瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 Trojan.DL.Delf.xok这个是什么病毒呢?怎么杀不掉啊?

12   1  /  2  页   跳转

Trojan.DL.Delf.xok这个是什么病毒呢?怎么杀不掉啊?

收藏
abaoabcde
头像
初生襁褓狮
  • 帖子:45
  • 注册: 2005-12-08
  • 来自:
发表于: 2007-02-07 09:42 | 只看楼主 短消息 资料
字号: 1楼

Trojan.DL.Delf.xok这个是什么病毒呢?怎么杀不掉啊?

Trojan.DL.Delf.xok这个是什么病毒呢?杀掉了又有。。。怎么回事呢?

知道的兄弟说一下吧,,谢谢了。。。

附件附件:

下载次数:314
文件类型:image/pjpeg
文件大小:
上传时间:2007-2-7 9:42:34
描述:
预览信息:EXIF信息



最后编辑2007-02-08 09:54:42.890000000
分享到:
gototop
 
水树雨下
头像
横据古稀狮
  • 帖子:8397
  • 注册: 2006-07-26
  • 来自:
发表于: 2007-02-07 09:48 | 短消息 资料
字号: 2楼

病毒文件名,路径
gototop
 
abaoabcde
头像
初生襁褓狮
  • 帖子:45
  • 注册: 2005-12-08
  • 来自:
发表于: 2007-02-07 09:53 | 只看楼主 短消息 资料
字号: 3楼

刚才发错了。。。。
gototop
 
水树雨下
头像
横据古稀狮
  • 帖子:8397
  • 注册: 2006-07-26
  • 来自:
发表于: 2007-02-07 09:56 | 短消息 资料
字号: 4楼

mizuki.ys168.com下载sreng2,关闭qq,下载软件等一切不必要的程序后扫个日志上来,一次贴不完分段贴,不要修改
gototop
 
abaoabcde
头像
初生襁褓狮
  • 帖子:45
  • 注册: 2005-12-08
  • 来自:
发表于: 2007-02-07 10:00 | 只看楼主 短消息 资料
字号: 5楼

好的,请销等。。。
gototop
 
abaoabcde
头像
初生襁褓狮
  • 帖子:45
  • 注册: 2005-12-08
  • 来自:
发表于: 2007-02-07 10:06 | 只看楼主 短消息 资料
字号: 6楼

2007-02-07,10:00:02

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows 98 SE -

以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件


启动项目


注册表

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(internat.exe)(internat.exe) [Microsoft Corporation]
(ScanRegistry)(C:\WINDOWS\scanregw.exe /autorun) [Microsoft Corporation]
(TaskMonitor)(C:\WINDOWS\taskmon.exe) [Microsoft Corporation]
(SystemTray)(SysTray.Exe) [Microsoft Corporation]
(LoadPowerProfile)(Rundll32.exe powrprof.dll,LoadCurrentPwrScheme) [Microsoft Corporation]
(TkBellExe)("C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot) [RealNetworks, Inc.]
(StillImageMonitor)(C:\WINDOWS\SYSTEM\STIMON.EXE) [Microsoft Corporation]
(RavTask)("C:\Program Files\Rising\Rav\RavTask.exe" -system) [Beijing Rising Technology Co., Ltd.]
(RfwMain)("C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup) [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
(LoadPowerProfile)(Rundll32.exe powrprof.dll,LoadCurrentPwrScheme) [Microsoft Corporation]
(RNBOStart)(C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE) [N/A]
(RsCcenter)("C:\Program Files\Rising\Rav\CCenter.exe") [Beijing Rising Technology Co., Ltd.]
(RavMond)("C:\Program Files\Rising\Rav\RavMond.exe") [Beijing Rising Technology Co., Ltd.]
(RavMon)("C:\Program Files\Rising\Rav\RavMon.exe" -system) [Beijing Rising Technology Co., Ltd.]
(RfwService)("C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE" -service) [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe C:\WINDOWS\SYSTEM\drivers\conime.exe) [N/A]




--------------------------------------------------------------------------------



启动文件夹

[HP Digital Imaging Monitor]
(C:\WINDOWS\Start Menu\Programs\启动\HP Digital Imaging Monitor.lnk --) C:\PROGRA~1\HP\DIGITA~1\BIN\HPQTRA08.EXE [Hewlett-Packard Development Company, L.P.])(N)



--------------------------------------------------------------------------------



服务

N/A



--------------------------------------------------------------------------------



驱动程序

N/A



--------------------------------------------------------------------------------



浏览器加载项

[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} (C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL, Amaze Soft)
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} (C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTIEHELPER.DLL, Xi)
[Yahoo Bar]
{A697BC46-BC93-4833-93F5-1E365011E88A} (C:\WINDOWS\ODBINT.dll, N/A)
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} (E:\PROGRAM FILES\TENCENT\QQIEHELPER.DLL, 深圳市腾讯计算机系统有限公司)
[T2BHO Class]
{B1D147E7-873E-4909-8127-695D9BB78728} (C:\WINDOWS\DOWNLOADED PROGRAM FILES\BARHELP24.0.DLL, HDT, Inc.)
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} (, N/A)
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} (C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE, Amaze Soft)
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} (E:\PROGRAM FILES\TENCENT\QQIEHELPER.DLL, 深圳市腾讯计算机系统有限公司)
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} (E:\PROGRAM FILES\TENCENT\QQ.EXE, TENCENT)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH9B.OCX, Adobe Systems, Inc.)
[photo_uploader Control]
{A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} (C:\WINDOWS\DOWNLO~1\PHOTO_~1.OCX, N/A)
[CCtInf Class]
{6DBB2904-082D-4DB0-944A-21C22BA121F4} (C:\WINDOWS\SYSTEM\BANKCE~1.DLL, ()
[SuperStream Control]
{285C55C4-B32C-4EC0-8539-BBCE97FDF380} (C:\WINDOWS\SYSTEM\SUPERS~1.OCX, 盛大网络)
[天下搜索]
{56A7DC70-E102-4408-A34A-AE06FEF01586} (, N/A)
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (C:\WINDOWS\SYSTEM\QTPLUGIN.OCX, Apple Computer, Inc.)
[使用网际快车下载]
(C:\PROGRAM FILES\FLASHGET\jc_link.htm, N/A)
[使用网际快车下载全部链接]
(C:\PROGRAM FILES\FLASHGET\jc_all.htm, N/A)
[使用影音传送带下载]
(C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A)
[使用影音传送带下载全部链接]
(C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A)
[添加到QQ自定义面板]
(E:\PROGRAM FILES\TENCENT\AddPanel.htm, N/A)
[添加到QQ表情]
(E:\PROGRAM FILES\TENCENT\AddEmotion.htm, N/A)
[上传到QQ网络硬盘]
(E:\PROGRAM FILES\TENCENT\AddToNetDisk.htm, N/A)
[用QQ彩信发送该图片]
(E:\PROGRAM FILES\TENCENT\SendMMS.htm, N/A)
gototop
 
abaoabcde
头像
初生襁褓狮
  • 帖子:45
  • 注册: 2005-12-08
  • 来自:
发表于: 2007-02-07 10:06 | 只看楼主 短消息 资料
字号: 7楼

正在运行的进程

[C:\WINDOWS\SYSTEM\HPZS9X14.DLL] [HP, 14.00.00.43730]
[C:\WINDOWS\SYSTEM\ADIMON.DLL] [Autodesk, Inc., 3,0,14,177]
[C:\WINDOWS\SYSTEM\HEIDI3.DLL] [Autodesk, Inc., 3,0,14,177]
[PID: 4294963533][C:\WINDOWS\SYSTEM\SPOOL32.EXE] [Microsoft Corporation, 4.10.1998]
[PID: 4294958201][C:\WINDOWS\SYSTEM\MPREXE.EXE] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\DHCPCSVC.DLL] [N/A, N/A]
[C:\PROGRAM FILES\RISING\RFW\MPORTS.DLL] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\PROGRAM FILES\RISING\RFW\PROCLIB.DLL] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RFW\RFWAPI.DLL] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RFW\RFWDRV.DLL] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 9]
[C:\PROGRAM FILES\RISING\RFW\RFWLOG.DLL] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
[C:\PROGRAM FILES\RISING\RFW\RFWRULE.DLL] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
[PID: 4294874157][C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 30]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\WINDOWS\SYSTEM\DHCPCSVC.DLL] [N/A, N/A]
[PID: 4294650945][C:\WINDOWS\EXPLORER.EXE] [Microsoft Corporation, 4.72.3110.1]
[PID: 4294649793][C:\WINDOWS\SYSTEM\RPCSS.EXE] [Microsoft Corporation, 4.71.2900]
[PID: 4294703749][C:\WINDOWS\SYSTEM\INTERNAT.EXE] [Microsoft Corporation, 4.10.2222]
[PID: 4294690441][C:\WINDOWS\TASKMON.EXE] [Microsoft Corporation, 4.10.1998]
[PID: 4294693001][C:\WINDOWS\SYSTEM\SYSTRAY.EXE] [Microsoft Corporation, 4.10.2222]
[PID: 4294579777][C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE] [RealNetworks, Inc., 0.1.0.3292]
[PID: 4294576021][C:\WINDOWS\SYSTEM\STIMON.EXE] [Microsoft Corporation, 4.10.2222]
[C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPODVD09.DLL] [Hewlett-Packard Development Company, L.P., 70.0.170.000]
[C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPODDCOMM09.DLL] [Hewlett-Packard Development Company, L.P., 70.0.170.000]
[C:\PROGRAM FILES\HP\DIGITAL IMAGING\UNLOAD\HPNKHTA.DLL] [Hewlett-Packard, 7.0.0.229]
[C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPODIO08.DLL] [Hewlett-Packard Development Company, L.P., 70.0.170.000]
[C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQCOB08.DLL] [Hewlett-Packard Development Company, L.P., 70.0.170.000]
[C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPOCXI08.DLL] [Hewlett-Packard Development Company, L.P., 70.0.170.000]
[C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPHTRA09.DLL] [Hewlett-Packard, 60,0,114,000]
[C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPOTRADD.DLL] [Hewlett-Packard Development Company, L.P., 70.0.170.000]
[C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTAO08.DLL] [Hewlett-Packard Development Company, L.P., 70.0.170.000]
[C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.RSC] [Hewlett-Packard Development Company, L.P., 70.0.170.000]
[C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQUIO08.DLL] [Hewlett-Packard Development Company, L.P., 70.0.170.000]
[C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQCXM08.DLL] [Hewlett-Packard Development Company, L.P., 70.0.170.000]
[PID: 4294577729][C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE] [Hewlett-Packard Development Company, L.P., 70.0.170.000]
[PID: 4294824749][C:\WINDOWS\SYSTEM\WMIEXE.EXE] [Microsoft Corporation, 5.00.1755.1]
[C:\PROGRAM FILES\RISING\RFW\PNGDLL.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RFW\RSXML.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\PROGRAM FILES\RISING\RFW\RFWCTRL.DLL] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[C:\PROGRAM FILES\RISING\RFW\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 4294635277][C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 56]
[C:\PROGRAM FILES\RISING\RFW\RSGUILIB.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
[C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\CRM\HPQCRMCM.DLL] [Hewlett-Packard Company, 70.0.78.000]
[C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\CRM\XMLPARSE.DLL] [N/A, 1, 0, 0, 1]
[C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\CRM\XMLTOK.DLL] [N/A, 1, 0, 0, 1]
[C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPOCXI08.DLL] [Hewlett-Packard Development Company, L.P., 70.0.170.000]
[C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSEM08.RSC] [Hewlett-Packard Development Company, L.P., 70.0.170.000]
[C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSTV08.DLL] [Hewlett-Packard Development Company, L.P., 70.0.170.000]
[C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQCOB08.DLL] [Hewlett-Packard Development Company, L.P., 70.0.170.000]
[C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSTI08.DLL] [Hewlett-Packard Development Company, L.P., 70.0.170.000]
[C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSTE08.RSC] [Hewlett-Packard Development Company, L.P., 70.0.170.000]
[C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQCXM08.DLL] [Hewlett-Packard Development Company, L.P., 70.0.170.000]
[PID: 4294770193][C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE] [Hewlett-Packard Development Company, L.P., 70.0.170.000]
[C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQMFC09.DLL] [Hewlett-Packard Development Company, L.P., 70.0.170.000]
[C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTAP08.DLL] [Hewlett-Packard Development Company, L.P., 70.0.170.000]
[C:\WINDOWS\SYSTEM\DCIMAN32.DLL] [Intel(R) Corp., Microsoft Corp., 4.03.1998]
[C:\WINDOWS\SYSTEM\NVDD32.DLL] [NVidia Corporation, 4.13.01.1241]
[C:\WINDOWS\SYSTEM\NVARCH32.DLL] [NVidia Corporation, 4.13.01.1241]
[PID: 4294009713][C:\WINDOWS\SYSTEM\DDHELP.EXE] [Microsoft Corporation, 4.06.03.0518]
[C:\PROGRAM FILES\RISING\RAV\PNGDLL.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RAV\RSXML.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL] [rising, 18, 0, 0, 1]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[PID: 4293948565][C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
[C:\PROGRAM FILES\RISING\RAV\BWLIST.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\PROGRAM FILES\RISING\RAV\RSGUILIB.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH9B.OCX] [Adobe Systems, Inc., 9,0,28,0]
[C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\DOWNLOADED PROGRAM FILES\BARHELP24.0.DLL] [HDT, Inc., 1, 9, 5, 0]
[E:\PROGRAM FILES\TENCENT\QQIEHELPER.DLL] [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
[C:\WINDOWS\SYSTEM\OLEACC.DLL] [Microsoft Corporation, 4.2.2209.0]
[C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTIEHELPER.DLL] [Xi, 1.60.11]
[C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL] [Amaze Soft, 1, 1, 4, 0]
[PID: 4294726809][C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\GDIFONT3.HDI] [Autodesk, Inc., 3,0,14,177]
[C:\PROGRAM FILES\AUTOCAD R14\RBLAST3.HDI] [Autodesk, Inc., 3,0,14,177]
[C:\PROGRAM FILES\AUTOCAD R14\LFB3.HDI] [Autodesk, Inc., 3,0,14,177]
[C:\PROGRAM FILES\AUTOCAD R14\GDI3.HDI] [Autodesk, Inc., 3,0,14,177]
[C:\PROGRAM FILES\AUTOCAD R14\BONUS\CADTOOLS\AC_BONUS.DLL] [N/A, N/A]
[C:\PROGRAM FILES\AUTOCAD R14\ACADAPP.ARX] [N/A, N/A]
[C:\PROGRAM FILES\AUTOCAD R14\ACMTED.ARX] [Autodesk, 1, 0, 0, 1]
[C:\PROGRAM FILES\AUTOCAD R14\OLEAPROT.ARX] [N/A, N/A]
[C:\PROGRAM FILES\AUTOCAD R14\DRV\PLPHPLP.DLL] [N/A, N/A]
[C:\PROGRAM FILES\AUTOCAD R14\DRV\PLSYS.DLL] [N/A, N/A]
[C:\PROGRAM FILES\AUTOCAD R14\ACADBTN.DLL] [N/A, N/A]
[C:\PROGRAM FILES\AUTOCAD R14\ACADRES.DLL] [N/A, N/A]
[PID: 4294589157][C:\PROGRAM FILES\AUTOCAD R14\ACAD.EXE] [Autodesk, Inc., R14.0.01]
[C:\PROGRAM FILES\AUTOCAD R14\ADCTRLS.DLL] [ , 1, 0, 0, 1]
[C:\PROGRAM FILES\AUTOCAD R14\LIBACGE.DLL] [Autodesk, Inc., P.0.33]
[C:\PROGRAM FILES\AUTOCAD R14\ACW32S32.DLL] [N/A, N/A]
[C:\PROGRAM FILES\AUTOCAD R14\DSWHIP.DLL] [Autodesk, Inc., I3.0]
[C:\PROGRAM FILES\AUTOCAD R14\DLINT3.DLL] [Autodesk, Inc., 3,0,14,177]
[C:\WINDOWS\SYSTEM\HEIDI3.DLL] [Autodesk, Inc., 3,0,14,177]
[C:\PROGRAM FILES\AUTOCAD R14\UCLIB32.DLL] [Autodesk Inc., 1, 0, 1, 6]
[C:\PROGRAM FILES\AUTOCAD R14\ACFIRST.DLL] [N/A, N/A]
[C:\PROGRAM FILES\AUTOCAD R14\SH31W32.DLL] [N/A, N/A]
[PID: 4161865021][C:\PROGRAM FILES\WINRAR\WINRAR.EXE] [N/A, N/A]
[PID: 4294538637][C:\WINDOWS\TEMP\RAR$EX01.514\SRENG.EXE] [Smallfrogs Studio, 2.3.13.690]



--------------------------------------------------------------------------------



文件关联

.TXT OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [C:\WINDOWS\winhlp32.exe %1]
.INI OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS OK. [C:\WINDOWS\WScript.exe "%1" %*]
.JS OK. [C:\WINDOWS\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]



--------------------------------------------------------------------------------



Winsock 提供者

MS.w95.spi.osp
C:\WINDOWS\SYSTEM\mswsosp.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MS.w95.spi.tcp
C:\WINDOWS\SYSTEM\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MS.w95.spi.udp
C:\WINDOWS\SYSTEM\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MS.w95.spi.raw
C:\WINDOWS\SYSTEM\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MS.w95.spi.rsvptcp
C:\WINDOWS\SYSTEM\rsvpsp.dll(Microsoft Corporation, Microsoft Windows Rsvp 1.0 Service Provider)
MS.w95.spi.rsvpudp
C:\WINDOWS\SYSTEM\rsvpsp.dll(Microsoft Corporation, Microsoft Windows Rsvp 1.0 Service Provider)



--------------------------------------------------------------------------------



Autorun.inf

[D:\]
[AutoRun]
open=OSO.exe
shellexecute=OSO.exe
shell\Auto\command=OSO.exe
[E:\]
[AutoRun]
open=OSO.exe
shellexecute=OSO.exe
shell\Auto\command=OSO.exe



--------------------------------------------------------------------------------



HOSTS 文件

N/A



--------------------------------------------------------------------------------



API HOOK

N/A



--------------------------------------------------------------------------------
gototop
 
水树雨下
头像
横据古稀狮
  • 帖子:8397
  • 注册: 2006-07-26
  • 来自:
发表于: 2007-02-07 10:09 | 短消息 资料
字号: 8楼

OSO.exe参考
http://forum.ikaka.com/topic.asp?board=28&artid=8257332
日志不全
gototop
 
abaoabcde
头像
初生襁褓狮
  • 帖子:45
  • 注册: 2005-12-08
  • 来自:
发表于: 2007-02-07 10:13 | 只看楼主 短消息 资料
字号: 9楼

HijackThis_815汉化版扫描日志 V1.99.1
保存于      10:08:34, 日期 07-2-7
操作系统:  Windows 98 SE (Win9x 4.10.2222A)
浏览器:    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程:         
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\AUTOCAD R14\ACAD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINRAR\WINRAR.EXE
C:\WINDOWS\TEMP\RAR$EX00.694\HIJACKTHIS1991ZWW.EXE

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTIEHELPER.DLL
O2 - BHO: Yahoo Bar - {A697BC46-BC93-4833-93F5-1E365011E88A} - C:\WINDOWS\ODBINT.dll (file missing)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\PROGRAM FILES\TENCENT\QQIEHELPER.DLL
O2 - BHO: DownloadBHO T2BHO - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\BARHELP24.0.DLL
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O4 - 启动项HKLM\\Run: [internat.exe] internat.exe
O4 - 启动项HKLM\\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - 启动项HKLM\\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - 启动项HKLM\\Run: [SystemTray] SysTray.Exe
O4 - 启动项HKLM\\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - 启动项HKLM\\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - 启动项HKLM\\RunServices: [RsCcenter] "C:\Program Files\Rising\Rav\CCenter.exe"
O4 - 启动项HKLM\\RunServices: [RavMond] "C:\Program Files\Rising\Rav\RavMond.exe"
O4 - 启动项HKLM\\RunServices: [RavMon] "C:\Program Files\Rising\Rav\RavMon.exe" -system
O4 - 启动项HKLM\\RunServices: [RfwService] "C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE" -service
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\PROGRAM FILES\FLASHGET\jc_all.htm
O8 - IE右键菜单中的新增项目: 使用影音传送带下载 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - IE右键菜单中的新增项目: 使用影音传送带下载全部链接 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - E:\PROGRAM FILES\TENCENT\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\PROGRAM FILES\TENCENT\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - E:\PROGRAM FILES\TENCENT\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - E:\PROGRAM FILES\TENCENT\SendMMS.htm
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\PROGRAM FILES\TENCENT\QQIEHELPER.DLL
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\PROGRAM FILES\TENCENT\QQIEHELPER.DLL
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\PROGRAM FILES\TENCENT\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\PROGRAM FILES\TENCENT\QQ.EXE
O16 - DPF: {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} (photo_uploader Control) - http://upload.photo.163.com/photoup.cab
O16 - DPF: {6DBB2904-082D-4DB0-944A-21C22BA121F4} (CCtInf Class) - http://www.95599.cn/perbank/BankControl.cab
O16 - DPF: {285C55C4-B32C-4EC0-8539-BBCE97FDF380} (SuperStream Control) - http://v.cga.com.cn/video%5Fcga2/SuperRelease.cab
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab
gototop
 
abaoabcde
头像
初生襁褓狮
  • 帖子:45
  • 注册: 2005-12-08
  • 来自:
发表于: 2007-02-07 11:22 | 只看楼主 短消息 资料
字号: 10楼

????
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT