瑞星卡卡安全论坛

目前不知道about-blank.cc主页改不掉的问题解决了没有
我这边在当时努力想感染这病毒的时候,却异常的锁定主页是http://www.tomatolei.com/
但类型跟锁定http://bout-blank.cc是一样的哦,太有趣了,
还有我去下载了一个别人发布的病毒源
本人最近客户问题多,都没有时间来研究和解决,
谁能帮我解决一下当前的两个问题,谢谢.(*^_^*)

2006-10-13,09:18:16

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Standard Edition Service Pack 1 (Build 3790)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [Microsoft Corporation]
    <pyjj><C:\Program Files\jj4\jjsvr4.exe>  [加加开发组]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <ShStatEXE><"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE>  [Network Associates, Inc.]
    <McAfeeUpdaterUI><"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey>  [Network Associates, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><%SystemRoot%\system32\logonui.exe>  [Microsoft Corporation]

==================================
启动文件夹
服务
[Local Connection Manager / BNESS]
  <C:\WINDOWS\SYSTEM32\RUNDLL.EXE C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL,Export 1087><N/A>
[McAfee ePolicy Orchestrator 3.5.0 Event Parser / EVENTPARSER350]
  <d:\Program Files\Network Associates\ePO\3.5.0\EVENTPARSER.EXE><Network Associates, Inc.>
[McAfee Framework Service / McAfeeFramework]
  <C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart><Network Associates, Inc.>
[Network Associates McShield / McShield]
  <"C:\Program Files\Network Associates\VirusScan\Mcshield.exe"><Network Associates, Inc.>
[Network Associates Task Manager / McTaskManager]
  <"C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"><Network Associates, Inc.>
[McAfee ePolicy Orchestrator 3.5.0 Server / NAIMSERV350]
  <d:\Program Files\Network Associates\ePO\3.5.0\NAIMSERV.EXE><Network Associates, Inc.>
[NVIDIA Driver Helper Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[McAfee ePolicy Orchestrator 3.5.0 Discovery & Notification services / RSDSERVER]
  <d:\Program Files\Network Associates\ePO\3.5.0\tomcat\bin\tomcat.exe><Alexandria Software Consulting>

==================================
浏览器加载项
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\3721\Assist\Angling.dll, Yahoo Inc.>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Qzone Media Tools]
  {A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} <d:\PROGRA~1\Tencent\QQ\QZone\QZONEM~1.OCX, Tencent Technology (Shenzhen) Company Limited>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>

==================================

==================================
正在运行的进程
[PID: 336][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 388][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 448][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 496][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
    [C:\WINDOWS\system32\EntApi.dll]  <Network Associates, Inc><8.0.0.277>
[PID: 508][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\system32\EntApi.dll]  <Network Associates, Inc><8.0.0.277>
[PID: 676][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
    [C:\WINDOWS\system32\EntApi.dll]  <Network Associates, Inc><8.0.0.277>
[PID: 744][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
    [C:\WINDOWS\system32\EntApi.dll]  <Network Associates, Inc><8.0.0.277>
[PID: 788][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
    [C:\WINDOWS\system32\EntApi.dll]  <Network Associates, Inc><8.0.0.277>
[PID: 840][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
    [C:\WINDOWS\system32\EntApi.dll]  <Network Associates, Inc><8.0.0.277>
[PID: 860][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
    [C:\WINDOWS\system32\EntApi.dll]  <Network Associates, Inc><8.0.0.277>
[PID: 1040][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 1172][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
    [C:\WINDOWS\system32\EntApi.dll]  <Network Associates, Inc><8.0.0.277>
[PID: 1388][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.3790.1830 (srv03_sp1_rtm.050324-1447)>
    [C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll]  <Nero AG><2, 0, 0, 8>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
    [C:\WINDOWS\system32\EntApi.dll]  <Network Associates, Inc><8.0.0.277>
    [C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll]  <Nero AG><2, 0, 6, 1>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\Program Files\Network Associates\VirusScan\shext.dll]  <Network Associates, Inc.><8.0.0.912>
    [C:\Program Files\Network Associates\VirusScan\RES04\ShExtRes.dll]  <Network Associates, Inc.><8.0.0.912>
    [C:\PROGRA~1\3721\ske\contmenu.dll]  <N/A><N/A>
[PID: 1476][C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\nailog.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\Program Files\Network Associates\Common Framework\naCmnLib.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\Program Files\Network Associates\Common Framework\naXML.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\Program Files\Network Associates\Common Framework\0804\UpdRes.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll]  <Network Associates, Inc.><3.5.0.412>
[PID: 1484][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 1504][C:\Program Files\MSN Messenger\MsnMsgr.Exe]  <Microsoft Corporation><8.0.0812.00>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
[PID: 1552][C:\Program Files\jj4\jjsvr4.exe]  <加加开发组><4.0.0.20>
[PID: 1684][C:\WINDOWS\system32\inetsrv\inetinfo.exe]  <Microsoft Corporation><6.0.3790.1830 (srv03_sp1_rtm.050324-1447)>
    [C:\WINDOWS\system32\EntApi.dll]  <Network Associates, Inc><8.0.0.277>
[PID: 1752][C:\Program Files\Network Associates\Common Framework\FrameworkService.exe]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\nailog.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\Program Files\Network Associates\Common Framework\naXML.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\Program Files\Network Associates\Common Framework\naCmnLib.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\Program Files\Network Associates\Common Framework\applib.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\Logging.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\InternetManager.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\naInet.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\Program Files\Network Associates\Common Framework\UserSpace.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\Management.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\cmalib.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\Scheduler.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\Agent.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\naSPIPE.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\ListenServer.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\TCSubSys.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\GenEvtInf.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\WINDOWS\system32\EntApi.dll]  <Network Associates, Inc><8.0.0.277>
[PID: 1896][C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe]  <Network Associates, Inc.><3.5.0.412>
    [C:\PROGRA~1\NETWOR~1\COMMON~1\nailog.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\PROGRA~1\NETWOR~1\COMMON~1\naCmnLib.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\PROGRA~1\NETWOR~1\COMMON~1\naXML.dll]  <Network Associates, Inc.><3.5.0.474>
    [C:\PROGRA~1\NETWOR~1\COMMON~1\0804\AgentRes.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\AgentPlugin.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\Program Files\Network Associates\Common Framework\NAGSHR32.DLL]  <Network Associates, Inc.><3.5.0.474>
    [C:\Program Files\Network Associates\Common Framework\PCRPlug.dll]  <Network Associates, Inc.><3.5.0.412>
    [C:\WINDOWS\system32\EntApi.dll]  <Network Associates, Inc><8.0.0.277>
    [C:\Program Files\Network Associates\VirusScan\VsPlugin.dll]  <Network Associates, Inc.><8.0.0.912>
[PID: 204][C:\Program Files\Network Associates\MSSQL\Binn\sqlservr.exe]  <Microsoft Corporation><2000.080.0760.00>
    [C:\WINDOWS\system32\EntApi.dll]  <Network Associates, Inc><8.0.0.277>
[PID: 228][C:\Program Files\Maxthon\Maxthon.exe]  <Maxthon International Ltd.><1, 5, 6, 42>
    [C:\Program Files\Maxthon\maxzlib.dll]  < ><1, 0, 0, 2>
    [d:\Program Files\Network Associates\ePO\3.5.0\naprfctr.dll]  <Network Associates, Inc.><3.5.0.592>
    [C:\Program Files\Maxthon\Services\RealTime\real_time.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
    [C:\WINDOWS\system32\PYJJ4.IME]  <加加工作组><4.0.0.21>
    [C:\Program Files\Network Associates\VirusScan\scriptproxy.dll]  <Network Associates, Inc.><8.0.0.955>
    [C:\Program Files\Network Associates\VirusScan\mytilus.dll]  <Network Associates, Inc.><8.0.0.251>
    [C:\Program Files\Network Associates\VirusScan\RES04\McShield.dll]  <Network Associates, Inc.><8.0.0.251>
    [C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll]  <McAfee, Inc.><4.4.00>