瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 被劫持了,求蓝天、我无邪等众高手救命,在线等

12   2  /  2  页   跳转

被劫持了,求蓝天、我无邪等众高手救命,在线等

收藏
lon88
头像
初生襁褓狮
  • 帖子:55
  • 注册: 2006-08-27
  • 来自:
发表于: 2006-08-27 17:05 | 只看楼主 短消息 资料
字号: 11楼

[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll]  <Kaspersky Lab><5.0.388.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll]  <Kaspersky Lab><5.0.388.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll]  <Kaspersky Lab><5.0.388.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll]  <Kaspersky Lab><5.0.388.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll]  <Kaspersky Lab><5.0.388.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll]  <Kaspersky Lab><5.0.388.2>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ChkTool.DLL]  <Kaspersky Lab><5.0.388.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll]  <Kaspersky Lab><5.0.388.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\startups.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\l_llio.ppl]  <Kaspersky Lab><5.0.388.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avp_iont.dll]  <Kaspersky Lab><5.0.0.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\inflate.ppl]  <Kaspersky Lab><5.0.388.16>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\avlib.ppl]  <Kaspersky Lab><5.0.391.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\arj.ppl]  <Kaspersky Lab><5.0.388.16>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\arjpack.ppl]  <Kaspersky Lab><5.0.388.16>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\avp1.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\avpgs.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\avpmgr.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\wdiskio.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\btdisk.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\buffer.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\cab.ppl]  <Kaspersky Lab><5.0.390.16>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\deflate.ppl]  <Kaspersky Lab><5.0.388.16>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\dmap.ppl]  <Kaspersky Lab><5.0.388.16>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\dtreg.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\explode.ppl]  <Kaspersky Lab><5.0.388.16>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\hashcont.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\hashmd5.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\hccmp.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\ichk2.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\ichstrms.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\klonacci.ppl]  <Kaspersky Lab><5.0.388.230>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\mailmsg.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\mchk.ppl]  <Kaspersky Lab><5.0.388.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klcp.dll]  <Kaspersky Lab><5.0.388.1>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\mdmap.ppl]  <Kaspersky Lab><5.0.388.16>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\memmodsc.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\memscan.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\minizip.ppl]  <Kaspersky Lab><5.0.388.16>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\msoe.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\nfio.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\ntfsstrm.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\passdmap.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\prseqio.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\prutil.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\qio.ppl]  <Kaspersky Lab><5.0.0.16>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\quantum.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\rar.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\sfdb.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\stored.ppl]  <Kaspersky Lab><5.0.388.16>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\superio.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\unarj.ppl]  <Kaspersky Lab><5.0.388.16>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\uniarc.ppl]  <Kaspersky Lab><5.0.388.16>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\unlzx.ppl]  <Kaspersky Lab><5.0.388.16>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\unreduce.ppl]  <Kaspersky Lab><5.0.388.16>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\unshrink.ppl]  <Kaspersky Lab><5.0.388.16>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\unstored.ppl]  <Kaspersky Lab><5.0.388.16>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\winreg.ppl]  <Kaspersky Lab><5.0.388.0>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\xorio.ppl]  <Kaspersky Lab><5.0.388.16>
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\zcompare.ppl]  <Kaspersky Lab><5.0.388.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\wcswmi.dll]  <Kaspersky Lab><5.0.388.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll]  <Kaspersky Lab><5.0.388.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll]  <Kaspersky Lab><5.0.388.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLCKAH.dll]  <Kaspersky Lab><5.0.388.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CKAHUM.dll]  <Kaspersky Lab><5.0.388.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CKAHComm.dll]  <Kaspersky Lab><5.0.388.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ckahrule.dll]  <Kaspersky Lab><5.0.388.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\mcproxy.dll]  <Kaspersky Lab><5.0.388.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\mcpr.dll]  <Kaspersky Lab><5.0.388.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLOnAcc.dll]  <Kaspersky Lab><5.0.388.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\og.dll]  <Kaspersky Lab><5.0.388.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\mailappl.dll]  <Kaspersky Lab><5.0.388.1>
gototop
 
lon88
头像
初生襁褓狮
  • 帖子:55
  • 注册: 2006-08-27
  • 来自:
发表于: 2006-08-27 17:05 | 只看楼主 短消息 资料
字号: 12楼

[PID: 1972][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1304][C:\WINDOWS\system32\wuauclt.exe]  <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 2040][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [f:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  <><1, 0, 0, 1>
    [C:\Program Files\TENCENT\Adplus\SSAddr1.dll]  <Tencent><4, 2, 2, 21>
    [f:\Program Files\Tencent\QQ\QQIEHelper.dll]  <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
[PID: 512][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [f:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  <><1, 0, 0, 1>
    [C:\Program Files\TENCENT\Adplus\SSAddr1.dll]  <Tencent><4, 2, 2, 21>
    [f:\Program Files\Tencent\QQ\QQIEHelper.dll]  <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
[PID: 976][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [f:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  <><1, 0, 0, 1>
    [C:\Program Files\TENCENT\Adplus\SSAddr1.dll]  <Tencent><4, 2, 2, 21>
    [f:\Program Files\Tencent\QQ\QQIEHelper.dll]  <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
[PID: 1224][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [f:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  <><1, 0, 0, 1>
    [C:\Program Files\TENCENT\Adplus\SSAddr1.dll]  <Tencent><4, 2, 2, 21>
    [f:\Program Files\Tencent\QQ\QQIEHelper.dll]  <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
[PID: 1828][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [f:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  <><1, 0, 0, 1>
    [C:\Program Files\TENCENT\Adplus\SSAddr1.dll]  <Tencent><4, 2, 2, 21>
    [f:\Program Files\Tencent\QQ\QQIEHelper.dll]  <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
[PID: 920][C:\Downloads\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
gototop
 
lon88
头像
初生襁褓狮
  • 帖子:55
  • 注册: 2006-08-27
  • 来自:
发表于: 2006-08-27 17:07 | 只看楼主 短消息 资料
字号: 13楼

引用:
【我无邪的贴子】关闭所有浏览窗口以及一些不必要的程序
重启后删除
C:\WINDOWS\system32\mskey16.dll
C:\WINDOWS\system32\netstart.exe
再扫份日志粘上来。

………………

重启后没发现这两个文件
gototop
 
lon88
头像
初生襁褓狮
  • 帖子:55
  • 注册: 2006-08-27
  • 来自:
发表于: 2006-08-28 21:00 | 只看楼主 短消息 资料
字号: 14楼

谢谢我无邪,问题已经解决
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT