1   1  /  1  页   跳转

机子中毒了!附日志

收藏
逆时针散步
头像
初生襁褓狮
  • 帖子:32
  • 注册: 2007-03-13
  • 来自:
发表于: 2007-04-22 12:26 | 只看楼主 短消息 资料
字号: 1楼

机子中毒了!附日志

机子开机提示windows副本未通过整版认证,受恶意软件影响
  用360扫描出 6个木马,可是删不掉,有cmdbcs、  msccrt、  mppds、  winform 、upxmdnd和Gjzoo.dll
昨天就下载了一个软件,就成这样了~~ 

高手帮帮忙呀!


[CODE]

2007-04-22,12:02:32

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <jxz6><C:\DOCUME~1\HYC60E~1.DIG\LOCALS~1\Temp\c0nime.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /install>  []
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <Acrobat Assistant 7.0><"D:\工具\pdf\Distillr\Acrotray.exe">  [Adobe Systems Inc.]
    <shualai><C:\WINDOWS\shualai.exe /i>  []
    <MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto>  [(Verified)Microsoft Windows Publisher]
    <winform><C:\WINDOWS\winform.exe>  []
    <upxmdnd><C:\DOCUME~1\HYC60E~1.DIG\LOCALS~1\Temp\upxmdnd.exe>  []
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  []
    <mppds><C:\WINDOWS\mppds.exe>  []
    <msccrt><C:\WINDOWS\msccrt.exe>  []
    <System><C:\Program Files\Common Files\System\Updaterun.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <360Safe><Rundll32.exe D:\工具\新建文~1\360safe\AntiAdwa.dll,KillAdware>  [360Safe.com]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <IDMan><; D:\软件备份\cnIDMan\Internet Download Manager\IDMan.exe /onboot>  [(Verified)Tonec Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <WangWang><; "D:\工具\淘宝旺旺\淘宝旺旺\WangWang.EXE">  [淘宝(中国)软件有限公司]
    <木马剑客><; D:\工具\新建文件夹\mmjk2007\mmjk.exe>  [N/A]
最后编辑2007-04-22 12:48:58
分享到:
gototop
 
逆时针散步
头像
初生襁褓狮
  • 帖子:32
  • 注册: 2007-03-13
  • 来自:
发表于: 2007-04-22 12:27 | 只看楼主 短消息 资料
字号: 2楼

==================================
启动文件夹
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[yeielc]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\yeielc.lnk --> C:\PROGRA~1\REALTE~1\yeielcj.exe [N/A]><N>

==================================
服务
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
  <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[DB057780 / DB057780][Stopped/Auto Start]
  <C:\WINDOWS\system32\DB057780.EXE -d><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[error monitor / EmonSrv][Running/Manual Start]
  <2 - 系统找不到指定的文件。
><N/A>
[Local Connection Manager / SHipING][Running/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL2KXP.EXE C:\WINDOWS\SYSTEM32\WBEM\SIXVJ.DLL,Export 1087><Microsoft Corporation>
[Network Engine / Patterns][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\rceay.dll><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[BaseTDI / BaseTDI][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[CdaC15BA / CdaC15BA][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[cibdgjhb / cibdgjhb][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\cibdgjhb.sys><N/A>
[dfdbehbf / dfdbehbf][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\dfdbehbf.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[wiqe / wiqew][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\wiqew.sys><N/A>
[57062 / 57062][Running/]
  <2 - 系统找不到指定的文件。
><N/A>
[msqmx / msqmx][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msqmx.sys><N/A>
gototop
 
逆时针散步
头像
初生襁褓狮
  • 帖子:32
  • 注册: 2007-03-13
  • 来自:
发表于: 2007-04-22 12:28 | 只看楼主 短消息 资料
字号: 3楼

浏览器加载项
[IDMIEHlprObj Class]
  {0055C089-8582-441B-A0BF-17B458C2A3A8} <D:\软砑件备阜份輁\cnIDMan\Internet Download Manager\IDMIECC.dll, N/A>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\工具\pdf\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[ExtentIE Class]
  {66C2C482-D4EE-42A5-AEF7-0B124F278D47} <C:\WINDOWS\system32\8375.dll, TODO: <公司名>>
[实用搜索]
  {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\工具\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[]
  {D40D01E4-0378-430A-A890-382CB46B97B1} <C:\WINDOWS\system32\etkpjqzeupmhn.dll, N/A>
[启动迅雷]
  {0062C9BD-B349-40DE-91A0-755F37ACD559} <D:\工具\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\工具\qq\QQ.EXE, TENCENT>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\工具\pdf\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[实用搜索工具条2.0]
  {03465FF5-00AE-411a-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[IDMIEHlprObj Class]
  {0055C089-8582-441B-A0BF-17B458C2A3A8} <D:\软砑件备阜份輁\cnIDMan\Internet Download Manager\IDMIECC.dll, N/A>
[实用搜索工具条2.0]
  {03465FF5-00AE-411A-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\工具\pdf\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\工具\pdf\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[ExtentIE Class]
  {66C2C482-D4EE-42A5-AEF7-0B124F278D47} <C:\WINDOWS\system32\8375.dll, TODO: <公司名>>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[实用搜索]
  {6CFD436C-7AAD-4E50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\工具\淘宝旺旺\淘宝旺旺\WangWangX4.dll, 阿里软件(中国)有限公司>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\工具\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484F-8273-0445EE161910} <D:\工具\pdf\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[]
  {D40D01E4-0378-430A-A890-382CB46B97B1} <C:\WINDOWS\system32\etkpjqzeupmhn.dll, N/A>
[&Google Search]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html, N/A>
[&Translate English Word]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html, N/A>
[&使用迅雷下载]
  <D:\工具\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\工具\Thunder\Program\GetAllUrl.htm, N/A>
[Backward Links]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html, N/A>
[Cached Snapshot of Page]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html, N/A>
[Download All Links with IDM]
  <D:\软件备份\cnIDMan\Internet Download Manager\IEGetAll.htm, N/A>
[Download with IDM]
  <D:\软件备份\cnIDMan\Internet Download Manager\IEExt.htm, N/A>
[Similar Pages]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html, N/A>
[Translate Page into English]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html, N/A>
[上传到QQ网络硬盘]
  <D:\工具\qq\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\工具\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\工具\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\工具\qq\SendMMS.htm, N/A>
[转换为 Adobe PDF]
  <res://D:\工具\pdf\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换为现有 PDF]
  <res://D:\工具\pdf\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换选定的链接为 Adobe PDF]
  <res://D:\工具\pdf\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[转换选定的链接为现有 PDF]
  <res://D:\工具\pdf\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[转换选项为 Adobe PDF]
  <res://D:\工具\pdf\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换选项为现有 PDF]
  <res://D:\工具\pdf\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换链接目标为 Adobe PDF]
  <res://D:\工具\pdf\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换链接目标为现有 PDF]
  <res://D:\工具\pdf\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
gototop
 
逆时针散步
头像
初生襁褓狮
  • 帖子:32
  • 注册: 2007-03-13
  • 来自:
发表于: 2007-04-22 12:29 | 只看楼主 短消息 资料
字号: 4楼

正在运行的进程
[PID: 472][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 528][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\DB057780.DLL]  [Microsoft Corporation, ]
[PID: 568][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.5]
    [C:\WINDOWS\system32\DB057780.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 612][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\DB057780.DLL]  [Microsoft Corporation, ]
[PID: 624][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\DB057780.DLL]  [Microsoft Corporation, ]
[PID: 796][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\DB057780.DLL]  [Microsoft Corporation, ]
[PID: 840][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\DB057780.DLL]  [Microsoft Corporation, ]
[PID: 920][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\qedso.dll]  [Microsoft Corporation, 5.1.2600.0]
    [C:\WINDOWS\system32\DB057780.DLL]  [Microsoft Corporation, ]
[PID: 988][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\DB057780.DLL]  [Microsoft Corporation, ]
[PID: 1676][C:\WINDOWS\system32\WgaTray.exe]  [Microsoft Corporation, 1.7.0018.5]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\753c.dll]  [N/A, ]
    [C:\WINDOWS\system32\1837.dll]  [  , 1, 0, 0, 3]
[PID: 2212][C:\WINDOWS\shualai.exe]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\shualai.dll]  [N/A, ]
    [C:\WINDOWS\system32\753c.dll]  [N/A, ]
    [C:\WINDOWS\system32\1837.dll]  [  , 1, 0, 0, 3]
[PID: 2560][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 50]
    [C:\WINDOWS\system32\753c.dll]  [N/A, ]
    [C:\WINDOWS\system32\1837.dll]  [  , 1, 0, 0, 3]
[PID: 2568][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NvMcTray.dll]  [NVIDIA Corporation, 6.14.10.9131]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9131]
    [C:\WINDOWS\system32\753c.dll]  [N/A, ]
    [C:\WINDOWS\system32\1837.dll]  [  , 1, 0, 0, 3]
[PID: 2600][D:\工具\pdf\Distillr\Acrotray.exe]  [Adobe Systems Inc., 6.0.1.2004121400]
    [D:\工具\pdf\Distillr\Acrotray.chs]  [Adobe Systems Inc., 6.0.0.0]
    [C:\WINDOWS\system32\753c.dll]  [N/A, ]
    [C:\WINDOWS\system32\1837.dll]  [  , 1, 0, 0, 3]
[PID: 2692][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3040][C:\Program Files\Realtek AC97\yeielcj.exe]  [N/A, ]
[PID: 3352][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3488][D:\软件备份\cnIDMan\Internet Download Manager\IEMonitor.exe]  [Tonec Inc., 2, 0, 0, 1]
    [D:\软件备份\cnIDMan\Internet Download Manager\idmmkb.dll]  [Tonec Inc., 4, 0, 0, 1]
[PID: 2440][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\WINDOWS\system32\DB057780.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]
    [C:\DOCUME~1\HYC60E~1.DIG\LOCALS~1\Temp\upxmdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\DOCUME~1\HYC60E~1.DIG\LOCALS~1\Temp\Gjzo0.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\软件备份\cnIDMan\Internet Download Manager\idmmkb.dll]  [Tonec Inc., 4, 0, 0, 1]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [D:\工具\pdf\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [D:\工具\pdf\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 7.0.0.0]
    [D:\工具\pdf\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\superutilbar\superutilbar.dll]  [www.shiyongsousuo.com, 2, 1, 8, 24]
    [D:\工具\Thunder\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.0.0.86]
    [D:\工具\pdf\Acrobat Elements\ContextMenu.chs]  [Adobe Systems Inc., 7.0.0.2004121400\0]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\SYSTEM32\WBEM\SIXVJ.DLL]  [Microsoft Corporation, 5, 1, 2600, 2709]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.9131]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9131]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [C:\WINDOWS\system32\8375.dll]  [TODO: <公司名>, 1.0.0.1]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 3892][C:\Documents and Settings\All Users\Templates\temp.exe]  [N/A, ]
[PID: 3660][D:\软件备份\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\DOCUME~1\HYC60E~1.DIG\LOCALS~1\Temp\Gjzo0.dll]  [N/A, ]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]
    [D:\软件备份\cnIDMan\Internet Download Manager\idmmkb.dll]  [Tonec Inc., 4, 0, 0, 1]
gototop
 
逆时针散步
头像
初生襁褓狮
  • 帖子:32
  • 注册: 2007-03-13
  • 来自:
发表于: 2007-04-22 12:30 | 只看楼主 短消息 资料
字号: 5楼

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1          localhost
127.0.0.1          popwin.9983.com
61.152.169.246    www.npjxjy.com
61.152.169.246    quxiuu.com
61.152.169.246    www.23b.cn
61.152.169.246    www.baidulink.com
61.152.169.246    www.ookkw.com
61.152.169.246    www.97725.com
61.152.169.246    www.54699.com
61.152.169.246    www.wu7x.cn
61.152.169.246    d.qbbd.com
61.152.169.246    w.qbbd.com
61.152.169.246    web.77276.com
61.152.169.246    www.77276.com
61.152.169.246    www.npjxjy.com
61.152.169.246    www.baidulink.com
61.152.169.246    www.ookkw.com
61.152.169.246    www.wu7x.cn
61.152.169.246    www.wwwlm.net
61.152.169.246    dm1.yiall.com
61.152.169.246    www.my6688.cn
61.152.169.246    www.union123.com
61.152.169.246    www.ktan.cn
61.152.169.246    www.2t2t.cn
61.152.169.246    www.cq530.com
61.152.169.246    www.365tc.com
61.152.169.246    ad.qucha.net
61.152.169.246    www.tan8.cn
61.152.169.246    www.itjj.net
61.152.169.246    www.start188.com
61.152.169.246    www.at58.cn
61.152.169.246    union.yxad.com
61.152.169.246    www.iptan.com
61.152.169.246    www.ip2008.net
61.152.169.246    www.yqif.com
61.152.169.246    www.2t2t.cn
61.152.169.246    www.688ip.com
61.152.169.246    www.17tc.com
61.152.169.246    www1.6tan.com
61.152.169.246    www2.6tan.com
61.152.169.246    www.6tan.com
61.152.169.246    www.zztan.com
61.152.169.246    www.5tanip.com
61.152.169.246    www.16tc.com
61.152.169.246    www.163se.net
61.152.169.246    www.168080.com
61.152.169.246    www.baidu8.org
61.152.169.246    www.qqwei.com
61.152.169.246    qz.magforum.net
61.152.169.246    www.nze21.com
61.152.169.246    www.437799.com
61.152.169.246    www.168080.com
61.152.169.246    new2.jixie123.cn
61.152.169.246    www.18dmm.com
61.152.169.246    www.souxse.cn
61.152.169.246    x.vvcyin.com
61.152.169.246    dm1.yiall.com
61.152.169.246    www.168080.com
61.152.169.246    www.nze21.com
61.152.169.246    www.puma163.com
61.152.169.246    www.138505.com

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
飞尔斯06
头像
自信弱冠狮
  • 帖子:340
  • 注册: 2006-04-11
  • 来自:
发表于: 2007-04-22 12:32 | 短消息 资料
字号: 6楼

那6个是中了木马群,试试兔子和优化大师的清理。
gototop
 
逆时针散步
头像
初生襁褓狮
  • 帖子:32
  • 注册: 2007-03-13
  • 来自:
发表于: 2007-04-22 12:49 | 只看楼主 短消息 资料
字号: 7楼

我用优化大师中的“系统清理维护”都扫描删除过了,可是开机以后还是会有呢!!!

怎么办呀?

而且开机的时候会提示“您是盗版软件的受害者
                      此windows副本未经过正版认证”



这位是怎么回事呀??

那位高手帮帮忙~~
gototop
 
逆时针散步
头像
初生襁褓狮
  • 帖子:32
  • 注册: 2007-03-13
  • 来自:
发表于: 2007-04-22 12:53 | 只看楼主 短消息 资料
字号: 8楼

在扫描又成了10个了

怎么办呀

高手指导知道吧
gototop
 
逆时针散步
头像
初生襁褓狮
  • 帖子:32
  • 注册: 2007-03-13
  • 来自:
发表于: 2007-04-22 12:58 | 只看楼主 短消息 资料
字号: 9楼

怎么没有人理我了~~~
高手们,今天可是周末亚,快出来帮帮我~


快出来!!~!
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT