瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 iexplore命令行中有http://www.haveip.com/index.htm

1   1  /  1  页   跳转

iexplore命令行中有http://www.haveip.com/index.htm

收藏
fox1029
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-04-13
  • 来自:
发表于: 2007-04-13 07:45 | 只看楼主 短消息 资料
字号: 1楼

iexplore命令行中有http://www.haveip.com/index.htm

近一段时间以来,我的电脑的进程中在没有打开网页的情况下,系统进程中有IExplore.exe,用瑞星卡卡上网助手看具体如下:
进程名称:iexplore.exe
PID:288(0×120)
命令行:“c:\program files\internet explorer\iexplore.exe”http://www.haveip.com/index.htm


我打开http://www.haveip.com/index.htm网页,里面有两个统计网页的计数器,是51yes的。我打开regedit打开注册表编辑器,查找“http://www.haveip.com/index.htm”,找到清册表项后,删除掉它。但是下次开机启动发现又有了它,请各位高手看看是不是病毒。并提出解决方案。谢谢!

附件附件:

下载次数:380
文件类型:image/pjpeg
文件大小:
上传时间:2007-4-13 7:45:30
描述:
预览信息:EXIF信息



最后编辑2007-04-13 08:14:06
分享到:
gototop
 
鸟儿天上飞
头像
叱咤花甲狮
  • 帖子:2332
  • 注册: 2006-11-30
  • 来自:
发表于: 2007-04-13 07:52 | 短消息 资料
字号: 2楼

请下载SREng2(最新版) ,使用“智能扫描”,按下“扫描”按钮进行扫描,
扫描完成后按下“保存报告”按钮保存报告日志文件(SREng.LOG),把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完,分次粘完,请不要修改。

下载地址
http://www.kztechs.com/sreng/sreng2.zip
gototop
 
fox1029
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-04-13
  • 来自:
发表于: 2007-04-13 08:23 | 只看楼主 短消息 资料
字号: 3楼

[CODE]

2007-04-13,08:07:32

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
N/A

==================================
启动文件夹
[天人网络电视 PPNTV 2007 (3)]
  <C:\Documents and Settings\msj\「开始」菜单\程序\启动\天人网络电视 PPNTV 2007 (3).lnk --> C:\PROGRA~1\ppntv\ppntv.exe [www.PPNTV.com]><N>

==================================
服务
N/A

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[klcr / klcr][Stopped/Manual Start]
  <\??\C:\Program Files\KAV6\KavData\Bases\klcr.sys><Kaspersky Lab>
[klick / klick][Running/Boot Start]
  <\SystemRoot\system32\Drivers\klick.sys><Kaspersky Lab>
[klin / klin][Running/Boot Start]
  <\SystemRoot\system32\Drivers\klin.sys><Kaspersky Lab>
[ldphkam / ldphkam][Stopped/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\ldphkam.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\QQ2006\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Mini-Cam USB Camera (SC-120) / SoC PC-Camera Service][Stopped/Manual Start]
  <system32\DRIVERS\pfc027.sys><>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[PowerList Control]
  {20C2C286-BDE8-441B-B73D-AFA22D914DA5} <C:\PROGRA~1\PPStream\POWERL~1.OCX, PPStream.com>
[KooPlayer Control]
  {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} <C:\WINDOWS\DOWNLO~1\CONFLICT.1\KOOPLA~1.OCX, Koos>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\Msjava.dll, Microsoft Corporation>
[EWA Control]
  {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <D:\PPLive\SYNACA~1.OCX, Synacast>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[GUpdate Class]
  {3C38DEE8-BE1A-4DEC-B232-2C78706CC7EA} <C:\Program Files\mop\p2p\gupdate.dll, >
[TVAnts ActiveX Control]
  {4C833081-D026-4FF8-968F-7EAB660D2FBA} <C:\PROGRA~1\ppntv\Modules\tvants\TvantsX.ocx, Zhejiang University>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\PROGRA~1\PPStream\POWERP~1.DLL, PPStream Inc.>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[SopCore Control]
  {8FEFF364-6A5F-4966-A917-A3AC28411659} <C:\PROGRA~1\ppntv\Modules\sopcast\SopCore.ocx, >
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\Mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[BoBoControl Class]
  {EC0978ED-24E3-403C-AB7A-060E388553E6} <C:\Program Files\ppntv\Modules\bobo\BoBoV3.ocx, 广州易播信息科技有限公司>
[pCastPanel Class]
  {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <C:\Program Files\ppntv\Modules\itv\pCastCtl.dll, >
gototop
 
fox1029
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-04-13
  • 来自:
发表于: 2007-04-13 08:23 | 只看楼主 短消息 资料
字号: 4楼

==================================
正在运行的进程
[PID: 464][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 596][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Windowsmmqdf\ProcessHook.dll]  [Fygsoft and Microsoft, 1.1.0.55]
    [C:\Program Files\Windowsmmqdf\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
    [C:\Program Files\Windowsmmqdf\Filehook.dll]  [Fygsoft and Microsoft, 2.1.0.0]
    [C:\Program Files\Windowsmmqdf\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 1672][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Windowsmmqdf\ProcessHook.dll]  [Fygsoft and Microsoft, 1.1.0.55]
    [C:\Program Files\Windowsmmqdf\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
    [C:\Program Files\Windowsmmqdf\Filehook.dll]  [Fygsoft and Microsoft, 2.1.0.0]
    [C:\Program Files\Windowsmmqdf\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
    [D:\FastCopy-v1.51H\fastext1.dll]  [SHIROUZU Hiroaki, 1, 3, 0, 0]
[PID: 1800][C:\Program Files\Windowsmmqdf\Trojanwall.exe]  [风云谷, 5.5.0.1916]
    [C:\Program Files\Windowsmmqdf\ftcapi.dll]  [fygsoft, 1.1.0.0]
    [C:\Program Files\Windowsmmqdf\ProcessHook.dll]  [Fygsoft and Microsoft, 1.1.0.55]
    [C:\Program Files\Windowsmmqdf\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
    [C:\Program Files\Windowsmmqdf\Filehook.dll]  [Fygsoft and Microsoft, 2.1.0.0]
    [C:\Program Files\Windowsmmqdf\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
    [C:\Program Files\Windowsmmqdf\PSAPI.dll]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1436][C:\Program Files\ppntv\ppntv.exe]  [www.PPNTV.com, 3.0.0.7330]
    [C:\Program Files\Windowsmmqdf\ProcessHook.dll]  [Fygsoft and Microsoft, 1.1.0.55]
    [C:\Program Files\Windowsmmqdf\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
    [C:\Program Files\Windowsmmqdf\Filehook.dll]  [Fygsoft and Microsoft, 2.1.0.0]
    [C:\Program Files\Windowsmmqdf\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
    [C:\Program Files\KAV6\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [C:\Program Files\KAV6\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll]  [Gabest, 1, 0, 1, 3]
    [C:\WINDOWS\system32\msvcr71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\KAV6\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\ppntv\Modules\itv\pCastCtl.dll]  [, 1,0,0,95]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\KOOPLA~1.OCX]  [Koos, 1, 0, 0, 66]
[PID: 268][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Windowsmmqdf\ProcessHook.dll]  [Fygsoft and Microsoft, 1.1.0.55]
    [C:\Program Files\Windowsmmqdf\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
    [C:\Program Files\Windowsmmqdf\Filehook.dll]  [Fygsoft and Microsoft, 2.1.0.0]
    [C:\Program Files\Windowsmmqdf\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
    [C:\Program Files\KAV6\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [C:\Program Files\KAV6\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\KAV6\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5091]
    [C:\WINDOWS\system32\CHENHU4.IME]  [chenhu, 5.8]
[PID: 1444][C:\Program Files\Adobe\Photoshop CS\Photoshop.exe]  [Adobe Systems, Incorporated, 8.0.1 (8.0x125)]
    [C:\Program Files\Adobe\Photoshop CS\UID.mr.dll]  [Adobe Systems, Inc., 1, 1, 0, 0]
    [C:\Program Files\Adobe\Photoshop CS\AWSCommonUI.dll]  [Adobe Systems, Incorporated, 3.0.0.432]
    [C:\Program Files\Adobe\Photoshop CS\AWSSCL.dll]  [Adobe Systems, 4.0.0.34]
    [C:\Program Files\Adobe\Photoshop CS\WebAccessUtils.dll]  [Adobe Systems, Incorporated, 3.0.0.432]
    [C:\Program Files\Adobe\Photoshop CS\BIBUtils.dll]  [Adobe Systems Incorporated, 1.00.0]
    [C:\Program Files\Windowsmmqdf\ProcessHook.dll]  [Fygsoft and Microsoft, 1.1.0.55]
    [C:\Program Files\Windowsmmqdf\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
    [C:\Program Files\Windowsmmqdf\Filehook.dll]  [Fygsoft and Microsoft, 2.1.0.0]
    [C:\Program Files\Windowsmmqdf\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
    [C:\Program Files\Adobe\Photoshop CS\Photoshop.dll]  [, ]
    [C:\Program Files\Adobe\Photoshop CS\PSViews.dll]  [Adobe Systems, Incorporated, 8.0.1 (8.0x125)]
    [C:\Program Files\Adobe\Photoshop CS\PSArt.dll]  [Adobe Systems, Incorporated, 8.0.1 (8.0x125)]
    [C:\Program Files\Adobe\Photoshop CS\asn.er.dll]  [Adobe Systems Incorporated, 1.51x3, EndUser, Release]
    [C:\Program Files\Adobe\Photoshop CS\ExtendScriptIDE.dll]  [Adobe Systems, Incorporated, 3.2.21]
    [C:\Program Files\Adobe\Photoshop CS\ExtendScript.dll]  [Adobe Systems, Incorporated, 3.2.21]
    [C:\Program Files\Adobe\Photoshop CS\ScCore.dll]  [Adobe Systems, Incorporated, 3.2.21]
    [C:\Program Files\Adobe\Photoshop CS\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\Adobe\Photoshop CS\Plug-Ins\扩展\FastCore.8BX]  [Adobe Systems, Incorporated, 8.0.1 (8.0x126)]
    [C:\Program Files\Adobe\Photoshop CS\PLUGIN.dll]  [Adobe Systems, Incorporated, 8.0.1 (8.0x125)]
    [C:\Program Files\Adobe\Photoshop CS\Plug-Ins\扩展\MMXCore.8BX]  [Adobe Systems, Incorporated, 8.0.1 (8.0x126)]
    [C:\Program Files\Adobe\Photoshop CS\Required\ADMPlugin.apl]  [Adobe Systems Incorporated, 2.84pe69a 02.06.17-00:03:36h]
    [C:\Program Files\Adobe\Photoshop CS\Required\PNGIcons.apl]  [Adobe Systems Incorporated, 1.21x7 2001.12.14-1602h.21s]
    [C:\Program Files\Adobe\Photoshop CS\Required\ASDataStream.apl]  [Adobe Systems Incorporated, 1.02x7 02.02.15-01:45:06h]
    [C:\Program Files\Adobe\Photoshop CS\Plug-Ins\解析程序\PDF 增效工具.8BI]  [Adobe Systems, Incorporated, 8.0.1 (8.0x126)]
    [C:\Program Files\Adobe\Photoshop CS\BIB.dll]  [Adobe Systems Incorporated, 1.1.16]
    [C:\Program Files\Adobe\Photoshop CS\JP2KLib.dll]  [Adobe systems Incorporated, 1.0.28706]
    [C:\Program Files\Adobe\Photoshop CS\Plug-Ins\文件格式\Camera Raw.8BI]  [Adobe Systems Incorporated, 2.0]
    [C:\Program Files\Adobe\Photoshop CS\ACE.dll]  [Adobe Systems Incorporated, 2.05.16]
    [C:\Program Files\Adobe\Photoshop CS\AGM.dll]  [Adobe Systems Incorporated, 4.12.36]
    [C:\Program Files\Adobe\Photoshop CS\CoolType.dll]  [Adobe Systems Incorporated, 4.14.20]
    [C:\WINDOWS\system32\ATMLIB.dll]  [Adobe Systems, 5.1 Build 226]
    [C:\Program Files\Adobe\Photoshop CS\AWSCommonSymbols.dll]  [Adobe Systems, Incorporated, 3.0.0.432]
    [C:\Program Files\Adobe\Photoshop CS\ARM.dll]  [Adobe Systems, Incorporated, 3.0.0.432]
    [C:\Program Files\Adobe\Photoshop CS\shfolder.dll]  [Microsoft Corporation, 5.50.4027.300]
    [C:\Program Files\Adobe\Photoshop CS\FileInfo.dll]  [Adobe Systems, Incorporated, 3.0.0.432]
    [C:\Program Files\Adobe\Photoshop CS\Plug-Ins\Adobe Photoshop Only\自动\脚本支持.8li]  [Adobe Systems Incorporated, 8.0]
    [C:\Program Files\Adobe\Photoshop CS\Tw10122.dat]  [Adobe Systems, Incorporated, 8.0.1 (8.0x125)]
[PID: 3808][C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE]  [Microsoft Corporation, 11.0.8106]
    [C:\Program Files\Windowsmmqdf\ProcessHook.dll]  [Fygsoft and Microsoft, 1.1.0.55]
    [C:\Program Files\Windowsmmqdf\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
    [C:\Program Files\Windowsmmqdf\Filehook.dll]  [Fygsoft and Microsoft, 2.1.0.0]
    [C:\Program Files\Windowsmmqdf\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
    [C:\WINDOWS\system32\CHENHU4.IME]  [chenhu, 5.8]
    [C:\Program Files\Microsoft Office\OFFICE11\GdiPlus.DLL]  [Microsoft Corporation, 6.0.3275.0]
    [C:\Program Files\Common Files\Microsoft Shared\PROOF\mslid.dll]  [Microsoft Corporation, 1.0.2305]
    [C:\Program Files\Common Files\Microsoft Shared\PROOF\2052\MSGR3EN.DLL]  [Microsoft Corporation, 3.1.2303]
[PID: 840][d:\Temp\Rar$EX00.885\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\Program Files\Windowsmmqdf\ProcessHook.dll]  [Fygsoft and Microsoft, 1.1.0.55]
    [C:\Program Files\Windowsmmqdf\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
    [C:\Program Files\Windowsmmqdf\Filehook.dll]  [Fygsoft and Microsoft, 2.1.0.0]
    [C:\Program Files\Windowsmmqdf\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]

==================================
文件关联
N/A

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
    [1880] c:\windows\system32\webpnt.exe
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT