瑞星卡卡安全论坛

这次抓到了一个网站，http://www.vvfy.com/movie/跳这个网站出来的时候它会窜改我的首页，还会创建快捷方式在我的桌面和收藏夹里。
近来老是挑出很多网站，真是令郎满目五彩缤纷啊，什么都有，但只有这个网站最凶！
再付日志一份，希望高手相助
2005-12-29,16:41:14

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows XP Professional Service Pack 1 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <ATIModeChange><Ati2mdxx.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <SoundMan><SOUNDMAN.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <HPDJ Taskbar Utility><C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <SSC_UserPrompt><C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Symantec NetDriver Monitor><C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <NMGameX_AutoRun><C:\WINDOWS\System32\Rundll32.exe NMGameX.dll,LiveProcess /aa>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <AddrPlus3><RUNDLL32.EXE C:\PROGRA~1\TENCENT\AddrPlus\QAHook1.dll,Rundll32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <AsShell><; "C:\PROGRA~1\3721\assist\ASSHELL.EXE">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <DAEMON Tools-2052><; "D:\Program Files\D-Tools\daemon.exe"  -lang 2052>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\123\「开始」菜单\程序\启动\腾讯QQ.lnk><N>

==================================
服务
[Symantec Event Manager / ccEvtMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Network Proxy / ccProxy]
  <"C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[ISSVC / ISSVC]
  <D:\Program Files\Norton Internet Security\ISSVC.exe><Symantec Corporation>
[Norton AntiVirus Auto-Protect Service / navapsvc]
  <"D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"><Symantec Corporation>
[SAVScan / SAVScan]
  <D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe><Symantec Corporation>
[ScriptBlocking Service / SBService]
  <C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe><Symantec Corporation>
[Symantec Network Drivers Service / SNDSrvc]
  <C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc]
  <C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe><Symantec Corporation>
[Symantec Core LC / Symantec Core LC]
  <C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe><Symantec Corporation>

==================================
浏览器加载项
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\AddrPlus\IEHelp1.dll, Tencent>
[IDDTInitObj Class]
  {15DDE989-CD45-4561-BF99-D22C0D5C2B74} <E:\PROGRA~1\sina\UC\UCddt\ddtinit.dll, 北京新浪信息技术有限公司>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[ST]
  {9394EDE7-C8B5-483E-8773-474BF36AF6E4} <C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation>
[CNisExtBho Class]
  {9ECB9560-04F9-4bbc-943D-298DDF1699E1} <C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll, Symantec Corporation>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[MSNToolBandBHO]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\zh-tw\msntb.dll, Microsoft Corporation>
[CNavExtBho Class]
  {BDF3E430-B101-42AD-A544-FADC6B084872} <D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[新浪UC]
  {2253922F-1B26-4C74-8B57-E3AEE748DBB8} <E:\Program Files\sina\UC\UC.exe, 北京新浪信息技术有限公司>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[百万图库]
  {6713E8D2-850A-101B-AFC0-4210102A8DA7} <http://www.26-3.com/p, N/A>
[铃声图片下载]
  {7713E8D2-850A-101B-AFC0-4210102A8DA7} <http://www.26-3.com/sms/index.htm, N/A>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[Norton Internet Security]
  {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} <C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll, Symantec Corporation>
[Norton AntiVirus]
  {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} <D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[新浪点点通]
  {F60C7D81-8471-4D40-AAFE-56D318F34C2D} <E:\PROGRA~1\sina\UC\UCddt\DDTONG~1.DLL, 北京新浪信息技术有限公司>
[MSN]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\zh-tw\msntb.dll, Microsoft Corporation>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[PowerPlr Control]
  {2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, Powerise Digital>
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\System32\WEBACT~1.OCX, QQ>
[LiveMediaOcx Control]
  {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} <D:\PROGRA~1\QQ\QQLIVE~1\QQLive.ocx, >
[photo_uploader Control]
  {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} <C:\WINDOWS\DOWNLO~1\PHOTO_~1.OCX, N/A>
[KSHScan Control]
  {ACFE8232-03C5-4AEC-AF5E-42B806724096} <C:\WINDOWS\System32\kingsoft\ONLINE~1\KSHScan.ocx, kingsoft>
[MsnMessengerSetupDownloadControl Class]
  {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
[Blueskyvoice Control]
  {BA0F088C-72C1-475A-92F8-42391DEF6961} <C:\WINDOWS\DOWNLO~1\BLUESK~1.OCX, 蓝天工作室(http://www.bluesky.cn)>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[PhotoUpload Control]
  {DE3496D2-AFB9-47EB-A8C2-C3B330222513} <C:\WINDOWS\DOWNLO~1\PHOTOU~1.OCX, 网 易>
[VqqSpeedDlProxy Class]
  {F138084D-84D7-48CD-BEA8-04772457516E} <C:\WINDOWS\vqqsdl.dll, Tencent>
[&Google Search]
  <res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\QQ\AddToNetDisk.htm, N/A>
[使用新浪下载助手下载]
  <E:\PROGRA~1\sina\UC\UCddt\sinadl.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[反向链接]
  <res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html, N/A>
[收藏此页到ViVi]
  <http://vivi.sina.com.cn/collect/click.php?agent=ddt, N/A>
[收藏此页到新浪ViVi]
  <http://vivi.sina.com.cn/collect/click.php?agent=ddt, N/A>
[新浪搜索]
  <http://cha.sina.com.cn/ddt.html, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\QQ\SendMMS.htm, N/A>
[类似网页]
  <res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html, N/A>
[缓存的网页快照]
  <res://c:\program files\google\GoogleToolbar1.dll/cmcache.html, N/A>

