瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 我的浏览器是不是被劫持了
就是一名字 - 2011-6-2 10:24:00
代码
2011-06-02,06:43:23
System Repair Engineer 2.8.4.1331
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
Windows 安全更新检查
API HOOK
隐藏进程
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
[(Verified)360.cn]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
[(Verified)Microsoft Windows Component Publisher]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
[N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
[(Verified)Microsoft Windows Component Publisher]
[(Verified)Microsoft Windows Component Publisher]
[(Verified)Microsoft Windows Component Publisher]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
[(Verified)Microsoft Windows Component Publisher]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[(Verified)Microsoft Windows Component Publisher]
==================================
启动文件夹
N/A
==================================
服务
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]

[Human Interface Device Access / HidServ][Stopped/Disabled]
%SystemRoot%\System32\hidserv.dll>
[主动防御 / ZhuDongFangYu][Running/Auto Start]

==================================
驱动程序
[360netmon / 360netmon][Running/System Start]

[360SelfProtection / 360SelfProtection][Running/System Start]

[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]

[BAPIDRV / BAPIDRV][Running/System Start]

[Bluetooth Port Driver / BTHPORT][Stopped/Manual Start]

[EfiSystemMon / EfiMon][Running/System Start]

[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]

[HookPort / HookPort][Running/Boot Start]

[ialm / ialm][Stopped/Manual Start]

[Intel AHCI Controller / iaStor7][Running/Boot Start]

[nv / nv][Running/Manual Start]

[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]

[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]

[Direct Parallel Link Driver / Ptilink][Running/Manual Start]

[Quantum DeepScanner Servers / quxxxserv][Running/System Start]

[qutmipc / qutmipc][Running/System Start]

[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]

[Secdrv / Secdrv][Stopped/Manual Start]

[SATALink driver accelerator / SiFilter][Stopped/Disabled]

[TcHardWare / TcHardWare][Stopped/Manual Start]

[TCP/IP Protocol Driver / Tcpip][Running/System Start]

[viamraid / viamraid][Stopped/Boot Start]

==================================
浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233}
[]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555}
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE}
[PowerPlayer Control]
{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851}
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6}
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2}
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3}
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2}
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283}
[]
{95B3F550-91C4-4627-BCC4-521288C52977}
[OFrameObject Class]
{9701758C-4373-482E-B13C-776C048EC890}
[DapCtrl Class]
{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8}
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89}
[]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D}
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
[PPLive Lite Class]
{EF0D1A14-1033-41A2-A589-240C01EDC078}
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F}
[使用迅雷下载]

[使用迅雷下载全部链接]

==================================
正在运行的进程
[PID: 476 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 536 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 560 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 604 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 616 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 788 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 852 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 976 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1112 / SYSTEM][C:\Program Files\360\360safe\deepscan\zhudongfangyu.exe] [360.cn, 3, 2, 2, 1010]
[C:\Program Files\360\360safe\SoftMgr\360SoftMgrS.dll] [360.cn, 2, 1, 6, 1073]
[C:\Program Files\360\360safe\deepscan\CloudCom2.dll] [360.cn, 3, 2, 7, 3050]
[C:\Program Files\360\360safe\deepscan\heavygate.dll] [360.cn, 3, 7, 4, 0]
[C:\Program Files\360\360safe\deepscan\qutmload.dll] [360.cn, 6, 8, 0, 1005]
[PID: 1132 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\360\360safe\safemon\safemon.dll] [360.cn, 6, 8, 2, 1010]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\360\360safe\Utils\shell360ext.dll] [360.cn, 7, 5, 0, 1005]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\360\360safe\360Common.dll] [360.cn, 7, 3, 0, 1021]
[PID: 1208 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1580 / Administrator][C:\Program Files\360\360safe\safemon\360Tray.exe] [360.cn, 7, 7, 0, 1009]
[C:\Program Files\360\360safe\safemon\360compro.dll] [360.cn, 6, 9, 0, 1007]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\360\360safe\ipc\ipcservice.dll] [360.CN, 7, 0, 0, 1005]
[C:\Program Files\360\360safe\ipc\fileMgr.dll] [360.cn, 6, 9, 1, 1003]
[C:\Program Files\360\360safe\ipc\yhregd.dll] [360.cn, 6, 9, 1, 1007]
[C:\Program Files\360\360safe\ipc\appd.dll] [360.cn, 6, 9, 1, 1001]
[C:\Program Files\360\360safe\safemon\360webpro.dll] [360.CN, 1, 3, 4, 1001]
[C:\Program Files\360\360safe\safemon\360traylive.dll] [360安全中心, 7, 1, 0, 1005]
[C:\Program Files\360\360safe\deepscan\heavygate.dll] [360.cn, 3, 7, 4, 0]
[C:\Program Files\360\360safe\safemon\360procmon.dll] [360.CN, 6, 9, 0, 1011]
[C:\Program Files\360\360safe\safemon\SelfProtectAPI2.dll] [360.CN, 6, 9, 0, 1005]
[C:\Program Files\360\360safe\safemon\360SafeCamera.tpi] [360.cn, 1, 0, 0, 1010]
[C:\Program Files\360\360safe\safemon\360safemonpro.tpi] [360.cn, 1, 4, 1, 1001]
[C:\Program Files\360\360safe\safemon\DsTpi.tpi] [360.cn, 1, 0, 0, 2001]
[C:\Program Files\360\360safe\safemon\netm.tpi] [360.cn, 3, 3, 9, 1001]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\360\360safe\safemon\netmon.tpi] [360.cn, 2, 1, 7, 1001]
[C:\Program Files\360\360safe\safemon\obTracer.tpi] [360.cn, 6, 8, 0, 1001]
[C:\Program Files\360\360safe\deepscan\qutmload.dll] [360.cn, 6, 8, 0, 1005]
[C:\Program Files\360\360safe\ipc\qutmipc.dll] [360.cn, 6, 9, 0, 1001]
[C:\Program Files\360\360safe\deepscan\BAPI.dll] [360.cn, 2.0.0.1019]
[C:\Program Files\360\360safe\SafeLive.dll] [360.cn, 2, 0, 1, 1002]
[C:\Program Files\360\360safe\pdown.dll] [360.cn, 1, 2, 0, 1062]
[C:\Program Files\360\360safe\360Common.dll] [360.cn, 7, 3, 0, 1021]
[C:\Program Files\360\360safe\safemon\safemon.dll] [360.cn, 6, 8, 2, 1010]
[C:\Program Files\360\360safe\safemon\urlproc.dll] [360.cn, 1, 2, 8, 1020]
[C:\Program Files\360\360safe\safemon\urlprocnet.dll] [360.cn, 1, 2, 4, 1010]
[C:\Program Files\360\360safe\netmon\360netctrl.dll] [360.cn, 2, 2, 9, 1001]
[C:\Program Files\360\360safe\deepscan\360UC.dll] [360.cn, 1, 0, 0, 1002]
[C:\Program Files\360\360safe\deepscan\deepscan.dll] [360.cn, 3, 2, 7, 3060]
[C:\Program Files\360\360safe\deepscan\Cloudcom2.dll] [360.cn, 3, 2, 7, 3050]
[C:\Program Files\360\360safe\ipc\PatchCheck.dll] [360.cn, 1, 1, 0, 1012]
[C:\Program Files\360\360safe\efiproc.dll] [奇虎360安全卫士, 1, 0, 0, 1005]
[C:\Program Files\360\360safe\deepscan\dsplus.dll] [360.cn, 1, 0, 0, 1007]
[C:\Program Files\360\360safe\LiveUpd360.dll] [360.cn, 1, 2, 0, 1062]
[C:\Program Files\360\360safe\360net.dll] [360.cn, 1, 1, 18, 1030]
[C:\Program Files\360\360safe\360P2SP.dll] [360.cn, 1, 3, 0, 1024]
[C:\Program Files\360\360safe\combineext.dll] [360.cn, 1, 0, 0, 1001]
[C:\Program Files\360\360safe\360ver.dll] [奇虎网, 7, 7, 0, 2001]
[C:\Program Files\360\360safe\safemon\Adfilter.dll] [360.cn, 1, 0, 0, 1130]
[PID: 1588 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1756 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1056 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\360\360safe\safemon\safemon.dll] [360.cn, 6, 8, 2, 1010]
[C:\Program Files\360\360safe\safemon\Adfilter.dll] [360.cn, 1, 0, 0, 1130]
[C:\Program Files\360\360safe\safemon\iNetSafe.dll] [360.cn, 1, 0, 2, 1040]
[C:\Program Files\360\360safe\safemon\urlproc.dll] [360.cn, 1, 2, 8, 1020]
[C:\Program Files\360\360safe\safemon\urlprocnet.dll] [360.cn, 1, 2, 4, 1010]
[C:\Program Files\360\360safe\deepscan\heavygate.dll] [360.cn, 3, 7, 4, 0]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\360\360safe\safemon\sepro.dll] [360.cn, 1, 2, 0, 1004]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\Macromed\Flash\Flash10q.ocx] [Adobe Systems, Inc., 10,3,181,14]
[PID: 580 / Administrator][F:\下载\sreng2(1)\SREngLdr.EXE] [Smallfrogs Studio, 2.8.4.1331]
[PID: 2260 / Administrator][F:\下载\sreng2(1)\SRE84a4345b.EXE] [Smallfrogs Studio, 2.8.4.1331]
[C:\Program Files\360\360safe\safemon\safemon.dll] [360.cn, 6, 8, 2, 1010]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 560, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
==================================
计划任务
N/A
==================================
Windows 安全更新检查
N/A
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
networkedition - 2011-6-2 10:28:00
浏览器被劫持了什么?详细描述你的问题。
1
查看完整版本: 我的浏览器是不是被劫持了