瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 厉害的毒...还有谁可以帮我?
apyss - 2007-4-28 21:09:00
我还原了系统还在.重装了系统还装....杀了每次运行.exe文件又回来了...救命啊...
日志如下
[CODE]

2007-04-28,20:52:35

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <wrlkv374><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iexpl0re.exe>  []
    <e6><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\crasos.exe>  []
    <3h><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Servera.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <fy><C:\WINDOWS\Sysfy3\svchost.exe>  []
    <JT><C:\WINDOWS\SysJT3\svchost.exe>  []
    <J2><C:\WINDOWS\system32\SysJ2\svchost.exe>  []
    <sun><C:\WINDOWS\SysSun2\svchost.exe>  []
    <sj><C:\WINDOWS\Syssj5\svchost.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>  [(Verified)Microsoft Windows Publisher]
    <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)Microsoft Windows Publisher]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Publisher]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <Exprer><C:\WINDOWS\Exprer.exe>  []
    <nwiztlbb><C:\WINDOWS\system32\nwiztlbb.exe>  []
    <nwizAskTao><C:\WINDOWS\system32\nwizAskTao.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <360Safe><Rundll32.exe F:\360safe\360safe\AntiAdwa.dll,KillAdware>  [360Safe.com]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\KAV6\KaScrScn.scr>  [N/A]
apyss - 2007-4-28 21:10:00

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Disk Driver Service / Disk Service][Stopped/Auto Start]
  <C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.EXE><N/A>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Yamaha DS1 Audio Driver (WDM) / ds1][Stopped/Manual Start]
  <system32\drivers\ds1wdm.sys><Yamaha Corp.>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]
  <system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[KWatch2 / KWatch2][Running/]
  <2 - 系统找不到指定的文件。
><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
  <system32\DRIVERS\pcntpci5.sys><AMD Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[vmx_svga / vmx_svga][Stopped/Manual Start]
  <system32\DRIVERS\vmx_svga.sys><VMware, Inc.>
[131218 / 131218][Running/Manual Start]
  <2 - 系统找不到指定的文件。
><N/A>
apyss - 2007-4-28 21:10:00
=================================
浏览器加载项
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\Program Files\flashget\jccatch.dll, Amaze Soft>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <D:\HFGameOPT\GameClient.exe, 上海浩方在线信息技术有限公司>
[联想]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\Program Files\flashget\flashget.exe, Amaze Soft>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\Program Files\flashget\jccatch.dll, Amaze Soft>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
  <E:\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\flashget\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\flashget\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <E:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\QQ\SendMMS.htm, N/A>

==================================
apyss - 2007-4-28 21:11:00
正在运行的进程
[PID: 444][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 500][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 524][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 568][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 788][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 824][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\5.8.0.2469\wups.dll]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 1260][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.6693]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.6693]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.6693]
    [C:\Program Files\flashget\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\WINDOWS\system32\Exprer.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Msxo0.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\WINDOWS\system32\nwizAskTao.dll]  [N/A, ]
    [C:\WINDOWS\system32\nwiztlbb.dll]  [N/A, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[PID: 148][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
[PID: 176][C:\KAV6\KPopMon.EXE]  [, 2004, 2, 2, 31]
    [C:\KAV6\KAVMLM.DLL]  [Kingsoft Corporation, 2003.11.12.10]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
[PID: 1132][E:\QQ\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [E:\QQ\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [E:\QQ\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [E:\QQ\BasicCtrlDll.dll]  [Tencent, 7, 0, 101, 80]
    [E:\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [E:\QQ\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [E:\QQ\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [E:\QQ\QQAPI.dll]  [, 1, 0, 0, 1]
    [E:\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [E:\QQ\LoginCtrl.dll]  [N/A, ]
    [E:\QQ\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [E:\QQ\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [E:\QQ\LoginCtrlRes.dll]  [, 1, 0, 0, 1]
    [E:\QQ\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [E:\QQ\QQMainFrame.dll]  [N/A, ]
    [E:\QQ\CQQApplication.dll]  [N/A, ]
    [E:\QQ\NewSkin.dll]  [, 1, 0, 0, 1]
    [E:\QQ\HostingMgr.dll]  [, 1, 0, 0, 1]
    [E:\QQ\CameraDll.dll]  [, 1, 0, 0, 1]
    [E:\QQ\MailSummary.dll]  [, 1, 0, 0, 1]
    [E:\QQ\QQKnowledgeSearch.dll]  [, 1, 0, 0, 1]
    [E:\QQ\QQAllInOne.dll]  [N/A, ]
    [E:\QQ\GroupLive.dll]  [N/A, ]
    [E:\QQ\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
    [E:\QQ\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\QQ\QQSpace.dll]  [, 1, 0, 0, 1]
    [E:\QQ\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [E:\QQ\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [E:\QQ\QQSysMsgMng.dll]  [N/A, ]
    [E:\QQ\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [E:\QQ\QQPlugin.dll]  [N/A, ]
    [E:\QQ\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\QQ\QRingMng.dll]  [N/A, ]
    [E:\QQ\QQCustomFace.dll]  [N/A, ]
    [E:\QQ\QQAvatar.dll]  [N/A, ]
    [E:\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [E:\QQ\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [E:\QQ\QQPet.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\QQ\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [E:\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [E:\QQ\BQQApplication.dll]  [N/A, ]
    [E:\QQ\ImageOle.dll]  [TODO: <Company name>, 1.0.0.1]
    [E:\QQ\CommercesMng.dll]  [, 1, 0, 0, 1]
    [E:\QQ\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [E:\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 280]
    [E:\QQ\GroupConnection.dll]  [Tencent, 0, 3, 3, 5]
    [E:\QQ\QQSceneMng.dll]  [N/A, ]
    [E:\QQ\QQZip.dll]  [tencent, 0, 3, 2, 4]
    [E:\QQ\QQPhoneHelper.dll]  [腾讯科技(深圳)有限公司, 2, 1, 8, 81]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Msxo0.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\WINDOWS\system32\Exprer.dll]  [N/A, ]
[PID: 1052][E:\QQ\TIMPlatform.exe]  [tencent, 0, 3, 1, 8]
    [E:\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 2980][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\flashget\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
[PID: 3388][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\flashget\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
[PID: 3916][C:\WINDOWS\system32\SysJ2\svchost.exe]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
[PID: 1152][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
[PID: 3728][C:\WINDOWS\SysJT3\svchost.exe]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
[PID: 3744][C:\WINDOWS\Sysfy3\svchost.exe]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
[PID: 1388][C:\WINDOWS\SysSun2\svchost.exe]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 1828][C:\WINDOWS\Syswl3\svchost.exe]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
[PID: 1340][C:\WINDOWS\Syswm7\svchost.exe]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
[PID: 1824][C:\WINDOWS\Syssj5\svchost.exe]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
[PID: 3724][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
[PID: 2552][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
[PID: 268][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\WINDOWS\system32\audiodev.dll]  [Microsoft Corporation, 5.2.3790.3646 (private/xpsp_mce.040810-0205)]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Msxo0.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\WINDOWS\system32\Exprer.dll]  [N/A, ]
[PID: 2484][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.372\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Msxo0.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\WINDOWS\system32\Exprer.dll]  [N/A, ]
apyss - 2007-4-28 21:11:00
==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      www1.6tan.com
127.0.0.1      www2.6tan.com
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com
127.0.0.1      d.77276.com
127.0.0.1      www1.cw988.cn
127.0.0.1      cool.47555.com
127.0.0.1      www.asdwc.com
127.0.0.1      55880.cn
127.0.0.1      61.152.169.234
127.0.0.1      cc.wzxqy.com
127.0.0.1      www.54699.com
127.0.0.1      t.gcuj.com
127.0.0.1      www.puma163.com
127.0.0.1      ceoww.com
127.0.0.1      boolom.com
127.0.0.1      adult-novel.cn
127.0.0.1      ll.chinasese.net
127.0.0.1      www.tellumore.com
127.0.0.1      www.o1wg.com
127.0.0.1      www.qq756.com
127.0.0.1      ll.chinasese.net

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
apyss - 2007-4-28 21:13:00
没人可以帮到我吗?
apyss - 2007-4-28 21:14:00
谁可以救我啊.我快烦死了.
apyss - 2007-4-28 21:18:00
真的没人可以帮我吗??
apyss - 2007-4-28 21:20:00
谁可以帮帮我啊.
kid乖 - 2007-4-28 21:24:00
我不大懂只能祈祷你的机子赶快恢复正常了
apyss - 2007-4-28 21:24:00
哎~看来还是得靠自己了
apyss - 2007-4-28 21:33:00
这个毒把我搞得好烦...难道真的要格盘才行吗??
救命啊
zhangmaj - 2007-4-28 21:50:00
要删除的东西太多了用360或者卡卡清下 反正GHOOK和不在system32下的svchost都删除 再清空下host文件
apyss - 2007-4-28 21:52:00
这些我都试过了.....没用啊....还是会回来的.
zhangmaj - 2007-4-28 21:54:00
会回来是因为有个关联的没删除 要不你去瑞星在线查下 查到的全删除 简单易行
ADL - 2007-4-28 21:55:00
升级你的杀软到最新!

在安全模式下全盘杀毒!

360清理下流氓木马!

再说啦!
apyss - 2007-4-28 21:55:00
这样啊..我去试试....就是没办法找出那个关联....
火影忍者 - 2007-4-28 21:57:00
太多了...汗...
天月来了 - 2007-4-28 21:57:00
如果你每次重装系统或还原后,还去用你以前各盘的文件,那你永无宁日。
天月来了 - 2007-4-28 21:57:00
火影!!!

第一次看你说多。
天月来了 - 2007-4-28 21:58:00
你还说我会乱建议别人重装系统。

以后同不同意我建议别人重装系统????????
火影忍者 - 2007-4-28 21:59:00
感染型的啊...麻烦啊...
不好处理啊...
apyss - 2007-4-28 21:59:00
system32\DRIVERS\secdrv.sys
这个是不是毒?>??
火影忍者 - 2007-4-28 22:00:00
他这样要全格的啊...

只是重装系统没用的啊.

SRE也处理不了啊..

如果不是感染型的,那就好说了...
火影忍者 - 2007-4-28 22:01:00
引用:
【apyss的贴子】system32\DRIVERS\secdrv.sys
这个是不是毒?>??
………………

正常
apyss - 2007-4-28 22:02:00
那就是啊..我头都大了....根本杀不完.
apyss - 2007-4-28 22:03:00
能用的办法我都用了.哎....看来只得全格了.
天月来了 - 2007-4-28 22:04:00
重装系统前将自己的文件都压缩了,等以后杀毒软件能清除时再用吧。

然后重装系统。吧。

除了那个压缩的文件。其他各盘的所有文件,在光盘启动的DOS下彻底删除吧。

试试去吧。

如果安装了还原类软件,建议先卸载。



apyss - 2007-4-28 22:04:00
这个是什么毒我还不知道呢....和威金有点像..会感染.exe的....头很大了....感觉不在我能力范围之内....
zhangmaj - 2007-4-28 22:04:00
我也不喜欢格 虽然这样简单 现在这样没办法的说
12
查看完整版本: 厉害的毒...还有谁可以帮我?
© 2000 - 2026 Rising Corp. Ltd.