瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 请大家帮我分析我的HijackThis扫描日志!谢谢!

1   1  /  1  页   跳转

请大家帮我分析我的HijackThis扫描日志!谢谢!

收藏
雨君
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2003-11-05
  • 来自:
发表于: 2005-07-16 15:57 | 只看楼主 短消息 资料
字号: 1楼

请大家帮我分析我的HijackThis扫描日志!谢谢!

Logfile of HijackThis v1.99.1
Scan saved at 下午 03:40:12, on 2005/7/16
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\soundman.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Documents and Settings\justina\桌面\HijackThis.exe

O1 - Hosts: 65.75.164.30 www.mk6789.com
O1 - Hosts: 65.75.164.30 mk6789.com
O1 - Hosts: 65.75.164.30 www.34422.com
O1 - Hosts: 65.75.164.30 34422.com
O1 - Hosts: 65.75.164.30 www.85656.com
O1 - Hosts: 65.75.164.30 85656.com
O1 - Hosts: 65.75.164.30 www.1222.net
O1 - Hosts: 65.75.164.30 1222.net
O1 - Hosts: 65.75.164.30 www.256999.com
O1 - Hosts: 65.75.164.30 256999.com
O1 - Hosts: 65.75.164.30 www.55399.com
O1 - Hosts: 65.75.164.30 55399.com
O1 - Hosts: 65.75.164.30 www.55399.com
O1 - Hosts: 65.75.164.30 55399.com
O1 - Hosts: 65.75.164.30 www.ok008.net
O1 - Hosts: 65.75.164.30 ok008.net
O1 - Hosts: 65.75.164.30 www.561888.com
O1 - Hosts: 65.75.164.30 561888.com
O1 - Hosts: 65.75.164.30 www.561888.com
O1 - Hosts: 65.75.164.30 561888.com
O1 - Hosts: 65.75.164.30 www.ok018.com
O1 - Hosts: 65.75.164.30 ok018.com
O1 - Hosts: 65.75.164.30 www.44699.com
O1 - Hosts: 65.75.164.30 44699.com
O1 - Hosts: 65.75.164.30 www.hk3777.com
O1 - Hosts: 65.75.164.30 hk3777.com
O1 - Hosts: 65.75.164.30 www.004466.com
O1 - Hosts: 65.75.164.30 004466.com
O1 - Hosts: 65.75.164.30 www.xg998.com
O1 - Hosts: 65.75.164.30 xg998.com
O1 - Hosts: 65.75.164.30 www.200889.com
O1 - Hosts: 65.75.164.30 200889.com
O1 - Hosts: 65.75.164.30 www.232888.com
O1 - Hosts: 65.75.164.30 232888.com
O1 - Hosts: 65.75.164.30 www.xianggangliuhecai.org
O1 - Hosts: 65.75.164.30 xianggangliuhecai.org
O1 - Hosts: 65.75.164.30 www.7y8y.com
O1 - Hosts: 65.75.164.30 7y8y.com
O1 - Hosts: 65.75.164.30 www.hkcai.net
O1 - Hosts: 65.75.164.30 hkcai.net
O1 - Hosts: 65.75.164.30 www.cp868.com
O1 - Hosts: 65.75.164.30 cp868.com
O1 - Hosts: 65.75.164.30 www.tk5566.com
O1 - Hosts: 65.75.164.30 tk5566.com
O1 - Hosts: 65.75.164.30 www.7556.net
O1 - Hosts: 65.75.164.30 7556.net
O1 - Hosts: 65.75.164.30 www.k9888.com
O1 - Hosts: 65.75.164.30 k9888.com
O1 - Hosts: 65.75.164.30 www.778999.com
O1 - Hosts: 65.75.164.30 778999.com
O1 - Hosts: 65.75.164.30 www.7v8v.com
O1 - Hosts: 65.75.164.30 7v8v.com
O1 - Hosts: 65.75.164.30 www.23331.com
O1 - Hosts: 65.75.164.30 23331.com
O1 - Hosts: 65.75.164.30 www.lhc058.com
O1 - Hosts: 65.75.164.30 lhc058.com
O1 - Hosts: 65.75.164.30 www.99128.com
O1 - Hosts: 65.75.164.30 99128.com
O1 - Hosts: 65.75.164.30 www.298w.com
O1 - Hosts: 65.75.164.30 298w.com
O1 - Hosts: 65.75.164.30 www.555899.com
O1 - Hosts: 65.75.164.30 555899.com
O1 - Hosts: 65.75.164.30 www.hk28588.com
O1 - Hosts: 65.75.164.30 hk28588.com
O1 - Hosts: 65.75.164.30 www.hk45678.net
O1 - Hosts: 65.75.164.30 hk45678.net
O1 - Hosts: 65.75.164.30 www.59699.com
O1 - Hosts: 65.75.164.30 59699.com
O1 - Hosts: 65.75.164.30 www.66833.com
O1 - Hosts: 65.75.164.30 66833.com
O1 - Hosts: 65.75.164.30 www.2008hk.net
O1 - Hosts: 65.75.164.30 2008hk.net
O1 - Hosts: 65.75.164.30 www.googlelhc.com
O1 - Hosts: 65.75.164.30 googlelhc.com
O1 - Hosts: 65.75.164.30 www.3721xglhc.com
O1 - Hosts: 65.75.164.30 3721xglhc.com
O1 - Hosts: 65.75.164.30 www.liuhecai2008.com
O1 - Hosts: 65.75.164.30 liuhecai2008.com
O1 - Hosts: 65.75.164.30 www.04666.com
O1 - Hosts: 65.75.164.30 04666.com
O1 - Hosts: 65.75.164.30 www.67555.com
O1 - Hosts: 65.75.164.30 67555.com
O1 - Hosts: 65.75.164.30 www.866877.com
O1 - Hosts: 65.75.164.30 866877.com
O1 - Hosts: 65.75.164.30 www.xg6hecai.com
O1 - Hosts: 65.75.164.30 xg6hecai.com
O1 - Hosts: 65.75.164.30 www.mk911.com
O1 - Hosts: 65.75.164.30 mk911.com
O1 - Hosts: 65.75.164.30 www.tk558.com
O1 - Hosts: 65.75.164.30 tk558.com
O1 - Hosts: 65.75.164.30 www.44422.com
O1 - Hosts: 65.75.164.30 44422.com
O1 - Hosts: 65.75.164.30 www.tk828.com
O1 - Hosts: 65.75.164.30 tk828.com
O1 - Hosts: 65.75.164.30 www.858999.com
O1 - Hosts: 65.75.164.30 858999.com
O1 - Hosts: 65.75.164.30 www.767999.com
O1 - Hosts: 65.75.164.30 767999.com
O1 - Hosts: 65.75.164.30 www.ok858.com
O1 - Hosts: 65.75.164.30 ok858.com
O1 - Hosts: 65.75.164.30 www.hk556677.com
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CnsHook.dll
O3 - Toolbar: 收音机(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: 绉绉假    忒 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\KakaTool.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINNT\system32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [helper.dll] C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [MiniMsgr] C:\PROGRA~1\Yahoo!\MiniMsgr\YMiniSvr.exe
O4 - HKLM\..\RunOnce: [3721C:\PROGRA~1\3721\autolive.dll14393516] regsvr32 /s C:\PROGRA~1\3721\autolive.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: !搜一搜 - res://C:\WINNT\DOWNLO~1\CnsMinEx.dll/1003
O8 - Extra context menu item: 添加到QQ自定义面版 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信传送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_wanxiang_18961 (file missing)
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {0150EB11-5FB4-4D9E-85EA-0F155705227E} (Yahoo! 眈聊ュ      驮捡 Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_6cn.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {4B4620DA-9C9F-4396-9FDF-D5EC301700A4} (toSee Player Object) - http://61.144.56.198/intf/tsplay/tsplay.cab
O16 - DPF: {65F7F4B5-81A7-11D8-95A9-5254AB1BF19E} (IObjSafety.UserControl1) - http://home.6360.com/free/test.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - http://pointa.autodesk.com/portal/lang/enu/InstBanr.Ocx
O16 - DPF: {AE9CC548-B709-4820-9677-2A254AA9797F} (PlayerPlugin Class) - http://61.144.56.17/OsoonPlugin.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/lang/enu/InstFred.Ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = giottos.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{3479BE8D-2A6B-471B-A92E-63DB0030CAB7}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = giottos.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = giottos.local
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - D:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

最后编辑2005-07-16 16:45:53
分享到:
gototop
 
雨君
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2003-11-05
  • 来自:
发表于: 2005-07-16 16:00 | 只看楼主 短消息 资料
字号: 2楼

我在IE中输入www.sohu.com, www.163.com, www.21cn.com都会进入www.625288.com网站(香港六合彩总公司).
我想把这个网站加入到不信任网站都加不了啊!
谁能帮我想想办法!
谢谢!
gototop
 
雨君
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2003-11-05
  • 来自:
发表于: 2005-07-16 16:01 | 只看楼主 短消息 资料
字号: 3楼

我用瑞星注册表工具、3721工具都修复过,都不能修复!
gototop
 
建能
头像
横据古稀狮
  • 帖子:5755
  • 注册: 2005-04-01
  • 来自:
发表于: 2005-07-16 16:14 | 短消息 资料
字号: 4楼

O3 - Toolbar: 绉绉假 忒 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\KakaTool.dll
所有01项
如果使用了系统还原,请先关闭。
请关闭所有浏览器窗口和文件夹窗口, 在安全摸试下修复上面几项)(如果你清楚某项是安全的,可以不处理)
,将隐藏的文件不隐藏。找到下面项C:\WINNT\system32\KakaTool.dll把它删除。
gototop
 
雨君
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2003-11-05
  • 来自:
发表于: 2005-07-16 16:45 | 只看楼主 短消息 资料
字号: 5楼

谢谢你,我等会儿去试试!

KakaTool.dll这个好象是瑞星的工具啊!
我也是没办法了,装了这个试试,还是不行!
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT