设为首页收藏本站
B. Malaysia手机版

佳礼资讯网

 找回密码
 注册

ADVERTISEMENT

佳礼资讯网»论坛 电脑手机 电脑,手提 [求助]怎么我在GOOGLE搜索的资料会这样的? ...
12
返回列表 发新帖
楼主: Ocean_Deep

[求助]怎么我在GOOGLE搜索的资料会这样的?

[复制链接]
bryon
发表于 13-3-2005 06:02 PM | 显示全部楼层
很明显了嘛
你去到里面所列出的网站都会被带到66.199.231.74这个幽灵网站
回复

使用道具 举报


ADVERTISEMENT

bryon
发表于 13-3-2005 06:05 PM | 显示全部楼层
刚好找到一个跟你一模一样的Case
你电脑中了AZESEARCH spyware

跟以下的网址做就行了
http://216.239.57.104/search?q=c ... activator&hl=en

[ Last edited by bryon on 13-3-2005 at 09:07 PM ]
回复

使用道具 举报

~WoW~ 该用户已被删除
发表于 13-3-2005 06:05 PM | 显示全部楼层
嘿嘿~~
從圖片上看來,很明顯~~
摟主中標了~~

那些yahoo / google 的  ip 全部變成66.199.213.xxx了~~
回复

使用道具 举报

Ocean_Deep
 楼主| 发表于 13-3-2005 08:40 PM | 显示全部楼层
warzero 于 13-3-2005 05:32 PM  说 :

暈~~
這次不是要圖。
而是要裏面的字......

你copy paste那些字上來就行了......

Logfile of HijackThis v1.99.1
Scan saved at 8:46:55 PM, on 3/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TTPlayer\TTPlayer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HiJackThis\HijackThis.exe

O1 - Hosts: 66.199.231.174 www.google.com
O1 - Hosts: 66.199.231.174 google.com
O1 - Hosts: 66.199.231.174 www.google.co.uk
O1 - Hosts: 66.199.231.174 google.co.uk
O1 - Hosts: 66.199.231.174 www.google.ca
O1 - Hosts: 66.199.231.174 google.ca
O1 - Hosts: 66.199.231.174 www.google.es
O1 - Hosts: 66.199.231.174 google.es
O1 - Hosts: 66.199.231.174 www.google.de
O1 - Hosts: 66.199.231.174 google.de
O1 - Hosts: 66.199.231.174 www.google.fr
O1 - Hosts: 66.199.231.174 google.fr
O1 - Hosts: 66.199.231.174 www.google.com.au
O1 - Hosts: 66.199.231.174 google.com.au
O1 - Hosts: 66.199.231.173 www.yahoo.com
O1 - Hosts: 66.199.231.173 yahoo.com
O1 - Hosts: 66.199.231.172 www.msn.com
O1 - Hosts: 66.199.231.172 msn.com
O1 - Hosts: 66.199.231.172 search.msn.com
O1 - Hosts: 66.199.231.171 astalavista.com
O1 - Hosts: 66.199.231.171 www.astalavista.com
O1 - Hosts: 66.199.231.171 astalavista.box.sk
O1 - Hosts: 66.199.231.171 www.astalavista.box.sk
O1 - Hosts: 66.199.231.171 cracks.am
O1 - Hosts: 66.199.231.171 www.cracks.am
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\system32\azesearch.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (CParamWr Class) - http://toolbar.azesearch.com/install/azesearch.cab
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\YAMAHA\MidRadio Player\midradio.ocx
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
回复

使用道具 举报

Ocean_Deep
 楼主| 发表于 13-3-2005 08:42 PM | 显示全部楼层
bryon和~WoW~,看你们这么写,好像很大件事这样的!
回复

使用道具 举报

Ocean_Deep
 楼主| 发表于 13-3-2005 08:44 PM | 显示全部楼层
bryon 于 13-3-2005 06:05 PM  说 :
刚好找到一个跟你一模一样的Case
你电脑中了AZESEARCH spyware

跟以下的网址做就行了
http://216.239.57.104/search?q=cache:3a3jKP0GW2cJ:[url]www.bleepingcomputer.com/forums/topict13034.html+ztoolbar ...

我都不明白这个网站写的东西耶。。。
回复

使用道具 举报

Follow Us
bryon
发表于 13-3-2005 09:06 PM | 显示全部楼层
Ocean_Deep 于 13-3-2005 23:44  说 :

我都不明白这个网站写的东西耶。。。

那。。那小弟帮不到你了,抱歉
回复

使用道具 举报

戦零
发表于 13-3-2005 09:58 PM | 显示全部楼层
樓主,你將這些Log paaste在這個網站。
http://www.hijackthis.de/index.php

然後按Analyze后,這個網站就會幫你分析出來。
然後經過分析后。你的這些的確是有問題。(紅色的字體)

Logfile of HijackThis v1.99.1
Scan saved at 8:46:55 PM, on 3/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TTPlayer\TTPlayer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HiJackThis\HijackThis.exe

O1 - Hosts: 66.199.231.174 www.google.com
O1 - Hosts: 66.199.231.174 google.com
O1 - Hosts: 66.199.231.174 www.google.co.uk
O1 - Hosts: 66.199.231.174 google.co.uk
O1 - Hosts: 66.199.231.174 www.google.ca
O1 - Hosts: 66.199.231.174 google.ca
O1 - Hosts: 66.199.231.174 www.google.es
O1 - Hosts: 66.199.231.174 google.es
O1 - Hosts: 66.199.231.174 www.google.de
O1 - Hosts: 66.199.231.174 google.de
O1 - Hosts: 66.199.231.174 www.google.fr
O1 - Hosts: 66.199.231.174 google.fr
O1 - Hosts: 66.199.231.174 www.google.com.au
O1 - Hosts: 66.199.231.174 google.com.au
O1 - Hosts: 66.199.231.173 www.yahoo.com
O1 - Hosts: 66.199.231.173 yahoo.com
O1 - Hosts: 66.199.231.172 www.msn.com
O1 - Hosts: 66.199.231.172 msn.com
O1 - Hosts: 66.199.231.172 search.msn.com
O1 - Hosts: 66.199.231.171 astalavista.com
O1 - Hosts: 66.199.231.171 www.astalavista.com
O1 - Hosts: 66.199.231.171 astalavista.box.sk
O1 - Hosts: 66.199.231.171 www.astalavista.box.sk
O1 - Hosts: 66.199.231.171 cracks.am
O1 - Hosts: 66.199.231.171 www.cracks.am
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\system32\azesearch.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (CParamWr Class) - http://toolbar.azesearch.com/install/azesearch.cab
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\YAMAHA\MidRadio Player\midradio.ocx
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe


那個azesearch.ocx其實是Aware來的。
http://computercops.biz/clsid-1697.html

所以你要清除掉那個azesearch.ocx和azesearch.cab先。
最好是在關閉IE后再來清除。
如果無法清除的話,就到safemode哪兒清除。

然後在Hijackthis哪兒再來掃描你的系統。
然後你應該是還看到那些
O1 - Hosts: 66.199.231.174 www.google.com
O1 - Hosts: 66.199.231.174 google.com
O1 - Hosts: 66.199.231.174 www.google.co.uk
O1 - Hosts: 66.199.231.174 google.co.uk
O1 - Hosts: 66.199.231.174 www.google.ca
O1 - Hosts: 66.199.231.174 google.ca
O1 - Hosts: 66.199.231.174 www.google.es
O1 - Hosts: 66.199.231.174 google.es
O1 - Hosts: 66.199.231.174 www.google.de
O1 - Hosts: 66.199.231.174 google.de
O1 - Hosts: 66.199.231.174 www.google.fr
O1 - Hosts: 66.199.231.174 google.fr
O1 - Hosts: 66.199.231.174 www.google.com.au
O1 - Hosts: 66.199.231.174 google.com.au
O1 - Hosts: 66.199.231.173 www.yahoo.com
O1 - Hosts: 66.199.231.173 yahoo.com
O1 - Hosts: 66.199.231.172 www.msn.com
O1 - Hosts: 66.199.231.172 msn.com
O1 - Hosts: 66.199.231.172 search.msn.com
O1 - Hosts: 66.199.231.171 astalavista.com
O1 - Hosts: 66.199.231.171 www.astalavista.com
O1 - Hosts: 66.199.231.171 astalavista.box.sk
O1 - Hosts: 66.199.231.171 www.astalavista.box.sk
O1 - Hosts: 66.199.231.171 cracks.am
O1 - Hosts: 66.199.231.171 www.cracks.am

你就在Hijakthis哪兒勾選那些01的全部。
然後按Fix Checked。
之後這些應該是被清除掉了....

最後的就是用Hijackthis再來做新的報告。
看你的電腦還有沒有問題?

還有最好也跟著這兒的方法。
http://securityresponse.symantec ... dware.mwsearch.html

如果有的話,就一起洗掉那些regedit。
沒有的話,就不用管它。

[ Last edited by warzero on 13-3-2005 at 10:05 PM ]
回复

使用道具 举报


ADVERTISEMENT

Ocean_Deep
 楼主| 发表于 13-3-2005 10:50 PM | 显示全部楼层
哈!
问题解决了!

但究竟我的电脑发生什么事了?
以后要怎么防止这类的事情发生?
我还可以做什么来确定我的电脑真的没有问题了?

(坛主,不好意思。你给我的那个链接“symantec”的,我不明白里面所说的!
回复

使用道具 举报

戦零
发表于 13-3-2005 11:11 PM | 显示全部楼层
Ocean_Deep 于 13-3-2005 10:50 PM  说 :
哈!
问题解决了!

但究竟我的电脑发生什么事了?
以后要怎么防止这类的事情发生?
我还可以做什么来确定我的电脑真的没有问题了?

(坛主,不好意思。你给我的那个链接“symantec”的,我不明白里面所说 ...

簡單來講你的電腦就是中了adware、spyware。
解決方法就是以後提高你的防毒意識。

不要去一些不明網站和亂亂開一些不明的mail。
你中的這個可能跟上次你中的Toolbar有關吧?

只是我不懂爲什麽你的Ad-Aware無法掃描出來.....

既然已經無事了,不過爲了安全起見。
還是再用Hijackthis來掃描。然後再來將它的Log放上來吧。

然後symantec的那些我只是叫你到regedit哪兒看有沒有這些的registry?

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MWSearch
HKEY_LOCAL_MACHINE\SOFTWARE\MWSearchCo\MWSearch
HKEY_CLASSES_ROOT\MWSearch.StockBar
HKEY_CLASSES_ROOT\MWSearch.StockBar.1
HKEY_CLASSES_ROOT\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
HKEY_CLASSES_ROOT\MWSearch.cfgwr.1
HKEY_CLASSES_ROOT\MWSearch.cfgwr
HKEY_CLASSES_ROOT\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}
HKEY_CLASSES_ROOT\MWSearch.tbactivator.1
HKEY_CLASSES_ROOT\MWSearch.tbactivator
HKEY_CLASSES_ROOT\CLSID\{FFF5092F-7172-4018-827B-FA5868FB0478}
HKEY_CLASSES_ROOT\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}
HKEY_CLASSES_ROOT\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}
HKEY_CLASSES_ROOT\Interface\{DCFAB192-4A0E-4720-8E24-70D5F0CB8C39}
HKEY_CLASSES_ROOT\Interface\{F4394F24-163D-430B-B5AF-B68B56031B99}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFF5092F-7172-4018-827B-FA5868FB0478}

然後還有C:\Program Files\BazookaBar的Folder.....

沒有的話就不要管它。有的話就一起洗掉吧。

[ Last edited by warzero on 13-3-2005 at 11:17 PM ]
回复

使用道具 举报

mayilefy
发表于 14-3-2005 11:10 AM | 显示全部楼层
warzero & bryon兩位壇主果然厲害!!
霈福!!霈福!!





warzero 于 11-3-2005 16:36  说 :

你的前面兩個字刪掉吧。
看了不很雅觀......
Eric_Joe 于 11-3-2005 16:15  说 :
妈的............酱奇怪的东西我还是第一次见.........

PS一下下.
這兩個字雅不雅觀見仁見智.
但千霈有次拍戲NG時一時氣急就說出了這兩個字..
她就說得很有正氣..很氣勢磅礡..同時也很可愛,因為她是對著一張小矮桌說的...
我有把這段錄下來放在這家族的檔案庫里...
http://tw.club.yahoo.com/clubs/purple-corner/





[size=-1]如果從來不曾遇見妳ˉ如果從來不曾愛上妳
發生在我身上的事情ˉ不會如此美麗
回复

使用道具 举报

Ocean_Deep
 楼主| 发表于 15-3-2005 09:03 AM | 显示全部楼层
Logfile of HijackThis v1.99.1
Scan saved at 9:10:15 AM, on 3/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\TTPlayer\TTPlayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HiJackThis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {FFF5092F-7172-4018-827B-FA5868FB0478} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (CParamWr Class) - http://toolbar.azesearch.com/install/azesearch.cab
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\YAMAHA\MidRadio Player\midradio.ocx
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe

这个是我刚扫描的。。。
回复

使用道具 举报

v3688e
发表于 15-3-2005 07:20 PM | 显示全部楼层
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (CParamWr Class) - http://toolbar.azesearch.com/install/azesearch.cab

最后一个, 用Hijackthis把这个打勾, fix就可以了

建议用ie-spyad, 可以block掉大部份的这类spyware/adware...
回复

使用道具 举报

Ocean_Deep
 楼主| 发表于 15-3-2005 11:31 PM | 显示全部楼层
v3688e 于 15-3-2005 07:20 PM  说 :
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (CParamWr Class) - http://toolbar.azesearch.com/install/azesearch.cab

最后一个, 用Hijackthis把这个打勾, fix就可以了

建议用ie-spyad ...

谢谢,还有那一些需要删除的吗?
回复

使用道具 举报

v3688e
发表于 16-3-2005 12:18 AM | 显示全部楼层
O2 - BHO: (no name) - {FFF5092F-7172-4018-827B-FA5868FB0478} - (no file)
这个也可以删掉, 另外, 我自己是不让babylon, yahoo! messenger自动运行, 随个人喜爱...
回复

使用道具 举报

戦零
发表于 16-3-2005 07:02 PM | 显示全部楼层
希望各位會好好參考和利用這個帖子。


移至電腦病毒、保安專區
回复

使用道具 举报


ADVERTISEMENT

mayilefy
发表于 17-3-2005 08:43 AM | 显示全部楼层
Ocean_Deep 于 13-3-2005 20:42  说 :
bryon和~WoW~,看你们这么写,好像很大件事这样的!


看到你列出那些東東來..連偶還沒看完就要昏了..你說大件事沒有??






[size=-1]原諒妳?   原諒到甚至時候?
我沒有保留眼淚   一直讓它流下來..T-T
回复

使用道具 举报

12
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

 

所属分类: 电脑手机


ADVERTISEMENT


本周最热论坛帖子本周最热论坛帖子

ADVERTISEMENT


佳礼网 面子书


ADVERTISEMENT

ADVERTISEMENT


版权所有 © 1996-2023 Cari Internet Sdn Bhd (483575-W)|IPSERVERONE 提供云主机|广告刊登|关于我们|私隐权|免控|投诉|联络|脸书|佳礼资讯网

GMT+8, 6-9-2025 03:18 AM , Processed in 0.111938 second(s), 20 queries , Gzip On.

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

快速回复 返回顶部 返回列表