瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 大家看看我中的是什么病毒啊 有日志 耳机里还有讲话的声音

123   1  /  3  页   跳转

大家看看我中的是什么病毒啊 有日志 耳机里还有讲话的声音

收藏
缘若不灭
头像
初生襁褓狮
  • 帖子:28
  • 注册: 2007-01-29
  • 来自:
发表于: 2007-03-21 07:54 | 只看楼主 短消息 资料
字号: 1楼

大家看看我中的是什么病毒啊 有日志 耳机里还有讲话的声音

[CODE]

2007-03-22,07:34:48

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><Internat.exe>  [Microsoft Corporation]
    <kavshell><C:\Progra~1\Eset\svch0st.exe>  [N/A]
    <hl15zjyvl6><C:\DOCUME~1\chenchi\LOCALS~1\Temp\servicer.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <50><C:\SysAd5C\svchost.exe>  [N/A]
    <4><C:\SysWsj3\svchost.exe>  [N/A]
    <333><C:\Syswm1e\svchost.exe>  [N/A]
    <100><C:\SysMa1\svchost.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <wxClient><C:\WINDOWS\System32\Clsmn.exe>  []
    <BarClient><C:\PROGRA~1\四川省~1\BarClient.exe>  []
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  [N/A]
    <mppds><C:\WINDOWS\mppds.exe>  [N/A]
    <winform><C:\WINDOWS\winform.exe>  [N/A]
    <upxdnd><C:\DOCUME~1\chenchi\LOCALS~1\Temp\3.exe>  [N/A]
    <msccrt><C:\WINDOWS\msccrt.exe>  [N/A]
    <wsttrs><C:\WINDOWS\wsttrs.exe>  [N/A]
    <uanl><C:\WINDOWS\uanl.exe>  [N/A]
    <FYNEWS><C:\DOCUME~1\chenchi\LOCALS~1\Temp\11.exe>  [N/A]
    <System><C:\Program Files\Common Files\System\Updaterun.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <twin><C:\WINDOWS\System32\ctfnom.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
    <GinaDLL><C:\WINDOWS\system32\LogUser.dll>  []
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Corporation]
    <{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys>  [N/A]
    <{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys>  [N/A]
    <{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat>  [N/A]
    <{923509F1-45CB-4EC0-BDE0-1DED35B8FD60}><C:\Program Files\Internet Explorer\IEXPLORE.win>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <WebCheck><%SystemRoot%\System32\webcheck.dll>  [(Verified)Microsoft Corporation]
    <SysTray><C:\WINDOWS\System32\stobject.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Corporation]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\System32\wxAScr.scr>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Error Reporting Service / ERSvc][Running/Auto Start]
  <2 - 系统找不到指定的文件。
><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Stopped/Disabled]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Smart Card Helper / SCardDrv][Stopped/Manual Start]
  <><N/A>
[Sicent Network File Synchronization / sicentnetsync][Running/Auto Start]
  <C:\WINDOWS\System32\wxsyncli.exe><成都吉胜科技有限公司>
[Vedio Adapter / VGADown][Stopped/Auto Start]
  <C:\WINDOWS\lsass.exe><N/A>
[Remote Control Server / WinVNC4][Stopped/Manual Start]
  <"C:\WINDOWS\System32\rmserver.exe" -service><>
[D39A235A / D39A235A][Stopped/Auto Start]
  <C:\WINDOWS\System32\D39A235A.EXE -service><Microsoft Corporation>
[sadsaads / afdsfsgg][Running/Auto Start]
  <C:\WINDOWS\System32\dfsdfsg.exe><Microsoft Corporation>
[4C33D3E9 / 4C33D3E9][Stopped/Auto Start]
  <C:\WINDOWS\System32\4C33D3E9.EXE -service><Microsoft Corporation>
[Remote Procedure Call System(RPCSx) / Remo][Running/Auto Start]
  <C:\WINDOWS\System32\Rpcsx.exe><Microsoft Corporation>
[Windows Management Instrumentation Driver / WMID][Running/Auto Start]
  <C:\WINDOWS\System32\wmid.exe><N/A>
[QoS Service / WalALET][Running/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\RTGDH.DLL,Export 1087><Microsoft Corporation>
[Std bepo Service / bepo][Running/Auto Start]
  <C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\COMMON~1\wwhg\gjut.dll,Service -s><Microsoft Corporation>
[System Security / Popular][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\fbwhk.dll><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\drivers\EagleNT.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\WINDOWS\System32\qqedit\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nvata / nvata][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\nvata.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <System32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  <System32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rfsafe / rfsafe][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\rfsafe.sys><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[squell / squell][Running/]
  <2 - 系统找不到指定的文件。
><N/A>
[Netgroup Packet Filter / NPF][Running/Manual Start]
  <System32\DRIVERS\npf.sys><CACE Technologies>
[ygmme / ygmme][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ygmme.sys><N/A>

==================================
浏览器加载项
[实用搜索]
  {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <D:\Program Files\浩方对战平台\gameclient.exe, 上海浩方在线信息技术有限公司>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[实用搜索工具条2.0]
  {03465FF5-00AE-411a-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\qq\SendMMS.htm, N/A>
最后编辑2007-03-27 20:05:10
分享到:
gototop
 
缘若不灭
头像
初生襁褓狮
  • 帖子:28
  • 注册: 2007-01-29
  • 来自:
发表于: 2007-03-21 07:57 | 只看楼主 短消息 资料
字号: 2楼

正在运行的进程
[PID: 372][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 432][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\4C33D3E9.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 452][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\system32\LogUser.dll]  [, 1.0.0.2]
    [C:\WINDOWS\System32\D39A235A.DLL]  [Microsoft Corporation, 5.2.3790.1830]
    [C:\WINDOWS\System32\4C33D3E9.DLL]  [Microsoft Corporation, 5.2.3790.1830]
    [C:\PROGRA~1\COMMON~1\wwhg\jmxw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\COMMON~1\wwhg\orsy.dll]  [ , 1, 0, 0, 6]
[PID: 496][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\4C33D3E9.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 508][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\4C33D3E9.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 672][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\4C33D3E9.DLL]  [Microsoft Corporation, 5.2.3790.1830]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, N/A]
[PID: 724][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\4C33D3E9.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 876][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\4C33D3E9.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 908][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\4C33D3E9.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 1072][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, N/A]
    [C:\WINDOWS\System32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\PROGRA~1\四川省~1\Gather.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.8198]
    [C:\WINDOWS\System32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.8198]
    [C:\WINDOWS\System32\nvshell.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\D39A235A.DLL]  [Microsoft Corporation, 5.2.3790.1830]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.win]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, N/A]
    [C:\WINDOWS\System32\4C33D3E9.DLL]  [Microsoft Corporation, 5.2.3790.1830]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, N/A]
    [C:\DOCUME~1\chenchi\LOCALS~1\Temp\Qqzo0.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\winform.dll]  [N/A, N/A]
    [C:\DOCUME~1\chenchi\LOCALS~1\Temp\upxdnd.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\msccrt.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\wsttrs.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\uanl.dll]  [N/A, N/A]
    [C:\DOCUME~1\chenchi\LOCALS~1\Temp\LgSy0.dll]  [N/A, N/A]
    [C:\DOCUME~1\chenchi\LOCALS~1\Temp\Rav30.dll]  [N/A, N/A]
    [C:\DOCUME~1\chenchi\LOCALS~1\Temp\LgSy0r.dll]  [N/A, N/A]
    [C:\DOCUME~1\chenchi\LOCALS~1\Temp\Msxo0.dll]  [N/A, N/A]
    [C:\DOCUME~1\chenchi\LOCALS~1\Temp\Gjzo1.dll]  [N/A, N/A]
    [C:\DOCUME~1\chenchi\LOCALS~1\Temp\Rav20.dll]  [N/A, N/A]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\PROGRA~1\COMMON~1\wwhg\jmxw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\COMMON~1\wwhg\orsy.dll]  [ , 1, 0, 0, 6]
    [C:\WINDOWS\System32\ilgqe.dll]  [N/A, N/A]
gototop
 
缘若不灭
头像
初生襁褓狮
  • 帖子:28
  • 注册: 2007-01-29
  • 来自:
发表于: 2007-03-21 07:57 | 只看楼主 短消息 资料
字号: 3楼

[PID: 1148][C:\WINDOWS\System32\Clsmn.exe]  [, 16.3.12.610]
    [C:\WINDOWS\System32\RegCode.dll]  [N/A, N/A]
    [C:\PROGRA~1\四川省~1\Gather.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, N/A]
    [C:\WINDOWS\System32\4C33D3E9.DLL]  [Microsoft Corporation, 5.2.3790.1830]
    [C:\PROGRA~1\COMMON~1\wwhg\jmxw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\COMMON~1\wwhg\orsy.dll]  [ , 1, 0, 0, 6]
[PID: 1156][C:\PROGRA~1\四川省~1\BarClient.exe]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\四川省~1\Gather.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, N/A]
    [C:\WINDOWS\System32\4C33D3E9.DLL]  [Microsoft Corporation, 5.2.3790.1830]
    [C:\PROGRA~1\COMMON~1\wwhg\jmxw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\COMMON~1\wwhg\orsy.dll]  [ , 1, 0, 0, 6]
[PID: 1164][C:\WINDOWS\System32\Internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINDOWS\System32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\PROGRA~1\四川省~1\Gather.dll]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, N/A]
    [C:\WINDOWS\System32\4C33D3E9.DLL]  [Microsoft Corporation, 5.2.3790.1830]
    [C:\PROGRA~1\COMMON~1\wwhg\jmxw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\COMMON~1\wwhg\orsy.dll]  [ , 1, 0, 0, 6]
[PID: 1364][C:\WINDOWS\System32\wxsyncli.exe]  [成都吉胜科技有限公司, 1.0.1.259]
    [C:\WINDOWS\System32\4C33D3E9.DLL]  [Microsoft Corporation, 5.2.3790.1830]
    [C:\PROGRA~1\COMMON~1\wwhg\jmxw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\COMMON~1\wwhg\orsy.dll]  [ , 1, 0, 0, 6]
[PID: 1412][C:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [C:\WINDOWS\System32\4C33D3E9.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 596][C:\WINDOWS\System32\13EF79B4.exe]  [N/A, N/A]
    [C:\WINDOWS\System32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
    [C:\WINDOWS\System32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, N/A]
    [C:\PROGRA~1\四川省~1\Gather.dll]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, N/A]
    [C:\WINDOWS\System32\4C33D3E9.DLL]  [Microsoft Corporation, 5.2.3790.1830]
    [C:\PROGRA~1\COMMON~1\wwhg\jmxw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\COMMON~1\wwhg\orsy.dll]  [ , 1, 0, 0, 6]
[PID: 1528][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.win]  [N/A, N/A]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\System32\4C33D3E9.DLL]  [Microsoft Corporation, 5.2.3790.1830]
    [c:\SysWsj3\Ghook.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\msdmo.dll]  [N/A, N/A]
    [c:\Syswm1e\Ghook.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\ffdshow.ax]  [N/A, 1.0.2.2028]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll]  [Gabest, 1, 0, 1, 3]
    [c:\SysMa1\Ghook.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\SDOMSAudio.dll]  [é?o£ê¢′óí???·¢?1óD?T1???, 1.6.0.1016]
    [D:\Program Files\DoShow\plugins\MPAudioPlugIn.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\System32\SDOMSVideo.dll]  [é?o£ê¢′óí???·¢?1óD?T1???, 1.6.0.1016]
    [C:\Program Files\superutilbar\superutilbar.dll]  [www.shiyongsousuo.com, 2, 1, 8, 24]
[PID: 1752][C:\WINDOWS\System32\dfsdfsg.exe]  [Microsoft Corporation, 5.2.3790.1830]
    [C:\WINDOWS\System32\4C33D3E9.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 412][C:\WINDOWS\system32\cmd.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\GAMES1\街头篮球\HackShield\EGRNAPX2.DLL]  [AhnLab, Inc., 0, 0, 0, 43]
    [C:\WINDOWS\System32\4C33D3E9.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 688][C:\WINDOWS\System32\cmd.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\GAMES1\街头篮球\HackShield\EGRNAPX2.DLL]  [AhnLab, Inc., 0, 0, 0, 43]
    [C:\WINDOWS\System32\4C33D3E9.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 3124][c:\SysWsj3\svchost.exe]  [N/A, N/A]
    [c:\SysWsj3\Ghook.dll]  [N/A, N/A]
[PID: 3240][c:\Syswm1e\svchost.exe]  [N/A, N/A]
    [c:\Syswm1e\Ghook.dll]  [N/A, N/A]
[PID: 3480][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [c:\Syswm1e\Ghook.dll]  [N/A, N/A]
    [c:\SysWsj3\Ghook.dll]  [N/A, N/A]
    [c:\SysMa1\Ghook.dll]  [N/A, N/A]
[PID: 3532][c:\SysMa1\svchost.exe]  [N/A, N/A]
    [c:\SysMa1\Ghook.dll]  [N/A, N/A]
[PID: 3680][C:\DOCUME~1\chenchi\LOCALS~1\Temp\11.exe]  [N/A, N/A]
    [c:\SysMa1\Ghook.dll]  [N/A, N/A]
    [c:\Syswm1e\Ghook.dll]  [N/A, N/A]
    [c:\SysWsj3\Ghook.dll]  [N/A, N/A]
[PID: 4040][C:\WINDOWS\System32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\COMMON~1\wwhg\gjut.dll]  [ , 4, 1, 0, 4]
    [C:\PROGRA~1\COMMON~1\wwhg\jmxw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\COMMON~1\wwhg\orsy.dll]  [ , 1, 0, 0, 6]
    [C:\PROGRA~1\COMMON~1\wwhg\lowv.dll]  [ , 1, 0, 0, 6]
[PID: 1508][C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINDOWS\SYSTEM32\WBEM\RTGDH.DLL]  [Microsoft Corporation, 5, 1, 2600, 2709]
[PID: 2844][F:\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\WINDOWS\System32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, N/A]
    [C:\PROGRA~1\COMMON~1\wwhg\jmxw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\COMMON~1\wwhg\orsy.dll]  [ , 1, 0, 0, 6]
    [C:\PROGRA~1\四川省~1\Gather.dll]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, N/A]
    [C:\DOCUME~1\chenchi\LOCALS~1\Temp\LgSy0.dll]  [N/A, N/A]
    [C:\DOCUME~1\chenchi\LOCALS~1\Temp\Rav20.dll]  [N/A, N/A]
    [C:\DOCUME~1\chenchi\LOCALS~1\Temp\Gjzo1.dll]  [N/A, N/A]
    [C:\DOCUME~1\chenchi\LOCALS~1\Temp\Msxo0.dll]  [N/A, N/A]
    [C:\DOCUME~1\chenchi\LOCALS~1\Temp\LgSy0r.dll]  [N/A, N/A]
    [C:\DOCUME~1\chenchi\LOCALS~1\Temp\Rav30.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\wsttrs.dll]  [N/A, N/A]
    [C:\DOCUME~1\chenchi\LOCALS~1\Temp\Qqzo0.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [F:\sreng2\Plugins\SRECXTMG.SRE]  [Smallfrogs Studio, 1, 5, 0, 55]
[PID: 2992][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\Program Files\superutilbar\superutilbar.dll]  [www.shiyongsousuo.com, 2, 1, 8, 24]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
gototop
 
缘若不灭
头像
初生襁褓狮
  • 帖子:28
  • 注册: 2007-01-29
  • 来自:
发表于: 2007-03-21 07:57 | 只看楼主 短消息 资料
字号: 4楼

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      60.169.0.66
127.0.0.1      60.169.1.29
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com

==================================
API HOOK
N/A

==================================


[/CODE]
gototop
 
天天玩玩
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2007-03-08
  • 来自:
发表于: 2007-03-21 14:08 | 短消息 资料
字号: 5楼

毒窝
gototop
 
素就像天上的浮云
头像
快乐黄口狮
  • 帖子:206
  • 注册: 2007-02-13
  • 来自:
发表于: 2007-03-21 14:15 | 短消息 资料
字号: 6楼

噢~上帝~居然楼主还能继续用~

上网裸奔?还是把防火墙当做装饰什么的
gototop
 
缘若不灭
头像
初生襁褓狮
  • 帖子:28
  • 注册: 2007-01-29
  • 来自:
发表于: 2007-03-22 11:26 | 只看楼主 短消息 资料
字号: 7楼

谁告诉我 怎么解决 啊。。。。
gototop
 
我是流浪猪
头像
自信弱冠狮
  • 帖子:385
  • 注册: 2005-09-09
  • 来自:
发表于: 2007-03-22 12:05 | 短消息 资料
字号: 8楼

先安装个杀毒软件或者在线杀毒,杀完了再扫日志上来

佩服LZ
gototop
 
菜鸟玩病毒
头像
拙长孩提狮
  • 帖子:119
  • 注册: 2006-11-12
  • 来自:
发表于: 2007-03-22 12:07 | 短消息 资料
字号: 9楼

汗....
lz是养马的吧........
gototop
 
修罗撒旦
头像
健康舞勺狮
  • 帖子:300
  • 注册: 2006-09-18
  • 来自:
发表于: 2007-03-22 12:28 | 短消息 资料
字号: 10楼

合乎瑞星捕获病毒的机器有的一拼
gototop
 
<<上一主题|下一主题>>
123   1  /  3  页   跳转
页面顶部
Powered by Discuz!NT