Logfile of HijackThis v1.99.1
Scan saved at 15:30:47, on 2006-7-5
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\mxie\mxie.exe
C:\Program Files\Thunder Network\Thunder\Thunder.exe
C:\Documents and Settings\gf\桌面\ha_hijackthis_1991\HijackThis.exe
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: XBTP00162 - {EBA8FC1C-C7BB-4306-B019-99AA73D1021C} - C:\WINDOWS\DOWNLO~1\5460.dll
O2 - BHO: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - C:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~1.DLL
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\BitComet\BitCometBar\BitCometBar0.3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - C:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~1.DLL
O3 - Toolbar: 5460 Toolbar - {6AE02E1C-8859-4F57-9097-5A55A56A4CAF} - C:\WINDOWS\Downloaded Program Files\5460.dll
O4 - HKLM\..\Run: [ATIPTA> "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCMService> "C:\Program Files\Lenovo\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [ccApp> "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [P5P> C:\Program Files\9yc\P5P\P5P.exe
O4 - HKLM\..\Run: [Antiy Auto Update> C:\Program Files\Antiy Labs\Alive\AliveCenter.exe
O4 - HKLM\..\Run: [AGB5Monitor> C:\Program Files\Antiy Labs\AGuard\AGuard.exe /AutoRun
O4 - HKLM\..\Run: [SecExpert> C:\Program Files\Terminator\SecMain.exe Hide
O4 - HKCU\..\Run: [ctfmon.exe> C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: mxie 档案搜索 - C:\Program Files\mxie\Config\protocol.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用影音传送带下载 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 添加到广告猎手 - C:\Program Files\mxie\config/blacklist.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msplus2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msplus2.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
O16 - DPF: {18F57D30-EF36-4C0E-9343-7BFA6DF79B4A} (XLink Class) -
O16 - DPF: {6AE02E1C-8859-4F57-9097-5A55A56A4CAF} (5460 Toolbar) -
O16 - DPF: {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} -
O16 - DPF: {7D6D4A52-3FC3-4761-9CDF-3E1639077332} (WebAttachLib.WebAttach) -
O16 - DPF: {ACFE8232-03C5-4AEC-AF5E-42B806724096} (KSHScan Control) -
O16 - DPF: {BE9535B7-76FB-4572-AD20-B32BADB3643B} -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = muyang.com
O17 - HKLM\Software\..\Telephony: DomainName = muyang.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{49B39D31-B1E0-4513-9099-FAE7DC6EB9CD}: NameServer = 202.96.134.133,202.96.128.68
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = muyang.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = muyang.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Lenovo\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Lenovo\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Lenovo\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Security Expert Back Service (SecBkSrv) - CNNS - C:\Program Files\Terminator\SecBkSrv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
10项有问题我修复不了,请帮忙!
关于10项的修复:
使用WinsockFix 修复一下注册表
建议操作之前备份一下注册表
然后重启
[ 本帖最后由 keeper11 于 2006-7-5 17:09 编辑 >
O10 - Unknown file in Winsock LSP: c:\windows\system32\msplus2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msplus2.dll
LSP劫持.
以上两招都用了,HijackThis扫描10项也不见了,但用Symantec Antivirus扫描还有,请指教!!
Symantec Antivirus的结果是什么?建议导出sreng日志看看
扫描类型: 调度 扫描
事件: 发现威胁!
威胁:Adware.Roogoo
文件: C:\WINDOWS\system32\msplus.dll
位置: C:\WINDOWS\system32
计算机: CYWP
用户: CYWP\ywp
采用的操作: 不操作 成功
发现的日期: 2006年7月6日星期四 12:03:09
扫描类型: 自动防护 扫描
事件: 发现威胁!
威胁:Adware.Roogoo
文件: C:\WINDOWS\system32\msplus2.dll
位置: C:\WINDOWS\system32
计算机: CYWP
用户: CYWP\ywp
采用的操作: 未决的副作用影响分析
发现的日期: 2006年7月8日 9:16:52
原帖由 myywp 于 2006-7-8 09:17 发表
扫描类型: 自动防护 扫描
事件: 发现威胁!
威胁:Adware.Roogoo
文件: C:\WINDOWS\system32\msplus2.dll
位置: C:\WINDOWS\system32
计算机: CYWP
用户: CYWP\ywp
采用的操作: 未决的副作用 ...
控制面板--文件夹选项--显示所有文件和文件夹,利用KILLBOX强行删除msplus2.dll
利用KILLBOX强行删除msplus2.dll 后上不了网,将KILLBOX里备份msplus2.dll复制到 C:\WINDOWS\system32后又能上网,但问题又没解决,大哥帮帮我吧!
原帖由 myywp 于 2006-7-10 12:17 发表
利用KILLBOX强行删除msplus2.dll 后上不了网,将KILLBOX里备份msplus2.dll复制到 C:\WINDOWS\system32后又能上网,但问题又没解决,大哥帮帮我吧!
用置顶“WinsockxpFix”软件修复试试 |
|
设为首页
加入收藏
联系我们
打印本文 
返回顶部 
加入收藏 
关闭窗口
