【求助】请哥哥们来帮我看下~~我同学的电脑~出大毛病了！ bbs.ikaka.com

小鱼莫莫 - 2006-10-8 13:19:00

我同学的电脑，刚开始是被4199劫持了，后来，连卡卡的论坛都上不了，用记事本给我发日志也发不过来了~~后来发邮箱里，终于把日志搞来啦，大虾们帮俺们看看~~对了，她没有杀软~ 用反间谍专家查的时候我从他发来的图里看到了worm.win32.viking.ae_14~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 12:40:03, on 2006-10-8
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\MRTServ.exe
C:\WINDOWS\system32\VKTServ.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\agetltfes.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Tencent\QQ\TIMPlatfrom.exe
C:\WINDOWS\system32\msiexec.exe
D:\TDdownload\HijackThis\HijackThis.exe
O1 - Hosts: 125.91.1.20 localhost
O1 - Hosts: 125.91.1.20 www.7322.com
O1 - Hosts: 125.91.1.20 www.5566.net
O1 - Hosts: 125.91.1.20 www.v111.com
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 125.91.1.20 www.hao123.com
O1 - Hosts: 125.91.1.20 hao123.com
O1 - Hosts: 125.91.1.20 www.265.com
O1 - Hosts: 125.91.1.20 265.com
O1 - Hosts: 125.91.1.20 www.9991.com
O1 - Hosts: 125.91.1.20 9991.com
O1 - Hosts: 125.91.1.20 www.v111.com
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 61.162.230.31 www.7939.com
O1 - Hosts: 61.162.230.31 7939.com
O1 - Hosts: 61.162.230.31 59.34.148.98
O1 - Hosts: 61.162.230.31 about:blank
O1 - Hosts: 61.141.31.11 down.Virussky.com
O1 - Hosts: 61.141.31.11 60.191.60.108
O1 - Hosts: 61.141.31.11 219.153.20.209
O1 - Hosts: 61.141.31.11 forum.ikaka.com
O1 - Hosts: 61.141.31.11 bbs.360safe.com
O1 - Hosts: 61.141.31.11 www.360safe.com
O1 - Hosts: 61.141.31.11 www.piaoxue.com
O1 - Hosts: 61.141.31.11 61.129.58.12
O1 - Hosts: 61.141.31.11 forum.jiangmin.com
O1 - Hosts: 61.141.31.11 luosoft.com
O1 - Hosts: 125.91.1.20 post.baidu.com
O1 - Hosts: 61.141.31.11 60.191.60.107
O1 - Hosts: 61.141.31.11 219.139.58.97
O1 - Hosts: 61.141.31.11 59.34.148.81
O1 - Hosts: 125.91.1.20 60.191.60.114
O1 - Hosts: 125.91.1.20 www.ycdy.com
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [Tray] C:\WINDOWS\command\rundll32.exe
O4 - HKLM\..\Run: [SOUNDM] winsmd.exe
O4 - HKLM\..\Run: [Ljx] C:\WINDOWS\inf\rundll32.exe
O4 - HKLM\..\Run: [zt] C:\WINDOWS\Intel\rundll32.exe
O4 - HKLM\..\Run: [RavUpes] C:\WINDOWS\system32\agetltfes.exe
O4 - HKLM\..\Run: [run] C:\WINDOWS\system32\rundll32.exe rsrc.dll s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 腾讯QQ.lnk = D:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://tomatolei.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wsd_sock32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wsd_sock32.dll
O14 - IERESET.INF: START_PAGE_URL=http://tomatolei.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F137FBA-3041-485B-B0B6-1CDCA0BCFCE8}: NameServer = 218.6.200.139 61.139.2.69
O20 - AppInit_DLLs: KB896588M.LOG
O21 - SSODL: DVDBurn - {790448C3-4239-45AF-C98B-367991A8B103} - C:\WINDOWS\Downloaded Program Files\AfxEdit.dll
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\CCenter.exe

小鱼莫莫 - 2006-10-8 13:20:00

这是sreng的
2006-10-08,12:56:08
System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<CoolSwitch><C:\WINDOWS\system32\taskswitch.exe> [N/A]
<Device Detector><DevDetect.exe -autorun> [N/A]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<C-Media Mixer><Mixer.exe /startup> [(Verified)C-Media Electronic Inc. (www.cmedia.com.tw)]
<C-Media Echo Control><C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe> [N/A]
<Tray><C:\WINDOWS\command\rundll32.exe> [N/A]
<SOUNDM><winsmd.exe> [N/A]
<Ljx><C:\WINDOWS\inf\rundll32.exe> [N/A]
<zt><C:\WINDOWS\Intel\rundll32.exe> [N/A]
<RavUpes><C:\WINDOWS\system32\agetltfes.exe> []
<run><C:\WINDOWS\system32\rundll32.exe rsrc.dll s> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<NiceSoft><C:\WINDOWS\system32\Call.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><KB896588M.LOG> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<DVDBurn><C:\WINDOWS\Downloaded Program Files\AfxEdit.dll> [N/A]
==================================
启动文件夹
[Microsoft Office]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> D:\PROGRA~1\MICROS~1\Office\OSA9.EXE [Microsoft Corporation]><N>
[腾讯QQ]
<C:\Documents and Settings\dream\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>
==================================
服务
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[MRTServ / MRTServ]
<C:\WINDOWS\system32\MRTServ.exe><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter]
<"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[VKTServ / VKTServ]
<C:\WINDOWS\system32\VKTServ.exe><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\mspmsnsv.dll><Microsoft Corporation>
==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
<system32\drivers\ac97intc.sys><Intel Corporation>
[C-Media PCI Audio Driver (WDM) / cmpci]
<system32\drivers\cmaudio.sys><C-Media Inc>
[ExpScaner / ExpScaner]
<\??\D:\TDdownload\Rising\Rav\ExpScan.sys><N/A>
[kmsinput / kmsinput]
<\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[NetGroup Packet Filter Driver / Npf]
<system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt]
<\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[TCP/IP Protocol Driver / Tcpip]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
==================================

小鱼莫莫 - 2006-10-8 13:21:00

浏览器加载项
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://tomatolei.com, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
==================================
正在运行的进程
[PID: 440][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 488][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 512][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[PID: 564][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[PID: 576][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[PID: 740][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[PID: 796][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[C:\WINDOWS\system32\WSD_SOCK32.dll] [N/A, N/A]
[PID: 900][d:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[PID: 940][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[C:\WINDOWS\system32\WSD_SOCK32.dll] [N/A, N/A]
[PID: 1044][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[PID: 1120][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[C:\WINDOWS\system32\WSD_SOCK32.dll] [N/A, N/A]
[PID: 1300][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[PID: 1424][C:\WINDOWS\system32\MRTServ.exe] [Microsoft Corporation, 1.18.1507.0]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[PID: 1484][C:\WINDOWS\system32\VKTServ.exe] [Microsoft Corporation, 1.1.2600.2180]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[PID: 1804][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[C:\WINDOWS\system32\WSD_SOCK32.dll] [N/A, N/A]
[PID: 1084][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[C:\WINDOWS\system32\rsrc.dll] [N/A, N/A]
[C:\WINDOWS\Downloaded Program Files\swflash.dll] [N/A, N/A]
[C:\WINDOWS\system32\WSD_SOCK32.dll] [N/A, N/A]
[C:\WINDOWS\system32\KB8965886.LOG] [N/A, N/A]
[D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX] [N/A, N/A]
[PID: 1100][C:\WINDOWS\system32\wscntfy.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[C:\WINDOWS\system32\rsrc.dll] [N/A, N/A]
[PID: 1976][C:\WINDOWS\system32\taskswitch.exe] [N/A, N/A]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[PID: 2016][C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe] [ACD Systems, Ltd., 3,0,9,0]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[C:\WINDOWS\system32\rsrc.dll] [N/A, N/A]
[PID: 160][C:\WINDOWS\Mixer.exe] [C-Media Electronic Inc. (www.cmedia.com.tw), 1.48]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[C:\WINDOWS\System32\cmnprop.dll] [C-Media Corporation, 5.00.2195.9]
[C:\WINDOWS\system32\rsrc.dll] [N/A, N/A]
[PID: 168][C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe] [, 1, 0, 0, 1]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[C:\WINDOWS\System32\cmnprop.dll] [C-Media Corporation, 5.00.2195.9]
[C:\WINDOWS\system32\rsrc.dll] [N/A, N/A]
[PID: 192][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[PID: 1696][C:\WINDOWS\system32\agetltfes.exe] [, ]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[C:\WINDOWS\system32\rsrc.dll] [N/A, N/A]
[PID: 228][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[C:\WINDOWS\system32\rsrc.dll] [N/A, N/A]
[PID: 2516][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[C:\WINDOWS\system32\rsrc.dll] [N/A, N/A]
[PID: 3308][D:\Program Files\Tencent\QQ\QQ.exe] [TENCENT, 0, 0, 0, 0]
[D:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\QQHelperDll.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\BasicCtrlDll.dll] [Tencent, 5, 0, 200, 370]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[C:\WINDOWS\system32\rsrc.dll] [N/A, N/A]
[D:\Program Files\Tencent\QQ\QQAPI.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[D:\Program Files\Tencent\QQ\LoginCtrl.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 6, 27, 1]
[D:\Program Files\Tencent\QQ\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]
[D:\Program Files\Tencent\QQ\QQRes.dll] [tencent, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\QQMainFrame.dll] [N/A, N/A]
[D:\Program Files\Tencent\QQ\CQQApplication.dll] [N/A, N/A]
[D:\Program Files\Tencent\QQ\NewSkin.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\HostingMgr.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\CameraDll.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\MailSummary.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\QQSpace.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\WSD_SOCK32.dll] [N/A, N/A]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[D:\Program Files\Tencent\QQ\QQGroupMng.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\GroupLive.dll] [N/A, N/A]
[D:\Program Files\Tencent\QQ\QQSysMsgMng.dll] [N/A, N/A]
[D:\Program Files\Tencent\QQ\UserDefinedHead.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\QQPlugin.dll] [N/A, N/A]
[D:\Program Files\Tencent\QQ\QQConfigPlugin.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\QQAllInOne.dll] [N/A, N/A]
[D:\Program Files\Tencent\QQ\SCCore.dll] [TENCENT, 2, 0, 0, 1]
[D:\Program Files\Tencent\QQ\QQPet.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\QQCustomFace.dll] [N/A, N/A]
[D:\Program Files\Tencent\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[D:\Program Files\Tencent\QQ\QRingMng.dll] [N/A, N/A]
[D:\Program Files\Tencent\QQ\ImageOle.dll] [TODO: <Company name>, 1.0.0.1]
[D:\Program Files\Tencent\QQ\QQAvatar.dll] [N/A, N/A]
[D:\Program Files\Tencent\QQ\QQSceneMng.dll] [N/A, N/A]
[D:\Program Files\Tencent\QQ\PhoneAPI.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[D:\Program Files\Tencent\QQ\VPortal.dll] [, 1, 0, 0, 4]
[D:\Program Files\Tencent\QQ\LongConnection.dll] [tencent, 5, 0, 200, 160]
[D:\Program Files\Tencent\QQ\BQQApplication.dll] [N/A, N/A]
[D:\Program Files\Tencent\QQ\videodevice.dll] [Tencent, 1, 6, 0, 0]
[D:\Program Files\Tencent\QQ\inplus.dll] [Tencent, 1, 6, 0, 0]
[C:\WINDOWS\system32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
[D:\Program Files\Tencent\QQ\QQMagicFace.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\CommercesMng.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[D:\Program Files\Tencent\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 240]
[D:\Program Files\Tencent\QQ\QQPhoneHelper.dll] [腾讯科技（深圳）有限公司, 2, 0, 6, 60]
[D:\Program Files\Tencent\QQ\GroupConnection.dll] [Tencent, 0, 3, 3, 5]
[D:\Program Files\Tencent\QQ\QQFileTransfer.dll] [Tencent, 0, 3, 3, 5]
[D:\Program Files\Tencent\QQ\QQZip.dll] [tencent, 0, 3, 2, 4]
[PID: 3360][D:\Program Files\Tencent\QQ\TIMPlatfrom.exe] [tencent, 0, 3, 1, 8]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[C:\WINDOWS\system32\rsrc.dll] [N/A, N/A]
[D:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[PID: 3836][D:\TDdownload\HijackThis\HijackThis.exe] [Soeperman Enterprises Ltd., 1.99.0001]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[C:\WINDOWS\system32\rsrc.dll] [N/A, N/A]
[PID: 268][C:\WINDOWS\system32\NOTEPAD.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

小鱼莫莫 - 2006-10-8 13:21:00

[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[C:\WINDOWS\system32\rsrc.dll] [N/A, N/A]
[PID: 1660][D:\TDdownload\ske\TrojanAssistant.exe] [Yahoo! CN, 2.1.2.1003]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[C:\WINDOWS\system32\rsrc.dll] [N/A, N/A]
[D:\TDdownload\ske\fsk.dll] [3721.com, 2, 1, 2, 1030]
[D:\TDdownload\ske\wmpns.dll] [---, 1, 1, 8, 1324]
[C:\WINDOWS\system32\WSD_SOCK32.dll] [N/A, N/A]
[D:\TDdownload\ske\snpmw.dll] [---, 1, 2, 2, 1336]
[PID: 2204][D:\TDdownload\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\WINDOWS\KB896588M.LOG] [N/A, N/A]
[C:\WINDOWS\system32\rsrc.dll] [N/A, N/A]
[C:\WINDOWS\system32\WSD_SOCK32.dll] [N/A, N/A]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
C:\WINDOWS\system32\WSD_SOCK32.dll(N/A, N/A)
MT-TcpFilter
C:\WINDOWS\system32\WSD_SOCK32.dll(N/A, N/A)
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
125.91.1.20 localhost
125.91.1.20 www.7322.com
125.91.1.20 www.5566.net
125.91.1.20 www.v111.com
125.91.1.20 www.gjj.cc
125.91.1.20 www.hao123.com
125.91.1.20 hao123.com
125.91.1.20 www.265.com
125.91.1.20 265.com
125.91.1.20 www.9991.com
125.91.1.20 9991.com
125.91.1.20 www.v111.com
125.91.1.20 www.gjj.cc
61.162.230.31 www.7939.com
61.162.230.31 7939.com
61.162.230.31 59.34.148.98
61.162.230.31 about:blank
61.141.31.11 down.Virussky.com
61.141.31.11 60.191.60.108
61.141.31.11 219.153.20.209
61.141.31.11 forum.ikaka.com
61.141.31.11 bbs.360safe.com
61.141.31.11 www.360safe.com
61.141.31.11 www.piaoxue.com
61.141.31.11 61.129.58.12
61.141.31.11 forum.jiangmin.com
61.141.31.11 luosoft.com
125.91.1.20 post.baidu.com
61.141.31.11 60.191.60.107
61.141.31.11 219.139.58.97
61.141.31.11 59.34.148.81
125.91.1.20 60.191.60.114
125.91.1.20 www.ycdy.com
==================================

水树雨下 - 2006-10-8 13:24:00

安全模式下中止进程后删除
C:\WINDOWS\command\rundll32.exe
C:\WINDOWS\inf\rundll32.exe
C:\WINDOWS\Intel\rundll32.exe
修复
O4 - HKLM\..\Run: [run] C:\WINDOWS\system32\rundll32.exe rsrc.dll s
删除rsrc.dll
修复
O1 - Hosts: 125.91.1.20 localhost
O1 - Hosts: 125.91.1.20 www.7322.com
O1 - Hosts: 125.91.1.20 www.5566.net
O1 - Hosts: 125.91.1.20 www.v111.com
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 125.91.1.20 www.hao123.com
O1 - Hosts: 125.91.1.20 hao123.com
O1 - Hosts: 125.91.1.20 www.265.com
O1 - Hosts: 125.91.1.20 265.com
O1 - Hosts: 125.91.1.20 www.9991.com
O1 - Hosts: 125.91.1.20 9991.com
O1 - Hosts: 125.91.1.20 www.v111.com
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 61.162.230.31 www.7939.com
O1 - Hosts: 61.162.230.31 7939.com
O1 - Hosts: 61.162.230.31 59.34.148.98
O1 - Hosts: 61.162.230.31 about:blank
O1 - Hosts: 61.141.31.11 down.Virussky.com
O1 - Hosts: 61.141.31.11 60.191.60.108
O1 - Hosts: 61.141.31.11 219.153.20.209
O1 - Hosts: 61.141.31.11 forum.ikaka.com
O1 - Hosts: 61.141.31.11 bbs.360safe.com
O1 - Hosts: 61.141.31.11 www.360safe.com
O1 - Hosts: 61.141.31.11 www.piaoxue.com
O1 - Hosts: 61.141.31.11 61.129.58.12
O1 - Hosts: 61.141.31.11 forum.jiangmin.com
O1 - Hosts: 61.141.31.11 luosoft.com
O1 - Hosts: 125.91.1.20 post.baidu.com
O1 - Hosts: 61.141.31.11 60.191.60.107
O1 - Hosts: 61.141.31.11 219.139.58.97
O1 - Hosts: 61.141.31.11 59.34.148.81
O1 - Hosts: 125.91.1.20 60.191.60.114
O1 - Hosts: 125.91.1.20 www.ycdy.com
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
下载LSPFix和WinsockxpFix
用LSPFix修复
O10 - Unknown file in Winsock LSP: c:\windows\system32\wsd_sock32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wsd_sock32.dll
修复后如果不能上网就用WinsockxpFix修复

小鱼莫莫 - 2006-10-8 13:26:00

这丫是不是还中了传说中的viking了呢？
我看到她的声卡驱动里都有这个东西~现在电脑没声音了

小鱼莫莫 - 2006-10-8 13:33:00

迅速的沉了下去………………

水树雨下 - 2006-10-8 13:37:00

这个也删除
C:\WINDOWS\system32\VKTServ.exe
检查一下这个是什么
C:\WINDOWS\system32\MRTServ.exe

小鱼莫莫 - 2006-10-8 13:46:00

这个是俺从网上复制来的：
“网上很难搜到相关知识，用google搜到一条记录，其中有这么一段
30.P00 - 正在运行的服务 - MRTServ，Microsoft Corporation，
相关文件：C:\WINDOWS\system32\MRTServ.exe
内容：C:\WINDOWS\system32\MRTServ.exe
可见是微软自带的系统服务，因此是系统进程。像优化大师、木马克星等软件都可以查到这个进程并给予描述（来源、作用等）。
我在两台装XP的电脑上看了一下，一台电脑的system32下根本没有这个文件，另一台也没有，但有一个MRT.exe程序，我运行了一下，是微软官方的恶意软件清理工具。所以我估计MRTServ.exe是恶意软件免疫程序，是微软对XP的更新或补丁包里的，也可能是其它杀毒软件给你安装的微软的Service Pack。”

小鱼莫莫 - 2006-10-8 13:51:00

又下去了…………………………

小鱼莫莫 - 2006-10-8 13:54:00

哼哧哼哧~~~~

小鱼莫莫 - 2006-10-8 14:12:00

zzq11211 - 2006-10-8 14:26:00

O21 - SSODL: DVDBurn - {790448C3-4239-45AF-C98B-367991A8B103} - C:\WINDOWS\Downloaded Program Files\AfxEdit.dll
还有这个修复删除C:\WINDOWS\Downloaded Program Files\AfxEdit.dll

deadmanzj - 2006-10-8 14:55:00

rsrc.dll这DLL发到我邮箱，找了N天，邮箱见我签名
C:\WINDOWS\system32\VKTServ.exe这个也发过来
修复
O4 - HKLM\..\Run: [SOUNDM] winsmd.exe
O20 - AppInit_DLLs: KB896588M.LOG

删除
winsmd.exe
C:\WINDOWS\KB896588M.LOG

SREng日志里
启动项目注册表删除
<NiceSoft><C:\WINDOWS\system32\Call.exe> [N/A]
<RavUpes><C:\WINDOWS\system32\agetltfes.exe> []

删除对应文件

dreamerforest - 2006-10-8 15:43:00

声音的问题怎么办呢?

我就是楼主说的那个倒霉的...

刚在几个大侠指引下现在终于能进论坛了

不知道有没有完全修复好??

还有就是声音的问题啦!!!

求大侠继续指引~~

水树雨下 - 2006-10-8 15:44:00

重装一下声卡驱动

dreamerforest - 2006-10-8 15:46:00

请教声卡驱动要怎么重装啊??
当年是别人给弄好的 ....

对这些实在是....不懂

水树雨下 - 2006-10-8 15:49:00

找到驱动光盘，运行，跳出安装界面，找到声卡驱动，找不到的话出现安装界面截个图上来

dreamerforest - 2006-10-8 16:24:00

高手先帮我看看我修复后的日志吧

看还有什么问题没啊?? 谢谢谢谢啦

Logfile of HijackThis v1.99.1
Scan saved at 16:12:56, on 2006-10-8
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\MRTServ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\agetltfes.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Tencent\QQ\TIMPlatfrom.exe
D:\TDdownload\ske\TrojanAssistant.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\0Sy.exe
C:\WINDOWS\5Sy.exe
C:\WINDOWS\6Sy.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\TTPlayer\TTPlayer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\TDdownload\HijackThis\HijackThis.exe

F3 - REG:win.ini: load=C:\WINDOWS\rundl132.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [Tray] C:\WINDOWS\command\rundll32.exe
O4 - HKLM\..\Run: [SOUNDM] winsmd.exe
O4 - HKLM\..\Run: [Ljx] C:\WINDOWS\inf\rundll32.exe
O4 - HKLM\..\Run: [zt] C:\WINDOWS\Intel\rundll32.exe
O4 - HKLM\..\Run: [RavUpes] C:\WINDOWS\system32\agetltfes.exe
O4 - HKLM\..\Run: [run] C:\WINDOWS\system32\rundll32.exe rsrc.dll s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 腾讯QQ.lnk = D:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://tomatolei.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://tomatolei.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F137FBA-3041-485B-B0B6-1CDCA0BCFCE8}: NameServer = 218.6.200.139 61.139.2.69
O20 - AppInit_DLLs: KB896588M.LOG
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: VKTServ - Unknown owner - C:\WINDOWS\system32\VKTServ.exe (file missing)

瑞星卡卡安全论坛