求助,主页被劫持了
本来是中了病毒按照网上的方法杀了毒,现在任务管理器和注册表都是可以打开了
但是经常还是出现问题,主页被改成"锦山在线 ",到注册表里改回来,有时候还是不行
有一次是已经改过注册表了,然后用了一个软件qqkav.exe查毒,差出一个welcome的病毒,然后主页又被改了(这个qqkav.exe中毒之前用过,没有问题 ),并且桌面上会出现一个 IE浏览器的快捷键,属性中就是锦山在线的网址,但是不知道源文件在哪里; 而且电脑无法粘贴(这个是灰色的),也不能拖动文件
下面是我再次改了注册表后做的扫描,请谁能帮我看看,谢谢了^^
================================================================================
HijackThis_zww汉化版扫描日志 V1.99.1
保存于 18:19:31, 日期 2005/7/14
操作系统: Windows 2000 SP2 (WinNT 5.00.2195)
浏览器: Internet Explorer v5.00 SP2 (5.00.2920.0000)
当前运行的进程:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\KAV2005\KWatch.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
C:\KAV2005\KPfwSvc.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\Twain_32\B820\HotKey.exe
C:\Program Files\SkyNet\FireWall\pfw.exe
C:\Program Files\Chinanet\VnetClient.exe
D:\3747692005713211415\HijackThis1991zww.exe
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - 启动项HKLM\\Run: [HotKey] C:\WINNT\Twain_32\B820\HotKey.exe
O4 - 启动项HKLM\\Run: [SKYNET Personal FireWall] C:\Program Files\SkyNet\FireWall\pfw.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\Ctfmon.exe
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {1F831FA1-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) -
file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/025eac83fec57b3ecf05/netzip/RdxIE601_cn.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday 控件) -
file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {9A0527C1-4D5F-4E45-9D28-6257F75EDDB1} - http://download.imuweb.com/client/chatatwill/ie/imuiepls.cab
O16 - DPF: {AE563722-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) -
file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan
Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview 控件) -
file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D3BD628-2011-4EBA-8FF8-326848E2932B}: NameServer = 202.102.24.35
O17 - HKLM\System\CCS\Services\Tcpip\..\{48D34B3B-4D79-44B1-8A80-71536D5994AB}: NameServer = 218.2.135.1 61.147.37.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D3BD628-2011-4EBA-8FF8-326848E2932B}: NameServer = 202.102.24.35
O17 - HKLM\System\CS2\Services\Tcpip\..\{2D3BD628-2011-4EBA-8FF8-326848E2932B}: NameServer = 202.102.24.35
O18 - 列举现有的协议: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINNT\System32\mbprot.dll
O23 - NT 服务: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\KAV2005\KPfwSvc.EXE
O23 - NT 服务: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\KAV2005\KWatch.EXE
