求助!!!!打开网页总是自动出现http://cctv28.net的网页

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛求助!!!!打开网页总是自动出现http://cctv28.net的网页

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第四十七次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

2 / 2 页

跳转页

求助!!!!打开网页总是自动出现http://cctv28.net的网页

魔法学徒卡卡技术团队帖子:11465 注册: 2004-10-03 来自:	发表于： 2005-12-07 17:01 \| 短消息资料字号：小中大 11楼请再扫一个log帖上来
魔法学徒卡卡技术团队帖子:11465 注册: 2004-10-03 来自:

文源初生襁褓狮帖子:21 注册: 2005-05-19 来自:	发表于： 2005-12-07 17:05 \| 只看楼主短消息资料字号：小中大 12楼 Logfile of HijackThis v1.99.1 Scan saved at 17:03:34, on 2005-12-7 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Ahead\InCD\InCDsrv.exe D:\KAV2005\KWatch.EXE D:\WINDOWS\system32\spoolsv.exe D:\KAV2005\KPfwSvc.EXE D:\WINDOWS\System32\nvsvc32.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\SOUNDMAN.EXE D:\KAV2005\KAVStart.exe D:\Program Files\Ahead\InCD\InCD.exe D:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE D:\Program Files\Common Files\kingsoft\KSG\Client.exe D:\WINDOWS\System32\rundll32.exe D:\WINDOWS\System32\ctfmon.exe D:\KAV2005\KMailMon.EXE D:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE D:\Program Files\IE修复专家\IE修复专家.exe D:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Documents and Settings\hdc\Local Settings\Temp\反劫程序.zip 的临时目录 3\HijackThis.exe O1 - Hosts: 205.177.72.132 www.32012.com/1/2.htm O1 - Hosts: 205.177.72.132 www.16700.net/189.htm O1 - Hosts: 205.177.72.132 www.32012.com/1/1.htm O1 - Hosts: 205.177.72.132 www.fc987.com/cp135.htm O1 - Hosts: 205.177.72.132 www.34111.com/dy8.htm O1 - Hosts: 205.177.72.132 1.334456.com/i.htm O1 - Hosts: 205.177.72.132 www.60066.com/666.htm O1 - Hosts: 205.177.72.132 www.mark68.net/3.htm O1 - Hosts: 205.177.72.132 www.fc987.com/cp134.htm O1 - Hosts: 205.177.72.132 www.4894.com/l.htm O1 - Hosts: 205.177.72.132 www.55399.com/65.asp O1 - Hosts: 205.177.72.132 www.34111.com/dy.htm O1 - Hosts: 205.177.72.132 www.66823.com/11.htm O1 - Hosts: 205.177.72.132 www.66823.com/33.htm O1 - Hosts: 205.177.72.132 www1.31339.com O1 - Hosts: 205.177.72.132 www.v8885.cn/222.htm O1 - Hosts: 205.177.72.132 www.fc987.com/cp136.htm O1 - Hosts: 205.177.72.132 2.31339.com O1 - Hosts: 205.177.72.132 www.60066.com/63.asp O1 - Hosts: 205.177.72.132 www.v088.com/index1.htm O1 - Hosts: 205.177.72.132 www.kai888.com/www.kai888.com O1 - Hosts: 205.177.72.132 k3838338.com/donghua.htm O1 - Hosts: 205.177.72.132 www.55399.com/64.asp O1 - Hosts: 205.177.72.132 www.97118.com/3000.htm O1 - Hosts: 205.177.72.132 www.kai888.com/www.kai888.com/www.kai888.com O1 - Hosts: 205.177.72.132 k3838338.com/donghua1.htm O1 - Hosts: 205.177.72.132 www.60066.com/64.asp O1 - Hosts: 205.177.72.132 55399.com/63.asp O1 - Hosts: 205.177.72.132 www.60066.com/66.htm O1 - Hosts: 205.177.72.132 www.118y.com/33.htm O1 - Hosts: 205.177.72.132 www.v8885.cn/111.htm O1 - Hosts: 205.177.72.132 www.q3721.com/index1.htm O1 - Hosts: 205.177.72.132 www.fc987.com/cp133.htm O1 - Hosts: 205.177.72.132 58665.com/1.htm O1 - Hosts: 205.177.72.132 www.hk256.com/6.htm O1 - Hosts: 205.177.72.132 www.389988.com/ab.htm O1 - Hosts: 205.177.72.132 www.66823.com/44.htm O1 - Hosts: 205.177.72.132 www.mark68.net/1.htm O1 - Hosts: 205.177.72.132 www.mt007.com O1 - Hosts: 205.177.72.132 www.v088.com O1 - Hosts: 205.177.72.132 www.118y.com/11.htm O1 - Hosts: 205.177.72.132 www.xg169.com O1 - Hosts: 205.177.72.132 www.hk6777.com/index6.htm O1 - Hosts: 205.177.72.132 www.hk8777.com/index6.htm O1 - Hosts: 205.177.72.132 www.hk6777.com O1 - Hosts: 205.177.72.132 www.hk3777.com/index3.htm O1 - Hosts: 205.177.72.132 www.920888.com O1 - Hosts: 205.177.72.132 hk256.com O1 - Hosts: 205.177.72.132 100049.com/66.htm O1 - Hosts: 205.177.72.132 www.hk256.com/66.htm O1 - Hosts: 205.177.72.132 www.mark68.net/5.htm O1 - Hosts: 205.177.72.132 www.118y.com/44.htm O1 - Hosts: 205.177.72.132 www.60066.com/61.asp O1 - Hosts: 205.177.72.132 www.hk256.com O1 - Hosts: 205.177.72.132 qq665.com/1.htm O1 - Hosts: 205.177.72.132 004466.com/htm31.htm O1 - Hosts: 205.177.72.132 it889.com/101.htm O1 - Hosts: 205.177.72.132 yao38.com/index1.htm O1 - Hosts: 205.177.72.132 www.60066.com/62.asp O1 - Hosts: 205.177.72.132 389988.com/88.htm O1 - Hosts: 205.177.72.132 www.hk723.com/44.htm O1 - Hosts: 205.177.72.132 www.4894.com/l.htm O1 - Hosts: 205.177.72.132 www.mark68.net/2.htm O1 - Hosts: 205.177.72.132 www.mt007.com/ring O1 - Hosts: 205.177.72.132 55399.com/62.asp O1 - Hosts: 205.177.72.132 www.hk8777.com O1 - Hosts: 205.177.72.132 www.xg169.com O1 - Hosts: 205.177.72.132 www.vv166.com/4.htm O1 - Hosts: 205.177.72.132 www.138130.com/dy/168.htm O1 - Hosts: 205.177.72.132 www.66823.com/22.htm O1 - Hosts: 205.177.72.132 www.hk723.com/11.htm O1 - Hosts: 205.177.72.132 004466.com/htm34.htm O1 - Hosts: 205.177.72.132 004466.com/htm32.htm O1 - Hosts: 205.177.72.132 55399.com/61.asp O1 - Hosts: 205.177.72.132 60066.com/6.asp O1 - Hosts: 205.177.72.132 www.mark68.net/4.htm O1 - Hosts: 205.177.72.132 hk6777.com O1 - Hosts: 205.177.72.132 www.1396.net/indexl.htm O1 - Hosts: 205.177.72.132 www.hk723.com/33.htm O1 - Hosts: 205.177.72.132 www.58665.com/1.htm O1 - Hosts: 205.177.72.132 www.so516.com/ls.htm O1 - Hosts: 205.177.72.132 www.hk723.com/22.htm O1 - Hosts: 205.177.72.132 004466.com/htm35.htm O1 - Hosts: 205.177.72.132 it889.com/101.htm O1 - Hosts: 205.177.72.132 004466.com/htm33.htm O1 - Hosts: 205.177.72.132 www.hk256.com/666.htm O1 - Hosts: 205.177.72.132 www.h828.net/yi88 O1 - Hosts: 205.177.72.132 www.hk3777.com/index3.htm O1 - Hosts: 205.177.72.132 hk8777.com O1 - Hosts: 205.177.72.132 www.hk256.com/6666.htm O1 - Hosts: 205.177.72.132 225568.com/01.htm O1 - Hosts: 205.177.72.132 www.118y.com/22.htm O1 - Hosts: 205.177.72.132 www1.53777.com O1 - Hosts: 205.177.72.132 www.xgccc.com O1 - Hosts: 205.177.72.132 3953.com/2 O1 - Hosts: 205.177.72.132 tk9933.com/d.htm O1 - Hosts: 205.177.72.132 www1.53777.com O1 - Hosts: 205.177.72.132 www.vv166.com/5.htm O1 - Hosts: 205.177.72.132 hao339.com/tu/index.htm O1 - Hosts: 205.177.72.132 tk399.net/07.htm O1 - Hosts: 205.177.72.132 www.68q.net/44.htm O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing) O2 - BHO: CAP Class - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - D:\WINDOWS\System32\dtap.dll O2 - BHO: IEHlprObj Class - {EE7C3CF0-4B15-11D1-ABED-709549C10000} - D:\PROGRA~1\INTERN~1\hmapi.dll O2 - BHO: AdSwpr - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - D:\PROGRA~1\IE修复~1\IERBar.dll O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll O3 - Toolbar: &IE修复专家 - {123249EB-F891-44C4-946F-450064F9080E} - D:\PROGRA~1\IE修复~1\IERBar.dll O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [KavStart] "D:\KAV2005\KAVStart.exe" -startup O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [rx] D:\WINDOWS\rundll32.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [internat.exe] internat.exe O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [ExFilter] Rundll32.exe "D:\PROGRA~1\CNNIC\Cdn\cdnspie.dll,ExecFilter solo" O4 - HKLM\..\Run: [DataLayer] D:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [KsgUpdateRun] D:\Program Files\Common Files\kingsoft\KSG\Client.exe O4 - HKLM\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll O4 - HKLM\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat O4 - Startup: 腾讯QQ.lnk = D:\Program Files\Tencent\QQ\QQ.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - D:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - D:\KAV2005\KPfwSvc.EXE O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - D:\KAV2005\KWatch.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe O23 - Service: Print Controller (Universal Disk Manager) - Unknown owner - D:\Program Files\Common Files\SAND\client.exe (file missing)
文源初生襁褓狮帖子:21 注册: 2005-05-19 来自:

飞跃迷离社区嘉宾帖子:7351 注册: 2004-10-15 来自:	发表于： 2005-12-07 17:22 \| 短消息资料字号：小中大 13楼重新启动到安全模式（进入安全模式的方法:重新启动电脑, 开机自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。）开始→控制面板→性能和维护→管理工具→服务→查找Print Controller→右击→属性→启动类型→禁止→应用→停止→确定。请关闭所有IE界面，重新使用HijackThis扫描一次，选中下面建议修复的项目，让HijackThis修复，修复前请允许HijackThis保留备份。（如果楼主知道是安全的可以不必勾选）所有01项 O2 - BHO: CAP Class - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - D:\WINDOWS\System32\dtap.dll O2 - BHO: IEHlprObj Class - {EE7C3CF0-4B15-11D1-ABED-709549C10000} - D:\PROGRA~1\INTERN~1\hmapi.dll O4 - HKLM\..\Run: [rx] D:\WINDOWS\rundll32.exe O4 - HKLM\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll O4 - HKLM\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present 然后打开我的电脑→再点工具→打开文件夹选项→查看→把隐藏受保护的系统文件（推荐）和隐藏已知文件类型的扩展名的勾去掉→再显示所有文件→找到以下文件并删除：(如果有的话) D:\WINDOWS\System32\dtap.dll D:\PROGRA~1\INTERN~1\hmapi.dll D:\WINDOWS\rundll32.exe 删除文件夹C:\$NtUninstallQ5926809$ 删除文件夹D:\Program Files\Common Files\SAND
飞跃迷离社区嘉宾帖子:7351 注册: 2004-10-15 来自:

魔法学徒卡卡技术团队帖子:11465 注册: 2004-10-03 来自:	发表于： 2005-12-07 17:27 \| 短消息资料字号：小中大 14楼重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows 运行Hijackthis，扫描结束后在下列选项前打上勾，然后选修复“Fix Checked”：所有01项 O2 - BHO: CAP Class - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - D:\WINDOWS\System32\dtap.dll O2 - BHO: IEHlprObj Class - {EE7C3CF0-4B15-11D1-ABED-709549C10000} - D:\PROGRA~1\INTERN~1\hmapi.dll O4 - HKLM\..\Run: [rx] D:\WINDOWS\rundll32.exe O4 - HKLM\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll O4 - HKLM\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O23 - Service: Print Controller (Universal Disk Manager) - Unknown owner - D:\Program Files\Common Files\SAND\client.exe (file missing) 显示隐藏文件双击我的电脑--工具---文件夹选项--查看选项卡--单击选取"显示隐藏文件或文件夹"--清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”--单击“确定”。然后找到如下文件并删除（如果有的话）。 D:\WINDOWS\System32\dtap.dll D:\PROGRA~1\INTERN~1\hmapi.dll D:\WINDOWS\rundll32.exe C:\$NtUninstallQ5926809$\整个目录
魔法学徒卡卡技术团队帖子:11465 注册: 2004-10-03 来自:

文源初生襁褓狮帖子:21 注册: 2005-05-19 来自:	发表于： 2005-12-07 18:54 \| 只看楼主短消息资料字号：小中大 15楼版主,我再试了一次还是不行,现在不会出现类似网页的快捷键了,但网址中输入其它的地址还是自动转为http://cctv28.net的网页, 我把扫描的再贴出来给你看看: Logfile of HijackThis v1.99.1 Scan saved at 18:48:41, on 2005-12-7 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\savedump.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Ahead\InCD\InCDsrv.exe D:\KAV2005\KWatch.EXE D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\KAV2005\KPfwSvc.EXE D:\WINDOWS\SOUNDMAN.EXE D:\KAV2005\KAVStart.exe D:\WINDOWS\System32\nvsvc32.exe D:\Program Files\Ahead\InCD\InCD.exe D:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE D:\WINDOWS\System32\rundll32.exe D:\Program Files\Common Files\kingsoft\KSG\Client.exe D:\KAV2005\KMailMon.EXE D:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE D:\WINDOWS\System32\ctfmon.exe D:\WINDOWS\System32\wuauclt.exe D:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Documents and Settings\hdc\Local Settings\Temp\反劫程序.zip 的临时目录 5\HijackThis.exe O1 - Hosts: 205.177.72.132 www.32012.com/1/2.htm O1 - Hosts: 205.177.72.132 www.16700.net/189.htm O1 - Hosts: 205.177.72.132 www.32012.com/1/1.htm O1 - Hosts: 205.177.72.132 www.fc987.com/cp135.htm O1 - Hosts: 205.177.72.132 www.34111.com/dy8.htm O1 - Hosts: 205.177.72.132 1.334456.com/i.htm O1 - Hosts: 205.177.72.132 www.60066.com/666.htm O1 - Hosts: 205.177.72.132 www.mark68.net/3.htm O1 - Hosts: 205.177.72.132 www.fc987.com/cp134.htm O1 - Hosts: 205.177.72.132 www.4894.com/l.htm O1 - Hosts: 205.177.72.132 www.55399.com/65.asp O1 - Hosts: 205.177.72.132 www.34111.com/dy.htm O1 - Hosts: 205.177.72.132 www.66823.com/11.htm O1 - Hosts: 205.177.72.132 www.66823.com/33.htm O1 - Hosts: 205.177.72.132 www1.31339.com O1 - Hosts: 205.177.72.132 www.v8885.cn/222.htm O1 - Hosts: 205.177.72.132 www.fc987.com/cp136.htm O1 - Hosts: 205.177.72.132 2.31339.com O1 - Hosts: 205.177.72.132 www.60066.com/63.asp O1 - Hosts: 205.177.72.132 www.v088.com/index1.htm O1 - Hosts: 205.177.72.132 www.kai888.com/www.kai888.com O1 - Hosts: 205.177.72.132 k3838338.com/donghua.htm O1 - Hosts: 205.177.72.132 www.55399.com/64.asp O1 - Hosts: 205.177.72.132 www.97118.com/3000.htm O1 - Hosts: 205.177.72.132 www.kai888.com/www.kai888.com/www.kai888.com O1 - Hosts: 205.177.72.132 k3838338.com/donghua1.htm O1 - Hosts: 205.177.72.132 www.60066.com/64.asp O1 - Hosts: 205.177.72.132 55399.com/63.asp O1 - Hosts: 205.177.72.132 www.60066.com/66.htm O1 - Hosts: 205.177.72.132 www.118y.com/33.htm O1 - Hosts: 205.177.72.132 www.v8885.cn/111.htm O1 - Hosts: 205.177.72.132 www.q3721.com/index1.htm O1 - Hosts: 205.177.72.132 www.fc987.com/cp133.htm O1 - Hosts: 205.177.72.132 58665.com/1.htm O1 - Hosts: 205.177.72.132 www.hk256.com/6.htm O1 - Hosts: 205.177.72.132 www.389988.com/ab.htm O1 - Hosts: 205.177.72.132 www.66823.com/44.htm O1 - Hosts: 205.177.72.132 www.mark68.net/1.htm O1 - Hosts: 205.177.72.132 www.mt007.com O1 - Hosts: 205.177.72.132 www.v088.com O1 - Hosts: 205.177.72.132 www.118y.com/11.htm O1 - Hosts: 205.177.72.132 www.xg169.com O1 - Hosts: 205.177.72.132 www.hk6777.com/index6.htm O1 - Hosts: 205.177.72.132 www.hk8777.com/index6.htm O1 - Hosts: 205.177.72.132 www.hk6777.com O1 - Hosts: 205.177.72.132 www.hk3777.com/index3.htm O1 - Hosts: 205.177.72.132 www.920888.com O1 - Hosts: 205.177.72.132 hk256.com O1 - Hosts: 205.177.72.132 100049.com/66.htm O1 - Hosts: 205.177.72.132 www.hk256.com/66.htm O1 - Hosts: 205.177.72.132 www.mark68.net/5.htm O1 - Hosts: 205.177.72.132 www.118y.com/44.htm O1 - Hosts: 205.177.72.132 www.60066.com/61.asp O1 - Hosts: 205.177.72.132 www.hk256.com O1 - Hosts: 205.177.72.132 qq665.com/1.htm O1 - Hosts: 205.177.72.132 004466.com/htm31.htm O1 - Hosts: 205.177.72.132 it889.com/101.htm O1 - Hosts: 205.177.72.132 yao38.com/index1.htm O1 - Hosts: 205.177.72.132 www.60066.com/62.asp O1 - Hosts: 205.177.72.132 389988.com/88.htm O1 - Hosts: 205.177.72.132 www.hk723.com/44.htm O1 - Hosts: 205.177.72.132 www.4894.com/l.htm O1 - Hosts: 205.177.72.132 www.mark68.net/2.htm O1 - Hosts: 205.177.72.132 www.mt007.com/ring O1 - Hosts: 205.177.72.132 55399.com/62.asp O1 - Hosts: 205.177.72.132 www.hk8777.com O1 - Hosts: 205.177.72.132 www.xg169.com O1 - Hosts: 205.177.72.132 www.vv166.com/4.htm O1 - Hosts: 205.177.72.132 www.138130.com/dy/168.htm O1 - Hosts: 205.177.72.132 www.66823.com/22.htm O1 - Hosts: 205.177.72.132 www.hk723.com/11.htm O1 - Hosts: 205.177.72.132 004466.com/htm34.htm O1 - Hosts: 205.177.72.132 004466.com/htm32.htm O1 - Hosts: 205.177.72.132 55399.com/61.asp O1 - Hosts: 205.177.72.132 60066.com/6.asp O1 - Hosts: 205.177.72.132 www.mark68.net/4.htm O1 - Hosts: 205.177.72.132 hk6777.com O1 - Hosts: 205.177.72.132 www.1396.net/indexl.htm O1 - Hosts: 205.177.72.132 www.hk723.com/33.htm O1 - Hosts: 205.177.72.132 www.58665.com/1.htm O1 - Hosts: 205.177.72.132 www.so516.com/ls.htm O1 - Hosts: 205.177.72.132 www.hk723.com/22.htm O1 - Hosts: 205.177.72.132 004466.com/htm35.htm O1 - Hosts: 205.177.72.132 it889.com/101.htm O1 - Hosts: 205.177.72.132 004466.com/htm33.htm O1 - Hosts: 205.177.72.132 www.hk256.com/666.htm O1 - Hosts: 205.177.72.132 www.h828.net/yi88 O1 - Hosts: 205.177.72.132 www.hk3777.com/index3.htm O1 - Hosts: 205.177.72.132 hk8777.com O1 - Hosts: 205.177.72.132 www.hk256.com/6666.htm O1 - Hosts: 205.177.72.132 225568.com/01.htm O1 - Hosts: 205.177.72.132 www.118y.com/22.htm O1 - Hosts: 205.177.72.132 www1.53777.com O1 - Hosts: 205.177.72.132 www.xgccc.com O1 - Hosts: 205.177.72.132 3953.com/2 O1 - Hosts: 205.177.72.132 tk9933.com/d.htm O1 - Hosts: 205.177.72.132 www1.53777.com O1 - Hosts: 205.177.72.132 www.vv166.com/5.htm O1 - Hosts: 205.177.72.132 hao339.com/tu/index.htm O1 - Hosts: 205.177.72.132 tk399.net/07.htm O1 - Hosts: 205.177.72.132 www.68q.net/44.htm O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing) O2 - BHO: CAP Class - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - D:\WINDOWS\System32\dtap.dll (file missing) O2 - BHO: IEHlprObj Class - {EE7C3CF0-4B15-11D1-ABED-709549C10000} - D:\PROGRA~1\INTERN~1\hmapi.dll (file missing) O2 - BHO: AdSwpr - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - D:\PROGRA~1\IE修复~1\IERBar.dll O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll O3 - Toolbar: &IE修复专家 - {123249EB-F891-44C4-946F-450064F9080E} - D:\PROGRA~1\IE修复~1\IERBar.dll O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [KavStart] "D:\KAV2005\KAVStart.exe" -startup O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [internat.exe] internat.exe O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [ExFilter] Rundll32.exe "D:\PROGRA~1\CNNIC\Cdn\cdnspie.dll,ExecFilter solo" O4 - HKLM\..\Run: [DataLayer] D:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat O4 - HKLM\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll O4 - HKLM\..\Run: [KsgUpdateRun] D:\Program Files\Common Files\kingsoft\KSG\Client.exe O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe O4 - Startup: 腾讯QQ.lnk = D:\Program Files\Tencent\QQ\QQ.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - D:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - D:\KAV2005\KPfwSvc.EXE O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - D:\KAV2005\KWatch.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
文源初生襁褓狮帖子:21 注册: 2005-05-19 来自:

社区嘉宾

帖子:7351
注册: 2004-10-15
来自:

发表于： 2005-12-07 19:00 | 短消息资料

字号：小中大 16楼

引用:

【魔法学徒的贴子】重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows

运行Hijackthis，扫描结束后在下列选项前打上勾，然后选修复“Fix Checked”：

所有01项

O2 - BHO: CAP Class - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - D:\WINDOWS\System32\dtap.dll
O2 - BHO: IEHlprObj Class - {EE7C3CF0-4B15-11D1-ABED-709549C10000} - D:\PROGRA~1\INTERN~1\hmapi.dll
O4 - HKLM\..\Run: [rx] D:\WINDOWS\rundll32.exe
O4 - HKLM\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O4 - HKLM\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O23 - Service: Print Controller (Universal Disk Manager) - Unknown owner - D:\Program Files\Common Files\SAND\client.exe (file missing)

显示隐藏文件

双击我的电脑--工具---文件夹选项--查看选项卡--单击选取"显示隐藏文件或文件夹"--清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”--单击“确定”。

然后找到如下文件并删除（如果有的话）。
D:\WINDOWS\System32\dtap.dll
D:\PROGRA~1\INTERN~1\hmapi.dll
D:\WINDOWS\rundll32.exe
C:\$NtUninstallQ5926809$\整个目录
...........................

红色的部分请楼主确认修复后并删除！

fzzfzz 拙长孩提狮帖子:121 注册: 2005-09-04 来自:	发表于： 2005-12-07 21:04 \| 短消息资料字号：小中大 17楼楼主的机器里的hosts 文件有问题: ======================================= O1 - Hosts: 205.177.72.132 www.32012.com/1/2.htm O1 - Hosts: 205.177.72.132 www.16700.net/189.htm O1 - Hosts: 205.177.72.132 www.32012.com/1/1.htm O1 - Hosts: 205.177.72.132 www.fc987.com/cp135.htm O1 - Hosts: 205.177.72.132 www.34111.com/dy8.htm O1 - Hosts: 205.177.72.132 1.334456.com/i.htm O1 - Hosts: 205.177.72.132 www.60066.com/666.htm O1 - Hosts: 205.177.72.132 www.mark68.net/3.htm O1 - Hosts: 205.177.72.132 www.fc987.com/cp134.htm O1 - Hosts: 205.177.72.132 www.4894.com/l.htm O1 - Hosts: 205.177.72.132 www.55399.com/65.asp O1 - Hosts: 205.177.72.132 www.34111.com/dy.htm O1 - Hosts: 205.177.72.132 www.66823.com/11.htm O1 - Hosts: 205.177.72.132 www.66823.com/33.htm O1 - Hosts: 205.177.72.132 www1.31339.com O1 - Hosts: 205.177.72.132 www.v8885.cn/222.htm O1 - Hosts: 205.177.72.132 www.fc987.com/cp136.htm O1 - Hosts: 205.177.72.132 2.31339.com O1 - Hosts: 205.177.72.132 www.60066.com/63.asp O1 - Hosts: 205.177.72.132 www.v088.com/index1.htm O1 - Hosts: 205.177.72.132 www.kai888.com/www.kai888.com O1 - Hosts: 205.177.72.132 k3838338.com/donghua.htm O1 - Hosts: 205.177.72.132 www.55399.com/64.asp O1 - Hosts: 205.177.72.132 www.97118.com/3000.htm O1 - Hosts: 205.177.72.132 www.kai888.com/www.kai888.com/www.kai888.com O1 - Hosts: 205.177.72.132 k3838338.com/donghua1.htm O1 - Hosts: 205.177.72.132 www.60066.com/64.asp O1 - Hosts: 205.177.72.132 55399.com/63.asp O1 - Hosts: 205.177.72.132 www.60066.com/66.htm O1 - Hosts: 205.177.72.132 www.118y.com/33.htm O1 - Hosts: 205.177.72.132 www.v8885.cn/111.htm O1 - Hosts: 205.177.72.132 www.q3721.com/index1.htm O1 - Hosts: 205.177.72.132 www.fc987.com/cp133.htm O1 - Hosts: 205.177.72.132 58665.com/1.htm O1 - Hosts: 205.177.72.132 www.hk256.com/6.htm O1 - Hosts: 205.177.72.132 www.389988.com/ab.htm O1 - Hosts: 205.177.72.132 www.66823.com/44.htm O1 - Hosts: 205.177.72.132 www.mark68.net/1.htm O1 - Hosts: 205.177.72.132 www.mt007.com O1 - Hosts: 205.177.72.132 www.v088.com O1 - Hosts: 205.177.72.132 www.118y.com/11.htm O1 - Hosts: 205.177.72.132 www.xg169.com O1 - Hosts: 205.177.72.132 www.hk6777.com/index6.htm O1 - Hosts: 205.177.72.132 www.hk8777.com/index6.htm O1 - Hosts: 205.177.72.132 www.hk6777.com O1 - Hosts: 205.177.72.132 www.hk3777.com/index3.htm O1 - Hosts: 205.177.72.132 www.920888.com O1 - Hosts: 205.177.72.132 hk256.com O1 - Hosts: 205.177.72.132 100049.com/66.htm O1 - Hosts: 205.177.72.132 www.hk256.com/66.htm O1 - Hosts: 205.177.72.132 www.mark68.net/5.htm O1 - Hosts: 205.177.72.132 www.118y.com/44.htm O1 - Hosts: 205.177.72.132 www.60066.com/61.asp O1 - Hosts: 205.177.72.132 www.hk256.com O1 - Hosts: 205.177.72.132 qq665.com/1.htm O1 - Hosts: 205.177.72.132 004466.com/htm31.htm O1 - Hosts: 205.177.72.132 it889.com/101.htm O1 - Hosts: 205.177.72.132 yao38.com/index1.htm O1 - Hosts: 205.177.72.132 www.60066.com/62.asp O1 - Hosts: 205.177.72.132 389988.com/88.htm O1 - Hosts: 205.177.72.132 www.hk723.com/44.htm O1 - Hosts: 205.177.72.132 www.4894.com/l.htm O1 - Hosts: 205.177.72.132 www.mark68.net/2.htm O1 - Hosts: 205.177.72.132 www.mt007.com/ring O1 - Hosts: 205.177.72.132 55399.com/62.asp O1 - Hosts: 205.177.72.132 www.hk8777.com O1 - Hosts: 205.177.72.132 www.xg169.com O1 - Hosts: 205.177.72.132 www.vv166.com/4.htm O1 - Hosts: 205.177.72.132 www.138130.com/dy/168.htm O1 - Hosts: 205.177.72.132 www.66823.com/22.htm O1 - Hosts: 205.177.72.132 www.hk723.com/11.htm O1 - Hosts: 205.177.72.132 004466.com/htm34.htm O1 - Hosts: 205.177.72.132 004466.com/htm32.htm O1 - Hosts: 205.177.72.132 55399.com/61.asp O1 - Hosts: 205.177.72.132 60066.com/6.asp O1 - Hosts: 205.177.72.132 www.mark68.net/4.htm O1 - Hosts: 205.177.72.132 hk6777.com O1 - Hosts: 205.177.72.132 www.1396.net/indexl.htm O1 - Hosts: 205.177.72.132 www.hk723.com/33.htm O1 - Hosts: 205.177.72.132 www.58665.com/1.htm O1 - Hosts: 205.177.72.132 www.so516.com/ls.htm O1 - Hosts: 205.177.72.132 www.hk723.com/22.htm O1 - Hosts: 205.177.72.132 004466.com/htm35.htm O1 - Hosts: 205.177.72.132 it889.com/101.htm O1 - Hosts: 205.177.72.132 004466.com/htm33.htm O1 - Hosts: 205.177.72.132 www.hk256.com/666.htm O1 - Hosts: 205.177.72.132 www.h828.net/yi88 O1 - Hosts: 205.177.72.132 www.hk3777.com/index3.htm O1 - Hosts: 205.177.72.132 hk8777.com O1 - Hosts: 205.177.72.132 www.hk256.com/6666.htm O1 - Hosts: 205.177.72.132 225568.com/01.htm O1 - Hosts: 205.177.72.132 www.118y.com/22.htm O1 - Hosts: 205.177.72.132 www1.53777.com O1 - Hosts: 205.177.72.132 www.xgccc.com O1 - Hosts: 205.177.72.132 3953.com/2 O1 - Hosts: 205.177.72.132 tk9933.com/d.htm O1 - Hosts: 205.177.72.132 www1.53777.com O1 - Hosts: 205.177.72.132 www.vv166.com/5.htm O1 - Hosts: 205.177.72.132 hao339.com/tu/index.htm O1 - Hosts: 205.177.72.132 tk399.net/07.htm O1 - Hosts: 205.177.72.132 www.68q.net/44.htm =================================== 文件中，有100个左右的语句是把不同的网站影射到IP 为205.177.72.132 的网站的。 205.177.72.132 是个六合彩的网站的引导地址（www.cctv28.net)，所以，楼主一访问hosts文件中的网址就立即解析成205.177.72.132 ，变成访问cctv28.net. 如果是xp的系统， hosts 文件应该在： C:\WINDOWS\system32\drivers\etc 内楼主可以先在别的机器上复制一个hosts 文件，覆盖你机器中上述文件夹中的hosts文件，然后再根据楼上各位的说明做hijackthis 扫描，把hijackthis记录中的可疑项修复，并删去相关的文件。祝楼主好运!
fzzfzz 拙长孩提狮帖子:121 注册: 2005-09-04 来自:

fzzfzz 拙长孩提狮帖子:121 注册: 2005-09-04 来自:	发表于： 2005-12-07 21:33 \| 短消息资料字号：小中大 18楼如果楼主熟悉机器的话,也可以通过windows的搜索功能,找到hosts文件(无扩展名)后,用记事本,对它做编辑,把含有205.177.72.132的语句全部删除就可以了.
fzzfzz 拙长孩提狮帖子:121 注册: 2005-09-04 来自:

<<上一主题|下一主题>>

2 / 2 页

跳转页

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 求助!!!!打开网页总是自动出现http://cctv28.net的网页

求助!!!!打开网页总是自动出现http://cctv28.net的网页

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛求助!!!!打开网页总是自动出现http://cctv28.net的网页