发表于: 2007-12-13 11:56 | 显示全部 短消息 资料
字号: 1楼

【求助】求求那位高手帮看下吧,发两天了,也没人给解决

那位高手帮看下吧.中毒了,SMSS一共有3个,有2个个占50%CPU,现在连网都上不来了,我在被处上的网
HijackThis_zww汉化版扫描日志 V1.99.1
保存于 18:43:54, 日期 2005-12-12
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\vsnp325.exe
C:\WINDOWS\Fonts\system\ati2evxx.exe
C:\WINDOWS\Fonts\system\dd.exe
C:\Documents and Settings\da yu\motou.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\da yu\smss.exe
C:\WINDOWS\system32\22a61.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\安装程序\HijackThis1991zww.exe

O1 - Hosts: 124.238.254.113 www.10280011.com
O1 - Hosts: 124.238.254.113 10280011.com
O1 - Hosts: 124.238.254.113 www.10289900.com
O1 - Hosts: 124.238.254.113 10289900.com
O1 - Hosts: 124.238.254.113 www.78877788.com
O1 - Hosts: 124.238.254.113 78877788.com
O1 - Hosts: 124.238.254.113 www.11051122.com
O1 - Hosts: 124.238.254.113 11051122.com
O1 - Hosts: 124.238.254.113 1.ehai01.com
O1 - Hosts: 124.238.254.113 da.ehai01.com
O1 - Hosts: 124.238.254.113 ehai01.com
O1 - Hosts: 124.238.254.113 2008.sekart.cn
O1 - Hosts: 124.238.254.113 www.sekart.cn
O1 - Hosts: 124.238.254.113 sekart.cn
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\Program Files\迅雷\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {11F09AFC-75AD-4E51-AB43-E09E9351CE16} - D:\Program Files\迅雷\ComDlls\xunleiBHO_Now.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush1.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: Invoke Class - {5FB8C5D4-929F-4870-89E2-7E3EE26EE701} - C:\WINDOWS\system32\3221.dll
O2 - BHO: Century Class - {B9893324-6B8F-4C54-98A8-D22194403550} - C:\WINDOWS\system32\SoTools.dll
O2 - BHO: Windows Messenger Assistant - {C86488AF-13D5-4FEF-9DDF-9FB88698CFC1} - C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_7591.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - 启动项HKLM\\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - 启动项HKLM\\Run: [Storm2Set] C:\WINDOWS\system32\rundll32.exe "D:\PROGRA~1\BAOFEN~1\StormSet.dll",CheckEnv
O4 - 启动项HKLM\\Run: [WinSysM] C:\WINDOWS\919331M.exe
O4 - 启动项HKLM\\Run: [WinSysW] C:\WINDOWS\919331L.exe
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [sXe Injected] D:\Program Files\sXe Injected\sXe Injected.exe
O4 - 启动项HKLM\\Run: [Sysmppcvppp] "C:\WINDOWS\system32\Rundll32.exe" "C:\WINDOWS\system32\SysTdSvr.dll",Start
O4 - 启动项HKLM\\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - 启动项HKLM\\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - 启动项HKLM\\Run: [GenProtect] C:\WINDOWS\hkelnt.exe
O4 - 启动项HKLM\\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exE
O4 - 启动项HKLM\\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exE
O4 - 启动项HKLM\\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe
O4 - 启动项HKLM\\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - 启动项HKLM\\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - 启动项HKLM\\Run: [msccrt] C:\WINDOWS\msccrt.exe
O4 - 启动项HKLM\\Run: [LotusHlp] C:\WINDOWS\LotusHlp.exe
O4 - 启动项HKLM\\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exE
O4 - 启动项HKLM\\Run: [PTSShell] C:\WINDOWS\PTSShell.exe
O4 - 启动项HKLM\\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - 启动项HKLM\\Run: [MsPrint32D] C:\WINDOWS\MsPrint32D.exe
O4 - 启动项HKLM\\Run: [TBMonEx] C:\WINDOWS\Fonts\system\ati2evxx.exe
O4 - 启动项HKLM\\Run: [kermer] C:\WINDOWS\Fonts\system\dd.exe
O4 - 启动项HKLM\\Run: [InternetExe] C:\Documents and Settings\da yu\motou.exe
O4 - 启动项HKLM\\Run: [NVDispDrv] C:\WINDOWS\NVDispDRV.EXE
O4 - 启动项HKLM\\Run: [WinForm] C:\WINDOWS\WinForm.exE
O4 - 启动项HKLM\\Run: [SSLDyn] C:\WINDOWS\SSLDyn.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: QQ游戏启动加速程序.lnk = D:\Program Files\QQGAME\Accel.exe
O4 - Startup: 腾讯QQ.lnk = D:\Program Files\QQ\QQ.exe
O8 - IE右键菜单中的新增项目: 使用迅雷下载 - D:\Program Files\迅雷\Program\geturl.htm
O8 - IE右键菜单中的新增项目: 使用迅雷下载全部链接 - D:\Program Files\迅雷\Program\getallurl.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\2007 qq\AddEmotion.htm
O9 - 浏览器额外的按钮: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\Program Files\xun lei\Thunder.exe (file missing)
O9 - 浏览器额外的“工具”菜单项: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\Program Files\xun lei\Thunder.exe (file missing)
O9 - 浏览器额外的按钮: 网络反病毒统计信息 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B88031E-221B-480D-AF75-FFDD08E7DAC3}: NameServer = 202.97.224.69 202.97.224.68
O20 - AppInit_DLLs: kvdxskma.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - NT 服务: 9CF65912 - - (no file)
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - NT 服务: CC433D2D - Unknown owner - C:\WINDOWS\system32\5B697DD7.EXE
O23 - NT 服务: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - NT 服务: Windows Advanced Manager (wamer) - Unknown owner - C:\Program Files\Microsoft Office\SYSTEM\dodolook_7591.exe


[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)



[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
最后编辑2007-12-24 00:03:02.843000000