12   1  /  2  页   跳转

[求助] IE被劫持了,,,高手帮忙

收藏
美女哦
头像
自信弱冠狮
  • 帖子:236
  • 注册: 2004-07-06
  • 来自:
发表于: 2009-05-20 10:57 | 只看楼主 短消息 资料
字号: 1楼

IE被劫持了,,,高手帮忙

[
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTray><"d:\Program Files\Rising\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; http://bsalsa.com) ; .NET CLR 2.0.50727; MAXTHON 2.0)

附件附件:

文件名:SREngLOG.rar
下载次数:208
文件类型:application/octet-stream
文件大小:
上传时间:2009-5-20 11:06:17
描述:rar

最后编辑美女哦 最后编辑于 2009-05-20 11:06:17
分享到:
gototop
 
美女哦
头像
自信弱冠狮
  • 帖子:236
  • 注册: 2004-07-06
  • 来自:
发表于: 2009-05-20 10:57 | 只看楼主 短消息 资料
字号: 2楼

回复:IE被劫持了,,,高手帮忙

==================================
启动文件夹
N/A
==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rav Process Communication Center / RavCCenter][Stopped/Auto Start]
  <d:\Program Files\Rising\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising RavTask Manager / RavTask][Running/Auto Start]
gototop
 
美女哦
头像
自信弱冠狮
  • 帖子:236
  • 注册: 2004-07-06
  • 来自:
发表于: 2009-05-20 10:58 | 只看楼主 短消息 资料
字号: 3楼

回复:IE被劫持了,,,高手帮忙

<"d:\Program Files\Rising\RavTask.exe" RavTask><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <d:\Program Files\Rising\RavMonD.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Scan Service / RsScanSrv][Stopped/Auto Start]
  <d:\Program Files\Rising\ScanFrm.exe><Beijing Rising Information Technology Co., Ltd.>
==================================
驱动程序
[AMD Processor Driver / AmdK8][Stopped/System Start]
  <system32\DRIVERS\AmdK8.sys><N/A>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[BC / BC][Running/Boot Start]
  <\SystemRoot\system32\Drivers\BC.sys><Kingsoft Corporation>
[bootsafe / bootsafe][Running/Boot Start]
  <\SystemRoot\system32\Drivers\bootsafe.sys><>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[hookcont / hookcont][Running/System Start]
  <system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[hooksys / hooksys][Running/System Start]
  <system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[nvata / nvata][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvata.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[RsProtect / RsProtect][Running/System Start]
  <system32\drivers\RsPtect.sys><Beijing Rising Information Technology Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[STEC3 / STEC3][Running/Auto Start]
  <\??\C:\WINDOWS\system32\STEC3.sys><AntiCracking>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
==================================
浏览器加载项
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
==================================
正在运行的进程
[PID: 608 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 680 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 720 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 764 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 776 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 920 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4213]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2513]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2543]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 948 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 1008 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 1164 / SYSTEM][d:\Program Files\Rising\CCENTER.EXE]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [d:\Program Files\Rising\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [d:\Program Files\Rising\cnt09.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37]
    [d:\Program Files\Rising\cnt08.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 1172 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [C:\WINDOWS\system32\msxml3.dll]  [Microsoft Corporation, 8.70.1104.0]
[PID: 1224 / SYSTEM][d:\Program Files\Rising\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
    [d:\Program Files\Rising\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [d:\Program Files\Rising\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [d:\Program Files\Rising\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [d:\Program Files\Rising\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
    [d:\Program Files\Rising\rstask.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 36]
[PID: 1292 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 1384 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 1444 / SYSTEM][d:\Program Files\Rising\RavMonD.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [d:\Program Files\Rising\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [d:\Program Files\Rising\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [d:\Program Files\Rising\MonBase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [d:\Program Files\Rising\Rslog.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.36]
    [d:\Program Files\Rising\mondrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [d:\Program Files\Rising\defmon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 31]
    [d:\Program Files\Rising\moncom08.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [d:\Program Files\Rising\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [d:\Program Files\Rising\FileMon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
    [d:\Program Files\Rising\MailMon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
    [d:\Program Files\Rising\HookWeb.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [d:\Program Files\Rising\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [d:\Program Files\Rising\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [d:\Program Files\Rising\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
    [d:\Program Files\Rising\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [d:\Program Files\Rising\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [d:\Program Files\Rising\Hooksys.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18]
    [d:\Program Files\Rising\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [d:\Program Files\Rising\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [d:\Program Files\Rising\HookCont.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12]
    [d:\Program Files\Rising\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
    [d:\Program Files\Rising\BACore.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22]
    [d:\Program Files\Rising\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [d:\Program Files\Rising\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [d:\Program Files\Rising\RSStore.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [d:\Program Files\Rising\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.17]
    [d:\Program Files\Rising\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.38]
    [d:\Program Files\Rising\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [d:\Program Files\Rising\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [d:\Program Files\Rising\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [d:\Program Files\Rising\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [d:\Program Files\Rising\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [d:\Program Files\Rising\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [d:\Program Files\Rising\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 40]
    [d:\Program Files\Rising\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [d:\Program Files\Rising\scanpe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [d:\Program Files\Rising\ur000.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [d:\Program Files\Rising\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [d:\Program Files\Rising\extfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
    [d:\Program Files\Rising\scansct.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [d:\Program Files\Rising\revm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [d:\Program Files\Rising\ur001.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [d:\Program Files\Rising\extmail.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [d:\Program Files\Rising\ur025.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[PID: 1688 / Administrator][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.2649 (xpsp.050406-1732)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll]  [Advanced Micro Devices, Inc., 6.14.10.2001]
    [C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamchs.dll]  [Advanced Micro Devices, Inc., 6.14.10.2001]
    [d:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\WINDOWS\system32\msxml3.dll]  [Microsoft Corporation, 8.70.1104.0]
    [C:\WINDOWS\system32\dfshim.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)][C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[PID: 1744 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 1968 / SYSTEM][d:\Program Files\Rising\rsnetsvr.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15]
    [d:\Program Files\Rising\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.12]
    [d:\Program Files\Rising\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [d:\Program Files\Rising\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [d:\Program Files\Rising\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [C:\WINDOWS\system32\msxml3.dll]  [Microsoft Corporation, 8.70.1104.0]
[PID: 136 / Administrator][D:\Program Files\Rising\RsTray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.22]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [D:\Program Files\Rising\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.49]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\Rising\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
    [D:\Program Files\Rising\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [D:\Program Files\Rising\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [D:\Program Files\Rising\rsxml.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [D:\Program Files\Rising\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [D:\Program Files\Rising\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [D:\Program Files\Rising\ScanEvnt.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.14]
gototop
 
美女哦
头像
自信弱冠狮
  • 帖子:236
  • 注册: 2004-07-06
  • 来自:
发表于: 2009-05-20 10:58 | 只看楼主 短消息 资料
字号: 4楼

回复:IE被劫持了,,,高手帮忙

[D:\Program Files\Rising\rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 75]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\Rising\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\Program Files\Rising\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [D:\Program Files\Rising\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
    [D:\Program Files\Rising\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.26]
    [D:\Program Files\Rising\ravbintl.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 29]
    [D:\Program Files\Rising\mruleui.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10]
    [D:\Program Files\Rising\MonTray.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.1.2]
    [D:\Program Files\Rising\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\Program Files\Rising\RavITray.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23]
    [D:\Program Files\Rising\ScanPrxy.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.17]
    [D:\Program Files\Rising\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[PID: 172 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 528 / SYSTEM][d:\Program Files\Rising\ScanFrm.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.11]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [d:\Program Files\Rising\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [d:\Program Files\Rising\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [d:\Program Files\Rising\scansrvp.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.12]
    [d:\Program Files\Rising\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [d:\Program Files\Rising\ScanSrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.10]
    [d:\Program Files\Rising\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [d:\Program Files\Rising\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [d:\Program Files\Rising\ScanRavT.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [d:\Program Files\Rising\ScanBT.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.46]
    [d:\Program Files\Rising\ScanStub.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.9]
    [d:\Program Files\Rising\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.17]
    [d:\Program Files\Rising\RsLog.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.36]
    [d:\Program Files\Rising\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [d:\Program Files\Rising\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
    [d:\Program Files\Rising\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.38]
    [d:\Program Files\Rising\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [d:\Program Files\Rising\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [d:\Program Files\Rising\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [d:\Program Files\Rising\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [d:\Program Files\Rising\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [d:\Program Files\Rising\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [d:\Program Files\Rising\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [d:\Program Files\Rising\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [d:\Program Files\Rising\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 40]
    [d:\Program Files\Rising\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [d:\Program Files\Rising\scanpe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [d:\Program Files\Rising\ur000.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [d:\Program Files\Rising\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [d:\Program Files\Rising\extfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
[PID: 280 / Administrator][C:\WINDOWS\system32\conime.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 3412 / Administrator][C:\WINDOWS\system32\wuauclt.exe]  [(Verified) Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 3708 / Administrator][D:\Program Files\QQMusic2008\QQMusic.exe]  [Tencent, 7, 19, 170, 202]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [D:\Program Files\QQMusic2008\QQMusicUI.dll]  [Tencent, 7, 19, 170, 202]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
    [D:\Program Files\QQMusic2008\QQMusicSkin.dll]  [, 3, 1, 103, 70]
    [D:\Program Files\QQMusic2008\VBScript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [D:\Program Files\QQMusic2008\QQMusicPlayer.dll]  [Tencent, 1, 6, 55, 207]
    [D:\Program Files\QQMusic2008\QQMediaPlayer.dll]  [Tencent, 1, 6, 55, 207]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [D:\Program Files\QQMusic2008\CMInternet.dll]  [TENCENT, 1, 4, 53, 205]
    [C:\WINDOWS\system32\msxml3.dll]  [Microsoft Corporation, 8.70.1104.0]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx]  [Adobe Systems, Inc., 10,0,22,87]
    [D:\Program Files\QQMusic2008\vqqsdl.dll]  [Tencent Technology (Shenzhen) Company Limited, 3, 15, 160, 216]
[PID: 1928 / Administrator][D:\TDDOWNLOAD\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.1.1261]
[PID: 1536 / Administrator][D:\TDDOWNLOAD\SRE67e86b4.EXE]  [Smallfrogs Studio, 2.7.1.1261]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
gototop
 
sinoer
头像
横据古稀狮
  • 帖子:12382
  • 注册: 2008-09-23
  • 来自:
09欢乐圣诞
发表于: 2009-05-20 10:59 | 短消息 资料
字号: 5楼

回复:IE被劫持了,,,高手帮忙

将导出的日志txt文件用附件上传
gototop
 
猪没良心
头像
禁止发言
  • 帖子:399
  • 注册: 2009-03-19
  • 来自:
发表于: 2009-05-20 11:03 | 短消息 资料
字号: 6楼

回复:IE被劫持了,,,高手帮忙

该用户帖子内容已被屏蔽
陕西新华电脑学习网www.sxxhce.cn
gototop
 
美女哦
头像
自信弱冠狮
  • 帖子:236
  • 注册: 2004-07-06
  • 来自:
发表于: 2009-05-20 11:06 | 只看楼主 短消息 资料
字号: 7楼

回复: IE被劫持了,,,高手帮忙



引用:
原帖由 sinoer 于 2009-5-20 10:59:00 发表
将导出的日志txt文件用附件上传


已上传,高手帮忙看看~

附件附件:

文件名:SREngLOG.rar
下载次数:148
文件类型:application/octet-stream
文件大小:
上传时间:2009-5-20 11:05:58
描述:rar
gototop
 
美女哦
头像
自信弱冠狮
  • 帖子:236
  • 注册: 2004-07-06
  • 来自:
发表于: 2009-05-20 11:09 | 只看楼主 短消息 资料
字号: 8楼

回复: IE被劫持了,,,高手帮忙



引用:
原帖由 猪没良心 于 2009-5-20 11:03:00 发表
。IE修复工具就成了。干麻又扫苗上传?



兔子,360美发现问题~
但打开IE的貌似指向某一网站
gototop
 
帅哥阿福
头像
雄霸杖朝狮
  • 帖子:21071
  • 注册: 2006-03-29
  • 来自:米兰
论坛8周年活动礼物祖国六十华诞09欢乐圣诞
发表于: 2009-05-20 11:12 | 短消息 资料
字号: 9楼

回复:IE被劫持了,,,高手帮忙

日志检测无异常进程。
楼主的ie打开现在还异常吗?
╭∩╮(︶︿︶)╭∩╮
gototop
 
美女哦
头像
自信弱冠狮
  • 帖子:236
  • 注册: 2004-07-06
  • 来自:
发表于: 2009-05-20 11:37 | 只看楼主 短消息 资料
字号: 10楼

回复: IE被劫持了,,,高手帮忙



引用:
原帖由 帅哥阿福 于 2009-5-20 11:12:00 发表
日志检测无异常进程。
楼主的ie打开现在还异常吗?


右键打开IE是IE的路径+一个网址
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT