瑞星卡卡安全论坛

我的机子中毒甚深，mswsock30.dll等用KILLBOX都不能删除！附日志！请各大侠帮帮！！！HijackThis_zww汉化版扫描日志 V1.99.1
保存于      12:15:23, 日期 2006-11-28
操作系统：  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器：    Internet Explorer v5.00 SP4 (5.00.2920.0000)

当前运行的进程：         
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\winnt\system32\spoolsv.exe
C:\WINNT\system32\msdtc.exe
C:\WINNT\system32\svchost.exe
C:\winnt\System32\llssrv.exe
C:\winnt\system32\regsvc.exe
C:\winnt\system32\MSTask.exe
C:\winnt\System32\WBEM\WinMgmt.exe
C:\winnt\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\winnt\system32\Dfssvc.exe
C:\winnt\System32\svchost.exe
C:\winnt\Explorer.EXE
C:\winnt\system32\Internat.exe
C:\winnt\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\mdm.exe
D:\tsw\Tools\专\HIJACKTHIS\HijackThis1991zww.exe

O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - E:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O2 - BHO: Fav Manager - {CD8BFE70-5809-4C73-9EEE-E5672C2B79D7} - C:\Program Files\Deepdo\DeepdoBar\Favorite\FavBlock.dll
O3 - IE工具栏增项: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - E:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O4 - HKCU\..\Run: [Internat.exe] Internat.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] E:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - E:\Program Files\tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - E:\Program Files\tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\Program Files\tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - E:\Program Files\tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\tencent\QQ\QQ.EXE
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - 添加的受信任的 IP 地址范围: http://202.197.7.49
O15 - 添加的受信任的 IP 地址范围: http://202.197.7.49
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {6A9735F1-72AA-49E9-9981-A13C3FD8641B} (WuYou.WySystem) - http://0f4d08f66a22427/WebExam/Activex/WySystem.cab
O16 - DPF: {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} (Tencent Safety Online Base Module) - http://safe.qq.com/cgi-bin/tso/TSOBase.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD7AB7C6-7B59-4C43-AEC3-9DE22622061A}: NameServer = 202.197.7.86,202.103.86.3
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

2006-11-28,12:18:37

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Server Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><Internat.exe>  [Microsoft Corporation]
    <Super Rabbit IEPro><E:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD>  [Super Rabbit Soft]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <NiceMs><C:\Program Files\Internet Explorer\PLUGINS\temp.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <UserInit><usrinit.exe>  []
    <WinAutoUp><C:\winnt\AutoUp.exe>  []
    <adsnt><C:\winnt\AdsNT.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINNT\SYSTEM32\Userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []

==================================
启动文件夹
服务
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\winnt\System32\dmadmin.exe /com><VERITAS Software Corp.>
[InstallDriver Table Manager / IDriverT]
  <C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe><Macrovision Corporation>

==================================
浏览器加载项
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <E:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[FavHook Class]
  {CD8BFE70-5809-4C73-9EEE-E5672C2B79D7} <C:\Program Files\Deepdo\DeepdoBar\Favorite\FavBlock.dll, Deepdo.com,  Inc.>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Program Files\tencent\QQ\QQ.EXE, TENCENT>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <E:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\winnt\system32\aliedit\AliEdit.dll, www.alipay.com>
[WuYou.WySystem]
  {6A9735F1-72AA-49E9-9981-A13C3FD8641B} <C:\WINNT\system32\WYSYSTEM.OCX, WuYou>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINNT\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
  <E:\Program Files\tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <E:\Program Files\tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\Program Files\tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\Program Files\tencent\QQ\SendMMS.htm, N/A>

正在运行的进程
[PID: 156][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 180][\??\C:\winnt\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 200][\??\C:\winnt\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6714>
[PID: 228][C:\winnt\system32\services.exe]  <Microsoft Corporation><5.00.2195.6700>
    [C:\winnt\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
    [C:\winnt\system32\mswsock30.dll]  <N/A><N/A>
[PID: 240][C:\winnt\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.6695>
    [C:\winnt\system32\mswsock30.dll]  <N/A><N/A>
[PID: 444][C:\winnt\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
    [C:\winnt\system32\mswsock30.dll]  <N/A><N/A>
[PID: 468][C:\winnt\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.6659>
    [C:\winnt\system32\OLFMNT40.DLL]  <Microsoft Corporation><9.0.98.0105>
    [C:\winnt\system32\spool\PRTPROCS\W32X86\olfpnt40.dll]  <Microsoft Corporation><9.0.98.0105>
    [C:\winnt\system32\mswsock30.dll]  <N/A><N/A>
[PID: 496][C:\WINNT\system32\msdtc.exe]  <Microsoft Corporation><1999.9.3421.3>
    [C:\winnt\system32\mswsock30.dll]  <N/A><N/A>
[PID: 604][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 632][C:\winnt\System32\llssrv.exe]  <Microsoft Corporation><5.00.2195.6697>
[PID: 696][C:\winnt\system32\regsvc.exe]  <Microsoft Corporation><5.00.2195.6701>
[PID: 712][C:\winnt\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6704>
    [C:\winnt\system32\mswsock30.dll]  <N/A><N/A>
[PID: 744][C:\winnt\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 788][C:\winnt\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
    [C:\winnt\system32\mswsock30.dll]  <N/A><N/A>
[PID: 800][C:\WINNT\system32\inetsrv\inetinfo.exe]  <Microsoft Corporation><5.00.0984>
    [C:\winnt\system32\mswsock30.dll]  <N/A><N/A>
[PID: 1036][C:\winnt\system32\Dfssvc.exe]  <Microsoft Corporation><5.00.2195.6664>
[PID: 1280][C:\winnt\System32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 1436][C:\winnt\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [C:\winnt\system32\mswsock30.dll]  <N/A><N/A>
[PID: 372][C:\winnt\system32\Internat.exe]  <Microsoft Corporation><5.00.2920.0000>
    [C:\winnt\system32\mswsock30.dll]  <N/A><N/A>
[PID: 1272][C:\winnt\system32\wuauclt.exe]  <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
    [C:\winnt\system32\mswsock30.dll]  <N/A><N/A>
[PID: 888][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><5.00.2920.0000>
    [C:\winnt\system32\mswsock30.dll]  <N/A><N/A>
    [E:\Program Files\Super Rabbit\MagicSet\haokanbar.dll]  <Xiang Feng Technology><2, 2, 0, 1612>
    [C:\Program Files\Deepdo\DeepdoBar\Favorite\FavBlock.dll]  <Deepdo.com,  Inc.><1, 0, 0, 1>
    [C:\Program Files\Deepdo\DeepdoBar\Favorite\Favorite.dll]  <Deepdo.com,  Inc.><1, 0, 0, 1>
    [C:\WINNT\system32\Macromed\Flash\Flash8b.ocx]  <Macromedia, Inc.><8,0,24,0>
[PID: 1540][C:\WINNT\system32\mdm.exe]  <Microsoft Corporation><6.00.8424>
    [C:\winnt\system32\mswsock30.dll]  <N/A><N/A>
[PID: 320][D:\tsw\Tools\专\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\winnt\system32\mswsock30.dll]  <N/A><N/A>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\winnt\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\mswsock30.dll,
这个文件想尽办法都不能删除。实在没办法了。请高手们帮帮吧！

【回复“tswly9401”的帖子】
修复
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

＝＝＝＝＝＝＝＝＝＝

(注意：此操作应该在断网或安全模式下进行)

http://cexx.org/lspfix.htm
下载LSPFix.exe
修复010项中的c:\winnt\system32\mswsock30.dll
修复方法参考图片
注意这次应该选中mswsock30.dll

若用LSPFix.exe修复后还是不能上网
建议用WinsockFix修复注册表
WinsockFix下载：
http://www.winsockfix.nl/

附件: 36405220061128162447.jpg