百度贴吧自动变成雅虎的网站

显示全部楼层 · 发表于 2007-8-30 12:48:21

用360提示没找到文件，修复下又说360没问题，黄山IE修复装完后打开又提示没找到文件。。。。这太可怕了，各位大侠，帮忙下。。小弟感激不尽

显示全部楼层 · 发表于 2007-8-30 12:51:56

类似百度的一个页面

显示全部楼层 · 发表于 2007-8-31 09:28:33

有没高人给小弟指点一下

显示全部楼层 · 发表于 2007-8-31 09:43:02

似乎HOSTS文件

被改了

仅是判断

显示全部楼层 · 发表于 2007-8-31 10:08:36

小弟昨天看了一下，貌似我的症状和q.dll病毒好像，360，卡卡助手点击提示浏览文件不存在，点一些安全论坛自动转到http://cn.yahoo.com/，而且360，卡卡助手无法安装，昨天在QQ目录下找到q.dll,用unlocker删了下，可今天的还是这样，希望告诉帮忙

显示全部楼层 · 发表于 2007-8-31 10:33:21

用HijackThis扫的，大家帮我看下
Logfile of HijackThis v1.99.1
Scan saved at 10:28:42, on 2007-8-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
D:\QQ\QQ.exe
D:\QQ\TIMPlatform.exe
D:\QQ\QQDoctor\QQDoctor.exe
C:\WINDOWS\system32\rundll32.exe
C:\TDDOWNLOAD\hijackthis.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DrQQVulCheckDownload\WindowsXP-KB935839-x86-CHS.exe
c:\b4ce323d8913aa30292556b1b4\update\update.exe

O1 - Hosts: 61.152.244.167 search.114.vnet.cn
O1 - Hosts: 61.152.244.167 114.vnet.cn
O1 - Hosts: 61.152.244.167 auto.search.msn.com
O1 - Hosts: 61.152.244.167 www.hao123.com
O1 - Hosts: 61.152.244.167 hao123.com
O1 - Hosts: 61.152.244.167 www.360safe.com
O1 - Hosts: 61.152.244.167 360safe.com
O1 - Hosts: 222.73.126.115 update.360safe.com
O1 - Hosts: 61.152.244.167 dl.360safe.com
O1 - Hosts: 61.152.244.167 bbs.360safe.com
O1 - Hosts: 61.152.244.167 www.btbaicai.com
O1 - Hosts: 61.152.244.167 btbaicai.com
O1 - Hosts: 61.152.244.167 www.pctutu.com
O1 - Hosts: 61.152.244.167 www.7322.com
O1 - Hosts: 61.152.244.167 www.5566.net
O1 - Hosts: 61.152.244.167 forum.ikaka.com
O1 - Hosts: 61.152.244.167 www.ikaka.com
O1 - Hosts: 222.73.126.115 update.ikaka.com
O1 - Hosts: 61.152.244.167 forum.jiangmin.com
O1 - Hosts: 222.73.126.115 update.jiangmin.com
O1 - Hosts: 61.152.244.167 post.baidu.com
O1 - Hosts: 222.73.126.115 update.rising.com.cn
O1 - Hosts: 61.152.244.167 online.rising.com.cn
O1 - Hosts: 222.73.126.115 center.rising.com.cn
O1 - Hosts: 61.152.244.167 up.duba.net
O1 - Hosts: 61.152.244.167 shadu.baidu.com
O1 - Hosts: 61.152.244.167 security.symantec.com
O1 - Hosts: 61.152.244.167 shadu.duba.net
O1 - Hosts: 61.152.244.167 online.jiangmin.com
O1 - Hosts: 61.152.244.167 cn.mcafee.com
O1 - Hosts: 61.152.244.167 www.ahn.com.cn
O1 - Hosts: 61.152.244.167 www.kaspersky.com.cn
O1 - Hosts: 61.152.244.167 www.pcav.cn
O1 - Hosts: 61.152.244.167 mopery.hits.io
O1 - Hosts: 61.152.244.167 www.luosoft.com
O1 - Hosts: 61.152.244.167 luosoft.com
O1 - Hosts: 61.152.244.167 www.im286.com
O1 - Hosts: 61.152.244.167 bbs.htmlman.net
O1 - Hosts: 61.152.244.167 10000.286er.com
O1 - Hosts: 61.152.244.167 im286.net
O1 - Hosts: 61.152.244.167 cool.47555.com
O1 - Hosts: 61.152.244.167 ju.qihoo.com
O1 - Hosts: 61.152.244.167 bbs.chinaz.com
O1 - Hosts: 222.73.126.115 dnl-cn1.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn2.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn3.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn4.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn5.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn6.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn7.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn8.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn9.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn10.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn11.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn12.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn13.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn14.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn15.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu1.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu2.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu3.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu4.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu5.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu6.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu7.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu8.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu9.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu10.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu11.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu12.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu13.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu14.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu15.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us1.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us2.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us3.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us4.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us5.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us6.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us7.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us8.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us9.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us10.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us11.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us12.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us13.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us14.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us15.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-ru1.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-ru2.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-ru3.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-ru4.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-ru5.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-ru6.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-ru7.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-ru8.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-ru9.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-ru10.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-ru11.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-ru12.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-ru13.kaspersky-labs.com
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {7369D359-5B70-4A5B-B789-B25FE09B4AF3} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O2 - BHO: NavigatMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\PROGRA~1\360safe\safemon\safemon.dll
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [360Safetray] C:\Program Files\360safe\safemon\360Tray.exe /start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\RunOnce: [RavStub] "C:\PROGRAM FILES\RISING\RAV\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: JUJU猫宽带宝藏论坛 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.jujumao.net (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsof ... e.cab?1112018624531
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F78B898-F035-4A8E-8481-6DE322EA159B}: NameServer = 61.144.56.100 61.144.56.101
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O21 - SSODL: pyd - {9abcdef0-9abc-3456-bcde-9abcdef01234} - C:\WINDOWS\system32\tyh.zin
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe

显示全部楼层 · 发表于 2007-9-4 21:56:59

^_^ 恭喜不知道是什么工具修改了你的hosts文件你需要把hosts文件中的内容清空！！
最后在下载个SRENG 扫描份报告上来！！！