROGRA~1\IE修复~1\IERBar.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O3 - Toolbar: &IE修复专家 - {123249EB-F891-44C4-946F-450064F9080E} - D:\PROGRA~1\IE修复~1\IERBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KavStart] "D:\KAV2005\KAVStart.exe" -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [rx] D:\WINDOWS\rundll32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ExFilter] Rundll32.exe "D:\PROGRA~1\CNNIC\Cdn\cdnspie.dll,ExecFilter solo"
O4 - HKLM\..\Run: [DataLayer] D:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [KsgUpdateRun] D:\Program Files\Common Files\kingsoft\KSG\Client.exe
O4 - HKLM\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O4 - HKLM\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O4 - Startup: 腾讯QQ.lnk = D:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - D:\KAV2005\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - D:\KAV2005\KWatch.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Print Controller (Universal Disk Manager) - Unknown owner - D:\Program Files\Common Files\SAND\client.exe (file missing)
飞跃迷离 - 2005-12-7 17:22:00
重新启动到安全模式(进入安全模式的方法:重新启动电脑, 开机自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。)
开始→控制面板→性能和维护→管理工具→服务→查找Print Controller→右击→属性→启动类型→禁止→应用→停止→确定。
请关闭所有IE界面,重新使用HijackThis扫描一次,选中下面建议修复的项目,让HijackThis修复,修复前请允许HijackThis保留备份。(如果楼主知道是安全的可以不必勾选)
所有01项
O2 - BHO: CAP Class - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - D:\WINDOWS\System32\dtap.dll
O2 - BHO: IEHlprObj Class - {EE7C3CF0-4B15-11D1-ABED-709549C10000} - D:\PROGRA~1\INTERN~1\hmapi.dll
O4 - HKLM\..\Run: [rx] D:\WINDOWS\rundll32.exe
O4 - HKLM\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O4 - HKLM\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
然后打开我的电脑→再点工具→打开文件夹选项→查看→把隐藏受保护的系统文件(推荐)和隐藏已知文件类型的扩展名的勾去掉→再显示所有文件→找到以下文件并删除:(如果有的话)
D:\WINDOWS\System32\dtap.dll
D:\PROGRA~1\INTERN~1\hmapi.dll
D:\WINDOWS\rundll32.exe
删除文件夹C:\$NtUninstallQ5926809$
删除文件夹D:\Program Files\Common Files\SAND
魔法学徒 - 2005-12-7 17:27:00
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
运行Hijackthis,扫描结束后在下列选项前打上勾,然后选修复“Fix Checked”:
所有01项
O2 - BHO: CAP Class - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - D:\WINDOWS\System32\dtap.dll
O2 - BHO: IEHlprObj Class - {EE7C3CF0-4B15-11D1-ABED-709549C10000} - D:\PROGRA~1\INTERN~1\hmapi.dll
O4 - HKLM\..\Run: [rx] D:\WINDOWS\rundll32.exe
O4 - HKLM\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O4 - HKLM\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O23 - Service: Print Controller (Universal Disk Manager) - Unknown owner - D:\Program Files\Common Files\SAND\client.exe (file missing)
显示隐藏文件
双击我的电脑--工具---文件夹选项--查看选项卡--单击选取"显示隐藏文件或文件夹"--清除"隐藏受保护的操作系统文件(推荐)"复选框。在提示您确定更改时,单击“是”--单击“确定”。
然后找到如下文件并删除(如果有的话)。
D:\WINDOWS\System32\dtap.dll
D:\PROGRA~1\INTERN~1\hmapi.dll
D:\WINDOWS\rundll32.exe
C:\$NtUninstallQ5926809$\整个目录
文源 - 2005-12-7 18:54:00
版主,我再试了一次还是不行,现在不会出现类似网页的快捷键了,但网址中输入其它的地址还是自动转为http://cctv28.net的网页,
我把扫描的再贴出来给你看看:
Logfile of HijackThis v1.99.1
Scan saved at 18:48:41, on 2005-12-7
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\savedump.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\KAV2005\KWatch.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\KAV2005\KPfwSvc.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\KAV2005\KAVStart.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Ahead\InCD\InCD.exe
D:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\Common Files\kingsoft\KSG\Client.exe
D:\KAV2005\KMailMon.EXE
D:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
D:\WINDOWS\System32\ctfmon.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\hdc\Local Settings\Temp\反劫程序.zip 的临时目录 5\HijackThis.exe
O1 - Hosts: 205.177.72.132 www.32012.com/1/2.htm
O1 - Hosts: 205.177.72.132 www.16700.net/189.htm
O1 - Hosts: 205.177.72.132 www.32012.com/1/1.htm
O1 - Hosts: 205.177.72.132 www.fc987.com/cp135.htm
O1 - Hosts: 205.177.72.132 www.34111.com/dy8.htm
O1 - Hosts: 205.177.72.132 1.334456.com/i.htm
O1 - Hosts: 205.177.72.132 www.60066.com/666.htm
O1 - Hosts: 205.177.72.132 www.mark68.net/3.htm
O1 - Hosts: 205.177.72.132 www.fc987.com/cp134.htm
O1 - Hosts: 205.177.72.132 www.4894.com/l.htm
O1 - Hosts: 205.177.72.132 www.55399.com/65.asp
O1 - Hosts: 205.177.72.132 www.34111.com/dy.htm
O1 - Hosts: 205.177.72.132 www.66823.com/11.htm
O1 - Hosts: 205.177.72.132 www.66823.com/33.htm
O1 - Hosts: 205.177.72.132 www1.31339.com
O1 - Hosts: 205.177.72.132 www.v8885.cn/222.htm
O1 - Hosts: 205.177.72.132 www.fc987.com/cp136.htm
O1 - Hosts: 205.177.72.132 2.31339.com
O1 - Hosts: 205.177.72.132 www.60066.com/63.asp
O1 - Hosts: 205.177.72.132 www.v088.com/index1.htm
O1 - Hosts: 205.177.72.132 www.kai888.com/www.kai888.com
O1 - Hosts: 205.177.72.132 k3838338.com/donghua.htm
O1 - Hosts: 205.177.72.132 www.55399.com/64.asp
O1 - Hosts: 205.177.72.132 www.97118.com/3000.htm
O1 - Hosts: 205.177.72.132 www.kai888.com/www.kai888.com/www.kai888.com
O1 - Hosts: 205.177.72.132 k3838338.com/donghua1.htm
O1 - Hosts: 205.177.72.132 www.60066.com/64.asp
O1 - Hosts: 205.177.72.132 55399.com/63.asp
O1 - Hosts: 205.177.72.132 www.60066.com/66.htm
O1 - Hosts: 205.177.72.132 www.118y.com/33.htm
O1 - Hosts: 205.177.72.132 www.v8885.cn/111.htm
O1 - Hosts: 205.177.72.132 www.q3721.com/index1.htm
O1 - Hosts: 205.177.72.132 www.fc987.com/cp133.htm
O1 - Hosts: 205.177.72.132 58665.com/1.htm
O1 - Hosts: 205.177.72.132 www.hk256.com/6.htm
O1 - Hosts: 205.177.72.132 www.389988.com/ab.htm
O1 - Hosts: 205.177.72.132 www.66823.com/44.htm
O1 - Hosts: 205.177.72.132 www.mark68.net/1.htm
O1 - Hosts: 205.177.72.132 www.mt007.com
O1 - Hosts: 205.177.72.132 www.v088.com
O1 - Hosts: 205.177.72.132 www.118y.com/11.htm
O1 - Hosts: 205.177.72.132 www.xg169.com
O1 - Hosts: 205.177.72.132 www.hk6777.com/index6.htm
O1 - Hosts: 205.177.72.132 www.hk8777.com/index6.htm
O1 - Hosts: 205.177.72.132 www.hk6777.com
O1 - Hosts: 205.177.72.132 www.hk3777.com/index3.htm
O1 - Hosts: 205.177.72.132 www.920888.com
O1 - Hosts: 205.177.72.132 hk256.com
O1 - Hosts: 205.177.72.132 100049.com/66.htm
O1 - Hosts: 205.177.72.132 www.hk256.com/66.htm
O1 - Hosts: 205.177.72.132 www.mark68.net/5.htm
O1 - Hosts: 205.177.72.132 www.118y.com/44.htm
O1 - Hosts: 205.177.72.132 www.60066.com/61.asp
O1 - Hosts: 205.177.72.132 www.hk256.com
O1 - Hosts: 205.177.72.132 qq665.com/1.htm
O1 - Hosts: 205.177.72.132 004466.com/htm31.htm
O1 - Hosts: 205.177.72.132 it889.com/101.htm
O1 - Hosts: 205.177.72.132 yao38.com/index1.htm
O1 - Hosts: 205.177.72.132 www.60066.com/62.asp
O1 - Hosts: 205.177.72.132 389988.com/88.htm
O1 - Hosts: 205.177.72.132 www.hk723.com/44.htm
O1 - Hosts: 205.177.72.132 www.4894.com/l.htm
O1 - Hosts: 205.177.72.132 www.mark68.net/2.htm
O1 - Hosts: 205.177.72.132 www.mt007.com/ring
O1 - Hosts: 205.177.72.132 55399.com/62.asp
O1 - Hosts: 205.177.72.132 www.hk8777.com
O1 - Hosts: 205.177.72.132 www.xg169.com
O1 - Hosts: 205.177.72.132 www.vv166.com/4.htm
O1 - Hosts: 205.177.72.132 www.138130.com/dy/168.htm
O1 - Hosts: 205.177.72.132 www.66823.com/22.htm
O1 - Hosts: 205.177.72.132 www.hk723.com/11.htm
O1 - Hosts: 205.177.72.132 004466.com/htm34.htm
O1 - Hosts: 205.177.72.132 004466.com/htm32.htm
O1 - Hosts: 205.177.72.132 55399.com/61.asp
O1 - Hosts: 205.177.72.132 60066.com/6.asp
O1 - Hosts: 205.177.72.132 www.mark68.net/4.htm
O1 - Hosts: 205.177.72.132 hk6777.com
O1 - Hosts: 205.177.72.132 www.1396.net/indexl.htm
O1 - Hosts: 205.177.72.132 www.hk723.com/33.htm
O1 - Hosts: 205.177.72.132 www.58665.com/1.htm
O1 - Hosts: 205.177.72.132 www.so516.com/ls.htm
O1 - Hosts: 205.177.72.132 www.hk723.com/22.htm
O1 - Hosts: 205.177.72.132 004466.com/htm35.htm
O1 - Hosts: 205.177.72.132 it889.com/101.htm
O1 - Hosts: 205.177.72.132 004466.com/htm33.htm
O1 - Hosts: 205.177.72.132 www.hk256.com/666.htm
O1 - Hosts: 205.177.72.132 www.h828.net/yi88
O1 - Hosts: 205.177.72.132 www.hk3777.com/index3.htm
O1 - Hosts: 205.177.72.132 hk8777.com
O1 - Hosts: 205.177.72.132 www.hk256.com/6666.htm
O1 - Hosts: 205.177.72.132 225568.com/01.htm
O1 - Hosts: 205.177.72.132 www.118y.com/22.htm
O1 - Hosts: 205.177.72.132 www1.53777.com
O1 - Hosts: 205.177.72.132 www.xgccc.com
O1 - Hosts: 205.177.72.132 3953.com/2
O1 - Hosts: 205.177.72.132 tk9933.com/d.htm
O1 - Hosts: 205.177.72.132 www1.53777.com
O1 - Hosts: 205.177.72.132 www.vv166.com/5.htm
O1 - Hosts: 205.177.72.132 hao339.com/tu/index.htm
O1 - Hosts: 205.177.72.132 tk399.net/07.htm
O1 - Hosts: 205.177.72.132 www.68q.net/44.htm
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O2 - BHO: CAP Class - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - D:\WINDOWS\System32\dtap.dll (file missing)
O2 - BHO: IEHlprObj Class - {EE7C3CF0-4B15-11D1-ABED-709549C10000} - D:\PROGRA~1\INTERN~1\hmapi.dll (file missing)
O2 - BHO: AdSwpr - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - D:\PROGRA~1\IE修复~1\IERBar.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O3 - Toolbar: &IE修复专家 - {123249EB-F891-44C4-946F-450064F9080E} - D:\PROGRA~1\IE修复~1\IERBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KavStart] "D:\KAV2005\KAVStart.exe" -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ExFilter] Rundll32.exe "D:\PROGRA~1\CNNIC\Cdn\cdnspie.dll,ExecFilter solo"
O4 - HKLM\..\Run: [DataLayer] D:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O4 - HKLM\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O4 - HKLM\..\Run: [KsgUpdateRun] D:\Program Files\Common Files\kingsoft\KSG\Client.exe
O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - Startup: 腾讯QQ.lnk = D:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - D:\KAV2005\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - D:\KAV2005\KWatch.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
飞跃迷离 - 2005-12-7 19:00:00
| 引用: |
【魔法学徒的贴子】重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
运行Hijackthis,扫描结束后在下列选项前打上勾,然后选修复“Fix Checked”:
所有01项
O2 - BHO: CAP Class - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - D:\WINDOWS\System32\dtap.dll
O2 - BHO: IEHlprObj Class - {EE7C3CF0-4B15-11D1-ABED-709549C10000} - D:\PROGRA~1\INTERN~1\hmapi.dll
O4 - HKLM\..\Run: [rx] D:\WINDOWS\rundll32.exe
O4 - HKLM\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O4 - HKLM\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O23 - Service: Print Controller (Universal Disk Manager) - Unknown owner - D:\Program Files\Common Files\SAND\client.exe (file missing)
显示隐藏文件
双击我的电脑--工具---文件夹选项--查看选项卡--单击选取"显示隐藏文件或文件夹"--清除"隐藏受保护的操作系统文件(推荐)"复选框。在提示您确定更改时,单击“是”--单击“确定”。
然后找到如下文件并删除(如果有的话)。
D:\WINDOWS\System32\dtap.dll
D:\PROGRA~1\INTERN~1\hmapi.dll
D:\WINDOWS\rundll32.exe
C:\$NtUninstallQ5926809$\整个目录
........................... |
红色的部分请楼主确认修复后并删除!
fzzfzz - 2005-12-7 21:04:00
楼主的机器里的hosts 文件有问题:
=======================================
O1 - Hosts: 205.177.72.132 www.32012.com/1/2.htm
O1 - Hosts: 205.177.72.132 www.16700.net/189.htm
O1 - Hosts: 205.177.72.132 www.32012.com/1/1.htm
O1 - Hosts: 205.177.72.132 www.fc987.com/cp135.htm
O1 - Hosts: 205.177.72.132 www.34111.com/dy8.htm
O1 - Hosts: 205.177.72.132 1.334456.com/i.htm
O1 - Hosts: 205.177.72.132 www.60066.com/666.htm
O1 - Hosts: 205.177.72.132 www.mark68.net/3.htm
O1 - Hosts: 205.177.72.132 www.fc987.com/cp134.htm
O1 - Hosts: 205.177.72.132 www.4894.com/l.htm
O1 - Hosts: 205.177.72.132 www.55399.com/65.asp
O1 - Hosts: 205.177.72.132 www.34111.com/dy.htm
O1 - Hosts: 205.177.72.132 www.66823.com/11.htm
O1 - Hosts: 205.177.72.132 www.66823.com/33.htm
O1 - Hosts: 205.177.72.132 www1.31339.com
O1 - Hosts: 205.177.72.132 www.v8885.cn/222.htm
O1 - Hosts: 205.177.72.132 www.fc987.com/cp136.htm
O1 - Hosts: 205.177.72.132 2.31339.com
O1 - Hosts: 205.177.72.132 www.60066.com/63.asp
O1 - Hosts: 205.177.72.132 www.v088.com/index1.htm
O1 - Hosts: 205.177.72.132 www.kai888.com/www.kai888.com
O1 - Hosts: 205.177.72.132 k3838338.com/donghua.htm
O1 - Hosts: 205.177.72.132 www.55399.com/64.asp
O1 - Hosts: 205.177.72.132 www.97118.com/3000.htm
O1 - Hosts: 205.177.72.132 www.kai888.com/www.kai888.com/www.kai888.com
O1 - Hosts: 205.177.72.132 k3838338.com/donghua1.htm
O1 - Hosts: 205.177.72.132 www.60066.com/64.asp
O1 - Hosts: 205.177.72.132 55399.com/63.asp
O1 - Hosts: 205.177.72.132 www.60066.com/66.htm
O1 - Hosts: 205.177.72.132 www.118y.com/33.htm
O1 - Hosts: 205.177.72.132 www.v8885.cn/111.htm
O1 - Hosts: 205.177.72.132 www.q3721.com/index1.htm
O1 - Hosts: 205.177.72.132 www.fc987.com/cp133.htm
O1 - Hosts: 205.177.72.132 58665.com/1.htm
O1 - Hosts: 205.177.72.132 www.hk256.com/6.htm
O1 - Hosts: 205.177.72.132 www.389988.com/ab.htm
O1 - Hosts: 205.177.72.132 www.66823.com/44.htm
O1 - Hosts: 205.177.72.132 www.mark68.net/1.htm
O1 - Hosts: 205.177.72.132 www.mt007.com
O1 - Hosts: 205.177.72.132 www.v088.com
O1 - Hosts: 205.177.72.132 www.118y.com/11.htm
O1 - Hosts: 205.177.72.132 www.xg169.com
O1 - Hosts: 205.177.72.132 www.hk6777.com/index6.htm
O1 - Hosts: 205.177.72.132 www.hk8777.com/index6.htm
O1 - Hosts: 205.177.72.132 www.hk6777.com
O1 - Hosts: 205.177.72.132 www.hk3777.com/index3.htm
O1 - Hosts: 205.177.72.132 www.920888.com
O1 - Hosts: 205.177.72.132 hk256.com
O1 - Hosts: 205.177.72.132 100049.com/66.htm
O1 - Hosts: 205.177.72.132 www.hk256.com/66.htm
O1 - Hosts: 205.177.72.132 www.mark68.net/5.htm
O1 - Hosts: 205.177.72.132 www.118y.com/44.htm
O1 - Hosts: 205.177.72.132 www.60066.com/61.asp
O1 - Hosts: 205.177.72.132 www.hk256.com
O1 - Hosts: 205.177.72.132 qq665.com/1.htm
O1 - Hosts: 205.177.72.132 004466.com/htm31.htm
O1 - Hosts: 205.177.72.132 it889.com/101.htm
O1 - Hosts: 205.177.72.132 yao38.com/index1.htm
O1 - Hosts: 205.177.72.132 www.60066.com/62.asp
O1 - Hosts: 205.177.72.132 389988.com/88.htm
O1 - Hosts: 205.177.72.132 www.hk723.com/44.htm
O1 - Hosts: 205.177.72.132 www.4894.com/l.htm
O1 - Hosts: 205.177.72.132 www.mark68.net/2.htm
O1 - Hosts: 205.177.72.132 www.mt007.com/ring
O1 - Hosts: 205.177.72.132 55399.com/62.asp
O1 - Hosts: 205.177.72.132 www.hk8777.com
O1 - Hosts: 205.177.72.132 www.xg169.com
O1 - Hosts: 205.177.72.132 www.vv166.com/4.htm
O1 - Hosts: 205.177.72.132 www.138130.com/dy/168.htm
O1 - Hosts: 205.177.72.132 www.66823.com/22.htm
O1 - Hosts: 205.177.72.132 www.hk723.com/11.htm
O1 - Hosts: 205.177.72.132 004466.com/htm34.htm
O1 - Hosts: 205.177.72.132 004466.com/htm32.htm
O1 - Hosts: 205.177.72.132 55399.com/61.asp
O1 - Hosts: 205.177.72.132 60066.com/6.asp
O1 - Hosts: 205.177.72.132 www.mark68.net/4.htm
O1 - Hosts: 205.177.72.132 hk6777.com
O1 - Hosts: 205.177.72.132 www.1396.net/indexl.htm
O1 - Hosts: 205.177.72.132 www.hk723.com/33.htm
O1 - Hosts: 205.177.72.132 www.58665.com/1.htm
O1 - Hosts: 205.177.72.132 www.so516.com/ls.htm
O1 - Hosts: 205.177.72.132 www.hk723.com/22.htm
O1 - Hosts: 205.177.72.132 004466.com/htm35.htm
O1 - Hosts: 205.177.72.132 it889.com/101.htm
O1 - Hosts: 205.177.72.132 004466.com/htm33.htm
O1 - Hosts: 205.177.72.132 www.hk256.com/666.htm
O1 - Hosts: 205.177.72.132 www.h828.net/yi88
O1 - Hosts: 205.177.72.132 www.hk3777.com/index3.htm
O1 - Hosts: 205.177.72.132 hk8777.com
O1 - Hosts: 205.177.72.132 www.hk256.com/6666.htm
O1 - Hosts: 205.177.72.132 225568.com/01.htm
O1 - Hosts: 205.177.72.132 www.118y.com/22.htm
O1 - Hosts: 205.177.72.132 www1.53777.com
O1 - Hosts: 205.177.72.132 www.xgccc.com
O1 - Hosts: 205.177.72.132 3953.com/2
O1 - Hosts: 205.177.72.132 tk9933.com/d.htm
O1 - Hosts: 205.177.72.132 www1.53777.com
O1 - Hosts: 205.177.72.132 www.vv166.com/5.htm
O1 - Hosts: 205.177.72.132 hao339.com/tu/index.htm
O1 - Hosts: 205.177.72.132 tk399.net/07.htm
O1 - Hosts: 205.177.72.132 www.68q.net/44.htm
===================================
文件中,有100个左右的语句是把不同的网站影射到IP 为205.177.72.132 的网站的。
205.177.72.132 是个六合彩的网站的引导地址(www.cctv28.net),
所以,楼主一访问hosts文件中的网址就立即解析成205.177.72.132 ,变成访问cctv28.net.
如果是xp的系统, hosts 文件应该在:
C:\WINDOWS\system32\drivers\etc 内
楼主可以先在别的机器上复制一个hosts 文件,覆盖你机器中上述文件夹中的hosts文件,然后再根据楼上各位的说明做hijackthis 扫描,把hijackthis记录中的可疑项修复,并删去相关的文件。
祝楼主好运!
fzzfzz - 2005-12-7 21:33:00
如果楼主熟悉机器的话,也可以通过windows的搜索功能,找到hosts文件(无扩展名)后,用记事本,对它做编辑,把含有205.177.72.132的语句全部删除就可以了.
1
© 2000 - 2026 Rising Corp. Ltd.