|
查看: 1201|回复: 11
|
http://540.filost.com
[复制链接]
|
|
|
发表于 3-6-2005 12:55 AM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
发表于 3-6-2005 07:39 PM
|
显示全部楼层
|
ad-aware,Spybot-Search&Destroy,antispyware任擇其一,再来C:\WINDOWS\system32\drivers\etc-open "hosts" with notepad有可懷的link就delete掉.. |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 3-6-2005 09:34 PM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
发表于 4-6-2005 01:22 AM
|
显示全部楼层
|
你已經試过用ad-aware,Spybot-Search&Destroy,antispyware其一scan过麼?www.download.com search就有咯...再不能解決就post你的hosts or hijackthis的logfile上来...我試下幫你看有没可懷的東東 |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 5-6-2005 09:27 AM
|
显示全部楼层
tried to scan b4...no use....this is my hijack this log file:
Logfile of HijackThis v1.99.1
Scan saved at 9:07:21 PM, on 6/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\KVFW\kvfw.exe
C:\Program Files\QLink1.1\devmonit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ming\Local Settings\Temporary Internet Files\Content.IE5\4Z5ZQQJT\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\Run: [NvCplScan] msc32.exe
O4 - HKLM\..\Run: [Print Driver] SAgent.exe
O4 - HKLM\..\Run: [Microsofts media] winmplayd.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\RunServices: [NvCplScan] msc32.exe
O4 - HKLM\..\RunServices: [Print Driver] SAgent.exe
O4 - HKLM\..\RunServices: [Microsofts media] winmplayd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKCU\..\Run: [Print Driver] SAgent.exe
O4 - HKCU\..\Run: [KVFW] C:\Program Files\KVFW\kvfw.exe
O4 - HKCU\..\RunServices: [Print Driver] SAgent.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\QLink1.1\devmonit.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download. ... s/yinst20040510.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4618FAB3-2754-470C-A560-867FD7D586A5}: NameServer = 202.188.0.133 202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEA84383-DBA4-4482-811A-0CE6982154D1}: NameServer = 202.188.0.133,202.188.1.5
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
|
|
|
|
|
|
|
|
|
|
|
发表于 25-7-2005 02:47 AM
|
显示全部楼层
回复 #6 skunk_cabbage82 的帖子
|
|
|
|
|
|
|
|
|
|
|
发表于 25-7-2005 04:49 PM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
发表于 25-7-2005 05:21 PM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
发表于 26-7-2005 08:37 PM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
发表于 27-7-2005 03:26 PM
|
显示全部楼层
(分享)头疼了很久的恶意网站终于删除了
一、关于如何清除恶意网站wo365
1、先在注册表中删除{7977DED7-B1D4-4C96-B1AC-40C162FD3A45}相关的两项
2、重新启动后,再删除系统文件中的UrlCom101.dll即可底解!(Windows 2000 在C:\\WINNT\\system32\\文件夹下,Windows XP 在C:\\WINDOWS\\system32\\文件夹下。)
二、解决IE无故弹出http://540.filost.com/a/banner.aspx
1、运行CMD命令:REGSVR32 /U C:\\WINDOWS\\System32\\vbsys2.dll,注销vbsys2.dll
2、显示隐藏文件,然后删除掉vbsys2.dll(Windows 2000 在C:\\WINNT\\system32\\文件夹下,Windows XP 在C:\\WINDOWS\\system32\\文件夹下。)
3、运行CMD命令:REGEDIT,用F3搜索所有含vbsys2.dll的键值,删除!
4、删除临时文件(C:\\Windows\\Temp\\,C:\\Documents and Settings\\Local Settings\\Temp\\,C:\\Documents and Settings\\Local Settings\\Temporary Internet Files\\ 等),并清空回收站。
关键是能做到浏览后就自动下载、加载,通过DLL运行,所以看不到进程,很令人佩服其构思。
http://www.llzhome.com/bbs/Archi ... dID=25&ID=17907 |
|
|
|
|
|
|
|
|
|
|
|
发表于 30-7-2005 01:38 AM
|
显示全部楼层
我之前也中过,升级到SP2就没事了,好奇怪...
UrlCom101.dll
vbsys2.dll
我search过了,不存在。。。
可能升级时“顺便”帮我搞定了 |
|
|
|
|
|
|
|
|
|
| |
 本周最热论坛帖子
|
变色卡
千斤顶
2695 
106
