SOS,请闪电风暴进来看看，谢谢 bbs.ikaka.com

8888x - 2006-8-28 14:56:00

KLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ avast! avast! service GUI component d:\program files\alwil software\avast4\ashdisp.exe

+ NvCplDaemon NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ Super Rabbit IEPro Super Rabbit Soft d:\program files\super rabbit\iepro\sriecli.exe

+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe

C:\Documents and Settings\Administrator\「开始」菜单\程序\启动

+ Stardock ObjectDock.lnk ObjectDock Stardock c:\windows\bricopacks\longhorn inspirat\objectdock\objectdock.exe

+ Y'z Toolbar.lnk ToolBar icon can be changed. Y'z@Home c:\windows\bricopacks\longhorn inspirat\yztoolbar\yztoolbar.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ Super Rabbit IEPro Super Rabbit Soft d:\program files\super rabbit\iepro\sriecli.exe

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components

+ 0 File not found: About:Home

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ avast avast! Shell Extension ALWIL Software d:\program files\alwil software\avast4\ashshell.dll

+ Desktop Explorer NVIDIA Desktop Explorer, Version 110.19 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 110.19 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Display Panning CPL Extension File not found: deskpan.dll

+ NvCpl DesktopContext Class NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 110.19 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Play on my TV helper NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll

+ WinRAR shell extension c:\program files\winrar\rarext.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ kakatool.dll Beijing Rising Technology Co., Ltd. c:\windows\system32\kakatool.dll

Task Scheduler

+ DM_Install_Program.job c:\documents and settings\administrator\local settings\temp\101366.exe

HKLM\System\CurrentControlSet\Services

+ aswUpdSv 为 avast! 杀毒软件提供自动更新。 d:\program files\alwil software\avast4\aswupdsv.exe

+ avast! Antivirus 管理并执行本计算机中的 avast! 杀毒服务。包括常驻防护、病毒隔离区和调度器。 d:\program files\alwil software\avast4\ashserv.exe

+ cc 微软公司 TENCENT c:\windows\cc.exe

+ kavsvc Kaspersky Anti-Virus Service Kaspersky Lab d:\program files\kaspersky lab\kaspersky anti-virus personal\kavsvc.exe

+ NVSvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\windows\system32\nvsvc32.exe

+ Service43055603 c:\windows\lm\services.exe

+ Windows Processdos Windows Createddos c:\windows\system32\love.exe

HKLM\System\CurrentControlSet\Services

+ ADIHdAudAddService High Definition Audio Function Driver(Release Candidate 1) Analog Devices, Inc. c:\windows\system32\drivers\adihdaud.sys

+ AEAudioService Andrea Audio Noise Cancellation Driver Andrea Electronics Corporation c:\windows\system32\drivers\aeaudio.sys

+ EagleNT File not found: C:\WINDOWS\system32\drivers\EagleNT.sys

+ HdAudAddService High Definition Audio Function Driver v1.0a Windows (R) Server 2003 DDK provider c:\windows\system32\drivers\hdaudio.sys

+ HDAudBus High Definition Audio Bus Driver v1.0a Windows (R) Server 2003 DDK provider c:\windows\system32\drivers\hdaudbus.sys

+ jdy#hook d:\program files\tiancity\hknm.sys

+ Kl1 Kaspersky Anti-Hacker Only Driver Kaspersky Lab c:\windows\system32\drivers\kl1.sys

+ Klif spuper-ptor Kaspersky Labs c:\windows\system32\drivers\klif.sys

+ Klmc Kaspersky Anti-Virus Mail Checker Proxy Kaspersky Lab c:\windows\system32\drivers\klmc.sys

+ MTsensor ATK0110 ACPI Utility c:\windows\system32\drivers\asacpi.sys

+ npkcrypt File not found: D:\Program Files\Tencent\QQ\npkcrypt.sys

+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 82.05 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys

+ nvata NVIDIA? nForce(TM) IDE Performance Driver NVIDIA Corporation c:\windows\system32\drivers\nvata.sys

+ NVENETFD NVIDIA Networking Function Driver. NVIDIA Corporation c:\windows\system32\drivers\nvenetfd.sys

+ nvnetbus NVIDIA Networking Bus Driver. NVIDIA Corporation c:\windows\system32\drivers\nvnetbus.sys

+ oreans32 c:\windows\system32\drivers\oreans32.sys

+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys

+ Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys

+ SenFiltService Sensaura WDM 3D Audio Driver Sensaura c:\windows\system32\drivers\senfilt.sys

+ SVKP SVKP driver for NT AntiCracking c:\windows\system32\svkp.sys

+ zntport File not found: C:\WINDOWS\system32\zntport.sys

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ BJ Language Monitor File not found: cnbjmon.dll

+ PJL Language Monitor File not found: pjlmon.dll

我用你那个软件的日志。。帮我看看，老是有2个网站跳出来

8888x - 2006-8-28 15:06:00

ijackThis_zww汉化版扫描日志 V1.99.1
保存于 14:55:55, 日期 2006-8-28
操作系统： Windows XP SP2 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Super Rabbit\IEPro\SRIECLI.EXE
C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\lm\services.exe
C:\program files\internet explorer\IEXPLORE.EXE
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\101366.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Skymmstp038.exe
D:\TDdownload\hijackthis_cn_1.99.1.exe
D:\Program Files\外挂\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
F2 - REG:system.ini: UserInit=userinit.exe,
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [Super Rabbit IEPro] D:\Program Files\Super Rabbit\IEPro\SRIECLI.EXE /load
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] D:\Program Files\Super Rabbit\IEPro\SRIECLI.EXE /load
O4 - Startup: desktop.ini
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe
O4 - Global Startup: desktop.ini
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB4F4C80-62D9-47BE-BBF3-3AD3A6F08BA8}: NameServer = 202.101.172.46 202.101.172.47
O23 - NT 服务: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - NT 服务: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - NT 服务: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - NT 服务: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - NT 服务: cc - TENCENT - C:\WINDOWS\cc.exe
O23 - NT 服务: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: Network Connection43055603 (Service43055603) - Unknown owner - C:\WINDOWS\lm\services.exe
O23 - NT 服务: Windows Createddos (Windows Processdos) - Unknown owner - C:\WINDOWS\system32\love.exe

闪电风暴 - 2006-8-28 16:11:00

O23 - NT 服务: cc - TENCENT - C:\WINDOWS\cc.exe

O23 - NT 服务: Windows Createddos (Windows Processdos) - Unknown owner - C:\WINDOWS\system32\love.exe

厉害！！两只鸽子！！

O23 - NT 服务: Network Connection43055603 (Service43055603) - Unknown owner - C:\WINDOWS\lm\services.exe

这项不确定，请将此文件按
http://forum.ikaka.com/topic.asp?board=36&artid=8144360打包发给我。

http://forum.ikaka.com/topic.asp?board=28&artid=5666824
鸽子按这个帖子的方法去处理

闪电风暴 - 2006-8-28 16:12:00

c:\documents and settings\administrator\local settings\temp\101366.exe
这个文件，按http://forum.ikaka.com/topic.asp?board=36&artid=8144360，打包发给我

闪电风暴 - 2006-8-28 16:16:00

修复所有not found项

8888x - 2006-8-28 17:14:00

就是删除就好？

闪电风暴 - 2006-8-28 17:22:00

有问题AUTORUNS项___删除
鸽子你杀掉了吗?
我让你看的帖子看了吗?
http://forum.ikaka.com/topic.asp?board=28&artid=5666824

8888x - 2006-8-28 18:47:00

O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [Super Rabbit IEPro] D:\Program Files\Super Rabbit\IEPro\SRIECLI.EXE /load
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bgswitch] C:\WINDOWS\system32\bgswitch.exe
O4 - Startup: desktop.ini
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe
O4 - Global Startup: desktop.ini
O4 - Global Startup: IE-Bar.lnk = C:\Program Files\Common Files\IE-Bar\iebar.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB4F4C80-62D9-47BE-BBF3-3AD3A6F08BA8}: NameServer = 202.101.172.46 202.101.172.47
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\455d8100.dll
O23 - NT 服务: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - NT 服务: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - NT 服务: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - NT 服务: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - NT 服务: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: Network Connection43055603 (Service43055603) - Unknown owner - C:\WINDOWS\lm\services.exe (file missing)
O23 - NT 服务: Windows Createddos (Windows Processdos) - Unknown owner - C:\WINDOWS\system32\love.exe (file missing)

瑞星卡卡安全论坛