瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 中了严重的病毒强行给我按搜索工具(日志您来看下)

1   1  /  1  页   跳转

中了严重的病毒强行给我按搜索工具(日志您来看下)

收藏
wsy3147
头像
快乐黄口狮
  • 帖子:145
  • 注册: 2006-08-08
  • 来自:
发表于: 2006-09-06 22:37 | 只看楼主 短消息 资料
字号: 1楼

中了严重的病毒强行给我按搜索工具(日志您来看下)

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      22:26:22, 日期 2006-9-6
操作系统:  Windows XP  (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 (6.00.2600.0000)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\FBNClient\FBNClient\fbnClient.exe
D:\QQ\QQ.exe
D:\QQ\TIMPlatfrom.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
D:\TT\TTraveler.exe
C:\WINDOWS\WINLOGON.EXE
E:\专杀工具\hijackthis\HijackThis1991zww.exe

R3 - URLSearchHook: Micrsoft SearchBar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Micrsoft SearchBar\SearchBar.dll
F2 - REG:system.ini: Shell=Explorer.exe 1
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: 59.34.197.239 www.baidu.com
O1 - Hosts: 59.34.197.239 baidu.com
O1 - Hosts: 59.34.197.239 www.sohu.com
O1 - Hosts: 59.34.197.239 sohu.com
O1 - Hosts: 59.34.197.239 www.sina.com
O1 - Hosts: 59.34.197.239 sina.com
O1 - Hosts: 59.34.197.239 www.sina.com.cn
O1 - Hosts: 59.34.197.239 sina.com.cn
O1 - Hosts: 59.34.197.239 www.163.com
O1 - Hosts: 59.34.197.239 163.com
O1 - Hosts: 59.34.197.239 www.google.com
O1 - Hosts: 59.34.197.239 google.com
O1 - Hosts: 59.34.197.239 www.qq.com
O1 - Hosts: 59.34.197.239 qq.com
O1 - Hosts: 59.34.197.239 www.hao123.com
O1 - Hosts: 59.34.197.239 hao123.com
O1 - Hosts: 59.34.197.239 ttlttt.com
O1 - Hosts: 59.34.197.239 about:blank
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5010.dll
O3 - IE工具栏增项: 宏网超级搜霸 - {A790098E-DA46-472A-B77B-683882F78C0D} - C:\WINDOWS\system32\ZGHWIEBAR.dll
O3 - IE工具栏增项: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O3 - IE工具栏增项: Micrsoft SearchBar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Micrsoft SearchBar\SearchBar.dll
O4 - 启动项HKLM\\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - 启动项HKLM\\Run: [TProgram] C:\WINDOWS\SMSS.EXE
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [Tray] C:\WINDOWS\command\rundll32.exe
O4 - 启动项HKLM\\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - 启动项HKLM\\Run: [NTdhcp] C:\WINDOWS\System32\NTdhcp.exe
O4 - 启动项HKLM\\Run: [ToP] C:\WINDOWS\LSASS.exe
O4 - 启动项HKLM\\Run: [SOUNDM] winsmd.exe
O4 - 启动项HKLM\\Run: [zt] C:\WINDOWS\Intel\rundll32.exe
O4 - 启动项HKLM\\Run: [Internet] C:\WINDOWS\System32\Intercpu.exe
O4 - 启动项HKLM\\Run: [Update] C:\Program Files\Common Files\UPDATE2\Update.exe
O4 - 启动项HKLM\\Run: [winla] c:\winla\winla.exe
O4 - 启动项HKLM\\Run: [Desktop] C:\WINDOWS\System32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
O4 - 启动项HKLM\\Run: [RichMedia] C:\WINDOWS\System32\Rundll32.exe  "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows
O4 - 启动项HKLM\\Run: [keyboard] c:\\kybrdff_16.exe
O4 - 启动项HKLM\\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - 启动项HKLM\\Run: [newname] c:\\nwnmff_16.exe
O4 - 启动项HKLM\\RunServices: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - 启动项HKLM\\RunServices: [TProgram] C:\WINDOWS\SMSS.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SoundMan] C:\WINDOWS\S0UNDMAN.exe
O4 - Global Startup: IE-Bar.lnk = C:\Program Files\Common Files\IE-Bar\iebar.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - F:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - F:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - F:\Program Files\KuGoo2\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\QQ\SendMMS.htm
O8 - IE右键菜单中的新增项目: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - 浏览器额外的按钮: 酷站导航 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\kuzhan\kuzhan.dll
O9 - 浏览器额外的按钮: 天心传奇,国内在线人数最多的传奇 - {3FAA0E5B-4005-431A-BF61-E03983CC9AA7} - http://www.234567.net/ (file missing)
O9 - 浏览器额外的按钮: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - 浏览器额外的“工具”菜单项: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - 浏览器额外的按钮: 开心溜溜娱乐门户网,电影、音乐、DJ、相声、小品、FLASH等等应有尽有 - {6A3AA123-D3AE-4A24-891A-F1232092A719} - http://www.kx66.com/ (file missing)
O9 - 浏览器额外的按钮: 中文网址导航 - {D1DF4E4F-9137-44B7-8061-5F7B41A9D776} - http://www.234567.com/ (file missing)
O9 - 浏览器额外的按钮: 泡游戏,给你推荐最新最好玩的游戏 - {DE2EDC37-FFAD-4B1F-A4E8-D8ADDD349A36} - http://www.paogame.com/ (file missing)
O9 - 浏览器额外的按钮: 百万图库 - {6713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/star (file missing) (HKCU)
O9 - 浏览器额外的按钮: 铃声图片下载 - {7713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/sms/index.htm (file missing) (HKCU)
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\quartz32.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\quartz32.dll
O11 - Options group: [CDNCLIENT]  中文上网
O16 - DPF: {098A3F72-3110-4004-B954-2F9DC44934B4} (AddSHCARoot Control) - https://billing.iyoyo.com.cn/Account/AddSHCARootCert.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatarluoqi.tiancity.com/Modules/mabiweb.cab
O16 - DPF: {A8C3B40D-5384-44AD-ACC4-504B4D8A85F5} (BoBo P2P多媒体网络点播/广播/直播系统 V2) - http://www.17bobo.com/Software/BoBo_ActiveX_V2.ocx
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://password.qq.com/download/qqedit.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl-1.0.0.90-signed.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{117A751F-861E-4EBF-B40C-160DF4B3E985}: NameServer = 219.232.48.61,202.106.127.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{117A751F-861E-4EBF-B40C-160DF4B3E985}: NameServer = 219.232.48.61,202.106.127.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{117A751F-861E-4EBF-B40C-160DF4B3E985}: NameServer = 219.232.48.61,202.106.127.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{117A751F-861E-4EBF-B40C-160DF4B3E985}: NameServer = 219.232.48.61,202.106.127.1
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\domsvinn.dLL
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\drquery.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\drquery.dll
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\System32\62fdbaa0.dll
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

最后编辑2006-09-06 23:43:01
分享到:
gototop
 
wsy3147
头像
快乐黄口狮
  • 帖子:145
  • 注册: 2006-08-08
  • 来自:
发表于: 2006-09-06 22:47 | 只看楼主 短消息 资料
字号: 2楼

2006-09-06,222914

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (httpwww.KZTechs.com)

Windows XP Professional  (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
    ctfmon.exeCWINDOWSSystem32ctfmon.exe  [Microsoft Corporation]
    SoundManCWINDOWSS0UNDMAN.exe  [Realtek Semiconductor Corp.]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun]
    {68A2692F-0956-2052-1125-020208190056}CProgram FilesCommon Files{68A2692F-0956-2052-1125-020208190056}Update.exe mc-110-12-0000603  []
[HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWindows]
    load  []
    run  []
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
    Torjan ProgramCWINDOWSWINLOGON.EXE  [u2cOsIK8q3iTQxAwpD9X]
    TProgramCWINDOWSSMSS.EXE  [kVSjHGJ7KlHMQRricowU]
    TkBellExeCProgram FilesCommon FilesRealUpdate_OBrealsched.exe  -osboot  [RealNetworks, Inc.]
    TrayCWINDOWScommandrundll32.exe  []
    msCProgram FilesMicrosoftsvhost32.exe  []
    NTdhcpCWINDOWSSystem32NTdhcp.exe  []
    ToPCWINDOWSLSASS.exe  [mXUlJIL9MnJOR0Stk1ep]
    SOUNDMwinsmd.exe  []
    ztCWINDOWSIntelrundll32.exe  []
    InternetCWINDOWSSystem32Intercpu.exe  []
    UpdateCProgram FilesCommon FilesUPDATE2Update.exe  []
    winlacwinlawinla.exe  []
    DesktopCWINDOWSSystem32rundll32.exe CProgram FilesDeskAdTopRun.dll ,Rundll  []
    RichMediaCWINDOWSSystem32Rundll32.exe  CPROGRA~1pcasthbcast.dll,WaitWindows  [Shanghai Henbang Technology Co., Ltd]
    keyboardckybrdff_16.exe  [...]
    CdnCtrCProgram FilesCNNICCdncdnup.exe  []
    newnamecnwnmff_16.exe  [flkmoijeruq3w748r87uthueytewrywey45]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices]
    Torjan ProgramCWINDOWSWINLOGON.EXE  [u2cOsIK8q3iTQxAwpD9X]
    TProgramCWINDOWSSMSS.EXE  [kVSjHGJ7KlHMQRricowU]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun]
    9CWINDOWSSystem32Ravdm.exe  [Microsoft Corporation]
    1CWINDOWSsvchost.exe  []
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon]
    shellExplorer.exe 1  []
    UserinitCWINDOWSSystem32Userinit.exe  [Microsoft Corporation]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWindows]
    AppInit_DLLs  []
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon]
    UIHostlogonui.exe  [Microsoft Corporation]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
    {32CD708B-60A7-4C00-9377-D73EAA495F0F}CWINDOWSsystem32RavExt.dll  [Beijing Rising Technology Co., Ltd.]
    {57B86673-276A-48B2-BAE7-C6DBB3020EB8}CProgram Filesewido anti-spyware 4.0shellexecutehook.dll  [Anti-Malware Development a.s.]
    {6E44887F-5214-41F2-AB46-4728735C4CC6}CProgram FilesInternet ExplorerPLUGINSsystem.sys  []
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
    DelayRunCWINDOWSSystem3262fdbaa0.dll  []
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifySetup]
    WinlogonNotify SetupCWINDOWSsystem32domsvinn.dLL  []
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyTelephony]
    WinlogonNotify TelephonyCWINDOWSsystem32drquery.dll  []
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWindowsUpdate]
    WinlogonNotify WindowsUpdateCWINDOWSsystem32drquery.dll  []

==================================
启动文件夹
[IE-Bar]
  CDocuments and SettingsAll Users「开始」菜单程序启动IE-Bar.lnkN

==================================
服务
[Ati HotKey Poller  Ati HotKey Poller]
  CWINDOWSSystem32Ati2evxx.exeATI Technologies Inc.
[ATI Smart  ATI Smart]
  CWINDOWSsystem32ati2sgag.exe
[ewido anti-spyware 4.0 guard  ewido anti-spyware 4.0 guard]
  CProgram Filesewido anti-spyware 4.0guard.exeAnti-Malware Development a.s.
[IMAPI CD-Burning COM Service  ImapiService]
  CWINDOWSSystem32imapi.exeMicrosoft Corporation
[Rising Process Communication Center  RsCCenter]
  DProgram FilesRisingRavCCenter.exeNA
[RsRavMon Service  RsRavMon]
  CProgram FilesRisingRavRavmond.exeBeijing Rising Technology Co., Ltd.
[Transac  Transactionnocn]
  CWINDOWSsytup.cnNA
gototop
 
wsy3147
头像
快乐黄口狮
  • 帖子:145
  • 注册: 2006-08-08
  • 来自:
发表于: 2006-09-06 22:47 | 只看楼主 短消息 资料
字号: 3楼

==================================
浏览器加载项
[MyIEHelper Class]
  {16B770A0-0E87-4278-B748-2460D64A8386} CDocuments and SettingsAll UsersApplication DataMicrosoftIEHelperIEHelper_5010.dll, Microsoft Corporation
[QuickBtn]
  {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} CProgram Fileskuzhankuzhan.dll, Fengcent
[天心传奇,国内在线人数最多的传奇]
  {3FAA0E5B-4005-431A-BF61-E03983CC9AA7} httpwww.234567.net, NA
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} CPROGRA~1CNNICCdncdnforie.dll, CNNIC
[开心溜溜娱乐门户网,电影、音乐、DJ、相声、小品、FLASH等等应有尽有]
  {6A3AA123-D3AE-4A24-891A-F1232092A719} httpwww.kx66.com, NA
[中文网址导航]
  {D1DF4E4F-9137-44B7-8061-5F7B41A9D776} httpwww.234567.com, NA
[泡游戏,给你推荐最新最好玩的游戏]
  {DE2EDC37-FFAD-4B1F-A4E8-D8ADDD349A36} httpwww.paogame.com, NA
[百万图库]
  {6713E8D2-850A-101B-AFC0-4210102A8DA7} httpwww.26-3.comstar, NA
[铃声图片下载]
  {7713E8D2-850A-101B-AFC0-4210102A8DA7} httpwww.26-3.comsmsindex.htm, NA
[宏网超级搜霸]
  {A790098E-DA46-472A-B77B-683882F78C0D} CWINDOWSsystem32ZGHWIEBAR.dll, 中国宏网
[ToolBar888]
  {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} CProgram FilesToolBar888MyToolBar.dll, NA
[Micrsoft SearchBar]
  {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} CProgram FilesMicrsoft SearchBarSearchBar.dll, IE Toolbar
[AddSHCARoot Control]
  {098A3F72-3110-4004-B954-2F9DC44934B4} CWINDOWSDOWNLO~1ADDCAR~1.OCX, SHECA
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} CWINDOWSDOWNLO~1INPUTC~1.DLL,
[MabinogiWebAvatarRenderer Class]
  {7623BE59-D4CF-4379-ABC4-B39E11854D66} CWINDOWSDownloaded Program Filesmabiwebframe.dll, devcat
[BoBo P2P多媒体网络点播广播直播系统 V2]
  {A8C3B40D-5384-44AD-ACC4-504B4D8A85F5} CWINDOWSDOWNLO~1BOBO_A~1.OCX, 广州易播信息科技有限公司
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} CWINDOWSSystem32MacromedFlashFlash9.ocx, Adobe Systems, Inc.
[CPasswordEditCtrl Object]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} CWINDOWSSystem32qqeditqqedit.dll, 腾讯科技(深圳)有限公司
[pCastPanel Class]
  {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} CWINDOWSDownloaded Program FilesCONFLICT.1pCastCtl.dll,
[&使用迅雷下载]
  FProgram FilesThunder NetworkThunderProgramGetUrl.htm, NA
[&使用迅雷下载全部链接]
  FProgram FilesThunder NetworkThunderProgramGetAllUrl.htm, NA
[上传到QQ网络硬盘]
  DQQAddToNetDisk.htm, NA
[使用KuGoo3下载(&K)]
  FProgram FilesKuGoo2KuGoo3DownX.htm, NA
[添加到QQ自定义面板]
  DQQAddPanel.htm, NA
[添加到QQ表情]
  DQQAddEmotion.htm, NA
[用QQ彩信发送该图片]
  DQQSendMMS.htm, NA
[访问通用网址]
  CProgram FilesCNNICCdncnnic.htm, NA

==================================
正在运行的进程
[PID 1452][CWINDOWSExplorer.exe]  Microsoft Corporation6.00.2600.0000 (xpclient.010817-1148)
    [CProgram FilesDeskbardeskbar.dll]  Deskbar1, 0, 0, 272
    [CWINDOWSsystem32okbc32gt.dll]  NANA
    [CWINDOWSsystem32RavExt.dll]  Beijing Rising Technology Co., Ltd.18, 0, 0, 21
    [CProgram Filesewido anti-spyware 4.0shellexecutehook.dll]  Anti-Malware Development a.s.4, 0, 0, 172
    [CProgram FilesInternet ExplorerPLUGINSsystem.sys]  NANA
    [CWINDOWSSystem32quartz32.dll]  4, 1, 0, 0
    [CWINDOWSSystem32cn_spiEx.dll]  NANA
[PID 1604][CWINDOWSSystem32ctfmon.exe]  Microsoft Corporation5.1.2600.0 (xpclient.010817-1148)
    [CProgram FilesInternet ExplorerPLUGINSsystem.sys]  NANA
[PID 1676][CProgram FilesFBNClientFBNClientfbnClient.exe]  NANA
    [CWINDOWSSystem32qtintf70.dll]  Borland Software Corporation7.0.4.258
    [CProgram FilesInternet ExplorerPLUGINSsystem.sys]  NANA
    [CWINDOWSSystem32quartz32.dll]  4, 1, 0, 0
    [CWINDOWSsystem32RavExt.dll]  Beijing Rising Technology Co., Ltd.18, 0, 0, 21
    [CProgram Filesewido anti-spyware 4.0shellexecutehook.dll]  Anti-Malware Development a.s.4, 0, 0, 172
[PID 1848][DQQQQ.exe]  TENCENT14, 45, 0, 110
    [DQQQQBaseClassInDll.dll]  1, 0, 0, 1
    [DQQQQHelperDll.dll]  1, 0, 0, 1
    [DQQBasicCtrlDll.dll]  Tencent0, 3, 3, 6
    [CProgram FilesInternet ExplorerPLUGINSsystem.sys]  NANA
    [DQQLoginCtrl.dll]  1, 0, 0, 1
    [DQQQQAPI.dll]  1, 0, 0, 1
    [DQQTIMProxy.dll]  tencent0, 3, 2, 4
    [DQQQQRes.dll]  tencent1, 0, 0, 1
    [DQQQQMainFrame.dll]  NANA
    [DQQCQQApplication.dll]  NANA
    [DQQNewSkin.dll]  1, 0, 0, 1
    [DQQHostingMgr.dll]  1, 0, 0, 1
    [DQQMailSummary.dll]  1, 0, 0, 1
    [DQQQQSpace.dll]  1, 0, 0, 1
    [CWINDOWSSystem32msdmo.dll]  NANA
    [DQQQQSysMsgMng.dll]  NANA
    [DQQQQConfigPlugin.dll]  1, 0, 0, 1
    [DQQQQAllInOne.dll]  NANA
    [DQQCameraDll.dll]  1, 0, 0, 1
    [DQQSCCore.dll]  NANA
    [DQQQQCustomFace.dll]  NANA
    [DQQUserDefinedHead.dll]  1, 0, 0, 1
    [DQQQQPet.dll]  1, 0, 0, 1
    [CWINDOWSSystem32quartz32.dll]  4, 1, 0, 0
    [DQQQRingMng.dll]  NANA
    [DQQPhoneAPI.dll]  1, 0, 0, 1
    [DQQDialerAllinOne.dll]  tencent1, 4, 0, 0
    [DQQFlashAvatarDll.dll]  1, 4, 0, 1
    [CWINDOWSSystem32MacromedFlashFlash9.ocx]  Adobe Systems, Inc.9,0,16,0
    [DQQQQMagicFace.dll]  1, 0, 0, 1
    [DQQQQAvatar.dll]  NANA
    [DQQQQSceneMng.dll]  NANA
    [DQQLongConnection.dll]  tencent0, 3, 3, 8
    [DQQImageOle.dll]  TODO Company name1.0.0.1
    [DQQQQPlugin.dll]  NANA
    [DQQBQQApplication.dll]  NANA
    [CWINDOWSsystem32RavExt.dll]  Beijing Rising Technology Co., Ltd.18, 0, 0, 21
    [CProgram Filesewido anti-spyware 4.0shellexecutehook.dll]  Anti-Malware Development a.s.4, 0, 0, 172
    [DQQCommercesMng.dll]  1, 0, 0, 1
    [DQQPersonalDesktop.dll]  深圳市腾讯计算机系统公司QQ工作小组1, 0, 0, 2
    [DQQQQAddr.dll]  深圳市腾讯计算机系统有限公司4, 0, 200, 32
    [DQQnpkcntc.dll]  INCA Internet Co., Ltd.2005, 9, 1, 1
    [DQQnpkpdb.dll]  INCA Internet Co., Ltd.2003, 10, 1, 1
    [DQQQQPhoneHelper.dll]  腾讯科技(深圳)有限公司2, 0, 6, 60
    [CWINDOWSSystem32cn_spiEx.dll]  NANA
[PID 1884][DQQTIMPlatfrom.exe]  tencent0, 3, 1, 8
    [CProgram FilesInternet ExplorerPLUGINSsystem.sys]  NANA
    [DQQTIMProxy.dll]  tencent0, 3, 2, 4
[PID 1168][DTTTTraveler.exe]  腾讯公司3.0.0.246
    [CProgram FilesInternet ExplorerPLUGINSsystem.sys]  NANA
    [DTTPluginsQQFloatBarQQFloatBar4TT2.dll]  腾讯公司1, 1, 0, 5
    [DTTPluginsTWeatherTWeather.dll]  1, 0, 0, 3
    [DTTPersonalDesktop.dll]  深圳市腾讯计算机系统公司QQ工作小组1, 0, 0, 4
    [CWINDOWSSystem32quartz32.dll]  4, 1, 0, 0
    [CWINDOWSSystem32MacromedFlashFlash9.ocx]  Adobe Systems, Inc.9,0,16,0
    [CWINDOWSSystem32cn_spiEx.dll]  NANA
[PID 1148][CDOCUME~1WSY~1LOCALS~1Tempoprar.exe]  WHITEHOUSE1.0.3.1
    [CDOCUME~1WSY~1LOCALS~1Tempd5s.dll]  Microsoft Corporation5.00.1764.1
    [CWINDOWSSystem32cn_spiEx.dll]  NANA
    [CProgram FilesInternet ExplorerPLUGINSsystem.sys]  NANA
    [CDOCUME~1WSY~1LOCALS~1Temppacket.dll]  CACE Technologies3, 1, 0, 27
    [CDOCUME~1WSY~1LOCALS~1TempWanPacket.dll]  CACE Technologies3, 1, 0, 27
[PID 1916][CWINDOWSSystem32conime.exe]  Microsoft Corporation5.1.2600.0 (xpclient.010817-1148)
[PID 668][E专杀工具sreng2SREng2SREng.exe]  Smallfrogs Studio2.0.21.505
    [CWINDOWSSystem32cn_spiEx.dll]  NANA
    [CProgram FilesInternet ExplorerPLUGINSsystem.sys]  NANA
[PID 1992][CWINDOWSWINLOGON.EXE]  u2cOsIK8q3iTQxAwpD9X0.00.0102
    [CWINDOWSSystem32cn_spiEx.dll]  NANA
    [CProgram FilesInternet ExplorerPLUGINSsystem.sys]  NANA

==================================
文件关联
.TXT  OK. [%SystemRoot%system32NOTEPAD.EXE %1]
.EXE  Error. [winfiles]
.COM  OK. [%1 %]
.PIF  OK. [%1 %]
.REG  OK. [regedit.exe %1]
.BAT  OK. [%1 %]
.SCR  OK. [%1 S]
.CHM  OK. [CWINDOWShh.exe %1]
.HLP  OK. [%SystemRoot%system32winhlp32.exe %1]
.INI  OK. [%SystemRoot%system32NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%system32NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%System32WScript.exe %1 %]
.JS  OK. [%SystemRoot%System32WScript.exe %1 %]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
gototop
 
wsy3147
头像
快乐黄口狮
  • 帖子:145
  • 注册: 2006-08-08
  • 来自:
发表于: 2006-09-06 23:01 | 只看楼主 短消息 资料
字号: 4楼

等待ing......
gototop
 
wsy3147
头像
快乐黄口狮
  • 帖子:145
  • 注册: 2006-08-08
  • 来自:
发表于: 2006-09-06 23:17 | 只看楼主 短消息 资料
字号: 5楼

继续等待ing......
gototop
 
獭獭
头像
初生襁褓狮
  • 帖子:28
  • 注册: 2004-04-02
  • 来自:
发表于: 2006-09-06 23:41 | 短消息 资料
字号: 6楼

http://free.ys168.com/?mopery下载专杀工具里的WINLOGON批处理.rar 0.5MB 杀杀看
O4 - 启动项HKLM\\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE 的 WINLOGON.EXE是病毒
gototop
 
zzq11211
头像
初生襁褓狮
  • 帖子:1270
  • 注册: 2005-06-15
  • 来自:
发表于: 2006-09-06 23:49 | 短消息 资料
字号: 7楼

O4 - 启动项HKLM\\Run: [ToP] C:\WINDOWS\LSASS.exe
O4 - 启动项HKLM\\RunServices: [TProgram] C:\WINDOWS\SMSS.EXE
http://forum.ikaka.com/topic.asp?board=28&artid=8137314参考这里和楼上的一起杀掉
gototop
 
zzq11211
头像
初生襁褓狮
  • 帖子:1270
  • 注册: 2005-06-15
  • 来自:
发表于: 2006-09-06 23:51 | 短消息 资料
字号: 8楼

O10 - 未知的文件在 Winsock LSP: c:\windows\system32\quartz32.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\quartz32.dll
http://free.ys168.com/?mopery  下载WinsockXPFix.exe 1.3MB 和LSPFix.rar 178.1KB
用LSPFix.rar 178.1KB 修复010 如果不能上网再用WinsockXPFix.exe 1.3MB修复
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT