瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 默认主页被3448.com劫持,发个日志,大家帮忙看看,谢谢。

1   1  /  1  页   跳转

默认主页被3448.com劫持,发个日志,大家帮忙看看,谢谢。

收藏
花生糖果
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2005-04-09
  • 来自:
发表于: 2006-11-16 15:10 | 只看楼主 短消息 资料
字号: 1楼

默认主页被3448.com劫持,发个日志,大家帮忙看看,谢谢。

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <ibmmessages><C:\Program Files\IBM\Messages By IBM\ibmmessages.exe>  [IBM]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [Microsoft Corporation]
    <jiajiasr><C:\Program Files\jj4\jiajiasr.exe>  [加加工作组]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <Smapp><C:\Program Files\Analog Devices\SoundMAX\SMTray.exe>  [Analog Devices, Inc.]
    <ibmmessages><C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe>  [IBM]
    <IBMPRC><C:\IBMTOOLS\UTILS\ibmprc.exe>  [IBM Corp.]
    <IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>  [(Verified)Microsoft Corporation]
    <MSPY2002><C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)N/A]
    <RavTray><"C:\Program Files\Rising\Rav\RavTray.exe">  [Rising]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Intel Corporation]
    <Persistence><C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Intel Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\System32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Intel Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\System32\REBUSI~1.SCR>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <BluetoothAuthenticationAgent><; rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent>  [(Verified)Microsoft Corporation]
    <DAEMON Tools><; "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DT Soft Ltd.]
    <HF_GameClient><; C:\Program Files\浩方对战平台\gameclient.exe>  [上海浩方在线信息技术有限公司]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <WinampAgent><; C:\Program Files\Winamp\winampa.exe>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[ASP.NET State Service / aspnet_state]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[IBM Rapid Restore Ultra Service / IBM Rapid Restore Ultra Service]
  <C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe><>
[InstallDriver Table Manager / IDriverT]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[IBM PSA Access Driver Control / PsaSrv]
  <C:\WINDOWS\system32\PsaSrv.exe><N/A>
[RavService / RavService]
  <"C:\Program Files\Rising\Rav\RavService.exe" /service><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>

==================================
驱动程序
[abp480n5 / abp480n5]
  <\SystemRoot\System32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[adpu160m / adpu160m]
  <\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[aeaudio / aeaudio]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[Aha154x / Aha154x]
  <\SystemRoot\System32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2]
  <\SystemRoot\System32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx]
  <\SystemRoot\System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp]
  <\SystemRoot\System32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[asc / asc]
  <\SystemRoot\System32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p]
  <\SystemRoot\System32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[asc3550 / asc3550]
  <\SystemRoot\System32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k]
  <System32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[BaseTDI / BaseTDI]
  <\??\C:\WINDOWS\System32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[cd20xrnt / cd20xrnt]
  <\SystemRoot\System32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[CmdIde / CmdIde]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k]
  <\SystemRoot\System32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o]
  <\SystemRoot\System32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[Intel(R) PRO Adapter Driver / E100B]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[IBM Access Support / EGATHDRV]
  <\??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS><IBM Corporation>
[ExpScaner / ExpScaner]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[ialm / ialm]
  <system32\DRIVERS\igxpmp32.sys><Intel Corporation>
[ibmfilter / ibmfilter]
  <\??\C:\WINDOWS\System32\drivers\ibmfilter.sys><IBM>
[imagedrv / imagedrv]
  <\SystemRoot\System32\Drivers\imagedrv.sys><Ahead Software AG>
[imagesrv / imagesrv]
  <\SystemRoot\system32\DRIVERS\imagesrv.sys><Ahead Software AG>
[ini910u / ini910u]
  <\SystemRoot\System32\DRIVERS\ini910u.sys><Microsoft Corporation>
[MEMSCAN / MEMSCAN]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mraid35x / mraid35x]
  <\SystemRoot\System32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[npkcrypt / npkcrypt]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PMEM / PMEM]
  <\??\C:\WINDOWS\system32\drivers\PMEMNT.SYS><Microsoft Corporation>
[TPM Service / portio]
  <System32\DRIVERS\NscTpmDD.sys><National Semiconductor Corp.>
[IBM PSA Access Driver / psadd]
  <\??\C:\WINDOWS\system32\Drivers\psadd.sys><Windows (R) 2000 DDK provider>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
  <\SystemRoot\System32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[ql1080 / ql1080]
  <\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt]
  <\SystemRoot\System32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160]
  <\SystemRoot\System32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280]
  <\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
[Rising Kaka anti-spyware / RsAntiSpyware]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[SCatch / SCatch]
  <system32\DRIVERS\SCatch.sys><Windows (R) 2000 DDK provider>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Sense3 / Sense3]
  <System32\Drivers\sense3.sys><Beijing Senselock>
[Sentinel / Sentinel]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><N/A>
[SIS AGP Bus Filter / sisagp]
  <\SystemRoot\System32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[smwdm / smwdm]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Sparrow / Sparrow]
  <\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[sptd / sptd]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[Superk53 / Superk53]
  <\SystemRoot\System32\drivers\superk53.sys><Microsoft Corporation>
[symc810 / symc810]
  <\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx]
  <\SystemRoot\System32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi]
  <\SystemRoot\System32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3]
  <\SystemRoot\System32\DRIVERS\sym_u3.sys><LSI Logic>
[TosIde / TosIde]
  <\SystemRoot\System32\DRIVERS\toside.sys><Microsoft Corporation>
[ultra / ultra]
  <\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde]
  <\SystemRoot\System32\DRIVERS\viaide.sys><Microsoft Corporation>
最后编辑2006-11-17 00:59:06
分享到:
gototop
 
花生糖果
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2005-04-09
  • 来自:
发表于: 2006-11-16 15:14 | 只看楼主 短消息 资料
字号: 2楼

浏览器加载项
[IeCatch5 Class]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\PROGRA~1\FlashGet\jccatch.dll, FlashGet>
[gFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <C:\PROGRA~1\FlashGet\getflash.dll, N/A>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <C:\Program Files\浩方对战平台\gameclient.exe, 上海浩方在线信息技术有限公司>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\flashget.exe, FlashGet.com>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Java Plug-in 1.4.1]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll, IBM.>
[Java Plug-in 1.4.1]
  {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} <C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll, IBM.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\System32\mshtml.dll, N/A>
[IeCatch5 Class]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\PROGRA~1\FlashGet\jccatch.dll, FlashGet>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\System32\shdocvw.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation>
[卡卡上网安全助手]
  {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[gFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <C:\PROGRA~1\FlashGet\getflash.dll, N/A>
[上传到QQ网络硬盘]
  <, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 688][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 736][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 804][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 816][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\pwdmon.dll]  [N/A, N/A]
[PID: 984][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1052][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1152][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1244][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1316][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1336][C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1364][C:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 33]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 18, 1, 0, 11]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\HookWeb.dll]  [rising, 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\Program Files\Rising\Rav\MailMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 35]
    [C:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
    [C:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [C:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
    [C:\Program Files\Rising\Rav\RSUnpack.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 20]
    [C:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 24]
    [C:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [C:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1564][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1664][C:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
gototop
 
花生糖果
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2005-04-09
  • 来自:
发表于: 2006-11-16 15:14 | 只看楼主 短消息 资料
字号: 3楼

