上网很慢，犹如死机，请大侠帮助！ bbs.ikaka.com

guoyc - 2009-6-21 14:11:00

上网很慢，犹如死机，请大侠帮助！

多谢！！！

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Maxthon)

附件: SREngLOG.log

浪漫纸箱 - 2009-6-21 14:32:00

C:\WINDOWS\system32\TcpIpDog0.dll
请楼主将其放到我签名处的第一个网站，检测抱回结果

guoyc - 2009-6-21 14:38:00

多谢！！！

浪漫纸箱 - 2009-6-21 14:38:00

楼主安装Dr.com 了么？

guoyc - 2009-6-21 14:39:00

已经安装Dr.com

guoyc - 2009-6-21 14:44:00

分析结果已出来，请您指正，多谢！

文件 SREngLOG.log 接收于 2009.06.21 06:41:41 (UTC)

反病毒引擎	版本	最后更新	扫描结果
a-squared	4.5.0.18	2009.06.21	-
AhnLab-V3	5.0.0.2	2009.06.20	-
AntiVir	7.9.0.193	2009.06.20	-
Antiy-AVL	2.0.3.1	2009.06.19	-
Authentium	5.1.2.4	2009.06.20	-
Avast	4.8.1335.0	2009.06.20	-
AVG	8.5.0.339	2009.06.20	-
BitDefender	7.2	2009.06.21	-
CAT-QuickHeal	10.00	2009.06.19	-
ClamAV	0.94.1	2009.06.20	-
Comodo	1382	2009.06.21	-
DrWeb	5.0.0.12182	2009.06.21	-
eSafe	7.0.17.0	2009.06.18	-
eTrust-Vet	31.6.6570	2009.06.19	-
F-Prot	4.4.4.56	2009.06.20	-
F-Secure	8.0.14470.0	2009.06.19	-
Fortinet	3.117.0.0	2009.06.21	-
GData	19	2009.06.21	-
Ikarus	T3.1.1.59.0	2009.06.21	-
Jiangmin	11.0.706	2009.06.21	-
K7AntiVirus	7.10.768	2009.06.19	-
Kaspersky	7.0.0.125	2009.06.21	-
McAfee	5652	2009.06.20	-
McAfee+Artemis	5652	2009.06.20	-
McAfee-GW-Edition	6.7.6	2009.06.20	-
Microsoft	1.4803	2009.06.21	-
NOD32	4174	2009.06.20	-
Norman	6.01.09	2009.06.19	-
nProtect	2009.1.8.0	2009.06.21	-
Panda	10.0.0.16	2009.06.20	-
PCTools	4.4.2.0	2009.06.20	-
Prevx	3.0	2009.06.21	-
Rising	21.34.60.00	2009.06.21	-
Sophos	4.42.0	2009.06.21	-
Sunbelt	3.2.1858.2	2009.06.20	-
Symantec	1.4.4.12	2009.06.21	-
TheHacker	6.3.4.3.350	2009.06.20	-
TrendMicro	8.950.0.1094	2009.06.20	-
VBA32	3.12.10.7	2009.06.21	-
ViRobot	2009.6.19.1796	2009.06.19	-
VirusBuster	4.6.5.0	2009.06.20	-

附加信息
File size: 78798 bytes
MD5...: f0fc7b965acb53073a8cc456da680d4f
SHA1..: 1bb9c8e877d9ee7ad508b6101f372142628b5731
SHA256: 2cb647deb400c656c458e85893da557af144857ed3b07a45fd0be2ca86b3030e
ssdeep: 768:PztJEAvqxkorEOdm90aIvoaALxAG3rF0am:Pztb+kUEKm90aGoaALbo<BR>
PEiD..: -
TrID..: File type identification<BR>Generic INI configuration (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set<BR>-

浪漫纸箱 - 2009-6-21 14:49:00

C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll
晕这个不知道是什么（貌似不是腾讯的东西），注入好多进程。劳烦楼主继续上传到哪网站检测。:kaka1:

guoyc - 2009-6-21 14:55:00

已经删除C:\WINDOWS\system32\TcpIpDog0.dll

浪漫纸箱 - 2009-6-21 14:58:00

引用:

原帖由 guoyc 于 2009-6-21 14:55:00 发表
已经删除C:\WINDOWS\system32\TcpIpDog0.dll

那是DR.com的东西，不该删的，

正常了么？

C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll
检测了么？

浪漫纸箱 - 2009-6-21 15:06:00

这样同样的方法，您先下载个windows清理助手，我签名处有他的官网。
扫描看看。
然后在扫描SREng日志我帮您看看，是否清理干净。
:kaka1: 可否。

guoyc - 2009-6-21 15:12:00

请问您如何检测C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll？在下很初级，多谢！！！

浪漫纸箱 - 2009-6-21 15:14:00

就是放到检测，C:\WINDOWS\system32\TcpIpDog0.dll的那个网站上呀，忘了？:kaka12:

guoyc - 2009-6-21 15:27:00

请您指正，多谢！！！

用windows清理助手扫描后的结果为：

用sreng扫描后的结果为：

附件: Result.txt

附件: SREngLOG.log

浪漫纸箱 - 2009-6-21 15:36:00

清理助手扫描出什么了么?

浪漫纸箱 - 2009-6-21 15:38:00

引用:

原帖由 guoyc 于 2009-6-21 15:27:00 发表
请您指正，多谢！！！

用windows清理助手扫描后的结果为：

用sreng扫描后的结果为：

对不起楼主您误解我的意思了是让您用清理助手的扫描恶意软件的功能，不是扫描日志的功能。

guoyc - 2009-6-21 15:41:00

扫描出可清理对象3个，可卸载软件5个。

浪漫纸箱 - 2009-6-21 15:42:00

您清理了么、有病毒了？

guoyc - 2009-6-21 15:43:00

检测C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll的结果为：
文件 SPlus.dll 接收于 2009.06.21 07:39:07 (UTC)

反病毒引擎	版本	最后更新	扫描结果
a-squared	4.5.0.18	2009.06.21	-
AhnLab-V3	5.0.0.2	2009.06.20	-
AntiVir	7.9.0.193	2009.06.20	-
Antiy-AVL	2.0.3.1	2009.06.19	-
Authentium	5.1.2.4	2009.06.20	-
Avast	4.8.1335.0	2009.06.20	-
AVG	8.5.0.339	2009.06.20	-
BitDefender	7.2	2009.06.21	-
CAT-QuickHeal	10.00	2009.06.19	-
ClamAV	0.94.1	2009.06.20	-
Comodo	1382	2009.06.21	-
DrWeb	5.0.0.12182	2009.06.21	-
eSafe	7.0.17.0	2009.06.18	-
eTrust-Vet	31.6.6570	2009.06.19	-
F-Prot	4.4.4.56	2009.06.20	-
Fortinet	3.117.0.0	2009.06.21	-
GData	19	2009.06.21	-
Ikarus	T3.1.1.59.0	2009.06.21	-
Jiangmin	11.0.706	2009.06.21	-
K7AntiVirus	7.10.768	2009.06.19	-
Kaspersky	7.0.0.125	2009.06.21	-
McAfee	5652	2009.06.20	-
McAfee+Artemis	5652	2009.06.20	-
McAfee-GW-Edition	6.7.6	2009.06.20	-
Microsoft	1.4803	2009.06.21	-
NOD32	4174	2009.06.20	-
Norman	6.01.09	2009.06.19	-
nProtect	2009.1.8.0	2009.06.21	-
Panda	10.0.0.16	2009.06.20	-
PCTools	4.4.2.0	2009.06.20	-
Prevx	3.0	2009.06.21	-
Rising	21.34.61.00	2009.06.21	-
Sophos	4.42.0	2009.06.21	-
Sunbelt	3.2.1858.2	2009.06.20	-
Symantec	1.4.4.12	2009.06.21	-
TheHacker	6.3.4.3.350	2009.06.20	-
TrendMicro	8.950.0.1094	2009.06.20	-
VBA32	3.12.10.7	2009.06.21	-
ViRobot	2009.6.19.1796	2009.06.19	-
VirusBuster	4.6.5.0	2009.06.20	-

附加信息
File size: 177480 bytes
MD5...: d9657d1a8a6d6f3ed4114868cd153a2b
SHA1..: feb63566eb90b51a7400a135ce5c9d510213d831
SHA256: 42fe5bed48c3e4ff64c18cadeae09bb13d0eeae22ea539169fd1a85588e2f93c
ssdeep: 3072:M0Yzs9RiHeFH6cnTRJC0lBaG2unsdQxpDcHQv7We+Yj/xvxr5JiraZXwJqG<BR>BaevZ:M5s7iHeDTbl0G2unsdQxpAwvaNYj/vru<BR>
PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1524a<BR>timedatestamp.....: 0x492a18f5 (Mon Nov 24 03:01:09 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 7 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x1943a 0x1a000 6.16 d54a962d1f185499196c4ecfcff4141f<BR>.rdata 0x1b000 0x6248 0x7000 6.68 6be80c351336d8c8b8694dbeb2239318<BR>.data 0x22000 0x4234 0x2000 3.66 38aa3fef9e7b465c28db5f4cc89edd15<BR>Shared_T 0x27000 0x10 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110<BR>Shared_H 0x28000 0x20 0x1000 0.00 329be86fbc505430e3adcad57e1ccd2e<BR>.rsrc 0x29000 0x3d8 0x1000 1.06 b8892a998b5bd75b204a009dd936a608<BR>.reloc 0x2a000 0x2b38 0x3000 5.39 fd37af5fd690d9f7529d6d3b212e0b53<BR><BR>( 11 imports ) <BR>> KERNEL32.dll: UnmapViewOfFile, LeaveCriticalSection, EnterCriticalSection, GetShortPathNameA, GetSystemDirectoryA, GetWindowsDirectoryA, OpenMutexA, lstrcmpA, MapViewOfFile, GetTempPathA, LoadLibraryA, OpenFileMappingA, GetModuleFileNameW, CreateMutexA, GetLastError, TlsSetValue, VirtualProtect, GetLongPathNameA, TlsFree, TlsAlloc, VirtualQuery, IsBadWritePtr, lstrlenA, lstrcpynW, lstrcpynA, GetSystemTime, SystemTimeToFileTime, TlsGetValue, GetModuleFileNameA, GetCommandLineA, GetVersionExA, CreateFileMappingA, SetLastError, WideCharToMultiByte, MultiByteToWideChar, lstrlenW, GetExitCodeThread, DeleteCriticalSection, InitializeCriticalSection, WaitForMultipleObjects, SetEvent, CreateEventA, CreateThread, WaitForSingleObject, TerminateThread, lstrcmpiA, GetVersion, GetCurrentProcessId, Module32First, Module32Next, CloseHandle, GetModuleHandleA, GetCurrentProcess, FlushInstructionCache, GetSystemInfo, GetProcAddress, Sleep, GetPrivateProfileStructA, WritePrivateProfileStructA, GetFileSize, WriteFile, InterlockedDecrement, CreateFileA, DeleteFileA, lstrcatA, CopyFileA, CreateProcessA, LocalFree, GetACP, LoadLibraryW, LoadLibraryExA, ReadProcessMemory, FreeLibrary, MoveFileExA, CreateDirectoryA, FindClose, FindNextFileA, FindFirstFileA, CreateFileW, ReadFile, GetTickCount<BR>> USER32.dll: IsWindow, PostMessageA, RegisterWindowMessageA, FindWindowExA, FindWindowA, GetClassNameA, SetTimer, EnumWindows, GetParent, GetWindowTextA, CallNextHookEx, UnhookWindowsHookEx, KillTimer, DestroyWindow, PostQuitMessage, GetClassInfoExA, RegisterClassExA, CreateWindowExA, SetWindowLongA, GetWindowLongA, DefWindowProcA, GetMessageA, TranslateMessage, DispatchMessageA, SendMessageA, GetWindowThreadProcessId<BR>> GDI32.dll: GetStockObject<BR>> ADVAPI32.dll: OpenProcessToken, GetLengthSid, RegSetValueExA, RegCreateKeyExA, RegDeleteValueA, RegOpenKeyA, RegEnumKeyExA, RegQueryValueExA, RegEnumKeyA, RegEnumValueA, RegCloseKey, RegNotifyChangeKeyValue, RegOpenKeyExA, CloseServiceHandle, CreateServiceA, OpenSCManagerA, DeleteService, OpenServiceA, QueryServiceStatus, StartServiceA, ControlService, RegSetValueExW, RegQueryValueExW, RegOpenKeyExW, CreateProcessAsUserW, SetTokenInformation, DuplicateTokenEx<BR>> ole32.dll: StringFromCLSID, CoCreateGuid, CoTaskMemFree<BR>> OLEAUT32.dll: -, -<BR>> SHLWAPI.dll: PathRemoveBackslashA, PathStripToRootA, PathIsDirectoryA, PathRemoveFileSpecA, PathFindExtensionA, PathRemoveExtensionA, PathRemoveBlanksA, PathAddExtensionA, PathAppendA, SHDeleteKeyA, SHDeleteValueA, SHSetValueA, SHGetValueA, PathFindFileNameA, StrStrIA, PathFileExistsA<BR>> MSVCRT.dll: fputs, fgets, rewind, fopen, wcslen, fwrite, strrchr, fread, ftell, malloc, __dllonexit, _onexit, __1type_info@@UAE@XZ, _initterm, _adjust_fdiv, fclose, strchr, _mbstok, atoi, _tempnam, rename, _ltoa, _snwprintf, sscanf, _mbsnbcpy, strstr, _mbscmp, time, srand, _mbschr, _mbsnbicmp, strncpy, _snprintf, rand, _mbsicmp, _CxxThrowException, memmove, realloc, free, _purecall, __CxxFrameHandler, __2@YAPAXI@Z, __3@YAXPAX@Z, _stricmp, _wcsicmp, _strnicmp, _strlwr, _wcsnicmp, strncat, fseek, _except_handler3<BR>> WS2_32.dll: -, -, -, -<BR>> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA<BR>> SHELL32.dll: SHGetSpecialFolderPathA<BR><BR>( 6 exports ) <BR>DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, Rundll32, Rundll32_<BR>
PDFiD.: -
RDS...: NSRL Reference Data Set<BR>-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=d9657d1a8a6d6f3ed4114868cd153a2b' target='_blank'>http://www.threatexpert.com/repo ... 4114868cd153a2b&;lt;/a>

浪漫纸箱 - 2009-6-21 15:44:00

嗯那您的电脑是不是再安装什么软件后不正常的呢？

guoyc - 2009-6-21 15:48:00

清理其中一个对象时，瑞星提示有病毒，为RootKit.Win32.Agent.ehu，已经删除；还提示若要完全清理对象，须重启。
多谢您！！！

guoyc - 2009-6-21 15:49:00

最近装了一些软件之后，网速就慢了。

浪漫纸箱 - 2009-6-21 15:55:00

呵呵，不用谢，是应该的。
:kaka12:

最近装了一些软件之后，网速就慢了
能说说是什么软件么？

guoyc - 2009-6-21 16:20:00

最近装了QvodSetup3，纳米机器人等软件。
多谢！！！

guoyc - 2009-6-21 16:33:00

删除了几个病毒后，上网轻松多了。
真要感谢“浪漫纸箱”大侠！！！

夲號ヱ被ジ盜 - 2009-6-21 16:58:00

C:\WINDOWS\system32\TcpIpDog0.dl
就这个篡改的WINSOCK提供者
可能照成网速变慢
C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll
腾讯软件管理器【腾讯2009】

guoyc - 2009-6-22 9:49:00

多谢！
请问对此两个文件该如何处理?

瑞星卡卡安全论坛