瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 我中了Trojan.Mnless.jar病毒``怎么办啊```QQ也被盗了``

12   2  /  2  页   跳转

我中了Trojan.Mnless.jar病毒``怎么办啊```QQ也被盗了``

收藏
PIG猪猪
头像
初生襁褓狮
  • 帖子:15
  • 注册: 2006-12-31
  • 来自:
发表于: 2007-04-08 10:37 | 只看楼主 短消息 资料
字号: 11楼


==================================
浏览器加载项
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[IEMonitor Class]
  {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\WINDOWS\system32\IESHEL~1.DLL, N/A>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush1.dll, N/A>
[Advance Helper]
  {8E25AC4A-B129-451B-BEE2-3B510BB751DA} <C:\WINDOWS\system32\NTDLL32.dll, Microsoft Corporation>
[XBTP03129 Class]
  {B07D1F6B-6B8C-4904-8EE8-5E5A2B4624B3} <C:\PROGRA~1\SEARCH~1\tbu01983\SEARCH~1.DLL, N/A>
[conimehlp Class]
  {B10343BD-1DC6-442F-9BA2-D44C708CEE83} <C:\WINDOWS\system32\mskey32.dll, N/A>
[NTIECatcher Class]
  {C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi>
[IE Browser Helper]
  {D0903A3B-F0EA-434a-9742-98C5335C7946} <C:\WINDOWS\system32\IEHelper.dll, Mass Effect Network>
[Flash Assistant]
  {E29F0B13-0D84-45aa-81EC-CC629BC07566} <C:\WINDOWS\system32\Flasher0.dll, N/A>
[]
  {FFFFFFFF-74CC-4B7C-B5F1-45913F368388} <C:\PROGRA~1\SYSTEM~1\SYSTEM~1.DLL, N/A>
[]
  {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\coolsign\coolsign.dll, N/A>
[微软]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.microsoft.com/china/index.htm, N/A>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\新建文件夹\QQ.EXE, N/A>
[SearchCar]
  {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\SearchCar\tbu01983\SearchCar.dll, N/A>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft? Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[IEMonitor Class]
  {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\WINDOWS\system32\IESHEL~1.DLL, N/A>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush1.dll, N/A>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[]
  {669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\ssup.dll, TENCENT>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[SearchCar]
  {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\SearchCar\tbu01983\SearchCar.dll, N/A>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\WebThunder\MediaAddin12.dll, Thunder Networking Technologies,LTD>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Advance Helper]
  {8E25AC4A-B129-451B-BEE2-3B510BB751DA} <C:\WINDOWS\system32\NTDLL32.dll, Microsoft Corporation>
[PPRich]
  {9D966685-3D58-4170-B008-05BD7C1628B0} <C:\PROGRA~1\PPRich\PPRich.ocx, N/A>
[XBTP03129 Class]
  {B07D1F6B-6B8C-4904-8EE8-5E5A2B4624B3} <C:\PROGRA~1\SEARCH~1\tbu01983\SEARCH~1.DLL, N/A>
[conimehlp Class]
  {B10343BD-1DC6-442F-9BA2-D44C708CEE83} <C:\WINDOWS\system32\mskey32.dll, N/A>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Microsoft DirectAnimation Control]
  {B6FFC24C-7E13-11D0-9B47-00C04FC2F51D} <C:\WINDOWS\system32\danim.dll, Microsoft Corporation>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[NTIECatcher Class]
  {C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[IE Browser Helper]
  {D0903A3B-F0EA-434A-9742-98C5335C7946} <C:\WINDOWS\system32\IEHelper.dll, Mass Effect Network>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Flash Assistant]
  {E29F0B13-0D84-45AA-81EC-CC629BC07566} <C:\WINDOWS\system32\Flasher0.dll, N/A>
[CPasswordEditCtrl Object]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[]
  {FFFFFFFF-74CC-4B7C-B5F1-45913F368388} <C:\PROGRA~1\SYSTEM~1\SYSTEM~1.DLL, N/A>
[上传到QQ网络硬盘]
  <E:\Q\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
  <C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[使用影音传送带下载]
  <C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
  <C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到eREAD表情]
  <, N/A>
[添加到QQ自定义面板]
  <E:\Q\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\Q\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\Q\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 548][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 616][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 640][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NTDLL32.dll]  [Microsoft Corporation, 5.1.2600.2180]
    [C:\WINDOWS\system32\webpageparser.dll]  [N/A, ]
    [C:\WINDOWS\system32\Charset.dll]  [N/A, ]
    [C:\WINDOWS\system32\CreateDomTree.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 684][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 696][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 852][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 936][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1064][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1140][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1300][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1552][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
gototop
 
PIG猪猪
头像
初生襁褓狮
  • 帖子:15
  • 注册: 2006-12-31
  • 来自:
发表于: 2007-04-08 10:39 | 只看楼主 短消息 资料
字号: 12楼

[C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [E:\Q\qdshm.dll]  [, 1, 0, 101, 20]
    [E:\Q\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\system32\IEHelper.dll]  [Mass Effect Network, 5.1.2600.0]
[PID: 1700][C:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1820][c:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
    [c:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [c:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
[PID: 1828][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 336][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 360][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 48]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
[PID: 368][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4342]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
[PID: 460][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4342]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
[PID: 608][C:\WINDOWS\system32\Teache.exe]  [bcnet, 1.00]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\WINDOWS\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8169]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
[PID: 1012][C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe]  [InstallShield Software Corporation, 3, 20, 100, 1123]
[PID: 1132][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3760]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
[PID: 1676][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
[PID: 3004][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
    [C:\Program Files\TENCENT\Adplus\SSAddr.dll]  [Tencent, 4, 4, 3, 30]
    [C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll]  [Xi, 1.91.12]
    [C:\WINDOWS\system32\IEHelper.dll]  [Mass Effect Network, 5.1.2600.0]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3059 (xpsp_sp2_gdr.070104-0050)]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[PID: 3872][E:\Q\QQ.exe]  [TENCENT, 0, 0, 0, 0]
gototop
 
PIG猪猪
头像
初生襁褓狮
  • 帖子:15
  • 注册: 2006-12-31
  • 来自:
发表于: 2007-04-08 10:40 | 只看楼主 短消息 资料
字号: 13楼

[E:\Q\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [E:\Q\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [E:\Q\BasicCtrlDll.dll]  [Tencent, 7, 0, 101, 80]
    [E:\Q\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
    [E:\Q\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [E:\Q\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [E:\Q\QQAPI.dll]  [, 1, 0, 0, 1]
    [E:\Q\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [E:\Q\LoginCtrl.dll]  [N/A, ]
    [E:\Q\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [E:\Q\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [E:\Q\LoginCtrlRes.dll]  [, 1, 0, 0, 1]
    [E:\Q\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [E:\Q\WizardCtrl.dll]  [, 1, 0, 0, 1]
    [E:\Q\QQMainFrame.dll]  [N/A, ]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\Q\CQQApplication.dll]  [N/A, ]
    [E:\Q\NewSkin.dll]  [, 1, 0, 0, 1]
    [E:\Q\HostingMgr.dll]  [, 1, 0, 0, 1]
    [E:\Q\CameraDll.dll]  [, 1, 0, 0, 1]
    [E:\Q\MailSummary.dll]  [, 1, 0, 0, 1]
    [E:\Q\QQKnowledgeSearch.dll]  [, 1, 0, 0, 1]
    [E:\Q\QQAllInOne.dll]  [N/A, ]
    [E:\Q\GroupLive.dll]  [N/A, ]
    [E:\Q\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
    [E:\Q\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\Q\QQSpace.dll]  [, 1, 0, 0, 1]
    [E:\Q\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [E:\Q\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [E:\Q\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [E:\Q\QQPlugin.dll]  [N/A, ]
    [E:\Q\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [E:\Q\QRingMng.dll]  [N/A, ]
    [E:\Q\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [E:\Q\QQAvatar.dll]  [N/A, ]
    [E:\Q\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [E:\Q\QQPet.dll]  [, 1, 0, 0, 1]
    [E:\Q\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [E:\Q\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [E:\Q\BQQApplication.dll]  [N/A, ]
    [E:\Q\QQSysMsgMng.dll]  [N/A, ]
    [E:\Q\CommercesMng.dll]  [, 1, 0, 0, 1]
    [E:\Q\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [E:\Q\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 280]
    [E:\Q\QQPhoneHelper.dll]  [腾讯科技(深圳)有限公司, 2, 1, 6, 60]
    [E:\Q\QQSceneMng.dll]  [N/A, ]
    [E:\Q\QQCustomFace.dll]  [N/A, ]
    [E:\Q\ImageOle.dll]  [TODO: <Company name>, 1.0.0.1]
    [E:\Q\GroupConnection.dll]  [Tencent, 0, 3, 3, 5]
    [E:\Q\QQZip.dll]  [tencent, 0, 3, 2, 4]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [E:\Q\QQMsgFriendMng.dll]  [N/A, ]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\Q\QQMagicFace.dll]  [, 1, 0, 0, 1]
    [E:\Q\QQFileTransfer.dll]  [Tencent, 0, 3, 3, 5]
    [C:\WINDOWS\system32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[PID: 1368][E:\Q\TIMPlatform.exe]  [tencent, 0, 3, 1, 8]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
    [E:\Q\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 3876][E:\Q\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [E:\Q\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [E:\Q\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [E:\Q\BasicCtrlDll.dll]  [Tencent, 7, 0, 101, 80]
    [E:\Q\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
    [E:\Q\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [E:\Q\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [E:\Q\QQAPI.dll]  [, 1, 0, 0, 1]
    [E:\Q\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [E:\Q\LoginCtrl.dll]  [N/A, ]
    [E:\Q\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [E:\Q\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [E:\Q\LoginCtrlRes.dll]  [, 1, 0, 0, 1]
    [E:\Q\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [E:\Q\QQMainFrame.dll]  [N/A, ]
    [E:\Q\CQQApplication.dll]  [N/A, ]
    [E:\Q\NewSkin.dll]  [, 1, 0, 0, 1]
    [E:\Q\HostingMgr.dll]  [, 1, 0, 0, 1]
    [E:\Q\CameraDll.dll]  [, 1, 0, 0, 1]
    [E:\Q\MailSummary.dll]  [, 1, 0, 0, 1]
    [E:\Q\QQKnowledgeSearch.dll]  [, 1, 0, 0, 1]
    [E:\Q\QQAllInOne.dll]  [N/A, ]
    [E:\Q\GroupLive.dll]  [N/A, ]
    [E:\Q\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
    [E:\Q\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\Q\QQSpace.dll]  [, 1, 0, 0, 1]
    [E:\Q\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [E:\Q\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [E:\Q\QQPlugin.dll]  [N/A, ]
    [E:\Q\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\Q\QQAvatar.dll]  [N/A, ]
    [E:\Q\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [E:\Q\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [E:\Q\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [E:\Q\BQQApplication.dll]  [N/A, ]
    [E:\Q\CommercesMng.dll]  [, 1, 0, 0, 1]
    [E:\Q\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [E:\Q\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 280]
    [E:\Q\QQSceneMng.dll]  [N/A, ]
    [E:\Q\QQPhoneHelper.dll]  [腾讯科技(深圳)有限公司, 2, 1, 6, 60]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
[PID: 2668][C:\Documents and Settings\new\桌面\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      219.139.58.97
127.0.0.1      ads.520fantong.com
127.0.0.1      www.520fantong.com
127.0.0.1      w2.520fantong.com
127.0.0.1      125.91.1.20
127.0.0.1      61.162.230.31
127.0.0.1      61.141.31.11
127.0.0.1      bd.jacai.com
127.0.0.1      www.9505.com
127.0.0.1      www.4199.com
127.0.0.1      update.ssdlh.com
127.0.0.1      down.ssdlh.com
127.0.0.1      file.checkthisdoor.com
127.0.0.1      count.checkthisdoor.com

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
PIG猪猪
头像
初生襁褓狮
  • 帖子:15
  • 注册: 2006-12-31
  • 来自:
发表于: 2007-04-08 10:40 | 只看楼主 短消息 资料
字号: 14楼

好了```全发了```帮帮我``谢谢```
gototop
 
newcenturymoon
头像
社区嘉宾
  • 帖子:15158
  • 注册: 2005-08-03
  • 来自:
论坛8周年活动礼物幸运草
发表于: 2007-04-08 10:46 | 短消息 资料
字号: 15楼

安全模式下(开机后不断 按F8键  然后出来一个高级菜单 选择第一项 安全模式 进入系统)

打开sreng (就是你扫日志的软件)
启动项目  注册表 删除如下项目 (如果有哪项你认识或者确认不是病毒 请不要删除)
<boss><C:\WINDOWS\system32\friends.exe> [N/A]
<rx><C:\WINDOWS\system32\explore.exe> [N/A]
<zz><C:\WINDOWS\system32\intenet.exe> [N/A]
<zx><C:\WINDOWS\system32\intenet.exe> [N/A]
<wow><C:\WINDOWS\system32\Launcher.exe> [N/A]
<SoundMam><C:\WINDOWS\system32\SVOHOST.exe> [N/A
<Teache><C:\WINDOWS\system32\Teache.exe> [bcnet]
<WindowOutNew><C:\WINDOWS\system32\windowoutnew.exe> [N/A]
<SOUNDM><winsmd.exe> [N/A]
<Desktop><"C:\WINDOWS\system32\internet.exe"> []
双击AppInit_DLLs 把其键值改为空

“启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”,
选中以下项目,点“删除服务”,再点“设置”,在弹出的框中点“否”:
Internet Connection Manager / Internet Connection Manager
Application Accelerator / Tech


双击我的电脑,工具,文件夹选项,查看,单击选取"显示隐藏文件或文件夹" 并清除"隐藏受保护的操作系统文件(推荐)"前面的钩。在提示确定更改时,单击“是” 然后确定
然后删除
C:\WINDOWS\system32\internet.exe
C:\WINDOWS\system32\bqywmm64.dll
C:\WINDOWS\system32\friends.exe
C:\WINDOWS\system32\explore.exe
C:\WINDOWS\system32\intenet.exe

C:\WINDOWS\system32\Launcher.exe
C:\WINDOWS\system32\SVOHOST.exe
C:\WINDOWS\system32\Teache.exe
C:\WINDOWS\system32\windowoutnew.exe
C:\WINDOWS\system32\webpageparser.dll
C:\WINDOWS\system32\Charset.dll
C:\WINDOWS\system32\CreateDomTree.dll
C:\WINDOWS\system32\IEHelper.dll
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT