？？？？？？？？？？

不是吧？？应该是中木马了．．．．．．用杀毒软件杀哈

没见过

ddd

dd

请下载并使用HijackThis 1.99.1，扫描LOG发上来，方便大家分析。
【推荐】反浏览器劫持的一些常用操作
http://forum.ikaka.com/topic.asp?board=67&artid=6490491
运行HijackThis，先点[扫描系统并保存日志]或[Do a system scan and save a logfile]按钮，扫描完成后，LOG将会在自动弹出的记事本中显示，再从记事本里复制/粘贴到贴子里。如果LOG比较长，一贴发不完，你可以分成几个部分发在回贴里。

Logfile of HijackThis v1.99.1<br>Scan saved at 16:03:44, on 2005-7-21<br>Platform: Windows XP  (WinNT 5.01.2600)<br>MSIE: Internet Explorer v6.00 (6.00.2600.0000)<br><br>Running processes:<br>C:\WINDOWS\System32\smss.exe<br>C:\WINDOWS\system32\winlogon.exe<br>C:\WINDOWS\system32\services.exe<br>C:\WINDOWS\system32\lsass.exe<br>C:\WINDOWS\system32\svchost.exe<br>C:\WINDOWS\System32\svchost.exe<br>C:\WINDOWS\system32\LEXBCES.EXE<br>C:\WINDOWS\system32\spoolsv.exe<br>C:\WINDOWS\system32\LEXPPS.EXE<br>C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE<br>C:\www.5806.net<br>O1 - Hosts: 222.89.109.112 zhao999.com<br>O1 - Hosts: 222.89.109.112 www.zhao999.com<br>O1 - Hosts: 222.89.109.112 movie.xmfdc.net<br>O1 - Hosts: 222.89.109.112 www.movie110.com<br>O1 - Hosts: 222.89.109.112 movie110.com<br>O1 - Hosts: 222.89.109.112 www.yesky.com<br>O1 - Hosts: 222.89.109.112 yesky.com<br>O1 - Hosts: 222.89.109.112 www.178ya.com<br>O1 - Hosts: 222.89.109.112 178ya.com<br>O1 - Hosts: 222.89.109.112 www.3668.cn<br>O1 - Hosts: 222.89.109.112 3668.cn<br>O1 - Hosts: 222.89.109.112 www.hao45.com<br>O1 - Hosts: 222.89.109.112 hao45.com<br>O1 - Hosts: 222.89.109.112 www.5sese.com<br>O1 - Hosts: 222.89.109.112 5sese.com<br>O1 - Hosts: 222.89.109.112 woyy.51.net<br>O1 - Hosts: 222.89.109.112 3668.cn<br>O1 - Hosts: 222.89.109.112 www.3668.cn<br>O1 - Hosts: 222.89.109.112 tu68.com<br>O1 - Hosts: 222.89.109.112 www.tu68.com<br>O1 - Hosts: 222.89.109.112 avxiu.com<br>O1 - Hosts: 222.89.109.112 www.avxiu.com<br>O1 - Hosts: 222.89.109.112 18dy.net<br>O1 - Hosts: 222.89.109.112 www.18dy.net<br>O1 - Hosts: 222.89.109.112 avxiu.com<br>O1 - Hosts: 222.89.109.112 www.avxiu.com<br>O1 - Hosts: 222.89.109.112 hk.18dy.com<br>O1 - Hosts: 222.89.109.112 dianying.gghggh.com<br>O1 - Hosts: 222.89.109.112 lady3.*******<br>O1 - Hosts: 222.89.109.112 kan56.zj.com<br>O1 - Hosts: 222.89.109.112 88848.net<br>O1 - Hosts: 222.89.109.112 www.88848.net<br>O1 - Hosts: 222.89.109.112 xonline.org<br>O1 - Hosts: 222.89.109.112 www.xonline.org<br>O1 - Hosts: 222.89.109.112 dy.nuoy.com<br>O1 - Hosts: 222.89.109.112 www.korea-av.com<br>O1 - Hosts: 222.89.109.112 korea-av.com<br>O1 - Hosts: 222.89.109.112 movie.bucuo.org<br>O1 - Hosts: 222.89.109.112 mv888.com<br>O1 - Hosts: 222.89.109.112 www.mv888.com<br>O1 - Hosts: 222.89.109.112 tk4479.com<br>O1 - Hosts: 222.89.109.112 www.tk4479.com<br>O1 - Hosts: 222.89.109.112 77dy.com<br>O1 - Hosts: 222.89.109.112 www.77dy.com<br>O1 - Hosts: 222.89.109.112 look163.com<br>O1 - Hosts: 222.89.109.112 www.look163.com<br>O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v5.dll<br>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)<br>O2 - BHO: 360搜 - {472101C2-1109-43f4-9112-31F33E3F2127} - C:\PROGRA~1\360so\360so.dll<br>O2 - BHO: Router Layer - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} - C:\WINDOWS\System32\aclayer.dll<br>O2 - BHO: 3721中文邮 - {6231D512-E4A4-4DF2-BE62-5B8F0EE348EF} - (no file)<br>O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - E:\KV2005\KvShell_2.dll<br>O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\FLASHGET\jccatch.dll<br>O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll<br>O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)<br>O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\yisou\yisoub.dll<br>O2 - BHO: SFP Class - {F236CC5A-F6E4-4011-9EED-C52FDF51CE3D} - C:\WINDOWS\system32\SBHOPlin.dll<br>O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll<br>O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\FLASHGET\fgiebar.dll<br>O3 - Toolbar: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\yisou\yisou.dll<br>O3 - Toolbar: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - E:\KV2005\KvShell_2.dll<br>O4 - HKLM\..\Run: [HuaShanTGEKBDPS2] C:\Program Files\联想\联想键盘驱动\Ps2Kbdriver.exe<br>O4 - HKLM\..\Run: [KvMonXP] E:\KV2005\KVMonXP.kxp /auto<br>O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32<br>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot<br>O4 - HKLM\..\Run: [assistse] "C:\PROGRA~1\3721\assistse.exe"<br>O4 - HKLM\..\Run: [advapi32] RUNDLL32 C:\WINDOWS\Downlo~1\_IS_ISC.DLL,isc<br>O4 - HKLM\..\Run: [360Main.exe] C:\PROGRA~1\360so\360Main.exe<br>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe<br>O4 - Global Startup: 安装DuDu加速器.lnk = C:\WINDOWS\Temp\dddsetup.exe<br>O8 - Extra context menu item: 使用网际快车下载 - E:\FlashGet\jc_link.htm<br>O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\FlashGet\jc_all.htm<br>O9 - Extra button: 网址大全 - {1FBA04EE-3024-11D2-8F1F-0000F87ABD18} - http://www.coc.cc (file missing)<br>O9 - Extra button: 3721中文邮 - {5D73EE86-05F1-49ed-B850-E423120EC329} - http://cmail.3721.com?fb=client (file missing)<br>O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)<br>O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FLASHGET\flashget.exe<br>O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FLASHGET\flashget.exe<br>O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)<br>O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)<br>O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)<br>O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)<br>O10 - Unknown file in Winsock LSP: c:\windows\system32\kvwspxp_2.dll<br>O10 - Unknown file in Winsock LSP: c:\windows\system32\kvwspxp_2.dll<br>O10 - Unknown file in Winsock LSP: c:\windows\system32\kvwspxp_2.dll<br>O11 - Options group: [!CNS]  上网助手-地址栏搜索<br>O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab<;br>O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown3.cab<;br>O17 - HKLM\System\CCS\Services\Tcpip\..\{06F3C78A-0530-4C3B-BA92-CE374B81B612}: NameServer = 218.56.57.58,202.102.128.68<br>O17 - HKLM\System\CCS\Services\Tcpip\..\{4C5E431E-177C-4BBE-ABCD-48491BB83D71}: NameServer = 202.96.64.68 219.150.32.132<br>O17 - HKLM\System\CS1\Services\Tcpip\..\{06F3C78A-0530-4C3B-BA92-CE374B81B612}: NameServer = 218.56.57.58,202.102.128.68<br>O17 - HKLM\System\CS2\Services\Tcpip\..\{06F3C78A-0530-4C3B-BA92-CE374B81B612}: NameServer = 218.56.57.58,202.102.128.68<br>O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\System32\mbprot.dll<br>O20 - AppInit_DLLs: APIHookDll.dll<br>O20 - Winlogon Notify: ZGNotify - C:\WINDOWS\MyNotification.dll<br>O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE<br>O23 - Service: KVSrvXP - JiangMin New Tech Ltd. - E:\KV2005\KVSrvXP.exe<br>O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE<br>O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe<br>O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)<br>O23 - Service: TGE CardReader Mgr Host v2 (TGECardReaderMgrHost.2) - Unknown owner - C:\Program Files\联想\联想键盘驱动\TGESrvLogon.exe<br><br>

修复所有01项,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: 360搜 - {472101C2-1109-43f4-9112-31F33E3F2127} - C:\PROGRA~1\360so\360so.dll
O2 - BHO: Router Layer - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} - C:\WINDOWS\System32\aclayer.dll
O2 - BHO: 3721中文邮 - {6231D512-E4A4-4DF2-BE62-5B8F0EE348EF} - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O2 - BHO: SFP Class - {F236CC5A-F6E4-4011-9EED-C52FDF51CE3D} - C:\WINDOWS\system32\SBHOPlin.dll
O4 - HKLM\..\Run: [360Main.exe] C:\PROGRA~1\360so\360Main.exe
O4 - Global Startup: 安装DuDu加速器.lnk = C:\WINDOWS\Temp\dddsetup.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

删除文件:
E:\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
C:\PROGRA~1\360so\360so.dll
C:\WINDOWS\System32\aclayer.dll
C:\WINDOWS\system32\SBHOPlin.dll
C:\PROGRA~1\360so\360Main.exe
C:\WINDOWS\Temp\dddsetup.exe