瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 请大虾帮助看看,我的浏览器被劫持到http://www.hk582.com/index1.htm

1   1  /  1  页   跳转

请大虾帮助看看,我的浏览器被劫持到http://www.hk582.com/index1.htm

收藏
UTS零点
头像
初生襁褓狮
  • 帖子:2
  • 注册: 2005-08-18
  • 来自:
发表于: 2005-08-18 11:58 | 只看楼主 短消息 资料
字号: 1楼

请大虾帮助看看,我的浏览器被劫持到http://www.hk582.com/index1.htm

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      11:53:37, 日期 2005-8-18
操作系统:  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器:    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程:         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Kingdee\KM Client Component\TodoList.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis1991汉化版\HijackThis1991zww.exe
C:\Program Files\Internet Explorer\iexplore.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\zhaopian\q2005\QQIEHelper.dll
O2 - BHO: IEHlprObj Class - {EE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\INTERN~1\HMAPI.dll
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE工具栏增项: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - IE工具栏增项: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: 待办事宜提醒.lnk = C:\Program Files\Kingdee\KM Client Component\TodoList.exe
O9 - 浏览器额外的按钮: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - 浏览器额外的“工具”菜单项: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\cdnns.dll
O11 - Options group: [CDNCLIENT]  中文上网
O15 - 添加的受信任的 IP 地址范围: http://192.168.173.10
O16 - DPF: {336FC477-5098-11D4-A9AE-8F556E301D79} (cstAnnunciator.Annunciator) - http://192.168.173.10/xksscx/graph/Annunciator.ocx
O16 - DPF: {6ADFD246-1AAA-11D4-A9AC-B761E1FFB47A} (cstMeter.Meter) - http://192.168.173.10/xksscx/graph/Meter.ocx
O16 - DPF: {6ADFDC49-1AAA-11D4-A9AC-B761E1FFB47A} (cstToggle.Toggle) - http://192.168.173.10/xksscx/graph/toggle.ocx
O16 - DPF: {77F620E8-D0AE-41C2-B3EB-D82FFA82F25F} (cstNumberLed.NumberLed) - http://192.168.173.10/xksscx/graph/numberled.ocx
O16 - DPF: {D356F5E6-4060-4685-9165-8F39A85FE2EA} (cstTrend.Trend) - http://192.168.173.10/xksscx/graph/trend.ocx
O16 - DPF: {F3EA99D0-9729-4F43-8942-D13146FE9854} (CheckClientComponent.UserControl1) - http://oa/WebOA/CheckClientComponent.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{ADC0C552-E64F-4F1E-AB64-47D6612B627E}: NameServer = 202.96.104.16,202.96.104.17
O17 - HKLM\System\CS1\Services\Tcpip\..\{ADC0C552-E64F-4F1E-AB64-47D6612B627E}: NameServer = 202.96.104.16,202.96.104.17
O17 - HKLM\System\CS2\Services\Tcpip\..\{ADC0C552-E64F-4F1E-AB64-47D6612B627E}: NameServer = 202.96.104.16,202.96.104.17
O18 - 列举现有的协议: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINNT\wc98pp.dll
O18 - 列举现有的协议: ipp - (no CLSID) - (no file)
O18 - 列举现有的协议: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll
O18 - 列举现有的协议: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINNT\system32\inetcomm.dll
O18 - 列举现有的协议: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll
O18 - 列举现有的协议: msdaipp - (no CLSID) - (no file)
O18 - 列举现有的协议: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - 列举现有的协议: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - NT 服务: C-DillaSrv - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
O23 - NT 服务: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

最后编辑2005-08-18 12:15:54
分享到:
gototop
 
花落花又开
头像
社区嘉宾
  • 帖子:6782
  • 注册: 2005-04-16
  • 来自:
发表于: 2005-08-18 11:59 | 短消息 资料
字号: 2楼

【回复“UTS零点”的帖子】
修复:O2 - BHO: IEHlprObj Class - {EE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\INTERN~1\HMAPI.dll
删除:C:\PROGRA~1\INTERN~1\HMAPI.dll
gototop
 
UTS零点
头像
初生襁褓狮
  • 帖子:2
  • 注册: 2005-08-18
  • 来自:
发表于: 2005-08-18 12:15 | 只看楼主 短消息 资料
字号: 3楼

【回复“花落花又开”的帖子】谢谢大虾的帮助,问题解决了!
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT