今天与 Backdoor.Gpigeon.zbg 拼斗了一天,无语
我的* HijackThis v1.99.1 *
程序设计: Merijn - merijn@spywareinfo.com
http://www.merijn.org/files/hijackthis.zip
http://www.merijn.org/index.html
汉化:zww3008 zww3008@yahoo.com.cn
HijcakThis日志中的每一行以一个分类名称开始。
要查看主窗口扫结果列表中的某个项目类别的更多详细信息,请选定该项目所在行使其高亮显示,然后点击“关于该项目的信息...”按钮即可弹出该项目类别的详细信息说明。
R - 默认起始主页或默认搜索页注册表键值的改变,或新建的可能导致其改变的注册表键值
R0 - 注册表中IE主页/搜索页默认键值的改变
R1 - 新建的注册表键值(V)
R1 - 新建的注册表键值(K)
R3 - 在本应只有一个键值的地方新建的额外键值
F - ini文件中的启动项或映射到注册表中的键值
F0 - System.ini中的启动项改变值
F1 - Win.ini中的启动项新建值
F2 - 注册表中System.ini映射区中的启动项或UserInit项后面启动的其他程序
F3 - 注册表中Win.ini文件映射区中的启动项
N - Netscape、Mozilla浏览器的默认起始主页和默认搜索页的改变。
N1 - Netscape 4.x中,prefs.js的改变
N2 - Netscape 6中,prefs.js的改变
N3 - Netscape 7中,prefs.js的改变
N4 - Mozilla中,prefs.js的改变
O - 其它类,包含很多方面,下面一一详述
O1 - 在Host文件中添加的IP地址域名解析映射
O2 - IE浏览器辅助对象(BHO模块)
O3 - IE工具栏
O4 - 随系统加载的自启动顶
O5 - 使控制面板中隐去Internet选项
O6 - 禁用Internet选项
O7 - 禁用注册表编辑器
O8 - IE的右键菜单中的新增项目
O9 - 额外的IE“工具”菜单项目及工具栏按钮
O10 - Winsock LSP浏览器劫持
O11 - IE“高级选项”中的新项目
O12 - IE插件
O13 - 对IE默认的URL前缀的修改
O14 - IERESET.INF文件中的改变
O15 - “受信任的站点”中的不速之客
O16 - 下载的程序文件,即下载程序目录下的ActiveX对象
O17 - 域劫持/DNS服务器
O18 - 额外协议和协议劫持程序
O19 - 用户样式表劫持
O20 - 注册表键值AppInit_DLLs处的自启动项
O21 - 注册表键 ShellService
ObjectDelayLoad (SSODL)处的自启动项
O22 - 注册表键 SharedTaskScheduler 处的自启动项
O23 - 列举 NT 服务
HijackThis命令行方式
* /autolog - 随系统启动运行HijackThis扫描,并生成和打开扫描日志
* /ihatewhitelists - 忽略所有的内部空白列表
* /uninstall - 删除HijackThis的注册表信息,备份后退出
* 版本更新历史 *
[v1.99.1]
* Added Winlogon Notify keys to O20 listing
* Fixed crashing bug on certain Win2000 and WinXP systems at O23 listing
* Fixed lots and lots of 'unexpected error' bugs
* Fixed lots of inproper functioning bugs (i.e. stuff that didn't work)
* Added 'Delete NT Service' function in Misc Tools section
* Added ProtocolDefaults to O15 listing
* Fixed MD5 hashing not working
* Fixed 'ISTSVC' autorun entries with garbage data not being fixed
* Fixed HijackThis uninstall entry not being updated/created on new versions
* Added Uninstall Manager in Misc Tools to manage 'Add/Remove Software' list
* Added option to scan the system at startup, then show results or quit if nothing found
[v1.99]
* Added O23 (NT Services) in light of newer trojans
* Integrated ADS Spy into Misc Tools section
* Added 'Action taken' to info in 'More info on this item'
[v1.98]
* Definitive support for Japanese/Chinese/Korean systems
* Added O20 (AppInit_DLLs) in light of newer trojans
* Added O21 (ShellService
ObjectDelayLoad, SSODL) in light of newer trojans
* Added O22 (SharedTaskScheduler) in light of newer trojans
* Backups of fixed items are now saved in separate folder
* HijackThis now checks if it was started from a temp folder
* Added a small process manager (Misc Tools section)
[v1.96]
* Lots of bugfixes and small enhancements! Among others:
* Fix for Japanese IE toolbars
* Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's
* Attributes on Hosts file will now be restored when scanning/fixing/restoring it.
* Added several files to the LSP whitelist
* Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart
* All sites in the Trusted Zone are now shown, with the exception of those on the nonstandard but safe domain list
[v1.95]
* Added a new regval to check for from Whazit hijack (Start Page_bak).
* Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap).
* New in log
file: Running processes at time of scan.
* Checkmarks for running StartupList with /full and /complete in HijackThis UI.
* New O19 method to check for Datanotary hijack of user stylesheet.
* Google.com IP added to whitelist for Hosts file check.
[v1.94]
* Fixed a bug in the Check for Updates function that could cause corrupt downloads on certain systems.
* Fixed a bug in enumeration of toolbars (Lop toolbars are now listed!).
* Added imon.dll, drwhook.dll and wspirda.dll to LSP safelist.
* Fixed a bug where DPF could not be deleted.
* Fixed a stupid bug in enumeration of autostarting shortcuts.
* Fixed info on Netscape 6/7 and Mozilla saying '%shitbrowser%' (oops).
* Fixed bug where logfile would not auto-open on systems that don't have .log filetype registered.
* Added support for backing up F0 and F1 items (d'oh!).
[v1.93]
* Added mclsp.dll (McAfee), WPS.DLL (Sygate Firewall), zklspr.dll (Zero Knowledge) and mxavlsp.dll (OnTrack) to LSP safelist.
* Fixed a bug in LSP routine for Win95.
* Made taborder nicer.
* Fixed a bug in backup/restore of IE plugins.
* Added UltimateSearch hijack in O17 method (I think).
* Fixed a bug with detecting/removing BHO's disabled by BHODemon.
* Also fixed a bug in StartupList (now version 1.52.1).
[v1.92]
* Fixed two stupid bugs in backup restore function.
* Added DiamondCS file to LSP files safelist.
* Added a few more items to the protocol safelist.
* Log is now opened immediately after saving.
* Removed rd.yahoo.com from NSBSD list (spammers are starting to use this, no doubt spyware authors will follow).
* Updated integrated StartupList to v1.52.
* In light of SpywareNuker/BPS Spyware Remover, any strings relevant to reverse-engineers are now encrypted.
* Rudimentary proxy support for the Check for Updates function.
[v1.91]
* Added rd.yahoo.com to the Nonstandard But Safe Domains list.
* Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18).
* Added listing of programs/links in Startup folders (O4).
* Fixed 'Check for Update' not detecting new versions.
[v1.9]
* Added check for Lop.com 'Domain' hijack (O17).
* Bugfix in URLSearchHook (R3) fix.
* Improved O1 (Hosts file) check.
* Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys.
* Added AutoConfigURL and proxyserver checks (R1).
* IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected.
* Added check for extra protocols (O18).
[v1.81]
* Added 'ignore non-standard but safe domains' option.
* Improved Winsock LSP hijackers detection.
* Integrated StartupList updated to v1.4.
[v1.8]
* Fixed a few bugs.
* Adds detecting of free.aol.com in Trusted Zone.
* Adds checking of URLSearchHooks key, which should have only one value.
* Adds listing/deleting of Download Program Files.
* Integrated StartupList into the new 'Misc Tools' section of the Config screen!
[v1.71]
* Improves detecting of O6.
* Some internal changes/improvements.
[v1.7]
* Adds backup function! Yay!
* Added check for default URL prefix
* Added check for changing of IERESET.INF
* Added check for changing of Netscape/Mozilla homepage and default search engine.
[v1.61]
* Fixes Runtime Error when Hosts file is empty.
[v1.6]
* Added enumerating of MSIE plugins
* Added check for extra options in 'Advanced' tab of 'Internet Options'.
[v1.5]
* Adds 'Uninstall & Exit' and 'Check for update online' functions.
* Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service)
[v1.4]
* Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer
* A few bugfixes/enhancements
[v1.3]
* Adds detecting of extra MSIE context menu items
* Added detecting of extra 'Tools' menu items and extra buttons
* Added 'Confirm deleting/ignoring items' checkbox
[v1.2]
* Adds 'Ignorelist' and 'Info' functions
[v1.1]
* Supports BHO's, some default URL changes
[v1.0]
* Original release
帮帮忙,谢谢了
