谁能告诉我怎么搞定http://96wg.idc.765321.net/自动ie主页

进程没有任何可疑的进程，杀毒没有毒但是从注册表删除http://96wg.idc.765321.net/根本无效，删除后马上就有了，一定是被劫持了，谁来帮我找出来啊



HijackThis的扫描日志  V1.97.7
Scan saved at 8:10:55, on 2006-9-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\WINDOWS\system32\ctfmon.exe
E:\Program Files\ad-aware\Ad-aware\Ad-Watch.exe
D:\WINDOWS\system32\conime.exe


O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "E:\Program Files\ad-aware\Ad-aware\Ad-Watch.exe"
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: PUTTY.RND
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB155C9F-FA4A-4D9C-96B0-4B8AF6CCE945}: NameServer = 202.96.128.86,202.96.128.166



Logfile of Kaka v Scan Module v2. 0. 0. 1
Scan saved at 08:20:04, on 2006-09-27
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=D:\WINDOWS\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://96wg.idc.765321.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://securityresponse.symantec.com/avcenter/fix_homepage/
R3 - Default URLSearchHook is missing
O1 - Hosts: 127.0.0.1      localhost
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "E:\Program Files\ad-aware\Ad-aware\Ad-Watch.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB155C9F-FA4A-4D9C-96B0-4B8AF6CCE945}: NameServer = 202.96.128.86,202.96.128.166
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - D:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - D:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - D:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - D:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - D:\WINDOWS\system32\wiascr.dll
O20 - Winlogon Notify: igfxcui
O20 - Winlogon Notify: NavLogon
O23 - Service: Background Intelligent Transfer Service (BITS) -  - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - "D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - "D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - "D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - "D:\Program Files\Symantec AntiVirus\DefWatch.exe"
O23 - Service: Human Interface Device Access (HidServ) -  - D:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: SAVRoam (SavRoam) - symantec - "D:\Program Files\Symantec AntiVirus\SavRoam.exe"
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - "D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - "D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
O23 - Service: Symantec AntiVirus (Symantec AntiVirus) - Symantec Corporation - "D:\Program Files\Symantec AntiVirus\Rtvscan.exe"

补充说明一下，首页地址虽然老被改成http://96wg.idc.765321.net/改注册表都无效，重新打开注册表又是这个地址

但是我开启ie打开的网页却是微软的默认地址，而不是http://96wg.idc.765321.net，虽然没有多大影响，但主页地址却总是http://96wg.idc.765321.net改不了。想把http://96wg.idc.765321.net去掉

那位帮帮忙

2006-09-27,13:44:05

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><D:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <AWMON><"E:\Program Files\ad-aware\Ad-aware\Ad-Watch.exe">  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <ccApp><"D:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [Symantec Corporation]
    <vptray><D:\PROGRA~1\SYMANT~1\VPTray.exe>  [Symantec Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><D:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [Intel Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><D:\WINDOWS\system32\NavLogon.dll>  [Symantec Corporation]

==================================
启动文件夹
服务
[Symantec Event Manager / ccEvtMgr]
  <"D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
  <"D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
  <"D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch]
  <"D:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[SavRoam / SavRoam]
  <"D:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc]
  <"D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc]
  <"D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
  <"D:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>

==================================
浏览器加载项
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <D:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>

==================================
正在运行的进程
[PID: 700][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 756][\??\D:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 780][\??\D:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\WINDOWS\system32\NavLogon.dll]  <Symantec Corporation><10.0.0.359>
[PID: 824][D:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 836][D:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 980][D:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1076][D:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1140][D:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1204][D:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1268][D:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1612][D:\Program Files\Symantec AntiVirus\Rtvscan.exe]  <Symantec Corporation><10.0.0.359>
    [D:\WINDOWS\system32\CBA.DLL]  <Intel? Corporation><6.12.0.130 E>
    [D:\WINDOWS\system32\MsgSys.dll]  <Intel? Corporation><6.12.0.130 E>
    [D:\WINDOWS\system32\NTS.dll]  <Intel? Corporation><6.12.0.130 E>
    [D:\WINDOWS\system32\PDS.DLL]  <Intel? Corporation><6.12.0.130 E>
    [D:\Program Files\Symantec AntiVirus\NAVLU.dll]  <Symantec Corporation><10.0.0.359>
    [D:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL]  <Symantec Corporation><10.0.0.359>
    [d:\program files\common files\symantec shared\ssc\ScsComms.dll]  <Symantec Corporation><10.0.0.359>
    [D:\Program Files\Symantec AntiVirus\I2ldvp3.dll]  <Symantec Corporation><10.0.0.359>
    [D:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  <Symantec Corporation><103.5.1.9>
    [D:\Program Files\Common Files\Symantec Shared\ccL35.dll]  <Symantec Corporation><103.5.1.9>
    [D:\Program Files\Common Files\Symantec Shared\ccDec.dll]  <Symantec Corporation><103.5.1.9>
    [D:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll]  <Symantec Corporation><3.02.12.35>
    [D:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll]  <Symantec Corporation><3.02.12.35>
    [D:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll]  <Symantec Corporation><3.02.12.35>
    [D:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll]  <Symantec Corporation><3.02.12.35>
    [D:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll]  <Symantec Corporation><3.02.12.35>
    [D:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll]  <Symantec Corporation><3.02.12.35>
    [D:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll]  <Symantec Corporation><3.02.12.35>
    [D:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll]  <Symantec Corporation><3.02.12.35>
    [D:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll]  <Symantec Corporation><3.02.12.35>
    [D:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll]  <Symantec Corporation><3.02.12.35>
    [D:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll]  <Symantec Corporation><3.02.12.35>
    [D:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll]  <Symantec Corporation><3.02.12.35>
    [D:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll]  <Symantec Corporation><3.02.12.35>
    [D:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll]  <Symantec Corporation><3.02.12.35>
    [D:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll]  <Symantec Corporation><3.02.12.35>
    [D:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll]  <Symantec Corporation><3.02.12.35>
    [D:\Program Files\Common Files\Symantec Shared\ccScan.dll]  <Symantec Corporation><103.5.1.9>
    [D:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL]  <Symantec Corporation><1.4.0.11>
    [D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060925.016\ccEraser.dll]  <Symantec Corporation><106.2.2.68>
    [D:\Program Files\Symantec AntiVirus\DefUtDCD.dll]  <Symantec Corporation><3.1.13a.0>
    [D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060925.016\ecmsvr32.dll]  <Symantec Corporation><61.2.1.10>
    [D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060925.016\NAVEX32a.DLL]  <Symantec Corporation><20061.2.0.26>
    [D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060925.016\NAVENG32.DLL]  <Symantec Corporation><20061.2.0.26>
    [D:\Program Files\Symantec AntiVirus\NAVAP32.DLL]  <Symantec Corporation><9.5.0.44>
    [D:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  <Symantec Corporation><9.5.0.44>
    [D:\Program Files\Symantec AntiVirus\IMail.dll]  <Symantec Corporation><10.0.0.359>
    [D:\Program Files\Symantec AntiVirus\NotesExt.dll]  <Symantec Corporation><10.0.0.359>
    [D:\Program Files\Symantec AntiVirus\vpmsece3.dll]  <Symantec Corporation><10.0.0.359>
    [D:\Program Files\Symantec AntiVirus\SymProtectStorage.dll]  <Symantec Corporation><10.0.0.359>
    [D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll]  <Symantec Corporation><1,5,1,3>
[PID: 692][D:\Documents and Settings\Administrator\桌面\System Repair Engineer\sreng2\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
[PID: 932][D:\WINDOWS\explorer.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["D:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

2楼的，按你说的做过了，还是老样子，上面是完整的日志，帮帮我看看。