瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 救命啊。。。我的网页被劫持了吗。
被劫持 - 2012-4-21 5:32:00
Logfile of HijackThis v1.99.1
Scan saved at 05:19:53, on 2012-4-21
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\杂七杂八\飞鸽传书\IPMSG\IPMSG.exe
C:\Program Files\SddSUpdate\SddSUpdate.exe
C:\WINDOWS\System32\svchost.exe
E:\World of Warcraft\WoW.exe
C:\Documents and Settings\Administrator\桌面\HijackThis.exe
O1 - Hosts: 127.0.0.2 ymsdasdw1.cn
O1 - Hosts: 127.0.0.3 h96b.info
O1 - Hosts: 127.0.0.0 xxx.zttwp.cn
O1 - Hosts: 127.0.0.0 www.hackerbf.cn
O1 - Hosts: 127.0.0.0 geekbyfeng.cn
O1 - Hosts: 127.0.0.0 121.14.101.68
O1 - Hosts: 127.0.0.0 ppp.etimes888.com
O1 - Hosts: 127.0.0.0 www.bypk.com
O1 - Hosts: 127.0.0.0 CSC3-2004-crl.verisign.com
O1 - Hosts: 127.0.0.0 udp.hjob123.com
O1 - Hosts: 127.0.0.2 bnasnd83nd.cn
O1 - Hosts: 127.0.0.0 www.gamehacker.com.cn
O1 - Hosts: 127.0.0.0 gamehacker.com.cn
O1 - Hosts: 127.1.1.1 www.cctv-100008.cn
O1 - Hosts: 127.1.1.1 222.73.208.141
O1 - Hosts: 127.0.0.3 adlaji.cn
O1 - Hosts: 127.1.1.1 aiyyw.com
O1 - Hosts: 127.1.1.1 bnasnd83nd.cn
O1 - Hosts: 127.0.0.0 user1.12-27.net
O1 - Hosts: 127.0.0.0 fengent.cn
O1 - Hosts: 127.0.0.0 www.sony888.cn
O1 - Hosts: 127.0.0.0 user1.asp-33.cn
O1 - Hosts: 127.0.0.0 www.netkwek.cn
O1 - Hosts: 127.0.0.0 ymsdkad6.cn
O1 - Hosts: 127.0.0.0 www.lkwueir.cn
O1 - Hosts: 127.0.1.1 user1.23-17.net
O1 - Hosts: 127.0.0.0 upa.luzhiai.net
O1 - Hosts: 127.0.0.0 www.guccia.net
O1 - Hosts: 127.0.0.0 4m9mnlmi.cn
O1 - Hosts: 127.0.0.0 mm119mkssd.cn
O1 - Hosts: 127.0.0.0 61.128.171.115:8080
O1 - Hosts: 127.0.0.0 www.1119111.com
O1 - Hosts: 127.0.0.0 win.nihao69.cn
O1 - Hosts: 127.0.0.0 puc.lianxiac.net
O1 - Hosts: 127.0.0.0 pud.lianxiac.net
O1 - Hosts: 127.0.0.0 210.76.0.133
O1 - Hosts: 127.0.0.0 61.166.32.2
O1 - Hosts: 127.0.0.0 218.92.186.27
O1 - Hosts: 127.0.0.0 www.fsfsfag.cn
O1 - Hosts: 127.0.0.0 ovo.ovovov.cn
O1 - Hosts: 127.0.0.0 dw.com.com
O1 - Hosts: 127.0.0.0 t.myblank.cn
O1 - Hosts: 127.0.0.0 x.myblank.cn
O1 - Hosts: 127.0.0.0 qq-xing.com.cn
O1 - Hosts: 127.0.0.0 59.125.231.177:17777
O1 - Hosts: 27.0.0.1 bbs.sucop.com
O1 - Hosts: 61.151.253.45 www.baidu.com
O1 - Hosts: 61.151.253.45 www.tao123.com
O1 - Hosts: 61.151.253.45 www.soso.com
O1 - Hosts: 61.151.253.45 www.sogou.com
O1 - Hosts: 61.151.253.45 soso.com
O1 - Hosts: 61.151.253.45 sogou.com
O1 - Hosts: 61.151.253.45 baidu.com
O1 - Hosts: 61.151.253.45 www.hao123.com
O1 - Hosts: 61.151.253.45 hao123.com
O1 - Hosts: 61.151.253.45 zhidao.baidu.com
O1 - Hosts: 61.151.253.45 tieba.baidu.com
O1 - Hosts: 61.151.253.45 www.qq.com
O1 - Hosts: 61.151.253.45 www.youdao.com
O1 - Hosts: 127.0.0.2 ymsdasdw1.cn
O1 - Hosts: 127.0.0.3 h96b.info
O1 - Hosts: 127.0.0.0 xxx.zttwp.cn
O1 - Hosts: 127.0.0.0 www.hackerbf.cn
O1 - Hosts: 127.0.0.0 geekbyfeng.cn
O1 - Hosts: 127.0.0.0 121.14.101.68
O1 - Hosts: 127.0.0.0 ppp.etimes888.com
O1 - Hosts: 127.0.0.0 www.bypk.com
O1 - Hosts: 127.0.0.0 CSC3-2004-crl.verisign.com
O1 - Hosts: 127.0.0.0 udp.hjob123.com
O1 - Hosts: 127.0.0.2 bnasnd83nd.cn
O1 - Hosts: 127.0.0.0 www.gamehacker.com.cn
O1 - Hosts: 127.0.0.0 gamehacker.com.cn
O1 - Hosts: 127.1.1.1 www.cctv-100008.cn
O1 - Hosts: 127.1.1.1 222.73.208.141
O1 - Hosts: 127.0.0.3 adlaji.cn
O1 - Hosts: 127.1.1.1 aiyyw.com
O1 - Hosts: 127.1.1.1 bnasnd83nd.cn
O1 - Hosts: 127.0.0.0 user1.12-27.net
O1 - Hosts: 127.0.0.0 fengent.cn
O1 - Hosts: 127.0.0.0 www.sony888.cn
O1 - Hosts: 127.0.0.0 user1.asp-33.cn
O1 - Hosts: 127.0.0.0 www.netkwek.cn
O1 - Hosts: 127.0.0.0 ymsdkad6.cn
O1 - Hosts: 127.0.0.0 www.lkwueir.cn
O1 - Hosts: 127.0.1.1 user1.23-17.net
O1 - Hosts: 127.0.0.0 upa.luzhiai.net
O1 - Hosts: 127.0.0.0 www.guccia.net
O1 - Hosts: 127.0.0.0 4m9mnlmi.cn
O1 - Hosts: 127.0.0.0 mm119mkssd.cn
O1 - Hosts: 127.0.0.0 61.128.171.115:8080
O1 - Hosts: 127.0.0.0 www.1119111.com
O1 - Hosts: 127.0.0.0 win.nihao69.cn
O1 - Hosts: 127.0.0.0 puc.lianxiac.net
O1 - Hosts: 127.0.0.0 pud.lianxiac.net
O1 - Hosts: 127.0.0.0 210.76.0.133
O1 - Hosts: 127.0.0.0 61.166.32.2
O1 - Hosts: 127.0.0.0 218.92.186.27
O1 - Hosts: 127.0.0.0 www.fsfsfag.cn
O1 - Hosts: 127.0.0.0 ovo.ovovov.cn
O1 - Hosts: 127.0.0.0 dw.com.com
O1 - Hosts: 127.0.0.0 t.myblank.cn
O1 - Hosts: 127.0.0.0 x.myblank.cn
O1 - Hosts: 127.0.0.0 qq-xing.com.cn
O1 - Hosts: 127.0.0.0 59.125.231.177:17777
O1 - Hosts: 27.0.0.1 bbs.sucop.com
O1 - Hosts: 61.151.253.45 www.baidu.com
O1 - Hosts: 61.151.253.45 www.tao123.com
O1 - Hosts: 61.151.253.45 www.soso.com
O1 - Hosts: 61.151.253.45 www.sogou.com
O1 - Hosts: 61.151.253.45 soso.com
O1 - Hosts: 61.151.253.45 sogou.com
O1 - Hosts: 61.151.253.45 baidu.com
O1 - Hosts: 61.151.253.45 www.hao123.com
O1 - Hosts: 61.151.253.45 hao123.com
O1 - Hosts: 61.151.253.45 zhidao.baidu.com
O1 - Hosts: 61.151.253.45 tieba.baidu.com
O1 - Hosts: 61.151.253.45 www.qq.com
O1 - Hosts: 61.151.253.45 www.youdao.com
O2 - BHO: MediaMonitor.XlMediaMonitorBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.1.8.2302.dll
O2 - BHO: DownloadAssistant.XlDownloadAssistantBhoObject - {B0E2F470-0B07-48f0-B3B1-5749505FAE9B} - C:\Program Files\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Hao123] 点击弹出网页广告,永久关闭弹出窗口
O4 - Startup: IPMSG.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\BHO\getAllurl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International
O18 - Protocol: KuGoo - (no CLSID) - (no file)
O18 - Protocol: KuGoo3 - (no CLSID) - (no file)
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SddSUpdate - Unknown owner - C:\Program Files\SddSUpdate\SddSUpdate.exe
O23 - Service: windse - Unknown owner - C:\WINDOWS\windse.exe (file missing)

用户系统信息:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
浅浅111 - 2012-4-21 9:23:00
不明白什么意思
aaccbbdd - 2012-4-22 12:32:00
扫个sreng日志看看
noshadow - 2012-4-22 20:18:00
Logfile of HijackThis v1.99.1
Scan saved at 05:19:53, on 2012-4-21
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
O1 - Hosts: 127.0.0.0 121.14.101.68
O1 - Hosts: 127.1.1.1 222.73.208.141
O1 - Hosts: 127.0.0.0 www.sony.cn
O1 - Hosts: 127.0.1.1 www.2b2b.cc
O1 - Hosts: 127.0.0.0 www.nf2c.com
O1 - Hosts: 127.0.0.0 www.gif8.net
O1 - Hosts: 127.0.0.0 www.yege.org
O1 - Hosts: 127.0.0.0 www.740047.com
O1 - Hosts: 127.0.0.0 210.76.0.133
O1 - Hosts: 127.0.0.0 61.166.32.2
O1 - Hosts: 127.0.0.0 218.92.186.27
O1 - Hosts: 127.0.0.0 www.sosovod.com
O1 - Hosts: 127.0.0.0 ovo.ovovov.cn
O1 - Hosts: 127.0.0.0 duoweng.com
O1 - Hosts: 61.151.253.45 www.baidu.com
O1 - Hosts: 61.151.253.45 www.tao123.com
O1 - Hosts: 61.151.253.45 www.soso.com
O1 - Hosts: 61.151.253.45 www.sogou.com
O1 - Hosts: 61.151.253.45 soso.com
O1 - Hosts: 61.151.253.45 sogou.com
O1 - Hosts: 61.151.253.45 baidu.com
O1 - Hosts: 61.151.253.45 www.hao123.com
O1 - Hosts: 61.151.253.45 hao123.com
O1 - Hosts: 61.151.253.45 zhidao.baidu.com
O1 - Hosts: 61.151.253.45 tieba.baidu.com
O1 - Hosts: 61.151.253.45 www.qq.com
O1 - Hosts: 61.151.253.45 www.youdao.com

我的也是这样诶·

难道我的也被劫持:kaka2:
被劫持 - 2012-4-23 6:25:00
我也不知道怎么了  输入百度网址会进到一个宣传广告的网站。  什么新浪啊  优酷啊 还是可以用的。。 现在不能用度娘了。。。    公司的电脑不让装杀毒软件。我偷偷装了个也没杀出什么有问题的东西
下辈子做神仙 - 2012-4-23 7:51:00
公司竟然不让安装杀毒的,无语...
下辈子做神仙 - 2012-4-23 7:58:00
把hosts表中的以61开的地址删除,你再试一试网页是否打开正确.
ADL - 2012-4-23 8:58:00
O1 - Hosts: 61.151.253.45 www.baidu.com
O1 - Hosts: 61.151.253.45 www.tao123.com
O1 - Hosts: 61.151.253.45 www.soso.com
O1 - Hosts: 61.151.253.45 www.sogou.com
O1 - Hosts: 61.151.253.45 soso.com
O1 - Hosts: 61.151.253.45 sogou.com
O1 - Hosts: 61.151.253.45 baidu.com
O1 - Hosts: 61.151.253.45 www.hao123.com
O1 - Hosts: 61.151.253.45 hao123.com
O1 - Hosts: 61.151.253.45 zhidao.baidu.com
O1 - Hosts: 61.151.253.45 tieba.baidu.com
O1 - Hosts: 61.151.253.45 www.qq.com
O1 - Hosts: 61.151.253.45 www.youdao.com


IP地址: 61.151.253.45 来  自: 上海市 电信 删除上面这几条,或者直接删除hosts文件!
ADL - 2012-4-23 9:02:00
61.151.253.45  XXX://www.XXX.com/index.html 世医网 - 世医健康网,美好生活,健康人生,就在世医网!


是一个医疗广告网,流氓啊!
ADL - 2012-4-23 9:13:00
hosts文件路径C:\WINDOWS\system32\drivers\etc
1
查看完整版本: 救命啊。。。我的网页被劫持了吗。