瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 紧急求救,版主,我无邪,mopery,小聪,豪侠,等进,谢谢帮助

12   1  /  2  页   跳转

紧急求救,版主,我无邪,mopery,小聪,豪侠,等进,谢谢帮助

收藏
我的疑问
头像
自信弱冠狮
  • 帖子:463
  • 注册: 2006-06-17
  • 来自:
发表于: 2006-07-03 09:57 | 显示全部 短消息 资料
字号: 1楼

紧急求救,版主,我无邪,mopery,小聪,豪侠,等进,谢谢帮助

是什么原因造成整个网络不能浏览网页,网络没有问题ping的通就是打不开。其他QQ,kugoo能访问互联网,ADSL本地网站又能打的开。部分网站打的开部分的打不开。

启动项目

注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(CertificateRegistration)(SafeSignCertReg.exe) [A.E.T. Europe B.V.]
(MenuOrder)(C:\Program Files\ICBCPe~1\ICBC\BHDC(Personal)\MenuOrder\MenuOrder.exe) []
(TVTray)(C:\PROGRA~1\10moons\USBTV~1\TVTray.exe) []
(UserFaultCheck)(%systemroot%\system32\dumprep 0 -u) []
(KernelFaultCheck)(%systemroot%\system32\dumprep 0 -k) []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [Microsoft Corporation]
(Userinit)(C:\WINDOWS\system32\userinit.exe,) [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(logonui.exe) [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
(bgoomain.exe)(; ; ; C:\PROGRA~1\baigoo\bgoomain.exe) []
(CdnCtr)(; ; ; C:\Program Files\CNNIC\Cdn\cdnup.exe) []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(; C:\WINDOWS\system32\ctfmon.exe) [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
(IEBaLaLive)(; ; ; "C:\Program Files\IEBaLa\IEBaLaLive.exe" autorun) []
(mspps.exe)(; ; ; C:\WINDOWS\system32\mspps.exe) []
(mstasks.exe)(; ; ; C:\WINDOWS\system32\mspps.exe) []
(PHIME2002ASync)(; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC) [Microsoft Corporation]
(ppdvdpipi)(; ; ; D:\pipicn\Client.exe) []
(rundll32)(; ; C:\WINDOWS\system32\IEXPLORER.EXE) []
(stup.exe)(; ; ; C:\PROGRA~1\TENCENT\Adplus\stup.exe) []
(yassistse)(; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe") [Yahoo!]
(YLive.exe)(; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe) [ ]




--------------------------------------------------------------------------------


启动文件夹

服务

[Ati HotKey Poller / Ati HotKey Poller]
(C:\WINDOWS\system32\Ati2evxx.exe)(N/A)
[ATI Smart / ATI Smart]
(C:\WINDOWS\system32\ati2sgag.exe)()
[Forceware Web Interface / ForcewareWebInterface]
("C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice)(Apache Software Foundation)
[Help and Supports / Help and Supports]
(C:\WINDOWS\lsaas.exe)(N/A)
[ForceWare user log service / nSvcLog]
(C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe)(N/A)
[VIPTray / VIPTray]
(C:\WINDOWS\System32\VIPTray.exe)(N/A)



--------------------------------------------------------------------------------
最后编辑2006-07-03 17:13:42
分享到:
gototop
 
我的疑问
头像
自信弱冠狮
  • 帖子:463
  • 注册: 2006-06-17
  • 来自:
发表于: 2006-07-03 09:59 | 显示全部 短消息 资料
字号: 2楼

浏览器加载项

[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} (C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China)
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} (C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, Yahoo.)
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!)
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, )
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} (F:\KuGoo2\KuGoo3DownXControl.ocx, N/A)
[百度首页]
{02496EBD-8455-48db-B3C7-5DAC97D9F5A7} (http://baidu.com/index.php?tn=zlroomdg, N/A)
[Yahoo 1G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} (http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A)
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} (http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A)
[比较购物搜索(&C)]
{A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} (C:\WINDOWS\YayaBands.dll, Eastday Corporation)
[Yahoo! Messenger]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} (C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe, Yahoo! Inc.)
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!)
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (C:\WINDOWS\system32\CMBEdit.dll, )
[InfoSecNetSign Class]
{62B938C4-4190-4F37-8CF0-A92B0A91CC77} (C:\WINDOWS\system32\NetSign.dll, Infosec Technologies Co., Ltd.)
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (C:\WINDOWS\system32\INPUTC~1.DLL, )
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (C:\WINDOWS\system32\SUBMIT~1.DLL, )
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.)
[AxUSBKey Class]
{DA215190-98B2-47DE-AE24-DA95481DFFBA} (C:\WINDOWS\system32\USBKey.dll, )
[BdSearchHook Class]
{02496EBD-8455-48DB-B3C7-5DAC97D9F5A7} (, N/A)
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (C:\WINDOWS\system32\CMBEdit.dll, )
[InfosecCertInstall Class]
{0EB487C8-E9AC-43A6-8C4C-083999B0622F} (C:\WINDOWS\system32\certInStall.dll, )
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} (C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation)
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} (%SystemRoot%\system32\mshtml.dll, N/A)
[Yahoo!Photo]
{33BBE430-0E42-4F12-B075-8D21ACB10DCB} (C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China)
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} (C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, Yahoo.)
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!)
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} (C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation)
[InfoSecNetSign Class]
{62B938C4-4190-4F37-8CF0-A92B0A91CC77} (C:\WINDOWS\system32\NetSign.dll, Infosec Technologies Co., Ltd.)
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, )
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (C:\WINDOWS\system32\INPUTC~1.DLL, )
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} (C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation)
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (C:\WINDOWS\system32\SUBMIT~1.DLL, )
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} (F:\KuGoo2\KuGoo3DownXControl.ocx, N/A)
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} (%SystemRoot%\system32\shdocvw.dll, N/A)
[CSetLET Class]
{C35D7AE1-0865-4A30-BF07-29FA29324155} (C:\WINDOWS\system32\GDSetLET.dll, )
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.)
[AxUSBKey Class]
{DA215190-98B2-47DE-AE24-DA95481DFFBA} (C:\WINDOWS\system32\USBKey.dll, )
[Messenger Class]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} (, N/A)
[上传到QQ网络硬盘]
(C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A)
[使用KuGoo3下载(&K)]
(F:\KuGoo2\KuGoo3DownX.htm, N/A)
[添加到QQ自定义面板]
(C:\Program Files\Tencent\qq\AddPanel.htm, N/A)
[添加到QQ表情]
(C:\Program Files\Tencent\qq\AddEmotion.htm, N/A)
[添加到雅虎订阅(&Y)]
(res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT, N/A)
[用QQ彩信发送该图片]
(C:\Program Files\Tencent\qq\SendMMS.htm, N/A)

--------------------------------------------------------------------------------
gototop
 
我的疑问
头像
自信弱冠狮
  • 帖子:463
  • 注册: 2006-06-17
  • 来自:
发表于: 2006-07-03 09:59 | 显示全部 短消息 资料
字号: 3楼




正在运行的进程

[PID: 388][\SystemRoot\System32\smss.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 656][\??\C:\WINDOWS\system32\csrss.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[C:\WINDOWS\TEMP\yzpqqq.dll] (N/A)(N/A)
[PID: 692][\??\C:\WINDOWS\system32\winlogon.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 736][C:\WINDOWS\system32\services.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 748][C:\WINDOWS\system32\lsass.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 900][C:\WINDOWS\system32\Ati2evxx.exe] (N/A)(N/A)
[C:\WINDOWS\lsaasKey.DLL] (N/A)(N/A)
[PID: 912][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 964][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1052][C:\WINDOWS\System32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[C:\WINDOWS\TEMP\yzpqqq.dll] (N/A)(N/A)
[PID: 1108][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1252][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1504][C:\WINDOWS\Explorer.EXE] (Microsoft Corporation)(6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] ()(2, 0, 1, 1018)
[C:\WINDOWS\lsaasKey.DLL] (N/A)(N/A)
[C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll] ()(2, 1, 5, 1045)
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] ( )(2, 0, 1, 1007)
[C:\Program Files\WinRAR\rarext.dll] (N/A)(N/A)
[C:\PROGRA~1\3721\ske\contmenu.dll] (N/A)(N/A)
[C:\WINDOWS\TEMP\yzpqqq.dll] (N/A)(N/A)
[C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll] (Yahoo! China)(1, 1, 3, 1035)
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] ()(1, 2, 7, 1006)
[F:\KuGoo2\KuGoo3DownXControl.ocx] (N/A)(N/A)
[C:\WINDOWS\system32\mp3infp.dll] (win32lab.com)(2.44.3.0)
[PID: 1572][C:\WINDOWS\system32\spoolsv.exe] (Microsoft Corporation)(5.1.2600.2696 (xpsp_sp2_gdr.050610-1519))
[PID: 1620][C:\WINDOWS\System32\SCardSvr.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1748][C:\WINDOWS\system32\SafeSignCertReg.exe] (A.E.T. Europe B.V.)(2.0.0.2)
[PID: 1800][C:\WINDOWS\system32\ctfmon.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[C:\WINDOWS\lsaasKey.DLL] (N/A)(N/A)
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] ()(2, 0, 1, 1018)
[PID: 1948][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 2000][C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\libapr.dll] (Apache Software Foundation)(0.0.0.0)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\libaprutil.dll] (Apache Software Foundation)(0.0.0.0)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\libapriconv.dll] (Apache Software Foundation)(0.0.0.0)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\libhttpd.dll] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_access.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_actions.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_alias.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_asis.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_autoindex.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_cgi.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_dir.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_env.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_expires.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_headers.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_imap.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_include.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_isapi.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_log_config.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_mime.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_negotiation.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_rewrite.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_setenvif.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_ssl.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\SSLEAY32.dll] (N/A)(N/A)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\LIBEAY32.dll] (N/A)(N/A)
[PID: 212][C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\libapr.dll] (Apache Software Foundation)(0.0.0.0)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\libaprutil.dll] (Apache Software Foundation)(0.0.0.0)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\libapriconv.dll] (Apache Software Foundation)(0.0.0.0)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\libhttpd.dll] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_access.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_actions.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_alias.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_asis.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_autoindex.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_cgi.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_dir.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_env.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_expires.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_headers.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_imap.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_include.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_isapi.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_log_config.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_mime.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_negotiation.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_rewrite.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_setenvif.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_ssl.so] (Apache Software Foundation)(2.0.47)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\SSLEAY32.dll] (N/A)(N/A)
[C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\LIBEAY32.dll] (N/A)(N/A)
[PID: 268][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] (Microsoft Corporation)(7.00.9466)
[C:\WINDOWS\lsaasKey.DLL] (N/A)(N/A)
[PID: 2212][C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe] ( )(2, 0, 0, 1002)
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] ()(2, 0, 1, 1018)
[C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll] ()(2, 1, 5, 1045)
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] ( )(2, 0, 1, 1007)
[C:\WINDOWS\lsaasKey.DLL] (N/A)(N/A)
[C:\Program Files\Yahoo!\Assistant\yNotifier.dll] ()(1, 0, 0, 5)
[PID: 2240][C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe] (N/A)(N/A)
[C:\NVIDIA\NetworkAccessManager\bin\nv_common.dll] (N/A)(N/A)
[PID: 2352][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 2984][C:\WINDOWS\System32\alg.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 160][C:\WINDOWS\system32\wuauclt.exe] (Microsoft Corporation)(5.8.0.2469 built by: lab01_n(wmbla))
[PID: 2852][C:\WINDOWS\system32\conime.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] ()(2, 0, 1, 1018)
[C:\WINDOWS\lsaasKey.DLL] (N/A)(N/A)
[I:\SREng2\SREng.com] (Smallfrogs Studio)(2.0.21.505)
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] ()(2, 0, 1, 1018)
[C:\WINDOWS\lsaasKey.DLL] (N/A)(N/A)



--------------------------------------------------------------------------------



文件关联

.TXT Error. [NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==========
winscoks
gototop
 
我的疑问
头像
自信弱冠狮
  • 帖子:463
  • 注册: 2006-06-17
  • 来自:
发表于: 2006-07-03 10:04 | 显示全部 短消息 资料
字号: 4楼

描述一下故障,整个局域网ping 外网能ping通,ADSL网络没有问题。但就是不能用浏览器打开网页,在DOS下检测ie,使用的是UDP协议,远程打开的端口也不是为80,造成不能访问网页的问题。
现在将整个日志发在这里,请教高手。
其中的apache为WEB服务器,是被黑客所攻击放在上面的,已经被我删除,删除后能访问网页,但是只能访问ADSL本地城市的网页,比如我在深圳,我只能访问深圳IP段的网页,其他的百度啊,什么的,不是深圳内的全都不能访问。
此病毒已经造成了整个局域网不能访问互联网。
其中这三项检测为灰鸽子,帮我看看是什么类型的鸽子。
c:\windows\lsaas.dll
c:\windows\lsaasKey.DLL
c:\windows\lsaas.exe

此系统经过处理后,还是不能正常访问网页。在此请教高手。
gototop
 
我的疑问
头像
自信弱冠狮
  • 帖子:463
  • 注册: 2006-06-17
  • 来自:
发表于: 2006-07-03 10:06 | 显示全部 短消息 资料
字号: 5楼

以上日志是局域网一台电脑的日志。
有什么原因会造成,不能浏览网页,
我监控了流量,发送跟接收的比例,严重失常。
发一千多字节,接就有十几万字节。
虽然明知中毒,但还是不能完全处理。
在此请教一下版主,我无邪,mo****,打不出你的名字,小聪等高手。
gototop
 
我的疑问
头像
自信弱冠狮
  • 帖子:463
  • 注册: 2006-06-17
  • 来自:
发表于: 2006-07-03 10:17 | 显示全部 短消息 资料
字号: 6楼

后来重装了系统以后,也是一个样,可以确定不是防火墙的问题,没有装防火墙,也确定不是网络设置的问题,ping的通,就是打不开网页。
在dos下netstat -an,看到的ie项,并没有打开远程的80端口。
因为我是在深圳,只有访问深圳政府网啊,什么在深圳的网站的时候,在dos下netstat -an 就能看到IE打开远程80端口,这个连接进程。这个时候访问网页是正常的。
但是你访问百度的时候,就打不开网页了,其他地区的网页都打不开,虽然在dos下是拼的通的。
我已经烦了二天了。谢谢帮助。看一看,分析一下。
gototop
 
我的疑问
头像
自信弱冠狮
  • 帖子:463
  • 注册: 2006-06-17
  • 来自:
发表于: 2006-07-03 10:21 | 显示全部 短消息 资料
字号: 7楼

可以确实是中了病毒所造成的,因为接收的流量字节数远远的要大于发送数量,发送字节不变,不访问互联网数据,但是接收的数量是狂猛增。
用sniffer分析监控后,发现是这个主机的IP发送接收多少数据。
有一个外网IP也是跟着发送接收同样多的数据。
此IP网页为http://72.20.34.68
我到别的地方打开上面的网站后,提示:

You have been sent here 'omega' to see that you really are... a jewcake! -stOrm
你已经在这里,接受到了奥米加,可以看到你是真正的..a jewcake!

明知有问题,但都无法排除啊。整个网络已经不能上网好几天了。
gototop
 
我的疑问
头像
自信弱冠狮
  • 帖子:463
  • 注册: 2006-06-17
  • 来自:
发表于: 2006-07-03 10:28 | 显示全部 短消息 资料
字号: 8楼

已经重装了,并且已经将全部网络断开,只用了一个拨号modem在上拨号上网,将路由交换机全拨了。
但是还是出现问题,网页不能浏览。
郁闷啊!!
从来没有遇到过的问题。
头都炸了。
gototop
 
我的疑问
头像
自信弱冠狮
  • 帖子:463
  • 注册: 2006-06-17
  • 来自:
发表于: 2006-07-03 10:33 | 显示全部 短消息 资料
字号: 9楼

是ghost恢复!
gototop
 
我的疑问
头像
自信弱冠狮
  • 帖子:463
  • 注册: 2006-06-17
  • 来自:
发表于: 2006-07-03 12:15 | 显示全部 短消息 资料
字号: 10楼

非常谢谢啊!!我看看。
还有啊。
[VIPTray / VIPTray]
(C:\WINDOWS\System32\VIPTray.exe)(N/A)
我玩过这病毒...
中了这病毒 才会无法连接网页..能上QQ 等 处理完这病毒方可上网..

这个怎么处理?直接关进程,删原文件,还有注册表注册项,能OK吗??
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT