【求助】高手来看看崩溃了从未看过的东西。 bbs.ikaka.com

xiaobaoak - 2007-1-1 12:15:00

开机就有8isy8is.exe 我也知道到是什么是未知的东西删了重启又出现了

后来我进不安全模式发现进不去。。只得重新装系统了了

装了以后能进安全模式装好了我就睡觉了晚上家里人玩结果早上开机又有了一个n8tevg.exe

结果进不去安全模式了。。发现这2个东西都在同一个目录下面名字不一样我看都像一个东西。。现在又进不去安全模式了进去检查完文件后就黑屏到重启了帮帮啊。。我不想在装系统了

水树雨下 - 2007-1-1 12:16:00

mizuki.ys168.com下载System Repair Engineer扫个日志上来，一次贴不完分段贴，不要修改

xiaobaoak - 2007-1-1 13:21:00

CODE]

2007-01-01,13:09:02

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SoundMan><SOUNDMAN.EXE> [(Verified)Realtek Semiconductor Corp.]
<AME_CSA><rundll32 amecsa.cpl,RUN_DLL> [Alcatel Microelectronics]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AmeLanPc / AmeLanPc][Running/Manual Start]
<system32\DRIVERS\AmeLanPc.sys><Alcatel Microelectronics>
[EagleNT / EagleNT][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\E:\QQ2006\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>

==================================
浏览器加载项
[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[易趣购物]
{BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} <http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-151?cn=song;icon;hp&mpro=http://www.ebay.com.cn, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[PowerPlr Control]
{2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, Powerise Digital>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[PowerPlr Control]
{2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, Powerise Digital>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>

xiaobaoak - 2007-1-1 13:22:00

==================================
正在运行的进程
[PID: 452][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 668][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 692][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 736][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 748][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 888][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 936][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 988][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1032][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1104][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1380][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\1i3o9.dll] [N/A, N/A]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.8198]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.8198]
[C:\WINDOWS\system32\nvshell.dll] [N/A, N/A]
[E:\QQ2006\q06g.dll] [N/A, N/A]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[PID: 1492][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1608][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.00]
[C:\WINDOWS\system32\1i3o9.dll] [N/A, N/A]
[E:\QQ2006\q06g.dll] [N/A, N/A]
[PID: 1616][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\amecsa.cpl] [Alcatel Microelectronics, 2, 0, 0, 20]
[C:\WINDOWS\system32\MultLang.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\1i3o9.dll] [N/A, N/A]
[E:\QQ2006\q06g.dll] [N/A, N/A]
[PID: 1624][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\1i3o9.dll] [N/A, N/A]
[E:\QQ2006\q06g.dll] [N/A, N/A]
[PID: 1644][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\1i3o9.dll] [N/A, N/A]
[E:\QQ2006\q06g.dll] [N/A, N/A]
[PID: 1688][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.8198]
[PID: 1728][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 352][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580][E:\QQ2006\QQ.exe] [TENCENT, 0, 0, 0, 0]
[E:\QQ2006\CoralAssist.DLL] [Coral Team, 4.5.0 build 20060515]
[E:\QQ2006\CoralQQ.DLL] [Coral Team, 4.5.4 Build 20061001]
[E:\QQ2006\ipsearcher.dll] [N/A, 1.0.0.4]
[E:\QQ2006\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[E:\QQ2006\QQHelperDll.dll] [, 1, 0, 0, 1]
[E:\QQ2006\BasicCtrlDll.dll] [Tencent, 5, 0, 200, 370]
[C:\WINDOWS\system32\1i3o9.dll] [N/A, N/A]
[E:\QQ2006\QQAPI.dll] [, 1, 0, 0, 1]
[E:\QQ2006\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[E:\QQ2006\q06g.dll] [N/A, N/A]
[E:\QQ2006\LoginCtrl.dll] [, 1, 0, 0, 1]
[E:\QQ2006\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 6, 27, 1]
[E:\QQ2006\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]
[E:\QQ2006\QQRes.dll] [tencent, 1, 0, 0, 1]
[E:\QQ2006\QQMainFrame.dll] [N/A, N/A]
[E:\QQ2006\CQQApplication.dll] [N/A, N/A]
[E:\QQ2006\NewSkin.dll] [, 1, 0, 0, 1]
[E:\QQ2006\HostingMgr.dll] [, 1, 0, 0, 1]
[E:\QQ2006\CameraDll.dll] [, 1, 0, 0, 1]
[E:\QQ2006\MailSummary.dll] [, 1, 0, 0, 1]
[E:\QQ2006\QQSpace.dll] [, 1, 0, 0, 1]
[E:\QQ2006\QQAllInOne.dll] [N/A, N/A]
[E:\QQ2006\GroupLive.dll] [N/A, N/A]
[E:\QQ2006\SCCore.dll] [TENCENT, 2, 0, 0, 1]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[E:\QQ2006\QQGroupMng.dll] [, 1, 0, 0, 1]
[E:\QQ2006\QQCustomFace.dll] [N/A, N/A]
[E:\QQ2006\QQSysMsgMng.dll] [N/A, N/A]
[E:\QQ2006\UserDefinedHead.dll] [, 1, 0, 0, 1]
[E:\QQ2006\QQPlugin.dll] [N/A, N/A]
[E:\QQ2006\QQConfigPlugin.dll] [, 1, 0, 0, 1]
[E:\QQ2006\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[E:\QQ2006\QQAvatar.dll] [N/A, N/A]
[E:\QQ2006\LongConnection.dll] [tencent, 5, 0, 200, 160]
[E:\QQ2006\QQPet.dll] [, 1, 0, 0, 1]
[E:\QQ2006\QRingMng.dll] [N/A, N/A]
[E:\QQ2006\PhoneAPI.dll] [, 1, 0, 0, 1]
[E:\QQ2006\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[E:\QQ2006\VPortal.dll] [, 1, 0, 0, 4]
[E:\QQ2006\BQQApplication.dll] [N/A, N/A]
[E:\QQ2006\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[E:\QQ2006\CommercesMng.dll] [, 1, 0, 0, 1]
[E:\QQ2006\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 240]
[E:\QQ2006\QQSceneMng.dll] [N/A, N/A]
[E:\QQ2006\QQPhoneHelper.dll] [腾讯科技（深圳）有限公司, 2, 1, 2, 23]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[E:\QQ2006\ImageOle.dll] [TODO: <Company name>, 1.0.0.1]
[PID: 1332][E:\QQ2006\TIMPlatform.exe] [tencent, 0, 3, 1, 8]
[C:\WINDOWS\system32\1i3o9.dll] [N/A, N/A]
[E:\QQ2006\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[E:\QQ2006\q06g.dll] [N/A, N/A]
[PID: 560][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\QQ2006\q06g.dll] [N/A, N/A]
[C:\WINDOWS\system32\1i3o9.dll] [N/A, N/A]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[PID: 3964][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\QQ2006\q06g.dll] [N/A, N/A]
[C:\WINDOWS\system32\1i3o9.dll] [N/A, N/A]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[PID: 288][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\QQ2006\q06g.dll] [N/A, N/A]
[C:\WINDOWS\system32\1i3o9.dll] [N/A, N/A]
[PID: 2164][C:\Documents and Settings\CDM\My Documents\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[E:\QQ2006\q06g.dll] [N/A, N/A]
[C:\WINDOWS\system32\1i3o9.dll] [N/A, N/A]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

xiaobaoak - 2007-1-1 13:22:00

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
61.141.31.11 www.kzdh.com
61.141.31.11 www.7255.com
61.141.31.11 www.7322.com
61.141.31.11 www.7939.com
61.141.31.11 www.piaoxue.com
61.141.31.11 www.feixu.net
61.141.31.11 www.6781.com
61.141.31.11 www.7b.com.cn
61.141.31.11 7b.com.cn
61.141.31.11 www.918188.com
61.141.31.11 hao.allxue.com
61.141.31.11 good.allxue.com
61.141.31.11 baby.allxue.com
61.141.31.11 www.allxue.com
61.141.31.11 about.lank.la
61.141.31.11 www.x114x.com
61.141.31.11 www.37ss.com
61.141.31.11 www.7k.cc
61.141.31.11 www.73ss.com
61.141.31.11 www.hao123.com
61.141.31.11 www.81915.com
61.141.31.11 222.88.90.22
61.141.31.11 www.9991.com
61.141.31.11 www.my123.com
61.141.31.11 www.haokan123.com
61.141.31.11 www.5566.net
61.141.31.11 www.gjj.cc
61.141.31.11 www.2345.com
127.0.0.1 dl.hao318.com
61.141.31.11 www.123wa.com
61.141.31.11 www.ku886.com
61.141.31.11 www.5icrack.com
61.141.31.11 www.jjol.cn
127.0.0.1 www.rising.com.cn
127.0.0.1 tool.ikaka.com
127.0.0.1 www.ikaka.com
127.0.0.1 update.rising.com.cn
127.0.0.1 online.rising.com.cn
127.0.0.1 up.rising.com.cn
127.0.0.1 go.rising.com.cn
127.0.0.1 it.rising.com.cn
127.0.0.1 rising.com.cn
127.0.0.1 ikaka.com
127.0.0.1 www.360safe.com
61.141.31.11 www.xinhai168.com
61.141.31.11 ooooos.com
61.141.31.11 www.ooooos.com
61.141.31.11 www.8757.com
61.141.31.11 4199.5009.com
61.141.31.11 220.181.34.241

==================================
API HOOK
警告！System Repair Engineer 提醒
你下面的函数内容与预期值不符，他
们可能被一些恶意的软件所修改：
入口点错误：RegEnumValueA
入口点错误：RegEnumValueW

==================================

[/CODE]

xiaobaoak - 2007-1-1 13:23:00

扫描完毕了。。还有老提示有4199流氓杀不掉用优化大师流氓清除杀的

xiaobaoak - 2007-1-1 14:49:00

大大看看啊

xiaobaoak - 2007-1-1 17:17:00

大大们？？帮帮啊。。有救没

xiaobaoak - 2007-1-1 17:26:00

删除了重启还是有n8tevg.exe

红夜鬼1 - 2007-1-1 17:40:00

御载QQ

重启按F８进入安全模式下
显示隐藏文件
删除：
E:\QQ2006\q06g.dll
C:\WINDOWS\system32\1i3o9.dll
8isy8is.exe

查找HOSTS文件，用记事打开，清除里面的
只留这一项：127.0.0.1

删除后再换个文件夹重装QQ

xiaobaoak - 2007-1-1 19:10:00

回大大。。。我现在连安全模式都进不去
是不是要删除了QQ才可以进去？？

xiaobaoak - 2007-1-1 19:13:00

大大帮啊。。。。急啊
那我这个问题是因为QQ里那个病毒引起的吗？

我进不去安全模式检查文件完毕后就黑屏到重启画面了
要先删除了QQ才可以进吗？

xiaobaoak - 2007-1-1 19:22:00

麻烦大大了。。。。回下话啊

xiaobaoak - 2007-1-1 19:28:00

在线等啊。。。。。大大

红夜鬼1 - 2007-1-1 19:43:00

进不了安全模式:下载SafeBoot.rar导入注册表
http://free.ys168.com/?j7700074

xiaobaoak - 2007-1-1 19:49:00

回大大删除了QQ之后进安全模式蓝屏了
你给的那个网站是什么？导入的又是什么东西我怕开机不能进不了系统。。解答下

红夜鬼1 - 2007-1-1 19:53:00

如你怕的话先备分一个注册表,再导入注册表

xiaobaoak - 2007-1-1 20:08:00

谢谢大大果然导入了以后可以进安全模式了
我的QQ是以前装的所以添加删除里没我直接把包删了
在删除1i3o9.dll
现在开机没了n8tevg.exe
开机提示找不到1i3o9.dll
正常的吧

水树雨下 - 2007-1-1 20:27:00

开始，运行，regedit展开注册表，查找1i3o9.dll相关的项删除

xiaobaoak - 2007-1-2 11:03:00

3Q

杰之风007 - 2007-1-2 11:49:00

！！！是不是中毒了！

瑞星卡卡安全论坛