[PID: 1892][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\fpv5b.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\drivers\nmprt.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.4704]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4704]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4704]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4704]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4704]
    [C:\PROGRA~1\FlashGet\jccatch.dll]  [FlashGet, 1, 1, 5, 0]
    [C:\WINDOWS\System32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
[PID: 1980][C:\Program Files\Analog Devices\SoundMAX\SMTray.exe]  [Analog Devices, Inc., 3, 2, 18, 0]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\drivers\nmprt.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\fpv5b.dll]  [N/A, N/A]
[PID: 1988][C:\Program Files\IBM\Messages By IBM\ibmmessages.exe]  [IBM, 2.012]
    [C:\WINDOWS\system32\AIBMRUNL.dll]  [N/A, N/A]
    [C:\Program Files\IBM\Messages By IBM\AcpPollingEngine.dll]  [, 1, 0, 0, 4]
    [C:\WINDOWS\System32\IbmEgath.dll]  [IBM Corporation, 3, 0, 0, 11]
    [C:\WINDOWS\system32\drivers\nmprt.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\fpv5b.dll]  [N/A, N/A]
[PID: 1996][C:\IBMTOOLS\UTILS\ibmprc.exe]  [IBM Corp., 1, 0, 0, 3]
    [C:\WINDOWS\system32\drivers\nmprt.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\fpv5b.dll]  [N/A, N/A]
[PID: 2024][C:\Program Files\Rising\Rav\RavTray.exe]  [Rising, 18, 0, 0, 35]
    [C:\Program Files\Rising\Rav\RavUILib.dll]  [, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RavTray936.dll]  [Rising, 18, 0, 0, 35]
    [C:\Program Files\Rising\Rav\RsCommx.dll]  [rising, 18, 0, 0, 1]
    [C:\WINDOWS\system32\drivers\nmprt.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\fpv5b.dll]  [N/A, N/A]
[PID: 2044][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\WINDOWS\system32\drivers\nmprt.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\fpv5b.dll]  [N/A, N/A]
[PID: 264][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 30]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 24]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\system32\fpv5b.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\drivers\nmprt.sys]  [N/A, N/A]
[PID: 284][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4704]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4704]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4704]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4704]
    [C:\WINDOWS\system32\drivers\nmprt.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\fpv5b.dll]  [N/A, N/A]
[PID: 308][C:\WINDOWS\system32\igfxpers.exe]  [Intel Corporation, 3.0.0.4704]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4704]
    [C:\WINDOWS\system32\fpv5b.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\drivers\nmprt.sys]  [N/A, N/A]
[PID: 424][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\fpv5b.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\drivers\nmprt.sys]  [N/A, N/A]
[PID: 468][C:\Program Files\MSN Messenger\MsnMsgr.Exe]  [Microsoft Corporation, 7.5.0324]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\fpv5b.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\drivers\nmprt.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
[PID: 524][C:\Program Files\jj4\jiajiasr.exe]  [加加工作组, 4, 0, 1, 33]
    [C:\WINDOWS\system32\fpv5b.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\drivers\nmprt.sys]  [N/A, N/A]
[PID: 576][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.3000]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\fpv5b.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\drivers\nmprt.sys]  [N/A, N/A]
[PID: 592][C:\WINDOWS\system32\4eku0ag.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\drivers\nmprt.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\fpv5b.dll]  [N/A, N/A]
[PID: 1208][C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe]  [, 4,0,0,4026]
[PID: 1236][C:\Program Files\Rising\Rav\RavService.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 43]
    [C:\Program Files\Rising\Rav\DLCenter.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 27]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 1760][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]  [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 2208][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 2668][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\drivers\nmprt.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\fpv5b.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\kakatool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 0]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\PROGRA~1\FlashGet\jccatch.dll]  [FlashGet, 1, 1, 5, 0]
    [C:\PROGRA~1\FlashGet\getflash.dll]  [N/A, 1, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
[PID: 1372][C:\Documents and Settings\王于\桌面\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINDOWS\system32\drivers\nmprt.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\fpv5b.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
218.201.94.20 localhost
218.201.94.20 www.5566.net
218.201.94.20 www.gjj.cc
218.201.94.20 www.hao123.com
218.201.94.20 www.hao222.com
218.201.94.20 www.9991.com
218.201.94.20 www.2345.com
218.201.94.20 www.7939.com
218.201.94.20 forum.ikaka.com
218.201.94.20 bbs.360safe.com
218.201.94.20 www.360safe.com
218.201.94.20 www.piaoxue.com
218.201.94.20 61.129.58.12
218.201.94.20 forum.jiangmin.com
218.201.94.20 luosoft.com
218.201.94.20 cn.zs.yahoo.com
218.201.94.20 www.znmq.com
218.201.94.20 auto.search.msn.com
218.201.94.20 www.pcav.cn
218.201.94.20 www.cnhx.com.cn
218.201.94.20 btbaicai.com
218.201.94.20 219.239.102.77
218.201.94.20 hz.mop-hz.com
218.201.94.20 www.jacai.com
218.201.94.20 bbs.168safe.com
218.201.94.20 ok.mop-hz.com
218.201.94.20 www.haokan123.com
218.201.94.20 www.7255.com
218.201.94.20 220.181.34.241
218.201.94.20 www.my123.com

==================================
gototop
 
吹冷空气
头像
初生襁褓狮
  • 帖子:2
  • 注册: 2006-11-16
  • 来自:
发表于: 2006-11-16 19:16 | 短消息 资料
字号: 4楼

刚刚用卡卡把IE改过来。不过没用。。。
它还是时常要劫持IE
怎么办???
gototop
 
oyeoye
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2006-11-17
  • 来自:
发表于: 2006-11-17 01:07 | 短消息 资料
字号: 5楼

我也挨了这垃圾网页搞苦了
恨不得拿刀砍了这帮垃圾
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT