主页被改，无法关机。请版主看日志 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛主页被改，无法关机。请版主看日志

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

主页被改，无法关机。请版主看日志

ioiion 拙长孩提狮帖子:88 注册: 2005-11-19 来自:	发表于： 2006-01-17 09:33 \| 显示全部短消息资料字号：小中大 1楼主页被改，无法关机。请版主看日志 Logfile of HijackThis v1.99.1 Scan saved at 9:27:01 AM, on 1/17/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\windows\System32\smss.exe C:\windows\system32\csrss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\System32\svchost.exe C:\windows\System32\svchost.exe C:\windows\Explorer.EXE C:\windows\System32\Rundll32.exe C:\windows\system32\spoolsv.exe C:\Program Files\ZarvaSoft\Smart Update Utility\Ahnsdsv.exe C:\windows\System32\alg.exe C:\PROGRA~1\ZARVAS~1\ZVC\MonSvcNT.EXE C:\Program Files\Zarvasoft\ZPC4\Policy Agent\paSvc.exe C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE C:\PROGRAM FILES\RISING\RAV\Ravmond.exe C:\windows\System32\ctfmon.exe C:\Program Files\Zarvasoft\ZPC4\Policy Agent\paTray.exe C:\Program Files\ZarvaSoft\Smart Update Utility\AhnSD.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\windows\System32\conime.exe C:\PROGRA~1\ZARVAS~1\ZVC\MonSysNT.exe C:\PROGRA~1\ZARVAS~1\ZVC\V3P3AT.exe C:\windows\system32\rundll32.exe C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe C:\Program Files\Sandai Technologies Inc\Thunder\TDUpdate.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe C:\Documents and Settings\Owner\桌面\HijackThis.exe R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file) R3 - URLSearchHook: ???￠?úê? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O1 - Hosts: www.xg6hc.cn 3656.net O1 - Hosts: www.xg6hc.cn www.3656.net O1 - Hosts: www.xg6hc.cn kk778.com O1 - Hosts: www.xg6hc.cn www.kk778.com O1 - Hosts: www.xg6hc.cn 57666.com O1 - Hosts: www.xg6hc.cn www.57666.com O1 - Hosts: www.xg6hc.cn ok38.com O1 - Hosts: www.xg6hc.cn www.ok38.com O1 - Hosts: www.xg6hc.cn 55665.com O1 - Hosts: www.xg6hc.cn www.55665.com O1 - Hosts: www.xg6hc.cn 58558.net O1 - Hosts: www.xg6hc.cn www.58558.net O1 - Hosts: www.xg6hc.cn 5850.com O1 - Hosts: www.xg6hc.cn www.5850.com O1 - Hosts: www.xg6hc.cn kk98.net O1 - Hosts: www.xg6hc.cn www.kk98.net O1 - Hosts: www.xg6hc.cn www.998569.com O1 - Hosts: www.xg6hc.cn 998569.com O1 - Hosts: www.xg6hc.cn www.k163163.com O1 - Hosts: www.xg6hc.cn k163163.com O1 - Hosts: www.xg6hc.cn www.k778.net O1 - Hosts: www.xg6hc.cn k778.net O1 - Hosts: www.xg6hc.cn www.tk12.com O1 - Hosts: www.xg6hc.cn tk12.com O1 - Hosts: www.xg6hc.cn www.5866.net O1 - Hosts: www.xg6hc.cn 5866.net O1 - Hosts: www.xg6hc.cn www.k45678.com O1 - Hosts: www.xg6hc.cn k45678.com O1 - Hosts: www.xg6hc.cn www.559988.net O1 - Hosts: www.xg6hc.cn 559988.net O1 - Hosts: www.xg6hc.cn www.338899.net O1 - Hosts: www.xg6hc.cn 338899.net O1 - Hosts: www.xg6hc.cn www.tm996.com O1 - Hosts: www.xg6hc.cn tm996.com O1 - Hosts: www.xg6hc.cn www.373721.com O1 - Hosts: www.xg6hc.cn 373721.com O1 - Hosts: www.xg6hc.cn www.lf118.net O1 - Hosts: www.xg6hc.cn lf118.net O1 - Hosts: www.xg6hc.cn www.tt388.com O1 - Hosts: www.xg6hc.cn tt388.com O1 - Hosts: www.xg6hc.cn www.66128.com O1 - Hosts: www.xg6hc.cn 66128.com O1 - Hosts: www.xg6hc.cn www.556611.com O1 - Hosts: www.xg6hc.cn 556611.com O1 - Hosts: www.xg6hc.cn www.tm886.com O1 - Hosts: www.xg6hc.cn tm886.com O1 - Hosts: www.xg6hc.cn www.pm118.com O1 - Hosts: www.xg6hc.cn pm118.com O1 - Hosts: www.xg6hc.cn www.1-49m.net O1 - Hosts: www.xg6hc.cn 1-49m.net O1 - Hosts: www.xg6hc.cn www.te828.com O1 - Hosts: www.xg6hc.cn te828.com O1 - Hosts: www.xg6hc.cn www.tm266.com O1 - Hosts: www.xg6hc.cn tm266.com O1 - Hosts: www.xg6hc.cn www.56667.com O1 - Hosts: www.xg6hc.cn 56667.com O1 - Hosts: www.xg6hc.cn www.89880.com O1 - Hosts: www.xg6hc.cn 89880.com O1 - Hosts: www.xg6hc.cn www.hj888.com O1 - Hosts: www.xg6hc.cn hj888.com O1 - Hosts: www.xg6hc.cn www.fu18.net O1 - Hosts: www.xg6hc.cn fu18.net O1 - Hosts: www.xg6hc.cn www.6739.com O1 - Hosts: www.xg6hc.cn 6739.com O1 - Hosts: www.xg6hc.cn www.aa899.com O1 - Hosts: www.xg6hc.cn aa899.com O1 - Hosts: www.xg6hc.cn www.xg6699.com O1 - Hosts: www.xg6hc.cn xg6699.com O1 - Hosts: www.xg6hc.cn www.334499.com O1 - Hosts: www.xg6hc.cn 334499.com O1 - Hosts: www.xg6hc.cn www.94448.com O1 - Hosts: www.xg6hc.cn 94448.com O1 - Hosts: www.xg6hc.cn www.98456.com O1 - Hosts: www.xg6hc.cn 98456.com O1 - Hosts: www.xg6hc.cn www.lhc1288.com O1 - Hosts: www.xg6hc.cn lhc1288.com O1 - Hosts: www.xg6hc.cn www.lhc468.com O1 - Hosts: www.xg6hc.cn