杭州交通信息网银手指开花吗:各位来看看我家电脑检测出的hijackthis资料
来源:百度文库 编辑:杭州交通信息网 时间:2024/04/30 07:24:52
Scan saved at 15:27:36, on 2006-8-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\KAV2006\KWatch.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.985\security suite\ewidoguard.exe
C:\WINDOWS\system32\ctfmon.exe
E:\超级兔子\SRIECLI.EXE
C:\KAV2006\KPfwSvc.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Outlook Express\msimn.exe
D:\qq2006nata1\QQ.exe
E:\新建文件夹\木马克星 5.51 0809\Iparmor.exe
E:\恶意软件清理\Ad-Aware SE Pro 汉化版\soft.studa.com_Ad-Aware SE Pro V1.06 R1 汉化版\Ad-Watch.exe
D:\Thunder\Program\Thunder5.exe
C:\KAV2006\KASMain.EXE
E:\恶意软件清理\Windows 流氓软件清理大师\clean.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.094\HijackThis.exe
O4 - HKLM\..\Run: [桌面图标文字自动透明] E:\WINDOWS优化大师\Womcc\WinMem.exe XP
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] E:\新文件夹\VPTray.exe
O4 - HKLM\..\RunOnce: [SNDInst.exe] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDInst.exe /7
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] E:\超级兔子\SRIECLI.EXE /LOAD
O4 - Startup: 腾讯QQ.lnk = D:\qq2006nata1\QQ.exe
O8 - Extra context menu item: &使用迅雷下载 - D:\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\qq2006nata1\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\qq2006nata1\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\qq2006nata1\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\qq2006nata1\SendMMS.htm
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0596DBA8-EAA3-4B04-8984-AB5AD1563EC7}: NameServer = 202.96.107.29 202.96.107.28
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O23 - Service: ewido security suite guard - ewido networks - C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.985\security suite\ewidoguard.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\KAV2006\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\KAV2006\KWatch.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing
(cnnic)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0596DBA8-EAA3-4B04-8984-AB5AD1563EC7}: NameServer = 202.96.107.29 202.96.107.28 ("域"劫持)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
tbcaaa8@tom.com
那个不是watch.exe而是E:\恶意软件清理\Ad-Aware SE Pro 汉化版\soft.studa.com_Ad-Aware SE Pro V1.06 R1 汉化版\Ad-Watch.exe
我没看出有什么问题
首先.只要用过HIJIACKTHIS的人第一眼就看见
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' mis--没得说:浏览器劫持.
RUN启动里面:O4 - HKLM\..\RunOnce: [SNDInst.exe] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDInst.exe /7删特
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - SOGOActiveX插件,建议删,不然老出广告蛮麻烦的.
最后023里面把ewidoguard.exe服务禁止掉.
上面的启动程序我没注意看,就这么多了暂时.