发表于: 2006-09-08 17:59 | 显示全部 短消息 资料
字号: 1楼

救命!高手请帮忙

IE首业被篡改,http://www请高手看一下
www.7939.com/就是被他占领IE
HijackThis_815汉化版扫描日志 V1.99.1
保存于      16:17:20, 日期 2006-9-8
操作系统:  Windows XP  (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 (6.00.2600.0000)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\WINLOGON.EXE
C:\WINDOWS\System32\Realplayer.exe
C:\kybrdff_17.exe
C:\kybrdff_17.exe
C:\WINDOWS\System32\NvVid.exe
C:\Program Files\Microsoft\svhost32.exe
C:\WINDOWS\System32\Intercpu.exe
C:\Program Files\Common Files\UPDATE2\Update.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\SMSS.EXE
C:\WINDOWS\System32\msime.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\0Sy.exe
C:\WINDOWS\Intel\rundll32.exe
F:\HijackThis1991zww.exe

R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: Shell=Explorer.exe 1
O1 - Hosts: 222.208.183.14 www.bastong.com
O1 - Hosts: 218.85.132.38 cool889987.bigwww.com
O1 - Hosts: 218.85.132.38 ert0003.e76.163ns.com
O1 - Hosts: 218.85.132.38 www.mir5173.com
O1 - Hosts: 218.85.132.38 www.se911.com
O1 - Hosts: 222.208.183.14 www.16182.com
O1 - Hosts: 222.208.183.14 www.8713.org
O1 - Hosts: 222.208.183.14 www.china-nmgw.com
O1 - Hosts: 222.208.183.14 www.wg581.com
O1 - Hosts: 222.208.183.14 www.ql317.com
O1 - Hosts: 222.208.183.14 www.flashds.com
O1 - Hosts: 222.208.183.14 www.cnpolo.cn
O1 - Hosts: 222.208.183.14 jhzjyj.bigwww.com
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5027.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: Internet Explorer helper Objects - {C277FAA4-F103-42AE-82FD-F4A1AB015F2A} - C:\WINDOWS\system32\MSIEHelp.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [RavTimer] C:\Program Files\rising\rav\RavTimer.exe
O4 - 启动项HKLM\\Run: [RavMon] C:\Program Files\rising\rav\RavMon.exe
O4 - 启动项HKLM\\Run: [Realplayer.exe] C:\WINDOWS\System32\Realplayer.exe
O4 - 启动项HKLM\\Run: [Tray] C:\WINDOWS\command\rundll32.exe
O4 - 启动项HKLM\\Run: [zt] C:\WINDOWS\Intel\rundll32.exe
O4 - 启动项HKLM\\Run: [keyboard] C:\\kybrdff_17.exe
O4 - 启动项HKLM\\Run: [NvVideoCenter] C:\WINDOWS\System32\NvVid.exe
O4 - 启动项HKLM\\Run: [rpcc] rpcc.exe
O4 - 启动项HKLM\\Run: [C:\DOCUME~1\admin\LOCALS~1\Temp\internat.exe] C:\DOCUME~1\admin\LOCALS~1\Temp\internat.exe
O4 - 启动项HKLM\\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - 启动项HKLM\\Run: [Internet] C:\WINDOWS\System32\Intercpu.exe
O4 - 启动项HKLM\\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - 启动项HKLM\\Run: [Update] C:\Program Files\Common Files\UPDATE2\Update.exe
O4 - 启动项HKLM\\Run: [EMagZone] C:\Program Files\ebook.exe
O4 - 启动项HKLM\\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - 启动项HKLM\\Run: [Desktop] C:\WINDOWS\System32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
O4 - 启动项HKLM\\Run: [TProgram] C:\WINDOWS\SMSS.EXE
O4 - 启动项HKLM\\RunServices: [RavMon] C:\Program Files\rising\rav\RavMon.exe /AUTO
O4 - 启动项HKLM\\RunServices: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - 启动项HKLM\\RunServices: [TProgram] C:\WINDOWS\SMSS.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Realplayer.exe] C:\WINDOWS\System32\Realplayer.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [SoundMan] C:\WINDOWS\S0UNDMAN.exe
O4 - HKCU\..\Run: [ScanRegistry] C:\Program Files\Common Files\update\update.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - IE右键菜单中的新增项目: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - 浏览器额外的按钮: 酷站导航 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\kuzhan\kuzhan.dll
O9 - 浏览器额外的按钮: 天心传奇,国内在线人数最多的传奇 - {3FAA0E5B-4005-431A-BF61-E03983CC9AA7} - http://www.234567.net/ (file missing)
O9 - 浏览器额外的按钮: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - 浏览器额外的“工具”菜单项: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - 浏览器额外的按钮: 开心溜溜娱乐门户网,电影、音乐、DJ、相声、小品、FLASH等等应有尽有 - {6A3AA123-D3AE-4A24-891A-F1232092A719} - http://www.kx66.com/ (file missing)
O9 - 浏览器额外的按钮: 中文网址导航 - {D1DF4E4F-9137-44B7-8061-5F7B41A9D776} - http://www.234567.com/ (file missing)
O9 - 浏览器额外的按钮: 泡游戏,给你推荐最新最好玩的游戏 - {DE2EDC37-FFAD-4B1F-A4E8-D8ADDD349A36} - http://www.paogame.com/ (file missing)
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [CDNCLIENT]  中文上网
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACFE341F-C7A1-4BC9-A4E6-EB8D1080FB59}: NameServer = 192.168.0.1
O20 - AppInit_DLLs: KB399952M.LOG
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\lv8609lse.dll
O23 - NT 服务: Rising Realtime Monitor Service (RsRavMon) - rising - C:\Program Files\rising\rav\RavMonD.exe

最后编辑2006-09-08 18:26:38