瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 大虾救我:HOSTS被修改,删了会重建.

1   1  /  1  页   跳转

大虾救我:HOSTS被修改,删了会重建.

收藏
冇问题啦
头像
初生襁褓狮
  • 帖子:2
  • 注册: 2006-02-21
  • 来自:
发表于: 2006-02-21 10:42 | 显示全部 短消息 资料
字号: 1楼

大虾救我:HOSTS被修改,删了会重建.

HOSTS被修改,删了会重建.属性为系统,隐藏.
HJ的LOG :
HijackThis_zww汉化版扫描日志 V1.99.1
保存于      10:28:52, 日期 2006-2-21
操作系统:  Windows XP SP2 (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\program\HijackThis1991汉化版\HijackThis1991zww.exe

O1 - Hosts: 210.85.133.223 005566.com
O1 - Hosts: 210.85.133.223 003366.com
O1 - Hosts: 210.85.133.223 tk.005566.com
O1 - Hosts: 210.85.133.223 tk.003366.com
O1 - Hosts: 210.85.133.223 www.005566.com
O1 - Hosts: 210.85.133.223 005566.com
O1 - Hosts: 210.85.133.223 www.003366.com
O1 - Hosts: 210.85.133.223 003366.com
O1 - Hosts: 218.85.133.223 zsrj.168tk.net
O1 - Hosts: 218.85.133.223 zs2.98tk.net
O1 - Hosts: 218.85.133.223 zs1.98tk.net
O1 - Hosts: 218.85.133.223 xg.ggtk.com
O1 - Hosts: 218.85.133.223 wwww.xg77.com
O1 - Hosts: 218.85.133.223 .xg77.com
O1 - Hosts: 218.85.133.223 wwww.w53.net
O1 - Hosts: 218.85.133.223 .w53.net
O1 - Hosts: 218.85.133.223 wwww.ty44.com
O1 - Hosts: 218.85.133.223 .ty44.com
O1 - Hosts: 218.85.133.223 wwww.tu56.com
O1 - Hosts: 218.85.133.223 .tu56.com
O1 - Hosts: 218.85.133.223 wwww.tu44.com
O1 - Hosts: 218.85.133.223 .tu44.com
O1 - Hosts: 218.85.133.223 wwww.tk130.com
O1 - Hosts: 218.85.133.223 .tk130.com
O1 - Hosts: 218.85.133.223 wwww.shc88.com
O1 - Hosts: 218.85.133.223 .shc88.com
O1 - Hosts: 218.85.133.223 wwww.ok898.net
O1 - Hosts: 218.85.133.223 .ok898.net
O1 - Hosts: 218.85.133.223 wwww.hktuku.com
O1 - Hosts: 218.85.133.223 .hktuku.com
O1 - Hosts: 218.85.133.223 wwww.hk878.net
O1 - Hosts: 218.85.133.223 .hk878.net
O1 - Hosts: 218.85.133.223 wwww.ggtk.com
O1 - Hosts: 218.85.133.223 .ggtk.com
O1 - Hosts: 218.85.133.223 wwww.fc567.com
O1 - Hosts: 218.85.133.223 .fc567.com
O1 - Hosts: 218.85.133.223 wwww.fc236.com
O1 - Hosts: 218.85.133.223 .fc236.com
O1 - Hosts: 218.85.133.223 wwww.cctv100.com
O1 - Hosts: 218.85.133.223 .cctv100.com
O1 - Hosts: 218.85.133.223 wwww.a9tk.com
O1 - Hosts: 218.85.133.223 .a9tk.com
O1 - Hosts: 218.85.133.223 wwww.a8tk.com
O1 - Hosts: 218.85.133.223 .a8tk.com
O1 - Hosts: 218.85.133.223 wwww.a7tk.com
O1 - Hosts: 218.85.133.223 .a7tk.com
O1 - Hosts: 218.85.133.223 wwww.851212.net
O1 - Hosts: 218.85.133.223 .851212.net
O1 - Hosts: 218.85.133.223 wwww.84666.com
O1 - Hosts: 218.85.133.223 .84666.com
O1 - Hosts: 218.85.133.223 wwww.68tu.net
O1 - Hosts: 218.85.133.223 .68tu.net
O1 - Hosts: 218.85.133.223 wwww.66876.com
O1 - Hosts: 218.85.133.223 .66876.com
O1 - Hosts: 218.85.133.223 wwww.6288.net
O1 - Hosts: 218.85.133.223 .6288.net
O1 - Hosts: 218.85.133.223 wwww.55hh.com
O1 - Hosts: 218.85.133.223 .55hh.com
O1 - Hosts: 218.85.133.223 wwww.50899.com
O1 - Hosts: 218.85.133.223 .50899.com
O1 - Hosts: 218.85.133.223 wwww.4523.com
O1 - Hosts: 218.85.133.223 .4523.com
O1 - Hosts: 218.85.133.223 wwww.36488.com
O1 - Hosts: 218.85.133.223 .36488.com
O1 - Hosts: 218.85.133.223 wwww.35tk.net
O1 - Hosts: 218.85.133.223 .35tk.net
O1 - Hosts: 218.85.133.223 wwww.35118.com
O1 - Hosts: 218.85.133.223 .35118.com
O1 - Hosts: 218.85.133.223 wwww.34777.com
O1 - Hosts: 218.85.133.223 .34777.com
O1 - Hosts: 218.85.133.223 wwww.256888.net
O1 - Hosts: 218.85.133.223 .256888.net
O1 - Hosts: 218.85.133.223 wwww.2004tk.com
O1 - Hosts: 218.85.133.223 .2004tk.com
O1 - Hosts: 218.85.133.223 wwww.1986836.com
O1 - Hosts: 218.85.133.223 .1986836.com
O1 - Hosts: 218.85.133.223 wwww.06tk.com
O1 - Hosts: 218.85.133.223 .06tk.com
O1 - Hosts: 218.85.133.223 www5.1986836.com
O1 - Hosts: 218.85.133.223 www2.xm22.net
O1 - Hosts: 218.85.133.223 www2.tk500.com
O1 - Hosts: 218.85.133.223 www.zs4433.com
O1 - Hosts: 218.85.133.223 zs4433.com
O1 - Hosts: 218.85.133.223 www.zs116.com
O1 - Hosts: 218.85.133.223 zs116.com
O1 - Hosts: 218.85.133.223 www.ZQCOM.COM
O1 - Hosts: 218.85.133.223 ZQCOM.COM
O1 - Hosts: 218.85.133.223 www.zphpbbs.com
O1 - Hosts: 218.85.133.223 zphpbbs.com
O1 - Hosts: 218.85.133.223 www.zn666.com
O1 - Hosts: 218.85.133.223 zn666.com
O1 - Hosts: 218.85.133.223 www.zgt.i-p.com
O1 - Hosts: 218.85.133.223 zgt.i-p.com
O1 - Hosts: 218.85.133.223 www.zg19.com
O1 - Hosts: 218.85.133.223 zg19.com
O1 - Hosts: 218.85.133.223 www.zdr678.net
O1 - Hosts: 218.85.133.223 zdr678.net
O1 - Hosts: 218.85.133.223 www.zaiai.com
O1 - Hosts: 218.85.133.223 zaiai.com
O1 - Hosts: 218.85.133.223 www.yztuku.com
O1 - Hosts: 218.85.133.223 yztuku.com
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - 启动项HKLM\\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [VTTimer] VTTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: 九七综合机务处理台.lnk = ?
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://www.3way.cn/plugin/PowerPlr.ocx
O16 - DPF: {7BD7A34E-F3EE-44B1-95A7-E04C2B7FB90C} (IDFlowViewX Control) - http://zjoe.zjtelecom.cn/csscfg.nsf/AttachFile/IDFlowView/$FILE/IDFlowView.cab
O16 - DPF: {AB70C611-DE79-4DB5-B637-CCA50876E4D8} (passport.FileObjectCtrl) - http://zjoe.zjtelecom.cn/csscfg.nsf/AttachFile/passport/$FILE/passport.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{B845311E-2557-46C9-B766-64DAB04924BB}: NameServer = 202.96.107.27,0.0.0.0
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - NT 服务: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - NT 服务: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - NT 服务: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - NT 服务: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - NT 服务: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - NT 服务: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - NT 服务: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - NT 服务: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - NT 服务: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

谢谢
最后编辑2006-02-22 01:12:09
分享到:
gototop
 
冇问题啦
头像
初生襁褓狮
  • 帖子:2
  • 注册: 2006-02-21
  • 来自:
发表于: 2006-02-21 15:11 | 显示全部 短消息 资料
字号: 2楼

楼上大虾:
直接修改HOST不能解决问题,一会就会重写.
我是NTFS盘,DOS下不认
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://www.3way.cn/plugin/PowerPlr.ocx是三味影院
另两条是我们内部网站.
已格了一次,过几天又这样了
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT