火狐浏览器被劫持？！帮忙

显示全部楼层 · 发表于 2007-3-15 19:25:33

火狐浏览器不知道怎么搞的现在一输入一个站点就会被链接到一个叫永州市云龙中学的站点上去
比如说输入www.baidu.com他就会给连接到www.baidu.com/Index.html站点的名字叫永州市云龙中学
别的网址也一样都会给你加上一个Index.html然后转到他那个站点

[ 本帖最后由 wangyj108 于 2007-3-17 09:32 编辑 ]

显示全部楼层 · 发表于 2007-3-15 19:27:36

修复一下LSP

显示全部楼层 · 发表于 2007-3-15 20:12:25

谢谢楼上的。
我用360安全卫士修复了一下LSP，但是问题依旧
现在是火狐和IE都是这个样子

显示全部楼层 · 发表于 2007-3-15 20:49:05

扫个报告看看

显示全部楼层 · 发表于 2007-3-15 20:56:07

火狐也能被劫持？晕

显示全部楼层 · 发表于 2007-3-16 08:39:12

360扫的报告

各位高手：
非常感谢您留心我这份系统诊断报告，小菜鸟十万火急等待您的帮助！
该诊断报告由360安全卫士提供 http://www.360safe.com
诊断时间: 2007-03-16  08:37:57
诊断平台: Microsoft Windows XP  Service Pack 2
IE版本: Internet Explorer V6.0.2900.2180 Build:62900.2180
计算机物理内存:511MB - 当前可用内存:233MB

100 - 未知 - Process: MPSVC.exe [] -
100 - 未知 - Process: MPSVC2.exe [] -
100 - 未知 - Process: MPSVC1.exe [] -
100 - 未知 - Process: MPMon.exe [] -
100 - 未知 - Process: SUPERAntiSpyware.exe [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
100 - 未知 - Process: k-meleon.exe [K-Meleon Web Browser] - C:\Program Files\K-Meleon\k-meleon.exe
R0 - 未知 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer=127.0.0.1:8082
R1 - 未知 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
O4 - 未知 - HKCU\..\Run: [SUPERAntiSpyware] [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - 未知 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - 未知 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - 未知 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - 未知 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - 未知 - Extra button: 启动迅雷5(HKLM) - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O10 - 未知 - Winsock LSP: [NOD32 IMON - Internet scanning support] [{C34C9F94-C205-4339-B3B6-ACF8D5261BDC}]C:\WINDOWS\system32\imon.dll
O10 - 未知 - Winsock LSP: [NOD32 IMON - Internet scanning support] [{C71087FD-76C5-4B89-905E-2BD7BAEB3471}]C:\WINDOWS\system32\imon.dll
O10 - 未知 - Winsock LSP: [NOD32 IMON - Internet scanning support] [{A45FA92C-5230-4919-883E-776F4A739977}]C:\WINDOWS\system32\imon.dll
O10 - 未知 - Winsock LSP: [NOD32 IMON - Internet scanning support] [{BF92FE9B-4AC3-4111-861A-C735415E8A88}]C:\WINDOWS\system32\imon.dll
O10 - 未知 - Winsock LSP: [NOD32 IMON - Internet scanning support] [{B2C64591-FCAB-4C21-9F34-010ECCFB97F3}]C:\WINDOWS\system32\imon.dll
O10 - 未知 - Winsock LSP: [NOD32 IMON - Internet scanning support] [{28A4D8DA-E908-4C6F-A926-A66CC7AD3224}]C:\WINDOWS\system32\imon.dll
O23 - 未知 - Service: MPSVCService [微点主动防御软件] - C:\Program Files\Micropoint\MPSVC.exe - (running)

=======================================

100 - 安全 - Process: smss.exe [进程为会话管理子系统用以初始化系统变量，ms-dos驱动名称类似lpt1以及com，调用win32壳子系统和运行在windows登陆过程。] - C:\WINDOWS\System32\smss.exe
100 - 安全 - Process: csrss.exe [客户端服务子系统，用以控制windows图形相关子系统。] - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=base
100 - 安全 - Process: winlogon.exe [windows nt用户登陆程序。] - C:\WINDOWS\system32\winlogon.exe
100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - C:\WINDOWS\system32\services.exe
100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\WINDOWS\system32\lsass.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k DcomLaunch
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k rpcss
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\System32\svchost.exe -k netsvcs
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k NetworkService
100 - 安全 - Process: spoolsv.exe [windows打印任务控制程序，用以打印机就绪。] - C:\WINDOWS\system32\spoolsv.exe
100 - 安全 - Process: imapi.exe [imapi cd-burning com service 用 image mastering applications programming interface (imapi) 管理 cd 录制。] - C:\WINDOWS\system32\imapi.exe
100 - 安全 - Process: nod32krn.exe [一款防病毒软件相关程序。] - C:\Program Files\Eset\nod32krn.exe
100 - 安全 - Process: nvsvc32.exe [nvidia driver helper service在nvida显卡驱动中被安装。] - C:\WINDOWS\system32\nvsvc32.exe
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell，包括开始菜单、任务栏，桌面和文件管理。] - C:\WINDOWS\Explorer.EXE
100 - 安全 - Process: nod32kui.exe [eset nod32反病毒软件相关程序。] - C:\Program Files\Eset\nod32kui.exe
100 - 安全 - Process: ctfmon.exe [office xp输入法图标。] - C:\WINDOWS\system32\ctfmon.exe
100 - 安全 - Process: alg.exe [这是一个应用层网关服务用于网络共享。] - C:\WINDOWS\System32\alg.exe
100 - 安全 - Process: CCProxy.exe [Symantec Internet Security网络安全套装的一部分。 ] - C:\CCProxy\CCProxy.exe
100 - 安全 - Process: 360Safe.exe [360安全卫士相关程序。] - C:\Program Files\360safe\360Safe.exe
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=about:blank
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=about:blank
O2 - 安全 - BHO: (Adobe PDF Reader Link Helper) - [Adobe Reader，查看和打印 Adobe 便携文档格式 (PDF) 文件。] - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - 安全 - Toolbar: (金山快译(&K)) - [金山快译工具条软件相关程序。] - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O4 - 安全 - HKLM\..\Run: [NvCplDaemon] [是NVIDIA显示卡相关动态链接库文件。] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 安全 - HKLM\..\Run: [nod32kui] [nod32防病毒软件的主监控程序。] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - 安全 - HKCU\..\Run: [ctfmon.exe] [office xp输入法图标。] C:\WINDOWS\system32\ctfmon.exe
O8 - 安全 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - 安全 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - 安全 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O18 - 安全 - Protocol: OFFICE 相关 - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O22 - 安全 - Filename Extention: Opera第三方浏览器 - Opera.HTML
O22 - 安全 - Filename Extention: Opera第三方浏览器 - Opera.HTML
O23 - 安全 - Service: CCProxy [Symantec Internet Security网络安全套装的一部分。] - "C:\CCProxy\CCProxy.exe" -service - (running)
O23 - 安全 - Service: Macromedia Licensing Service [是macromedia公司网页三剑客软件的注册程序。] - "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe" - (not running)
O23 - 安全 - Service: NOD32krn [NoD反病毒软件相关服务。] - "C:\Program Files\Eset\nod32krn.exe" - (running)
O23 - 安全 - Service: NVSvc [是NVIDIA显示卡相关程序。] - C:\WINDOWS\system32\nvsvc32.exe - (running)

=======================================

O40 - winlogon.exe - Micropoint Corporation - C:\Program Files\Micropoint\mp110031.dll - mp110031 - e848838c7032112ea7fb047a69ed00cb
O40 - winlogon.exe - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - SUPERAntiSpyware WinLogon Processor - 878bd80fdc51f6074d7b664c253ede4c
O40 - services.exe - Micropoint Corporation - C:\Program Files\Micropoint\mp110031.dll - mp110031 - e848838c7032112ea7fb047a69ed00cb
O40 - lsass.exe - Micropoint Corporation - C:\Program Files\Micropoint\mp110031.dll - mp110031 - e848838c7032112ea7fb047a69ed00cb
O40 - svchost.exe - Micropoint Corporation - C:\Program Files\Micropoint\mp110031.dll - mp110031 - e848838c7032112ea7fb047a69ed00cb
O40 - svchost.exe - Micropoint Corporation - C:\Program Files\Micropoint\mp110031.dll - mp110031 - e848838c7032112ea7fb047a69ed00cb
O40 - svchost.exe - - C:\WINDOWS\system32\PrxerNsp.dll - PrxerNsp - a107759fd52a7e032b29e5c145573f5c
O40 - svchost.exe - Micropoint Corporation - C:\Program Files\Micropoint\mp110031.dll - mp110031 - e848838c7032112ea7fb047a69ed00cb
O40 - svchost.exe - - C:\WINDOWS\system32\PrxerNsp.dll - PrxerNsp - a107759fd52a7e032b29e5c145573f5c
O40 - svchost.exe - Micropoint Corporation - C:\Program Files\Micropoint\mp110031.dll - mp110031 - e848838c7032112ea7fb047a69ed00cb
O40 - Explorer.EXE - Micropoint Corporation - C:\Program Files\Micropoint\mp110031.dll - mp110031 - e848838c7032112ea7fb047a69ed00cb
O40 - Explorer.EXE - Adobe Systems, Inc. - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll - PDF Shell Extension - a9b3b4a762963be8cac715bef5068232
O40 - Explorer.EXE - NVIDIA Corporation - C:\WINDOWS\system32\NVRSZHC.DLL - NVIDIA Simplified Chinese language resource library - c52f4d63c1b889c4733163dfa5fe6429
O40 - Explorer.EXE -  - C:\WINDOWS\system32\nvshell.dll -  - 766bc8f56b557b44a0ce89e4c631831e
O40 - Explorer.EXE - SuperAdBlocker.com - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL - ShellExecuteHook - 5f79547b99988b4de1ff55e9e451f0f8

=======================================

O41 - KxTdifltDrv - KxTdifltDrv - C:\Program Files\FengYun\KxTdiDrv.sys - (running) -  -  - 387e576112a52018812d7dc2f9e1c285
O41 - mp110001 - mp110001 - C:\WINDOWS\system32\drivers\mp110001.sys - (running) - mp110001 - MicroPoint Corporation - a9b4ea4aaeb3b1f691e80ad00ee9a822
O41 - mp110002 - mp110002 - C:\WINDOWS\system32\drivers\mp110002.sys - (running) - mp110002 - Micropoint Corporation - ed32ec23b15aadb5366f719deb450b81
O41 - mp110003 - mp110003 - C:\WINDOWS\system32\drivers\mp110003.sys - (running) - mp110003 - Micropoint Corporation - b68ef56d25e7c4396264b61e44b2d7e9
O41 - mp110004 - mp110004 - C:\WINDOWS\system32\drivers\mp110004.sys - (running) - mp110004 - Micropoint Corporation - 82510be32023a8d1ed347dbd47b8b832
O41 - mp110005 - mp110005 - C:\WINDOWS\system32\drivers\mp110005.sys - (running) - mp110005 - Micropoint Corporation - 6a6fc19a3acdab2047ae22af8677c02d
O41 - mp110006 - mp110006 - C:\WINDOWS\system32\drivers\mp110006.sys - (running) - mp110006 - Micropoint Corporation - 2ba2e2ea9176187f9bc633e58615a818
O41 - mp110007 - mp110007 - C:\WINDOWS\system32\drivers\mp110007.sys - (running) - mp110007 - Micropoint Corporation - cab209adcd81fdbbc2ac5c687a8be44a
O41 - mp110008 - mp110008 - C:\WINDOWS\system32\drivers\mp110008.sys - (running) - mp110008 - Micropoint Corporation - 48b71550ed8d04d3867f558aba87c418
O41 - mp110009 - mp110009 - C:\WINDOWS\system32\drivers\mp110009.sys - (running) - mp110009 - Micropoint Corporation - 3f806e3cc3bcf3bb316df666fe6f3e40
O41 - mp110010 - mp110010 - C:\WINDOWS\system32\drivers\mp110010.sys - (running) -  - Micropoint Corporation - ceaff6b1a3a2dfc37114aceb47b3cf8c
O41 - mp110011 - mp110011 - C:\WINDOWS\system32\drivers\mp110011.sys - (running) - mp110011 - Micropoint Corporation - 27a85f41c6050f5ec6c3450e2d08cf40
O41 - mp110013 - mp110013 - C:\WINDOWS\system32\drivers\mp110013.sys - (running) - mp110013 - Micropoint Corporation - ce4d19b40d41bff710b6552efecf5c3f
O41 - npkcrypt - nProtect KeyCrypt Driver - C:\Program Files\Tencent\qq\TMDLLS\npkcrypt.sys - (running) - nProtect KeyCrypt Driver - INCA Internet Co., Ltd. - 8bcb281a2540e7aff0cd00f9878fe21f
O41 - SASDIFSV - SASDIFSV - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys - (running) - SASDIFSV -  - d96686fca1f9f6b06f7490553cbda6de
O41 - SASENUM - SuperAntiSpyware - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS - (running) - SuperAntiSpyware - SuperAdBlocker, Inc. - 7f1085895e499907f68df7731924122b
O41 - SASKUTIL - SASKUTIL.SYS - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS - (running) - SASKUTIL.SYS -  - d71033dcdf92feaca2a94ca66da35384
O41 - F-SECURE AVP - F-SECURE AVP - E:\防护\avp3.5\avp3.5\FSAVP.SYS - (not running) -  -  -
O41 - F-SECURE Filter - F-SECURE Filter - E:\防护\avp3.5\avp3.5\FSFILTER.SYS - (not running) -  -  -
O41 - F-SECURE Gatekeeper - F-SECURE Gatekeeper - E:\防护\avp3.5\avp3.5\FSGK.SYS - (not running) -  -  -
O41 - F-SECURE Recognizer - F-SECURE Recognizer - E:\防护\avp3.5\avp3.5\FSREC.SYS - (not running) -  -  -
O41 - Hcmon - VMware USB monitor - C:\WINDOWS\system32\drivers\hcmon.sys - (not running) - VMware USB monitor - VMware, Inc. - 665097515cd76a5f8e0d830c1051ed12
O41 - mp110012 - mp110012 - C:\WINDOWS\system32\drivers\mp110012.sys - (not running) - mp110012 - Micropoint Corporation - df305e7ba402d3752c99ed9dad5ae8ab
O41 - P2k - Motorola Driver - C:\WINDOWS\system32\drivers\P2k.sys - (not running) - Motorola Driver - Motorola Inc - 300f7eb434d7ae9ab5209eb5f6c3c98b
O41 - rockusb - Fuzhou Rockchip USB Driver - C:\WINDOWS\system32\drivers\rockusb.sys - (not running) - Fuzhou Rockchip USB Driver - Fuzhou Rockchip Electronics Co,Ltd. - cd71d0d7985051be10306d67725f5a7c
O41 - tap0801 - TAP-Win32 Virtual Network Driver - C:\WINDOWS\system32\drivers\tap0801.sys - (not running) - TAP-Win32 Virtual Network Driver - The OpenVPN Project - 846b7c0e3f6370cdcce157a5b36e70cd
O41 - XScanPF - XScanPF - G:\工具\X-Scan-v3.3-cn\dat\xpf.sys - (not running) -  -  - b4802d3dbf4c26c3b9e5d2c1ea01e974

=======================================
360Safe.exe=3.0.1.3002
AntiAdwa.dll=2.2.2.1000
AntiEng.dll=3.0.1.2001
AntiActi.dll=2.0.0.3000
CleanHis.dll=3.0.0.1001
safelive.exe=1.0.0.2007
live.dll=1.0.0.1011

=======================================
操作历史报告：
----------查杀恶意软件历史----------

2007-03-16 08:36
查杀恶意软件 - 网络实名 - 危险 -
查杀恶意软件 - 雅虎助手&上网助手 - 危险 -

=======================================

[ 本帖最后由 wangyj108 于 2007-3-16 08:46 编辑 ]

显示全部楼层 · 发表于 2007-3-16 08:48:44

感谢帮忙解答的各位大大们
不知道谁有好的方法可以解决这个问题

显示全部楼层 · 发表于 2007-3-16 09:06:23

用这个扫

显示全部楼层 · 发表于 2007-3-16 09:31:54

[CODE]

2007-03-16,09:29:55

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
<SUPERAntiSpyware><C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe>  [SUPERAntiSpyware.com]
<Proxifier><; "C:\Proxifier\Proxifier.exe" aut>  [N/A]
<Super Rabbit IEPro><; C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD>  [Super Rabbit Soft]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Publisher]
<nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE>  [(Verified)"ESET, spol. s r.o."]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
<AVP Monitor><; E:\防护\avp3.5\avp3.5\avpm.exe>  [N/A]
<cFosSpeed><; C:\Program Files\cFosSpeed\cFosSpeed.exe>  [N/A]
<FY_FireWall><; C:\Program Files\FengYun\FYFireWall.exe>  [www.218.cc]
<NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<nwiz><; nwiz.exe /install>  []
<SoundMan><; SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
<StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
<UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [Microsoft Corporation]
<{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}><C:\Program Files\SUPERAntiSpyware\SASSEH.DLL>  [SuperAdBlocker.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
<WinlogonNotify: !SASWinLogon><C:\Program Files\SUPERAntiSpyware\SASWINLO.dll>  [SUPERAntiSpyware.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\system32\ssmypics.scr>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
N/A

==================================
服务
[CCProxy / CCProxy][Running/Manual Start]
  <"C:\CCProxy\CCProxy.exe" -service><>
[DCOM Server Process Launcher / DcomLaunch][Running/Auto Start]
  <C:\WINDOWS\system32\svchost -k DcomLaunch-->%SystemRoot%\system32\rpcss.dll><Microsoft Corporation>
[DHCP Client / Dhcp][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\dhcpcsvc.dll><Microsoft Corporation>
[COM+ Event System / EventSystem][Running/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\es.dll><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Server / lanmanserver][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\srvsvc.dll><Microsoft Corporation>
[Workstation / lanmanworkstation][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\wkssvc.dll><Microsoft Corporation>
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><>
[MPSVC Service / MPSVCService][Running/Auto Start]
  <C:\Program Files\Micropoint\MPSVC.exe><Micropoint Corporation>
[Network Connections / Netman][Running/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\netman.dll><Microsoft Corporation>
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
  <"C:\Program Files\Eset\nod32krn.exe"><Eset>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Remote Access Connection Manager / RasMan][Running/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\rasmans.dll><Microsoft Corporation>
[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]
  <C:\WINDOWS\system32\svchost -k rpcss-->%SystemRoot%\system32\rpcss.dll><Microsoft Corporation>
[Print Spooler / Spooler][Running/Auto Start]
  <C:\WINDOWS\system32\spoolsv.exe><Microsoft Corporation>
[Telephony / TapiSrv][Running/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\tapisrv.dll><Microsoft Corporation>
[WebClient / WebClient][Stopped/Disabled]
  <C:\WINDOWS\system32\svchost.exe -k LocalService-->%SystemRoot%\System32\webclnt.dll><Microsoft Corporation>

==================================
驱动程序
[Microsoft Kernel Acoustic Echo Canceller / aec][Stopped/Manual Start]
  <system32\drivers\aec.sys><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AMON / AMON][Running/Auto Start]
  <\SystemRoot\system32\drivers\amon.sys><Eset>
[F-SECURE AVP / F-SECURE AVP][Stopped/Manual Start]
  <\??\E:\防护\avp3.5\avp3.5\FSAVP.SYS><N/A>
[F-SECURE Filter / F-SECURE Filter][Stopped/Manual Start]
  <\??\E:\防护\avp3.5\avp3.5\FSFILTER.SYS><N/A>
[F-SECURE Gatekeeper / F-SECURE Gatekeeper][Stopped/Manual Start]
  <\??\E:\防护\avp3.5\avp3.5\FSGK.SYS><N/A>
[F-SECURE Recognizer / F-SECURE Recognizer][Stopped/Manual Start]
  <\??\E:\防护\avp3.5\avp3.5\FSREC.SYS><N/A>
[FltMgr / FltMgr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\fltMgr.sys><Microsoft Corporation>
[VMware hcmon / Hcmon][Stopped/Manual Start]
  <SYSTEM32\DRIVERS\HCMON.SYS><VMware, Inc.>
[HTTP / HTTP][Stopped/Manual Start]
  <System32\Drivers\HTTP.sys><Microsoft Corporation>
[IP Network Address Translator / IpNat][Running/Manual Start]
  <system32\DRIVERS\ipnat.sys><Microsoft Corporation>
[Microsoft Kernel Wave Audio Mixer / kmixer][Running/Manual Start]
  <system32\drivers\kmixer.sys><Microsoft Corporation>
[KxTdifltDrv / KxTdifltDrv][Running/System Start]
  <\??\C:\Program Files\FengYun\KxTdiDrv.sys><N/A>
[mp110001 / mp110001][Running/Auto Start]
  <system32\drivers\mp110001.sys><MicroPoint Corporation>
[mp110002 / mp110002][Running/Auto Start]
  <system32\drivers\mp110002.sys><Micropoint Corporation>
[mp110003 / mp110003][Running/Boot Start]
  <\SystemRoot\system32\drivers\mp110003.sys><Micropoint Corporation>
[mp110004 / mp110004][Running/Auto Start]
  <system32\drivers\mp110004.sys><Micropoint Corporation>
[mp110005 / mp110005][Running/Manual Start]
  <system32\drivers\mp110005.sys><Micropoint Corporation>
[mp110006 / mp110006][Running/System Start]
  <system32\drivers\mp110006.sys><Micropoint Corporation>
[mp110007 / mp110007][Running/System Start]
  <system32\drivers\mp110007.sys><Micropoint Corporation>
[mp110008 / mp110008][Running/Auto Start]
  <system32\drivers\mp110008.sys><Micropoint Corporation>
[mp110009 / mp110009][Running/System Start]
  <system32\drivers\mp110009.sys><Micropoint Corporation>
[mp110010 / mp110010][Running/Boot Start]
  <\SystemRoot\system32\drivers\mp110010.sys><Micropoint Corporation>
[mp110011 / mp110011][Running/System Start]
  <system32\drivers\mp110011.sys><Micropoint Corporation>
[mp110012 / mp110012][Stopped/Manual Start]
  <system32\drivers\mp110012.sys><Micropoint Corporation>
[mp110013 / mp110013][Running/Boot Start]
  <\SystemRoot\system32\drivers\mp110013.sys><Micropoint Corporation>
[MRxSmb / MRxSmb][Running/System Start]
  <system32\DRIVERS\mrxsmb.sys><Microsoft Corporation>
[nod32drv / nod32drv][Running/System Start]
  <\SystemRoot\system32\drivers\nod32drv.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\qq\TMDlls\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Motorola USB Device / P2k][Stopped/Manual Start]
  <system32\DRIVERS\P2k.sys><Motorola Inc>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rdbss / Rdbss][Running/System Start]
  <system32\DRIVERS\rdbss.sys><Microsoft Corporation>
[Driver for rockusb Device / rockusb][Stopped/Manual Start]
  <system32\DRIVERS\rockusb.sys><Fuzhou Rockchip Electronics Co,Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SASDIFSV / SASDIFSV][Running/System Start]
  <\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS><>
[SASENUM / SASENUM][Running/Manual Start]
  <\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS><SuperAdBlocker, Inc.>
[SASKUTIL / SASKUTIL][Running/System Start]
  <\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys><>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Microsoft Kernel Audio Splitter / splitter][Stopped/Manual Start]
  <system32\drivers\splitter.sys><Microsoft Corporation>
[Srv / Srv][Running/Manual Start]
  <system32\DRIVERS\srv.sys><Microsoft Corporation>
[TAP-Win32 Adapter V8 / tap0801][Stopped/Manual Start]
  <system32\DRIVERS\tap0801.sys><The OpenVPN Project>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[Microcode Update Driver / Update][Running/Manual Start]
  <system32\DRIVERS\update.sys><Microsoft Corporation>
[VMware Bridge Protocol / VMnetBridge][Running/Auto Start]
  <system32\DRIVERS\vmnetbridge.sys><VMware, Inc.>
[VMware Network Application Interface / VMnetuserif][Stopped/Manual Start]
  <SYSTEM32\DRIVERS\VMNETUSERIF.SYS><VMware, Inc.>
[VMware VMparport / Vmparport][Stopped/Manual Start]
  <SYSTEM32\DRIVERS\VMPARPORT.SYS><VMware, Inc.>
[VMware vmx86 / vmx86][Running/Auto Start]
  <system32\DRIVERS\vmx86.sys><VMware, Inc.>
[Microsoft WINMM WDM Audio Compatibility Driver / wdmaud][Running/Manual Start]
  <system32\drivers\wdmaud.sys><Microsoft Corporation>
[XScanPF / XScanPF][Stopped/Manual Start]
  <\??\G:\工具\X-Scan-v3.3-cn\dat\xpf.sys><N/A>
[381390 / 381390][Running/]
  <2 - 系统找不到指定的文件。
><N/A>

显示全部楼层 · 发表于 2007-3-16 09:33:50

实在不行只有重装系统了

[ 本帖最后由 wangyj108 于 2007-3-16 09:44 编辑 ]

[已解决] 火狐浏览器被劫持？！帮忙

本帖子中包含更多资源

本帖子中包含更多资源