瑞星卡卡安全论坛

我的电脑今天看QQ新闻的时候中毒了 QQ号也被盗了.机器运行没什么错误.所有程序都可以打开就是杀毒软件打不开,说是文件名,目录名或卷标语法不正确




请帮忙  在线等  急啊 拜托拉

下载 System Repair Engineer，
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改
友情提示：
扫描前关闭所有手工打开的软件和窗口，扫描后将日志发上来。但请不要用附件形式贴。
注意在没有进一步提示前，勿要胡乱修复，否则系统可能变的情况更糟。
         
如果发现SREng.exe运行无反应或者不能运行或者扫描出错,你可以将SREng.exe重命名为SREng.com(SREng.scr\SREng.bat\SREng.pif)或者abc.exe运行.

晕了  按照你说的做了  运行SREng.exe又出现了说是文件名,目录名或卷标语法不正确 打不开啊  用360的日志给你看可以么

该成.com可以了  下面是日志帮忙看下  分2次 字数太多


[CODE]

2007-02-11,20:06:19

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <ooccctrl.exe><E:\软件工具\CleverCache\ooccctrl.exe /tasktray>  [N/A]
    <CnxDslTaskBar><"C:\Program Files\USB Modem\AccessRunner ADSL USB\CnxDslTb.exe" "USB Modem\AccessRunner ADSL USB">  [N/A]
    <kav><"E:\软件工具\kav\avp.exe">  [Kaspersky Lab]
    <IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>  [(Verified)Microsoft Corporation]
    <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)N/A]
    <懇偯q?p鈲舽><C:\WINDOWS\system32\

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\xiaochan\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\qq\QQ.exe [TENCENT]><N>

==================================
服务
[卡巴斯基反病毒6.0 / AVP][Stopped/Auto Start]
  <E:\软件工具\kav\avp.exe -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[socket translation service / socksvc][Stopped/Auto Start]
  <C:\Program Files\Common Files\Microsoft Shared\MSINFO\winsock.exe><N/A>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\\rundll32.exe windhcp.ocx,input><Microsoft Corporation>

==================================
驱动程序
[46907 / 46907][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\46877.sys><N/A>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[ADProt / ADProt][Stopped/System Start]
  <\SystemRoot\system32\drivers\ADProt.sys><腾讯科技（深圳）有限公司>
[Conexant AccessRunner USB ADSL Adapter Filter Driver / CnxEtP][Running/Manual Start]
  <system32\DRIVERS\CnxEtP.sys><Conexant Systems, Inc.>
[Conexant AccessRunner USB ADSL Interface Device Driver / CnxEtU][Running/Manual Start]
  <system32\DRIVERS\CnxEtU.sys><Conexant Systems, Inc.>
[Conexant AccessRunner ADSL WAN PPPoE Adapter Driver / CnxTgNP][Running/Manual Start]
  <system32\DRIVERS\CnxTgNP.sys><Conexant Systems, Inc.>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\D:\qq\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[qgmcnh / qgmcnh][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\qgmcnh.sys><N/A>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SVKP / SVKP][Running/Auto Start]
  <\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[ttwxvwq / ttwxvwq][Running/Boot Start]
  <\SystemRoot\system32\drivers\ttwxvwq.sys><>
[vxhvvak / vxhvvak][Running/Boot Start]
  <\SystemRoot\system32\drivers\vxhvvak.sys><>

==================================
浏览器加载项
[Thunder Browser Helper]
  {0C7C23EE-A848-485B-873C-0ED954731014} <E:\软件工具\迅雷5\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <E:\软件工具\迅雷5\Thunder.exe, Thunder Networking Technologies,LTD>
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <E:\软件工具\kav\scieplugin.dll, Kaspersky Lab>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\qq\QQ.EXE, TENCENT>
[网盟影视中心]
  {DD1A363E-7803-4d06-923D-367BEE305F94} <http://vod.ytwm.com, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[Thunder Browser Helper]
  {0C7C23EE-A848-485B-873C-0ED954731014} <E:\软件工具\迅雷5\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\软件工具\迅雷5\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下载]
  <E:\软件工具\迅雷5\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <E:\软件工具\迅雷5\Program\getallurl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\qq\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 416][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 492][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 516][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 560][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 572][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 720][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 768][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 804][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 852][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 936][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1108][C:\WINDOWS\Explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp]  [N/A, N/A]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, N/A]
    [E:\软件工具\迅雷5\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [E:\软件工具\WINRAR3.61\rarext.dll]  [N/A, N/A]
    [E:\软件工具\kav\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 1180][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1324][C:\WINDOWS\system32\severe.exe]  [N/A, N/A]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp]  [N/A, N/A]
[PID: 1364][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3208]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp]  [N/A, N/A]
[PID: 1392][C:\Program Files\USB Modem\AccessRunner ADSL USB\CnxDslTb.exe]  [Conexant Systems, Inc., 040.001.022.000]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp]  [N/A, N/A]
[PID: 1476][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp]  [N/A, N/A]
[PID: 1780][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp]  [N/A, N/A]
[PID: 140][C:\WINDOWS\system32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp]  [N/A, N/A]
[PID: 1452][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5480][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp]  [N/A, N/A]
    [E:\软件工具\迅雷5\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [E:\软件工具\kav\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [E:\软件工具\kav\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [E:\软件工具\kav\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\macromed\flash\flash.ocx]  [Macromedia, Inc., 6,0,79,0]
[PID: 4876][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp]  [N/A, N/A]
    [E:\软件工具\迅雷5\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [E:\软件工具\kav\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [E:\软件工具\kav\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [E:\软件工具\kav\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 7208][C:\WINDOWS\system32\NOTEPAD.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp]  [N/A, N/A]
[PID: 7920][E:\软件工具\sreng\SREng.com.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp]  [N/A, N/A]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[F:\]
[AutoRun]
open=OSO.exe
shellexecute=OSO.exe
shell\Auto\command=OSO.exe

==================================
HOSTS 文件
127.0.0.1      localhost
60.169.1.178      hyap98.com
60.169.1.178      www.hyap98.com
60.169.1.178      82087871.com
60.169.1.178      www.82087871.com
60.169.1.178      y1599.com
60.169.1.178      www.y1599.com
60.169.1.178      47555.cn
60.169.1.178      nc.47555.cn
60.169.1.178      cn.47555.cn
60.169.1.178      crsky.47555.cn
60.169.1.178      www.47555.cn
60.169.1.178      kirinkwy.com.cn
60.169.1.178      www.kirinkwy.com.cn
60.169.1.178      baibu.com
60.169.1.178      www.baidu.com
60.169.1.178      www.yy520ly.cn
60.169.1.178      www.888muma.com
60.169.1.178      www.feifeicqq.com
60.169.1.178      wow.wow88.cn
60.169.1.178      www.58aa.cn
60.169.1.178      www.zhiminglu.com
60.169.1.178      www.bfsou.net
60.169.1.178      www.daisf.cn
60.169.1.178      www.10223.comw.com
60.169.1.178      www.feifeicqq.com
60.169.1.178      www.hot124588.bigww
60.169.1.178      www.s159.cn
60.169.1.178      www.zhkj.org
60.169.1.178      www.hot124588.bigwww.com
60.169.1.178      bbs.v369v.com
60.169.1.178      jygame88.com
60.169.1.178      111.89111.cn
60.169.1.178      huiyuan.hz09.9iis.com
60.169.1.178      urlmon.isxv.com
60.169.1.178      goujiao.e34.163ns.com
60.169.1.178      sybaby2.c67.zgsj.com
60.169.1.178      sybaby3.a33.zgsj.com
60.169.1.178      sybaby.a78.zgsj.com
60.169.1.178      wl.73z.cn
60.169.1.178      mf.10223.com
60.169.1.178      xianren.bigwww.com
60.169.1.178      sybaby.a78.zgsj.com
60.169.1.178      new.eyliao.com
60.169.1.178      88.our2000.com

==================================
API HOOK
N/A

==================================


[/CODE]

顶上来等帮助