lhc468.com O1 - Hosts: www.xg6hc.cn www.5739.com O1 - Hosts: www.xg6hc.cn 5739.com O1 - Hosts: www.xg6hc.cn www.zdr8.net O1 - Hosts: www.xg6hc.cn zdr8.net O1 - Hosts: www.xg6hc.cn www.3721,com O1 - Hosts: www.xg6hc.cn 3721.com O1 - Hosts: www.xg6hc.cn www.baidu.com O1 - Hosts: www.xg6hc.cn baidu.com O1 - Hosts: www.xg6hc.cn www.sina.com.cn O1 - Hosts: www.xg6hc.cn sina.com.cn O1 - Hosts: www.xg6hc.cn www.sina.com O1 - Hosts: www.xg6hc.cn sina.com O1 - Hosts: www.xg6hc.cn www.sina.net O1 - Hosts: www.xg6hc.cn sina.net O1 - Hosts: www.xg6hc.cn www.163.com O1 - Hosts: www.xg6hc.cn 163.com O1 - Hosts: www.xg6hc.cn www.163.net O1 - Hosts: www.xg6hc.cn 163.net O1 - Hosts: www.xg6hc.cn www.sohu.com O1 - Hosts: www.xg6hc.cn sohu.com O1 - Hosts: www.xg6hc.cn sohu.net O1 - Hosts: www.xg6hc.cn www.sohu.net O1 - Hosts: www.xg6hc.cn 21cn.com O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v2.dll O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll O2 - BHO: ???￠?úê? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL O2 - BHO: V3 - {76EAE03C-F2B1-4397-97E8-390920B7C2DC} - C:\Program Files\ZarvaSoft\ZVC\V3Bar.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsHook.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll O3 - Toolbar: ZVC - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - C:\Program Files\ZarvaSoft\ZVC\V3Bar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: ???￠?úê? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll O3 - Toolbar: μ?ì¨(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx O4 - HKLM\..\Run: [paTray] C:\Program Files\Zarvasoft\ZPC4\Policy Agent\paTray.exe O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\ZarvaSoft\Smart Update Utility\AhnSD.exe" O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll,Rundll32 O4 - HKLM\..\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat O4 - HKLM\..\Run: [cnyisou_com] http://www.xg6hc.cn O4 - HKLM\..\Run: [internat.exe] internat.exe O4 - HKLM\..\Run: [helper.dll] C:\windows\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32 O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\sp4custom.dll O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\sp4custom.dll O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: 使用网际快车下载 - C:\PROGRA~1\FLASHGET\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\PROGRA~1\FLASHGET\jc_all.htm O9 - Extra button: ê??ú?ìD? - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_kaxiu_3441 (file missing) O9 - Extra button: Yahoo 1Gμ?óê - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing) O9 - Extra button: ?°±\|à?è¤?à - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=?allyesPara=816 (file missing) O9 - Extra button: ???￠?úê? - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm O9 - Extra button: ?é?°á?ìì - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing) O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing) O9 - Extra 'Tools' menuitem: DT?′?ˉàà?÷ - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing) O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing) O9 - Extra 'Tools' menuitem: ??àíé?í????? - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing) O11 - Options group: [!CNS] í???êμ?? O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://cn.download.yahoo.com/dl/install/yinst0401.cab O16 - DPF: {448A5F6B-8C03-4B54-A338-F00237C508AD} (WEBChatRoomOCX Control) - http://www.51uc.com/cab/WEBChatRoom_1_39.cab O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} ({5DD731E6-D4F0-11D3-BE3F-00105A6FDA50}) - http://210.44.80.14/online/plugin/myv3na.cab O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2A1B004F-B9AD-4E63-A6FD-C58F09AB8E11}: NameServer = 210.44.80.1,202.102.128.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{2A1B004F-B9AD-4E63-A6FD-C58F09AB8E11}: NameServer = 210.44.80.1,202.102.128.68 O17 - HKLM\System\CS2\Services\Tcpip\..\{2A1B004F-B9AD-4E63-A6FD-C58F09AB8E11}: NameServer = 210.44.80.1,202.102.128.68 O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\Program Files\Kingsoft\Powerword 2003\XDictExB.dll O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\ZarvaSoft\Smart Update Utility\Ahnsdsv.exe O23 - Service: MonSvcNT - Ahnlab, Inc. - C:\PROGRA~1\ZARVAS~1\ZVC\MonSvcNT.EXE O23 - Service: Policy Agent Service V2.0 (paSvc) - AhnLab, Inc. - C:\Program Files\Zarvasoft\ZPC4\Policy Agent\paSvc.exe O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe 2006-01-19 10:54:15
ioiion 拙长孩提狮帖子:88 注册: 2005-11-19 来自:	分享到：

ioiion 拙长孩提狮帖子:88 注册: 2005-11-19 来自:	发表于： 2006-01-17 17:27 \| 显示全部短消息资料字号：小中大 2楼 internet选项里的使用默认页仍然是http://www.xg6hc.cn 请帮忙看一下新日志 Logfile of HijackThis v1.99.1 Scan saved at 5:23:09 PM, on 1/17/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\Explorer.EXE C:\Program Files\Zarvasoft\ZPC4\Policy Agent\paTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe C:\Program Files\ZarvaSoft\Smart Update Utility\AhnSD.exe C:\windows\System32\ctfmon.exe C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe C:\windows\system32\spoolsv.exe C:\PROGRA~1\ZARVAS~1\ZVC\MonSysNT.exe C:\PROGRA~1\ZARVAS~1\ZVC\V3P3AT.exe C:\Program Files\Sandai Technologies Inc\Thunder\TDUpdate.exe C:\Program Files\ZarvaSoft\Smart Update Utility\Ahnsdsv.exe C:\PROGRA~1\ZARVAS~1\ZVC\MonSvcNT.EXE C:\Program Files\Zarvasoft\ZPC4\Policy Agent\paSvc.exe C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE C:\PROGRAM FILES\RISING\RAV\Ravmond.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Owner\桌面\HijackThis.exe R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file) R3 - URLSearchHook: ???￠?úê? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v2.dll O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll O2 - BHO: ???￠?úê? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL O2 - BHO: V3 - {76EAE03C-F2B1-4397-97E8-390920B7C2DC} - C:\Program Files\Zarvasoft\ZVC\V3Bar.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: ???￠?úê? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll O3 - Toolbar: μ?ì¨(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx O3 - Toolbar: ZVC - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - C:\Program Files\Zarvasoft\ZVC\V3Bar.dll O4 - HKLM\..\Run: [paTray] C:\Program Files\Zarvasoft\ZPC4\Policy Agent\paTray.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [internat.exe] internat.exe O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\ZarvaSoft\Smart Update Utility\AhnSD.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\System32\ctfmon.exe O8 - Extra context menu item: 使用网际快车下载 - C:\PROGRA~1\FLASHGET\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\PROGRA~1\FLASHGET\jc_all.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://cn.download.yahoo.com/dl/install/yinst0401.cab O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} ({5DD731E6-D4F0-11D3-BE3F-00105A6FDA50}) - http://210.44.80.14/online/plugin/myv3na.cab O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2A1B004F-B9AD-4E63-A6FD-C58F09AB8E11}: NameServer = 210.44.80.1,202.102.128.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{2A1B004F-B9AD-4E63-A6FD-C58F09AB8E11}: NameServer = 210.44.80.1,202.102.128.68 O17 - HKLM\System\CS2\Services\Tcpip\..\{2A1B004F-B9AD-4E63-A6FD-C58F09AB8E11}: NameServer = 210.44.80.1,202.102.128.68 O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\Program Files\Kingsoft\Powerword 2003\XDictExB.dll O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\ZarvaSoft\Smart Update Utility\Ahnsdsv.exe O23 - Service: MonSvcNT - Ahnlab, Inc. - C:\PROGRA~1\ZARVAS~1\ZVC\MonSvcNT.EXE O23 - Service: Policy Agent Service V2.0 (paSvc) - AhnLab, Inc. - C:\Program Files\Zarvasoft\ZPC4\Policy Agent\paSvc.exe O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
ioiion 拙长孩提狮帖子:88 注册: 2005-11-19 来自:

ioiion 拙长孩提狮帖子:88 注册: 2005-11-19 来自:	发表于： 2006-01-17 21:07 \| 显示全部短消息资料字号：小中大 3楼谢谢艾玛！我爱着您说得做了还是不行迅雷已经被我删掉了！这是最新的日志 Logfile of HijackThis v1.99.1 Scan saved at 9:05:36 PM, on 1/17/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\Explorer.EXE C:\Program Files\Zarvasoft\ZPC4\Policy Agent\paTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe C:\Program Files\ZarvaSoft\Smart Update Utility\AhnSD.exe C:\windows\System32\ctfmon.exe C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe C:\windows\system32\spoolsv.exe C:\PROGRA~1\ZARVAS~1\ZVC\MonSysNT.exe C:\PROGRA~1\ZARVAS~1\ZVC\V3P3AT.exe C:\Program Files\ZarvaSoft\Smart Update Utility\Ahnsdsv.exe C:\PROGRA~1\ZARVAS~1\ZVC\MonSvcNT.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Zarvasoft\ZPC4\Policy Agent\paSvc.exe C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE C:\PROGRAM FILES\RISING\RAV\Ravmond.exe C:\Documents and Settings\Owner\桌面\HijackThis.exe O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\windows\System32\xunleibho_v2.dll O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll O2 - BHO: ???￠?úê? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll O3 - Toolbar: ???￠?úê? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll O3 - Toolbar: μ?ì¨(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx O3 - Toolbar: ZVC - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - C:\Program Files\ZarvaSoft\ZVC\V3Bar.dll O4 - HKLM\..\Run: [paTray] C:\Program Files\Zarvasoft\ZPC4\Policy Agent\paTray.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [internat.exe] internat.exe O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\ZarvaSoft\Smart Update Utility\AhnSD.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\System32\ctfmon.exe O8 - Extra context menu item: 使用网际快车下载 - C:\PROGRA~1\FLASHGET\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\PROGRA~1\FLASHGET\jc_all.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://cn.download.yahoo.com/dl/install/yinst0401.cab O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} ({5DD731E6-D4F0-11D3-BE3F-00105A6FDA50}) - http://210.44.80.14/online/plugin/myv3na.cab O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2A1B004F-B9AD-4E63-A6FD-C58F09AB8E11}: NameServer = 210.44.80.1,202.102.128.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{2A1B004F-B9AD-4E63-A6FD-C58F09AB8E11}: NameServer = 210.44.80.1,202.102.128.68 O17 - HKLM\System\CS2\Services\Tcpip\..\{2A1B004F-B9AD-4E63-A6FD-C58F09AB8E11}: NameServer = 210.44.80.1,202.102.128.68 O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\Program Files\Kingsoft\Powerword 2003\XDictExB.dll O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\ZarvaSoft\Smart Update Utility\Ahnsdsv.exe O23 - Service: MonSvcNT - Ahnlab, Inc. - C:\PROGRA~1\ZARVAS~1\ZVC\MonSvcNT.EXE O23 - Service: Policy Agent Service V2.0 (paSvc) - AhnLab, Inc. - C:\Program Files\Zarvasoft\ZPC4\Policy Agent\paSvc.exe O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
ioiion 拙长孩提狮帖子:88 注册: 2005-11-19 来自:

ioiion 拙长孩提狮帖子:88 注册: 2005-11-19 来自:	发表于： 2006-01-17 21:52 \| 显示全部短消息资料字号：小中大 4楼版主您好，我的3721刚刚已经用咱们论坛介绍的方法删除了现在就是打开网站后后面都带着那个恶意网站的地址如图：附件: 文件名:6228042006117215240.jpg 下载次数:226 文件类型:image/pjpeg 文件大小: 上传时间:2006-1-17 21:52:40 描述:
ioiion 拙长孩提狮帖子:88 注册: 2005-11-19 来自:

ioiion 拙长孩提狮帖子:88 注册: 2005-11-19 来自:	发表于： 2006-01-19 10:54 \| 显示全部短消息资料字号：小中大 5楼非常感谢魔法学徒,艾玛两位的帮助。问题已经解决。qq号已发.
ioiion 拙长孩提狮帖子:88 注册: 2005-11-19 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT