哈哈！！我又中了！！ bbs.ikaka.com

天月来了 - 2007-5-6 1:35:00

刚点了几个网页，记不得了。

又中了。

先看任务管理器。

附件: 83907720075612526.jpg

天月来了 - 2007-5-6 1:36:00

再来日志-------------

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<05732sr9ul9hd2><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlog0n.exe> [N/A]
<05732sr9ul9hd2><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlog0n.exe> [N/A]
<RealUpdate><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TIMPlatform.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [(Verified)Intel Corporation]
<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Intel Corporation]
<SoundMan><SOUNDMAN.EXE> [Avance Logic, Inc.]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<SuNotification><C:\Program Files\ShadowStor\ShadowUser\suatshut.exe> [ShadowStor Corporation]
<CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe> [CNNIC]
<upxdnd><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.exe> [N/A]
<mppds><C:\WINDOWS\mppds.exe> [N/A]
<cmdbcs><C:\WINDOWS\cmdbcs.exe> [N/A]
<winform><C:\WINDOWS\winform.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<MSDEG32 ><LYLoader.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{7F4D1081-25FD-44F5-99C6-FF271CFB7EC2}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo1.dll> [N/A]
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.sys> [N/A]
<{DD7D4640-4464-48C0-82FD-21338366D2D2}><C:\Program Files\Internet Explorer\InfoMs.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sunotify]
<WinlogonNotify: sunotify><sunotify.dll> [ShadowStor Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Error Reporting Service / ERSvc][Running/Auto Start]
<2 - 系统找不到指定的文件。
><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[kkdj3sdf3 / kkdj3sdf3][Stopped/Auto Start]
<C:\WINDOWS\system32\kkdj3sdf3.exe -j><Microsoft Corporation>
[WinQJServiceNow / WinQJServiceNow][Stopped/Auto Start]
<C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RAVQJ.EXE><N/A>
[WinWMServiceNow / WinWMServiceNow][Stopped/Auto Start]
<C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RAVWM.EXE><N/A>

==================================
驱动程序
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[cdnprot / cdnprot][Running/Boot Start]
<\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[cdntran / cdntran][Running/Auto Start]
<system32\drivers\cdntran.sys><CNNIC>
[squell / squell][Running/]
<2 - 系统找不到指定的文件。
><N/A>
[Netgroup Packet Filter / NPF][Running/Manual Start]
<system32\DRIVERS\npf.sys><CACE Technologies>

天月来了 - 2007-5-6 1:37:00

==================================
浏览器加载项
[Cbho Object]
{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} <C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll, CNNIC>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[TBSB04805 Class]
{FA91DE7A-D85F-4F35-8204-4D7C957A154B} <C:\Program Files\工具栏(T)\UUPlayer.dll, N/A>
[工具栏(T)]
{42A2F05F-E171-4CEF-852F-02475F698C24} <C:\Program Files\工具栏(T)\UUPlayer.dll, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[工具栏(T)]
{42A2F05F-E171-4CEF-852F-02475F698C24} <C:\Program Files\工具栏(T)\UUPlayer.dll, N/A>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Cbho Object]
{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} <C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll, CNNIC>
[工具栏(T)]
{42A2F05F-E171-4CEF-852F-02475F698C24} <C:\Program Files\工具栏(T)\UUPlayer.dll, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[TBSB04805 Class]
{FA91DE7A-D85F-4F35-8204-4D7C957A154B} <C:\Program Files\工具栏(T)\UUPlayer.dll, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[访问通用网址]
<C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

天月来了 - 2007-5-6 1:37:00

==================================
正在运行的进程
[PID: 444][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 500][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 524][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 568][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\RAVQJ504.dll] [N/A, N/A]
[C:\WINDOWS\system32\RAVWM507.dll] [N/A, N/A]
[PID: 724][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 800][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 864][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 928][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1000][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1212][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1292][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SUNOTIFY.dll] [ShadowStor Corporation, 1, 0, 0, 401]
[C:\WINDOWS\system32\SHADOWAPI.dll] [ShadowStor, 1, 0, 35, 1]
[C:\WINDOWS\system32\SUShell.DLL] [ShadowStor Inc., 1, 0, 0, 135]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 9]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\WINDOWS\system32\LYMANGR.DLL] [N/A, N/A]
[C:\WINDOWS\system32\nwizhx2.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.dll] [N/A, N/A]
[C:\WINDOWS\system32\mppds.dll] [N/A, N/A]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy0.dll] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo1.dll] [N/A, N/A]
[C:\WINDOWS\system32\tlbb100.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, N/A]
[C:\WINDOWS\system32\winform.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\InfoMs.dll] [N/A, N/A]
[C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3.0.0.3762]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.3762]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.3762]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.3762]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.3762]
[PID: 1544][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.3762]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.3762]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.3762]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.3762]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.3762]
[C:\WINDOWS\system32\igfxhk.dll] [Intel Corporation, 3.0.0.3762]
[C:\Program Files\Internet Explorer\InfoMs.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo1.dll] [N/A, N/A]
[PID: 1552][C:\WINDOWS\SOUNDMAN.EXE] [Avance Logic, Inc., 5.0.07]
[C:\Program Files\Internet Explorer\InfoMs.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo1.dll] [N/A, N/A]
[PID: 1640][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1700][C:\Program Files\ShadowStor\ShadowUser\suatshut.exe] [ShadowStor Corporation, 1, 0, 0, 24]
[C:\WINDOWS\system32\SUNOTIFY.dll] [ShadowStor Corporation, 1, 0, 0, 401]
[C:\WINDOWS\system32\SHADOWAPI.dll] [ShadowStor, 1, 0, 35, 1]
[C:\WINDOWS\system32\SUShell.DLL] [ShadowStor Inc., 1, 0, 0, 135]
[C:\Program Files\Internet Explorer\InfoMs.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo1.dll] [N/A, N/A]
[PID: 1708][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo1.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\InfoMs.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, N/A]
[PID: 544][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1176][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3508][C:\Program Files\CNNIC\Cdn\cdnup.exe] [CNNIC, 2, 5, 0, 8]
[C:\Program Files\CNNIC\Cdn\cdnuplib.dll] [CNNIC, 2, 5, 0, 11]
[C:\Program Files\CNNIC\Cdn\cdnprh.dll] [CNNIC, 2, 4, 0, 7]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 9]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdntdns.dll] [CNNIC, 2, 2, 0, 3]
[C:\Program Files\Internet Explorer\InfoMs.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo1.dll] [N/A, N/A]
[PID: 3196][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2096][D:\My Documents\Temp\sreng\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 9]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\InfoMs.dll] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo1.dll] [N/A, N/A]
[C:\WINDOWS\system32\winform.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy0.dll] [N/A, N/A]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, N/A]
[C:\WINDOWS\system32\mppds.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.dll] [N/A, N/A]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
222.208.183.195 et.soujjmh5.com

==================================
API HOOK
N/A

==================================

[/CODE]

天月来了 - 2007-5-6 1:39:00

故意等了一会，让它多下了一些。

但是没敢等到彻底结束，断了网。

看了日志，呵呵！！！！！！！

区别真多。

今晚没空了。

明天有空再说说区别。

哈哈，中的真有趣！！

两个铁球 - 2007-5-6 1:57:00

不错！！！！

天月来了 - 2007-5-6 7:56:00

早上好啊！！！！！！！！各位！！！

这就是区别啦-----------

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

<05732sr9ul9hd2><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlog0n.exe> [N/A]
<05732sr9ul9hd2><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlog0n.exe> [N/A]
<RealUpdate><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TIMPlatform.exe> [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

<CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe> [CNNIC]
<upxdnd><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.exe> [N/A]
<mppds><C:\WINDOWS\mppds.exe> [N/A]
<cmdbcs><C:\WINDOWS\cmdbcs.exe> [N/A]
<winform><C:\WINDOWS\winform.exe> [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<MSDEG32 ><LYLoader.exe> [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{7F4D1081-25FD-44F5-99C6-FF271CFB7EC2}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo1.dll> [N/A]
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.sys> [N/A]
<{DD7D4640-4464-48C0-82FD-21338366D2D2}><C:\Program Files\Internet Explorer\InfoMs.dll> [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Error Reporting Service / ERSvc][Running/Auto Start]
<2 - 系统找不到指定的文件。
><N/A>
[kkdj3sdf3 / kkdj3sdf3][Stopped/Auto Start]
<C:\WINDOWS\system32\kkdj3sdf3.exe -j><Microsoft Corporation>
[WinQJServiceNow / WinQJServiceNow][Stopped/Auto Start]
<C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RAVQJ.EXE><N/A>
[WinWMServiceNow / WinWMServiceNow][Stopped/Auto Start]
<C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RAVWM.EXE><N/A>

==================================
驱动程序

[cdnprot / cdnprot][Running/Boot Start]
<\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[cdntran / cdntran][Running/Auto Start]
<system32\drivers\cdntran.sys><CNNIC>
[squell / squell][Running/]
<2 - 系统找不到指定的文件。
><N/A>
[Netgroup Packet Filter / NPF][Running/Manual Start]
<system32\DRIVERS\npf.sys><CACE Technologies>

==================================
浏览器加载项
[Cbho Object]
{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} <C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll, CNNIC>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[TBSB04805 Class]
{FA91DE7A-D85F-4F35-8204-4D7C957A154B} <C:\Program Files\工具栏(T)\UUPlayer.dll, N/A>
[工具栏(T)]
{42A2F05F-E171-4CEF-852F-02475F698C24} <C:\Program Files\工具栏(T)\UUPlayer.dll, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[工具栏(T)]
{42A2F05F-E171-4CEF-852F-02475F698C24} <C:\Program Files\工具栏(T)\UUPlayer.dll, N/A>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Cbho Object]
{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} <C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll, CNNIC>
[工具栏(T)]
{42A2F05F-E171-4CEF-852F-02475F698C24} <C:\Program Files\工具栏(T)\UUPlayer.dll, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[TBSB04805 Class]
{FA91DE7A-D85F-4F35-8204-4D7C957A154B} <C:\Program Files\工具栏(T)\UUPlayer.dll, N/A>
[访问通用网址]
<C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

==================================
正在运行的进程

[PID: 580][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\RAVQJ504.dll] [N/A, N/A]
[C:\WINDOWS\system32\RAVWM507.dll] [N/A, N/A]
[PID: 1292][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 9]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\WINDOWS\system32\LYMANGR.DLL] [N/A, N/A]
[C:\WINDOWS\system32\nwizhx2.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.dll] [N/A, N/A]
[C:\WINDOWS\system32\mppds.dll] [N/A, N/A]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy0.dll] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo1.dll] [N/A, N/A]
[C:\WINDOWS\system32\tlbb100.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, N/A]
[C:\WINDOWS\system32\winform.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\InfoMs.dll] [N/A, N/A]
[PID: 1544][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.3762]
[C:\Program Files\Internet Explorer\InfoMs.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo1.dll] [N/A, N/A]
[PID: 1552][C:\WINDOWS\SOUNDMAN.EXE] [Avance Logic, Inc., 5.0.07]
[C:\Program Files\Internet Explorer\InfoMs.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo1.dll] [N/A, N/A]
[PID: 1700][C:\Program Files\ShadowStor\ShadowUser\suatshut.exe] [ShadowStor Corporation, 1, 0, 0, 24]
[C:\Program Files\Internet Explorer\InfoMs.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo1.dll] [N/A, N/A]
[PID: 1708][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo1.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\InfoMs.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, N/A]
[PID: 3508][C:\Program Files\CNNIC\Cdn\cdnup.exe] [CNNIC, 2, 5, 0, 8]
[C:\Program Files\CNNIC\Cdn\cdnuplib.dll] [CNNIC, 2, 5, 0, 11]
[C:\Program Files\CNNIC\Cdn\cdnprh.dll] [CNNIC, 2, 4, 0, 7]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 9]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdntdns.dll] [CNNIC, 2, 2, 0, 3]
[C:\Program Files\Internet Explorer\InfoMs.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo1.dll] [N/A, N/A]
[PID: 2096][D:\My Documents\Temp\sreng\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 9]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\InfoMs.dll] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo1.dll] [N/A, N/A]
[C:\WINDOWS\system32\winform.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy0.dll] [N/A, N/A]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, N/A]
[C:\WINDOWS\system32\mppds.dll] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.dll] [N/A, N/A]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
==================================
HOSTS 文件
222.208.183.195et.soujjmh5.com

天月来了 - 2007-5-6 8:03:00

现在发现，中毒同时还被强制捣鼓出恶意的东西---------------

启动项目
注册表

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

<CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe> [CNNIC]

==================================
驱动程序

[cdnprot / cdnprot][Running/Boot Start]
<\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[cdntran / cdntran][Running/Auto Start]
<system32\drivers\cdntran.sys><CNNIC>
[Netgroup Packet Filter / NPF][Running/Manual Start]
<system32\DRIVERS\npf.sys><CACE Technologies>
==================================
浏览器加载项
[Cbho Object]
{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} <C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll, CNNIC>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[TBSB04805 Class]
{FA91DE7A-D85F-4F35-8204-4D7C957A154B} <C:\Program Files\工具栏(T)\UUPlayer.dll, N/A>
[工具栏(T)]
{42A2F05F-E171-4CEF-852F-02475F698C24} <C:\Program Files\工具栏(T)\UUPlayer.dll, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[工具栏(T)]
{42A2F05F-E171-4CEF-852F-02475F698C24} <C:\Program Files\工具栏(T)\UUPlayer.dll, N/A>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Cbho Object]
{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} <C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll, CNNIC>
[工具栏(T)]
{42A2F05F-E171-4CEF-852F-02475F698C24} <C:\Program Files\工具栏(T)\UUPlayer.dll, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[TBSB04805 Class]
{FA91DE7A-D85F-4F35-8204-4D7C957A154B} <C:\Program Files\工具栏(T)\UUPlayer.dll, N/A>
[访问通用网址]
<C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

==================================
正在运行的进程
[PID: 1292][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 9]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]

[PID: 3508][C:\Program Files\CNNIC\Cdn\cdnup.exe] [CNNIC, 2, 5, 0, 8]
[C:\Program Files\CNNIC\Cdn\cdnuplib.dll] [CNNIC, 2, 5, 0, 11]
[C:\Program Files\CNNIC\Cdn\cdnprh.dll] [CNNIC, 2, 4, 0, 7]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 9]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdntdns.dll] [CNNIC, 2, 2, 0, 3]

[PID: 2096][D:\My Documents\Temp\sreng\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 9]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]

天月来了 - 2007-5-6 8:06:00

其中任务管理器里观察到 Temp1.exe~Temp12.exe

还有其它的就没法记了。

孤独更可靠 - 2007-5-6 8:16:00

呵呵

帮你顶下.

超级游戏迷 - 2007-5-6 9:42:00

不错，以身试毒的办法值得钦佩。楼主应该是在影子系统下做的吧。
不管怎么样，都要顶一下！

天月来了 - 2007-5-6 10:21:00

小影子而已，变通了用的。

大影子，没想用。

飘飘飘飘任逍遥 - 2007-5-6 10:24:00

真佩服你！你真……………………烧！

中毒怎么办 - 2007-5-6 10:29:00

瑞星现在好多病毒都查不出来,卡卡助手也不怎么好用了,很明显的恶意程序它都发现不了,受不了,从昨天到今天中了3次毒,哈哈,不过都杀掉了,可是现在系统还是有毒,但具体是什么还没发现,在寻找中,支持LZ

天月来了 - 2007-5-6 10:44:00

真希望有更多的求助者，都能轻松处理这些个无赖。

抒情王子 - 2007-5-6 11:01:00

你自己多防着点不就行了吗？谁让你对病毒睁一只眼闭一只眼呀

桃子CiCi - 2007-5-6 12:17:00

[img][/img]

你真行...
注册不到三个月
发帖4444!!!
]太吉利了
蛤蛤

附件: 833452200756120747.bmp

天月来了 - 2007-5-6 12:35:00

引用:

【抒情王子的贴子】你自己多防着点不就行了吗？谁让你对病毒睁一只眼闭一只眼呀
………………

你才来不知道，他们可巴不得我中了，才开心呢。

呵呵！！！！

那几个没来，来了又要幸灾乐祸了啦。

哈哈！！！！

爬围墙上青天 - 2007-5-6 13:25:00

恭喜你了```
中病毒了怎么高兴，佩服```
如果解决了楼主还是写一点解决办法吧```给别人看下``

天月来了 - 2007-5-6 14:20:00

呵呵！！！！

解决办法？？？？？

除了删除注册表，然后再删除文件，别的还能怎样。

估计大多数不会的，主要就是判断文件上，这可难了呢。

必须熟悉系统哦，我刚中时，系统慢了一下，就知有问题，立即看了任务管理器，就哈哈了。

天月来了 - 2007-5-6 14:24:00

当时还没感染文件，估计我不断网继续下去，其他盘的所有可执行文件，都得完蛋。

呵呵！！！

大家还是应该习惯在系统稍有异常时，就立即看任务管理器的进程显示，拖的迟了，就连任务管理器都打不开的。

至于我这个毒，呵呵！！！

有了个小影子，重启就没了啦。

不过别跟我学哦。

没安全的。

蓝摩之泪♂ - 2007-5-6 14:35:00

怎么看日志可以教我下嘛我是新手什么都不懂

蓝摩之泪♂ - 2007-5-6 14:40:00

你们都好厉害啊..教下嘛顺便表扬下你们说的那位以身试毒的高手有了你们才有现在我们的安全保障为广大人民给你们说声谢谢！！！谢谢！！！谢谢！！！谢谢！！！

不一样的黑客 - 2007-5-6 19:17:00

http://www.zhusheng.name/blog/post/196.html
大家去看看也许有帮助不错的

天赐我一生 - 2007-5-6 20:07:00

哦！

等会去看看。

UFO不幸外人 - 2007-5-23 21:57:00

赔付，自己删除巴，我相信你的能力哈哈哈

瑞星卡卡安全论坛