【求助】木马杀客显示中毒了请帮帮忙 bbs.ikaka.com

猪一只lo - 2006-6-29 20:45:00

HijackThis_zww汉化版扫描日志 V1.99.1
保存于 20:27:33, 日期 2006-6-29
操作系统： Windows XP SP2 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\KWatch.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\KPfwSvc.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM_STI.EXE
D:\KAVStart.exe
C:\WINDOWS\system\servicess.exe
C:\windows\winass.exe
C:\WINDOWS\system32\ctfmon.exe
D:\KPFW32.EXE
C:\WINDOWS\NCLAUNCH.EXe
D:\KMailMon.EXE
E:\HijackThis1991zww.exe

O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll (file missing)
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper_4670.dll
O2 - BHO: IEYHlprObj Class - {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} - C:\WINDOWS\IEYHelper.dll
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\WinSC.dll
O2 - BHO: Internet_Explorer_Service - {9E1E1371-9D8F-4421-81B9-F8D2E1773A59} - C:\WINDOWS\system32\HelperService.dll
O2 - BHO: estAliveObj Class - {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} - C:\WINDOWS\estAlive.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\kugoo\KuGoo3\KuGoo3DownXControl.ocx
O2 - BHO: Subconscious Intruder - {E2218499-2FD4-4EED-A94A-7F0B9C6E300E} - C:\WINDOWS\system32\Inte32.dll
O3 - IE工具栏增项: 系统标准按钮(&E) - {6B2455FD-3669-4555-8DF8-69FD5BC846F8} - C:\WINDOWS\system32\SystemToolbar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - 启动项HKLM\\Run: [KavStart] "D:\KAVStart.exe" -startup
O4 - 启动项HKLM\\Run: [MSService_v1.0] C:\WINDOWS\system\servicess.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [KavPFW] "D:\KPFW32.EXE"
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MyShares] c:\program Files\易虎\MyShares.exe /tray
O4 - HKCU\..\Run: [Syss] C:\DOCUME~1\123\LOCALS~1\Temp\ehuupdate.exe
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - D:\kugoo\KuGoo3\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - F:\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - F:\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - F:\qq\SendMMS.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\qq\QQ.EXE (file missing)
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\qq\QQ.EXE (file missing)
O14 - IERESET.INF: START_PAGE_URL=about:blank
O18 - 列举现有的协议: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - NT 服务: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - D:\KPfwSvc.EXE
O23 - NT 服务: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - D:\KWatch.EXE
O23 - NT 服务: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
还有这个日志

独孤豪侠 - 2006-6-29 20:45:00

O4 - 启动项HKLM\\Run: [MSService_v1.0] C:\WINDOWS\system\servicess.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Syss] C:\DOCUME~1\123\LOCALS~1\Temp\ehuupdate.exe

修复以上几项.
删除对应文件.

猪一只lo - 2006-6-29 20:46:00

2006-06-29,20:37:00

System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows XP Professional Service Pack 2 - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<KavPFW><"D:\KPFW32.EXE">
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<NCLaunch><C:\WINDOWS\NCLAUNCH.EXe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<MyShares><c:\program Files\易虎\MyShares.exe /tray>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Syss><C:\DOCUME~1\123\LOCALS~1\Temp\ehuupdate.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SoundMan><SOUNDMAN.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<BigDogPath><C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KavStart><"D:\KAVStart.exe" -startup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<spoolsv><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<MSService_v1.0><C:\WINDOWS\system\servicess.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>

==================================
启动文件夹
服务
[Kingsoft Personal Firewall Service / KPfwSvc]
<"D:\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc]
<D:\KWatch.EXE><Kingsoft Corporation>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd]
<"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>

==================================
浏览器加载项
[MonitorURL Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, N/A>
[MyIEHelper Class]
{16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper_4670.dll, Microsoft Corporation>
[IEYHlprObj Class]
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC.dll, N/A>
[Internet_Explorer_Service]
{9E1E1371-9D8F-4421-81B9-F8D2E1773A59} <C:\WINDOWS\system32\HelperService.dll, N/A>
[estAliveObj Class]
{A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, Eastday Corporation>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\kugoo\KuGoo3\KuGoo3DownXControl.ocx, N/A>
[DuiSo.com Search]
{E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINDOWS\system32\Inte32.dll, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <F:\qq\QQ.EXE, N/A>
[系统标准按钮(&E)]
{6B2455FD-3669-4555-8DF8-69FD5BC846F8} <C:\WINDOWS\system32\SystemToolbar.dll, N/A>
[MonitorURL Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, N/A>
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, N/A>
[MyIEHelper Class]
{16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper_4670.dll, Microsoft Corporation>
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[IEYHlprObj Class]
{5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC.dll, N/A>
[Internet_Explorer_Service]
{9E1E1371-9D8F-4421-81B9-F8D2E1773A59} <C:\WINDOWS\system32\HelperService.dll, N/A>
[estAliveObj Class]
{A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, Eastday Corporation>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\kugoo\KuGoo3\KuGoo3DownXControl.ocx, N/A>
[Windows Live Sign-in Control]
{D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[DuiSo.com Search]
{E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINDOWS\system32\Inte32.dll, N/A>
[使用KuGoo3下载(&K)]
<D:\kugoo\KuGoo3\KuGoo3DownX.htm, N/A>
[添加到QQ自定义面板]
<F:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<F:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<F:\qq\SendMMS.htm, N/A>

猪一只lo - 2006-6-29 20:46:00

==================================
正在运行的进程
[PID: 532][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 600][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 632][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\upengine.dll] <北京清华紫光软件股份有限公司><3.0.0.3045>
[PID: 676][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 688][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 840][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 904][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 996][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1044][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1188][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1360][D:\KWatch.EXE] <Kingsoft Corporation><2005, 9, 27, 51>
[D:\KAVIPC2.DLL] <Kingsoft Corporation><2004, 12, 28, 20>
[D:\KAEPlat.DLL] <Kingsoft Corp.><2004, 11, 26, 53>
[D:\KAEMem.DAT] <Kingsoft><2004, 11, 9, 11>
[PID: 1424][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1736][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\upengine.dll] <北京清华紫光软件股份有限公司><3.0.0.3045>
[D:\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\WINDOWS\system32\WinSC.dll] <N/A><N/A>
[C:\WINDOWS\system32\HelperService.dll] <N/A><N/A>
[D:\kugoo\KuGoo3\KuGoo3DownXControl.ocx] <N/A><N/A>
[PID: 1840][D:\KPfwSvc.EXE] <Kingsoft Corporation><2005, 9, 5, 28>
[PID: 1928][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 328][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1084][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3510>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[D:\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 1144][C:\WINDOWS\VM_STI.EXE] <VM.><4.2.610.4>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[PID: 1248][D:\KAVStart.exe] <Kingsoft Corporation><2005, 11, 2, 173>
[D:\KAVIPC2.DLL] <Kingsoft Corporation><2004, 12, 28, 20>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[D:\PopSprt3.dll] <Kingsoft Corporation><2005, 11, 2, 27>
[D:\KAVPassp.dll] <Kingsoft Corporation><2005, 11, 3, 220>
[D:\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 1540][C:\WINDOWS\system\servicess.exe] <N/A><N/A>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[D:\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 1656][C:\windows\winass.exe] < ><5.01.2727>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[D:\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 1536][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[D:\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 2028][D:\KPFW32.EXE] <Kingsoft Corporation><2005, 10, 27, 596>
[D:\KAVIPC2.DLL] <Kingsoft Corporation><2004, 12, 28, 20>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[D:\KAConfig.DLL] <Kingsoft Corporation><2005, 3, 23, 30>
[D:\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[D:\FiltList.dll] <N/A><N/A>
[D:\KAVPassp.DLL] <Kingsoft Corporation><2005, 11, 3, 220>
[C:\WINDOWS\system32\upengine.dll] <北京清华紫光软件股份有限公司><3.0.0.3045>
[D:\KAEPlat.DLL] <Kingsoft Corp.><2004, 11, 26, 53>
[D:\KAEMem.DAT] <Kingsoft><2004, 11, 9, 11>
[D:\KAScript.DLL] <Kingsoft Corporation><2005, 10, 26, 58>
[PID: 112][C:\WINDOWS\NCLAUNCH.EXe] <Northern Codeworks><1, 0, 0, 1591>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[D:\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 1172][D:\KMailMon.EXE] <Kingsoft Corporation><2005, 10, 8, 85>
[D:\KAntiSpm.dll] <N/A><1, 0, 0, 2>
[D:\KAVIPC2.DLL] <Kingsoft Corporation><2004, 12, 28, 20>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[D:\KAECall2.DLL] <Kingsoft Corporation><2004, 12, 28, 7>
[D:\KAEPlat.DLL] <Kingsoft Corp.><2004, 11, 26, 53>
[D:\KAEMem.DAT] <Kingsoft><2004, 11, 9, 11>
[D:\KAConfig.DLL] <Kingsoft Corporation><2005, 3, 23, 30>
[D:\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 1168][E:\tt浏览\TTraveler.exe] <腾讯公司><3.0.0.250>
[D:\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\upengine.dll] <北京清华紫光软件股份有限公司><3.0.0.3045>
[E:\tt浏览\Plugins\QQFloatBar\QQFloatBar4TT2.dll] <腾讯公司><1, 1, 0, 5>
[E:\tt浏览\Plugins\TWeather\TWeather.dll] <><1, 0, 0, 3>
[E:\tt浏览\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 4>
[D:\KAScript.DLL] <Kingsoft Corporation><2005, 10, 26, 58>
[D:\KAEPlat.DLL] <Kingsoft Corp.><2004, 11, 26, 53>
[D:\KAEMem.DAT] <Kingsoft><2004, 11, 9, 11>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 516][E:\sreng2\SREng.exe] <Smallfrogs Studio><2.0.12.350>
[D:\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\upengine.dll] <北京清华紫光软件股份有限公司><3.0.0.3045>

猪一只lo - 2006-6-29 20:47:00

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

猪一只lo - 2006-6-29 20:47:00

【回复“独孤豪侠”的帖子】好的谢谢你

我无邪 - 2006-6-29 21:52:00

下载超级兔子。
http://www.pctutu.com/srmsdown.asp
安装好后，打开“超级兔子优化王”“专业卸载,卸载所有提示的垃圾软件，卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载
卸载完后，重启。
请到www.27814939.ys168.com,点“我的软件”下载诺顿进程管理器，终止C:\WINDOWS\system\servicess.exe（注意目录，你只终止C:\WINDOWS\system\servicess.exe的进程）winass.exe的进程
运行(双击)System Repair Engineer，使用“启动项目，注册表”来删除以下选项。
C:\WINDOWS\system\servicess.exe
开始，运行，输入regedit，用注册表的查找功能搜winass.exe，搜索到后，删除与它相关的选项
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
另外提示（C:\DOCUME~1\你的用户名\LOCALS~1\Temp就是C:\Documents and Settings\你的用户名\Local Settings\Temp，C:\PROGRA~1就是C:\ProgramFiles,C:\WINDOWS\DOWNLO~1就是C:\WINDOWS\Downloaded Program Files）
删除
C:\PROGRA~1\DESKAD~1
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper_4670.dll
C:\WINDOWS\IEYHelper.dll
C:\WINDOWS\system32\HelperService.dll
C:\WINDOWS\estAlive.dll
C:\WINDOWS\system32\Inte32.dll
C:\WINDOWS\system32\SystemToolbar.dll
C:\WINDOWS\system32\wmpdrm.dll
C:\WINDOWS\system32\Inte32.dll
c:\program Files\易虎
C:\DOCUME~1\123\LOCALS~1\Temp\
C:\WINDOWS\system\servicess.exe
C:\windows\winass.exe
修复后，请重启。
烦再扫份日志粘上来。

猪一只lo - 2006-7-2 2:30:00

HijackThis_zww汉化版扫描日志 V1.99.1
保存于 2:21:14, 日期 2006-7-2
操作系统： Windows XP SP2 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\KWatch.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\KPfwSvc.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM_STI.EXE
D:\KAVStart.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\KPFW32.EXE
D:\KMailMon.EXE
E:\tt浏览\TTraveler.exe
E:\HijackThis1991zww.exe

O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - 启动项HKLM\\Run: [KavStart] "D:\KAVStart.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [KavPFW] "D:\KPFW32.EXE"
O14 - IERESET.INF: START_PAGE_URL=about:blank
O18 - 列举现有的协议: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - NT 服务: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - D:\KPfwSvc.EXE
O23 - NT 服务: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - D:\KWatch.EXE
O23 - NT 服务: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

mopery - 2006-7-2 2:31:00

修复
O23 - NT 服务: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
没问题了...

猪一只lo - 2006-7-2 2:32:00

2006-07-02,02:22:31

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [Microsoft Corporation]
<KavPFW><"D:\KPFW32.EXE"> [Kingsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<BigDogPath><C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x> []
<KavStart><"D:\KAVStart.exe" -startup> [Kingsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\FORBID~1.SCR> []

==================================
启动文件夹
服务
[Kingsoft Personal Firewall Service / KPfwSvc]
<"D:\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc]
<D:\KWatch.EXE><Kingsoft Corporation>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd]
<"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>

==================================
浏览器加载项
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\kugoo\KuGoo3\KuGoo3DownXControl.ocx, N/A>
[Windows Live Sign-in Control]
{D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>

猪一只lo - 2006-7-2 2:33:00

==================================
正在运行的进程
[PID: 532][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 600][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 632][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\upengine.dll] <北京清华紫光软件股份有限公司><3.0.0.3045>
[PID: 676][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 688][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 840][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 904][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1000][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1044][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1160][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1360][D:\KWatch.EXE] <Kingsoft Corporation><2005, 9, 27, 51>
[D:\KAVIPC2.DLL] <Kingsoft Corporation><2004, 12, 28, 20>
[D:\KAEPlat.DLL] <Kingsoft Corp.><2004, 11, 26, 53>
[D:\KAEMem.DAT] <Kingsoft><2004, 11, 9, 11>
[PID: 1424][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1612][D:\KPfwSvc.EXE] <Kingsoft Corporation><2005, 9, 5, 28>
[PID: 1656][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2012][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 564][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\upengine.dll] <北京清华紫光软件股份有限公司><3.0.0.3045>
[D:\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 1188][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3510>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[D:\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 1252][C:\WINDOWS\VM_STI.EXE] <VM.><4.2.610.4>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[PID: 1280][D:\KAVStart.exe] <Kingsoft Corporation><2005, 11, 2, 173>
[D:\KAVIPC2.DLL] <Kingsoft Corporation><2004, 12, 28, 20>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[D:\PopSprt3.dll] <Kingsoft Corporation><2005, 11, 2, 27>
[D:\KAVPassp.dll] <Kingsoft Corporation><2005, 11, 3, 220>
[D:\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 1680][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[D:\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 1692][C:\Program Files\MSN Messenger\msnmsgr.exe] <Microsoft Corporation><8.0.0792.00>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[D:\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\WINDOWS\system32\upengine.dll] <北京清华紫光软件股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[D:\KAScript.DLL] <Kingsoft Corporation><2005, 10, 26, 58>
[D:\KAEPlat.DLL] <Kingsoft Corp.><2004, 11, 26, 53>
[D:\KAEMem.DAT] <Kingsoft><2004, 11, 9, 11>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 1628][D:\KPFW32.EXE] <Kingsoft Corporation><2005, 10, 27, 596>
[D:\KAVIPC2.DLL] <Kingsoft Corporation><2004, 12, 28, 20>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[D:\KAConfig.DLL] <Kingsoft Corporation><2005, 3, 23, 30>
[D:\FiltList.dll] <N/A><N/A>
[D:\KAVPassp.DLL] <Kingsoft Corporation><2005, 11, 3, 220>
[D:\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\WINDOWS\system32\upengine.dll] <北京清华紫光软件股份有限公司><3.0.0.3045>
[D:\KAEPlat.DLL] <Kingsoft Corp.><2004, 11, 26, 53>
[D:\KAEMem.DAT] <Kingsoft><2004, 11, 9, 11>
[D:\KAScript.DLL] <Kingsoft Corporation><2005, 10, 26, 58>
[PID: 1988][D:\KMailMon.EXE] <Kingsoft Corporation><2005, 10, 8, 85>
[D:\KAntiSpm.dll] <N/A><1, 0, 0, 2>
[D:\KAVIPC2.DLL] <Kingsoft Corporation><2004, 12, 28, 20>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[D:\KAECall2.DLL] <Kingsoft Corporation><2004, 12, 28, 7>
[D:\KAEPlat.DLL] <Kingsoft Corp.><2004, 11, 26, 53>
[D:\KAEMem.DAT] <Kingsoft><2004, 11, 9, 11>
[D:\KAConfig.DLL] <Kingsoft Corporation><2005, 3, 23, 30>
[D:\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 2548][E:\tt浏览\TTraveler.exe] <腾讯公司><3.0.0.250>
[D:\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\upengine.dll] <北京清华紫光软件股份有限公司><3.0.0.3045>
[E:\tt浏览\Plugins\QQFloatBar\QQFloatBar4TT2.dll] <腾讯公司><1, 1, 0, 5>
[E:\tt浏览\Plugins\TWeather\TWeather.dll] <><1, 0, 0, 3>
[E:\tt浏览\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 4>
[D:\KAScript.DLL] <Kingsoft Corporation><2005, 10, 26, 58>
[D:\KAEPlat.DLL] <Kingsoft Corp.><2004, 11, 26, 53>
[D:\KAEMem.DAT] <Kingsoft><2004, 11, 9, 11>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 3032][C:\DOCUME~1\123\LOCALS~1\Temp\sreng2.zip 的临时目录 1\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[D:\KASocket.dll] <Kingsoft Corporation><2005, 2, 22, 233>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\upengine.dll] <北京清华紫光软件股份有限公司><3.0.0.3045>

瑞星卡卡安全论坛