1   1  /  1  页   跳转

请高手指教下,在线等回复

收藏
进来看看一号
头像
快乐黄口狮
  • 帖子:138
  • 注册: 2005-06-03
  • 来自:
发表于: 2005-12-20 19:16 | 只看楼主 短消息 资料
字号: 1楼

请高手指教下,在线等回复

有个很奇怪的问题,最近我都在 www.tk4479.com 里看动画,上星期天的时候,有朋友来我家玩,他上4479的时候可能是输入错网址了,结果进入一垃圾网站,那网页还没完全打开的时候,我的瑞星就报警了,发现脚本病毒,还出个提示,说下次计算机重启的时候就能完全删除,我当时就重启了。可是重启后就发现我上不了www.tk4479.com 了。在地址拦里输入www.tk4479.com后进入的是个中国移动的彩信网站,我又用XP的历史功能找以前上4479的记录,还是进不了。比如说,我找以前上的4479网里的火影分拦目,就打不开,要找4479的首页就变成那个中国移动的彩信网站。我刚才把机子查了遍也没看到有病毒,难道我电脑把TK4479给屏蔽了?附上扫描日志

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      19:11:39, 日期 2005-12-20
操作系统:  Windows XP SP1 (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\rising\Rav\RavTask.exe
C:\Program Files\rising\Rav\Ravmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\扫描\HijackThis1991zww.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
O1 - Hosts: 202.109.114.149 www.99bb.com
O1 - Hosts: 202.109.114.149 99bb.com
O1 - Hosts: 202.109.114.149 www.zdao.com
O1 - Hosts: 202.109.114.149 zdao.com
O1 - Hosts: 202.109.114.149 www.aisex.com
O1 - Hosts: 202.109.114.149 aisex.com
O1 - Hosts: 202.109.114.149 www.qq190.com
O1 - Hosts: 202.109.114.149 qq190.com
O1 - Hosts: 202.109.114.149 www.wanmm.com
O1 - Hosts: 202.109.114.149 wanmm.com
O1 - Hosts: 202.109.114.149 www.qq163.com
O1 - Hosts: 202.109.114.149 qq163.com
O1 - Hosts: 202.109.114.149 www.sex141.com
O1 - Hosts: 202.109.114.149 sex141.com
O1 - Hosts: 202.109.114.149 www.my990.com
O1 - Hosts: 202.109.114.149 my990.com
O1 - Hosts: 202.109.114.149 ad.my990.com
O1 - Hosts: 202.109.114.149 www.ttjj.com
O1 - Hosts: 202.109.114.149 ttjj.com
O1 - Hosts: 202.109.114.149 www.7t7t.com
O1 - Hosts: 202.109.114.149 7t7t.com
O1 - Hosts: 202.109.114.149 www.123987.com
O1 - Hosts: 202.109.114.149 www.123987.com/7sese/
O1 - Hosts: 202.109.114.149 www.oursm.com
O1 - Hosts: 202.109.114.149 oursm.com
O1 - Hosts: 202.109.114.149 www.palacemoon.com
O1 - Hosts: 202.109.114.149 palacemoon.com
O1 - Hosts: 202.109.114.149 18dy.com
O1 - Hosts: 202.109.114.149 www.18dy.com
O1 - Hosts: 202.109.114.149 49m.cn
O1 - Hosts: 202.109.114.149 www.49m.cn
O1 - Hosts: 202.109.114.149 123.xuanji8.com
O1 - Hosts: 202.109.114.149 ohkk.xuanji8.com
O1 - Hosts: 202.109.114.149 123.52lhc.com
O1 - Hosts: 202.109.114.149 7sese.com202.109.114.149 www.7sese.com
O1 - Hosts: 202.109.114.149 www.hao119.com
O1 - Hosts: 202.109.114.149 7sese.com
O1 - Hosts: 202.109.114.149 www.7sese.com
O1 - Hosts: 202.109.114.149 www.hao358.com
O1 - Hosts: 202.109.114.149 www.ee456.com
O1 - Hosts: 202.109.114.149 video.12san.com
O1 - Hosts: 202.109.114.149 www.eachz.com
O1 - Hosts: 202.109.114.149 www.avl.cn
O1 - Hosts: 202.109.114.149 avl.cn
O1 - Hosts: 202.109.114.149 www.98756.net
O1 - Hosts: 202.109.114.149 7sese.org
O1 - Hosts: 202.109.114.149 www.7sese.org
O1 - Hosts: 202.109.114.149 kanvcd.com
O1 - Hosts: 202.109.114.149 www.kanvcd.com
O1 - Hosts: 202.109.114.149 cn.movies.yahoo
O1 - Hosts: 202.109.114.149 www.zfvod.com
O1 - Hosts: 202.109.114.149 zfvod.com
O1 - Hosts: 202.109.114.149 media.netandtv.com
O1 - Hosts: 202.109.114.149 p2p.55660.com
O1 - Hosts: 202.109.114.149 media.netandtv.com
O1 - Hosts: 202.109.114.149 www.sol.sohu.com
O1 - Hosts: 202.109.114.149 www.sexhu.cn
O1 - Hosts: 202.109.114.149 sexhu.cn
O1 - Hosts: 202.109.114.149 www.blogchina.com
O1 - Hosts: 202.109.114.149 5blogchina.com
O1 - Hosts: 202.109.114.149 www.5806.net
O1 - Hosts: 202.109.114.149 zhao999.com
O1 - Hosts: 202.109.114.149 www.zhao999.com
O1 - Hosts: 202.109.114.149 movie.xmfdc.net
O1 - Hosts: 202.109.114.149 www.movie110.com
O1 - Hosts: 202.109.114.149 movie110.com
O1 - Hosts: 202.109.114.149 www.yesky.com
O1 - Hosts: 202.109.114.149 yesky.com
O1 - Hosts: 202.109.114.149 www.178ya.com
O1 - Hosts: 202.109.114.149 178ya.com
O1 - Hosts: 202.109.114.149 www.3668.cn
O1 - Hosts: 202.109.114.149 3668.cn
O1 - Hosts: 202.109.114.149 www.hao45.com
O1 - Hosts: 202.109.114.149 hao45.com
O1 - Hosts: 202.109.114.149 www.5sese.com
O1 - Hosts: 202.109.114.149 5sese.com
O1 - Hosts: 202.109.114.149 woyy.51.net
O1 - Hosts: 202.109.114.149 3668.cn
O1 - Hosts: 202.109.114.149 www.3668.cn
O1 - Hosts: 202.109.114.149 tu68.com
O1 - Hosts: 202.109.114.149 www.tu68.com
O1 - Hosts: 202.109.114.149 avxiu.com
O1 - Hosts: 202.109.114.149 www.avxiu.com
O1 - Hosts: 202.109.114.149 18dy.net
O1 - Hosts: 202.109.114.149 www.18dy.net
O1 - Hosts: 202.109.114.149 avxiu.com
O1 - Hosts: 202.109.114.149 www.avxiu.com
O1 - Hosts: 202.109.114.149 hk.18dy.com
O1 - Hosts: 202.109.114.149 dianying.gghggh.com
O1 - Hosts: 202.109.114.149 lady3.****net
O1 - Hosts: 202.109.114.149 kan56.zj.com
O1 - Hosts: 202.109.114.149 88848.net
O1 - Hosts: 202.109.114.149 www.88848.net
O1 - Hosts: 202.109.114.149 xonline.org
O1 - Hosts: 202.109.114.149 www.xonline.org
O1 - Hosts: 202.109.114.149 dy.nuoy.com
O1 - Hosts: 202.109.114.149 www.korea-av.com
O1 - Hosts: 202.109.114.149 korea-av.com
O1 - Hosts: 202.109.114.149 movie.bucuo.org
O1 - Hosts: 202.109.114.149 mv888.com
O1 - Hosts: 202.109.114.149 www.mv888.com
O2 - BHO: Wbho Class - {40E3A34A-3282-41F8-AD2C-051BAB96AD4A} - C:\WINDOWS\System32\Usign.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FLASHGET\jccatch.dll (file missing)
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\fgiebar.dll (file missing)
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: 卡卡安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\KakaTool.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "E:\风暴影音\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [] regedit -s C:\$NtUninstallQ5926809$\sp4custom.dll
O4 - 启动项HKLM\\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\sp4custom.dll
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - E:\网际快车\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - E:\网际快车\FlashGet\jc_all.htm
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - F:\浩方\浩方对战平台\GameClient.exe
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\flashget.exe (file missing)
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\flashget.exe (file missing)
O16 - DPF: {6BB0C189-3676-4711-AA75-E2801D6B0E27} (AvlFTP Control) - http://benchmark.avl.com.cn/cab/avlFtp.cab
O16 - DPF: {98A62E3F-A8C5-4EF0-8A00-C70CF9D18A89} (LoaderCore Class) - http://tb.sogou.com/DLLoader.cab
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab
O16 - DPF: {DDA166FA-B3EA-4A3B-8EE2-4F552CDEEE81} (KATScan Control) - http://211.152.52.102/duba/antitrojan/update/OCX/KATScan.CAB
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe

最后编辑2005-12-20 19:53:25
分享到:
gototop
 
花落花又开
头像
社区嘉宾
  • 帖子:6782
  • 注册: 2005-04-16
  • 来自:
发表于: 2005-12-20 19:22 | 短消息 资料
字号: 2楼

【回复“进来看看一号”的帖子】
用hijcakthis修复:
R3 - 默认的URLSearchHook丢失。用HijackThis修复
O1 - Hosts: 202.109.114.149 www.99bb.com
O1 - Hosts: 202.109.114.149 99bb.com
O1 - Hosts: 202.109.114.149 www.zdao.com
O1 - Hosts: 202.109.114.149 zdao.com
O1 - Hosts: 202.109.114.149 www.aisex.com
O1 - Hosts: 202.109.114.149 aisex.com
O1 - Hosts: 202.109.114.149 www.qq190.com
O1 - Hosts: 202.109.114.149 qq190.com
O1 - Hosts: 202.109.114.149 www.wanmm.com
O1 - Hosts: 202.109.114.149 wanmm.com
O1 - Hosts: 202.109.114.149 www.qq163.com
O1 - Hosts: 202.109.114.149 qq163.com
O1 - Hosts: 202.109.114.149 www.sex141.com
O1 - Hosts: 202.109.114.149 sex141.com
O1 - Hosts: 202.109.114.149 www.my990.com
O1 - Hosts: 202.109.114.149 my990.com
O1 - Hosts: 202.109.114.149 ad.my990.com
O1 - Hosts: 202.109.114.149 www.ttjj.com
O1 - Hosts: 202.109.114.149 ttjj.com
O1 - Hosts: 202.109.114.149 www.7t7t.com
O1 - Hosts: 202.109.114.149 7t7t.com
O1 - Hosts: 202.109.114.149 www.123987.com
O1 - Hosts: 202.109.114.149 www.123987.com/7sese/
O1 - Hosts: 202.109.114.149 www.oursm.com
O1 - Hosts: 202.109.114.149 oursm.com
O1 - Hosts: 202.109.114.149 www.palacemoon.com
O1 - Hosts: 202.109.114.149 palacemoon.com
O1 - Hosts: 202.109.114.149 18dy.com
O1 - Hosts: 202.109.114.149 www.18dy.com
O1 - Hosts: 202.109.114.149 49m.cn
O1 - Hosts: 202.109.114.149 www.49m.cn
O1 - Hosts: 202.109.114.149 123.xuanji8.com
O1 - Hosts: 202.109.114.149 ohkk.xuanji8.com
O1 - Hosts: 202.109.114.149 123.52lhc.com
O1 - Hosts: 202.109.114.149 7sese.com202.109.114.149 www.7sese.com
O1 - Hosts: 202.109.114.149 www.hao119.com
O1 - Hosts: 202.109.114.149 7sese.com
O1 - Hosts: 202.109.114.149 www.7sese.com
O1 - Hosts: 202.109.114.149 www.hao358.com
O1 - Hosts: 202.109.114.149 www.ee456.com
O1 - Hosts: 202.109.114.149 video.12san.com
O1 - Hosts: 202.109.114.149 www.eachz.com
O1 - Hosts: 202.109.114.149 www.avl.cn
O1 - Hosts: 202.109.114.149 avl.cn
O1 - Hosts: 202.109.114.149 www.98756.net
O1 - Hosts: 202.109.114.149 7sese.org
O1 - Hosts: 202.109.114.149 www.7sese.org
O1 - Hosts: 202.109.114.149 kanvcd.com
O1 - Hosts: 202.109.114.149 www.kanvcd.com
O1 - Hosts: 202.109.114.149 cn.movies.yahoo
O1 - Hosts: 202.109.114.149 www.zfvod.com
O1 - Hosts: 202.109.114.149 zfvod.com
O1 - Hosts: 202.109.114.149 media.netandtv.com
O1 - Hosts: 202.109.114.149 p2p.55660.com
O1 - Hosts: 202.109.114.149 media.netandtv.com
O1 - Hosts: 202.109.114.149 www.sol.sohu.com
O1 - Hosts: 202.109.114.149 www.sexhu.cn
O1 - Hosts: 202.109.114.149 sexhu.cn
O1 - Hosts: 202.109.114.149 www.blogchina.com
O1 - Hosts: 202.109.114.149 5blogchina.com
O1 - Hosts: 202.109.114.149 www.5806.net
O1 - Hosts: 202.109.114.149 zhao999.com
O1 - Hosts: 202.109.114.149 www.zhao999.com
O1 - Hosts: 202.109.114.149 movie.xmfdc.net
O1 - Hosts: 202.109.114.149 www.movie110.com
O1 - Hosts: 202.109.114.149 movie110.com
O1 - Hosts: 202.109.114.149 www.yesky.com
O1 - Hosts: 202.109.114.149 yesky.com
O1 - Hosts: 202.109.114.149 www.178ya.com
O1 - Hosts: 202.109.114.149 178ya.com
O1 - Hosts: 202.109.114.149 www.3668.cn
O1 - Hosts: 202.109.114.149 3668.cn
O1 - Hosts: 202.109.114.149 www.hao45.com
O1 - Hosts: 202.109.114.149 hao45.com
O1 - Hosts: 202.109.114.149 www.5sese.com
O1 - Hosts: 202.109.114.149 5sese.com
O1 - Hosts: 202.109.114.149 woyy.51.net
O1 - Hosts: 202.109.114.149 3668.cn
O1 - Hosts: 202.109.114.149 www.3668.cn
O1 - Hosts: 202.109.114.149 tu68.com
O1 - Hosts: 202.109.114.149 www.tu68.com
O1 - Hosts: 202.109.114.149 avxiu.com
O1 - Hosts: 202.109.114.149 www.avxiu.com
O1 - Hosts: 202.109.114.149 18dy.net
O1 - Hosts: 202.109.114.149 www.18dy.net
O1 - Hosts: 202.109.114.149 avxiu.com
O1 - Hosts: 202.109.114.149 www.avxiu.com
O1 - Hosts: 202.109.114.149 hk.18dy.com
O1 - Hosts: 202.109.114.149 dianying.gghggh.com
O1 - Hosts: 202.109.114.149 lady3.****net
O1 - Hosts: 202.109.114.149 kan56.zj.com
O1 - Hosts: 202.109.114.149 88848.net
O1 - Hosts: 202.109.114.149 www.88848.net
O1 - Hosts: 202.109.114.149 xonline.org
O1 - Hosts: 202.109.114.149 www.xonline.org
O1 - Hosts: 202.109.114.149 dy.nuoy.com
O1 - Hosts: 202.109.114.149 www.korea-av.com
O1 - Hosts: 202.109.114.149 korea-av.com
O1 - Hosts: 202.109.114.149 movie.bucuo.org
O1 - Hosts: 202.109.114.149 mv888.com
O1 - Hosts: 202.109.114.149 www.mv888.com
O2 - BHO: Wbho Class - {40E3A34A-3282-41F8-AD2C-051BAB96AD4A} - C:\WINDOWS\System32\Usign.dll (file missing)
O4 - 启动项HKLM\\Run: [] regedit -s C:\$NtUninstallQ5926809$\sp4custom.dll
O4 - 启动项HKLM\\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat
O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\sp4custom.dll
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat

显示隐藏文件,找到以下删除:
C:\$NtUninstallQ5926809$\目录
gototop
 
进来看看一号
头像
快乐黄口狮
  • 帖子:138
  • 注册: 2005-06-03
  • 来自:
发表于: 2005-12-20 19:31 | 只看楼主 短消息 资料
字号: 3楼

可以问下,斑竹我机子是什么毛病吗?我最近上网挺安分的啊,除了玩网络游戏,就是上一些很正规的论坛的,一般我不了解的网我是不上的啊
gototop
 
飞跃迷离
头像
社区嘉宾
  • 帖子:7351
  • 注册: 2004-10-15
  • 来自:
发表于: 2005-12-20 19:43 | 短消息 资料
字号: 4楼

请参考花落斑竹的意见修复,您的IE被恶意网站修改了HOSTS文件!
gototop
 
进来看看一号
头像
快乐黄口狮
  • 帖子:138
  • 注册: 2005-06-03
  • 来自:
发表于: 2005-12-20 19:47 | 只看楼主 短消息 资料
字号: 5楼

修复后可以上 www.tk4479.com了。谢谢斑竹,不过你说的
C:\$NtUninstallQ5926809$\目录 该怎么找啊,我用系统的搜索功能找不到啊。
gototop
 
飞跃迷离
头像
社区嘉宾
  • 帖子:7351
  • 注册: 2004-10-15
  • 来自:
发表于: 2005-12-20 19:53 | 短消息 资料
字号: 6楼

显示隐藏文件查找

打开我的电脑→再点工具→打开文件夹选项→查看→把隐藏受保护的系统文件(推荐)和隐藏已知文件类型的扩展名的勾去掉→再显示所有文件→找到后删除
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT