我日,4199
TMD4199成了我的主页,123无法打开!怎么也改不回来,使用空白业也不行,救命[ 本帖最后由 天蓝夜黑 于 2006-10-8 10:52 编辑 ] IE修复 原帖由 轻水惜寒 于 2006-10-8 12:10 发表
IE修复
用兔子修复了,还不行 先杀下毒,再修复吧。
用ewido和HijackThis这两个软件试试 用360安全卫士试试... 多谢各位大虾 都不行,没救了 LZ用HijackThis扫描一下,然后把报告发上来吧...
大家一起看看.. 我试验一下 HijackThis_zww汉化版扫描日志 V1.99.1
保存于 23:21:29, 日期 2006-10-8
操作系统:Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\vtupdate.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
D:\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\regsvr32.exe
D:\Tencent\QQ\TIMPlatform.exe
D:\Tencent\QQ\QQ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Tencent\QQ\QQ.exe
E:\ 校园通\5QIM.exe
C:\Program Files\Internet Explorer\iexplore.exe
f:\My Documents\HijackThis1991【teyqiu】.exe
O1 - Hosts: 125.91.1.20 localhost
O1 - Hosts: 125.91.1.20 www.7322.com
O1 - Hosts: 125.91.1.20 www.5566.net
O1 - Hosts: 125.91.1.20 www.v111.com
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 125.91.1.20 www.hao123.com
O1 - Hosts: 125.91.1.20 hao123.com
O1 - Hosts: 125.91.1.20 www.265.com
O1 - Hosts: 125.91.1.20 265.com
O1 - Hosts: 125.91.1.20 www.9991.com
O1 - Hosts: 125.91.1.20 9991.com
O1 - Hosts: 125.91.1.20 www.v111.com
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 61.162.230.31 www.7939.com
O1 - Hosts: 61.162.230.31 7939.com
O1 - Hosts: 61.162.230.31 59.34.148.98
O1 - Hosts: 61.162.230.31 about:blank
O1 - Hosts: 61.141.31.11 down.Virussky.com
O1 - Hosts: 61.141.31.11 60.191.60.108
O1 - Hosts: 61.141.31.11 219.153.20.209
O1 - Hosts: 61.141.31.11 forum.ikaka.com
O1 - Hosts: 61.141.31.11 bbs.360safe.com
O1 - Hosts: 61.141.31.11 www.360safe.com
O1 - Hosts: 61.141.31.11 www.piaoxue.com
O1 - Hosts: 61.141.31.11 61.129.58.12
O1 - Hosts: 61.141.31.11 forum.jiangmin.com
O1 - Hosts: 61.141.31.11 luosoft.com
O1 - Hosts: 125.91.1.20 post.baidu.com
O1 - Hosts: 61.141.31.11 60.191.60.107
O1 - Hosts: 61.141.31.11 219.139.58.97
O1 - Hosts: 61.141.31.11 59.34.148.81
O1 - Hosts: 125.91.1.20 60.191.60.114
O1 - Hosts: 125.91.1.20 www.ycdy.com
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\cnshook.dll
O3 - IE工具栏增项: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - 启动项HKLM\\Run: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"-osboot
O4 - 启动项HKLM\\Run: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - 启动项HKLM\\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: nwiz.exe /install
O4 - 启动项HKLM\\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - 启动项HKLM\\Run: C:\WINDOWS\vtupdate.exe
O4 - 启动项HKLM\\Run: "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - 启动项HKLM\\Run: "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - 启动项HKLM\\Run: C:\WINDOWS\system32\rundll32.exe rsrc.dll s
O4 - 启动项HKLM\\Run: C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - 启动项HKLM\\RunServices: mstask.exe
O4 - 启动项HKLM\\RunOnce: regsvr32 /s C:\WINDOWS\DOWNLO~1\CnsHook.dll
O4 - 启动项HKLM\\RunOnce: regsvr32 /s C:\WINDOWS\DOWNLO~1\cnshint.dll
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\Thunder\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\Thunder\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\Thunder\Thunder.exe
O9 - 浏览器额外的按钮: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - 浏览器额外的按钮: 名品折扣 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816 (file missing)
O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - 浏览器额外的按钮: 雅虎WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - 浏览器额外的按钮: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\espi11.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\espi11.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\espi11.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\espi11.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\espi11.dll
O11 - Options group: [!CNS]中文上网
O16 - DPF: {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} (EWA Control) - http://v.sctv.com/live/p2p/sctvsetup.exe
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {42B6F90A-9B1F-458F-BD6B-03478935A65E} (UDPlayerCtl Control) - http://61.172.202.70:8000/playerctl/UDPlayerCtl.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {779769CA-82F1-4973-BBA7-515E6C7BFD0E} (CMCLoader Object) - http://download.mysee.com/plugin/myplugin.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday 控件) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563722-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview 控件) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl-1.0.0.90-signed.cab
O18 - 列举现有的协议: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\Kingsoft\XDictExB.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: themeadp - {64274C93-3CE7-4663-9C8D-CD2DC8A3590B} - C:\WINDOWS\system32\themeadp.dll (file missing)
O23 - NT 服务: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\ewido anti-spyware 4.0\guard.exe
O23 - NT 服务: NOD32 Kernel Service (NOD32krn) - Eset- C:\Program Files\Eset\nod32krn.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
各位慢用 免疫能力比较强
一个瑞星杀毒+瑞星防火墙+ewido
它居然没设我为主页
试验不成功
其实这个网页样款和7193差不多
会不会是7193给人骂臭了
换个名字出来混
关掉杀毒软件试试 试验过了,用“黄山IE”可以修复的 LS,NB 安全模式下删除...
O4 - 启动项HKLM\\Run: C:\WINDOWS\system32\rundll32.exe rsrc.dll s
删除
C:\WINDOWS\system32\rsrc.dll
C:\WINDOWS\system32\rlrc.dll
用记事本方式打开C:\WINDOWS\system32\drivers\etc下的hosts文件...
编辑内容为127.0.0.1 localhost
其他的就删了... C:\WINDOWS\system32\drivers\etc下的hosts文件
最好是将4199.com 映射为127.0.0.1
让它以后都上不了 3Q,学到新野 哇,楼猪的报告还真多。。。
Logfile of HijackThis v1.99.1
Scan saved at 19:23:16 ?轻水の惜寒?, on 2006-10-11
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\KAVPFW6\KAVPFW.EXE
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\System32\vmnat.exe
C:\WINDOWS\System32\vmnetdhcp.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
D:\Program Files\BitComet\BitComet.exe
D:\Program Files\TheWorld\TheWorld.exe
G:\Software\杀毒防毒\HijackThis.exe
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O4 - HKLM\..\Run: C:\KAVPFW6\KAVPFW.EXE
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKCU\..\Run: C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: C:\KAVPFW6\KAVPFW.EXE
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Thunder\getAllurl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O14 - IERESET.INF: START_PAGE_URL=about:blank
O17 - HKLM\System\CCS\Services\Tcpip\..\{21B9DBD8-7C84-4772-8B8F-1CA726DE484A}: NameServer = 192.168.1.1
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe 一般般吧:) 4199煩~~但係我用兔子上网精靈鎖定IE主頁爲空白主頁....得佐啵 原帖由 星期六 于 2006-10-11 21:57 发表
4199煩~~但係我用兔子上网精靈鎖定IE主頁爲空白主頁....得佐啵
郁闷,五得
顶
页:
[1]
2