中毒了，把卡卡社区都屏避了，

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛中毒了，把卡卡社区都屏避了，

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1 / 1 页

跳转页

墙外行人初生襁褓狮帖子:44 注册: 2005-11-08 来自:	发表于： 2006-10-28 09:33 \| 只看楼主短消息资料字号：小中大 1楼中毒了，把卡卡社区都屏避了，晕，刚开始我上论坛打不开，后来我看一下，原来是被改了hosts文件。各位看一下，还有什么地方要修改的 Logfile of HijackThis v1.99.1 Scan saved at 9:09:58, on 2006-10-28 Platform: Windows 2003 SP1 (WinNT 5.02.3790) MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\alexa.exe C:\WINDOWS\system32\sthu1.exe C:\Program Files\Maxthon2\Maxthon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\winfiles\桌面\HijackThis.exe O1 - Hosts: 218.201.94.20 localhost O1 - Hosts: 218.201.94.20 www.5566.net O1 - Hosts: 218.201.94.20 www.gjj.cc O1 - Hosts: 218.201.94.20 www.hao123.com O1 - Hosts: 218.201.94.20 www.hao222.com O1 - Hosts: 218.201.94.20 www.9991.com O1 - Hosts: 218.201.94.20 www.2345.com O1 - Hosts: 218.201.94.20 www.7939.com O1 - Hosts: 218.201.94.20 forum.ikaka.com O1 - Hosts: 218.201.94.20 bbs.360safe.com O1 - Hosts: 218.201.94.20 www.360safe.com O1 - Hosts: 218.201.94.20 www.piaoxue.com O1 - Hosts: 218.201.94.20 61.129.58.12 O1 - Hosts: 218.201.94.20 forum.jiangmin.com O1 - Hosts: 218.201.94.20 luosoft.com O1 - Hosts: 218.201.94.20 post.baidu.com O1 - Hosts: 218.201.94.20 cn.zs.yahoo.com O1 - Hosts: 218.201.94.20 www.znmq.com O1 - Hosts: 218.201.94.20 auto.search.msn.com O1 - Hosts: 218.201.94.20 www.pcav.cn O1 - Hosts: 218.201.94.20 www.cnhx.com.cn O1 - Hosts: 218.201.94.20 btbaicai.com O1 - Hosts: 218.201.94.20 219.239.102.77 O1 - Hosts: 218.201.94.20 hz.mop-hz.com O1 - Hosts: 218.201.94.20 www.jacai.com O1 - Hosts: 218.201.94.20 bbs.168safe.com O1 - Hosts: 218.201.94.20 ok.mop-hz.com O1 - Hosts: 218.201.94.20 www.netgoo.com O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - HKLM\..\Run: [svc] C:\WINDOWS\svchost.exe O4 - HKLM\..\Run: [ZhanYouSever] C:\WINDOWS\ZhanYouSever.exe O4 - HKLM\..\Run: [hm] C:\WINDOWS\system32\rundll32.exe py38d.dll Rundll32 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [svc] C:\WINDOWS\svchost.exe O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe O9 - Extra button: 千千静听 - {34FB5E38-E0C5-11D4-8D29-0050BA6940E3} - C:\Program Files\TTPlayer\ttplayer.exe O9 - Extra 'Tools' menuitem: 千千静听(&T) - {34FB5E38-E0C5-11D4-8D29-0050BA6940E3} - C:\Program Files\TTPlayer\ttplayer.exe O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{2091EFEF-9681-48E1-84C8-CDF427F8DCEA}: NameServer = 202.102.152.3,202.102.154.3 O17 - HKLM\System\CCS\Services\Tcpip\..\{8D9C04B4-7C8B-466D-9BE6-6CFA093FF784}: NameServer = 202.102.152.3,202.102.154.3 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe 2006-10-31 15:55:28.403000000
墙外行人初生襁褓狮帖子:44 注册: 2005-11-08 来自:	分享到：

凤凰楼客快乐黄口狮帖子:231 注册: 2004-01-08 来自:	发表于： 2006-10-28 11:27 \| 短消息资料字号：小中大 2楼 1、先用Windows清理助手，卸载流氓软件清理助手会有提示哪些是改清理的流氓软件下载地址： www.ArSwp.com 2、下载SREng2 ，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。下载地址 http://www.kztechs.com/sreng/sreng2.zip
凤凰楼客快乐黄口狮帖子:231 注册: 2004-01-08 来自:

墙外行人初生襁褓狮帖子:44 注册: 2005-11-08 来自:	发表于： 2006-10-28 17:45 \| 只看楼主短消息资料字号：小中大 3楼无效,
墙外行人初生襁褓狮帖子:44 注册: 2005-11-08 来自:

秋日里的蓝天卡卡技术团队帖子:7349 注册: 2004-09-30 来自:	发表于： 2006-10-28 18:16 \| 短消息资料字号：小中大 4楼运行Hijackthis，把下面的选中打上钩，修复 O4 - HKLM\..\Run: [svc] C:\WINDOWS\svchost.exe O4 - HKLM\..\Run: [ZhanYouSever] C:\WINDOWS\ZhanYouSever.exe O4 - HKLM\..\Run: [hm] C:\WINDOWS\system32\rundll32.exe py38d.dll Rundll32 O4 - HKCU\..\Run: [svc] C:\WINDOWS\svchost.exe O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll 删除 C:\WINDOWS\ZhanYouSever.exe C:\WINDOWS\system32\py38d.dll C:\WINDOWS\svchost.exe C:\WINDOWS\SYSTEM32\dimsntfy.dll 修复后，　还有异常，重新扫描上来
秋日里的蓝天卡卡技术团队帖子:7349 注册: 2004-09-30 来自:

墙外行人初生襁褓狮帖子:44 注册: 2005-11-08 来自:	发表于： 2006-10-30 19:10 \| 只看楼主短消息资料字号：小中大 5楼还是不行,下面是新的扫描日志, 另外说一下,我按1楼的方法,用那个清理大师,现在都不能正常关机了, 好像那个该死的.dll还在,我记得删除了呀 Logfile of HijackThis v1.99.1 Scan saved at 18:46:44, on 2006-10-30 Platform: Windows 2003 SP1 (WinNT 5.02.3790) MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TTPlayer\TTPlayer.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe c:\windows\system32\inetsrv\w3wp.exe C:\Program Files\FishDiary\FishDiary.exe D:\winfiles\桌面\HijackThis.exe O1 - Hosts: 218.201.94.20 localhost O1 - Hosts: 218.201.94.20 www.5566.net O1 - Hosts: 218.201.94.20 www.gjj.cc O1 - Hosts: 218.201.94.20 www.hao123.com O1 - Hosts: 218.201.94.20 www.hao222.com O1 - Hosts: 218.201.94.20 www.9991.com O1 - Hosts: 218.201.94.20 www.2345.com O1 - Hosts: 218.201.94.20 www.7939.com O1 - Hosts: 218.201.94.20 forum.ikaka.com O1 - Hosts: 218.201.94.20 bbs.360safe.com O1 - Hosts: 218.201.94.20 www.360safe.com O1 - Hosts: 218.201.94.20 www.piaoxue.com O1 - Hosts: 218.201.94.20 61.129.58.12 O1 - Hosts: 218.201.94.20 forum.jiangmin.com O1 - Hosts: 218.201.94.20 luosoft.com O1 - Hosts: 218.201.94.20 post.baidu.com O1 - Hosts: 218.201.94.20 cn.zs.yahoo.com O1 - Hosts: 218.201.94.20 www.znmq.com O1 - Hosts: 218.201.94.20 auto.search.msn.com O1 - Hosts: 218.201.94.20 www.pcav.cn O1 - Hosts: 218.201.94.20 www.cnhx.com.cn O1 - Hosts: 218.201.94.20 btbaicai.com O1 - Hosts: 218.201.94.20 219.239.102.77 O1 - Hosts: 218.201.94.20 hz.mop-hz.com O1 - Hosts: 218.201.94.20 www.jacai.com O1 - Hosts: 218.201.94.20 bbs.168safe.com O1 - Hosts: 218.201.94.20 ok.mop-hz.com O1 - Hosts: 218.201.94.20 www.netgoo.com O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - HKLM\..\Run: [hm] C:\WINDOWS\system32\rundll32.exe py38d.dll Rundll32 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe O9 - Extra button: 千千静听 - {34FB5E38-E0C5-11D4-8D29-0050BA6940E3} - C:\Program Files\TTPlayer\ttplayer.exe O9 - Extra 'Tools' menuitem: 千千静听(&T) - {34FB5E38-E0C5-11D4-8D29-0050BA6940E3} - C:\Program Files\TTPlayer\ttplayer.exe O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{2091EFEF-9681-48E1-84C8-CDF427F8DCEA}: NameServer = 202.102.152.3,202.102.154.3 O17 - HKLM\System\CCS\Services\Tcpip\..\{8D9C04B4-7C8B-466D-9BE6-6CFA093FF784}: NameServer = 202.102.152.3,202.102.154.3 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
墙外行人初生襁褓狮帖子:44 注册: 2005-11-08 来自:

秋日里的蓝天卡卡技术团队帖子:7349 注册: 2004-09-30 来自:	发表于： 2006-10-30 19:38 \| 短消息资料字号：小中大 6楼开机自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。）运行Hijackthis，把下面的选中打上钩，修复 O4 - HKLM\..\Run: [hm] C:\WINDOWS\system32\rundll32.exe py38d.dll Rundll32 显示隐藏文件删除 C:\WINDOWS\system32\py38d.dll 在C:\WINDOWS\system32\drivers\etc下,用记事本打开HOSTS文件,将里面的内容清空,留下这一项：127.0.0.1 localhost，保存 c:\windows\system32\inetsrv\w3wp.exe 这个确认一下
秋日里的蓝天卡卡技术团队帖子:7349 注册: 2004-09-30 来自:

特邀体验者

帖子:13
注册: 2006-09-02
来自:

发表于： 2006-10-31 02:50 | 短消息资料

字号：小中大 7楼

引用:

【秋日里的蓝天的贴子】运行Hijackthis，把下面的选中打上钩，修复
O4 - HKLM\..\Run: [svc] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [ZhanYouSever] C:\WINDOWS\ZhanYouSever.exe
O4 - HKLM\..\Run: [hm] C:\WINDOWS\system32\rundll32.exe py38d.dll Rundll32
O4 - HKCU\..\Run: [svc] C:\WINDOWS\svchost.exe
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll

删除
C:\WINDOWS\ZhanYouSever.exe
C:\WINDOWS\system32\py38d.dll
C:\WINDOWS\svchost.exe
C:\WINDOWS\SYSTEM32\dimsntfy.dll

修复后，　还有异常，重新扫瞄上来
………………

C:\WINDOWS\SYSTEM32\dimsntfy.dll 是Win2K3的文件.....没问题的

墙外行人初生襁褓狮帖子:44 注册: 2005-11-08 来自:	发表于： 2006-10-31 15:50 \| 只看楼主短消息资料字号：小中大 8楼回5楼,w3wp是iis带的,应该没有问题, 现在我的机器还是弹出页面. 我发现服务管理器中有一个服务(7589123),不知道是做什么的,看下面的图片最新扫的日志如下 Logfile of HijackThis v1.99.1 Scan saved at 15:33:51, on 2006-10-31 Platform: Windows 2003 SP1 (WinNT 5.02.3790) MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Maxthon2\Maxthon.exe C:\WINDOWS\system32\mmc.exe C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup.0001 C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup.0001 C:\Program Files\Internet Explorer\IEXPLORE.EXE c:\windows\system32\inetsrv\w3wp.exe D:\winfiles\桌面\HijackThis.exe O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe O9 - Extra button: 千千静听 - {34FB5E38-E0C5-11D4-8D29-0050BA6940E3} - C:\Program Files\TTPlayer\ttplayer.exe O9 - Extra 'Tools' menuitem: 千千静听(&T) - {34FB5E38-E0C5-11D4-8D29-0050BA6940E3} - C:\Program Files\TTPlayer\ttplayer.exe O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{2091EFEF-9681-48E1-84C8-CDF427F8DCEA}: NameServer = 202.102.152.3,202.102.154.3 O17 - HKLM\System\CCS\Services\Tcpip\..\{8D9C04B4-7C8B-466D-9BE6-6CFA093FF784}: NameServer = 202.102.152.3,202.102.154.3 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe 附件: 文件名:61514620061031154226.gif 下载次数:265 文件类型:image/pjpeg 文件大小: 上传时间:2006-10-31 15:50:54 描述:
墙外行人初生襁褓狮帖子:44 注册: 2005-11-08 来自:

墙外行人初生襁褓狮帖子:44 注册: 2005-11-08 来自:	发表于： 2006-10-31 15:55 \| 只看楼主短消息资料字号：小中大 9楼补充: 那个服务的可执行文件地址在: C:\WINDOWS\system32\7589123.EXE -service
墙外行人初生襁褓狮帖子:44 注册: 2005-11-08 来自:

<<上一主题|下一主题>>

1 / 1 页

跳转页

墙外行人初生襁褓狮帖子:44 注册: 2005-11-08 来自:	发表于： 2006-10-28 09:33 \| 只看楼主短消息资料字号：小中大 1楼中毒了，把卡卡社区都屏避了，晕，刚开始我上论坛打不开，后来我看一下，原来是被改了hosts文件。各位看一下，还有什么地方要修改的 Logfile of HijackThis v1.99.1 Scan saved at 9:09:58, on 2006-10-28 Platform: Windows 2003 SP1 (WinNT 5.02.3790) MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\alexa.exe C:\WINDOWS\system32\sthu1.exe C:\Program Files\Maxthon2\Maxthon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\winfiles\桌面\HijackThis.exe O1 - Hosts: 218.201.94.20 localhost O1 - Hosts: 218.201.94.20 www.5566.net O1 - Hosts: 218.201.94.20 www.gjj.cc O1 - Hosts: 218.201.94.20 www.hao123.com O1 - Hosts: 218.201.94.20 www.hao222.com O1 - Hosts: 218.201.94.20 www.9991.com O1 - Hosts: 218.201.94.20 www.2345.com O1 - Hosts: 218.201.94.20 www.7939.com O1 - Hosts: 218.201.94.20 forum.ikaka.com O1 - Hosts: 218.201.94.20 bbs.360safe.com O1 - Hosts: 218.201.94.20 www.360safe.com O1 - Hosts: 218.201.94.20 www.piaoxue.com O1 - Hosts: 218.201.94.20 61.129.58.12 O1 - Hosts: 218.201.94.20 forum.jiangmin.com O1 - Hosts: 218.201.94.20 luosoft.com O1 - Hosts: 218.201.94.20 post.baidu.com O1 - Hosts: 218.201.94.20 cn.zs.yahoo.com O1 - Hosts: 218.201.94.20 www.znmq.com O1 - Hosts: 218.201.94.20 auto.search.msn.com O1 - Hosts: 218.201.94.20 www.pcav.cn O1 - Hosts: 218.201.94.20 www.cnhx.com.cn O1 - Hosts: 218.201.94.20 btbaicai.com O1 - Hosts: 218.201.94.20 219.239.102.77 O1 - Hosts: 218.201.94.20 hz.mop-hz.com O1 - Hosts: 218.201.94.20 www.jacai.com O1 - Hosts: 218.201.94.20 bbs.168safe.com O1 - Hosts: 218.201.94.20 ok.mop-hz.com O1 - Hosts: 218.201.94.20 www.netgoo.com O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - HKLM\..\Run: [svc] C:\WINDOWS\svchost.exe O4 - HKLM\..\Run: [ZhanYouSever] C:\WINDOWS\ZhanYouSever.exe O4 - HKLM\..\Run: [hm] C:\WINDOWS\system32\rundll32.exe py38d.dll Rundll32 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [svc] C:\WINDOWS\svchost.exe O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe O9 - Extra button: 千千静听 - {34FB5E38-E0C5-11D4-8D29-0050BA6940E3} - C:\Program Files\TTPlayer\ttplayer.exe O9 - Extra 'Tools' menuitem: 千千静听(&T) - {34FB5E38-E0C5-11D4-8D29-0050BA6940E3} - C:\Program Files\TTPlayer\ttplayer.exe O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{2091EFEF-9681-48E1-84C8-CDF427F8DCEA}: NameServer = 202.102.152.3,202.102.154.3 O17 - HKLM\System\CCS\Services\Tcpip\..\{8D9C04B4-7C8B-466D-9BE6-6CFA093FF784}: NameServer = 202.102.152.3,202.102.154.3 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe 2006-10-31 15:55:28.403000000
墙外行人初生襁褓狮帖子:44 注册: 2005-11-08 来自:	分享到：

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 中毒了，把卡卡社区都屏避了，

中毒了，把卡卡社区都屏避了，

中毒了，把卡卡社区都屏避了，

附件:

文件名:61514620061031154226.gif 下载次数:265 文件类型:image/pjpeg 文件大小: ShowFormatBytesStr(12970); 上传时间:2006-10-31 15:50:54 描述:

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛中毒了，把卡卡社区都屏避了，

文件名:61514620061031154226.gif

下载次数:265

文件类型:image/pjpeg

文件大小:

上传时间:2006-10-31 15:50:54

描述: