瑞星卡卡安全论坛

2005-12-28,11:15:38

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows 98 Second Edition

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <SystemTray><SysTray.Exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <thunder_mini><C:\PROGRAM FILES\THUNDER NETWORK\THUNDERMINI\ThunderMini.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <ICSMGR><ICSMGR.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <runreper><C:\WINDOWS\viewer.exe>

==================================
启动文件夹
服务

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\SYSTEM\XUNLEIBHO_V6.DLL, $>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[eBeamClientPanel Control]
  {045E1C91-8D89-44F5-8F66-B67CE56E6124} <C:\WINDOWS\DOWNLO~1\WBCLIE~1.OCX, Nanjing XinFeng Software Inc.>
[&使用迷你迅雷下载]
  <C:\PROGRAM FILES\THUNDER NETWORK\THUNDERMINI\geturl.htm, N/A>
[添加到QQ自定义面板]
  <E:\下载\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\下载\QQ\AddEmotion.htm, N/A>
[上传到QQ网络硬盘]
  <E:\下载\QQ\AddToNetDisk.htm, N/A>
[用QQ彩信发送该图片]
  <E:\下载\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 4294920473][C:\WINDOWS\SYSTEM\MPREXE.EXE]  <Microsoft Corporation><4.10.1998>
    [C:\PROGRAM FILES\COMMON FILES\ADOBE\SHELL\PSICON.DLL]  <Adobe Systems, Incorporated><7.0>
    [C:\WINDOWS\SYSTEM\XUNLEIBHO_V6.DLL]  <$><4, 4, 0, 31>
    [C:\PROGRAM FILES\WINRAR\RAREXT.DLL]  <N/A><N/A>
[PID: 4294875949][C:\WINDOWS\EXPLORER.EXE]  <Microsoft Corporation><4.72.3110.1>
[PID: 4294837173][C:\WINDOWS\SYSTEM\SYSTRAY.EXE]  <Microsoft Corporation><4.10.2222>
    [C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB 文件夹\MSONSEXT.DLL]  <N/A><N/A>
[PID: 4294860481][C:\PROGRAM FILES\THUNDER NETWORK\THUNDERMINI\THUNDERMINI.EXE]  <Thunder Network Technologies Inc.><1, 2, 1, 9>
    [C:\PROGRAM FILES\THUNDER NETWORK\THUNDERMINI\BOOST_THREAD-VC6-MT-1_31.DLL]  <N/A><N/A>
    [C:\WINDOWS\SYSTEM\DHCPCSVC.DLL]  <N/A><N/A>
[PID: 4290878913][C:\WINDOWS\SYSTEM\ICSMGR.EXE]  <Microsoft Corporation><4.10.2222>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
[PID: 4290879029][C:\WINDOWS\VIEWER.EXE]  <N/A><N/A>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
[PID: 4290817313][C:\WINDOWS\SYSTEM\WMIEXE.EXE]  <Microsoft Corporation><5.00.1755.1>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\RESENU.DLL]  <Efficient Networks, Inc.><1, 6, 0, 7>
[PID: 4290856685][C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE]  <N/A><N/A>
    [C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\DSLAPI32.DLL]  <Efficient Networks Inc.><1, 6, 0, 7>
    [C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\PACKETLOG.DLL]  <Efficient Networks, Inc.><1, 6, 0, 7>
    [C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\RESMSGENU.DLL]  <Efficient Networks, Inc.><1, 6, 0, 7>
    [C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB 文件夹\MSONSEXT.DLL]  <N/A><N/A>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
    [C:\WINDOWS\SYSTEM\XUNLEIBHO_V6.DLL]  <$><4, 4, 0, 31>
[PID: 4290803797][C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2800.1106>
    [C:\WINDOWS\SYSTEM\DD630_32.DLL]  <Silicon Integrated Systems Corporation><4.12.01.1012>
[PID: 4291246265][C:\WINDOWS\SYSTEM\DDHELP.EXE]  <Microsoft Corporation><4.07.00.0700>
[PID: 4029372245][C:\WINDOWS\SYSTEM\PSTORES.EXE]  <Microsoft Corporation><5.00.1877.3>
[PID: 4291293601][D:\乱七八糟\自用\修\SRENG.EXE]  <Smallfrogs Studio><2.0.12.350>

==================================
文件关联
.TXT  Error. [C:\WINDOWS\system32\N0TEPAD.exe %1 %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  Error. [AutoCADScriptFile]
.CHM  Error. [C:\WINDOWS\hh.exe %1]
.HLP  OK. [C:\WINDOWS\winhlp32.exe %1]
.INI  OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF  OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS  OK. [C:\WINDOWS\WScript.exe "%1" %*]
.JS  OK. [C:\WINDOWS\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

TXT Error. [C:\WINDOWS\system32\N0TEPAD.exe %1 %1]有没中关连木马?建意修复一下!

把几个文件关联错误修复一下.
另外:你为什么会怀疑自己被人整?有什么可疑症状吗?

【回复“玉面修罗”的帖子】
因为我的浏览器等老是不知不觉的就全变了味了！！！

已经确定你中毒了..有点麻烦的毒
请你再用hijackthis扫个LOG发上来
--------------------------------------------------------
hijackthis下载：http://forum.ikaka.com/download.asp?id=5188960
hijackthis使用：http://it.rising.com.cn/newSite/Channels/anti_virus/Antivirus_Faq/TopicExplorerPagePackage/hijackthis.htm

【回复“玉面修罗”的帖子】
HijackThis_815汉化版扫描日志 V1.99.1
保存于      21:44:57, 日期 05-12-31
操作系统：  Windows 98 SE (Win9x 4.10.2222A)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\PROGRAM FILES\THUNDER NETWORK\THUNDERMINI\THUNDERMINI.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\SIS630_V1.01B.02\UTILITY\SISTRAY.EXE
C:\PROGRAM FILES\SIS630_V1.01B.02\UTILITY\3D\KHOOKER.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
D:\乱七八糟\自用\卡卡社区浏览器\HIJACKTHIS1991ZWW.EXE

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\SYSTEM\XUNLEIBHO_V6.DLL
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - 启动项HKLM\\Run: [SystemTray] SysTray.Exe
O4 - 启动项HKLM\\Run: [ICSMGR] ICSMGR.EXE
O4 - 启动项HKLM\\Run: [thunder_mini] C:\PROGRAM FILES\THUNDER NETWORK\THUNDERMINI\ThunderMini.exe
O4 - 启动项HKLM\\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - 启动项HKLM\\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - 启动项HKLM\\Run: [internat.exe] internat.exe
O4 - 启动项HKLM\\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - 启动项HKLM\\Run: [SiS Tray] C:\PROGRAM FILES\SIS630_V1.01B.02\UTILITY\SISTRAY.EXE
O4 - 启动项HKLM\\Run: [SiS KHooker] C:\Program Files\SiS630_V1.01b.02\utility\3d\khooker.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - 启动项HKLM\\RunServices: [SchedulingAgent] mstask.exe
O8 - IE右键菜单中的新增项目: &使用迷你迅雷下载 - C:\PROGRAM FILES\THUNDER NETWORK\THUNDERMINI\geturl.htm
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm