重装格式都不行！！！！日志及图！！ bbs.ikaka.com

飞侠小猪 - 2006-7-31 20:20:00

我的电脑经常重启，查杀病毒，可每次上机继续出现！！病毒名字：Win32.Troj.Look2Me.g.237191还有个Win32.Hack.IRCBot.cy.8224
而且还经常弹出一些网页，及两个小窗口，桌面上也莫名其妙出现一些图标，如图：
下面是扫描的日志：
2006-07-31,18:06:09

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation]
<NvCplDaemon><RUNDLL32.EXE NvQTwk,NvCplDaemon initialize> []
<defender><C:\\dfndrfg_7.exe> [&%&%&%&%%&%&%%&%]
<keyboard><C:\\kybrdfg_7.exe> [#$*&$*&#&$&*$&#&*$&*#$&*]
<SKYNET Personal FireWall><D:\PROGRA~1\SKYNET\FIREWALL\pfw.exe> [广州众达天网技术有限公司]
<newname><C:\\nwnmfg_7.exe> [&#&*&$*#&*$&*#&$*&*&$*&#*&#*]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINNT\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><NVDESK32.DLL> [NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}><C:\WINNT\system32\ljjihfd.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CSCSettings]
<WinlogonNotify: CSCSettings><C:\WINNT\system32\p6n80g5ue6.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntlRun]
<WinlogonNotify: IntlRun><C:\WINNT\system32\UBERENV.DLL> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP]
<WinlogonNotify: IPConfTSP><C:\WINNT\system32\mvafd.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfgdda]
<WinlogonNotify: khfgdda><khfgdda.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjihfd]
<WinlogonNotify: ljjihfd><ljjihfd.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ModuleUsage]
<WinlogonNotify: ModuleUsage><C:\WINNT\system32\mvafd.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrsrro]
<WinlogonNotify: rqrsrro><rqrsrro.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Shell Extensions]
<WinlogonNotify: Shell Extensions><C:\WINNT\system32\rjsutils.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellScrap]
<WinlogonNotify: ShellScrap><C:\WINNT\system32\rjsutils.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sstro]
<WinlogonNotify: sstro><C:\WINNT\system32\sstro.dll> []

==================================

附件: 7202322006731201215.bmp

oo123oo3 - 2006-7-31 20:21:00

这个日志不会看。用HJ扫。给我

飞侠小猪 - 2006-7-31 20:21:00

启动文件夹
[河南网通宽带用户客户端]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\河南网通宽带用户客户端.lnk><N>

==================================
服务
[Command Service / cmdService]
<C:\WINNT\QWRtaW5pc3RyYXRvcg\command.exe><N/A>
[Logical Disk Manager Administrative Service / dmadmin]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Kingsoft Personal Firewall Service / KPfwSvc]
<"D:\Program Files\jinshan\KPfwSvc.EXE"><Kingsoft Corporation>
[Network Monitor / Network Monitor]
<C:\Program Files\Network Monitor\netmon.exe service><N/A>
[NVIDIA Driver Helper Service / NVSvc]
<C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[Microsoft Windows Spool Service / Windows Spool Service]
<"C:\WINNT\wdfmgr.exe"><N/A>

==================================
浏览器加载项
[]
{894647B4-12AF-40DE-A89A-49B8E19F17E5} <C:\WINNT\system32\sstro.dll, N/A>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================

飞侠小猪 - 2006-7-31 20:21:00

正在运行的进程
[PID: 1188][C:\WINNT\system32\rundll32.exe] <Microsoft Corporation><5.00.2134.1>
[C:\WINNT\system32\NVDESK32.DLL] <NVIDIA Corporation><5.13.01.2183>
[C:\WINNT\QWRtaW5pc3RyYXRvcg\asappsrv.dll] <><2.1.3.466>
[C:\WINNT\system32\bWtt.dll] <N/A><N/A>
[PID: 2120][C:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690>
[C:\WINNT\system32\NVDESK32.DLL] <NVIDIA Corporation><5.13.01.2183>
[C:\WINNT\QWRtaW5pc3RyYXRvcg\asappsrv.dll] <><2.1.3.466>
[C:\WINNT\system32\sstro.dll] <N/A><N/A>
[C:\WINNT\system32\bWtt.dll] <N/A><N/A>
[C:\WINNT\system32\ljjihfd.dll] <N/A><N/A>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[PID: 2240][C:\dfndrfg_7.exe] <&%&%&%&%%&%&%%&%><1.00.0164>
[C:\WINNT\system32\NVDESK32.DLL] <NVIDIA Corporation><5.13.01.2183>
[C:\WINNT\QWRtaW5pc3RyYXRvcg\asappsrv.dll] <><2.1.3.466>
[PID: 2252][C:\kybrdfg_7.exe] <#$*&$*&#&$&*$&#&*$&*#$&*><1.00.0116>
[C:\WINNT\system32\NVDESK32.DLL] <NVIDIA Corporation><5.13.01.2183>
[C:\WINNT\QWRtaW5pc3RyYXRvcg\asappsrv.dll] <><2.1.3.466>
[PID: 2268][D:\PROGRA~1\SKYNET\FIREWALL\pfw.exe] <广州众达天网技术有限公司><2.7.7.1004>
[D:\PROGRA~1\SKYNET\FIREWALL\SKYMISC.DLL] <N/A><N/A>
[D:\PROGRA~1\SKYNET\FIREWALL\COMPRESSWRAP.DLL] <N/A><N/A>
[C:\WINNT\system32\NVDESK32.DLL] <NVIDIA Corporation><5.13.01.2183>
[C:\WINNT\QWRtaW5pc3RyYXRvcg\asappsrv.dll] <><2.1.3.466>
[PID: 2100][C:\WINNT\system32\internat.exe] <Microsoft Corporation><5.00.2920.0000>
[C:\WINNT\system32\NVDESK32.DLL] <NVIDIA Corporation><5.13.01.2183>
[C:\WINNT\QWRtaW5pc3RyYXRvcg\asappsrv.dll] <><2.1.3.466>
[PID: 2312][C:\Program Files\racer-henan-cnc\racer.exe] <Putian Runway><2, 0, 51, 92>
[C:\WINNT\system32\NVDESK32.DLL] <NVIDIA Corporation><5.13.01.2183>
[C:\WINNT\QWRtaW5pc3RyYXRvcg\asappsrv.dll] <><2.1.3.466>
[C:\Program Files\racer-henan-cnc\rwxre.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\nspr4.dll] <Netscape Communications Corporation><4.5 Beta>
[C:\Program Files\racer-henan-cnc\xpcom.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\nss3.dll] <Netscape Communications Corporation><3.9.1>
[C:\Program Files\racer-henan-cnc\softokn3.dll] <Netscape Communications Corporation><3.9.1>
[C:\Program Files\racer-henan-cnc\gkgfx.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\js3250.dll] <Netscape Communications Corporation><4.0>
[C:\Program Files\racer-henan-cnc\components\racer_base_comp.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\xpcom_compat.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\racer_base.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\components\pipnss.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\components\gklayout.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\components\jar50.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\components\xpcom_compat_c.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\components\racer_ad_comp.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\components\racer_access_dhcpplus.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\dhcpplus.dll] <北京润汇科技有限公司><0, 13, 21, 45>
[C:\Program Files\racer-henan-cnc\components\racer_nss4_comp.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\nss4.dll] <北京普天润汇科技有限公司><1, 0, 0, 3>
[C:\Program Files\racer-henan-cnc\wpcap.dll] <Politecnico di Torino><3, 0, 0, 18>
[C:\Program Files\racer-henan-cnc\pthreadVC.dll] <N/A><N/A>
[C:\Program Files\racer-henan-cnc\packet.dll] <Politecnico di Torino><3, 0, 0, 18>
[PID: 392][C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106>
[C:\WINNT\system32\NVDESK32.DLL] <NVIDIA Corporation><5.13.01.2183>
[C:\WINNT\QWRtaW5pc3RyYXRvcg\asappsrv.dll] <><2.1.3.466>
[C:\WINNT\system32\sstro.dll] <N/A><N/A>
[PID: 2320][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2800.1106>
[C:\WINNT\system32\NVDESK32.DLL] <NVIDIA Corporation><5.13.01.2183>
[C:\WINNT\QWRtaW5pc3RyYXRvcg\asappsrv.dll] <><2.1.3.466>
[C:\WINNT\system32\sstro.dll] <N/A><N/A>
[C:\WINNT\system32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[PID: 752][C:\Program Files\racer-henan-cnc\RacerKp.exe] <北京润汇科技有限公司><1, 0, 0, 1>
[C:\WINNT\system32\NVDESK32.DLL] <NVIDIA Corporation><5.13.01.2183>
[C:\WINNT\QWRtaW5pc3RyYXRvcg\asappsrv.dll] <><2.1.3.466>
[PID: 2484][C:\WINNT\regedit.exe] <Microsoft Corporation><5.00.2195.6707>
[C:\WINNT\system32\NVDESK32.DLL] <NVIDIA Corporation><5.13.01.2183>
[C:\WINNT\QWRtaW5pc3RyYXRvcg\asappsrv.dll] <><2.1.3.466>
[PID: 2080][D:\Program Files\jinshan\KAVLog2.EXE] <Kingsoft Corporation><2006.3.29.41>
[C:\WINNT\system32\NVDESK32.DLL] <NVIDIA Corporation><5.13.01.2183>
[C:\WINNT\QWRtaW5pc3RyYXRvcg\asappsrv.dll] <><2.1.3.466>
[D:\Program Files\jinshan\KAConfig.DLL] <Kingsoft Corporation><2005, 3, 23, 30>
[PID: 3512][D:\Program Files\PIXELA\ImageMixer\IMxVCDSO.exe] <PIXELA Corporation><2, 0, 0, 9>
[D:\Program Files\PIXELA\ImageMixer\Exif.dll] <FUJI PHOTO FILM CO., LTD><2, 4, 3, 0>
[D:\Program Files\PIXELA\ImageMixer\MpegSplitterMixerLibrary.dll] <PiXELA Corp.><1, 0, 4, 5>
[D:\Program Files\PIXELA\ImageMixer\MpgBasic.dll] <PiXELA Corp.><1, 0, 4, 5>
[D:\Program Files\PIXELA\ImageMixer\dvdcdlib.dll] <Pixela Corporation><3, 0, 0, 7>
[D:\Program Files\PIXELA\ImageMixer\EncoderInterface.dll] <PiXELA Corp.><1, 0, 4, 5>
[D:\Program Files\PIXELA\ImageMixer\EncodeToMpegLibrary.dll] <PiXELA Corp.><1, 0, 4, 5>
[D:\Program Files\PIXELA\ImageMixer\px_mpegv.dll] <Pixela Corporation (C)><1, 5, 16, 0>
[D:\Program Files\PIXELA\ImageMixer\px_mpega.dll] <N/A><N/A>
[D:\Program Files\PIXELA\ImageMixer\PxScalingFilter.dll] <pixela><1, 1, 0, 0>
[D:\Program Files\PIXELA\ImageMixer\px_mpegvd.dll] <ピクセラ><1, 1, 9, 0>
[D:\Program Files\PIXELA\ImageMixer\px_mpeg_util.dll] <ピクセラ><1, 0, 7, 0>
[D:\Program Files\PIXELA\ImageMixer\improvement_filter.dll] <pixela corporation><1, 0, 0, 6>
[D:\Program Files\PIXELA\ImageMixer\px_filter.dll] <N/A><N/A>
[D:\Program Files\PIXELA\ImageMixer\dvdAuthoring.dll] <><1, 1, 0, 7>
[D:\Program Files\PIXELA\ImageMixer\WriteCheck.dll] <><1, 0, 0, 1>
[D:\Program Files\PIXELA\ImageMixer\BGOLDLIB.dll] <B.H.A Co.,Ltd.><7, 2, 1, 0>
[D:\Program Files\PIXELA\ImageMixer\CDRBSVSD.DLL] <B.H.A Co.,Ltd.><7, 6, 2, 0>
[D:\Program Files\PIXELA\ImageMixer\OSR1HELP.DLL] <B.H.A Co.,Ltd.><1, 0, 1, 0>
[C:\WINNT\system32\NVDESK32.DLL] <NVIDIA Corporation><5.13.01.2183>
[C:\WINNT\QWRtaW5pc3RyYXRvcg\asappsrv.dll] <><2.1.3.466>
[D:\Program Files\PIXELA\ImageMixer\ImxPsSpl.ax] <PIXELA Corp.><1, 0, 5, 0>
[D:\Program Files\PIXELA\ImageMixer\ImageMixerVCDRes.dll] <N/A><N/A>
[C:\WINNT\system32\msdmo.dll] <N/A><N/A>
[PID: 3524][D:\Program Files\新建文件夹\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINNT\system32\NVDESK32.DLL] <NVIDIA Corporation><5.13.01.2183>
[C:\WINNT\QWRtaW5pc3RyYXRvcg\asappsrv.dll] <><2.1.3.466>

==================================

飞侠小猪 - 2006-7-31 20:21:00

文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP Error. [winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

飞侠小猪 - 2006-7-31 20:22:00

救救我吧！！！！

飞侠小猪 - 2006-7-31 20:24:00

HJ的以前用过，我的电脑用不成，才用这个的，我的电脑就是这么奇怪啊~~~~~~~~~~~

飞侠小猪 - 2006-7-31 20:28:00

别都不理我呀，真的要崩溃了！！！

710207 - 2006-7-31 20:34:00

光看你的启动项就晕了
楼主请到http://forum.ikaka.com/topic.asp?board=28&artid=8105899
下载HijackThis
下载后运行HijackThis.rar,再运行HijackThis.exe
单机＂扫描日志并保存日志＂
把保存的日志复制粘贴上来．

baohe - 2006-7-31 20:38:00

【回复“飞侠小猪”的帖子】
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<defender><C:\\dfndrfg_7.exe> [&%&%&%&%%&%&%%&%]
<keyboard><C:\\kybrdfg_7.exe> [#$*&$*�&$&*$�&*$&*#$&*]
<newname><C:\\nwnmfg_7.exe> [�&*&$*#&*$&*#&$*&*&$*�*�*]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}><C:\WINNT\system32\ljjihfd.dll> []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CSCSettings]
<WinlogonNotify: CSCSettings><C:\WINNT\system32\p6n80g5ue6.dll> []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntlRun]
<WinlogonNotify: IntlRun><C:\WINNT\system32\UBERENV.DLL> []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP]
<WinlogonNotify: IPConfTSP><C:\WINNT\system32\mvafd.dll> []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfgdda]
<WinlogonNotify: khfgdda><khfgdda.dll> []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjihfd]
<WinlogonNotify: ljjihfd><ljjihfd.dll> []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrsrro]
<WinlogonNotify: rqrsrro><rqrsrro.dll> []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Shell Extensions]
<WinlogonNotify: Shell Extensions><C:\WINNT\system32\rjsutils.dll> []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellScrap]
<WinlogonNotify: ShellScrap><C:\WINNT\system32\rjsutils.dll> []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sstro]
<WinlogonNotify: sstro><C:\WINNT\system32\sstro.dll> []

[Microsoft Windows Spool Service / Windows Spool Service]
<"C:\WINNT\wdfmgr.exe"><N/A>

汗！！
这都是什么呀？？？？？

飞侠小猪 - 2006-7-31 20:41:00

怎么了，不对么

飞侠小猪 - 2006-7-31 20:48:00

好，我传上：HijackThis_zww汉化版扫描日志 V1.99.1
保存于 20:38:05, 日期 2006-7-31
操作系统： Windows 2000 SP4 (WinNT 5.00.2195)
浏览器： Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\QWRtaW5pc3RyYXRvcg\command.exe
C:\WINNT\system32\svchost.exe
D:\Program Files\jinshan\KPfwSvc.EXE
C:\Program Files\Network Monitor\netmon.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wdfmgr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\dfndrfg_7.exe
C:\kybrdfg_7.exe
D:\PROGRA~1\SKYNET\FIREWALL\pfw.exe
C:\WINNT\system32\internat.exe
C:\Program Files\racer-henan-cnc\racer.exe
C:\Program Files\racer-henan-cnc\RacerKp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
E:\Program Files\NetEase\XYOnline2\xy2.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\Program Files\HijackThis1991汉化版\HijackThis1991zww.exe

飞侠小猪 - 2006-7-31 20:49:00

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINNT\system32\khfgdda.dll
O2 - BHO: (no name) - {AB2BEE46-5677-4E8C-A1E9-A22B9D934358} - C:\WINNT\system32\sstro.dll
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - 启动项HKLM\\Run: [defender] C:\\dfndrfg_7.exe
O4 - 启动项HKLM\\Run: [keyboard] C:\\kybrdfg_7.exe
O4 - 启动项HKLM\\Run: [SKYNET Personal FireWall] D:\PROGRA~1\SKYNET\FIREWALL\pfw.exe
O4 - 启动项HKLM\\Run: [newname] C:\\nwnmfg_7.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Global Startup: 河南网通宽带用户客户端.lnk = C:\Program Files\racer-henan-cnc\racer.exe
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O18 - 列举现有的协议: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: ipp - (no CLSID) - (no file)
O18 - 列举现有的协议: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll
O18 - 列举现有的协议: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINNT\system32\inetcomm.dll
O18 - 列举现有的协议: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll
O18 - 列举现有的协议: msdaipp - (no CLSID) - (no file)
O18 - 列举现有的协议: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - 列举现有的协议: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx
O20 - Winlogon Notify: AdminDebug - C:\WINNT\system32\p6n80g5ue6.dll
O20 - Winlogon Notify: IntlRun - C:\WINNT\system32\UBERENV.DLL (file missing)
O20 - Winlogon Notify: IPConfTSP - C:\WINNT\system32\mvafd.dll (file missing)
O20 - Winlogon Notify: khfgdda - C:\WINNT\SYSTEM32\khfgdda.dll
O20 - Winlogon Notify: ljjihfd - C:\WINNT\SYSTEM32\ljjihfd.dll
O20 - Winlogon Notify: ModuleUsage - C:\WINNT\system32\mvafd.dll (file missing)
O20 - Winlogon Notify: rqrsrro - rqrsrro.dll (file missing)
O20 - Winlogon Notify: Shell Extensions - C:\WINNT\system32\rjsutils.dll (file missing)
O20 - Winlogon Notify: ShellScrap - C:\WINNT\system32\rjsutils.dll (file missing)
O20 - Winlogon Notify: sstro - C:\WINNT\system32\sstro.dll
O23 - NT 服务: Command Service (cmdService) - Unknown owner - C:\WINNT\QWRtaW5pc3RyYXRvcg\command.exe
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - D:\Program Files\jinshan\KPfwSvc.EXE
O23 - NT 服务: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - NT 服务: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - NT 服务: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINNT\wdfmgr.exe
O23 - NT 服务: Windows Product Activation (wpa) - Unknown owner - C:\WINNT\system32\wpa.exe (file missing)

飞侠小猪 - 2006-7-31 20:49:00

就这些了，帮我看下吧

酷盖 - 2006-7-31 20:53:00

[Command Service / cmdService]
<C:\WINNT\QWRtaW5pc3RyYXRvcg\command.exe><N/A>
[Microsoft Windows Spool Service / Windows Spool Service]
<"C:\WINNT\wdfmgr.exe"><N/A>
停止并删除这两个服务

飞侠小猪 - 2006-7-31 20:59:00

提示的是无法完成操作，拒绝访问啊

飞侠小猪 - 2006-7-31 21:14:00

我在线等啊，真的没能救命的么

流浪詩人 - 2006-7-31 21:21:00

重装系统后还是不行吗？

飞侠小猪 - 2006-7-31 21:24:00

不行啊，装98的没有声音，XP的也是这种情况，现在装2000的还这样

流浪詩人 - 2006-7-31 21:37:00

重新装好系统后马上就出现这种情况，还是试用一阵子后出现的？安装操作系统时是覆盖安装还是将C盘格掉后安装的？

飞侠小猪 - 2006-7-31 21:44:00

只稍微过了一会就出现这种情况，覆盖安装和格式安装都试过，情况还是一样的

oo123oo3 - 2006-7-31 21:55:00

有问题的进程
C:\WINNT\QWRtaW5pc3RyYXRvcg\command.exe
C:\Program Files\Network Monitor\netmon.exe

修复
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINNT\system32\khfgdda.dll
O2 - BHO: (no name) - {AB2BEE46-5677-4E8C-A1E9-A22B9D934358} - C:\WINNT\system32\sstro.dll
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [defender] C:\\dfndrfg_7.exe
O4 - 启动项HKLM\\Run: [keyboard] C:\\kybrdfg_7.exe
O4 - 启动项HKLM\\Run: [newname] C:\\nwnmfg_7.exe
O20 - Winlogon Notify: IntlRun - C:\WINNT\system32\UBERENV.DLL (file missing)
O20 - Winlogon Notify: AdminDebug - C:\WINNT\system32\p6n80g5ue6.dll
O20 - Winlogon Notify: IPConfTSP - C:\WINNT\system32\mvafd.dll (file missing)
O20 - Winlogon Notify: khfgdda - C:\WINNT\SYSTEM32\khfgdda.dll
O20 - Winlogon Notify: ljjihfd - C:\WINNT\SYSTEM32\ljjihfd.dll
O20 - Winlogon Notify: ModuleUsage - C:\WINNT\system32\mvafd.dll (file missing
O20 - Winlogon Notify: rqrsrro - rqrsrro.dll (file missing)
O20 - Winlogon Notify: Shell Extensions - C:\WINNT\system32\rjsutils.dll (file missing)
O20 - Winlogon Notify: ShellScrap - C:\WINNT\system32\rjsutils.dll (file missing)
O20 - Winlogon Notify: sstro - C:\WINNT\system32\sstro.dll
O23 - NT 服务: Command Service (cmdService) - Unknown owner - C:\WINNT\QWRtaW5pc3RyYXRvcg\command.exe
O23 - NT 服务: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

删除文件
C:\WINNT\QWRtaW5pc3RyYXRvcg\command.exe
C:\Program Files\Network Monitor\netmon.exe
禁止服务

瑞星卡卡安全论坛