瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 急,在线等!!!!!!!主页被http://www.213year.cn强奸

1   1  /  1  页   跳转

[求助] 急,在线等!!!!!!!主页被http://www.213year.cn强奸

急,在线等!!!!!!!主页被http://www.213year.cn强奸

主页变成了 http://www.213year.cn/尝试了几种方法都改不了,请大家帮忙啊!只要一搜索就是GOOGLE的,百度都用不了了!有用瑞星(最新)杀毒过了!
另外SRE扫描一半就被强行关闭。在开SRE后提示后台运行,选是后半天没结果。

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QQDownload 1.7; MAXTHON 2.0)
分享到:
gototop
 

回复:急,在线等!!!!!!!主页被http://www.213year.cn强奸

注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Dr.COM ARP 防火墙><; "D:\Program Files\Dr.COM 宽带认证客户端\Drcomwall.exe">  [城市热点有限公司]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Windows木马防火墙><E:\殺毒\新建文件夹\Trojanwall.exe>  [风云谷科技]
    <RavTask><"E:\殺毒\Rising\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <Apoint><; C:\Program Files\Apoint\Apoint.exe>  [(Verified)Microsoft Windows XP Publisher]
    <ATIModeChange><; Ati2mdxx.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <ATIPTA><; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <BIE><; Rundll32 C:\WINDOWS\DOWNLO~1\BDPlugin.dll,Rundll32>  [N/A]
    <ezShieldProtector for Px><; C:\WINDOWS\System32\ezSP_Px.exe>  [Easy Systems Japan Ltd.]
    <HKSERV.EXE><; C:\Program Files\Sony\HotKey Utility\HKserv.exe>  [Sony Corporation]
    <Mouse Suite 98 Daemon><; ICO.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <MSPY2002><; C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <NeroCheck><; C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <vptray><; C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe>  [Symantec Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\System32\userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\System32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
N/A

==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\System32\Ati2evxx.exe><>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <E:\影音风暴\stormliv.exe /asservice><北京暴风网际科技有限公司>
[CSNetManagerXp / CSNetManagerXp][Stopped/Auto Start]
  <"C:\WINDOWS\System32\isass.exe"><N/A>
[DefWatch / DefWatch][Running/Auto Start]
  <C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>
[Dr.COM ARP 防火墙服务 / DrcomwallSvr][Running/Auto Start]
  <"d:\Program Files\Dr.COM 宽带认证客户端\WallHelper.exe"><城市热点有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Symantec AntiVirus Client / Norton AntiVirus Server][Running/Auto Start]
  <C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><CACE Technologies>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"E:\殺毒\Rising\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"E:\殺毒\RISING\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Sony SPTI Service / SPTISRV][Stopped/Manual Start]
  <C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe><Sony Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Alps Pointing-device Filter Driver / ApfiltrService][Running/Manual Start]
  <System32\DRIVERS\Apfiltr.sys><Alps Electric Co., Ltd.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[WIDCOMM USB Bluetooth Driver / BTWUSB][Stopped/Manual Start]
  <System32\Drivers\btwusb.sys><>
[Sony DMI Call service / DMICall][Running/System Start]
  <System32\DRIVERS\DMICall.sys><Sony Corporation>
[Dr.COM ARP Firewall Service / Drcomwall][Running/Manual Start]
  <System32\DRIVERS\drcomwall.sys><城市热点有限公司>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[FTCkillfile / FTCkillfile][Stopped/Manual Start]
  <System32\Drivers\FTCkillfile.sys><N/A>
[FTCProtect / FTCProtect][Running/Manual Start]
  <System32\Drivers\FTCProtect.sys><N/A>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HSFHWICH / HSFHWICH][Running/Manual Start]
  <System32\DRIVERS\HSFHWICH.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
  <System32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <System32\DRIVERS\mdmxsdk.sys><Conexant>
[NAVAP / NAVAP][Running/Manual Start]
  <\??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys><Symantec Corporation>
[NAVAPEL / NAVAPEL][Running/Auto Start]
  <\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS><Symantec Corporation>
[NAVENG / NAVENG][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20030924.008\NAVENG.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20030924.008\NAVEX15.sys><Symantec Corporation>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\npkycryp.sys><N/A>
[IEEE 802.11 Wireless NIC Driver / PRISM][Stopped/Manual Start]
  <System32\DRIVERS\EXPRESS.sys><Intersil Americas Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Sony Notebook Control Device / SNC][Running/Manual Start]
  <System32\Drivers\SonyNC.sys><Sony Corporation>
[Sony Programmable I/O Control Device / SPI][Running/Manual Start]
  <System32\DRIVERS\SonyPI.sys><Sony Corporation>
[SymEvent / SymEvent][Running/Manual Start]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[YAMAHA AC-XG Audio Device / WDM_YAMAHAAC97][Running/Manual Start]
  <system32\drivers\yacxgc.sys><YAMAHA CORPORATION>
[winachsf / winachsf][Running/Manual Start]
  <System32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
gototop
 

回复:急,在线等!!!!!!!主页被http://www.213year.cn强奸

浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <D:\QQDownload\QQIEHelper01.dll, 腾讯公司>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[]
  {21334231-6DED-436B-9E63-E45AAA9DA107} <C:\WINDOWS\system32\mazpafavca.dll, Microsoft Inc.>
[]
  {296E2539-1A71-44AE-9864-9C083517BD36} <C:\WINDOWS\system32\ssstxqludztqt.dll, N/A>
[]
  {9B753C26-9E77-4C96-B7A8-4ACB70025974} <C:\WINDOWS\system32\rvhjuwelpq.dll, Microsoft Inc.>
[解霸]
  {367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\HEROSOFT\Hero3000\MPLAYER.EXE, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\PROGRA~1\Kingsoft\FASTAI~1\IEBand.dll, >
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\System32\aliedit\aliedit.dll, >
[IEAnimBehaviorFactory Class]
  {A4639D2F-774E-11D3-A490-00C04F6843FB} <C:\PROGRA~1\COMMON~1\MICROS~1\MSORun\MSORUN.DLL, Microsoft Corporation>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\淘宝网\淘宝旺旺\WangWangX4.dll, 阿里软件(中国)有限公司>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\System32\msnetobj.dll, Microsoft Corporation>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[&使用超级旋风下载]
  <D:\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <D:\QQDownload\getAllurl.htm, N/A>
[导出到 Microsoft Excel(&x)]
  <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <D:\QQDownload\AddEmotion.htm, N/A>
[解霸实时播放]
  <C:\HEROSOFT\Hero3000\MPURLGET.HTM, N/A>

==================================
正在运行的进程
[PID: 780][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 896][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 924][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1557 (xpsp2_gdr.040517-1325)]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
    [C:\WINDOWS\system32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 976][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 988][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\ESPI11.dll]  [DYWT, 1, 1, 0, 0]
[PID: 1156][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\ESPI11.dll]  [DYWT, 1, 1, 0, 0]
[PID: 1324][E:\殺毒\Rising\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.28]
[PID: 1352][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\ESPI11.dll]  [DYWT, 1, 1, 0, 0]
[PID: 952][E:\殺毒\Rising\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.23]
    [E:\殺毒\Rising\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [E:\殺毒\Rising\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [E:\殺毒\Rising\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [E:\殺毒\Rising\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [E:\殺毒\Rising\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.18]
[PID: 1252][E:\殺毒\Rising\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 20.0.01.20]
    [C:\WINDOWS\System32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [E:\殺毒\Rising\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [E:\殺毒\Rising\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [E:\殺毒\Rising\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [E:\殺毒\Rising\Rising\Rav\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39]
    [E:\殺毒\Rising\Rising\Rav\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
    [E:\殺毒\Rising\Rising\Rav\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [E:\殺毒\Rising\Rising\Rav\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [E:\殺毒\Rising\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [E:\殺毒\Rising\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.18]
    [E:\殺毒\Rising\Rising\Rav\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.29]
    [E:\殺毒\Rising\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [E:\殺毒\Rising\Rising\Rav\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 89]
    [E:\殺毒\Rising\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[PID: 284][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
    [E:\殺毒\新建文件夹\FTCMon.dll]  [木马清道夫监控模块, 4.2.0.0]
[PID: 2604][C:\WINDOWS\System32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
    [E:\殺毒\新建文件夹\FTCMon.dll]  [木马清道夫监控模块, 4.2.0.0]
[PID: 2988][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
    [E:\殺毒\新建文件夹\FTCMon.dll]  [木马清道夫监控模块, 4.2.0.0]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [C:\WINDOWS\System32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [C:\WINDOWS\System32\ESPI11.dll]  [DYWT, 1, 1, 0, 0]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\mazpafavca.dll]  [Microsoft Inc., 1.0.0.0]
    [C:\WINDOWS\system32\rvhjuwelpq.dll]  [Microsoft Inc., 1.0.0.0]
    [E:\殺毒\Rising\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  [Symantec Corporation, 8.1.0.821]
    [E:\殺毒\新建文件夹\FTCCommenu.dll]  [Fygsoft and Microsoft, 3.0.0.71]
[PID: 2296][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
    [E:\殺毒\新建文件夹\FTCMon.dll]  [木马清道夫监控模块, 4.2.0.0]
[PID: 2896][E:\殺毒\Maxthon2\Maxthon.exe]  [Maxthon International ltd., 2, 1, 2, 649]
    [E:\殺毒\Maxthon2\mxpp.dll]  [Maxthon International ltd., 1, 0, 0, 117]
    [E:\殺毒\Maxthon2\MxSk.dll]  [Maxthon, 1, 0, 0, 358]
    [E:\殺毒\Maxthon2\MxProxy2.dll]  [Maxthon International ltd., 1, 0, 0, 4033]
    [E:\殺毒\Maxthon2\MxExt.dll]  [N/A, ]
    [E:\殺毒\Maxthon2\MxUI.dll]  [Maxthon International, 3, 3, 0, 3]
    [C:\WINDOWS\System32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
    [E:\殺毒\新建文件夹\FTCMon.dll]  [木马清道夫监控模块, 4.2.0.0]
    [E:\殺毒\Maxthon2\mxtool.dll]  [, 1, 0, 0, 1]
    [E:\殺毒\Maxthon2\maxzlib.dll]  [, 1.2.3]
    [E:\殺毒\Maxthon2\Modules\MxPageSearch\MxPageSearch.dll]  [Maxthon International ltd., 1,0,0,1330]
    [E:\殺毒\Maxthon2\Modules\MxWebBoost\MxWebBoost.dll]  [Maxthon, 1,0,2,1259]
    [E:\殺毒\Maxthon2\mxdb.dll]  [Max, 3, 5, 3, 125]
    [C:\WINDOWS\System32\ESPI11.dll]  [DYWT, 1, 1, 0, 0]
    [E:\殺毒\Maxthon2\Modules\MxHistory\MxHistory.dll]  [Maxthon International ltd., 1, 0, 0, 7]
    [E:\殺毒\Rising\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [D:\QQDownload\QQIEHelper01.dll]  [腾讯公司, 1, 1, 0, 5]
[PID: 2592][E:\殺毒\SRE9d2c65c3\修改的2.4版SREng.EXE]  [1111, 2..4]
    [E:\殺毒\新建文件夹\FTCMon.dll]  [木马清道夫监控模块, 4.2.0.0]
    [C:\WINDOWS\System32\ESPI11.dll]  [DYWT, 1, 1, 0, 0]
    [E:\殺毒\Rising\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
    C:\WINDOWS\System32\ESPI11.dll(DYWT, ESPI)
MSAFD Tcpip [UDP/IP]
    C:\WINDOWS\System32\ESPI11.dll(DYWT, ESPI)
MSAFD Tcpip [RAW/IP]
    C:\WINDOWS\System32\ESPI11.dll(DYWT, ESPI)
RSVP UDP Service Provider
    C:\WINDOWS\System32\ESPI11.dll(DYWT, ESPI)
RSVP TCP Service Provider
    C:\WINDOWS\System32\ESPI11.dll(DYWT, ESPI)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
入口点错误:FreeLibrary (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0x5F000031)

==================================
隐藏进程
    [373] E:\殺毒\新建文件夹\Trojanwall.exe

==================================


[/CODE]
gototop
 

回复:急,在线等!!!!!!!主页被http://www.213year.cn强奸

请以附件形式上传完整的日志
gototop
 

回复: 急,在线等!!!!!!!主页被http://www.213year.cn强奸

使用SRENG清除浏览器加载项

[]
  {296E2539-1A71-44AE-9864-9C083517BD36} <C:\WINDOWS\system32\ssstxqludztqt.dll, N/A>


使用WINDOWS清理助手清理一下系统
  (点击下载)

发现可疑文件的时候
到下列多引擎病毒扫描网进行扫描
http://www.virustotal.com/zh-cn/
http://virusscan.jotti.org/

如果确定是病毒影响,请您将可疑文件上报
http://up.rising.com.cn/webmail/uploadnew.htm
最后编辑天云一剑 最后编辑于 2008-07-18 22:12:37
汰丸,你妈妈六十大寿让你回家吃饭

http://hi.baidu.com/roxiel
gototop
 

回复 5F 天云一剑 的帖子

之后呢?
gototop
 

回复:急,在线等!!!!!!!主页被http://www.213year.cn强奸

[373] E:\殺毒\新建文件夹\Trojanwall.exe
这是LZ安装的?

之后超级兔子修复IE
gototop
 

回复 7F aaccbbdd 的帖子

那个文件夹是安Windows木马清道夫时建的。
gototop
 

回复:急,在线等!!!!!!!主页被http://www.213year.cn强奸

清楚浏览器加载项
[]
  {21334231-6DED-436B-9E63-E45AAA9DA107} <C:\WINDOWS\system32\mazpafavca.dll, Microsoft Inc.>
[]
  {296E2539-1A71-44AE-9864-9C083517BD36} <C:\WINDOWS\system32\ssstxqludztqt.dll, N/A>
[]
  {9B753C26-9E77-4C96-B7A8-4ACB70025974} <C:\WINDOWS\system32\rvhjuwelpq.dll, Microsoft Inc.>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>

修复IE
机会是自己争取的。
gototop
 

回复: 急,在线等!!!!!!!主页被http://www.213year.cn强奸

被这个恶意代码困扰了两天后终于解决!这里是Geeks to go!的病毒专家帮我查毒的全过程
http://www.geekstogo.com/forum/diagnose-hijackthis-log-t205583.html&gopid=1288272#entry1288272

希望能对大家有帮助。
gototop
 
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT