怎样删除MSNSMGER.EXE呢？浏览器主页被改为www.ddzhz.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛怎样删除MSNSMGER.EXE呢？浏览器主页被改为www.ddzhz.com

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1 / 2 页

跳转页

怎样删除MSNSMGER.EXE呢？浏览器主页被改为www.ddzhz.com

悠U22 初生襁褓狮帖子:9 注册: 2006-02-16 来自:	发表于： 2006-02-16 13:50 \| 只看楼主短消息资料字号：小中大 1楼怎样删除MSNSMGER.EXE呢？浏览器主页被改为www.ddzhz.com 在C：\WINNT下的MSNSMGER.EXE怎样删除呢。浏览器主页被改为www.ddzhz.com 用Hijackthis在安全模式下扫描的日志如下： HijackThis@Qoo的扫描日志 V1.97.7 Scan saved at 13:29:11, on 2006-02-16 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\netddesrv.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\hijackthis.exe R3 - Default URLSearchHook is missing O1 - Hosts: 70.84.177.195 onlineaccounts2.abbeynational.co.uk O1 - Hosts: 70.84.177.195 www3.aibgbonline.co.uk O1 - Hosts: 70.84.177.195 www.bank.alliance-leicester.co.uk O1 - Hosts: 70.84.177.195 login.iblogin.com O1 - Hosts: 70.84.177.195 ww2.bankofscotlandhalifax-online.co.uk O1 - Hosts: 70.84.177.195 inet.barclays.co.uk O1 - Hosts: 70.84.177.195 iibank.barclays.co.uk O1 - Hosts: 70.84.177.195 iibank.cahoot.com O1 - Hosts: 70.84.177.195 www3.coventrybuildingsociety.co.uk O1 - Hosts: 70.84.177.195 ww.hsbc.co.uk O1 - Hosts: 70.84.177.195 login.ebank.offshore.hsbc.co.je O1 - Hosts: 70.84.177.195 ww3.online-offshore.lloydstsb.com O1 - Hosts: 70.84.177.195 ww3.online-business.lloydstsb.co.uk O1 - Hosts: 70.84.177.195 ww3.online.lloydstsb.co.uk O1 - Hosts: 70.84.177.195 ww3.online.lloydstsb.co.uk O1 - Hosts: 70.84.177.195 ww3.online-business.lloydstsb.co.uk O1 - Hosts: 70.84.177.195 ob2.nationet.com O1 - Hosts: 70.84.177.195 ww3.onlinebanking.natwestoffshore.com O1 - Hosts: 70.84.177.195 ww1.nwolb.com O1 - Hosts: 70.84.177.195 ww1.onlinebanking.iombank.com O1 - Hosts: 70.84.177.195 ww1.www.rbsdigital.com O1 - Hosts: 70.84.177.195 welcome.smile.co.uk O1 - Hosts: 70.84.177.195 login.365online.com O1 - Hosts: 70.84.177.195 wvw.citizensbankonline.com O1 - Hosts: 70.84.177.195 esecure.regionsnet.com O1 - Hosts: 70.84.177.195 rollb.associatedbank.com O1 - Hosts: 70.84.177.195 upb.unionplanters.com O1 - Hosts: 70.84.177.195 www.onlinebanking.huntington.com O1 - Hosts: 70.84.177.195 inet.southtrustonlinebanking.com O1 - Hosts: 70.84.177.195 logon.personal.wamu.com O1 - Hosts: 70.84.177.195 login.compassweb.com O1 - Hosts: 70.84.177.195 logon.firstmeritib.com O1 - Hosts: 70.84.177.195 login.ccfcuonline.org O1 - Hosts: 70.84.177.195 ww3.etimebanker.bankofthewest.com O1 - Hosts: 70.84.177.195 ww2.onlinebanking.lasallebank.com O1 - Hosts: 70.84.177.195 wvw.totallyfreebanking.com O1 - Hosts: 70.84.177.195 www.online.wellsfargo.com O1 - Hosts: 70.84.177.195 www.onlinebanking.bankofoklahoma.com O1 - Hosts: 70.84.177.195 accounts4.keybank.com O1 - Hosts: 70.84.177.195 logon.bankone.com O1 - Hosts: 70.84.177.195 www.secure.tdbanknorth.com O1 - Hosts: 70.84.177.195 www.secure.mvnt4.com O1 - Hosts: 70.84.177.195 ww.mynfbonline.com O1 - Hosts: 70.84.177.195 login.forumcuonline.com O1 - Hosts: 70.84.177.195 www.eds.usersonlnet.com O1 - Hosts: 70.84.177.195 www.onlineid.bankofamerica.com O1 - Hosts: 70.84.177.195 wvw.e-gold.com O1 - Hosts: 70.84.177.195 pcbs.peoples.com O1 - Hosts: 70.84.177.195 www.global1.onlinebank.com O1 - Hosts: 70.84.177.195 ww2.mybranch.lafcu.com O1 - Hosts: 70.84.177.195 login.webbanking.comerica.com O1 - Hosts: 70.84.177.195 web.banking.firsttennessee.com O1 - Hosts: 70.84.177.195 logon.members1st.org O1 - Hosts: 70.84.177.195 www.cib.ibanking-services.com O1 - Hosts: 70.84.177.195 www.miwebbusbank.ebanking-services.com O1 - Hosts: 70.84.177.195 wvw.paypal.com O1 - Hosts: 70.84.177.195 www.signin.ebay.com O1 - Hosts: 70.84.177.195 wvw.etrade.com O1 - Hosts: 70.84.177.195 ww4.fleethomelink.fleet.com O1 - Hosts: 70.84.177.195 ww3.connect.skyfi.com O1 - Hosts: 70.84.177.195 www6.usbank.com O1 - Hosts: 70.84.177.195 www.bvi.bancodevalencia.es O1 - Hosts: 70.84.177.195 extrant.banesto.es O1 - Hosts: 70.84.177.195 banesnt.banesto.es O1 - Hosts: 70.84.177.195 activia.caixagalicia.es O1 - Hosts: 70.84.177.195 www.bancae.caixapenedes.com O1 - Hosts: 70.84.177.195 login.caixasabadell.net O1 - Hosts: 70.84.177.195 oii.cajamadrid.es O1 - Hosts: 70.84.177.195 login.cajamar.es O1 - Hosts: 70.84.177.195 login.ccm.es O1 - Hosts: 70.84.177.195 ww.unicaja.es O1 - Hosts: 70.84.177.195 www5.bancopopular.es O1 - Hosts: 70.84.177.195 ww3.bbvanet.com O1 - Hosts: 70.84.177.195 ww.bayernlb.de O1 - Hosts: 70.84.177.195 ww2.berliner-volksbank.de O1 - Hosts: 70.84.177.195 ww7.homebanking-berlin.de O1 - Hosts: 70.84.177.195 portal09.commerzbanking.de O1 - Hosts: 70.84.177.195 www.meine.deutsche-bank.de O1 - Hosts: 70.84.177.195 ww2.dresdner-privat.de O1 - Hosts: 70.84.177.195 ww.e-banking.helaba.de O1 - Hosts: 70.84.177.195 ww.hsh-nordbank.de O1 - Hosts: 70.84.177.195 www.my.hypovereinsbank.de O1 - Hosts: 70.84.177.195 ww3.homebanking-berlin.de O1 - Hosts: 70.84.177.195 ww3.homebanking-berlin.de O1 - Hosts: 70.84.177.195 www.banking.lbbw.de O1 - Hosts: 70.84.177.195 lrp.sparkasse-banking.de O1 - Hosts: 70.84.177.195 ww3.homebanking-niedersachsen.de O1 - Hosts: 70.84.177.195 www.onlinebanking.norisbank.de O1 - Hosts: 70.84.177.195 www.banking.postbank.de O1 - Hosts: 70.84.177.195 wvw.internetbanking.gad.de O1 - Hosts: 70.84.177.195 ww1.portal.izb.de O1 - Hosts: 70.84.177.195 wvw.kunden-service.lbs.de O1 - Hosts: 70.84.177.195 ibanking.seb.de O1 - Hosts: 70.84.177.195 bw7.sparkasse-banking.de O1 - Hosts: 70.84.177.195 ww2.homebanking-sparkasse.de O1 - Hosts: 70.84.177.195 ww2.vr-networld-ebanking.de O1 - Hosts: 70.84.177.195 ww.bics.fr O1 - Hosts: 70.84.177.195 www.co.caixabank.fr O1 - Hosts: 70.84.177.195 ww.creditmutuel.fr O1 - Hosts: 70.84.177.195 internetbank.intesabci.it O1 - Hosts: 70.84.177.195 ww.extensive.bancalombarda.it O2 - BHO: (no name) - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll (file missing) O2 - BHO: (no name) - {2A0176FE-008B-4706-90F5-BBA532A49731} - C:\Program Files\SearchNet\SNHpr.dll O2 - BHO: (no name) - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll (file missing) O2 - BHO: (no name) - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL (file missing) O2 - BHO: (no name) - {6E28339B-7A2A-47B6-AEB2-46BA53782379} - C:\WINNT\system32\dllcache\java.dll (file missing) O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINNT\Downloaded Program Files\CONFLICT.1\barsmall24.dll O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - HKLM\..\Run: [MoveSearch] C:\Program Files\HuaCi\huaci\zsearch.exe O4 - HKLM\..\Run: [helper.dll] C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32 O4 - HKLM\..\Run: [SearchNet_Up] "C:\Program Files\SearchNet\ServeUp.exe" O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ATI AS Filter] msnse.exe O4 - HKLM\..\Run: [3721] C:\WINNT\MSMNSGER.EXE O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDATE\Update.exe O4 - HKLM\..\RunServices: [ATI AS Filter] msnse.exe O4 - HKCU\..\Run: [ATI AS Filter] msnse.exe O4 - HKCU\..\RunServices: [ATI AS Filter] msnse.exe O4 - Startup: 100_Video.asd O4 - Startup: 128_CD_Transparency_Audio.asd O4 - Startup: 16_AM_Radio.asd O4 - Startup: 1Mb_Video.asd O4 - Startup: 250_Video.asd O4 - Startup: 28.8_56_100_MBR_VIDEO.asd O4 - Startup: 28.8_FM_Radio_Mono.asd O4 - Startup: 28.8_FM_Radio_Stereo.asd O4 - Startup: 28.8_Video_Audio_Emphasis.asd O4 - Startup: 28.8_Video_For_Web_Server.asd O4 - Startup: 28.8_Video_Voice.asd O4 - Startup: 3Mb_Video.asd O4 - Startup: 512_Video.asd O4 - Startup: 56_Dialup_High_Quality_Stereo.asd O4 - Startup: 56_Dialup_Modem_Video.asd O4 - Startup: 56_dialup_Video_For_Web_Server.asd O4 - Startup: 6.5_Voice_Audio.asd O4 - Startup: 64_High_Fidelity_Stereo_Audio.asd O4 - Startup: 96_CD_Quality_Audio.asd O4 - Startup: crack.jar O4 - Startup: Dialup_Modems_ISDN_MBR_Video.asd O4 - Startup: FrameMapViewImage.asp O4 - Startup: Intranet_HighSpeed_Lan_MBR_Video.asd O4 - Startup: Noname1.html O4 - Startup: Noname1.txt O4 - Startup: Noname2.txt O4 - Startup: nspmcvt.exe O4 - Startup: NTUSER.DAT O4 - Startup: ntuser.dat.LOG O4 - Startup: ntuser.ini O4 - Startup: sqlnet.log O4 - Startup: tempfile.diff O4 - Global Startup: ntuser.pol O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Google 搜索(&G) - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 反向链接 - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 添加到广告杀手 - E:\ O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 用比特精灵下载(&B) - E:\BitSpirit\bsurl.htm O8 - Extra context menu item: 类似网页 - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: 缓存的网页快照 - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: 翻译英文字词(&T) - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html O9 - Extra button: FlashGet (HKLM) O9 - Extra 'Tools' menuitem: &FlashGet (HKLM) O11 - Options group: [!MySearch] O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} ( O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} - http://online.jiangmin.com/KvDown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{37B0DCE1-0787-4016-AF5E-291394AE0A27}: NameServer = 202.106.196.115 2006-02-21 22:00:17
悠U22 初生襁褓狮帖子:9 注册: 2006-02-16 来自:	分享到：

悠U22 初生襁褓狮帖子:9 注册: 2006-02-16 来自:	发表于： 2006-02-16 14:03 \| 只看楼主短消息资料字号：小中大 2楼请各位大侠帮帮忙! 我看了斑竹置顶的帖子, 可还是看不太懂这些日志,不敢随便修复,请大虾指点一二吧.谢谢!
悠U22 初生襁褓狮帖子:9 注册: 2006-02-16 来自:

魔法学徒卡卡技术团队帖子:11465 注册: 2004-10-03 来自:	发表于： 2006-02-16 22:29 \| 短消息资料字号：小中大 3楼请用最新版Hijackthis1.99.1扫描一个log贴上来。 hijackThis下载地址见置顶贴 [必读]本版说明及常用小软件下载 http://forum.ikaka.com/topic.asp?board=67&artid=5188931
魔法学徒卡卡技术团队帖子:11465 注册: 2004-10-03 来自:

悠U22 初生襁褓狮帖子:9 注册: 2006-02-16 来自:	发表于： 2006-02-17 09:56 \| 只看楼主短消息资料字号：小中大 4楼 Logfile of HijackThis v1.99.1 Scan saved at 9:47:42, on 2006-02-17 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\netddesrv.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.703\HijackThis.exe R3 - Default URLSearchHook is missing O1 - Hosts: 70.84.177.195 onlineaccounts2.abbeynational.co.uk O1 - Hosts: 70.84.177.195 www3.aibgbonline.co.uk O1 - Hosts: 70.84.177.195 www.bank.alliance-leicester.co.uk O1 - Hosts: 70.84.177.195 login.iblogin.com O1 - Hosts: 70.84.177.195 ww2.bankofscotlandhalifax-online.co.uk O1 - Hosts: 70.84.177.195 inet.barclays.co.uk O1 - Hosts: 70.84.177.195 iibank.barclays.co.uk O1 - Hosts: 70.84.177.195 iibank.cahoot.com O1 - Hosts: 70.84.177.195 www3.coventrybuildingsociety.co.uk O1 - Hosts: 70.84.177.195 ww.hsbc.co.uk O1 - Hosts: 70.84.177.195 login.ebank.offshore.hsbc.co.je O1 - Hosts: 70.84.177.195 ww3.online-offshore.lloydstsb.com O1 - Hosts: 70.84.177.195 ww3.online-business.lloydstsb.co.uk O1 - Hosts: 70.84.177.195 ww3.online.lloydstsb.co.uk O1 - Hosts: 70.84.177.195 ww3.online.lloydstsb.co.uk O1 - Hosts: 70.84.177.195 ww3.online-business.lloydstsb.co.uk O1 - Hosts: 70.84.177.195 ob2.nationet.com O1 - Hosts: 70.84.177.195 ww3.onlinebanking.natwestoffshore.com O1 - Hosts: 70.84.177.195 ww1.nwolb.com O1 - Hosts: 70.84.177.195 ww1.onlinebanking.iombank.com O1 - Hosts: 70.84.177.195 ww1.www.rbsdigital.com O1 - Hosts: 70.84.177.195 welcome.smile.co.uk O1 - Hosts: 70.84.177.195 login.365online.com O1 - Hosts: 70.84.177.195 wvw.citizensbankonline.com O1 - Hosts: 70.84.177.195 esecure.regionsnet.com O1 - Hosts: 70.84.177.195 rollb.associatedbank.com O1 - Hosts: 70.84.177.195 upb.unionplanters.com O1 - Hosts: 70.84.177.195 www.onlinebanking.huntington.com O1 - Hosts: 70.84.177.195 inet.southtrustonlinebanking.com O1 - Hosts: 70.84.177.195 logon.personal.wamu.com O1 - Hosts: 70.84.177.195 login.compassweb.com O1 - Hosts: 70.84.177.195 logon.firstmeritib.com O1 - Hosts: 70.84.177.195 login.ccfcuonline.org O1 - Hosts: 70.84.177.195 ww3.etimebanker.bankofthewest.com O1 - Hosts: 70.84.177.195 ww2.onlinebanking.lasallebank.com O1 - Hosts: 70.84.177.195 wvw.totallyfreebanking.com O1 - Hosts: 70.84.177.195 www.online.wellsfargo.com O1 - Hosts: 70.84.177.195 www.onlinebanking.bankofoklahoma.com O1 - Hosts: 70.84.177.195 accounts4.keybank.com O1 - Hosts: 70.84.177.195 logon.bankone.com O1 - Hosts: 70.84.177.195 www.secure.tdbanknorth.com O1 - Hosts: 70.84.177.195 www.secure.mvnt4.com O1 - Hosts: 70.84.177.195 ww.mynfbonline.com O1 - Hosts: 70.84.177.195 login.forumcuonline.com O1 - Hosts: 70.84.177.195 www.eds.usersonlnet.com O1 - Hosts: 70.84.177.195 www.onlineid.bankofamerica.com O1 - Hosts: 70.84.177.195 wvw.e-gold.com O1 - Hosts: 70.84.177.195 pcbs.peoples.com O1 - Hosts: 70.84.177.195 www.global1.onlinebank.com O1 - Hosts: 70.84.177.195 ww2.mybranch.lafcu.com O1 - Hosts: 70.84.177.195 login.webbanking.comerica.com O1 - Hosts: 70.84.177.195 web.banking.firsttennessee.com O1 - Hosts: 70.84.177.195 logon.members1st.org O1 - Hosts: 70.84.177.195 www.cib.ibanking-services.com O1 - Hosts: 70.84.177.195 www.miwebbusbank.ebanking-services.com O1 - Hosts: 70.84.177.195 wvw.paypal.com O1 - Hosts: 70.84.177.195 www.signin.ebay.com O1 - Hosts: 70.84.177.195 wvw.etrade.com O1 - Hosts: 70.84.177.195 ww4.fleethomelink.fleet.com O1 - Hosts: 70.84.177.195 ww3.connect.skyfi.com O1 - Hosts: 70.84.177.195 www6.usbank.com O1 - Hosts: 70.84.177.195 www.bvi.bancodevalencia.es O1 - Hosts: 70.84.177.195 extrant.banesto.es O1 - Hosts: 70.84.177.195 banesnt.banesto.es O1 - Hosts: 70.84.177.195 activia.caixagalicia.es O1 - Hosts: 70.84.177.195 www.bancae.caixapenedes.com O1 - Hosts: 70.84.177.195 login.caixasabadell.net O1 - Hosts: 70.84.177.195 oii.cajamadrid.es O1 - Hosts: 70.84.177.195 login.cajamar.es O1 - Hosts: 70.84.177.195 login.ccm.es O1 - Hosts: 70.84.177.195 ww.unicaja.es O1 - Hosts: 70.84.177.195 www5.bancopopular.es O1 - Hosts: 70.84.177.195 ww3.bbvanet.com O1 - Hosts: 70.84.177.195 ww.bayernlb.de O1 - Hosts: 70.84.177.195 ww2.berliner-volksbank.de O1 - Hosts: 70.84.177.195 ww7.homebanking-berlin.de O1 - Hosts: 70.84.177.195 portal09.commerzbanking.de O1 - Hosts: 70.84.177.195 www.meine.deutsche-bank.de O1 - Hosts: 70.84.177.195 ww2.dresdner-privat.de O1 - Hosts: 70.84.177.195 ww.e-banking.helaba.de O1 - Hosts: 70.84.177.195 ww.hsh-nordbank.de O1 - Hosts: 70.84.177.195 www.my.hypovereinsbank.de O1 - Hosts: 70.84.177.195 ww3.homebanking-berlin.de O1 - Hosts: 70.84.177.195 ww3.homebanking-berlin.de O1 - Hosts: 70.84.177.195 www.banking.lbbw.de O1 - Hosts: 70.84.177.195 lrp.sparkasse-banking.de O1 - Hosts: 70.84.177.195 ww3.homebanking-niedersachsen.de O1 - Hosts: 70.84.177.195 www.onlinebanking.norisbank.de O1 - Hosts: 70.84.177.195 www.banking.postbank.de O1 - Hosts: 70.84.177.195 wvw.internetbanking.gad.de O1 - Hosts: 70.84.177.195 ww1.portal.izb.de O1 - Hosts: 70.84.177.195 wvw.kunden-service.lbs.de O1 - Hosts: 70.84.177.195 ibanking.seb.de O1 - Hosts: 70.84.177.195 bw7.sparkasse-banking.de O1 - Hosts: 70.84.177.195 ww2.homebanking-sparkasse.de O1 - Hosts: 70.84.177.195 ww2.vr-networld-ebanking.de O1 - Hosts: 70.84.177.195 ww.bics.fr O1 - Hosts: 70.84.177.195 www.co.caixabank.fr O1 - Hosts: 70.84.177.195 ww.creditmutuel.fr O1 - Hosts: 70.84.177.195 internetbank.intesabci.it O1 - Hosts: 70.84.177.195 ww.extensive.bancalombarda.it
悠U22 初生襁褓狮帖子:9 注册: 2006-02-16 来自:

悠U22 初生襁褓狮帖子:9 注册: 2006-02-16 来自:	发表于： 2006-02-17 09:56 \| 只看楼主短消息资料字号：小中大 5楼 O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll (file missing) O2 - BHO: Zhongsou Browser Helper - {2A0176FE-008B-4706-90F5-BBA532A49731} - C:\Program Files\SearchNet\SNHpr.dll O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll (file missing) O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL (file missing) O2 - BHO: Microsoft Java Class - {6E28339B-7A2A-47B6-AEB2-46BA53782379} - C:\WINNT\system32\dllcache\java.dll (file missing) O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: T2BHO Class - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINNT\Downloaded Program Files\CONFLICT.1\barsmall24.dll O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - HKLM\..\Run: [MoveSearch] C:\Program Files\HuaCi\huaci\zsearch.exe O4 - HKLM\..\Run: [helper.dll] C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32 O4 - HKLM\..\Run: [SearchNet_Up] "C:\Program Files\SearchNet\ServeUp.exe" O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ATI AS Filter] msnse.exe O4 - HKLM\..\Run: [3721] C:\WINNT\MSMNSGER.EXE O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDATE\Update.exe O4 - HKLM\..\RunServices: [ATI AS Filter] msnse.exe O4 - HKCU\..\Run: [ATI AS Filter] msnse.exe O4 - HKCU\..\RunServices: [ATI AS Filter] msnse.exe O4 - Startup: 划词搜索.lnk = C:\Program Files\HuaCi\huaci\zsearch.exe O4 - Startup: 桌面媒体.lnk = C:\WINNT\system32\rundll32.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Google 搜索(&G) - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 反向链接 - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 添加到广告杀手 - E:\新建文件夹\AdKiller.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 用比特精灵下载(&B) - E:\BitSpirit\bsurl.htm O8 - Extra context menu item: 类似网页 - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: 缓存的网页快照 - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: 翻译英文字词(&T) - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O11 - Options group: [!MySearch] 搜索助手(MySearch) O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} - http://online.jiangmin.com/KvDown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{37B0DCE1-0787-4016-AF5E-291394AE0A27}: NameServer = 202.106.196.115 O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll (file missing) O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll (file missing) O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O23 - Service: .Net Boot Service - Unknown owner - C:\WINNT\system32\big5_gb2312.exe O23 - Service: Apache2 - Unknown owner - D:\usr\Apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: ClipBook (ClipSrv) - Unknown owner - C:\WINNT\system32\crypt.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: GAS Enterprise - Unknown owner - E:\liliang\SuperMap\SuperMap IS 5.0\Exe\GASEnter.exe O23 - Service: Local Network Service - Unknown owner - C:\WINNT\system32\SeedServ.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MySql - Unknown owner - D:/usr/mysql/bin/mysqld-nt.exe O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINNT\system32\netddesrv.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: OracleMTSRecoveryService - Oracle Corporation - d:\Oracle\Ora81\bin\omtsreco.exe O23 - Service: OracleOracleRootAgent - Oracle Corporation - d:\Oracle\Ora81\bin\agntsrvc.exe O23 - Service: OracleOracleRootClientCache - Unknown owner - d:\Oracle\Ora81\BIN\ONRSD.EXE O23 - Service: OracleOracleRootHTTPServer - Unknown owner - d:\Oracle\Ora81\Apache\Apache\apache.exe" --ntservice (file missing) O23 - Service: OracleOracleRootPagingServer - Unknown owner - d:\Oracle\Ora81/bin/pagntsrv.exe O23 - Service: OracleOracleRootSNMPPeerEncapsulator - Unknown owner - d:\Oracle\Ora81\BIN\ENCSVC.EXE O23 - Service: OracleOracleRootSNMPPeerMasterAgent - Unknown owner - d:\Oracle\Ora81\BIN\AGNTSVC.EXE O23 - Service: OracleOracleRootTNSListener - Unknown owner - d:\Oracle\Ora81\BIN\TNSLSNR.exe O23 - Service: OracleServiceNIJL - Oracle Corporation - d:\oracle\ora81\bin\ORACLE.EXE O23 - Service: Remote Log - Unknown owner - C:\WINNT\system32\ServeHost.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SuperMap地理信息服务器(企业版) (SuperMap Internet Service) - SuperMap GIS Tech. Inc. - E:\liliang\SuperMap\SuperMap IS 5.0\Exe\SMISEE.exe O23 - Service: SuperMap地理信息服务器 2.2 (SuperMap Internet Service 2.2) - SuperMap - d:\Program Files\SuperMap\SuperMap IS 2003\Exe\SMISvc20.exe O23 - Service: SuperMap地理信息服务器 5.0 (SuperMap Internet Service 5.0) - SuperMap - E:\liliang\SuperMap\SuperMap IS 5.0\Exe\SMISvc20.exe O23 - Service: SuperMap IS LoadDemon (SuperMap.IS.LoadDemon) - SuperMap GIS Technologies, Inc - D:\Program Files\SuperMap\SuperMap IS.NET 5.0.2dq\Bin\SuperMap.IS.LoadDemon.exe O23 - Service: SuperMap IS ServerManager (SuperMap.IS.ServerManager) - Unknown owner - D:\Program Files\SuperMap\SuperMap IS.NET 5.0.2dq\Bin\SuperMap.IS.ServerManager.exe O23 - Service: Network System (Universal Disk Manager) - COMENET TECHNOLOGY - C:\Program Files\Common Files\COMM\Network.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINNT\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINNT\system32\vmnat.exe
悠U22 初生襁褓狮帖子:9 注册: 2006-02-16 来自:

悠U22 初生襁褓狮帖子:9 注册: 2006-02-16 来自:	发表于： 2006-02-17 09:57 \| 只看楼主短消息资料字号：小中大 6楼麻烦版主了！谢谢！
悠U22 初生襁褓狮帖子:9 注册: 2006-02-16 来自:

天使之剑社区嘉宾帖子:2961 注册: 2005-09-15 来自:	发表于： 2006-02-17 10:04 \| 短消息资料字号：小中大 7楼【回复“悠U22”的帖子】请楼主注意！日志显示包括“支付宝”在内的一些网站被重新定向，在修复前请务必慎用网上银行功能！具体请参考微软对“网络钓鱼”的定义。请楼主到本版置顶帖中下载并使用“恶意软件清理助手”。清空IE临时文件，暂时关闭系统还原。重新启动至安全模式，关闭所有不必要的窗口，使用HijackThis扫描后修复（在需要修复的项目前面打对勾，然后按“Fix checked”或“修复”，修复前会询问您是否需要备份，请选择“Yes”或“是”）： R3 - Default URLSearchHook is missing O1 - Hosts: 70.84.177.195 onlineaccounts2.abbeynational.co.uk O1 - Hosts: 70.84.177.195 www3.aibgbonline.co.uk O1 - Hosts: 70.84.177.195 www.bank.alliance-leicester.co.uk O1 - Hosts: 70.84.177.195 login.iblogin.com O1 - Hosts: 70.84.177.195 ww2.bankofscotlandhalifax-online.co.uk O1 - Hosts: 70.84.177.195 inet.barclays.co.uk O1 - Hosts: 70.84.177.195 iibank.barclays.co.uk O1 - Hosts: 70.84.177.195 iibank.cahoot.com O1 - Hosts: 70.84.177.195 www3.coventrybuildingsociety.co.uk O1 - Hosts: 70.84.177.195 ww.hsbc.co.uk O1 - Hosts: 70.84.177.195 login.ebank.offshore.hsbc.co.je O1 - Hosts: 70.84.177.195 ww3.online-offshore.lloydstsb.com O1 - Hosts: 70.84.177.195 ww3.online-business.lloydstsb.co.uk O1 - Hosts: 70.84.177.195 ww3.online.lloydstsb.co.uk O1 - Hosts: 70.84.177.195 ww3.online.lloydstsb.co.uk O1 - Hosts: 70.84.177.195 ww3.online-business.lloydstsb.co.uk O1 - Hosts: 70.84.177.195 ob2.nationet.com O1 - Hosts: 70.84.177.195 ww3.onlinebanking.natwestoffshore.com O1 - Hosts: 70.84.177.195 ww1.nwolb.com O1 - Hosts: 70.84.177.195 ww1.onlinebanking.iombank.com O1 - Hosts: 70.84.177.195 ww1.www.rbsdigital.com O1 - Hosts: 70.84.177.195 welcome.smile.co.uk O1 - Hosts: 70.84.177.195 login.365online.com O1 - Hosts: 70.84.177.195 wvw.citizensbankonline.com O1 - Hosts: 70.84.177.195 esecure.regionsnet.com O1 - Hosts: 70.84.177.195 rollb.associatedbank.com O1 - Hosts: 70.84.177.195 upb.unionplanters.com O1 - Hosts: 70.84.177.195 www.onlinebanking.huntington.com O1 - Hosts: 70.84.177.195 inet.southtrustonlinebanking.com O1 - Hosts: 70.84.177.195 logon.personal.wamu.com O1 - Hosts: 70.84.177.195 login.compassweb.com O1 - Hosts: 70.84.177.195 logon.firstmeritib.com O1 - Hosts: 70.84.177.195 login.ccfcuonline.org O1 - Hosts: 70.84.177.195 ww3.etimebanker.bankofthewest.com O1 - Hosts: 70.84.177.195 ww2.onlinebanking.lasallebank.com O1 - Hosts: 70.84.177.195 wvw.totallyfreebanking.com O1 - Hosts: 70.84.177.195 www.online.wellsfargo.com O1 - Hosts: 70.84.177.195 www.onlinebanking.bankofoklahoma.com O1 - Hosts: 70.84.177.195 accounts4.keybank.com O1 - Hosts: 70.84.177.195 logon.bankone.com O1 - Hosts: 70.84.177.195 www.secure.tdbanknorth.com O1 - Hosts: 70.84.177.195 www.secure.mvnt4.com O1 - Hosts: 70.84.177.195 ww.mynfbonline.com O1 - Hosts: 70.84.177.195 login.forumcuonline.com O1 - Hosts: 70.84.177.195 www.eds.usersonlnet.com O1 - Hosts: 70.84.177.195 www.onlineid.bankofamerica.com O1 - Hosts: 70.84.177.195 wvw.e-gold.com O1 - Hosts: 70.84.177.195 pcbs.peoples.com O1 - Hosts: 70.84.177.195 www.global1.onlinebank.com O1 - Hosts: 70.84.177.195 ww2.mybranch.lafcu.com O1 - Hosts: 70.84.177.195 login.webbanking.comerica.com O1 - Hosts: 70.84.177.195 web.banking.firsttennessee.com O1 - Hosts: 70.84.177.195 logon.members1st.org O1 - Hosts: 70.84.177.195 www.cib.ibanking-services.com O1 - Hosts: 70.84.177.195 www.miwebbusbank.ebanking-services.com O1 - Hosts: 70.84.177.195 wvw.paypal.com O1 - Hosts: 70.84.177.195 www.signin.ebay.com O1 - Hosts: 70.84.177.195 wvw.etrade.com O1 - Hosts: 70.84.177.195 ww4.fleethomelink.fleet.com O1 - Hosts: 70.84.177.195 ww3.connect.skyfi.com O1 - Hosts: 70.84.177.195 www6.usbank.com O1 - Hosts: 70.84.177.195 www.bvi.bancodevalencia.es O1 - Hosts: 70.84.177.195 extrant.banesto.es O1 - Hosts: 70.84.177.195 banesnt.banesto.es O1 - Hosts: 70.84.177.195 activia.caixagalicia.es O1 - Hosts: 70.84.177.195 www.bancae.caixapenedes.com O1 - Hosts: 70.84.177.195 login.caixasabadell.net O1 - Hosts: 70.84.177.195 oii.cajamadrid.es O1 - Hosts: 70.84.177.195 login.cajamar.es O1 - Hosts: 70.84.177.195 login.ccm.es O1 - Hosts: 70.84.177.195 ww.unicaja.es O1 - Hosts: 70.84.177.195 www5.bancopopular.es O1 - Hosts: 70.84.177.195 ww3.bbvanet.com O1 - Hosts: 70.84.177.195 ww.bayernlb.de O1 - Hosts: 70.84.177.195 ww2.berliner-volksbank.de O1 - Hosts: 70.84.177.195 ww7.homebanking-berlin.de O1 - Hosts: 70.84.177.195 portal09.commerzbanking.de O1 - Hosts: 70.84.177.195 www.meine.deutsche-bank.de O1 - Hosts: 70.84.177.195 ww2.dresdner-privat.de O1 - Hosts: 70.84.177.195 ww.e-banking.helaba.de O1 - Hosts: 70.84.177.195 ww.hsh-nordbank.de O1 - Hosts: 70.84.177.195 www.my.hypovereinsbank.de O1 - Hosts: 70.84.177.195 ww3.homebanking-berlin.de O1 - Hosts: 70.84.177.195 ww3.homebanking-berlin.de O1 - Hosts: 70.84.177.195 www.banking.lbbw.de O1 - Hosts: 70.84.177.195 lrp.sparkasse-banking.de O1 - Hosts: 70.84.177.195 ww3.homebanking-niedersachsen.de O1 - Hosts: 70.84.177.195 www.onlinebanking.norisbank.de O1 - Hosts: 70.84.177.195 www.banking.postbank.de O1 - Hosts: 70.84.177.195 wvw.internetbanking.gad.de O1 - Hosts: 70.84.177.195 ww1.portal.izb.de O1 - Hosts: 70.84.177.195 wvw.kunden-service.lbs.de O1 - Hosts: 70.84.177.195 ibanking.seb.de O1 - Hosts: 70.84.177.195 bw7.sparkasse-banking.de O1 - Hosts: 70.84.177.195 ww2.homebanking-sparkasse.de O1 - Hosts: 70.84.177.195 ww2.vr-networld-ebanking.de O1 - Hosts: 70.84.177.195 ww.bics.fr O1 - Hosts: 70.84.177.195 www.co.caixabank.fr O1 - Hosts: 70.84.177.195 ww.creditmutuel.fr O1 - Hosts: 70.84.177.195 internetbank.intesabci.it O1 - Hosts: 70.84.177.195 ww.extensive.bancalombarda.it O4 - HKLM\..\Run: [3721] C:\WINNT\MSMNSGER.EXE 重新启动计算机，显示隐藏文件和系统文件，删除（如果存在的话）： C:\WINNT\MSMNSGER.EXE 待修复完成，如果问题依旧，请继续跟帖说明情况。以上建议仅供参考，如果您认识其中的一些设置抑或是您的手动设置，就不必执行。
天使之剑社区嘉宾帖子:2961 注册: 2005-09-15 来自:

花落花又开社区嘉宾帖子:6782 注册: 2005-04-16 来自:	发表于： 2006-02-17 10:28 \| 短消息资料字号：小中大 8楼又出变种了.
花落花又开社区嘉宾帖子:6782 注册: 2005-04-16 来自:

悠U22 初生襁褓狮帖子:9 注册: 2006-02-16 来自:	发表于： 2006-02-17 11:50 \| 只看楼主短消息资料字号：小中大 9楼版主您好，我按照您说的方法修复后重启，C:\winnt\MSMNSGER.exe仍然存在，并且无法删除。我所选择修复的是您给我列出的那张列表，还有什么其他的办法吗？
悠U22 初生襁褓狮帖子:9 注册: 2006-02-16 来自:

社区嘉宾

帖子:2961
注册: 2005-09-15
来自:

发表于： 2006-02-17 12:06 | 短消息资料

字号：小中大 10楼

引用:

【悠U22的贴子】版主您好，我按照您说的方法修复后重启，C:\winnt\MSMNSGER.exe仍然存在，并且无法删除。我所选择修复的是您给我列出的那张列表，还有什么其他的办法吗？
...........................

请楼主使用下面的两个多引擎扫描器扫描下列文件：
C:\WINNT\MSMNSGER.exe
多引擎扫描之Virustotal：

http://www.virustotal.com/
多引擎扫描之Jotti：

http://virusscan.jotti.org/

请务必将报告贴全。

请上报以下这个这个可疑文件：
C:\WINNT\MSMNSGER.exe

http://up.rising.com.cn/webmail/uploadnew.htm

谢谢配合。

<<上一主题|下一主题>>

1 / 2 页

跳转页

悠U22 初生襁褓狮帖子:9 注册: 2006-02-16 来自:	发表于： 2006-02-16 13:50 \| 只看楼主短消息资料字号：小中大 1楼怎样删除MSNSMGER.EXE呢？浏览器主页被改为www.ddzhz.com 在C：\WINNT下的MSNSMGER.EXE怎样删除呢。浏览器主页被改为www.ddzhz.com 用Hijackthis在安全模式下扫描的日志如下： HijackThis@Qoo的扫描日志 V1.97.7 Scan saved at 13:29:11, on 2006-02-16 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\netddesrv.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\hijackthis.exe R3 - Default URLSearchHook is missing O1 - Hosts: 70.84.177.195 onlineaccounts2.abbeynational.co.uk O1 - Hosts: 70.84.177.195 www3.aibgbonline.co.uk O1 - Hosts: 70.84.177.195 www.bank.alliance-leicester.co.uk O1 - Hosts: 70.84.177.195 login.iblogin.com O1 - Hosts: 70.84.177.195 ww2.bankofscotlandhalifax-online.co.uk O1 - Hosts: 70.84.177.195 inet.barclays.co.uk O1 - Hosts: 70.84.177.195 iibank.barclays.co.uk O1 - Hosts: 70.84.177.195 iibank.cahoot.com O1 - Hosts: 70.84.177.195 www3.coventrybuildingsociety.co.uk O1 - Hosts: 70.84.177.195 ww.hsbc.co.uk O1 - Hosts: 70.84.177.195 login.ebank.offshore.hsbc.co.je O1 - Hosts: 70.84.177.195 ww3.online-offshore.lloydstsb.com O1 - Hosts: 70.84.177.195 ww3.online-business.lloydstsb.co.uk O1 - Hosts: 70.84.177.195 ww3.online.lloydstsb.co.uk O1 - Hosts: 70.84.177.195 ww3.online.lloydstsb.co.uk O1 - Hosts: 70.84.177.195 ww3.online-business.lloydstsb.co.uk O1 - Hosts: 70.84.177.195 ob2.nationet.com O1 - Hosts: 70.84.177.195 ww3.onlinebanking.natwestoffshore.com O1 - Hosts: 70.84.177.195 ww1.nwolb.com O1 - Hosts: 70.84.177.195 ww1.onlinebanking.iombank.com O1 - Hosts: 70.84.177.195 ww1.www.rbsdigital.com O1 - Hosts: 70.84.177.195 welcome.smile.co.uk O1 - Hosts: 70.84.177.195 login.365online.com O1 - Hosts: 70.84.177.195 wvw.citizensbankonline.com O1 - Hosts: 70.84.177.195 esecure.regionsnet.com O1 - Hosts: 70.84.177.195 rollb.associatedbank.com O1 - Hosts: 70.84.177.195 upb.unionplanters.com O1 - Hosts: 70.84.177.195 www.onlinebanking.huntington.com O1 - Hosts: 70.84.177.195 inet.southtrustonlinebanking.com O1 - Hosts: 70.84.177.195 logon.personal.wamu.com O1 - Hosts: 70.84.177.195 login.compassweb.com O1 - Hosts: 70.84.177.195 logon.firstmeritib.com O1 - Hosts: 70.84.177.195 login.ccfcuonline.org O1 - Hosts: 70.84.177.195 ww3.etimebanker.bankofthewest.com O1 - Hosts: 70.84.177.195 ww2.onlinebanking.lasallebank.com O1 - Hosts: 70.84.177.195 wvw.totallyfreebanking.com O1 - Hosts: 70.84.177.195 www.online.wellsfargo.com O1 - Hosts: 70.84.177.195 www.onlinebanking.bankofoklahoma.com O1 - Hosts: 70.84.177.195 accounts4.keybank.com O1 - Hosts: 70.84.177.195 logon.bankone.com O1 - Hosts: 70.84.177.195 www.secure.tdbanknorth.com O1 - Hosts: 70.84.177.195 www.secure.mvnt4.com O1 - Hosts: 70.84.177.195 ww.mynfbonline.com O1 - Hosts: 70.84.177.195 login.forumcuonline.com O1 - Hosts: 70.84.177.195 www.eds.usersonlnet.com O1 - Hosts: 70.84.177.195 www.onlineid.bankofamerica.com O1 - Hosts: 70.84.177.195 wvw.e-gold.com O1 - Hosts: 70.84.177.195 pcbs.peoples.com O1 - Hosts: 70.84.177.195 www.global1.onlinebank.com O1 - Hosts: 70.84.177.195 ww2.mybranch.lafcu.com O1 - Hosts: 70.84.177.195 login.webbanking.comerica.com O1 - Hosts: 70.84.177.195 web.banking.firsttennessee.com O1 - Hosts: 70.84.177.195 logon.members1st.org O1 - Hosts: 70.84.177.195 www.cib.ibanking-services.com O1 - Hosts: 70.84.177.195 www.miwebbusbank.ebanking-services.com O1 - Hosts: 70.84.177.195 wvw.paypal.com O1 - Hosts: 70.84.177.195 www.signin.ebay.com O1 - Hosts: 70.84.177.195 wvw.etrade.com O1 - Hosts: 70.84.177.195 ww4.fleethomelink.fleet.com O1 - Hosts: 70.84.177.195 ww3.connect.skyfi.com O1 - Hosts: 70.84.177.195 www6.usbank.com O1 - Hosts: 70.84.177.195 www.bvi.bancodevalencia.es O1 - Hosts: 70.84.177.195 extrant.banesto.es O1 - Hosts: 70.84.177.195 banesnt.banesto.es O1 - Hosts: 70.84.177.195 activia.caixagalicia.es O1 - Hosts: 70.84.177.195 www.bancae.caixapenedes.com O1 - Hosts: 70.84.177.195 login.caixasabadell.net O1 - Hosts: 70.84.177.195 oii.cajamadrid.es O1 - Hosts: 70.84.177.195 login.cajamar.es O1 - Hosts: 70.84.177.195 login.ccm.es O1 - Hosts: 70.84.177.195 ww.unicaja.es O1 - Hosts: 70.84.177.195 www5.bancopopular.es O1 - Hosts: 70.84.177.195 ww3.bbvanet.com O1 - Hosts: 70.84.177.195 ww.bayernlb.de O1 - Hosts: 70.84.177.195 ww2.berliner-volksbank.de O1 - Hosts: 70.84.177.195 ww7.homebanking-berlin.de O1 - Hosts: 70.84.177.195 portal09.commerzbanking.de O1 - Hosts: 70.84.177.195 www.meine.deutsche-bank.de O1 - Hosts: 70.84.177.195 ww2.dresdner-privat.de O1 - Hosts: 70.84.177.195 ww.e-banking.helaba.de O1 - Hosts: 70.84.177.195 ww.hsh-nordbank.de O1 - Hosts: 70.84.177.195 www.my.hypovereinsbank.de O1 - Hosts: 70.84.177.195 ww3.homebanking-berlin.de O1 - Hosts: 70.84.177.195 ww3.homebanking-berlin.de O1 - Hosts: 70.84.177.195 www.banking.lbbw.de O1 - Hosts: 70.84.177.195 lrp.sparkasse-banking.de O1 - Hosts: 70.84.177.195 ww3.homebanking-niedersachsen.de O1 - Hosts: 70.84.177.195 www.onlinebanking.norisbank.de O1 - Hosts: 70.84.177.195 www.banking.postbank.de O1 - Hosts: 70.84.177.195 wvw.internetbanking.gad.de O1 - Hosts: 70.84.177.195 ww1.portal.izb.de O1 - Hosts: 70.84.177.195 wvw.kunden-service.lbs.de O1 - Hosts: 70.84.177.195 ibanking.seb.de O1 - Hosts: 70.84.177.195 bw7.sparkasse-banking.de O1 - Hosts: 70.84.177.195 ww2.homebanking-sparkasse.de O1 - Hosts: 70.84.177.195 ww2.vr-networld-ebanking.de O1 - Hosts: 70.84.177.195 ww.bics.fr O1 - Hosts: 70.84.177.195 www.co.caixabank.fr O1 - Hosts: 70.84.177.195 ww.creditmutuel.fr O1 - Hosts: 70.84.177.195 internetbank.intesabci.it O1 - Hosts: 70.84.177.195 ww.extensive.bancalombarda.it O2 - BHO: (no name) - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll (file missing) O2 - BHO: (no name) - {2A0176FE-008B-4706-90F5-BBA532A49731} - C:\Program Files\SearchNet\SNHpr.dll O2 - BHO: (no name) - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll (file missing) O2 - BHO: (no name) - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL (file missing) O2 - BHO: (no name) - {6E28339B-7A2A-47B6-AEB2-46BA53782379} - C:\WINNT\system32\dllcache\java.dll (file missing) O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINNT\Downloaded Program Files\CONFLICT.1\barsmall24.dll O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - HKLM\..\Run: [MoveSearch] C:\Program Files\HuaCi\huaci\zsearch.exe O4 - HKLM\..\Run: [helper.dll] C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32 O4 - HKLM\..\Run: [SearchNet_Up] "C:\Program Files\SearchNet\ServeUp.exe" O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ATI AS Filter] msnse.exe O4 - HKLM\..\Run: [3721] C:\WINNT\MSMNSGER.EXE O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDATE\Update.exe O4 - HKLM\..\RunServices: [ATI AS Filter] msnse.exe O4 - HKCU\..\Run: [ATI AS Filter] msnse.exe O4 - HKCU\..\RunServices: [ATI AS Filter] msnse.exe O4 - Startup: 100_Video.asd O4 - Startup: 128_CD_Transparency_Audio.asd O4 - Startup: 16_AM_Radio.asd O4 - Startup: 1Mb_Video.asd O4 - Startup: 250_Video.asd O4 - Startup: 28.8_56_100_MBR_VIDEO.asd O4 - Startup: 28.8_FM_Radio_Mono.asd O4 - Startup: 28.8_FM_Radio_Stereo.asd O4 - Startup: 28.8_Video_Audio_Emphasis.asd O4 - Startup: 28.8_Video_For_Web_Server.asd O4 - Startup: 28.8_Video_Voice.asd O4 - Startup: 3Mb_Video.asd O4 - Startup: 512_Video.asd O4 - Startup: 56_Dialup_High_Quality_Stereo.asd O4 - Startup: 56_Dialup_Modem_Video.asd O4 - Startup: 56_dialup_Video_For_Web_Server.asd O4 - Startup: 6.5_Voice_Audio.asd O4 - Startup: 64_High_Fidelity_Stereo_Audio.asd O4 - Startup: 96_CD_Quality_Audio.asd O4 - Startup: crack.jar O4 - Startup: Dialup_Modems_ISDN_MBR_Video.asd O4 - Startup: FrameMapViewImage.asp O4 - Startup: Intranet_HighSpeed_Lan_MBR_Video.asd O4 - Startup: Noname1.html O4 - Startup: Noname1.txt O4 - Startup: Noname2.txt O4 - Startup: nspmcvt.exe O4 - Startup: NTUSER.DAT O4 - Startup: ntuser.dat.LOG O4 - Startup: ntuser.ini O4 - Startup: sqlnet.log O4 - Startup: tempfile.diff O4 - Global Startup: ntuser.pol O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Google 搜索(&G) - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 反向链接 - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 添加到广告杀手 - E:\ O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 用比特精灵下载(&B) - E:\BitSpirit\bsurl.htm O8 - Extra context menu item: 类似网页 - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: 缓存的网页快照 - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: 翻译英文字词(&T) - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html O9 - Extra button: FlashGet (HKLM) O9 - Extra 'Tools' menuitem: &FlashGet (HKLM) O11 - Options group: [!MySearch] O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} ( O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} - http://online.jiangmin.com/KvDown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{37B0DCE1-0787-4016-AF5E-291394AE0A27}: NameServer = 202.106.196.115 2006-02-21 22:00:17
悠U22 初生襁褓狮帖子:9 注册: 2006-02-16 来自:	分享到：

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 怎样删除MSNSMGER.EXE呢？浏览器主页被改为www.ddzhz.com

怎样删除MSNSMGER.EXE呢？浏览器主页被改为www.ddzhz.com

怎样删除MSNSMGER.EXE呢？浏览器主页被改为www.ddzhz.com

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛怎样删除MSNSMGER.EXE呢？浏览器主页被改为www.ddzhz.com