瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 被www.vvfy.com\movie劫持 每次打开浏览器都自动往这跳

1   1  /  1  页   跳转

被www.vvfy.com\movie劫持 每次打开浏览器都自动往这跳

收藏
pbbp
头像
初生襁褓狮
  • 帖子:16
  • 注册: 2005-12-15
  • 来自:
发表于: 2005-12-15 08:44 | 只看楼主 短消息 资料
字号: 1楼

被www.vvfy.com\movie劫持 每次打开浏览器都自动往这跳

启动项报告:      2005-12-15, 8:34:04
启动项扫描器版本: 1.52.2
开始于:      C:\DOCUME~1\PB\LOCALS~1\Temp\Rar$EX00.704\HijackThis1991zww.EXE
系统检测:    Windows XP  (WinNT 5.01.2600)
系统检测:    Internet Explorer v6.00 (6.00.2600.0000)
* 使用默认选项             
* 选择“列出全部(全面)”方式                           
==================================================

当前运行的进程:         

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hexin\sslproxy\SSLCnt.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\rising\Rav\RavMon.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\PB\LOCALS~1\Temp\Rar$EX00.704\HijackThis1991zww.exe

--------------------------------------------------

文件夹中的启动项                 

Shell folders Startup:
[C:\Documents and Settings\PB\「开始」菜单\程序\启动]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\「开始」菜单\程序\启动]
核新SSL通讯安全代理.lnk = C:\Program Files\hexin\sslproxy\SSLCnt.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\System32\Userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
* 未找到相关注册表键值 *         

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
* 未找到相关注册表键值 *           

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
* 未找到相关注册表键值 *         

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

* 未找到相关注册表键值 *         

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

* 未找到值 *       

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

* 未找到值 *       

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

* 未找到值 *       

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

* 未找到相关注册表键值 *         

--------------------------------------------------

注册表中的启动项:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
IEXPLORE.EXE = IEXPLORE.EXE Http://www.vvfy.com/movie

--------------------------------------------------

注册表中的启动项:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

* 未找到相关注册表键值 *         

--------------------------------------------------

注册表中的启动项:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

* 未找到相关注册表键值 *         

--------------------------------------------------

注册表中的启动项:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

* 未找到相关注册表键值 *         

--------------------------------------------------

注册表中的启动项:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

* 未找到相关注册表键值 *         

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

* 未找到相关注册表键值 *         

--------------------------------------------------

注册表中的启动项:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

* 未找到相关注册表键值 *         

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
* 未找到相关注册表键值 *         

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
* 未找到相关注册表键值 *         

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
* 未找到相关注册表键值 *         

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
* 未找到相关注册表键值 *         

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
* 未找到相关注册表键值 *         

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
* 未找到相关注册表键值 *         

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
* 未找到相关注册表键值 *         

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
* 未找到相关注册表键值 *         

--------------------------------------------------

文件打开方式关联 for    .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(黙认) =  "%1" %*

--------------------------------------------------

文件打开方式关联 for    .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(黙认) =  "%1" %*

--------------------------------------------------

文件打开方式关联 for    .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(黙认) =  "%1" %*

--------------------------------------------------

文件打开方式关联 for    .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(黙认) =  "%1" %*

--------------------------------------------------

文件打开方式关联 for    .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(黙认) =  "%1" /S

--------------------------------------------------

文件打开方式关联 for    .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(黙认) =  C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

文件打开方式关联 for    .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(黙认) =  %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

* 未找到相关注册表键值 *         

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=* 未找到INI相关项目值 *       
run=* 未找到INI相关项目值 *       

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *           
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *           
HKLM\..\Windows\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *         
HKLM\..\Windows\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *         
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *           
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *           
HKCU\..\Windows\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *         
HKCU\..\Windows\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *         
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=* 未找到相关注册表键值 *           
HKLM\..\Windows NT\CurrentVersion\Windows: load=* 未找到相关注册表键值 *           
HKLM\..\Windows NT\CurrentVersion\Windows: run=* 未找到相关注册表键值 *           
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

外壳扩展和屏幕保护程序的键值  从            C:\WINDOWS\SYSTEM.INI:

Shell=* 未找到INI相关项目值 *       
SCRNSAVE.EXE=* 未找到INI相关项目值 *       
drivers=* 未找到INI相关项目值 *       

外壳扩展和屏幕保护程序的键值  从  注册表             

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=* 未找到相关注册表键值 *           

Policies Shell key:

HKCU\..\Policies: Shell=* 未找到相关注册表键值 *           
HKLM\..\Policies: Shell=* 未找到相关注册表键值 *           

--------------------------------------------------


列举IE浏览器辅助对象(BHO模块):               

(no name) - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll - {33BBE430-0E42-4f12-B075-8D21ACB10DCB}
Anti Fish - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll - {38928D50-8A48-44C2-945F-D2F23F771410}
雅虎助手 - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll - {406F94F0-504F-4a40-8DFD-58B0666ABEBD}
YDragSearch - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL - {62EED7C6-9F02-42f9-B634-98E2899E147B}
(no name) - F:\PROGRA~1\FLASHG~1.71\JCCATCH.DLL - {A5366673-E8CA-11D3-9CD9-0090271D075B}
(no name) - E:\PROGRA~1\KuGoo3\KUGOO3~1.OCX - {A9930D97-9CF0-42A0-A10D-4F28836579D5}
IE - C:\WINDOWS\DOWNLO~1\CnsHook.dll - {D157330A-9EF3-49F8-9A67-4141AC41ADD4}

--------------------------------------------------

最后编辑2005-12-15 09:52:27
分享到:
gototop
 
魔法学徒
头像
卡卡技术团队
  • 帖子:11465
  • 注册: 2004-10-03
  • 来自:
发表于: 2005-12-15 08:48 | 短消息 资料
字号: 2楼

帮您转过来

列举“计划任务”服务:

*No jobs found*

--------------------------------------------------

列举下载的程序文件:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[{33564D57-9980-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

列举 Winsock LSP 文件:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: * 未找到相关注册表键值 *

--------------------------------------------------

列举 ShellServiceObjectDelayLoad 项目:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
注册表中的启动项:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

* 未找到相关注册表键值 *

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

* 未找到相关注册表键值 *

--------------------------------------------------

报告完毕,共 13,652 字节
报告生成用时:0.093秒

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
gototop
 
魔法学徒
头像
卡卡技术团队
  • 帖子:11465
  • 注册: 2004-10-03
  • 来自:
发表于: 2005-12-15 08:48 | 短消息 资料
字号: 3楼

修复这一项

IEXPLORE.EXE = IEXPLORE.EXE Http://www.vvfy.com/movie

问题仍在的话,运行HijackThis,先点[扫描系统并保存日志]或[Do a system scan and save a logfile]按钮,扫描完成后,LOG将会在自动弹出的记事本中显示,再从记事本里复制/粘贴到贴子里。如果LOG比较长,一贴发不完,你可以分成几个部分发在回贴里。
gototop
 
pbbp
头像
初生襁褓狮
  • 帖子:16
  • 注册: 2005-12-15
  • 来自:
发表于: 2005-12-15 09:08 | 只看楼主 短消息 资料
字号: 4楼

上次修复过  重起又出来拉 
HijackThis_zww汉化版扫描日志 V1.99.1
保存于      9:04:28, 日期 2005-12-15
操作系统:  Windows XP  (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 (6.00.2600.0000)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\hexin\sslproxy\SSLCnt.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\rising\Rav\RavMon.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\PB\LOCALS~1\Temp\Rar$EX18.9625\HijackThis1991zww.exe

O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - F:\PROGRA~1\FLASHG~1.71\JCCATCH.DLL
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - E:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\PROGRA~1\FLASHG~1.71\fgiebar.dll
O4 - 启动项HKCU\\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - 启动项HKCU\\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - 启动项HKCU\\Run: [IEXPLORE.EXE] IEXPLORE.EXE Http://www.vvfy.com/movie
O4 - Global Startup: 核新SSL通讯安全代理.lnk = C:\Program Files\hexin\sslproxy\SSLCnt.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: !搜一搜 - res://C:\WINDOWS\DOWNLO~1\CnsMinEx.dll/1003
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - E:\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - E:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - F:\Program Files\FlashGet1.71\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - F:\Program Files\FlashGet1.71\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - E:\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - E:\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=52929_1006 (file missing)
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\下载\浩方对~1\GameClient.exe (file missing)
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - 浏览器额外的按钮: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=?allyesPara=816 (file missing)
O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  网络实名
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A2F6FBD-B00D-48B1-9D6C-F4F87ACC3FD2}: NameServer = 61.144.56.100 61.144.56.101
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A2F6FBD-B00D-48B1-9D6C-F4F87ACC3FD2}: NameServer = 61.144.56.100 61.144.56.101
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - NT 服务: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
gototop
 
魔法学徒
头像
卡卡技术团队
  • 帖子:11465
  • 注册: 2004-10-03
  • 来自:
发表于: 2005-12-15 09:52 | 短消息 资料
字号: 5楼

重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows

运行Hijackthis,扫描结束后在下列选项前打上勾,然后选修复“Fix Checked”:

O4 - 启动项HKCU\\Run: [IEXPLORE.EXE] IEXPLORE.EXE Http://www.vvfy.com/movie
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A2F6FBD-B00D-48B1-9D6C-F4F87ACC3FD2}: NameServer = 61.144.56.100 61.144.56.101
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A2F6FBD-B00D-48B1-9D6C-F4F87ACC3FD2}: NameServer = 61.144.56.100 61.144.56.101
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT