麻烦猫叔,电脑中毒,同时浏览器被劫持.有日志! bbs.ikaka.com

lxr123 - 2007-1-17 17:15:00

[CODE]

2007-01-17,17:00:47

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Corporation]
<msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [Microsoft Corporation]
<svcshare><C:\WINDOWS\system32\drivers\sppoolsv.exe> [N/A]
<SymhMy><C:\WINDOWS\system32\iexpl0re.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [(Verified)Symantec Corporation]
<vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe> [(Verified)Symantec Corporation]
<!ewido><"E:\F盘\ATA★木蚂蚁Ewido 4.0.0.172绿色汉化正式版\ewido中文版.exe" /minimized> [ewido networks GmbH & Co. KG]
<CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe> [N/A]
<s9t><C:\WINDOWS\iexp1ore.exe> [N/A]
<j><C:\WINDOWS\alga.exe> [N/A]
<zyyhwu9evfi1gj2><C:\WINDOWS\iexpl0re.exe> [N/A]
<qqs84hyvlgyx7><C:\WINDOWS\winlog0n.exe> [N/A]
<IEBarUp><RunDll32 "C:\WINDOWS\system32\IeBar1.dll",Run> [N/A]
<Desktop><"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\NTService32.dll",Run> [N/A]
<IEXPLORER><C:\WINDOWS\feifei-2.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{08315C1A-9BA9-4B7C-A432-26885F78DF28}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll> [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<!ewido><; "E:\F盘\ATA★木蚂蚁Ewido 4.0.0.172绿色汉化正式版\ewido中文版.exe" /minimized> [ewido networks GmbH & Co. KG]
<CnsMin><; Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32> [N/A]
<helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> [N/A]
<HotKeysCmds><; C:\WINDOWS\System32\hkcmd.exe> [Intel Corporation]
<HP Network Registry Agent><; C:\WINDOWS\system32\hpnra.exe> [Hewlett-Packard]
<IgfxTray><; C:\WINDOWS\System32\igfxtray.exe> [Intel Corporation]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<Longator><; "C:\Program Files\Longator\Longator.exe" /start> [N/A]
<PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<qcsszjcz><; c:\chenhu2\chenqxms.exe> [陈虎]
<res><; C:\WINDOWS\system32\res.exe> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Skype><; "C:\Program Files\skype\Phone\skype.exe" /nosplash /minimized> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<SoundMan><; SOUNDMAN.EXE> [(Verified)Realtek Semiconductor Corp.]
<StatusClient 2.6><; C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto> [Hewlett-Packard]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<TomcatStartup 2.5><; C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe> [Hewlett-Packard]
<vptray><; C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [N/A]
<WangWang><; "C:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE"> [淘宝（中国）软件有限公司]
<WINTASK><; taskgmr.exe> [N/A]
<wmicsmgr><; rundll32 ,Initialize> [N/A]

lxr123 - 2007-1-17 17:16:00

启动文件夹
[Internet Explorer]
<C:\Documents and Settings\zz\「开始」菜单\程序\启动\Internet Explorer.lnk --> C:\PROGRA~1\INTERN~1\iexp1ore.exe [N/A]><N>

==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
<C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Symantec Password Validation / ccPwdSvc][Stopped/Manual Start]
<"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start]
<"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start]
<C:\WINDOWS\system32\HPZipm12.exe><HP>
[SavRoam / SavRoam][Running/Auto Start]
<"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start]
<"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[Windows User Mode Driver Framework / UMWdf][Stopped/Auto Start]
<C:\WINDOWS\system32\wdfmgr.exe><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\MsPMSNSv.dll><N/A>

==================================
驱动程序
[101421 / 101421][Stopped/Boot Start]
<\SystemRoot\System32\drivers\101421.sys><N/A>
[103734 / 103734][Stopped/Boot Start]
<\SystemRoot\System32\drivers\103734.sys><N/A>
[ADProt / ADProt][Stopped/Boot Start]
<\SystemRoot\system32\drivers\ADProt.sys><N/A>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
<system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[c22139406 / c22139406][Stopped/Boot Start]
<\SystemRoot\System32\drivers\c22139406.sys><N/A>
[CdaC15BA / CdaC15BA][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[cdnprot / cdnprot][Running/Boot Start]
<\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[EraserUtilDrv10615 / EraserUtilDrv10615][Stopped/Manual Start]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10615.sys><N/A>
[HOOKAPI / HOOKAPI][Stopped/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HOOKAPI.SYS><N/A>
[ialm / ialm][Running/Manual Start]
<System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[ifjgjffj / ifjgjffj][Stopped/Boot Start]
<\SystemRoot\system32\drivers\ifjgjffj.sys><N/A>
[msprotect / msprotect][Running/System Start]
<system32\DRIVERS\msprotect.sys><Windows (R) 2000 DDK provider>
[NAVENG / NAVENG][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070115.019\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070115.019\navex15.sys><Symantec Corporation>
[npkcrypt / npkcrypt][Stopped/Auto Start]
<\??\E:\F盘\npkcrypt.sys><N/A>
[nwlnksipx / nwlnksipx][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\nwlnksipx.sys><Microsoft Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SAVRT / SAVRT][Running/System Start]
<\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/System Start]
<\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[SPBBCDrv / SPBBCDrv][Stopped/Manual Start]
<\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[SymEvent / SymEvent][Running/Manual Start]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
<\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/System Start]
<system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
<system32\drivers\ialmkchw.sys><Intel Corporation>

lxr123 - 2007-1-17 17:18:00

浏览器加载项
[IEMonitor Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\WINDOWS\system32\IESHEL~1.DLL, >
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\F盘\QQ.EXE, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[实用搜索工具条2.0]
{03465FF5-00AE-411a-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, N/A>
[MMCPlayer Class]
{05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[WebActivater Control]
{3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\system32\WEBACT~1.OCX, QQ>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[FileClient Control]
{9627E9EB-3636-42AF-80C2-3CE2E5541930} <C:\DOCUME~1\zz\桌面\FILECL~1\FILECL~1\FILECL~1.OCX, 新太科技有限公司>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[PBActiveX40 Control]
{F2EB8999-766E-4BF6-AAAD-188D398C0D0B} <C:\WINDOWS\system32\CmbPb40.ocx, China Merchants Bank>
[IEMonitor Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\WINDOWS\system32\IESHEL~1.DLL, >
[Cbho Object]
{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} <C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[实用搜索]
{6CFD436C-7AAD-4E50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
<E:\F盘\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<E:\F盘\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\F盘\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<E:\F盘\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 424][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 480][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 504][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NavLogon.dll] [Symantec Corporation, 10.0.1.1000]
[PID: 548][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 560][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 768][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 836][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 912][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1004][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1136][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\hpbmmon.dll] [Hewlett-Packard, 10.00.14]
[C:\WINDOWS\system32\hppamon0.dll] [HP, 7, 0, 5, 0]
[C:\WINDOWS\system32\hpdomon.dll] [Hewlett-Packard, 03.42.00]
[C:\WINDOWS\system32\HPBHealr.dll] [N/A, N/A]
[C:\WINDOWS\system32\hptcpmon.dll] [Hewlett Packard, 2.43.01.003]
[C:\WINDOWS\system32\HPZJSN01.dll] [Hewlett Packard Company, 1, 0, 0, 3]
[C:\WINDOWS\system32\hpzjfw01.dll] [Hewlett-Packard, 4.02.009.0]
[C:\WINDOWS\system32\hptcpmib.dll] [Hewlett Packard, 2.41.01.021]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HPZPP2MQ.DLL] [Hewlett-Packard Corporation, 60.034.153.31]
[C:\WINDOWS\system32\hppadt40.dll] [HP, 7, 0, 5, 0]
[C:\WINDOWS\system32\HPZidr12.dll] [HP, 7, 0, 5, 0]
[PID: 1440][C:\WINDOWS\system32\drivers\CDAC11BA.EXE] [Macrovision, 4.20.020]
[PID: 1460][C:\WINDOWS\system32\cisvc.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1476][C:\Program Files\Symantec AntiVirus\DefWatch.exe] [Symantec Corporation, 10.0.1.1000]
[PID: 1572][C:\Program Files\Symantec AntiVirus\SavRoam.exe] [symantec, 10.0.1.1000]
[C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll] [Symantec Corporation, 10.0.1.1000]
[C:\WINDOWS\system32\CBA.DLL] [LANDesk Software Ltd., 6.12.0.137 E]
[C:\WINDOWS\system32\MsgSys.dll] [LANDesk Software Ltd., 6.12.0.137 E]
[C:\WINDOWS\system32\NTS.dll] [LANDesk Software Ltd., 6.12.0.137 E]
[C:\WINDOWS\system32\PDS.DLL] [LANDesk Software Ltd., 6.12.0.137 E]
[c:\program files\common files\symantec shared\ssc\ScsComms.dll] [Symantec Corporation, 10.0.1.1000]
[PID: 1664][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1688][C:\Program Files\Symantec AntiVirus\Rtvscan.exe] [Symantec Corporation, 10.0.1.1000]
[C:\WINDOWS\system32\CBA.DLL] [LANDesk Software Ltd., 6.12.0.137 E]
[C:\WINDOWS\system32\MsgSys.dll] [LANDesk Software Ltd., 6.12.0.137 E]
[C:\WINDOWS\system32\NTS.dll] [LANDesk Software Ltd., 6.12.0.137 E]
[C:\WINDOWS\system32\PDS.DLL] [LANDesk Software Ltd., 6.12.0.137 E]
[C:\Program Files\Symantec AntiVirus\NAVLU.dll] [Symantec Corporation, 10.0.1.1000]
[C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL] [Symantec Corporation, 10.0.1.1000]
[c:\program files\common files\symantec shared\ssc\ScsComms.dll] [Symantec Corporation, 10.0.1.1000]
[C:\Program Files\Symantec AntiVirus\I2ldvp3.dll] [Symantec Corporation, 10.0.1.1000]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.5.4.3]
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] [Symantec Corporation, 103.5.4.3]
[C:\Program Files\Common Files\Symantec Shared\ccDec.dll] [Symantec Corporation, 103.5.4.3]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\ccScan.dll] [Symantec Corporation, 103.5.4.3]
[C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL] [Symantec Corporation, 1.4.0.11]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070115.019\ccEraser.dll] [Symantec Corporation, 106.3.3.2]
[C:\Program Files\Symantec AntiVirus\DefUtDCD.dll] [Symantec Corporation, 3.1.13a.0]

lxr123 - 2007-1-17 17:18:00

[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070115.019\ecmsvr32.dll] [Symantec Corporation, 61.3.0.18]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070115.019\NAVEX32a.DLL] [Symantec Corporation, 20061.3.0.12]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070115.019\NAVENG32.DLL] [Symantec Corporation, 20061.3.0.12]
[C:\Program Files\Symantec AntiVirus\NAVAP32.DLL] [Symantec Corporation, 9.5.0.44]
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.5.0.44]
[C:\Program Files\Symantec AntiVirus\IMail.dll] [Symantec Corporation, 10.0.1.1000]
[C:\Program Files\Symantec AntiVirus\NotesExt.dll] [Symantec Corporation, 10.0.1.1000]
[C:\Program Files\Symantec AntiVirus\vpmsece3.dll] [Symantec Corporation, 10.0.1.1000]
[C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll] [Symantec Corporation, 10.0.1.1000]
[C:\Program Files\Common Files\Symantec Shared\SSC\LDVPCtls.ocx] [Symantec Corporation, 10.0.1.1000]
[C:\Program Files\Symantec AntiVirus\Cliscan.dll] [Symantec Corporation, 10.0.1.1000]
[PID: 1304][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\WINDOWS\system32\agtz.dll] [N/A, N/A]
[C:\WINDOWS\system32\LgSyzr.dll] [N/A, N/A]
[C:\WINDOWS\system32\IESHEL~1.DLL] [, 5.1.2600.0]
[C:\WINDOWS\Downloaded Program Files\872860\ExDLL.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\webpageparser.dll] [N/A, N/A]
[C:\WINDOWS\system32\Charset.dll] [N/A, N/A]
[C:\WINDOWS\system32\CreateDomTree.dll] [N/A, N/A]
[C:\WINDOWS\Downloaded Program Files\872860\fshook.dll] [, 1, 0, 0, 1]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp] [N/A, N/A]
[C:\DOCUME~1\zz\LOCALS~1\Temp\LgSym.dll] [N/A, N/A]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[PID: 1336][C:\Program Files\CNNIC\Cdn\cdnup.exe] [, 2, 4, 0, 6]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp] [N/A, N/A]
[PID: 1852][E:\F盘\ATA★木蚂蚁Ewido 4.0.0.172绿色汉化正式版\ewido中文版.exe] [ewido networks GmbH & Co. KG, 4, 0,0, 172]
[E:\F盘\ATA★木蚂蚁Ewido 4.0.0.172绿色汉化正式版\ENGINE.DLL] [Anti-Malware Development a.s., 4, 0, 0, 172]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp] [N/A, N/A]
[PID: 1996][C:\WINDOWS\iexp1ore.exe] [N/A, N/A]
[C:\WINDOWS\system32\LgSyzr.dll] [N/A, N/A]
[PID: 1696][C:\WINDOWS\alga.exe] [N/A, N/A]
[C:\WINDOWS\system32\agtz.dll] [N/A, N/A]
[PID: 160][C:\WINDOWS\winlog0n.exe] [N/A, N/A]
[PID: 1960][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp] [N/A, N/A]
[PID: 808][C:\Program Files\Messenger\msmsgs.exe] [Microsoft Corporation, 4.7.3001]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp] [N/A, N/A]
[PID: 596][C:\Program Files\MSN Messenger\msnmsgr.exe] [Microsoft Corporation, 7.5.0324]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp] [N/A, N/A]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[PID: 592][C:\Program Files\Internet Explorer\iexp1ore.exe] [N/A, N/A]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp] [N/A, N/A]
[PID: 716][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp] [N/A, N/A]
[PID: 3300][C:\WINDOWS\feifei-2.exe] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp] [N/A, N/A]
[PID: 3168][C:\WINDOWS\system32\iexpl0re.exe] [N/A, N/A]
[C:\DOCUME~1\zz\LOCALS~1\Temp\LgSym.dll] [N/A, N/A]
[PID: 2444][C:\WINDOWS\system32\cidaemon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2520][C:\WINDOWS\system32\cidaemon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3812][C:\Program Files\WinRAR\WinRAR.exe] [N/A, N/A]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp] [N/A, N/A]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\DOCUME~1\zz\LOCALS~1\Temp\LgSym.dll] [N/A, N/A]
[C:\WINDOWS\system32\agtz.dll] [N/A, N/A]
[C:\WINDOWS\system32\LgSyzr.dll] [N/A, N/A]
[PID: 3432][C:\DOCUME~1\zz\LOCALS~1\Temp\Rar$EX00.375\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp] [N/A, N/A]
[C:\DOCUME~1\zz\LOCALS~1\Temp\LgSym.dll] [N/A, N/A]
[C:\WINDOWS\system32\agtz.dll] [N/A, N/A]
[C:\WINDOWS\system32\LgSyzr.dll] [N/A, N/A]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR Error. [AutoCADScriptFile]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
OPEN=setup.exe
shellexecute=setup.exe
shell\Auto\command=setup.exe
[D:\]
[AutoRun]
OPEN=setup.exe
shellexecute=setup.exe
shell\Auto\command=setup.exe
[E:\]
[AutoRun]
OPEN=setup.exe
shellexecute=setup.exe
shell\Auto\command=setup.exe

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
API HOOK
N/A

==================================

猪知山 - 2007-1-17 17:19:00

参照置顶的熊猫帖子

lxr123 - 2007-1-17 17:20:00

麻烦其他高手也给看看,知道一下

baohe - 2007-1-17 20:11:00

【回复“lxr123”的帖子】
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<svcshare><C:\WINDOWS\system32\drivers\sppoolsv.exe> [N/A]
<SymhMy><C:\WINDOWS\system32\iexpl0re.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<s9t><C:\WINDOWS\iexp1ore.exe> [N/A]
<j><C:\WINDOWS\alga.exe> [N/A]
<zyyhwu9evfi1gj2><C:\WINDOWS\iexpl0re.exe> [N/A]
<qqs84hyvlgyx7><C:\WINDOWS\winlog0n.exe> [N/A]
<IEBarUp><RunDll32 "C:\WINDOWS\system32\IeBar1.dll",Run> [N/A]
<Desktop><"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\NTService32.dll",Run> [N/A]
<IEXPLORER><C:\WINDOWS\feifei-2.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{08315C1A-9BA9-4B7C-A432-26885F78DF28}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Longator><; "C:\Program Files\Longator\Longator.exe" /start> [N/A]
<qcsszjcz><; c:\chenhu2\chenqxms.exe> [陈虎]
<res><; C:\WINDOWS\system32\res.exe> [N/A]
<WINTASK><; taskgmr.exe> [N/A]
<wmicsmgr><; rundll32 ,Initialize> [N/A]
[101421 / 101421][Stopped/Boot Start]
<\SystemRoot\System32\drivers\101421.sys><N/A>
[103734 / 103734][Stopped/Boot Start]
<\SystemRoot\System32\drivers\103734.sys><N/A>
[ADProt / ADProt][Stopped/Boot Start]
<\SystemRoot\system32\drivers\ADProt.sys><N/A>[c22139406 / c22139406][Stopped/Boot Start]
<\SystemRoot\System32\drivers\c22139406.sys><N/A>
[ifjgjffj / ifjgjffj][Stopped/Boot Start]
<\SystemRoot\system32\drivers\ifjgjffj.sys><N/A>
[msprotect / msprotect][Running/System Start]
<system32\DRIVERS\msprotect.sys><Windows (R) 2000 DDK provider>

暴汗！！

如果有系统GHOST备份（光盘上的。硬盘上的已经让熊猫吃了），用GHOST恢复系统吧。
恢复后，先不要打开各个分区。再用杀软全盘查杀。

mopery - 2007-1-17 20:16:00

熊猫中国制造..

ghost 估计没勒..

lxr123 - 2007-1-17 21:12:00

To：猫叔、m哥
真没有系统GHOST备份，怎么办呀？是否要重装系统？
救命呀！

lxr123 - 2007-1-17 21:17:00

引用:

【baohe的贴子】【回复“lxr123”的帖子】
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<svcshare><C:\WINDOWS\system32\drivers\sppoolsv.exe> [N/A]
<SymhMy><C:\WINDOWS\system32\iexpl0re.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<s9t><C:\WINDOWS\iexp1ore.exe> [N/A]
<j><C:\WINDOWS\alga.exe> [N/A]
<zyyhwu9evfi1gj2><C:\WINDOWS\iexpl0re.exe> [N/A]
<qqs84hyvlgyx7><C:\WINDOWS\winlog0n.exe> [N/A]
<IEBarUp><RunDll32 "C:\WINDOWS\system32\IeBar1.dll",Run> [N/A]
<Desktop><"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\NTService32.dll",Run> [N/A]
<IEXPLORER><C:\WINDOWS\feifei-2.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{08315C1A-9BA9-4B7C-A432-26885F78DF28}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Longator><; "C:\Program Files\Longator\Longator.exe" /start> [N/A]
<qcsszjcz><; c:\chenhu2\chenqxms.exe> [陈虎]
<res><; C:\WINDOWS\system32\res.exe> [N/A]
<WINTASK><; taskgmr.exe> [N/A]
<wmicsmgr><; rundll32 ,Initialize> [N/A]
[101421 / 101421][Stopped/Boot Start]
<\SystemRoot\System32\drivers\101421.sys><N/A>
[103734 / 103734][Stopped/Boot Start]
<\SystemRoot\System32\drivers\103734.sys><N/A>
[ADProt / ADProt][Stopped/Boot Start]
<\SystemRoot\system32\drivers\ADProt.sys><N/A>[c22139406 / c22139406][Stopped/Boot Start]
<\SystemRoot\System32\drivers\c22139406.sys><N/A>
[ifjgjffj / ifjgjffj][Stopped/Boot Start]
<\SystemRoot\system32\drivers\ifjgjffj.sys><N/A>
[msprotect / msprotect][Running/System Start]
<system32\DRIVERS\msprotect.sys><Windows (R) 2000 DDK provider>

暴汗！！

如果有系统GHOST备份（光盘上的。硬盘上的已经让熊猫吃了），用GHOST恢复系统吧。
恢复后，先不要打开各个分区。再用杀软全盘查杀。
………………

具体怎么处理上述问题？流程及方法？偶很菜的，无限感激。谢谢

newcenturymoon - 2007-1-17 21:37:00

下载http://it.rising.com.cn/Channels/Service/2006-11/1163505486d38734.shtml
http://www.jiangmin.com/download/VikingKiller.exe
http://tool.duba.net/zhuansha/253.shtml
http://hzqedison.mm9mm.com/mopery/nimuya.zip
这里面的专杀先在安全模式下全盘杀毒
然后安全模式下
打开sreng 启动项目注册表删除如下项目
<svcshare><C:\WINDOWS\system32\drivers\sppoolsv.exe> [N/A]
<SymhMy><C:\WINDOWS\system32\iexpl0re.exe> [N/A]
<s9t><C:\WINDOWS\iexp1ore.exe> [N/A]
<j><C:\WINDOWS\alga.exe> [N/A]
<zyyhwu9evfi1gj2><C:\WINDOWS\iexpl0re.exe> [N/A]
<qqs84hyvlgyx7><C:\WINDOWS\winlog0n.exe> [N/A]
<IEBarUp><RunDll32 "C:\WINDOWS\system32\IeBar1.dll",Run> [N/A]
<Desktop><"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\NTService32.dll",Run> [N/A]
<IEXPLORER><C:\WINDOWS\feifei-2.exe> [N/A]
<{08315C1A-9BA9-4B7C-A432-26885F78DF28}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp>
<qcsszjcz><; c:\chenhu2\chenqxms.exe> [陈虎]
<res><; C:\WINDOWS\system32\res.exe>
WINTASK><; taskgmr.exe> [N/A]
<wmicsmgr><; rundll32 ,Initialize> [N/A]
启动文件夹[Internet Explorer]
<C:\Documents and Settings\zz\「开始」菜单\程序\启动\Internet Explorer.lnk --> C:\PROGRA~1\INTERN~1\iexp1ore.exe [N/A]><N>
然后还是sreng 启动项目服务驱动
把隐藏微软已经验证的钩挑上
找到c22139406,ifjgjffj,nwlnksipx,101421 ,103734,msprotect
然后选中修改启动类型在旁边的项目中选中 Disabled 然后设置
然后安全模式下
把下面的代码拷入记事本中然后另存为1.reg文件
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"

双击1.reg把这个注册表项导入
删除C:\WINDOWS\system32\drivers\sppoolsv.exe
C:\WINDOWS\system32\iexpl0re.exe
C:\WINDOWS\iexp1ore.exe
C:\WINDOWS\alga.exe
C:\WINDOWS\iexpl0re.exe
C:\WINDOWS\winlog0n.exe
C:\WINDOWS\system32\NTService32.dll
C:\WINDOWS\feifei-2.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp
c:\chenhu2\chenqxms.exe
C:\WINDOWS\system32\res.exe
C:\PROGRA~1\INTERN~1\iexp1ore.exe （注意中间是数字1）
C:\DOCUME~1\zz\LOCALS~1\Temp\下面所有文件
\SystemRoot\System32\drivers\101421.sys
SystemRoot\System32\drivers\103734.sys
\SystemRoot\system32\drivers\ADProt.sys
\SystemRoot\System32\drivers\c22139406.sys
\SystemRoot\system32\drivers\ifjgjffj.sys

哎手都酸了真不知道你那个诺顿是干什么吃的

瑞星卡卡安全论坛