瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 麻烦大家帮我看一下HijackThis 日记,谢谢大家了~~

1   1  /  1  页   跳转

麻烦大家帮我看一下HijackThis 日记,谢谢大家了~~

收藏
极爱我
头像
初生襁褓狮
  • 帖子:5
  • 注册: 2005-11-22
  • 来自:
发表于: 2005-11-22 00:48 | 显示全部 短消息 资料
字号: 1楼

麻烦大家帮我看一下HijackThis 日记,谢谢大家了~~

Logfile of HijackThis v1.99.1
Scan saved at 0:47:57, on 2005-11-22
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
F:\软件\金山2005\kv2006\KV2006\KV2006\KVSrvXP.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
E:\QQ2005B1\2005正式\QQ.exe
E:\QQ2005B1\2005正式\TIMPlatform.exe
F:\软件\Tencent\TT\TTraveler.exe
F:\软件\绑架客星\HijackThis.exe

R3 - URLSearchHook: QQ Search Hook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\AddrPlus\IEHelp2.dll (file missing)
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - (no file)
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - F:\软件\金山2005\kv2006\KV2006\KV2006\KvShell.dll
O4 - HKLM\..\Run: [AddrPlus3] RUNDLL32.EXE C:\PROGRA~1\TENCENT\AddrPlus\QAHook.dll,Rundll32
O4 - HKLM\..\RunServices: [Windows Messenger] msnsmgs.exe
O4 - HKLM\..\RunServices: [Net] C:\WINDOWS\sllserv.exe
O4 - HKLM\..\RunServices: [valuer] feqfq.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] csrssv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunServices: [Windows Messenger] msnsmgs.exe
O4 - HKCU\..\RunServices: [valuer] feqfq.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用迅雷下载 - F:\软件\讯雷\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - F:\软件\讯雷\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\QQ2005B1\2005正式\AddToNetDisk.htm
O8 - Extra context menu item: 使用影音传送带下载 - C:\PROGRA~1\XI\NETTRA~1\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - C:\PROGRA~1\XI\NETTRA~1\NTAddList.html
O8 - Extra context menu item: 使用网际快车下载 - F:\软件\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - F:\软件\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\QQ2005B1\2005正式\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\QQ2005B1\2005正式\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\QQ2005B1\2005正式\SendMMS.htm
O8 - Extra context menu item: 豪杰超级解霸V8实时播放 - F:\软件\超级解霸V8\MPURLGET.HTM
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - F:\游戏\单机游戏\浩方\浩方对战平台\GameClient.exe (file missing)
O9 - Extra button: 网址大全 - {1FBA04EE-3024-11D2-8F1F-0000F87ABD18} - http://www.coc.cc (file missing)
O9 - Extra button: (no name) - {367E0A21-8601-4986-9C9A-153BF5ACA118} - (no file)
O9 - Extra button: 百度搜索伴侣 - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\QQ2005B1\2005正式\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\QQ2005B1\2005正式\QQ.EXE
O9 - Extra button: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url.asp?id=15 (file missing)
O9 - Extra 'Tools' menuitem: 易趣网上购物(&E) - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url.asp?id=15 (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\QQ2005B1\2005正式\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\QQ2005B1\2005正式\QQIEHelper.dll
O10 - Unknown file in Winsock LSP: f:\
O10 - Unknown file in Winsock LSP: f:\
O10 - Unknown file in Winsock LSP: f:\
O10 - Unknown file in Winsock LSP: f:\
O10 - Unknown file in Winsock LSP: f:\
O10 - Unknown file in Winsock LSP: f:\
O10 - Unknown file in Winsock LSP: f:\
O10 - Unknown file in Winsock LSP: f:\
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O11 - Options group: [!IESearch] !IESearch
O11 - Options group: [TBH]  QQ地址栏搜索插件
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} (BlueskyVideo Control) - http://www.bluesky.cn/download/v2_60.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {991481A7-4669-4E15-8C24-100404E1F5CB} (Blueskyvoice Control) - http://www.bluesky.cn/download/blueskyvoice_60.cab
O16 - DPF: {AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} (Qzone Media Tools) - http://imgcache.qq.com/music/QQMusicSetup.exe
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} (BDIcp Class) - http://bar.baidu.com/update/IESearch.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://nprotect.lineage2.com.cn/nprotect/keycrypt/npkcx.cab
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy Class) - http://218.85.138.27/vqqsdl1009.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7CE7018-797D-4CB2-98BE-2E2679D10B07}: NameServer = 61.128.128.68 61.128.192.68
O18 - Protocol: mp3 - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (no file)
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\hrru0599e.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TENNWlg\command.exe (file missing)
O23 - Service: Distributed File System Services (Distfsv) - Unknown owner - C:\WINDOWS\System32\Distfsv.exe (file missing)
O23 - Service: KVSrvXP - Jiangmin Co. Ltd - F:\软件\金山2005\kv2006\KV2006\KV2006\KVSrvXP.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MsLS32 - Unknown owner - C:\WINDOWS\MsLS32.exe (file missing)
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Spoolvs_Centers (Security Centers Spoolvs) - Unknown owner - C:\WINDOWS\Spoolvs.exe (file missing)
最后编辑2005-11-22 22:01:40
分享到:
gototop
 
极爱我
头像
初生襁褓狮
  • 帖子:5
  • 注册: 2005-11-22
  • 来自:
发表于: 2005-11-22 00:50 | 显示全部 短消息 资料
字号: 2楼

我用的是TT浏览器,用KV2006查无毒,就是最近经常跳出恶意网站,包括http://www.ad-w-a-r-e.com/cgi-bin/PopupV3?ID={F365D502-5056-70B9-C6E9-315949BF456D}&type=normal&mSkip=1&rnd=2374,还有几个其他的,希望各位达达帮我看一下日志谢谢~
gototop
 
极爱我
头像
初生襁褓狮
  • 帖子:5
  • 注册: 2005-11-22
  • 来自:
发表于: 2005-11-22 00:57 | 显示全部 短消息 资料
字号: 3楼

还有这个http://www214.paypopup.com/linksed.php?uip=222.183.68.148&siteid=BundleWare&clater=1&serverfile=popdirect&ref=&unsold=0&data=rSe_2%2F%FE%2B%2C%2A7%FE1--%24%5D%5Dlkc%5Cf7-3%F3kcicS%5C77sX%5CfZUKj_%FEq_ZcY%3B%7B%2B1-0%F3Y%5EhgN5%3D%5DgXYDVk%F3lb%5Eq%2B%5CmiwZ%5D7%25%24Zm%5CFsKdciw%27%2B+Vb%5DIoVjSls24%F3mhhmV%5C7%25&url=http%3A%2F%2Fad.zanox.com%2Fppc%2F%3F2828943C763255813T
gototop
 
极爱我
头像
初生襁褓狮
  • 帖子:5
  • 注册: 2005-11-22
  • 来自:
发表于: 2005-11-22 01:17 | 显示全部 短消息 资料
字号: 4楼

我是楼主,说下情况,就是开TT浏览器上网的时候,随机会在后台弹出以上几个网页,有好几个啊,痛苦
gototop
 
极爱我
头像
初生襁褓狮
  • 帖子:5
  • 注册: 2005-11-22
  • 来自:
发表于: 2005-11-22 21:35 | 显示全部 短消息 资料
字号: 5楼

谢谢斑主大哥,经过调整现在不会再有广告网页跳出来了,可是有个新问题是不能在线播放电影之类的图象了,只有声音
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT