网页被劫持 bbs.ikaka.com

ajx20001 - 2009-2-2 14:29:00

主页被劫持为http://www.google.com.sohu.com.baidu.com.bibipv.cn/ren0w1la0lly0so1baidubaidubaidubaidubaidubaidubaidubaidubaidu.htm
运用了卡巴斯基，卡卡，瑞星，兔子，兵刃，网页保护神，注册表修改等数十种方法统统的不好使。主页可以修改，但是改过关闭后，再启动还是上述地址。

扫描日志：

瑞星卡卡电脑诊断日志 v1.30 (2009-2-2 14:30:4) 北京瑞星信息技术有限公司
注释: [A]表示该文件存在自启动关联;
[M]表示该文件在内存中;
+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
aspnet_state
[A ] 1. c:\windows\microsoft.net\framework\v1.1.4322\aspnet_state.exe

aswUpdSv
[AM] 2. c:\program files\alwil software\avast4\aswupdsv.exe

Ati HotKey Poller
[AM] 3. c:\windows\system32\ati2evxx.exe

avast! Antivirus
[AM] 4. c:\program files\alwil software\avast4\ashserv.exe

avast! Mail Scanner
[AM] 5. c:\program files\alwil software\avast4\ashmaisv.exe

avast! Web Scanner
[AM] 6. c:\program files\alwil software\avast4\ashwebsv.exe

hpqcxs08
[A ] 7. c:\program files\hp\digital imaging\bin\hpqcxs08.dll

MDM
[AM] 8. c:\program files\common files\microsoft shared\vs7debug\mdm.exe

Net Driver HPZ12
[AM] 9. c:\windows\system32\hpzinw12.dll

ose
[A ] 10. c:\program files\common files\microsoft shared\source engine\ose.exe

Pml Driver HPZ12
[AM] 11. c:\windows\system32\hpzipm12.dll

RegSrvc
[AM] 12. c:\windows\system32\regsrvc.exe

S24EventMonitor
[AM] 13. c:\windows\system32\s24evmon.exe

ServiceLayer
[A ] 14. c:\program files\pc connectivity solution\servicelayer.exe

WudfSvc
[AM] 15. c:\windows\system32\wudfsvc.dll

+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
a320raid
[A ] 16. c:\windows\system32\drivers\a320raid.sys

aar1210
[A ] 17. c:\windows\system32\drivers\aar1210.sys

Aavmker4
[A ] 18. c:\windows\system32\drivers\aavmker4.sys

adpu320
[A ] 19. c:\windows\system32\drivers\adpu320.sys

aec6210
[A ] 20. c:\windows\system32\drivers\aec6210.sys

aec6260
[A ] 21. c:\windows\system32\drivers\aec6260.sys

aec6280
[A ] 22. c:\windows\system32\drivers\aec6280.sys

AEC6890
[A ] 23. c:\windows\system32\drivers\aec6890.sys

aec68x5
[A ] 24. c:\windows\system32\drivers\aec68x5.sys

aswRdr
[A ] 25. c:\windows\system32\drivers\aswrdr.sys

aswSP
[A ] 26. c:\windows\system32\drivers\aswsp.sys

aswTdi
[A ] 27. c:\windows\system32\drivers\aswtdi.sys

fasttrak
[A ] 28. c:\windows\system32\drivers\fasttrak.sys

fasttx2k
[A ] 29. c:\windows\system32\drivers\fasttx2k.sys

fasttx2k2
[A ] 30. c:\windows\system32\drivers\fasttx2k2.sys

Hpt366
[A ] 31. c:\windows\system32\drivers\hpt366.sys

HPT371
[A ] 32. c:\windows\system32\drivers\hpt371.sys

hpt374
[A ] 33. c:\windows\system32\drivers\hpt374.sys

hpt3xx
[A ] 34. c:\windows\system32\drivers\hpt3xx.sys

hptmv
[A ] 35. c:\windows\system32\drivers\hptmv.sys

hptpro
[A ] 36. c:\windows\system32\drivers\hptpro.sys

HPZid412
[A ] 37. c:\windows\system32\drivers\hpzid412.sys

HPZipr12
[A ] 38. c:\windows\system32\drivers\hpzipr12.sys

HPZius12
[A ] 39. c:\windows\system32\drivers\hpzius12.sys

HSFHWICH
[A ] 40. c:\windows\system32\drivers\hsfhwich.sys

HSF_DP
[A ] 41. c:\windows\system32\drivers\hsf_dp.sys

iaStor
[A ] 42. c:\windows\system32\drivers\iastor.sys

iteraid
[A ] 43. c:\windows\system32\drivers\iteraid.sys

L8042Kbd
[A ] 44. c:\windows\system32\drivers\l8042kbd.sys

L8042mou
[A ] 45. c:\windows\system32\drivers\l8042mou.sys

LHidFilt
[A ] 46. c:\windows\system32\drivers\lhidfilt.sys

LMouFilt
[A ] 47. c:\windows\system32\drivers\lmoufilt.sys

LMouKE
[A ] 48. c:\windows\system32\drivers\lmouke.sys

LUsbFilt
[A ] 49. c:\windows\system32\drivers\lusbfilt.sys

m5228
[A ] 50. c:\windows\system32\drivers\m5228.sys

m5281
[A ] 51. c:\windows\system32\drivers\m5281.sys

MDC8021X
[A ] 52. c:\windows\system32\drivers\mdc8021x.sys

mdmxsdk
[A ] 53. c:\windows\system32\drivers\mdmxsdk.sys

MegaIDE
[A ] 54. c:\windows\system32\drivers\megaide.sys

mraid2k
[A ] 55. c:\windows\system32\drivers\mraid2k.sys

nmwcd
[A ] 56. c:\windows\system32\drivers\ccdcmb.sys

nmwcdc
[A ] 57. c:\windows\system32\drivers\ccdcmbo.sys

npkcrypt
[A ] 58. c:\windows\system32\npkcrypt.sys

npkycryp
[A ] 59. c:\windows\system32\npkycryp.sys

O2SCBUS
[A ] 60. c:\windows\system32\drivers\ozscr.sys

OMCI
[A ] 61. c:\windows\system32\drivers\omci.sys

pccsmcfd
[A ] 62. c:\windows\system32\drivers\pccsmcfd.sys

Pnp680
[A ] 63. c:\windows\system32\drivers\pnp680.sys

Pnp680r
[A ] 64. c:\windows\system32\drivers\pnp680r.sys

s24trans
[A ] 65. c:\windows\system32\drivers\s24trans.sys

Secdrv
[A ] 66. c:\windows\system32\drivers\secdrv.sys

SI3112
[A ] 67. c:\windows\system32\drivers\si3112.sys

SI3112r
[A ] 68. c:\windows\system32\drivers\si3112r.sys

SI3114
[A ] 69. c:\windows\system32\drivers\si3114.sys

SI3114r
[A ] 70. c:\windows\system32\drivers\si3114r.sys

SI3124
[A ] 71. c:\windows\system32\drivers\si3124.sys

SI3124r
[A ] 72. c:\windows\system32\drivers\si3124r.sys

SiFilter
[A ] 73. c:\windows\system32\drivers\siwinacc.sys

SiSRaid
[A ] 74. c:\windows\system32\drivers\sisraid.sys

SiSRaid1
[A ] 75. c:\windows\system32\drivers\sisraid1.sys

sptrak
[A ] 76. c:\windows\system32\drivers\sptrak.sys

STAC97
[A ] 77. c:\windows\system32\drivers\stac97.sys

SVKP
[A ] 78. c:\windows\system32\svkp.sys

UlSata
[A ] 79. c:\windows\system32\drivers\ulsata.sys

upperdev
[A ] 80. c:\windows\system32\drivers\usbser_lowerflt.sys

UsbserFilt
[A ] 81. c:\windows\system32\drivers\usbser_lowerfltj.sys

VCOM_WirelessMgr
[A ] 82. c:\windows\system32\drivers\vcom_a2000p.sys

viamraid
[A ] 83. c:\windows\system32\drivers\viamraid.sys

viapdsk
[A ] 84. c:\windows\system32\drivers\viapdsk.sys

viaraid
[A ] 85. c:\windows\system32\drivers\viaraid.sys

viasraid
[A ] 86. c:\windows\system32\drivers\viasraid.sys

vmscsi
[A ] 87. c:\windows\system32\drivers\vmscsi.sys

w22n51
[A ] 88. c:\windows\system32\drivers\w22n51.sys

Wdf01000
[A ] 89. c:\windows\system32\drivers\wdf01000.sys

winachsf
[A ] 90. c:\windows\system32\drivers\hsf_cnxt.sys

WudfPf
[A ] 91. c:\windows\system32\drivers\wudfpf.sys

WudfRd
[A ] 92. c:\windows\system32\drivers\wudfrd.sys

zusbdemo
[A ] 93. c:\windows\system32\drivers\zusbdemo.sys

+ 文件系统驱动
+ HKLM\System\CurrentControlSet\Services
aswFsBlk
[A ] 94. c:\windows\system32\drivers\aswfsblk.sys

aswMon2
[A ] 95. c:\windows\system32\drivers\aswmon2.sys

+ 系统登陆自运行
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
AtiExtEvent
[AM] 96. c:\windows\system32\ati2evxx.dll

Sebring
[AM] 97. c:\windows\system32\lgnotify.dll

+ IE浏览器加载模块
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{889D2FEB-5411-4565-8998-1DD2C5261283}
[AM] 98. d:\迅雷\comdlls\xunleibho_now.dll

+ 资源管理器加载模块
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
application/octet-stream
[A ] 99. c:\windows\system32\mscoree.dll

application/x-complus
[A ] 99. c:\windows\system32\mscoree.dll

application/x-msdownload
[A ] 99. c:\windows\system32\mscoree.dll

text/xml
[A ] 100. c:\program files\common files\microsoft shared\office11\msoxmlmf.dll

+ HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
ic32pp
[A ] 101. c:\windows\wc98pp.dll

ms-itss
[A ] 102. c:\program files\common files\microsoft shared\information retrieval\msitss.dll

mso-offdap11
[A ] 103. c:\program files\common files\microsoft shared\web components\11\owc11.dll

+ HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers
{0561EC90-CE54-4f0c-9C55-E226110A740C}
[AM] 104. c:\program files\haali\matroskasplitter\mmfinfo.dll

{F9DB5320-233E-11D1-9F84-707F02C10627}
[AM] 105. c:\program files\common files\adobe\acrobat\activex\pdfshell.dll

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HyperTerminal Icon Ext
[A ] 106. c:\windows\system32\hticons.dll

Fusion Cache
[A ] 99. c:\windows\system32\mscoree.dll

Web Folders
[A ] 107. c:\program files\common files\microsoft shared\web folders\msonsext.dll

Microsoft Office HTML Icon Handler
[AM] 108. c:\program files\microsoft office\office11\msohev.dll

avast
[AM] 109. c:\program files\alwil software\avast4\ashshell.dll

WinRAR shell extension
[AM] 110. d:\解压\rarext.dll

PicaView
[A ] 111. d:\acdsee3.1\acdsee\picaview.dll

UnlockerShellExtension
[AM] 112. d:\删除软件\unlocker\unlockercom.dll

Portable Media Devices
[A ] 113. c:\windows\system32\audiodev.dll

Portable Media Devices Menu
[A ] 113. c:\windows\system32\audiodev.dll

Portable Devices
[A ] 114. c:\windows\system32\wpdshext.dll

Portable Devices Menu
[A ] 114. c:\windows\system32\wpdshext.dll

诺基亚手机浏览器
[AM] 115. d:\pcn81\nokia pc suite 7\phonebrowser.dll

Haali Column Provider
[AM] 104. c:\program files\haali\matroskasplitter\mmfinfo.dll

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
WPDShServiceObj
[AM] 116. c:\windows\system32\wpdshserviceobj.dll

+ 开机执行
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 117. c:\windows\system32\kknative.exe

+ 映像劫持
+ HKCR\.html
htmlfile\Edit\Command
[A ] 118. c:\program files\microsoft office\office11\msohtmed.exe

htmlfile\Print\Command
[A ] 118. c:\program files\microsoft office\office11\msohtmed.exe

+ HKCR\.htm
htmlfile\Edit\Command
[A ] 118. c:\program files\microsoft office\office11\msohtmed.exe

htmlfile\Print\Command
[A ] 118. c:\program files\microsoft office\office11\msohtmed.exe

+ HKCR\.log
UltraEdit.log\open\Command
[A ] 119. c:\program files\idm computer solutions\ultraedit\uedit32.exe

UltraEdit.log\print\Command
[A ] 119. c:\program files\idm computer solutions\ultraedit\uedit32.exe

+ HKCR\.js
UltraEdit.js\open\Command
[A ] 119. c:\program files\idm computer solutions\ultraedit\uedit32.exe

UltraEdit.js\print\Command
[A ] 119. c:\program files\idm computer solutions\ultraedit\uedit32.exe

+ HKCR\.mp3
QQMusic.mp3\QQMusic.1.Play\Command
[A ] 120. d:\qqmusic\qqmusic.exe

QQMusic.mp3\QQMusic.2.Add\Command
[A ] 120. d:\qqmusic\qqmusic.exe

+ HKCR\.ini
UltraEdit.ini\open\Command
[A ] 119. c:\program files\idm computer solutions\ultraedit\uedit32.exe

UltraEdit.ini\print\Command
[A ] 119. c:\program files\idm computer solutions\ultraedit\uedit32.exe

+ 程序初始化和已知动态连接库
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs
[AM] 121. c:\windows\system32\kmon.dll

+ 打印机监控
+ HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
Microsoft Document Imaging Writer Monitor
[AM] 122. c:\windows\system32\mdimon.dll

PCL hpz3l4x6
[AM] 123. c:\windows\system32\hpz3l4x6.dll

+ 其他自启动项目
+ C:\Documents and Settings\Administrator\「开始」菜单\程序\启动
qq.exe
[A ] 124. c:\documents and settings\administrator\「开始」菜单\程序\启动\qq.exe

+ C:\WINDOWS\Tasks
SogouImeMgr.job
[A ] 125. c:\program files\sogouinput\4.0.0.2088\pinyinrepair.exe

+ 正在运行的进程
+ 000000e0(224) SCardSvr.exe
60000000[00074000]
[AM] 121. c:\windows\system32\kmon.dll

+ 0000010c(268) svchost.exe
+ 00000150(336) ZCfgSvc.exe
00400000[00061000]
[ M] 126. c:\windows\system32\zcfgsvc.exe

10000000[0003A000]
[ M] 127. c:\windows\system32\pfmgrapi.dll

00380000[0002D000]
[ M] 128. c:\windows\system32\psregapi.dll

00470000[0008D000]
[ M] 129. c:\windows\system32\wconfig.dll

003B0000[0001C000]
[ M] 130. c:\windows\system32\wifiadap.dll

00500000[000DF000]
[ M] 131. c:\windows\system32\psguimgr.dll

005E0000[00037000]
[ M] 132. c:\windows\system32\c1xstngs.dll

60000000[00074000]
[AM] 121. c:\windows\system32\kmon.dll

01030000[00008000]
[ M] 133. c:\program files\intel\prosetwireless\proset\chs\zcsvcchs.dll

01050000[00005000]
[ M] 134. c:\program files\intel\prosetwireless\proset\chs\pmapichs.dll

01180000[00012000]
[ M] 135. c:\windows\system32\s24mudll.dll

65780000[00023000]
[ M] 136. c:\program files\alwil software\avast4\ahjsctns.dll

018F0000[00010000]
[ M] 137. c:\program files\intel\prosetwireless\proset\chs\c1xstchs.dll

+ 0000018c(396) smss.exe
+ 000001d0(464) rundll32.exe
60000000[00074000]
[AM] 121. c:\windows\system32\kmon.dll

65780000[00023000]
[ M] 136. c:\program files\alwil software\avast4\ahjsctns.dll

+ 0000020c(524) Ati2evxx.exe
00400000[00062000]
[AM] 3. c:\windows\system32\ati2evxx.exe

60000000[00074000]
[AM] 121. c:\windows\system32\kmon.dll

+ 00000250(592) 1XConfig.exe
00400000[00030000]
[ M] 138. c:\windows\system32\1xconfig.exe

10000000[000FF000]
[ M] 139. c:\windows\system32\intelae5.dll

00370000[00024000]
[ M] 140. c:\windows\system32\ssleay32.dll

00430000[000A1000]
[ M] 141. c:\windows\system32\libeay32.dll

003A0000[0002D000]
[ M] 128. c:\windows\system32\psregapi.dll

60000000[00074000]
[AM] 121. c:\windows\system32\kmon.dll

65780000[00023000]
[ M] 136. c:\program files\alwil software\avast4\ahjsctns.dll

+ 000002ac(684) Explorer.EXE
60000000[00074000]
[AM] 121. c:\windows\system32\kmon.dll

65780000[00023000]
[ M] 136. c:\program files\alwil software\avast4\ahjsctns.dll

164A0000[00023000]
[AM] 116. c:\windows\system32\wpdshserviceobj.dll

72C80000[00008000]
[ M] 142. c:\windows\system32\msacm32.drv

10000000[00099000]
[AM] 115. d:\pcn81\nokia pc suite 7\phonebrowser.dll

01CB0000[000CA000]
[ M] 143. d:\pcn81\nokia pc suite 7\ngscm.dll

01B80000[00006000]
[ M] 144. d:\pcn81\nokia pc suite 7\lang\phonebrowser_chi-sc.nlr

02030000[0008E000]
[ M] 145. d:\pcn81\nokia pc suite 7\resource\phonebrowser_nokia.ngr

109C0000[0002C000]
[ M] 146. c:\windows\system32\portabledevicetypes.dll

10930000[00049000]
[ M] 147. c:\windows\system32\portabledeviceapi.dll

014E0000[00006000]
[AM] 112. d:\删除软件\unlocker\unlockercom.dll

01500000[0002E000]
[AM] 110. d:\解压\rarext.dll

01530000[00019000]
[ M] 148. c:\program files\idm computer solutions\ultraedit\ue32ctmn.dll

64F00000[00012000]
[AM] 109. c:\program files\alwil software\avast4\ashshell.dll

02FE0000[0000F000]
[AM] 104. c:\program files\haali\matroskasplitter\mmfinfo.dll

030D0000[0000B000]
[ M] 149. c:\program files\haali\matroskasplitter\mkunicode.dll

03450000[0005B000]
[AM] 105. c:\program files\common files\adobe\acrobat\activex\pdfshell.dll

037C0000[0004C000]
[ M] 150. c:\program files\common files\adobe\acrobat\activex\pdfshell.chs

032A0000[00031000]
[AM] 98. d:\迅雷\comdlls\xunleibho_now.dll

24240000[0000E000]
[ M] 151. d:\迅雷\components\resworker\dsbho_01.dll

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

ajx20001 - 2009-2-2 14:30:00

241F0000[0001E000]
[ M] 152. d:\迅雷\components\resworker\dataprocessor_01.dll
325C0000[00012000]
[AM] 108. c:\program files\microsoft office\office11\msohev.dll
+ 000002b4(692) MDM.EXE
00400000[0004D000]
[AM] 8. c:\program files\common files\microsoft shared\vs7debug\mdm.exe
60000000[00074000]
[AM] 121. c:\windows\system32\kmon.dll
51810000[00006000]
[ M] 153. c:\program files\common files\microsoft shared\vs7debug\2052\mdmui.dll
+ 00000350(848) svchost.exe
007B0000[00010000]
[AM] 11. c:\windows\system32\hpzipm12.dll
+ 00000360(864) RegSrvc.exe
00400000[00021000]
[AM] 12. c:\windows\system32\regsrvc.exe
60000000[00074000]
[AM] 121. c:\windows\system32\kmon.dll
+ 00000374(884) csrss.exe
+ 0000039c(924) WScript.exe
60000000[00074000]
[AM] 121. c:\windows\system32\kmon.dll
65780000[00023000]
[ M] 136. c:\program files\alwil software\avast4\ahjsctns.dll
65700000[00018000]
[ M] 154. c:\program files\alwil software\avast4\ahascr.dll
65000000[00038000]
[ M] 155. c:\program files\alwil software\avast4\aavm4h.dll
65100000[00009000]
[ M] 156. c:\program files\alwil software\avast4\aavmrpch.dll
7C340000[00056000]
[ M] 157. c:\windows\system32\msvcr71.dll
64500000[00038000]
[ M] 158. c:\program files\alwil software\avast4\ashbase.dll
7C3A0000[0007B000]
[ M] 159. c:\windows\system32\msvcp71.dll
64000000[00016000]
[ M] 160. c:\program files\alwil software\avast4\aswcmnos.dll
64080000[00020000]
[ M] 161. c:\program files\alwil software\avast4\aswcmnb.dll
64100000[0002F000]
[ M] 162. c:\program files\alwil software\avast4\aswcmns.dll
64800000[0001D000]
[ M] 163. c:\program files\alwil software\avast4\ashtask.dll
64580000[000A2000]
[ M] 164. c:\program files\alwil software\avast4\aswaux.dll
36D30000[0001B000]
[ M] 165. c:\program files\microsoft office\office11\mcps.dll
+ 000003ac(940) aswUpdSv.exe
00400000[00006000]
[AM] 2. c:\program files\alwil software\avast4\aswupdsv.exe
64100000[0002F000]
[ M] 162. c:\program files\alwil software\avast4\aswcmns.dll
64000000[00016000]
[ M] 160. c:\program files\alwil software\avast4\aswcmnos.dll
7C3A0000[0007B000]
[ M] 159. c:\windows\system32\msvcp71.dll
7C340000[00056000]
[ M] 157. c:\windows\system32\msvcr71.dll
64080000[00020000]
[ M] 161. c:\program files\alwil software\avast4\aswcmnb.dll
60000000[00074000]
[AM] 121. c:\windows\system32\kmon.dll
+ 0000040c(1036) winlogon.exe
10000000[00017000]
[AM] 96. c:\windows\system32\ati2evxx.dll
015A0000[0001E000]
[AM] 97. c:\windows\system32\lgnotify.dll
72C80000[00008000]
[ M] 142. c:\windows\system32\msacm32.drv
+ 0000041c(1052) ashServ.exe
00400000[00026000]
[AM] 4. c:\program files\alwil software\avast4\ashserv.exe
64580000[000A2000]
[ M] 164. c:\program files\alwil software\avast4\aswaux.dll
7C3A0000[0007B000]
[ M] 159. c:\windows\system32\msvcp71.dll
7C340000[00056000]
[ M] 157. c:\windows\system32\msvcr71.dll
64080000[00020000]
[ M] 161. c:\program files\alwil software\avast4\aswcmnb.dll
64000000[00016000]
[ M] 160. c:\program files\alwil software\avast4\aswcmnos.dll
64280000[00136000]
[ M] 166. c:\program files\alwil software\avast4\aswengin.dll
64200000[00015000]
[ M] 167. c:\program files\alwil software\avast4\aswscan.dll
64100000[0002F000]
[ M] 162. c:\program files\alwil software\avast4\aswcmns.dll
64500000[00038000]
[ M] 158. c:\program files\alwil software\avast4\ashbase.dll
64800000[0001D000]
[ M] 163. c:\program files\alwil software\avast4\ashtask.dll
64400000[00009000]
[ M] 168. c:\program files\alwil software\avast4\aswinteg.dll
64A00000[00007000]
[ M] 169. c:\program files\alwil software\avast4\aswidle.dll
65000000[00038000]
[ M] 155. c:\program files\alwil software\avast4\aavm4h.dll
65100000[00009000]
[ M] 156. c:\program files\alwil software\avast4\aavmrpch.dll
60000000[00074000]
[AM] 121. c:\windows\system32\kmon.dll
66080000[0000B000]
[ M] 170. c:\program files\alwil software\avast4\chineses\base.dll
65380000[0000C000]
[ M] 171. c:\program files\alwil software\avast4\ahresmai.dll
65880000[0000C000]
[ M] 172. c:\program files\alwil software\avast4\ahresmes.dll
65980000[0000D000]
[ M] 173. c:\program files\alwil software\avast4\ahresns.dll
65280000[0000B000]
[ M] 174. c:\program files\alwil software\avast4\ahresout.dll
658C0000[0000C000]
[ M] 175. c:\program files\alwil software\avast4\ahresp2p.dll
65180000[0000E000]
[ M] 176. c:\program files\alwil software\avast4\ahresstd.dll
65A00000[0000F000]
[ M] 177. c:\program files\alwil software\avast4\ahresws.dll
65480000[00009000]
[ M] 178. c:\program files\alwil software\avast4\ahresjs.dll
64880000[00039000]
[ M] 179. c:\program files\alwil software\avast4\ashssqlt.dll
65780000[00023000]
[ M] 136. c:\program files\alwil software\avast4\ahjsctns.dll
66000000[00024000]
[ M] 180. c:\program files\alwil software\avast4\aswres.dll
+ 00000450(1104) alg.exe
60000000[00074000]
[AM] 121. c:\windows\system32\kmon.dll
+ 000004d8(1240) services.exe
+ 000004e4(1252) lsass.exe
+ 0000056c(1388) spoolsv.exe
00AE0000[00008000]
[AM] 122. c:\windows\system32\mdimon.dll
00AF0000[00021000]
[AM] 123. c:\windows\system32\hpz3l4x6.dll
00E30000[00048000]
[ M] 181. c:\windows\system32\spool\prtprocs\w32x86\hpzpp4x6.dll
00E90000[00008000]
[ M] 182. c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 0000059c(1436) IEXPLORE.EXE
60000000[00074000]
[AM] 121. c:\windows\system32\kmon.dll
65780000[00023000]
[ M] 136. c:\program files\alwil software\avast4\ahjsctns.dll
10000000[00031000]
[AM] 98. d:\迅雷\comdlls\xunleibho_now.dll
24240000[0000E000]
[ M] 151. d:\迅雷\components\resworker\dsbho_01.dll
241F0000[0001E000]
[ M] 152. d:\迅雷\components\resworker\dataprocessor_01.dll
02580000[00002000]
[ M] 183. c:\program files\common files\microsoft shared\ink\penchs.dll
325C0000[00012000]
[AM] 108. c:\program files\microsoft office\office11\msohev.dll
65700000[00018000]
[ M] 154. c:\program files\alwil software\avast4\ahascr.dll
65000000[00038000]
[ M] 155. c:\program files\alwil software\avast4\aavm4h.dll
65100000[00009000]
[ M] 156. c:\program files\alwil software\avast4\aavmrpch.dll
7C340000[00056000]
[ M] 157. c:\windows\system32\msvcr71.dll
64500000[00038000]
[ M] 158. c:\program files\alwil software\avast4\ashbase.dll
7C3A0000[0007B000]
[ M] 159. c:\windows\system32\msvcp71.dll
64000000[00016000]
[ M] 160. c:\program files\alwil software\avast4\aswcmnos.dll
64080000[00020000]
[ M] 161. c:\program files\alwil software\avast4\aswcmnb.dll
64100000[0002F000]
[ M] 162. c:\program files\alwil software\avast4\aswcmns.dll
64800000[0001D000]
[ M] 163. c:\program files\alwil software\avast4\ashtask.dll
64580000[000A2000]
[ M] 164. c:\program files\alwil software\avast4\aswaux.dll
72C80000[00008000]
[ M] 142. c:\windows\system32\msacm32.drv
30000000[003AF000]
[ M] 184. c:\windows\system32\macromed\flash\flash9f.ocx
0AF80000[001E8000]
[ M] 185. c:\windows\system32\sogoupy.ime
+ 000005bc(1468) Ati2evxx.exe
00400000[00062000]
[AM] 3. c:\windows\system32\ati2evxx.exe
60000000[00074000]
[AM] 121. c:\windows\system32\kmon.dll
+ 000005ec(1516) svchost.exe
+ 0000065c(1628) svchost.exe
+ 000006d4(1748) svchost.exe
50E60000[0000C000]
[ M] 186. c:\windows\system32\wups2.dll
+ 00000730(1840) svchost.exe
20D40000[00010000]
[AM] 15. c:\windows\system32\wudfsvc.dll
007B0000[0002B000]
[ M] 187. c:\windows\system32\wudfplatform.dll
+ 0000079c(1948) S24EvMon.exe
00400000[0007F000]
[AM] 13. c:\windows\system32\s24evmon.exe
60000000[00074000]
[AM] 121. c:\windows\system32\kmon.dll
+ 000007b8(1976) svchost.exe
007B0000[0000E000]
[AM] 9. c:\windows\system32\hpzinw12.dll
+ 000007f8(2040) svchost.exe
+ 00000958(2392) knownsvr.exe
00400000[00072000]
[ M] 188. c:\program files\rising\antispyware\knownsvr.exe
10000000[00034000]
[ M] 189. c:\program files\rising\antispyware\ncomm.dll
60000000[00074000]
[AM] 121. c:\windows\system32\kmon.dll
00A90000[0002E000]
[ M] 190. c:\program files\rising\antispyware\comx3.dll
00AC0000[00019000]
[ M] 191. c:\program files\rising\antispyware\syslay.dll
65780000[00023000]
[ M] 136. c:\program files\alwil software\avast4\ahjsctns.dll
+ 00000a04(2564) ashSimpl.exe
00400000[00025000]
[ M] 192. c:\program files\alwil software\avast4\ashsimpl.exe
64500000[00038000]
[ M] 158. c:\program files\alwil software\avast4\ashbase.dll
7C3A0000[0007B000]
[ M] 159. c:\windows\system32\msvcp71.dll
7C340000[00056000]
[ M] 157. c:\windows\system32\msvcr71.dll
64000000[00016000]
[ M] 160. c:\program files\alwil software\avast4\aswcmnos.dll
64080000[00020000]
[ M] 161. c:\program files\alwil software\avast4\aswcmnb.dll
64100000[0002F000]
[ M] 162. c:\program files\alwil software\avast4\aswcmns.dll
64B00000[00051000]
[ M] 193. c:\program files\alwil software\avast4\ashuint.dll
64C80000[000E0000]
[ M] 194. c:\program files\alwil software\avast4\xt1922.dll
7C140000[00103000]
[ M] 195. c:\windows\system32\mfc71.dll
64280000[00136000]
[ M] 166. c:\program files\alwil software\avast4\aswengin.dll
64200000[00015000]
[ M] 167. c:\program files\alwil software\avast4\aswscan.dll
64A00000[00007000]
[ M] 169. c:\program files\alwil software\avast4\aswidle.dll
64800000[0001D000]
[ M] 163. c:\program files\alwil software\avast4\ashtask.dll
64580000[000A2000]
[ M] 164. c:\program files\alwil software\avast4\aswaux.dll
60000000[00074000]
[AM] 121. c:\windows\system32\kmon.dll
65780000[00023000]
[ M] 136. c:\program files\alwil software\avast4\ahjsctns.dll
66080000[0000B000]
[ M] 170. c:\program files\alwil software\avast4\chineses\base.dll
66100000[00250000]
[ M] 196. c:\program files\alwil software\avast4\chineses\lang.dll
10000000[0005D000]
[ M] 197. c:\windows\system32\actskin4.ocx
64880000[00039000]
[ M] 179. c:\program files\alwil software\avast4\ashssqlt.dll
65000000[00038000]
[ M] 155. c:\program files\alwil software\avast4\aavm4h.dll
65100000[00009000]
[ M] 156. c:\program files\alwil software\avast4\aavmrpch.dll
65400000[00011000]
[ M] 198. c:\program files\alwil software\avast4\ahruimai.dll
65900000[0000A000]
[ M] 199. c:\program files\alwil software\avast4\ahruimes.dll
659C0000[0000A000]
[ M] 200. c:\program files\alwil software\avast4\ahruins.dll
65300000[00017000]
[ M] 201. c:\program files\alwil software\avast4\ahruiout.dll
62060000[0001F000]
[ M] 202. c:\windows\system32\mapi32.dll
65940000[0000A000]
[ M] 203. c:\program files\alwil software\avast4\ahruip2p.dll
65200000[00011000]
[ M] 204. c:\program files\alwil software\avast4\ahruistd.dll
65A40000[00012000]
[ M] 205. c:\program files\alwil software\avast4\ahruiws.dll
65500000[00009000]
[ M] 206. c:\program files\alwil software\avast4\ahruijs.dll
65700000[00018000]
[ M] 154. c:\program files\alwil software\avast4\ahascr.dll
02620000[00002000]
[ M] 183. c:\program files\common files\microsoft shared\ink\penchs.dll
72C80000[00008000]
[ M] 142. c:\windows\system32\msacm32.drv
020D0000[00099000]
[AM] 115. d:\pcn81\nokia pc suite 7\phonebrowser.dll
02220000[000CA000]
[ M] 143. d:\pcn81\nokia pc suite 7\ngscm.dll
021B0000[00006000]
[ M] 144. d:\pcn81\nokia pc suite 7\lang\phonebrowser_chi-sc.nlr
022F0000[0008E000]
[ M] 145. d:\pcn81\nokia pc suite 7\resource\phonebrowser_nokia.ngr
66000000[00024000]
[ M] 180. c:\program files\alwil software\avast4\aswres.dll
+ 00000a74(2676) conime.exe
60000000[00074000]
[AM] 121. c:\windows\system32\kmon.dll
65780000[00023000]
[ M] 136. c:\program files\alwil software\avast4\ahjsctns.dll
+ 00000b50(2896) ashMaiSv.exe
00400000[0003E000]
[AM] 5. c:\program files\alwil software\avast4\ashmaisv.exe
64500000[00038000]
[ M] 158. c:\program files\alwil software\avast4\ashbase.dll
7C3A0000[0007B000]
[ M] 159. c:\windows\system32\msvcp71.dll
7C340000[00056000]
[ M] 157. c:\windows\system32\msvcr71.dll
64000000[00016000]
[ M] 160. c:\program files\alwil software\avast4\aswcmnos.dll
64080000[00020000]
[ M] 161. c:\program files\alwil software\avast4\aswcmnb.dll
64100000[0002F000]
[ M] 162. c:\program files\alwil software\avast4\aswcmns.dll
64800000[0001D000]
[ M] 163. c:\program files\alwil software\avast4\ashtask.dll
64580000[000A2000]
[ M] 164. c:\program files\alwil software\avast4\aswaux.dll
65000000[00038000]
[ M] 155. c:\program files\alwil software\avast4\aavm4h.dll
65100000[00009000]
[ M] 156. c:\program files\alwil software\avast4\aavmrpch.dll
65380000[0000C000]
[ M] 171. c:\program files\alwil software\avast4\ahresmai.dll
60000000[00074000]
[AM] 121. c:\windows\system32\kmon.dll
66080000[0000B000]
[ M] 170. c:\program files\alwil software\avast4\chineses\base.dll
64280000[00136000]
[ M] 166. c:\program files\alwil software\avast4\aswengin.dll
64200000[00015000]
[ M] 167. c:\program files\alwil software\avast4\aswscan.dll
66100000[00250000]
[ M] 196. c:\program files\alwil software\avast4\chineses\lang.dll
7C140000[00103000]
[ M] 195. c:\windows\system32\mfc71.dll
66500000[0000B000]
[ M] 207. c:\program files\alwil software\avast4\chineses\langmai.dll
65780000[00023000]
[ M] 136. c:\program files\alwil software\avast4\ahjsctns.dll
+ 00000c00(3072) Ras.exe
00400000[0000B000]
[ M] 208. c:\program files\rising\antispyware\ras.exe
7C140000[00103000]
[ M] 209. c:\program files\rising\antispyware\mfc71.dll
7C340000[00056000]
[ M] 210. c:\program files\rising\antispyware\msvcr71.dll
60000000[00074000]
[AM] 121. c:\windows\system32\kmon.dll
65780000[00023000]
[ M] 136. c:\program files\alwil software\avast4\ahjsctns.dll
10000000[00047000]
[ M] 211. c:\program files\rising\antispyware\kakamgr.dll
7C3A0000[0007B000]
[ M] 212. c:\program files\rising\antispyware\msvcp71.dll
00B80000[00019000]
[ M] 191. c:\program files\rising\antispyware\syslay.dll
00BB0000[0001F000]
[ M] 213. c:\program files\rising\antispyware\proccom.dll
00BD0000[00024000]
[ M] 214. c:\program files\rising\antispyware\rscommx2.dll
00D20000[0002E000]
[ M] 190. c:\program files\rising\antispyware\comx3.dll
00F90000[00058000]
[ M] 215. c:\program files\rising\antispyware\dbmgr.dll
23800000[00022000]
[ M] 216. c:\program files\rising\antispyware\rsxml.dll
010F0000[0002D000]
[ M] 217. c:\program files\rising\antispyware\pweb.dll
01120000[000C1000]
[ M] 218. c:\program files\rising\antispyware\pscan.dll
011F0000[00034000]
[ M] 189. c:\program files\rising\antispyware\ncomm.dll
01250000[00070000]
[ M] 219. c:\program files\rising\antispyware\pset.dll
012E0000[0002A000]
[ M] 220. c:\program files\rising\antispyware\pdefend.dll
013A0000[000B6000]
[ M] 221. c:\program files\rising\antispyware\ptools.dll
01560000[0008D000]
[ M] 222. c:\program files\rising\antispyware\psysinfo.dll
23900000[00040000]
[ M] 223. c:\program files\rising\antispyware\pngdll.dll
03410000[00002000]
[ M] 183. c:\program files\common files\microsoft shared\ink\penchs.dll
65700000[00018000]
[ M] 154. c:\program files\alwil software\avast4\ahascr.dll
65000000[00038000]
[ M] 155. c:\program files\alwil software\avast4\aavm4h.dll
65100000[00009000]
[ M] 156. c:\program files\alwil software\avast4\aavmrpch.dll
64500000[00038000]
[ M] 158. c:\program files\alwil software\avast4\ashbase.dll
64000000[00016000]
[ M] 160. c:\program files\alwil software\avast4\aswcmnos.dll
64080000[00020000]
[ M] 161. c:\program files\alwil software\avast4\aswcmnb.dll
64100000[0002F000]
[ M] 162. c:\program files\alwil software\avast4\aswcmns.dll
64800000[0001D000]
[ M] 163. c:\program files\alwil software\avast4\ashtask.dll
64580000[000A2000]
[ M] 164. c:\program files\alwil software\avast4\aswaux.dll
30000000[003AF000]
[ M] 184. c:\windows\system32\macromed\flash\flash9f.ocx
72C80000[00008000]
[ M] 142. c:\windows\system32\msacm32.drv
05450000[00085000]
[ M] 224. c:\program files\rising\antispyware\kengine.dll
054E0000[00045000]
[ M] 225. c:\program files\rising\antispyware\posttrt.dll
05730000[00010000]
[ M] 226. c:\program files\rising\antispyware\kscanex.dll
05750000[0002F000]
[ M] 227. c:\program files\rising\antispyware\engine.dll
05790000[00033000]
[ M] 228. c:\program files\rising\antispyware\rsdialog.dll
03580000[00024000]
[ M] 229. c:\program files\rising\antispyware\secscan.dll
035B0000[00018000]
[ M] 230. c:\program files\rising\antispyware\secex.dll
+ 00000d2c(3372) ashWebSv.exe
00400000[00055000]
[AM] 6. c:\program files\alwil software\avast4\ashwebsv.exe
64500000[00038000]
[ M] 158. c:\program files\alwil software\avast4\ashbase.dll
7C3A0000[0007B000]
[ M] 159. c:\windows\system32\msvcp71.dll
7C340000[00056000]
[ M] 157. c:\windows\system32\msvcr71.dll
64000000[00016000]
[ M] 160. c:\program files\alwil software\avast4\aswcmnos.dll
64080000[00020000]
[ M] 161. c:\program files\alwil software\avast4\aswcmnb.dll
64100000[0002F000]
[ M] 162. c:\program files\alwil software\avast4\aswcmns.dll
65000000[00038000]
[ M] 155. c:\program files\alwil software\avast4\aavm4h.dll
65100000[00009000]
[ M] 156. c:\program files\alwil software\avast4\aavmrpch.dll
64800000[0001D000]
[ M] 163. c:\program files\alwil software\avast4\ashtask.dll
64580000[000A2000]
[ M] 164. c:\program files\alwil software\avast4\aswaux.dll
60000000[00074000]
[AM] 121. c:\windows\system32\kmon.dll
66080000[0000B000]
[ M] 170. c:\program files\alwil software\avast4\chineses\base.dll
64280000[00136000]
[ M] 166. c:\program files\alwil software\avast4\aswengin.dll
64200000[00015000]
[ M] 167. c:\program files\alwil software\avast4\aswscan.dll
68300000[00013000]
[ M] 231. c:\program files\alwil software\avast4\ashwsftr.dll

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

ajx20001 - 2009-2-2 14:31:00

65A00000[0000F000]
[ M] 177. c:\program files\alwil software\avast4\ahresws.dll
+ 00000f4c(3916) ctfmon.exe
60000000[00074000]
[AM] 121. c:\windows\system32\kmon.dll
65780000[00023000]
[ M] 136. c:\program files\alwil software\avast4\ahjsctns.dll
+ 00000f9c(3996) wuauclt.exe
60000000[00074000]
[AM] 121. c:\windows\system32\kmon.dll
65780000[00023000]
[ M] 136. c:\program files\alwil software\avast4\ahjsctns.dll
50E60000[0000C000]
[ M] 186. c:\windows\system32\wups2.dll

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

银色灰烬 - 2009-2-2 14:43:00

楼主大哥，您能不能将日志发个TXT上来啊~~这让人怎么看啊

使用System Repair Engineer扫描日志，将日志作为附件上传到反病毒/反流氓软件论坛上来。
下载页面：http://www.kztechs.com/sreng/download.html
操作方法：
1、下载后解压缩，运行SREngPS.EXE；
2、如果无法打开尝试把SREngPS.EXE改名为123.com，并复制到c:\windows目录下运行；
3、依次点击【智能扫描】-【扫描】，耐心等待，扫描结束后点击【保存报告】；
4、选择保存路径，文件名保持默认，直接点击【保存】；
5、打开保存的日志文件SREngLOG.log，完整复制全部内容，新建一个文本文档，将日志中的全部内容粘贴到“新建文本文档.txt”中；
6、将“新建文本文档.txt”作为附件上传，同时务必详细描述问题现象，如果有查杀不净的病毒务必提供病毒名和路径。
注意：扫描前请尽量关闭QQ、游戏、下载工具、媒体播放器等应用程序。

ajx20001 - 2009-2-2 15:36:00

网页被劫持
主页被劫持为http://www.google.com.sohu.com.baidu.com.bibipv.cn/ren0w1la0lly0so1baidubaidubaidubaidubaidubaidubaidubaidubaidu.htm
运用了卡巴斯基，卡卡，瑞星，兔子，兵刃，网页保护神，注册表修改等数十种方法统统的不好使。主页可以修改，但是改过关闭后，再启动还是上述地址。

附件: rslog.txt (2009-2-2 15:36:01, 50.01 K)
该附件被下载次数 395

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

backway - 2009-2-2 16:02:00

下载sreng：http://download.kztechs.com/files/sreng2.zip
解压sreng2.zip-->打开SREngLdr.EXE-->勾选智能扫描、检查进程的数字签名-->扫描-->保存报告-->以附件形式上传

扫描前请尽量关闭QQ、游戏、下载工具、媒体播放器等应用程序

文物2 - 2009-2-2 17:04:00

您可以下载SREng

打开后点智能扫描．勾选检查进程模块的数字签名，点扫描．把日志以log日志导出并作为附件贴到论坛里．

第二楼见SREng操作方法

如果SREng因病毒的干扰不能运行或扫描日志，您可以将SREng.exe改名为我爱小狮子.bat,我爱小狮子.com,我爱小狮子.scr.

瑞星卡卡安全论坛