瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 求教求教,关于HijackThis日志的【求助】

123   1  /  3  页   跳转

求教求教,关于HijackThis日志的【求助】

求教求教,关于HijackThis日志的【求助】

HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 9:46:01, on 2005-7-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\rising\rav\CCenter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\rising\rav\RavMonD.exe
C:\WINDOWS\System32\IExplorer.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Tencent\qq\QQ.exe
C:\Program Files\Tencent\qq\TIMPlatform.exe
C:\Program Files\Tencent\qq\QQexternal.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\bak\飘云IP简装优化版\QQ.exe
G:\bak\飘云IP简装优化版\QQ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\zwb\LOCALS~1\Temp\Rar$EX35.2484\HijackThis.exe

R3 - URLSearchHook:
O1 - Hosts: 61.177.56.251 popme.163.com
O1 - Hosts: 61.177.56.251 www.xk99.com
O1 - Hosts: 61.177.56.251 www.006.net
O1 - Hosts: 61.177.56.251 006.net
O1 - Hosts: 61.177.56.251 www.cmfu.com
O1 - Hosts: 61.177.56.251 www.free120.com
O1 - Hosts: 61.177.56.251 www.4577.com
O1 - Hosts: 61.177.56.251 www.9617.com
O1 - Hosts: 61.177.56.251 www.fjwz.com
O1 - Hosts: 61.177.56.251 partner.cpc.sohu.com
O1 - Hosts: 61.177.56.251 ad4.sina.com.cn
O1 - Hosts: 61.177.56.251 music.17o8.comer.cpc.sohu.com
O1 - Hosts: 61.177.56.251 ad.tom.com
O1 - Hosts: 61.177.56.251 search.union.3721.com
O1 - Hosts: 61.177.56.251 post.baidu.com
O1 - Hosts: 61.177.56.251 mp3.baidu.com
O1 - Hosts: 61.177.56.251 image.baidu.com
O1 - Hosts: 61.177.56.251 site.google.com
O1 - Hosts: 61.177.56.251 flash.baidu.com
O1 - Hosts: 61.177.56.251 assistant.3721.com
O1 - Hosts: 61.177.56.251 pfp.sina.com.cn
O1 - Hosts: 61.177.56.251 cn.websearch.yahoo.com
O1 - Hosts: 61.177.56.251 sms.qq.com
O1 - Hosts: 61.177.56.251 www.qq.com
O1 - Hosts: 61.177.56.251 partner.lead2.com.cn
O1 - Hosts: 61.177.56.251 ad.cn.doubleclick.net
O1 - Hosts: 61.177.56.251 auto.search.msn.com
O1 - Hosts: 61.177.56.251 www.ourgame.com
O1 - Hosts: 61.177.56.251 www.the9.com
O1 - Hosts: 61.177.56.251 www.flashempire.com
O1 - Hosts: 61.177.56.251 www.qq163.com
O1 - Hosts: 61.177.56.251 www.9sky.com
O1 - Hosts: 61.177.56.251 www.tom-1.com
O1 - Hosts: 61.177.56.251 www.17173.com
O1 - Hosts: 61.177.56.251 www.yaotou.com
O1 - Hosts: 61.177.56.251 union.3721.com
O1 - Hosts: 61.177.56.251 music.feifa.com
O1 - Hosts: 61.177.56.251 www.vodfans.com
O1 - Hosts: 61.177.56.251 www.sogua.com
O1 - Hosts: 61.177.56.251 fm974.tom.com
O1 - Hosts: 61.177.56.251 ent.tom.com
O1 - Hosts: 61.177.56.251 music.tyfo.com
O1 - Hosts: 61.177.56.251 www.wanwa.com
O1 - Hosts: 61.177.56.251 www.guang.org
O1 - Hosts: 61.177.56.251 www.wz.zj.cn
O1 - Hosts: 61.177.56.251 www.3189.net
O1 - Hosts: 61.177.56.251 music.17o8.com
O1 - Hosts: 61.177.56.251 www.99music.net
O1 - Hosts: 61.177.56.251 www.cococ.com
O1 - Hosts: 61.177.56.251 www.qqqq.cn
O1 - Hosts: 61.177.56.251 www.bnb.com.cn
O1 - Hosts: 61.177.56.251 www.z163.com
O1 - Hosts: 61.177.56.251 game.163.com
O1 - Hosts: 61.177.56.251 games.sina.com.cn
O1 - Hosts: 61.177.56.251 www.v111.com
O1 - Hosts: 61.177.56.251 music.v111.com
O1 - Hosts: 61.177.56.251 www.3tom.com
O1 - Hosts: 61.177.56.251 www.xkqq.com
O1 - Hosts: 61.177.56.251 www.verymp3.com
O1 - Hosts: 61.177.56.251 www.91look.com
O1 - Hosts: 61.177.56.251 www.168101.com
O1 - Hosts: 61.177.56.251 www.cmfu.com
O1 - Hosts: 61.177.56.251 www.woogood.com
O1 - Hosts: 61.177.56.251 www.haodx.com
O1 - Hosts: 61.177.56.251 www.yingku.com
O1 - Hosts: 61.177.56.251 www.flash51.com
O1 - Hosts: 61.177.56.251 www.17haha.com
O1 - Hosts: 61.177.56.251 www.432.cn
O1 - Hosts: 61.177.56.251 www.cnxp.com
O1 - Hosts: 61.177.56.251 www.hjsm.net
O1 - Hosts: 61.177.56.251 music.8wa.com
O1 - Hosts: 61.177.56.251 www.66vv.com
O1 - Hosts: 61.177.56.251 www.musicfbi.com
O1 - Hosts: 61.177.56.251 www.vv66.com
O1 - Hosts: 61.177.56.251 www.139mm.com
O1 - Hosts: 61.177.56.251 www.130wg.com
O1 - Hosts: 61.177.56.251 www.flashsea.com
O1 - Hosts: 61.177.56.251 movie.59178.com
O1 - Hosts: 61.177.56.251 www.wo123.com
O1 - Hosts: 61.177.56.251 www.1ya.cn
O1 - Hosts: 61.177.56.251 www.happy8.cn
O1 - Hosts: 61.177.56.251 www.s6.cn
O1 - Hosts: 61.177.56.251 www.hao123.com
O1 - Hosts: 61.177.56.251 www.qqee.com
O1 - Hosts: 61.177.56.251 imgu.21cn.com
O1 - Hosts: 61.177.56.251 www.sohu123.com
O1 - Hosts: 61.177.56.251 www.chinamp3.com
O1 - Hosts: 61.177.56.251 www.18z.net
O1 - Hosts: 61.177.56.251 www.ssxs.com
O1 - Hosts: 61.177.56.251 www.fjwz.net
O1 - Hosts: 61.177.56.251 www.wo365.com
O1 - Hosts: 61.177.56.251 www.zhao99.com
O1 - Hosts: 61.177.56.251 www.cn808.net
O1 - Hosts: 61.177.56.251 www.tt55.net
O1 - Hosts: 61.177.56.251 www.mp3tt.com
O1 - Hosts: 61.177.56.251 www.yi5.com
O1 - Hosts: 61.177.56.251 www.haozs.com
O2 - BHO: (no name) - {4022F902-ABC7-4C79-924F-BB26F1D355A2} - C:\WINDOWS\System32\diybar2\diybar2.dll
O2 - BHO: (no name) - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\FLASHGET\jccatch.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\FLASHGET\fgiebar.dll
O3 - Toolbar: ????? - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINDOWS\System32\diybar2\diybar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Internet Explorer] IExplorer.exe
O4 - HKLM\..\Run: [internet.exe] C:/WINDOWS/systems.hta
O4 - HKCU\..\Run: [Windows32.exe] Windows32.exe
O4 - HKCU\..\Run: [IEXPLORE.EXE] IEXPLORE.EXE http://vod.hy265.com
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: ntuser.pol
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: !搜一搜 - res://C:\WINDOWS\DOWNLO~1\CnsMinEx.dll/1003
O8 - Extra context menu item: 使用网际快车下载 - D:\FLASHGET\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\FLASHGET\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - G:\bak\
O8 - Extra context menu item: 添加到QQ表情 - G:\bak\
O8 - Extra context menu item: 用QQ彩信发送该图片 - G:\bak\
O9 - Extra 'Tools' menuitem: Link Filter (HKLM)
O9 - Extra button: QQ (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O10 - Broken Internet access because of LSP provider '_hook.dll' missing
O11 - Options group: [!CNS] 
O16 - DPF: {28E0FA88-ABA8-4937-A247-3031F1A11165} (Installer Class) - http://pi.51.net/download/diybar2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DFE812B-D2B0-4C23-BB5F-62BE85D57FF4}: NameServer = 61.153.177.202 61.153.177.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF18DD9A-B78F-4E66-9DBB-932FDA9B8CBC}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DFE812B-D2B0-4C23-BB5F-62BE85D57FF4}: NameServer = 61.153.177.202 61.153.177.200

哪位高手帮助一下啊,我在地址栏里输入www.qq.com可是打开的却是一个成人电影网站,而且此时地址栏里显示的也是www.qq.com,输入其他网址就不会了.怎么回事啊哪位大侠帮忙看看啊

最后编辑2005-07-14 16:01:24
分享到:
gototop
 

引用:
【我非常郁闷的贴子】

R3 - URLSearchHook:
O1 - Hosts: 61.177.56.251 popme.163.com
O1 - Hosts: 61.177.56.251 www.xk99.com
O1 - Hosts: 61.177.56.251 www.006.net
O1 - Hosts: 61.177.56.251 006.net
O1 - Hosts: 61.177.56.251 www.cmfu.com
O1 - Hosts: 61.177.56.251 www.free120.com
O1 - Hosts: 61.177.56.251 www.4577.com
O1 - Hosts: 61.177.56.251 www.9617.com
O1 - Hosts: 61.177.56.251 www.fjwz.com
O1 - Hosts: 61.177.56.251 partner.cpc.sohu.com
O1 - Hosts: 61.177.56.251 ad4.sina.com.cn
O1 - Hosts: 61.177.56.251 music.17o8.comer.cpc.sohu.com
O1 - Hosts: 61.177.56.251 ad.tom.com
O1 - Hosts: 61.177.56.251 search.union.3721.com
O1 - Hosts: 61.177.56.251 post.baidu.com
O1 - Hosts: 61.177.56.251 mp3.baidu.com
O1 - Hosts: 61.177.56.251 image.baidu.com
O1 - Hosts: 61.177.56.251 site.google.com
O1 - Hosts: 61.177.56.251 flash.baidu.com
O1 - Hosts: 61.177.56.251 assistant.3721.com
O1 - Hosts: 61.177.56.251 pfp.sina.com.cn
O1 - Hosts: 61.177.56.251 cn.websearch.yahoo.com
O1 - Hosts: 61.177.56.251 sms.qq.com
O1 - Hosts: 61.177.56.251 www.qq.com
O1 - Hosts: 61.177.56.251 partner.lead2.com.cn
O1 - Hosts: 61.177.56.251 ad.cn.doubleclick.net
O1 - Hosts: 61.177.56.251 auto.search.msn.com
O1 - Hosts: 61.177.56.251 www.ourgame.com
O1 - Hosts: 61.177.56.251 www.the9.com
O1 - Hosts: 61.177.56.251 www.flashempire.com
O1 - Hosts: 61.177.56.251 www.qq163.com
O1 - Hosts: 61.177.56.251 www.9sky.com
O1 - Hosts: 61.177.56.251 www.tom-1.com
O1 - Hosts: 61.177.56.251 www.17173.com
O1 - Hosts: 61.177.56.251 www.yaotou.com
O1 - Hosts: 61.177.56.251 union.3721.com
O1 - Hosts: 61.177.56.251 music.feifa.com
O1 - Hosts: 61.177.56.251 www.vodfans.com
O1 - Hosts: 61.177.56.251 www.sogua.com
O1 - Hosts: 61.177.56.251 fm974.tom.com
O1 - Hosts: 61.177.56.251 ent.tom.com
O1 - Hosts: 61.177.56.251 music.tyfo.com
O1 - Hosts: 61.177.56.251 www.wanwa.com
O1 - Hosts: 61.177.56.251 www.guang.org
O1 - Hosts: 61.177.56.251 www.wz.zj.cn
O1 - Hosts: 61.177.56.251 www.3189.net
O1 - Hosts: 61.177.56.251 music.17o8.com
O1 - Hosts: 61.177.56.251 www.99music.net
O1 - Hosts: 61.177.56.251 www.cococ.com
O1 - Hosts: 61.177.56.251 www.qqqq.cn
O1 - Hosts: 61.177.56.251 www.bnb.com.cn
O1 - Hosts: 61.177.56.251 www.z163.com
O1 - Hosts: 61.177.56.251 game.163.com
O1 - Hosts: 61.177.56.251 games.sina.com.cn
O1 - Hosts: 61.177.56.251 www.v111.com
O1 - Hosts: 61.177.56.251 music.v111.com
O1 - Hosts: 61.177.56.251 www.3tom.com
O1 - Hosts: 61.177.56.251 www.xkqq.com
O1 - Hosts: 61.177.56.251 www.verymp3.com
O1 - Hosts: 61.177.56.251 www.91look.com
O1 - Hosts: 61.177.56.251 www.168101.com
O1 - Hosts: 61.177.56.251 www.cmfu.com
O1 - Hosts: 61.177.56.251 www.woogood.com
O1 - Hosts: 61.177.56.251 www.haodx.com
O1 - Hosts: 61.177.56.251 www.yingku.com
O1 - Hosts: 61.177.56.251 www.flash51.com
O1 - Hosts: 61.177.56.251 www.17haha.com
O1 - Hosts: 61.177.56.251 www.432.cn
O1 - Hosts: 61.177.56.251 www.cnxp.com
O1 - Hosts: 61.177.56.251 www.hjsm.net
O1 - Hosts: 61.177.56.251 music.8wa.com
O1 - Hosts: 61.177.56.251 www.66vv.com
O1 - Hosts: 61.177.56.251 www.musicfbi.com
O1 - Hosts: 61.177.56.251 www.vv66.com
O1 - Hosts: 61.177.56.251 www.139mm.com
O1 - Hosts: 61.177.56.251 www.130wg.com
O1 - Hosts: 61.177.56.251 www.flashsea.com
O1 - Hosts: 61.177.56.251 movie.59178.com
O1 - Hosts: 61.177.56.251 www.wo123.com
O1 - Hosts: 61.177.56.251 www.1ya.cn
O1 - Hosts: 61.177.56.251 www.happy8.cn
O1 - Hosts: 61.177.56.251 www.s6.cn
O1 - Hosts: 61.177.56.251 www.hao123.com
O1 - Hosts: 61.177.56.251 www.qqee.com
O1 - Hosts: 61.177.56.251 imgu.21cn.com
O1 - Hosts: 61.177.56.251 www.sohu123.com
O1 - Hosts: 61.177.56.251 www.chinamp3.com
O1 - Hosts: 61.177.56.251 www.18z.net
O1 - Hosts: 61.177.56.251 www.ssxs.com
O1 - Hosts: 61.177.56.251 www.fjwz.net
O1 - Hosts: 61.177.56.251 www.wo365.com
O1 - Hosts: 61.177.56.251 www.zhao99.com
O1 - Hosts: 61.177.56.251 www.cn808.net
O1 - Hosts: 61.177.56.251 www.tt55.net
O1 - Hosts: 61.177.56.251 www.mp3tt.com
O1 - Hosts: 61.177.56.251 www.yi5.com
O1 - Hosts: 61.177.56.251 www.haozs.com


哪位高手帮助一下啊,我在地址栏里输入www.qq.com可是打开的却是一个成人电影网站,而且此时地址栏里显示的也是www.qq.com,输入其他网址就不会了.怎么回事啊哪位大侠帮忙看看啊


...........................


你的主要问题在这里——hosts文件被窜改的面目全非!请修复这些O1项。
不过这只是现象。问题的根源在于——你的系统中有木马。
C:\WINDOWS\System32\IExplorer.exe
这就是其中一个。请将此文件打包传上来。
其它的,也不是没有问题。日志太乱!看得眼花。待我慢慢看来。
gototop
 

【回复“我非常郁闷”的帖子】
O4 - HKLM\..\Run: [Internet Explorer] IExplorer.exe
O4 - HKLM\..\Run: [internet.exe] C:/WINDOWS/systems.hta
O4 - HKCU\..\Run: [Windows32.exe] Windows32.exe
O4 - HKCU\..\Run: [IEXPLORE.EXE] IEXPLORE.EXE http://vod.hy265.com
这几项必须修复。修复前关闭浏览器及HijackThis以外得所有应用程序。
gototop
 

【回复“我非常郁闷”的帖子】
O10 - Broken Internet access because of LSP provider '_hook.dll' missing
这项要用LSPFix修复。网上可以找到这个工具。
gototop
 

【回复“我非常郁闷”的帖子】
HijackThis V1.97.7版本较低,日志扫不全。建议用HijackThis1.99.1再扫日志贴上来。
gototop
 

这份日志不错,东西挺多。
gototop
 

谢谢斑竹啊,真的麻烦你了!
对了打包是什么意思啊
不好意思不会啊
gototop
 

引用:
【我非常郁闷的贴子】谢谢斑竹啊,真的麻烦你了!
对了打包是什么意思啊
不好意思不会啊
...........................

看这个帖子。
http://forum.ikaka.com/topic.asp?board=28&artid=6267232
gototop
 

刚才保存的那个要上传的时候上哪里找呢
gototop
 

【回复“baohe”的帖子】

我已经把这四个修复了,还有O1也全部都要修复吗
gototop
 
123   1  /  3  页   跳转
页面顶部
Powered by Discuz!NT