chuangzhao - 2006-8-10 10:59:00
我搜索出两个文件名:windowsabc_Hook.DLL mag_hook.dll narrhook.dll
mag_hook.dll这个应该不是毒吧?但是windowsabc_Hook.DLL 呢???
防火墙这几天老是显示比如219.249.101.232禁止ping入.QQ也要激活!是不是中灰鸽子了?
chuangzhao - 2006-8-10 11:03:00
现在又有一个219.248.245.201禁止ping入?怎么回事啊
chuangzhao - 2006-8-10 11:08:00
See bottom for version history.
The different sections of hijacking possibilities have been separated into the following groups.
You can get more detailed information about an item by selecting it from the list of found items OR highlighting the relevant line below, and clicking 'Info on selected item'.
R - Registry, StartPage/SearchPage changes
R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry
N - Netscape/Mozilla StartPage/SearchPage changes
N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key
O23 - Enumeration of NT Services
狂刀绝影 - 2006-8-10 11:08:00
你这攻击算少的了只要有人一攻击我就少的话10几次多的都20次以上!每天上下午包括晚上都不停的有!有叫Ping的,防范2003蠕虫王攻击的==!顺便问下怎么关闭1434端口啊!!!
chuangzhao - 2006-8-10 11:09:00
Logfile of HijackThis v1.99.1
Scan saved at 11:02:52, on 2006-8-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\杀毒\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
D:\杀毒\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
d:\杀毒\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
D:\杀毒\Rising\Rav\RavStub.exe
d:\杀毒\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\pRoGraM fILes\iNteRnEt eXpLOReR\ieXplORe.exe
C:\WINDOWS\system32\svchost.exe
D:\杀毒\Rising\Rav\RavTask.exe
E:\播霸\PodcastbarMini\PodcastBar.exe
D:\杀毒\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\讯雷\Program\Thunder5.exe
D:\杀毒\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
D:\杀毒\Rising\Rav\Rav.exe
E:\下载\HijackThis.exe
R3 - Default URLSearchHook is missing
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - D:\兔子\Super Rabbit\MagicSet\haokanbar.dll
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - D:\兔子\Super Rabbit\MagicSet\haokanbar.dll
O4 - HKLM\..\Run: [IMEKRMIG6.1] ; C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RavTask] "D:\杀毒\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "D:\杀毒\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [pbmini] E:\播霸\PodcastbarMini\PodcastBar.exe -hide
O4 - HKLM\..\Run: [Thunder] D:\讯雷\Thunder.exe /s
O4 - HKLM\..\RunOnce: [RavStub] "D:\杀毒\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\QQ2006\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\QQ2006\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\qq\SendMMS.htm
O9 - Extra button: 免费启动光盘下载 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://bt.jujumao.com (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: 时尚精品,体验快感 - {6E5EECAF-8879-4a75-8A88-B44B6382A763} - http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-304?cn=chaoyue;rgbutton_120x60;hp&mpro=http://www.ebay.com.cn (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: 易趣时尚购物 - {6E5EECAF-8879-4a75-8A88-B44B6382A763} - http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-304?cn=chaoyue;rgbutton_120x60;hp&mpro=http://www.ebay.com.cn (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.54886.com
O23 - Service: Lmserner (LogicalGroup Disker Manager) - Unknown owner - C:\WINDOWS\flasher
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\杀毒\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\杀毒\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\杀毒\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\杀毒\Rising\Rav\Ravmond.exe
O23 - Service: windowsabc (输入法) - Unknown owner - C:\WINDOWS\windowsabc.exe (file missing)
chuangzhao - 2006-8-10 11:10:00
我的也有好几十次的,都是不同的IP 怎么办 啊?我刚杀用瑞星杀了,但是不知道杀完没有,.以上是我的日记.
chuangzhao - 2006-8-10 12:28:00
帮帮啊!!各位
chuangzhao - 2006-8-10 12:35:00
我等了好久啊@!5555555~~~~~~~~~
chuangzhao - 2006-8-10 13:08:00
老天.怎么没有人答复的!!
mopery - 2006-8-10 13:17:00
O23 - Service: Lmserner (LogicalGroup Disker Manager) - Unknown owner - C:\WINDOWS\flasher
O23 - Service: windowsabc (输入法) - Unknown owner - C:\WINDOWS\windowsabc.exe (file missing)
安全模式...打开注册表编辑器,展开:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
搜索LogicalGroup Disker Manager和 输入法 删除..
删除
C:\WINDOWS\flasher
© 2000 - 2026 Rising Corp. Ltd.