瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 求助~IE被劫持,请高手帮我看下日志

1   1  /  1  页   跳转

求助~IE被劫持,请高手帮我看下日志

收藏
张飞
头像
拙长孩提狮
  • 帖子:78
  • 注册: 2004-12-27
  • 来自:
发表于: 2008-01-17 12:16 | 只看楼主 短消息 资料
字号: 1楼

求助~IE被劫持,请高手帮我看下日志

Logfile of HijackThis v1.99.1
Scan saved at 11:56:34, on 2008-1-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\Program Files\Rising\Rfw\rfwsrv.exe
C:\Program Files\Rising\Rfw\rfwProxy.exe
C:\Program Files\Rising\Rfw\rfwstub.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rfw\RfwMain.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRAM FILES\RISING\RAV\RavMon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\程序专用\ha_hijackthis_1991\HijackThis.exe

R3 - Default URLSearchHook is missing
O1 - Hosts: 219.235.3.16 search.114.vnet.cn
O1 - Hosts: 219.235.3.16 keyword.vnet.cn
O1 - Hosts: 219.235.3.16 auto.search.msn.com
O1 - Hosts: 219.235.3.16 search.msn.com
O1 - Hosts: 219.235.3.16 cnweb.search.live.com
O1 - Hosts: 219.235.3.16 www.hao123.com
O1 - Hosts: 219.235.3.16 hao123.com
O1 - Hosts: 219.235.3.16 www.360safe.com
O1 - Hosts: 219.235.3.16 360safe.com
O1 - Hosts: 222.73.126.115 update.360safe.com
O1 - Hosts: 219.235.3.16 dl.360safe.com
O1 - Hosts: 219.235.3.16 bbs.360safe.com
O1 - Hosts: 219.235.3.16 www.btbaicai.com
O1 - Hosts: 219.235.3.16 btbaicai.com
O1 - Hosts: 219.235.3.16 www.pctutu.com
O1 - Hosts: 219.235.3.16 www.7322.com
O1 - Hosts: 219.235.3.16 www.5566.net
O1 - Hosts: 219.235.3.16 www.9991.com
O1 - Hosts: 219.235.3.16 9991.com
O1 - Hosts: 219.235.3.16 forum.ikaka.com
O1 - Hosts: 219.235.3.16 www.ikaka.com
O1 - Hosts: 222.73.126.115 update.ikaka.com
O1 - Hosts: 219.235.3.16 forum.jiangmin.com
O1 - Hosts: 222.73.126.115 update.jiangmin.com
O1 - Hosts: 219.235.3.16 post.baidu.com
O1 - Hosts: 222.73.126.115 update.rising.com.cn
O1 - Hosts: 219.235.3.16 online.rising.com.cn
O1 - Hosts: 222.73.126.115 center.rising.com.cn
O1 - Hosts: 219.235.3.16 up.duba.net
O1 - Hosts: 219.235.3.16 shadu.baidu.com
O1 - Hosts: 219.235.3.16 du.baidu.com
O1 - Hosts: 219.235.3.16 security.symantec.com
O1 - Hosts: 219.235.3.16 shadu.duba.net
O1 - Hosts: 219.235.3.16 bbs.duba.net
O1 - Hosts: 219.235.3.16 www.duba.net
O1 - Hosts: 219.235.3.16 online.jiangmin.com
O1 - Hosts: 219.235.3.16 cn.mcafee.com
O1 - Hosts: 219.235.3.16 www.ahn.com.cn
O1 - Hosts: 219.235.3.16 www.kaspersky.com.cn
O1 - Hosts: 219.235.3.16 www.pcav.cn
O1 - Hosts: 219.235.3.16 mopery.hits.io
O1 - Hosts: 219.235.3.16 www.luosoft.com
O1 - Hosts: 219.235.3.16 luosoft.com
O1 - Hosts: 219.235.3.16 www.im286.com
O1 - Hosts: 219.235.3.16 bbs.htmlman.net
O1 - Hosts: 219.235.3.16 10000.286er.com
O1 - Hosts: 219.235.3.16 im286.net
O1 - Hosts: 219.235.3.16 cool.47555.com
O1 - Hosts: 219.235.3.16 ju.qihoo.com
O1 - Hosts: 219.235.3.16 bbs.chinaz.com
O1 - Hosts: 219.235.3.16 www.qihoo.com
O1 - Hosts: 219.235.3.16 360safe.qihoo.com
O1 - Hosts: 219.235.3.16 360.qihoo.com
O1 - Hosts: 222.73.126.115 dnl-cn1.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn2.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn3.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn4.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn5.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn6.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn7.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn8.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn9.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn10.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn11.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn12.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn13.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn14.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-cn15.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu1.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu2.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu3.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu4.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu5.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu6.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu7.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu8.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu9.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu10.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu11.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu12.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu13.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu14.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-eu15.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us1.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us2.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us3.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us4.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us5.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us6.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us7.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us8.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us9.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us10.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us11.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us12.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us13.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us14.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-us15.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-ru1.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-ru2.kaspersky-labs.com
O1 - Hosts: 222.73.126.115 dnl-ru3.kaspersky-labs.com
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {B69F34DC-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: NavigatMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\PROGRA~1\360safe\safemon\safemon.dll
O4 - HKLM\..\Run: [switch] c:\windows\system32\壁纸自动换.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [360Safetray] C:\Program Files\360safe\safemon\360Tray.exe /start
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 网际飞音 - {8E4E4123-AAC7-42CA-AF1B-68CE70B8D385} - C:\Program Files\Donor\donor.exe
O9 - Extra 'Tools' menuitem: 网际飞音(&D) - {8E4E4123-AAC7-42CA-AF1B-68CE70B8D385} - C:\Program Files\Donor\donor.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rfw\rfwProxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe



[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
最后编辑2008-01-17 12:51:09
分享到:
gototop
 
海生
头像
社区嘉宾
  • 帖子:21060
  • 注册: 2003-12-06
  • 来自:元老院
论坛9周年纪念一帮一小组成员
发表于: 2008-01-17 13:02 | 短消息 资料
字号: 2楼

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
这些都修复一下
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT