9,506
社区成员
发帖
与我相关
我的任务
分享浏览器被流氓劫持了
用HijackThis扫描了一下,没发现有什么不对劲的,请高手再帮忙看看。
HijackThis@Qoo的扫描日志 V1.97.7
Scan saved at 16:23:11, on 2006-8-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\QS4B8E.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\Explorer.exe
D:\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\WINDOWS\system32\SYSREA~1.DLL
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [svchost] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\RunOnce: [uninsrest] C:\DOCUME~1\WEIXIN~1.ZHA\LOCALS~1\Temp\uninrest.exe
O4 - Startup: intlname.ols
O4 - Startup: NTUSER.DAT
O4 - Startup: NTUSER.DAT.LOG
O4 - Startup: ntuser.ini
O4 - Startup: ntuser.pol
O4 - Global Startup: NTUSER.DAT
O4 - Global Startup: NTUSER.DAT.LOG
O4 - Global Startup: ntuser.pol
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
HijackThis@Qoo的扫描日志 V1.97.7
Scan saved at 16:23:11, on 2006-8-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\QS4B8E.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\Explorer.exe
D:\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\WINDOWS\system32\SYSREA~1.DLL
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [svchost] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\RunOnce: [uninsrest] C:\DOCUME~1\WEIXIN~1.ZHA\LOCALS~1\Temp\uninrest.exe
O4 - Startup: intlname.ols
O4 - Startup: NTUSER.DAT
O4 - Startup: NTUSER.DAT.LOG
O4 - Startup: ntuser.ini
O4 - Startup: ntuser.pol
O4 - Global Startup: NTUSER.DAT
O4 - Global Startup: NTUSER.DAT.LOG
O4 - Global Startup: ntuser.pol
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
...全文
请发表友善的回复…
发表回复
myangelonline 2006-08-31
- 打赏
- 举报
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\TEMP\QS4B8E.EXE
先把這兩個進程給結束掉
然後再刪除這兩個文件....
myangelonline 2006-08-31
- 打赏
- 举报
HKLM\..\Run: [svchost] C:\WINDOWS\system32\drivers\svchost.exe
HKLM\..\RunOnce: [uninsrest] C:\DOCUME~1\WEIXIN~1.ZHA\LOCALS~1\Temp\uninrest.exe
把這兩項給修復掉
這兩個開機加載的程序像是"病毒"
建議刪除這兩個文件
xaxx 2006-08-31
- 打赏
- 举报
问题已经解决。我用了“流氓软件清理助手” 和 “黄山IE修复专家”。还是谢谢大家热心帮忙。
move8net 2006-08-30
- 打赏
- 举报
同意楼上说的
xinyangcs 2006-08-30
- 打赏
- 举报
用IE修复软件修复
xaxx 2006-08-28
- 打赏
- 举报
ie不定时的弹出 www.mowto.com的网页,很烦。
