帮忙,偶的系统是否被劫持?

szmanian · 发表于 2006-10-12 11:23:28

刚装1月不到的系统,组策略不知乍地就被禁用了.
任务管理器也不时地禁用.
用HijackThis.exe扫描的LOG,请大家帮忙看看.带星星的是已认可没问题的.
Logfile of HijackThis v1.99.1
Scan saved at 11:17:29, on 2006-10-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
***C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
***C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
***C:\Program Files\系统安全盾\sysshield.exe
***C:\WINDOWS\system32\internat.exe
***F:\Soft\0安全防护\HijackThis.exe
***c:\program files\mcafee.com\agent\mcdetect.exe
***c:\PROGRA~1\mcafee.com\vso\mcshield.exe
***c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
***C:\Program Files\McAfee.com\VSO\mcvsshld.exe
***C:\Program Files\McAfee.com\VSO\oasclnt.exe
***c:\progra~1\mcafee.com\vso\mcvsescn.exe
***c:\program files\mcafee.com\agent\mcagent.exe
***C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
***C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
***C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
***C:\Program Files\DAEMON Tools\daemon.exe
***C:\Program Files\HTime\HTime.exe
***C:\Program Files\Skyroad Soft\SDTS\SDTS.exe
***D:\Program\BTJL\BitSpiri.exe
***D:\Program\168E\SwMon.exe
***D:\Program\QQ2006\TIMPlatform.exe
***D:\Program\QQ2006\QQ.exe
***C:\Program Files\Maxthon\Maxthon.exe

O3 - Toolbar: McAfee 病毒扫描 - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - (no file)
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HTime] C:\Program Files\HTime\HTime.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - Startup: INTERNAT.lnk = C:\WINDOWS\system32\internat.exe
O4 - Startup: SDTS.lnk = C:\Program Files\Skyroad Soft\SDTS\SDTS.exe
O4 - Global Startup: 服务管理器.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: 系统安全盾.LNK = ?
O8 - Extra context menu item: 用比特精灵下载(&B) - D:\Program\BTJL\bsurl.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{447F413F-02F5-49E7-B04B-0291FB122524}: NameServer = 202.96.134.133,202.96.128.166
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

szmanian · 发表于 2006-10-13 08:10:03

而且前晚QQ被锁定,要激活才能用,本机居然不能到http://im.qq.com/jh去激活,到别的机子就没问题...

6618 · 发表于 2006-10-13 16:57:36

这一项有问题：
O3 - Toolbar: (no name) - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - (no file)

		自动登录	找回密码
密码			注册