瑞星卡卡安全论坛技术交流区系统软件 可怜的帖子吖,一天都无人回了【求助】

1   1  /  1  页   跳转

可怜的帖子吖,一天都无人回了【求助】

可怜的帖子吖,一天都无人回了【求助】

特别是R3,请问这是什么?需要修复吗?
Logfile of HijackThis v1.99.1
Scan saved at 19:35:57, on 05-9-27
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\rising\Rfw\rfwsrv.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
D:\Program Files\UPHClean\uphclean.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\rising\Rfw\RfwMain.exe
D:\Program Files\Herosoft\HeroV8\SysExplr.EXE
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINDOWS\System32\ctfmon.exe
D:\tool\HijackThis.exe

R3 - URLSearchHook: (no name) - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O1 - Hosts: 210.245.161.70 www.timway.com
O1 - Hosts: 61.154.14.192 www.fjlottery.com
O1 - Hosts: 61.131.4.159 www.fzjj.net
O1 - Hosts: 202.99.23.242 www.peoplemail.com.cn
O1 - Hosts: 202.153.108.88 www.singpao.com
O1 - Hosts: 61.145.119.55 www.dayoo.com
O1 - Hosts: 61.131.4.187 www.fjii.com
O1 - Hosts: 211.100.23.66 www.netandtv.com
O1 - Hosts: 218.66.101.172 www.hxdsb.com
O1 - Hosts: 202.99.11.239 www.kpworld.com
O1 - Hosts: 211.154.103.100 www.ycwb.com
O1 - Hosts: 202.83.203.133 takungpao.com
O1 - Hosts: 202.108.119.193 www.xinhua.org
O1 - Hosts: 202.99.11.239 www.kpworld.com
O1 - Hosts: 210.58.102.66 etfm.ettoday.com
O1 - Hosts: 210.192.101.236 www.history.com.cn
O1 - Hosts: 211.147.4.33 www.21dnn.com
O1 - Hosts: 202.106.184.189 www.chinanews.com.cn
O1 - Hosts: 202.153.104.77 stareastnet.com
O1 - Hosts: 210.192.120.222 www.hledol.com
O1 - Hosts: 211.157.8.198 www.jsedu.net
O1 - Hosts: 222.77.185.164 www.fzjyxy.com
O1 - Hosts: 202.107.35.254 map4.banruo.net
O1 - Hosts: 211.144.92.68 www.yqzone.com
O1 - Hosts: 219.153.10.36 www.fjhy.com.cn
O1 - Hosts: 202.134.71.242 www.andylau.com
O1 - Hosts: 61.128.193.254 www.downme.com
O1 - Hosts: 210.17.20.34 www.alfamusic.com.tw
O1 - Hosts: 38.118.72.125 www.websamba.com
O1 - Hosts: 61.131.4.187 film.fjii.com
O1 - Hosts: 218.5.74.161 www.jaycn.com
O1 - Hosts: 218.5.78.250 www.cidu.net
O1 - Hosts: 203.69.42.61 www.jayclub.com.tw
O1 - Hosts: 202.126.48.42 tvcity.tvb.com
O1 - Hosts: 211.157.33.42 fujian.95700.net
O1 - Hosts: 210.59.230.60 www.pchome.com.tw
O1 - Hosts: 210.17.20.34 www.alfamusic.com.tw
O1 - Hosts: 219.239.89.49 www.enet.com.cn
O1 - Hosts: 211.147.5.166 www.ccidnet.com
O1 - Hosts: 211.157.108.101 www.ciw.com.cn
O1 - Hosts: 218.97.241.108 www.pcpro.com.cn
O1 - Hosts: 202.101.139.199 www.007fz.com
O1 - Hosts: 218.249.159.15 www.cce.com.cn
O1 - Hosts: 66.116.109.36 www.pc520.net
O1 - Hosts: 61.242.253.60 www.skycn.com
O1 - Hosts: 218.93.114.213 www.hanzify.org
O1 - Hosts: 210.51.170.56 www.wopti.net
O1 - Hosts: 210.51.191.98 www.herosoft.com
O1 - Hosts: 219.238.233.202 www.rising.com.cn
O1 - Hosts: 218.30.101.43 www.edifier.com
O1 - Hosts: 211.152.19.75 forum.blogchina.com
O1 - Hosts: 202.101.139.131 star.pc121.net
O1 - Hosts: 218.30.101.43 www.edifier.com
O1 - Hosts: 222.132.152.2 www.hrtsea.com
O1 - Hosts: 219.238.233.238 www.ikaka.com
O1 - Hosts: 211.152.19.92 reg.bokee.com
O1 - Hosts: 218.249.159.15 www.cce.com.cn
O1 - Hosts: 219.238.233.252 forum.ikaka.com
O1 - Hosts: 218.249.159.15 www.cce.com.cn
O1 - Hosts: 202.109.114.159 www.tt78.com
O1 - Hosts: 202.130.86.167 www.dvdshelf.com
O1 - Hosts: 61.63.28.200 www.tcr.com.tw
O1 - Hosts: 61.152.99.202 www.fzmusicsky.com
O1 - Hosts: 203.129.68.234 www.997metroshowbiz.com
O1 - Hosts: 203.129.68.230 www.1834997.com
O1 - Hosts: 61.152.241.162 www.yuechen.com
O1 - Hosts: 216.136.162.219 global.yesasia.com
O1 - Hosts: 61.135.158.78 www.bmr.com.cn
O1 - Hosts: 203.133.0.200 www.g-music.com.tw
O1 - Hosts: 219.153.14.163 www.99music.net
O1 - Hosts: 61.63.28.200 www.tcr.com.tw
O1 - Hosts: 216.136.162.219 global.yesasia.com
O1 - Hosts: 61.129.81.229 www.520music.com
O1 - Hosts: 216.136.162.219 global.yesasia.com
O1 - Hosts: 61.67.183.202 www.hitoradio.com
O1 - Hosts: 61.129.45.5 music.mumayi.net
O1 - Hosts: 202.205.136.34 www.neea.edu.cn
O1 - Hosts: 218.30.110.191 www.gkzwtw.com
O2 - BHO: IDDTInitObj Class - {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - C:\WINDOWS\DOWNLO~1\DDTINIT.DLL
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files\baidu\bar\BaiduBar.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O3 - Toolbar: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - C:\WINDOWS\DOWNLO~1\DDTONG~1.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files\baidu\bar\BaiduBar.dll
O3 - Toolbar: 卡卡安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\kakatool.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SysExplr] D:\Program Files\Herosoft\HeroV8\SysExplr.EXE
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O8 - Extra context menu item: Google 搜索(&G) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Save豪杰超级解霸V8实时播放 - D:\Program Files\Herosoft\HeroV8\MPURLGET.HTM
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 反向链接 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: 百度-搜索MP3 - res://C:\Program Files\baidu\bar\BaiduBar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度-搜索图片 - res://C:\Program Files\baidu\bar\BaiduBar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度-搜索新闻 - res://C:\Program Files\baidu\bar\BaiduBar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度-搜索歌词 - res://C:\Program Files\baidu\bar\BaiduBar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度-搜索网页 - res://C:\Program Files\baidu\bar\BaiduBar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度-搜索贴吧 - res://C:\Program Files\baidu\bar\BaiduBar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 百度-词典搜索 - res://C:\Program Files\baidu\bar\BaiduBar.dll/BAIDU_DIC.HTM
O8 - Extra context menu item: 类似网页 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: 缓存的网页快照 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: 翻译英文字词(&T) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: 豪杰超级解霸V8实时播放 - D:\Program Files\Herosoft\HeroV8\MPURLGET.HTM
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - D:\Program Files\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - D:\Program Files\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096598255448
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://C:\HEROSOFT\HeroV8\DVDSkin\defskin\HTML\swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = roots-servers.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = roots-servers.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = roots-servers.net
O18 - Filter: text/html - {E9A8FCBA-6DCC-4D23-B4A6-5AEC882139E3} - (no file)
O20 - Winlogon Notify: ComPlusSetup - C:\WINDOWS\System32\catsrvut.dll
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - C:\Program Files\rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: Smart Card Helper (SCardDrv) - Unknown owner - C:\WINDOWS\system32\SCardSer.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

最后编辑2005-10-02 11:59:18
分享到:
gototop
 

gototop
 

再顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶,嗨好累!休息一下
gototop
 

Host文件内容,无须修复。如果有恶意网站修改了此文件,可清除此文件内容,并重启。
gototop
 

若出现问题,应该如何清除Host文件内容
gototop
 

是不是LOG?
gototop
 

这.......
gototop
 

为什么我的问题还是无人解答呢?郁闷中~~~~~
gototop
 

R0,R1,R2,R3 Internet Explorer(IE)的默认起始主页和默认搜索页的改变
F0,F1,F2,F3 ini文件中的自动加载程序
N1,N2,N3,N4 Netscape/Mozilla 的默认起始主页和默认搜索页的改变
O1 Hosts文件重定向
O2 Browser Helper Objects(BHO,浏览器辅助模块)
O3 IE浏览器的工具条
O4 自启动项
O5 控制面板中被屏蔽的IE选项
O6 IE选项被管理员禁用
O7 注册表编辑器(regedit)被管理员禁用
O8 IE的右键菜单中的新增项目
O9 额外的IE“工具”菜单项目及工具栏按钮
O10 Winsock LSP“浏览器绑架”
O11 IE的高级选项中的新项目
O12 IE插件
O13 对IE默认的URL前缀的修改
O14 对“重置WEB设置”的修改
O15 “受信任的站点”中的不速之客
O16 Downloaded Program Files目录下的那些ActiveX对象
O17 域“劫持”
O18 额外的协议和协议“劫持”
O19 用户样式表(stylesheet)“劫持”
O20 注册表键值AppInit_DLLs处的自启动项
O21 注册表键ShellServiceObjectDelayLoad处的自启动项
O22 注册表键SharedTaskScheduler处的自启动项
O23 加载的系统服务

下面是R3的介绍
R3 - 在本来应该只有一个键值的地方新建的额外键值,可能导致IE搜索页的改变

R3主要出现在URLSearchHooks这一项目上,当我们在IE中输入错误的网址后,浏览器会试图在注册表中这一项列出的位置找到进一步查询的线索。正常情况下,当我们在IE中输入错误的网址后,浏览器会使用默认的搜索引擎(如http://search.msn.com/、网络实名等)来查找匹配项目。如果HijackThis报告R3项,相关的“浏览器绑架”现象可能是:当在IE中输入错误的网址后,被带到某个莫名其妙的搜索网站甚至其它网页。

R3 - URLSearchHook: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CNSHOOK.DLL
这是3721网络实名
R3 - Default URLSearchHook is missing
这是报告发现一个错误(默认的URLSearchHook丢失)。此错误可以用HijackThis修复。

对于R3,一般总是要选修复,除非它指向一个您认识的程序(比如百度搜索和3721网络实名)。
gototop
 

【回复“命运里の金色”的帖子】多谢了!
gototop
 
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT