ie被劫持请高手，斑竹，帮帮忙，有HijackThis扫描文件

瑞星卡卡安全论坛技术交流区 系统软件 ie被劫持请高手，斑竹，帮帮忙，有HijackThis扫描文件

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1 / 1 页

跳转页

ie被劫持请高手，斑竹，帮帮忙，有HijackThis扫描文件

刺客A善柔初生襁褓狮帖子:3 注册: 2005-06-16 来自:	发表于： 2006-03-08 18:17 \| 只看楼主短消息资料字号：小中大 1楼 ie被劫持请高手，斑竹，帮帮忙，有HijackThis扫描文件 Logfile of HijackThis v1.99.1 Scan saved at 18:05:29, on 2006-3-8 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE C:\Program Files\rising\Rav\Ravmond.exe c:\program files\rising\rfw\rfwsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\rising\rfw\RfwMain.exe C:\Program Files\rising\Rav\RavStub.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\rising\Rav\RavTask.exe C:\Program Files\rising\Rav\Ravmon.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe D:\新建文件夹 (3)\HijackThis.exe C:\GRASP\GRASP.EXE C:\Program Files\Internet Explorer\iexplore.exe R3 - Default URLSearchHook is missing O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/ O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://cn.download.yahoo.com/dl/install/yinst0401.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116151168731 O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{68E0D14F-12F0-45E9-BB94-264CF6CE5829}: NameServer = 202.102.152.3 202.102.154.3 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: WinkldUP - Unknown owner - C:\DOCUME~1\牛哥\LOCALS~1\Temp\wz\wz.exe (file missing) 这是我电脑的扫描文件，ie总会弹出http://channel.e78.com/_unpage2.php?c=10011&f=100002网站，请问有没有解决办法啊？3721和卡卡我都用的，根本没用。请帮帮忙，谢谢！ 2006-03-08 18:38:49
刺客A善柔初生襁褓狮帖子:3 注册: 2005-06-16 来自:	分享到：

明天吃什么呢初生襁褓狮帖子:21 注册: 2006-02-16 来自:	发表于： 2006-03-08 18:30 \| 短消息资料字号：小中大 2楼 O23 - Service: WinkldUP - Unknown owner - C:\DOCUME~1\牛哥\LOCALS~1\Temp\wz\wz.exe (file missing) 应该是这个把哈哈我也不大懂我的日志也没人帮我看~~
明天吃什么呢初生襁褓狮帖子:21 注册: 2006-02-16 来自:

社区嘉宾

帖子:21666
注册: 2001-06-22
来自:江湖

发表于： 2006-03-08 18:31 | 短消息资料

字号：小中大 3楼

引用:

【刺客A善柔的贴子】Logfile of HijackThis v1.99.1
Scan saved at 18:05:29, on 2006-3-8
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\Program Files\rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\rising\Rav\RavStub.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\rising\Rav\RavTask.exe
C:\Program Files\rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
D:\新建文件夹 (3)\HijackThis.exe
C:\GRASP\GRASP.EXE
C:\Program Files\Internet Explorer\iexplore.exe

R3 - Default URLSearchHook is missing
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://cn.download.yahoo.com/dl/install/yinst0401.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116151168731
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68E0D14F-12F0-45E9-BB94-264CF6CE5829}: NameServer = 202.102.152.3 202.102.154.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WinkldUP - Unknown owner - C:\DOCUME~1\牛哥\LOCALS~1\Temp\wz\wz.exe (file missing)
这是我电脑的扫描文件，ie总会弹出http://channel.e78.com/_unpage2.php?c=10011&f=100002网站，请问有没有解决办法啊？3721和卡卡我都用的，根本没用。请帮帮忙，谢谢！

...........................

用过下面的东东吗？

流氓软件清理助手
http://www.skycn.com/soft/24058.html
流氓软件清理助手，目前可以清理下列流氓软件：一搜工具条完美网译通 CNIC中文上网博采网摘百度搜霸 3721上网助手 360搜 Dudu下载加速器很棒小秘书网络猪划词搜索。
--------------------------------
下载后解压缩!
解压后直接运行RogueCleaner.exe
在线升级到最版本！
现在是V1.70(恶意软件清理助手)，然后进"安全模式"杀流氓！

-----------------------
IE插件管理专家(upiea)
http://www.skycn.com/soft/21205.html
IE插件屏蔽突破了传统的插件屏蔽软件思维模式，插件屏蔽软件不仅仅能屏蔽插件！还可以识别当前已安装的插件！并可卸载插件！ IE插件屏蔽在除了屏蔽插件的基本功能之外，更有令人侧目的创新！99.99%模拟Windows XP SP2的IE加载项功能，使2000以上Windows系统也可以具有Windows XP SP2的IE加载项功能,显示当前已安装的插件并可卸载插件这是目前任何一款插件屏蔽软件所不具备的，作者希望通过自己不懈的努力，让大家在上网的同时抢先享受无忧的乐趣!
Upiea 2005 SP1 发布增加：
扩容插件免疫定义库，可免疫659个插件
扩容隐私清理定义库，可清理58项
插件管理增加插件类型显示
IE设置－常规设置，搜索设置均增加选择引擎功能
IE设置－右键菜单，新建增加网摘类右键菜单选择
系统工具去除定时工具，增加2个系统工具
修正：
更新DUDU、3721、Yahoo助手插件卸载
IE设置－选项，修正部分工具栏按钮显示不正常
IE设置－菜单设置，修正无法保存修改
系统修复－系统文件备份修正备份文件存放目录。

刺客A善柔初生襁褓狮帖子:3 注册: 2005-06-16 来自:	发表于： 2006-03-08 18:38 \| 只看楼主短消息资料字号：小中大 4楼谢谢一楼的朋友也谢谢二楼的朋友，可是二楼说的这个东西能管用么？能先帮我看看HijackThis扫描出来的东西么？
刺客A善柔初生襁褓狮帖子:3 注册: 2005-06-16 来自:

<<上一主题|下一主题>>

1 / 1 页

跳转页

刺客A善柔初生襁褓狮帖子:3 注册: 2005-06-16 来自:	发表于： 2006-03-08 18:17 \| 只看楼主短消息资料字号：小中大 1楼 ie被劫持请高手，斑竹，帮帮忙，有HijackThis扫描文件 Logfile of HijackThis v1.99.1 Scan saved at 18:05:29, on 2006-3-8 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE C:\Program Files\rising\Rav\Ravmond.exe c:\program files\rising\rfw\rfwsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\rising\rfw\RfwMain.exe C:\Program Files\rising\Rav\RavStub.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\rising\Rav\RavTask.exe C:\Program Files\rising\Rav\Ravmon.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe D:\新建文件夹 (3)\HijackThis.exe C:\GRASP\GRASP.EXE C:\Program Files\Internet Explorer\iexplore.exe R3 - Default URLSearchHook is missing O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/ O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://cn.download.yahoo.com/dl/install/yinst0401.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116151168731 O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{68E0D14F-12F0-45E9-BB94-264CF6CE5829}: NameServer = 202.102.152.3 202.102.154.3 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: WinkldUP - Unknown owner - C:\DOCUME~1\牛哥\LOCALS~1\Temp\wz\wz.exe (file missing) 这是我电脑的扫描文件，ie总会弹出http://channel.e78.com/_unpage2.php?c=10011&f=100002网站，请问有没有解决办法啊？3721和卡卡我都用的，根本没用。请帮帮忙，谢谢！ 2006-03-08 18:38:49
刺客A善柔初生襁褓狮帖子:3 注册: 2005-06-16 来自:	分享到：