请高手指点一下这两个病毒:72812.exe和57171.exe bbs.ikaka.com

恨挂病毒 - 2006-12-18 18:12:00

我的电脑中毒了....555555
在进程里面发现了72812.exe和57171.exe还有1.exe和2.exe这几个进程.
我知道它们肯定是病毒..
麻烦各位高手们帮我解决一下呀~~~
妮儿我万分感谢!!!!!!!!!!!!

与时拒进 - 2006-12-18 18:13:00

扫日志上来（用hjackthis或SREn，见置顶贴，常用小工具）

afkp4e7 - 2006-12-18 18:13:00

贴日志

与时拒进 - 2006-12-18 18:16:00

引用:

【afkp4e7的贴子】贴日志
………………

没下班呐

afkp4e7 - 2006-12-18 18:17:00

正在准备中领导闪我闪

与时拒进 - 2006-12-18 18:19:00

引用:

【afkp4e7的贴子】正在准备中领导闪我闪
………………

我也该做饭了

楼主，不好意思，用你的帖子聊天

afkp4e7 - 2006-12-18 18:21:00

作为补偿你要把楼主的问题解决了

与时拒进 - 2006-12-18 18:22:00

引用:

【afkp4e7的贴子】作为补偿你要把楼主的问题解决了
………………

我先闪了

afkp4e7 - 2006-12-18 18:22:00

System Repair Engineer
http://www.KZTechs.com有下的

附件: 79532220061218181438.JPG

恨挂病毒 - 2006-12-18 18:23:00

倒塌~~~非得贴日志吗？
你还真会找地方呀#35``

afkp4e7 - 2006-12-18 18:24:00

没有日志看不出加载方法，只能蒙。

afkp4e7 - 2006-12-18 18:30:00

引用:

【与时拒进的贴子】
我先闪了
………………

做人要厚道

恨挂病毒 - 2006-12-18 18:39:00

但是我不会扫呀...

afkp4e7 - 2006-12-18 18:41:00

http://www.kztechs.com/sreng/sreng2.zip
下载解压缩运行
智能扫描
保存日志贴上来

附件: 79532220061218183305.JPG

恨挂病毒 - 2006-12-18 18:44:00

2006-12-18,18:32:43

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><Internat.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<IgfxTray><C:\WINNT\system32\igfxtray.exe> [Intel Corporation]
<HotKeysCmds><C:\WINNT\system32\hkcmd.exe> [Intel Corporation]
<DeviceDiscovery><C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe> [Hewlett-Packard]
<HP Software Update><C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe> []
<HPDJ Taskbar Utility><C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe> [HP]
<wdfmgr32><C:\WINNT\system32\wdfmgr32.exe> []
<mhs2><C:\DOCUME~1\fz\LOCALS~1\Temp\1.exe> []
<wlzs2><C:\DOCUME~1\fz\LOCALS~1\Temp\72812.exe> []
<wlzs><C:\DOCUME~1\fz\LOCALS~1\Temp\2.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><userinit.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{54D9498B-CF93-414F-8984-8CE7FDE0D391}><C:\Program Files\ewido anti-malware\shellhook.dll> []
<{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\System64.sys> []

恨挂病毒 - 2006-12-18 18:45:00

==================================
启动文件夹
[InterVideo WinCinema Manager]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\InterVideo WinCinema Manager.lnk><N>
[Microsoft Office]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk><N>
[Service Manager]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Service Manager.lnk><H>
[cdnie]
<C:\Documents and Settings\fz\「开始」菜单\程序\启动\cdnie.lnk><H>
[腾讯QQ]
<C:\Documents and Settings\fz\「开始」菜单\程序\启动\腾讯QQ.lnk><N>

==================================
服务
[Autodesk Lioansing Service / Autodesk Lioansing Service]
<C:\Program Files\Common Files\Autodesk Shared\Service\AdekSvSrv.exe><N/A>
[Logical Disk Manager Administrative Service / dmadmin]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[COM Ent System / EeSystem]
<C:\WINNT\System32\service.exe><N/A>
[Event_Log / Event log]
<C:\Documents and Settings\All Users\「开始」菜单\程序\heelp\kv.exe><N/A>
[ewido security suite control / ewido security suite control]
<C:\Program Files\ewido anti-malware\ewidoctrl.exe><ewido networks>
[ewido security suite guard / ewido security suite guard]
<C:\Program Files\ewido anti-malware\ewidoguard.exe><ewido networks>
[Explore / Explore]
<C:\WINNT\Explore.exe><N/A>
[GrayPigeon_Hacker.com.cn / GrayPigeon_Hacker.com.cn]
<C:\WINNT\Hacker.com.cn.exe><N/A>
[hpdj / hpdj]
<C:\DOCUME~1\fz\LOCALS~1\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 3500 series -product=><HP>
[SYSTEM / SYSTEM]
<C:\WINNT\SVCHOST.exe><N/A>

==================================
浏览器加载项
[IeCatch5 Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <F:\PROGRA~1\FLASHGET\jccatch.dll, FlashGet>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <F:\PROGRA~1\FLASHGET\flashget.exe, FlashGet.com>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <E:\Program Files\Tencent\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINNT\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[VqqSpeedDlProxy Class]
{F138084D-84D7-48CD-BEA8-04772457516E} <C:\WINNT\vqqsdl.dll, Tencent>
[上传到QQ网络硬盘]
<E:\Program Files\Tencent\AddToNetDisk.htm, N/A>
[使用网际快车下载]
<F:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<F:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
<E:\Program Files\Tencent\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\Program Files\Tencent\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<E:\Program Files\Tencent\SendMMS.htm, N/A>

恨挂病毒 - 2006-12-18 18:45:00

==================================
正在运行的进程
[PID: 152][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 176][\??\C:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 172][\??\C:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6997>
[PID: 224][C:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.7035>
[C:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3>
[PID: 236][C:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.7011>
[PID: 412][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 448][C:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.7059>
[C:\WINNT\system32\hpzsnt08.dll] <HP><2,223,0,0>
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\hpzpm308.dll] <HP><2,223,0,0>
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\hpz2ku08.dll] <HP><2,223,0,0>
[PID: 480][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 496][C:\Program Files\ewido anti-malware\ewidoctrl.exe] <ewido networks><3, 0, 0, 1>
[C:\Program Files\ewido anti-malware\lang.dll] <privat><1, 0, 0, 1>
[PID: 600][C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe] <Microsoft Corporation><2000.080.0194.00>
[PID: 700][C:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6972>
[PID: 812][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><5.00.2920.0000>
[PID: 820][C:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100>
[PID: 832][C:\WINNT\system32\mspmspsv.exe] <Microsoft Corporation><7.10.00.3059>
[PID: 852][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 988][C:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690>
[C:\Program Files\ewido anti-malware\shellhook.dll] <N/A><N/A>
[F:\PROGRA~1\FLASHGET\jccatch.dll] <FlashGet><1, 1, 5, 0>
[C:\WINNT\system32\hccutils.DLL] <Intel Corporation><3.0.0.3889>
[C:\WINNT\system32\igfxres.dll] <Intel Corporation><3.0.0.3889>
[C:\WINNT\system32\igfxress.dll] <Intel Corporation><3.0.0.3889>
[C:\WINNT\system32\ALSNDMGR.CPL] <Realtek Semiconductor Corp.><2.2.0.34>
[C:\WINNT\system32\igfxcpl.cpl] <Intel Corporation><3.0.0.3889>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\ewido anti-malware\context.dll] <ewido networks><1.0.0.1>
[C:\Program Files\ewido anti-malware\lang.dll] <privat><1, 0, 0, 1>
[PID: 1116][C:\WINNT\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.30>
[PID: 1120][C:\WINNT\system32\igfxtray.exe] <Intel Corporation><3.0.0.3889>
[C:\WINNT\system32\hccutils.DLL] <Intel Corporation><3.0.0.3889>
[C:\WINNT\system32\igfxdev.dll] <Intel Corporation><3.0.0.3889>
[C:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.3889>
[C:\WINNT\system32\igfxres.dll] <Intel Corporation><3.0.0.3889>
[C:\WINNT\system32\igfxress.dll] <Intel Corporation><3.0.0.3889>
[PID: 1136][C:\WINNT\system32\hkcmd.exe] <Intel Corporation><3.0.0.3889>
[C:\WINNT\system32\hccutils.DLL] <Intel Corporation><3.0.0.3889>
[C:\WINNT\system32\igfxdev.dll] <Intel Corporation><3.0.0.3889>
[C:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.3889>
[C:\WINNT\system32\igfxhk.dll] <Intel Corporation><3.0.0.3889>
[C:\WINNT\system32\igfxres.dll] <Intel Corporation><3.0.0.3889>
[PID: 1148][C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe] <Hewlett-Packard><1, 0, 0, 1>
[C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvd08.dll] <Hewlett-Packard><2, 0, 2, 2>
[C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll] <Hewlett-Packard Co.><4.2.0.127>
[PID: 1156][C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe] <N/A><N/A>
[PID: 1172][C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe] <HP><2,223,0,0>
[C:\WINNT\system32\spool\drivers\w32x86\3\HPZR3208.DLL] <HP><2,223,0,0>
[PID: 1240][C:\WINNT\system32\Internat.exe] <Microsoft Corporation><5.00.2920.0000>
[PID: 1284][C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe] <><1.0>
[PID: 1512][C:\Program Files\Microsoft Office\Office10\MSACCESS.exe] <Microsoft Corporation><10.0.2627>
[c:\book7\WinSet32.dll] <N/A><N/A>
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\hpzpm308.dll] <HP><2,223,0,0>
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\hpz2ku08.dll] <HP><2,223,0,0>

afkp4e7 - 2006-12-18 18:45:00

偶要下班了，你贴上没人管的话，我到家帮你看。

恨挂病毒 - 2006-12-18 18:46:00

[PID: 548][E:\Program Files\Tencent\QQ.exe] <TENCENT><0, 0, 0, 0>
[E:\Program Files\Tencent\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\QQHelperDll.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\BasicCtrlDll.dll] <Tencent><5, 0, 200, 370>
[E:\Program Files\Tencent\QQAPI.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\TIMProxy.dll] <tencent><0, 3, 2, 4>
[E:\Program Files\Tencent\LoginCtrl.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 6, 27, 1>
[E:\Program Files\Tencent\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[E:\Program Files\Tencent\QQRes.dll] <tencent><1, 0, 0, 1>
[E:\Program Files\Tencent\WizardCtrl.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\QQMainFrame.dll] <N/A><N/A>
[C:\WINNT\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[E:\Program Files\Tencent\CQQApplication.dll] <N/A><N/A>
[E:\Program Files\Tencent\NewSkin.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\HostingMgr.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\CameraDll.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\MailSummary.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINNT\system32\msdmo.dll] <N/A><N/A>
[E:\Program Files\Tencent\QQGroupMng.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\GroupLive.dll] <N/A><N/A>
[E:\Program Files\Tencent\QQSysMsgMng.dll] <N/A><N/A>
[E:\Program Files\Tencent\QQAllInOne.dll] <N/A><N/A>
[E:\Program Files\Tencent\SCCore.dll] <TENCENT><2, 0, 0, 1>
[E:\Program Files\Tencent\QQCustomFace.dll] <N/A><N/A>
[E:\Program Files\Tencent\QQPet.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\LongConnection.dll] <tencent><5, 0, 200, 160>
[E:\Program Files\Tencent\QQPlugin.dll] <N/A><N/A>
[E:\Program Files\Tencent\ShareFiles.dll] <N/A><N/A>
[E:\Program Files\Tencent\QQZip.dll] <tencent><0, 3, 2, 4>
[E:\Program Files\Tencent\UserDefinedHead.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\QQConfigPlugin.dll] <><1, 0, 0, 1>
[C:\Program Files\ewido anti-malware\shellhook.dll] <N/A><N/A>
[E:\Program Files\Tencent\QRingMng.dll] <N/A><N/A>
[E:\Program Files\Tencent\PhoneAPI.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[E:\Program Files\Tencent\VPortal.dll] <><1, 0, 0, 4>
[E:\Program Files\Tencent\QQFileTransfer.dll] <Tencent><0, 3, 3, 5>
[E:\Program Files\Tencent\QQAvatar.dll] <N/A><N/A>
[E:\Program Files\Tencent\FlashAvatarDll.dll] <><1, 4, 0, 1>
[E:\Program Files\Tencent\QQSceneMng.dll] <N/A><N/A>
[E:\Program Files\Tencent\ImageOle.dll] <TODO: <Company name>><1.0.0.1>
[E:\Program Files\Tencent\QQMagicFace.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\BQQApplication.dll] <N/A><N/A>
[E:\Program Files\Tencent\GroupConnection.dll] <Tencent><0, 3, 3, 5>
[E:\Program Files\Tencent\CommercesMng.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
[E:\Program Files\Tencent\QQAddr.dll] <深圳市腾讯计算机系统有限公司><5, 0, 101, 240>
[E:\Program Files\Tencent\QQPhoneHelper.dll] <腾讯科技（深圳）有限公司><2, 1, 1, 12>
[E:\Program Files\Tencent\QQSettingCtrl.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\QQTProxy.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\zlib1.dll] <N/A><1.2.1>
[E:\Program Files\Tencent\VqqModule.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\VqqAllInOne.dll] <Tencent><1, 6, 0, 0>
[E:\Program Files\Tencent\InPlus.dll] <Tencent><1, 6, 0, 0>
[E:\Program Files\Tencent\tencent-proto1.dll] <tencent><1, 6, 0, 0>
[E:\Program Files\Tencent\tencent-comlib.dll] <tencent><1, 6, 0, 0>
[E:\Program Files\Tencent\tencent-proto2.dll] <tencent><1, 6, 0, 0>
[PID: 264][E:\Program Files\Tencent\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[E:\Program Files\Tencent\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 1164][E:\Program Files\Tencent\qqpet\qqpet.exe] <腾讯公司><2, 43, 101, 2>
[E:\Program Files\Tencent\qqpet\Pnet.dll] <N/A><N/A>
[E:\Program Files\Tencent\qqpet\QQPetResDownload.dll] <><6, 1, 101, 1>
[E:\Program Files\Tencent\qqpet\QQPetCommunity.dll] <><6, 3, 101, 1>
[C:\WINNT\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 776][E:\Program Files\Tencent\QQ.exe] <TENCENT><0, 0, 0, 0>
[E:\Program Files\Tencent\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\QQHelperDll.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\BasicCtrlDll.dll] <Tencent><5, 0, 200, 370>
[E:\Program Files\Tencent\QQAPI.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\TIMProxy.dll] <tencent><0, 3, 2, 4>
[E:\Program Files\Tencent\LoginCtrl.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 6, 27, 1>
[E:\Program Files\Tencent\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[E:\Program Files\Tencent\QQRes.dll] <tencent><1, 0, 0, 1>
[E:\Program Files\Tencent\WizardCtrl.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\QQMainFrame.dll] <N/A><N/A>
[C:\WINNT\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[E:\Program Files\Tencent\CQQApplication.dll] <N/A><N/A>
[E:\Program Files\Tencent\NewSkin.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\HostingMgr.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\CameraDll.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\MailSummary.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINNT\system32\msdmo.dll] <N/A><N/A>
[E:\Program Files\Tencent\QQGroupMng.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\GroupLive.dll] <N/A><N/A>
[E:\Program Files\Tencent\UserDefinedHead.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\QQPlugin.dll] <N/A><N/A>
[E:\Program Files\Tencent\QQConfigPlugin.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\LongConnection.dll] <tencent><5, 0, 200, 160>
[E:\Program Files\Tencent\QQSettingCtrl.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\QQSysMsgMng.dll] <N/A><N/A>
[E:\Program Files\Tencent\QRingMng.dll] <N/A><N/A>
[E:\Program Files\Tencent\PhoneAPI.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[E:\Program Files\Tencent\VPortal.dll] <><1, 0, 0, 4>
[E:\Program Files\Tencent\QQAllInOne.dll] <N/A><N/A>
[E:\Program Files\Tencent\SCCore.dll] <TENCENT><2, 0, 0, 1>
[E:\Program Files\Tencent\QQFileTransfer.dll] <Tencent><0, 3, 3, 5>
[E:\Program Files\Tencent\QQAvatar.dll] <N/A><N/A>
[E:\Program Files\Tencent\FlashAvatarDll.dll] <><1, 4, 0, 1>
[E:\Program Files\Tencent\QQPet.dll] <><1, 0, 0, 1>
[C:\Program Files\ewido anti-malware\shellhook.dll] <N/A><N/A>
[E:\Program Files\Tencent\BQQApplication.dll] <N/A><N/A>
[E:\Program Files\Tencent\QQCustomFace.dll] <N/A><N/A>
[E:\Program Files\Tencent\QQSceneMng.dll] <N/A><N/A>
[E:\Program Files\Tencent\ImageOle.dll] <TODO: <Company name>><1.0.0.1>
[E:\Program Files\Tencent\GroupConnection.dll] <Tencent><0, 3, 3, 5>
[E:\Program Files\Tencent\CommercesMng.dll] <><1, 0, 0, 1>
[E:\Program Files\Tencent\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
[E:\Program Files\Tencent\QQAddr.dll] <深圳市腾讯计算机系统有限公司><5, 0, 101, 240>
[E:\Program Files\Tencent\QQZip.dll] <tencent><0, 3, 2, 4>
[PID: 1208][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><5.00.2920.0000>
[F:\PROGRA~1\FLASHGET\jccatch.dll] <FlashGet><1, 1, 5, 0>
[C:\WINNT\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 1520][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><5.00.2920.0000>
[F:\PROGRA~1\FLASHGET\jccatch.dll] <FlashGet><1, 1, 5, 0>
[C:\WINNT\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 1712][C:\Documents and Settings\fz\桌面\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

恨挂病毒 - 2006-12-18 18:46:00

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP Error. [winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

恨挂病毒 - 2006-12-18 18:47:00

嗯嗯....万分感谢....
没人管我也要自己顶上去......

afkp4e7 - 2006-12-18 18:50:00

安全模式下用System Repair Engineer在启动中删除
<wdfmgr32><C:\WINNT\system32\wdfmgr32.exe> []
<mhs2><C:\DOCUME~1\fz\LOCALS~1\Temp\1.exe> []
<wlzs2><C:\DOCUME~1\fz\LOCALS~1\Temp\72812.exe> []
<wlzs><C:\DOCUME~1\fz\LOCALS~1\Temp\2.exe> []
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{54D9498B-CF93-414F-8984-8CE7FDE0D391}><C:\Program Files\ewido anti-malware\shellhook.dll> []
<{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\System64.sys> []
删除
[cdnie]
<C:\Documents and Settings\fz\「开始」菜单\程序\启动\cdnie.lnk><H>
服务
删除
[COM Ent System / EeSystem]
<C:\WINNT\System32\service.exe><N/A>
[Event_Log / Event log]
<C:\Documents and Settings\All Users\「开始」菜单\程序\heelp\kv.exe><N/A>
Explore / Explore]
<C:\WINNT\Explore.exe><N/A>
[GrayPigeon_Hacker.com.cn / GrayPigeon_Hacker.com.cn]
<C:\WINNT\Hacker.com.cn.exe><N/A>
[SYSTEM / SYSTEM]
<C:\WINNT\SVCHOST.exe><N/A>

afkp4e7 - 2006-12-18 18:52:00

日志不全啊驱动部分呢

afkp4e7 - 2006-12-18 18:55:00

删除服务
选上隐藏已认证微软项目
找到那几个要删的服务点中一个点删除点设置再点否
删除相应的文件

附件: 79532220061218184633.JPG

6981313 - 2006-12-18 18:57:00

使用SRENG得联网,如果SRENG要求联网,你的防火会报警,记它联,否则扫不出驱动部分.

afkp4e7 - 2006-12-18 19:00:00

偶闪有不足的高手补充

6981313 - 2006-12-18 19:02:00

<{54D9498B-CF93-414F-8984-8CE7FDE0D391}><C:\Program Files\ewido anti-malware\shellhook.dll>
这个不要删!

红夜鬼1 - 2006-12-18 19:11:00

COM Ent System / EeSystem]
<C:\WINNT\System32\service.exe><N/A>

这个好像是正常的

恨挂病毒 - 2006-12-22 18:50:00

晕了呀...版主咧...请版主给指点一下吧.~~
我本来就笨不会的...结果他们一说说得我更晕了~~~
谢谢了谢谢了!!!!!

恨挂病毒 - 2006-12-22 20:20:00

请求版主帮我解决一下这个问题吧~~~

瑞星卡卡安全论坛