【原创】我的浏览器首页被改成了精品网站 bbs.ikaka.com

GYGYGY1 - 2007-4-20 14:09:00

我的浏览器首页被改成了精品网站，主页仍然是原来的百度。有什么办法把首页改为百度？另我的主页百度地址为何为http://www.baidu.com/index.php?tn=luojianbin_pg？下面是日志：
Logfile of HijackThis v1.99.1
Scan saved at 13:58:07, on 2007-4-20
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\Explorer.EXE
F:\My tools\KAV\k\avp.exe
D:\WINNT\system32\internat.exe
F:\My tools\天网防火墙\Firewall\PFW.exe
D:\Program Files\INTERN~1\IEXPLORE.EXE
F:\My tools\HIJACKTHIS V1.99.1\HijackThis.exe
F:\DATA\同花顺核新\LiveUpdate.exe
D:\WINNT\system32\notepad.exe
D:\PROGRA~1\COMMON~1\MICROS~1\IME\Shared2.0\IMEPADSV.EXE
F:\DATA\同花顺核新\hexin.exe

O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [kav] "F:\My tools\KAV\k\avp.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [c1bim] D:\DOCUME~1\k\LOCALS~1\Temp\rundl132.exe
O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://E:\OFFICE~1\OFFICE\Office10\EXCEL.EXE/3000
O9 - Extra button: Web反病毒保护 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\My tools\KAV\k\scieplugin.dll
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\My tools\QQ2005\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\My tools\QQ2005\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\My tools\QQ2005\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\My tools\QQ2005\QQIEHelper.dll (file missing)
O16 - DPF: {52DF16E3-6C4F-4B22-8BAF-09263E463B48} - http://zs.kingsoft.com/KOSInit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{73004D52-4758-4392-A274-7E45B29730D3}: NameServer = 202.102.3.144
O20 - AppInit_DLLs: APIHookDll.dll
O20 - Winlogon Notify: klogon - D:\WINNT\system32\klogon.dll
O23 - Service: AVP - Kaspersky Lab - F:\My tools\KAV\k\avp.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINNT\system32\nvsvc32.exe

９８７６５３２ - 2007-4-20 14:27:00

中流氓软件了，用卡卡或用超级兔子清理

GYGYGY1 - 2007-4-20 17:00:00

我又扫了一张日志

2007-04-20,16:27:26

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<internat.exe><internat.exe> [(Verified)Microsoft Windows 2000 Publisher]
<c1bim><D:\DOCUME~1\k\LOCALS~1\Temp\rundl132.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Windows 2000 Publisher]
<kav><"F:\My tools\KAV\k\avp.exe"> [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><D:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><APIHookDll.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><D:\WINNT\system32\klogon.dll> [Kaspersky Lab]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><D:\WINNT\system32\ssstars.scr> [(Verified)Microsoft Windows 2000 Publisher]

==================================
启动文件夹
N/A

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<D:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[AVP / AVP][Stopped/Auto Start]
<"F:\My tools\KAV\k\avp.exe -r"><Kaspersky Lab>
[C-DillaCdaC11BA / C-DillaCdaC11BA][Stopped/Disabled]
<D:\WINNT\system32\drivers\CDAC11BA.EXE><Macrovision>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[kavsvc / kavsvc][Stopped/Auto Start]
<><N/A>
[Kingsoft Personal Firewall Service / KPfwSvc][Stopped/Disabled]
<><N/A>
[NVIDIA Driver Helper Service / NVSvc][Stopped/Manual Start]
<D:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<D:\WINNT\System32\svchost.exe -k netsvcs-->D:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[CdaC15BA / CdaC15BA][Running/Auto Start]
<\??\D:\WINNT\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\dmio.sys><VERITAS Software Corp.>
[dtscsi / dtscsi][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\dtscsi.sys><DT Soft Ltd.>
[FltMgr / FltMgr][Running/Boot Start]
<\SystemRoot\system32\drivers\fltmgr.sys><Microsoft Corporation>
[WAN Miniport Driver For PPPoE Protocol / GNetPPPoE][Running/Manual Start]
<system32\DRIVERS\PPPoE.SYS><Guangdong Data Communications Network Co.Ltd.>
[HSFHWBS2 / HSFHWBS2][Stopped/Manual Start]
<system32\DRIVERS\HSFHWBS2.sys><Conexant Systems>
[HSF_DP / HSF_DP][Stopped/Manual Start]
<system32\DRIVERS\HSF_DP.sys><Conexant Systems>
[Kl1 / Kl1][Running/Boot Start]
<\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
[Klif / Klif][Running/System Start]
<System32\drivers\klif.sys><Kaspersky Lab>
[Klmc / Klmc][Running/System Start]
<System32\drivers\klmc.sys><Kaspersky Lab>
[KNetWch / KNetWch][Stopped/System Start]
<\??\C:\KAV2006\KNetWch.SYS><N/A>
[mdmxsdk / mdmxsdk][Running/Auto Start]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\F:\My tools\QQ2005\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nv4 / nv4][Stopped/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[OKPQCROSOF / OKPQCROSOF][Stopped/Manual Start]
<\??\F:\My tools\Wopti\WoptiClean.sys><Wopti>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[WAN Miniport (PPP over Ethernet Protocol) / RMSPPPOE][Stopped/Manual Start]
<system32\DRIVERS\RMSPPPOE.SYS><Robert Schlabbach>
[Feitian ROCKEY4 Device Service / ROCKEYNT][Running/Manual Start]
<system32\DRIVERS\Rockey4.sys><Feitian Technologies Co., Ltd.>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SecDrv / SecDrv][Running/Auto Start]
<\??\D:\WINNT\system32\drivers\SECDRV.SYS><Macrovision Europe Ltd>
[Sentinel / Sentinel][Running/Auto Start]
<\SystemRoot\System32\Drivers\SENTINEL.SYS><>
[SKNFW / SKNFW][Running/System Start]
<\??\D:\WINNT\system32\Drivers\SKNFW.sys><N/A>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[SVKP / SVKP][Stopped/Auto Start]
<\??\D:\WINNT\system32\SVKP.sys><N/A>
[TDDI / TDDI][Running/Auto Start]
<\??\D:\WINNT\system32\drivers\tddi.sys><Microsoft Corporation>
[TSP / TSP][Stopped/Manual Start]
<\??\D:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
[UKYGNDPIOW / UKYGNDPIOW][Stopped/Manual Start]
<\??\F:\My tools\Wopti\WoptiClean.sys><Wopti>
[winachsf / winachsf][Stopped/Manual Start]
<system32\DRIVERS\HSF_CNXT.sys><Conexant Systems>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[XDDFFSS / XDDFFSS][Stopped/Manual Start]
<\??\D:\DOCUME~1\k\LOCALS~1\Temp\2gcwu.sys><N/A>

GYGYGY1 - 2007-4-20 17:03:00

【回复“GYGYGY1”的帖子】
浏览器加载项
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Web反病毒保护]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <F:\My tools\KAV\k\scieplugin.dll, Kaspersky Lab>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <F:\My tools\QQ2005\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <F:\My tools\QQ2005\QQIEHelper.dll, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\system32\Macromed\Flash\Flash.OCX, Macromedia, Inc.>
[导出到 Microsoft Excel(&x)]
<res://E:\OFFICE~1\OFFICE\Office10\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 220][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 244][\??\D:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 240][\??\D:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6970]
[D:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[D:\WINNT\system32\klogon.dll] [Kaspersky Lab, 6.0.0.299]
[D:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[PID: 296][D:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.6700]
[D:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3]
[PID: 308][D:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.6902]
[PID: 516][D:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 564][D:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 592][D:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[D:\WINNT\system32\unimdm.tsp] [Microsoft Corporation, 5.00.2195.6601]
[D:\WINNT\system32\kmddsp.tsp] [Microsoft Corporation, 5.00.2150.1]
[D:\WINNT\system32\ndptsp.tsp] [Microsoft Corporation, 5.00.2143.1]
[D:\WINNT\system32\ipconf.tsp] [Microsoft Corporation, 5.00.2143.1]
[D:\WINNT\system32\h323.tsp] [Microsoft Corporation, 5.00.2195.6901]
[PID: 632][D:\WINNT\system32\MSTask.exe] [Microsoft Corporation, 4.71.2195.6920]
[PID: 988][D:\WINNT\system32\internat.exe] [Microsoft Corporation, 5.00.2920.0000]
[PID: 1308][F:\DATA\同花顺核新\LiveUpdate.exe] [上海核新软件技术有限公司, 2006, 11, 2, 0]
[F:\DATA\同花顺核新\RICHED20.dll] [Microsoft Corporation, 5.30.23.1205]
[PID: 1388][D:\WINNT\explorer.exe] [Microsoft Corporation, 5.00.3700.6690]
[D:\WINNT\AppPatch\AcLayers.DLL] [Microsoft Corporation, 5.00.2195.6717]
[D:\WINNT\system32\AcSignIcon.dll] [Autodesk, 16.1.63.0]
[D:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.1.63.0]
[D:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[D:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[F:\My tools\KAV\k\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[D:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[F:\My tools\KAV\k\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[F:\My tools\KAV\k\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[F:\My tools\KAV\k\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[F:\My tools\KAV\k\prkernel.ppl] [Kaspersky Lab, 6.0.0.299]
[f:\my tools\kav\k\params.ppl] [Kaspersky Lab, 6.0.0.299]
[f:\my tools\kav\k\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[f:\my tools\kav\k\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
[f:\my tools\kav\k\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
[f:\my tools\kav\k\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
[D:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1]
[D:\WINNT\system32\wmploc.dll] [Microsoft Corporation, 9.00.00.2980]
[D:\WINNT\system32\WMASF.DLL] [Microsoft Corporation, 9.00.00.2980 built by: lab03_dev(bld4act)]
[D:\WINNT\system32\wmnetmgr.dll] [Microsoft Corporation, 9.00.00.2980]
[E:\OFFICE XP SP2\OFFICE\Office10\msohev.dll] [Microsoft Corporation, 10.0.2609]
[F:\My tools\KAV\k\shellex.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 336][D:\WINNT\system32\rundll32.exe] [Microsoft Corporation, 5.00.2134.1]
[D:\WINNT\system32\AcSignIcon.dll] [Autodesk, 16.1.63.0]
[PID: 1020][F:\My tools\SREN\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR Error. [AutoCADScriptFile]
.CHM Error. ["hh.exe" %1]
.HLP Error. [winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 mmsk.cn
127.0.0.1 bbs.mmsk.cn
127.0.0.1 www.mmsk.cn
127.0.0.1 soudong.com
127.0.0.1 www.soudong.com

==================================
API HOOK
RVA 错误： LoadLibraryA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xBE944B25)
RVA 错误： LoadLibraryExA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xBE944D67)
RVA 错误： LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xBE944F0B)
RVA 错误： LoadLibraryW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xBE944C49)
RVA 错误： GetProcAddress (危险等级: 高, 被下面模块所HOOK: Dest Addr: 0xBE944E8F)

==================================
隐藏进程
N/A

瑞星卡卡安全论坛