瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】斑竹帮我看看,紧急求助,谢谢拉

1   1  /  1  页   跳转

【求助】斑竹帮我看看,紧急求助,谢谢拉

收藏
梁佳
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2005-10-07
  • 来自:
发表于: 2005-11-23 15:27 | 只看楼主 短消息 资料
字号: 1楼

【求助】斑竹帮我看看,紧急求助,谢谢拉

HijackThis_815汉化版扫描日志 V1.99.1
保存于      15:27:09, 日期 2001-2-10
操作系统:  Windows 2000  (WinNT 5.00.2195)
浏览器:    Internet Explorer v6.00 (6.00.2600.0000)

当前运行的进程:         
C:\WINNT\Explorer.exe
C:\WINNT\System32\Rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\rising\rav\RavTimer.exe
C:\Program Files\rising\rav\RavMon.exe
C:\WINNT\System32\capp.exe
C:\Program Files\Common Files\Real\Update_OB\rndal.exe
C:\Program Files\YuanZhi\Multimedia Education Network\Student.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINNT\System32\ctfmon.exe
C:\WINNT\System32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\WEB\5B61E.com
D:\扫描软件\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - URLSearchHook: BDSrchHook Class - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - C:\WINNT\DOWNLO~1\BDSrHook.dll
O1 - Hosts: 222.208.168.121 www.chinese.yahoo.com
O1 - Hosts: 222.208.168.121 chinese.yahoo.com
O1 - Hosts: 222.208.168.121 www.94007.com
O1 - Hosts: 222.208.168.121 94007.com
O1 - Hosts: 222.208.168.121 www.wenxuecity.com
O1 - Hosts: 222.208.168.121 wenxuecity.com
O1 - Hosts: 222.208.168.121 www.tom.com
O1 - Hosts: 222.208.168.121 tom.com
O1 - Hosts: 222.208.168.121 www.chinaren.com
O1 - Hosts: 222.208.168.121 chinaren.com
O1 - Hosts: 222.208.168.121 www.atnext.com
O1 - Hosts: 222.208.168.121 atnext.com
O1 - Hosts: 222.208.168.121 www.hkbn.net
O1 - Hosts: 222.208.168.121 hkbn.net
O1 - Hosts: 222.208.168.121 www.pchome.com.tw
O1 - Hosts: 222.208.168.121 pchome.com.tw
O1 - Hosts: 222.208.168.121 www.china.com
O1 - Hosts: 222.208.168.121 china.com
O1 - Hosts: 222.208.168.121 www.allyes.com
O1 - Hosts: 222.208.168.121 allyes.com
O1 - Hosts: 222.208.168.121 www.eachnet.com
O1 - Hosts: 222.208.168.121 eachnet.com
O1 - Hosts: 222.208.168.121 www.chinatimes.com
O1 - Hosts: 222.208.168.121 chinatimes.com
O1 - Hosts: 222.208.168.121 www.showhappy.net
O1 - Hosts: 222.208.168.121 showhappy.net
O1 - Hosts: 222.208.168.121 www.lycos.com.cn
O1 - Hosts: 222.208.168.121 lycos.com.cn
O1 - Hosts: 222.208.168.121 www.ctn.com.cn
O1 - Hosts: 222.208.168.121 ctn.com.cn
O1 - Hosts: 222.208.168.121 www.tencent.com
O1 - Hosts: 222.208.168.121 tencent.com
O1 - Hosts: 222.208.168.121 www.the-sun.com.hk
O1 - Hosts: 222.208.168.121 the-sun.com.hk
O1 - Hosts: 222.208.168.121 www.881903.com
O1 - Hosts: 222.208.168.121 881903.com
O1 - Hosts: 222.208.168.121 www.tvb.com
O1 - Hosts: 222.208.168.121 tvb.com
O1 - Hosts: 222.208.168.121 www.nease.net
O1 - Hosts: 222.208.168.121 nease.net
O1 - Hosts: 222.208.168.121 www.yisou.com
O1 - Hosts: 222.208.168.121 yisou.com
O1 - Hosts: 222.208.168.121 www.online.sh.cn
O1 - Hosts: 222.208.168.121 online.sh.cn
O1 - Hosts: 222.208.168.121 www.hkgolden.com
O1 - Hosts: 222.208.168.121 hkgolden.com
O1 - Hosts: 222.208.168.121 www.qianlong.com
O1 - Hosts: 222.208.168.121 qianlong.com
O1 - Hosts: 222.208.168.121 www.2000fun.com
O1 - Hosts: 222.208.168.121 2000fun.com
O1 - Hosts: 222.208.168.121 www.gamer.com.tw
O1 - Hosts: 222.208.168.121 gamer.com.tw
O1 - Hosts: 222.208.168.121 www.sogua.com
O1 - Hosts: 222.208.168.121 sogua.com
O1 - Hosts: 222.208.168.121 www.51.net
O1 - Hosts: 222.208.168.121 51.net
O1 - Hosts: 222.208.168.121 www.hc360.com
O1 - Hosts: 222.208.168.121 hc360.com
O1 - Hosts: 222.208.168.121 www.she.com
O1 - Hosts: 222.208.168.121 she.com
O1 - Hosts: 222.208.168.121 www.bdchina.com
O1 - Hosts: 222.208.168.121 bdchina.com
O1 - Hosts: 222.208.168.121 www.mingpao.com
O1 - Hosts: 222.208.168.121 mingpao.com
O1 - Hosts: 222.208.168.121 www.soufun.com
O1 - Hosts: 222.208.168.121 soufun.com
O1 - Hosts: 222.208.168.121 www.gznet.com
O1 - Hosts: 222.208.168.121 gznet.com
O1 - Hosts: 222.208.168.121 www.homeway.com.cn
O1 - Hosts: 222.208.168.121 homeway.com.cn
O1 - Hosts: 222.208.168.121 www.pchome.net
O1 - Hosts: 222.208.168.121 pchome.net
O1 - Hosts: 222.208.168.121 www.timway.com
O1 - Hosts: 222.208.168.121 timway.
O1 - Hosts: 222.208.168.121 www.qq.com
O1 - Hosts: 222.208.168.121 qq.com
O1 - Hosts: 222.208.168.121 www.polyu.edu.hk
O1 - Hosts: 222.208.168.121 polyu.edu.hk
O1 - Hosts: 222.208.168.121 www.rongshuxia.com
O1 - Hosts: 222.208.168.121 rongshuxia.com
O1 - Hosts: 222.208.168.121 www.orientaldaily.com.hk
O1 - Hosts: 222.208.168.121 orientaldaily.com.hk
O1 - Hosts: 222.208.168.121 www.hinet.net
O1 - Hosts: 222.208.168.121 hinet.net
O1 - Hosts: 222.208.168.121 www.pc365.com.cn
O1 - Hosts: 222.208.168.121 pc365.com.cn
O1 - Hosts: 222.208.168.121 www.ebay.com.cn
O1 - Hosts: 222.208.168.121 ebay.com.cn
O1 - Hosts: 222.208.168.121 www.chinamobile.com
O1 - Hosts: 222.208.168.121 chinamobile.com
O1 - Hosts: 222.208.168.121 www.hko.gov.hk
O1 - Hosts: 222.208.168.121 hko.gov.hk
O1 - Hosts: 222.208.168.121 www.so-net.com.hk
O1 - Hosts: 222.208.168.121 so-net.com.hk
O1 - Hosts: 222.208.168.121 www.chinacars.com
O1 - Hosts: 222.208.168.121 chinacars.com
O1 - Hosts: 222.208.168.121 www.esdlife.com
O1 - Hosts: 222.208.168.121 esdlife.com
O1 - Hosts: 222.208.168.121 www.hongkongjockeyclub.com
O1 - Hosts: 222.208.168.121 hongkongjockeyclub.com
O1 - Hosts: 222.208.168.121 www.6to23.com
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINNT\System32\CdnIEHlp.dll
O2 - BHO: BDSrchHook Class - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - C:\WINNT\DOWNLO~1\BDSrHook.dll
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - IE工具栏增项: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - 启动项HKLM\\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - 启动项HKLM\\Run: [RavTimer] C:\Program Files\rising\rav\RavTimer.exe
O4 - 启动项HKLM\\Run: [RavMon] C:\Program Files\rising\rav\RavMon.exe
O4 - 启动项HKLM\\Run: [CApp] C:\WINNT\System32\capp.exe
O4 - 启动项HKLM\\Run: [Student] C:\Program Files\YuanZhi\Multimedia Education Network\Student.exe
O4 - 启动项HKLM\\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - 启动项HKLM\\Run: [BIE] Rundll32.exe C:\WINNT\DOWNLO~1\BDSrHook.dll,Rundll32
O4 - 启动项HKLM\\Run: [TempCom] C:\WINNT\HELP\43D69.com
O4 - 启动项HKLM\\RunServices: [RavMon] C:\Program Files\rising\rav\RavMon.exe /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: 启动.bat
O8 - IE右键菜单中的新增项目: !搜一搜 - res://C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll/246
O8 - IE右键菜单中的新增项目: 使用网络传送带下载 - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - IE右键菜单中的新增项目: 使用网络传送带下载全部链接 - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - 浏览器额外的按钮: 中文域名 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINNT\System32\CdnIEHlp.dll
O9 - 浏览器额外的“工具”菜单项: 中文域名 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINNT\System32\CdnIEHlp.dll
O9 - 浏览器额外的按钮: 百度搜索伴侣 - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - C:\WINNT\DOWNLO~1\BDSrHook.dll
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\cdnns.dll
O11 - Options group: [!IESearch] !IESearch
O11 - Options group: [CDNCLIENT]  中文上网
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} (BDSrchHook Class) - http://bar.baidu.com/update/cab/BDSrHook.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B0B82E7-C402-43A2-9F1C-7972F81885DF}: NameServer = 202.96.128.166,202.96.128.86
O18 - 列举现有的协议: mp3 - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - C:\WINNT\DOWNLO~1\BDSrHook.dll
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\Program Files\rising\rav\CCenter.exe
O23 - NT 服务: Rising Realtime Monitor Service (RsRavMon) - rising - C:\Program Files\rising\rav\RavMonD.exe


浏览器被一个网站劫持了,请教教我详细的解决办法吧~
万分感谢
最后编辑2005-11-23 16:15:03
分享到:
gototop
 
魔法学徒
头像
卡卡技术团队
  • 帖子:11465
  • 注册: 2004-10-03
  • 来自:
发表于: 2005-11-23 16:15 | 短消息 资料
字号: 2楼

重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows

终止下列进程

C:\WINNT\WEB\5B61E.com

(关闭所有窗口,同时按下CTRL+ALT+DELETE,在打开的窗口中选中要终止的进程,然后按下“结束任务”或者“结束进程”,最后关闭该窗口。要终止的进程与系统进程同名,无法终止的话,建议使用第三方进程管理软件,比如HijackThis自带的进程管理器来终止其进程<下面的叙述以1.99.1版为准>——打开HijackThis——打开混合工具箱——打开进程管理器——选中要终止的进程——点“结束进程”)

运行Hijackthis,扫描结束后在下列选项前打上勾,然后选修复“Fix Checked”:

O4 - 启动项HKLM\\Run: [TempCom] C:\WINNT\HELP\43D69.com
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat
O4 - Global Startup: 启动.bat

显示隐藏文件

双击我的电脑--工具---文件夹选项--查看选项卡--单击选取"显示隐藏文件或文件夹"--清除"隐藏受保护的操作系统文件(推荐)"复选框。在提示您确定更改时,单击“是”--单击“确定”。

然后找到如下文件并删除(如果有的话)。

C:\WINNT\WEB\5B61E.com
C:\WINNT\HELP\43D69.com
C:\$NtUninstallQ5926809$\整个目录
启动.bat(请用开始菜单中的搜索功能查找)
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT