【求助】被“Search the web!”网站劫持 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛【求助】被“Search the web!”网站劫持

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

【求助】被“Search the web!”网站劫持

MaiKfan 初生襁褓狮帖子:9 注册: 2006-04-28 来自:	发表于： 2006-04-28 18:23 \| 显示全部短消息资料字号：小中大 1楼【求助】被“Search the web!”网站劫持不小心安装了MSNPlus的所谓赞助广告后就发现收藏夹多了一堆跳转到“Search the web”的网址。在论坛的恶意网站列表里好象没找到这个网站的解决链接，头都看晕了，只好发新贴请高人帮忙看看了…… Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe F:\Rising\Rav\CCenter.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe F:\Rising\Rav\Ravmond.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe F:\Rising\Rav\RavStub.exe C:\WINDOWS\Explorer.EXE F:\Rising\Rav\RavTask.exe F:\Rising\Rav\Ravmon.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\conime.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Thunder Network\Thunder\Thunder.exe F:\Rising\Rav\RsAgent.exe C:\WINDOWS\msagent\AgentSvr.exe F:\HijackThis\HijackThis.exe R3 - Default URLSearchHook is missing O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll (file missing) O2 - BHO: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - F:\SUPERR~1\MagicSet\HAOKAN~1.DLL O3 - Toolbar: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - F:\SUPERR~1\MagicSet\HAOKAN~1.DLL O4 - HKLM\..\Run: [Super Rabbit SRRestore] F:\Super Rabbit\MagicSet\srrest.exe /autosave O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [RavTask] "F:\Rising\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [MessengerPlus3] "F:\\MsgPlus.exe" O4 - HKLM\..\RunOnce: [SpybotSnD] "F:\Spybot - Search & Destroy\SpybotSD.exe" O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [FAST01] C:\DOCUME~1\123\APPLIC~1\LOCKSF~1\LogoCash.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: 解霸 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - (no file) O9 - Extra 'Tools' menuitem: 解霸 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - (no file) O9 - Extra button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://tomatolei.com (file missing) O9 - Extra button: 易趣购物 - {DE607144-AC19-424e-863A-3D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing) O9 - Extra 'Tools' menuitem: 易趣购物 - {DE607144-AC19-424e-863A-3D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing) O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - (no file) O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\espi11.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\espi11.dll O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://tv.etshow.net/list/powerplayer.cab O16 - DPF: {AB89C9BF-9250-473B-BE49-D34F615CB678} (Chaos Filter) - http://download.mysee.com/Chaos.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C31A66FB-5F3E-4DAD-87E4-F5C6022A20ED}: NameServer = 202.96.113.34,202.96.113.35 2006-04-29 16:03:34
MaiKfan 初生襁褓狮帖子:9 注册: 2006-04-28 来自:	分享到：

MaiKfan 初生襁褓狮帖子:9 注册: 2006-04-28 来自:	发表于： 2006-04-28 20:56 \| 显示全部短消息资料字号：小中大 2楼 Antivirus Version Update Result AntiVir 6.34.0.24 04.20.2006 no virus found Avast 4.6.695.0 04.28.2006 no virus found AVG 386 04.27.2006 no virus found Avira 6.34.1.58 04.28.2006 no virus found BitDefender 7.2 04.28.2006 no virus found CAT-QuickHeal 8.00 04.26.2006 no virus found ClamAV devel-20060202 04.27.2006 no virus found DrWeb 4.33 04.28.2006 no virus found eTrust-InoculateIT 23.71.141 04.28.2006 no virus found eTrust-Vet 12.4.2183 04.28.2006 no virus found Ewido 3.5 04.28.2006 no virus found Fortinet 2.71.0.0 04.27.2006 no virus found F-Prot 3.16c 04.26.2006 no virus found Ikarus 0.2.59.0 04.28.2006 P2P-Worm.Win32.Polipos.a Kaspersky 4.0.2.24 04.28.2006 no virus found McAfee 4750 04.27.2006 no virus found Microsoft 1.1372 04.28.2006 no virus found NOD32v2 1.1510 04.27.2006 no virus found Norman 5.90.17 04.27.2006 no virus found Panda 9.0.0.4 04.28.2006 no virus found Sophos 4.05.0 04.28.2006 no virus found Symantec 8.0 04.28.2006 no virus found TheHacker 5.9.7.135 04.25.2006 no virus found UNA 1.83 04.27.2006 no virus found VBA32 3.11.0 04.27.2006 no virus found Aditional Information File size: 122880 bytes MD5: a40c0fe0f88b36893388aab3dbaf629c SHA1: 180eabaa1c03ff6f7e16d6c677b5c5f4c09dbc9a
MaiKfan 初生襁褓狮帖子:9 注册: 2006-04-28 来自:

MaiKfan 初生襁褓狮帖子:9 注册: 2006-04-28 来自:	发表于： 2006-04-28 21:06 \| 显示全部短消息资料字号：小中大 3楼 File: ESPI11.dll Status: OK MD5 a40c0fe0f88b36893388aab3dbaf629c Packers detected: - Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VirusBuster Found nothing VBA32 Found nothing
MaiKfan 初生襁褓狮帖子:9 注册: 2006-04-28 来自:

MaiKfan 初生襁褓狮帖子:9 注册: 2006-04-28 来自:	发表于： 2006-04-28 21:10 \| 显示全部短消息资料字号：小中大 4楼能否直接在注册表项内删除?
MaiKfan 初生襁褓狮帖子:9 注册: 2006-04-28 来自:

MaiKfan 初生襁褓狮帖子:9 注册: 2006-04-28 来自:	发表于： 2006-04-28 22:07 \| 显示全部短消息资料字号：小中大 5楼 CWShredder结果都是not present……
MaiKfan 初生襁褓狮帖子:9 注册: 2006-04-28 来自:

MaiKfan 初生襁褓狮帖子:9 注册: 2006-04-28 来自:	发表于： 2006-04-28 22:42 \| 显示全部短消息资料字号：小中大 6楼 lspfix.exe不知道该删掉哪些hijackthis检查出来的内容
MaiKfan 初生襁褓狮帖子:9 注册: 2006-04-28 来自:

MaiKfan 初生襁褓狮帖子:9 注册: 2006-04-28 来自:	发表于： 2006-04-29 13:53 \| 显示全部短消息资料字号：小中大 7楼已经用CW粉碎和lspfix处理掉一部分程序内容,收藏夹已恢复,浏览中广告网站跳出现象暂时未出现,注册表内msgplus有关项已清除,是否还需检查?
MaiKfan 初生襁褓狮帖子:9 注册: 2006-04-28 来自:

MaiKfan 初生襁褓狮帖子:9 注册: 2006-04-28 来自:	发表于： 2006-04-29 15:24 \| 显示全部短消息资料字号：小中大 8楼 Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe F:\Rising\Rav\CCenter.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe F:\Rising\Rav\Ravmond.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe F:\Rising\Rav\RavStub.exe F:\Rising\Rav\RavTask.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe F:\Rising\Rav\Ravmon.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe F:\工具包\HijackThis.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [RavTask] "F:\Rising\Rav\RavTask.exe" -system O4 - HKLM\..\RunOnce: [RavStub] "F:\Rising\Rav\ravstub.exe" /RUNONCE O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://tomatolei.com (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\espi11.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\espi11.dll O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://tv.etshow.net/list/powerplayer.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C31A66FB-5F3E-4DAD-87E4-F5C6022A20ED}: NameServer = 202.96.113.34,202.96.113.35 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Unknown owner - (no file) O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Unknown owner - (no file) O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - F:\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - F:\Rising\Rav\Ravmond.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
MaiKfan 初生襁褓狮帖子:9 注册: 2006-04-28 来自:

MaiKfan 初生襁褓狮帖子:9 注册: 2006-04-28 来自:	发表于： 2006-04-29 16:03 \| 显示全部短消息资料字号：小中大 9楼 Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe F:\Rising\Rav\CCenter.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe F:\Rising\Rav\Ravmond.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe F:\Rising\Rav\RavStub.exe F:\Rising\Rav\RavTask.exe C:\WINDOWS\system32\Rundll32.exe F:\Rising\Rav\Ravmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\Maxthon\Maxthon.exe F:\工具包\HijackThis.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [RavTask] "F:\Rising\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [DPC] Rundll32 "C:\WINDOWS\system32\dpsck.dll",Start O4 - HKLM\..\RunOnce: [RavStub] "F:\Rising\Rav\ravstub.exe" /RUNONCE O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://tv.etshow.net/list/powerplayer.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C31A66FB-5F3E-4DAD-87E4-F5C6022A20ED}: NameServer = 202.96.113.34,202.96.113.35 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Unknown owner - (no file) O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Unknown owner - (no file) O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - F:\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - F:\Rising\Rav\Ravmond.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
MaiKfan 初生襁褓狮帖子:9 注册: 2006-04-28 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT