能否参考俺的签名,用hijackthis或sreng扫描一个报告看看。
应该是恶意被装了插件!有没有用360安全卫士修复过呢? 如果没有,那最好用它修复一下子吧
用卫士修复过了,还是不行。 这是HIJACK的扫描结果: Logfile of HijackThis v1.99.1 Scan saved at 23:37:39, on 2006-12-25 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\ctfmon.exe D:\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\svchost.exe D:\Winamp\Winamp.exe D:\QQ\TIMPlatform.exe D:\复件 MYIE2\复件 MYIE2\MyIE.exe D:\ha_hijackthis\HijackThis.exe O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [SKYNET Personal FireWall] D:\Firewall\PFW.exe.
O4 - HKLM\..\Run: [BigDogPath] rem ; C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x O4 - HKLM\..\Run: [ATICCC] rem ; "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [DAEMON Tools-1033] rem ; "E:\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [KernelFaultCheck] rem ; %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [StormCodec_Helper] rem ; "D:\Storm Codec\StormSet.exe" /S /opti O4 - HKLM\..\Run: [TkBellExe] rem ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinampAgent] rem ; "D:\Winamp\Winampa.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\QQ\AddToNetDisk.htm O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 添加到QQ自定义面板 - D:\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - D:\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\QQ\SendMMS.htm O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\浩方对战平台\GameClient.exe (file missing) O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ\QQ.EXE O14 - IERESET.INF: SEARCH_PAGE_URL= O14 - IERESET.INF: START_PAGE_URL= O16 - DPF: {52DF16E3-6C4F-4B22-8BAF-09263E463B48} (金山毒霸在线产品升级) - http://www.duba.net/cab/KOSInit.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe dngz.net您的电脑医生 O23 - Service: ewido security suite control - ewido networks - D:\ewido anti-malware\ewidoctrl.exe这是SRENG的扫描结果: Windows XP Professional (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation] <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation] <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation] <SKYNET Personal FireWall><D:\Firewall\PFW.exe> [天网] <BigDogPath><rem ; C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x> [N/A] <ATICCC><rem ; "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay> [N/A] <DAEMON Tools-1033><rem ; "E:\D-Tools\daemon.exe" -lang 1033> [DAEMON'S HOME] <KernelFaultCheck><rem ; %systemroot%\system32\dumprep 0 -k> [N/A] <StormCodec_Helper><rem ; "D:\Storm Codec\StormSet.exe" /S /opti> [N/A] <TkBellExe><rem ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [N/A] <WinampAgent><rem ; "D:\Winamp\Winampa.exe"> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Corporation]
本文来自 www.dngz.net
<Userinit><C:\WINDOWS\SYSTEM32\Userinit.exe,> [(Verified)Microsoft Corporation] <UIHost><logonui.exe> [(Verified)Microsoft Corporation] ================================== 启动文件夹 [Microsoft Office] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N> ================================== 服务 [Ati HotKey Poller / Ati HotKey Poller] <C:\WINDOWS\System32\Ati2evxx.exe><ATI Technologies Inc.> [ATI Smart / ATI Smart] <C:\WINDOWS\system32\ati2sgag.exe><> [ewido security suite control / ewido security suite control] <D:\ewido anti-malware\ewidoctrl.exe><ewido networks> [Human Interface Device Access / HidServ] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [IMAPI CD-Burning COM Service / ImapiService] <C:\WINDOWS\System32\imapi.exe><Microsoft Corporation> ================================== 驱动程序 [AC2003 / AC2003] <System32\Drivers\AC2003.sys><ABIT Computer Corp.> [Service for Realtek AC97 Audio (WDM) / ALCXWDM] <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.> [ati2mtag / ati2mtag] <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.> [d347bus / d347bus] <\SystemRoot\System32\DRIVERS\d347bus.sys><> [d347prt / d347prt] <\SystemRoot\System32\Drivers\d347prt.sys><> [EagleNT / EagleNT] <\?\C:\WINDOWS\System32\drivers\EagleNT.sys><N/A> [FREEPROC / FREEPROC] <\?\D:\新龙族-永久免费网游\freeproc.sys><N/A> [kmsinput / kmsinput] <\?\C:\WINDOWS\System32\drivers\kmsinput.sys><N/A> [npkcrypt / npkcrypt] <\?\D:\QQ\npkcrypt.sys><INCA Internet Co., Ltd.> dngz.net您的电脑医生 [nvatabus / nvatabus] <\SystemRoot\System32\DRIVERS\nvatabus.sys><NVIDIA Corporation> [NVIDIA nForce Networking Controller Driver / NVENET] <System32\DRIVERS\NVENET.sys><NVIDIA Corporation> [NVIDIA nForce AGP Bus Filter / nv_agp] <\SystemRoot\System32\DRIVERS\nv_agp.sys><NVIDIA Corporation> [Direct Parallel Link Driver / Ptilink] <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139] <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation> [Secdrv / Secdrv] <System32\DRIVERS\secdrv.sys><N/A> [SKNFW / SKNFW] <\?\C:\WINDOWS\System32\Drivers\SKNFW.sys><N/A> [World Standard Teletext Codec / WSTCODEC] <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation> ================================== 浏览器加载项 [浩方对战平台] {0A155D3C-68E2-4215-A47A-E800A446447A} <D:\浩方对战平台\GameClient.exe, N/A> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\QQ\QQ.EXE, TENCENT> [FlashGet Bar] {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft> [电台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation> [金山毒霸在线产品升级] {52DF16E3-6C4F-4B22-8BAF-09263E463B48} <C:\PROGRA~1\KOS\KOSInit.ocx, 金山软件股份有限公司> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.> [上传到QQ网络硬盘] <D:\QQ\AddToNetDisk.htm, N/A> [使用网际快车下载] <C:\Program Files\FlashGet\jc_link.htm, N/A> [使用网际快车下载全部链接] <C:\Program Files\FlashGet\jc_all.htm, N/A> [添加到QQ自定义面板] <D:\QQ\AddPanel.htm, N/A> , [添加到QQ表情] <D:\QQ\AddEmotion.htm, N/A> [用QQ彩信发送该图片] <D:\QQ\SendMMS.htm, N/A> ================================== 正在运行的进程 [PID: 408][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 576][\?\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 680][\?\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4132] [PID: 724][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 736][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 888][C:\WINDOWS\System32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4132] [C:\WINDOWS\System32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2500] [PID: 920][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1024][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1216][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1272][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1340][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4132] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2500] [PID: 1472][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)] [C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll] [, 1, 0, 0, 1] [PID: 1568][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [PID: 1712][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] dngz.net [PID: 1912][D:\ewido anti-malware\ewidoctrl.exe] [ewido networks, 3, 0, 0, 1] [D:\ewido anti-malware\lang.dll] [privat, 1, 0, 0, 1] [PID: 160][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 248][C:\WINDOWS\System32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)] [PID: 1440][D:\Winamp\Winamp.exe] [Nullsoft, 2.81] [D:\Winamp\Plugins\IN_CDDA.DLL] [N/A, N/A] [D:\Winamp\Plugins\IN_MIDI.DLL] [N/A, N/A] [D:\Winamp\Plugins\read_file.dll] [N/A, N/A] [D:\Winamp\Plugins\IN_MOD.DLL] [N/A, N/A] [D:\Winamp\Plugins\IN_MP3.DLL] [N/A, N/A] [D:\Winamp\Plugins\in_vorbis.dll] [N/A, N/A] [D:\Winamp\Plugins\IN_WAVE.DLL] [N/A, N/A] [D:\Winamp\Plugins\IN_WM.DLL] [N/A, N/A] [D:\Winamp\Plugins\OUT_DISK.DLL] [N/A, N/A] [D:\Winamp\Plugins\OUT_DS.DLL] [N/A, N/A] [D:\Winamp\Plugins\out_wave.dll] [N/A, N/A] [D:\Winamp\Plugins\OUT_WM.DLL] [N/A, N/A] [D:\Winamp\Plugins\gen_MiniLyrics.dll] [N/A, N/A] [D:\Winamp\Plugins\MiniLyrics.dll] [N/A, N/A] [D:\QQ\qdshm.dll] [, 1, 0, 1, 2] [C:\Program Files\WinRAR\rarext.dll] [N/A, N/A] [C:\WINDOWS\System32\tssoft32.acm] [DSP GROUP, INC., 1.01] [C:\WINDOWS\System32\tsd32.dll] [N/A, N/A] [C:\WINDOWS\System32\sl_anet.acm] [Sipro Lab Telecom Inc., 3.02] [C:\WINDOWS\System32\iac25_32.ax] [Intel Corporation, 2.05.53] [C:\WINDOWS\System32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305] [C:\WINDOWS\System32\vct3216.acm] [Voxware, Inc., 1.6.0.17] [C:\WINDOWS\System32\vct3216.dll] [Voxware, Inc., 1.6.0.12] [C:\WINDOWS\System32\msms001.vwp] [Voxware, Inc., 2.0.2.61] [C:\WINDOWS\System32\mvoice.vwp] [Voxware, Inc., 2.0.0.12.01]dngz.net您的电脑医生
[PID: 1516][D:\QQ\TIMPlatform.exe] [tencent, 0, 3, 1, 8] [D:\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4] [PID: 1016][D:\复件 MYIE2\复件 MYIE2\MyIE.exe] [MY Soft Technology, 0, 9, 27, 68] [D:\复件 MYIE2\复件 MYIE2\Plugin\ViewSource\ViewSrc.dll] [, 1, 0, 0, 1] [D:\复件 MYIE2\复件 MYIE2\Services\RealTime\real_time.dll] [, 1, 0, 0, 1] [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0] [C:\WINDOWS\System32\NQWBX.IME] [念青:http://nq.yeah.net, 2.03.05.08] [PID: 1540][D:\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}]把这个hxxp://59.42.71.245:88/ndatin.aspx?加入hosts文件试试如何(http换成hxxp了): 127.0.0.1 hxxp://59.42.71.245:88/ndatin.aspx?