==================================
正在运行的进程
[PID: 468][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 540][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 564][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 608][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 620][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 780][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 832][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 936][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 976][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1276][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\PROGRA~1\TENCENT\AddrPlus\QAHook1.dll]  <Tencent><2, 1, 0, 10>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll]  <Symantec Corporation><2005.1.00.163>
    [C:\Program Files\Common Files\Symantec Shared\ccL30.dll]  <Symantec Corporation><103.0.4.3>
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [C:\Program Files\TENCENT\AddrPlus\IEHelp1.dll]  <Tencent><2, 1, 0, 10>
    [D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll]  <Symantec Corporation><11.0.9.16>
[PID: 1540][C:\WINDOWS\SOUNDMAN.EXE]  <Realtek Semiconductor Corp.><5.1.10>
    [C:\PROGRA~1\TENCENT\AddrPlus\QAHook1.dll]  <Tencent><2, 1, 0, 10>
[PID: 1620][C:\WINDOWS\System32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\PROGRA~1\TENCENT\AddrPlus\QAHook1.dll]  <Tencent><2, 1, 0, 10>
[PID: 2012][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
    [C:\WINDOWS\system32\hpzsnt09.dll]  <HP><2.229.0.0>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  <Windows (R) 2000 DDK provider><5.00.2195.1620>
[PID: 1200][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 1640][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 2072][C:\WINDOWS\System32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[PID: 2612][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll]  <Symantec Corporation><2005.1.00.163>
    [C:\PROGRA~1\TENCENT\AddrPlus\QAHook1.dll]  <Tencent><2, 1, 0, 10>
    [C:\Program Files\TENCENT\AddrPlus\IEHelp1.dll]  <Tencent><2, 1, 0, 10>
    [E:\PROGRA~1\sina\UC\UCddt\ddtinit.dll]  <北京新浪信息技术有限公司><1, 2, 1, 2>
    [E:\PROGRA~1\sina\UC\UCddt\DDTUpdate.dll]  <北京新浪信息技术有限公司><1, 2, 0, 9>
    [E:\PROGRA~1\sina\UC\UCddt\DDTONG~1.DLL]  <北京新浪信息技术有限公司><1, 2, 1, 1>
    [E:\PROGRA~1\sina\UC\UCddt\ddtnews.ocx]  <北京新浪信息技术有限公司><1, 1, 0, 9>
    [E:\PROGRA~1\sina\UC\UCddt\DDTcomm.dll]  <北京新浪信息技术有限公司><1, 1, 0, 1>
    [E:\PROGRA~1\sina\UC\UCddt\ddtwea.ocx]  <北京新浪信息技术有限公司><1, 1, 0, 7>
    [E:\PROGRA~1\sina\UC\UCddt\ddtastro.ocx]  <北京新浪信息技术有限公司><1, 1, 0, 2>
    [D:\Program Files\QQ\QQIEHelper.dll]  <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
    [C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll]  <Microsoft Corporation><01.02.3000.1001>
    [C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll]  <Symantec Corporation><8.0.0.64>
    [C:\Program Files\Common Files\Symantec Shared\ccL30.dll]  <Symantec Corporation><103.0.4.3>
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [c:\program files\google\googletoolbar1.dll]  <Google Inc.><2, 0, 114, 9>
    [C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\zh-tw\msntb.dll]  <Microsoft Corporation><01.02.3000.1001>
    [C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\zh-tw\mtbres.dll]  <Microsoft Corporation><01.02.3000.1001>
    [D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll]  <Symantec Corporation><11.0.9.16>
    [C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll]  <Symantec Corporation><11.0.9.16>
    [C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll]  <Symantec Corporation><11.0.9.16>
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  <Symantec Corporation><103.0.4.3>
    [C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
[PID: 1920][C:\Program Files\Messenger\msmsgs.exe]  <Microsoft Corporation><4.7.0041>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll]  <Symantec Corporation><2005.1.00.163>
    [C:\PROGRA~1\TENCENT\AddrPlus\QAHook1.dll]  <Tencent><2, 1, 0, 10>
[PID: 4072][F:\接受到的文件\IE修复\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll]  <Symantec Corporation><2005.1.00.163>
    [C:\PROGRA~1\TENCENT\AddrPlus\QAHook1.dll]  <Tencent><2, 1, 0, 10>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

log看不出异常，建议使用黄山IE修复专家试一下