大家看看我中的是什么病毒啊有日志耳机里还有讲话的声音 bbs.ikaka.com

缘若不灭 - 2007-3-21 7:54:00

[CODE]

2007-03-22,07:34:48

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><Internat.exe> [Microsoft Corporation]
<kavshell><C:\Progra~1\Eset\svch0st.exe> [N/A]
<hl15zjyvl6><C:\DOCUME~1\chenchi\LOCALS~1\Temp\servicer.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<50><C:\SysAd5C\svchost.exe> [N/A]
<4><C:\SysWsj3\svchost.exe> [N/A]
<333><C:\Syswm1e\svchost.exe> [N/A]
<100><C:\SysMa1\svchost.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<wxClient><C:\WINDOWS\System32\Clsmn.exe> []
<BarClient><C:\PROGRA~1\四川省~1\BarClient.exe> []
<cmdbcs><C:\WINDOWS\cmdbcs.exe> [N/A]
<mppds><C:\WINDOWS\mppds.exe> [N/A]
<winform><C:\WINDOWS\winform.exe> [N/A]
<upxdnd><C:\DOCUME~1\chenchi\LOCALS~1\Temp\3.exe> [N/A]
<msccrt><C:\WINDOWS\msccrt.exe> [N/A]
<wsttrs><C:\WINDOWS\wsttrs.exe> [N/A]
<uanl><C:\WINDOWS\uanl.exe> [N/A]
<FYNEWS><C:\DOCUME~1\chenchi\LOCALS~1\Temp\11.exe> [N/A]
<System><C:\Program Files\Common Files\System\Updaterun.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<twin><C:\WINDOWS\System32\ctfnom.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
<GinaDLL><C:\WINDOWS\system32\LogUser.dll> []
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Corporation]
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys> [N/A]
<{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys> [N/A]
<{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat> [N/A]
<{923509F1-45CB-4EC0-BDE0-1DED35B8FD60}><C:\Program Files\Internet Explorer\IEXPLORE.win> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Corporation]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Corporation]
<WebCheck><%SystemRoot%\System32\webcheck.dll> [(Verified)Microsoft Corporation]
<SysTray><C:\WINDOWS\System32\stobject.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Corporation]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\System32\wxAScr.scr> [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Error Reporting Service / ERSvc][Running/Auto Start]
<2 - 系统找不到指定的文件。
><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Stopped/Disabled]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Smart Card Helper / SCardDrv][Stopped/Manual Start]
<><N/A>
[Sicent Network File Synchronization / sicentnetsync][Running/Auto Start]
<C:\WINDOWS\System32\wxsyncli.exe><成都吉胜科技有限公司>
[Vedio Adapter / VGADown][Stopped/Auto Start]
<C:\WINDOWS\lsass.exe><N/A>
[Remote Control Server / WinVNC4][Stopped/Manual Start]
<"C:\WINDOWS\System32\rmserver.exe" -service><>
[D39A235A / D39A235A][Stopped/Auto Start]
<C:\WINDOWS\System32\D39A235A.EXE -service><Microsoft Corporation>
[sadsaads / afdsfsgg][Running/Auto Start]
<C:\WINDOWS\System32\dfsdfsg.exe><Microsoft Corporation>
[4C33D3E9 / 4C33D3E9][Stopped/Auto Start]
<C:\WINDOWS\System32\4C33D3E9.EXE -service><Microsoft Corporation>
[Remote Procedure Call System(RPCSx) / Remo][Running/Auto Start]
<C:\WINDOWS\System32\Rpcsx.exe><Microsoft Corporation>
[Windows Management Instrumentation Driver / WMID][Running/Auto Start]
<C:\WINDOWS\System32\wmid.exe><N/A>
[QoS Service / WalALET][Running/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\RTGDH.DLL,Export 1087><Microsoft Corporation>
[Std bepo Service / bepo][Running/Auto Start]
<C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\COMMON~1\wwhg\gjut.dll,Service -s><Microsoft Corporation>
[System Security / Popular][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\fbwhk.dll><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[EagleNT / EagleNT][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\drivers\EagleNT.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\WINDOWS\System32\qqedit\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nvata / nvata][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\nvata.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
<System32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
<System32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rfsafe / rfsafe][Stopped/Boot Start]
<\SystemRoot\system32\drivers\rfsafe.sys><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[squell / squell][Running/]
<2 - 系统找不到指定的文件。
><N/A>
[Netgroup Packet Filter / NPF][Running/Manual Start]
<System32\DRIVERS\npf.sys><CACE Technologies>
[ygmme / ygmme][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ygmme.sys><N/A>

==================================
浏览器加载项
[实用搜索]
{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <D:\Program Files\浩方对战平台\gameclient.exe, 上海浩方在线信息技术有限公司>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[实用搜索工具条2.0]
{03465FF5-00AE-411a-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\qq\SendMMS.htm, N/A>

缘若不灭 - 2007-3-21 7:57:00

正在运行的进程
[PID: 372][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 432][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\4C33D3E9.DLL] [Microsoft Corporation, 5.2.3790.1830]
[PID: 452][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\LogUser.dll] [, 1.0.0.2]
[C:\WINDOWS\System32\D39A235A.DLL] [Microsoft Corporation, 5.2.3790.1830]
[C:\WINDOWS\System32\4C33D3E9.DLL] [Microsoft Corporation, 5.2.3790.1830]
[C:\PROGRA~1\COMMON~1\wwhg\jmxw.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\wwhg\orsy.dll] [ , 1, 0, 0, 6]
[PID: 496][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\4C33D3E9.DLL] [Microsoft Corporation, 5.2.3790.1830]
[PID: 508][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\4C33D3E9.DLL] [Microsoft Corporation, 5.2.3790.1830]
[PID: 672][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\4C33D3E9.DLL] [Microsoft Corporation, 5.2.3790.1830]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
[PID: 724][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\4C33D3E9.DLL] [Microsoft Corporation, 5.2.3790.1830]
[PID: 876][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\4C33D3E9.DLL] [Microsoft Corporation, 5.2.3790.1830]
[PID: 908][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\4C33D3E9.DLL] [Microsoft Corporation, 5.2.3790.1830]
[PID: 1072][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A]
[C:\WINDOWS\System32\INDICDLL.dll] [Microsoft Corporation, 5.00.2920.0000]
[C:\PROGRA~1\四川省~1\Gather.dll] [N/A, N/A]
[C:\WINDOWS\System32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.8198]
[C:\WINDOWS\System32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.8198]
[C:\WINDOWS\System32\nvshell.dll] [N/A, N/A]
[C:\WINDOWS\System32\D39A235A.DLL] [Microsoft Corporation, 5.2.3790.1830]
[C:\WINDOWS\System32\cmdbcs.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.win] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\WINDOWS\System32\4C33D3E9.DLL] [Microsoft Corporation, 5.2.3790.1830]
[C:\WINDOWS\System32\mppds.dll] [N/A, N/A]
[C:\DOCUME~1\chenchi\LOCALS~1\Temp\Qqzo0.dll] [N/A, N/A]
[C:\WINDOWS\System32\winform.dll] [N/A, N/A]
[C:\DOCUME~1\chenchi\LOCALS~1\Temp\upxdnd.dll] [N/A, N/A]
[C:\WINDOWS\System32\msccrt.dll] [N/A, N/A]
[C:\WINDOWS\System32\wsttrs.dll] [N/A, N/A]
[C:\WINDOWS\System32\uanl.dll] [N/A, N/A]
[C:\DOCUME~1\chenchi\LOCALS~1\Temp\LgSy0.dll] [N/A, N/A]
[C:\DOCUME~1\chenchi\LOCALS~1\Temp\Rav30.dll] [N/A, N/A]
[C:\DOCUME~1\chenchi\LOCALS~1\Temp\LgSy0r.dll] [N/A, N/A]
[C:\DOCUME~1\chenchi\LOCALS~1\Temp\Msxo0.dll] [N/A, N/A]
[C:\DOCUME~1\chenchi\LOCALS~1\Temp\Gjzo1.dll] [N/A, N/A]
[C:\DOCUME~1\chenchi\LOCALS~1\Temp\Rav20.dll] [N/A, N/A]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\PROGRA~1\COMMON~1\wwhg\jmxw.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\wwhg\orsy.dll] [ , 1, 0, 0, 6]
[C:\WINDOWS\System32\ilgqe.dll] [N/A, N/A]

缘若不灭 - 2007-3-21 7:57:00

[PID: 1148][C:\WINDOWS\System32\Clsmn.exe] [, 16.3.12.610]
[C:\WINDOWS\System32\RegCode.dll] [N/A, N/A]
[C:\PROGRA~1\四川省~1\Gather.dll] [N/A, N/A]
[C:\WINDOWS\System32\INDICDLL.dll] [Microsoft Corporation, 5.00.2920.0000]
[C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\WINDOWS\System32\4C33D3E9.DLL] [Microsoft Corporation, 5.2.3790.1830]
[C:\PROGRA~1\COMMON~1\wwhg\jmxw.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\wwhg\orsy.dll] [ , 1, 0, 0, 6]
[PID: 1156][C:\PROGRA~1\四川省~1\BarClient.exe] [, 1, 0, 0, 1]
[C:\PROGRA~1\四川省~1\Gather.dll] [N/A, N/A]
[C:\WINDOWS\System32\INDICDLL.dll] [Microsoft Corporation, 5.00.2920.0000]
[C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\WINDOWS\System32\4C33D3E9.DLL] [Microsoft Corporation, 5.2.3790.1830]
[C:\PROGRA~1\COMMON~1\wwhg\jmxw.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\wwhg\orsy.dll] [ , 1, 0, 0, 6]
[PID: 1164][C:\WINDOWS\System32\Internat.exe] [Microsoft Corporation, 5.00.2920.0000]
[C:\WINDOWS\System32\INDICDLL.dll] [Microsoft Corporation, 5.00.2920.0000]
[C:\PROGRA~1\四川省~1\Gather.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\WINDOWS\System32\4C33D3E9.DLL] [Microsoft Corporation, 5.2.3790.1830]
[C:\PROGRA~1\COMMON~1\wwhg\jmxw.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\wwhg\orsy.dll] [ , 1, 0, 0, 6]
[PID: 1364][C:\WINDOWS\System32\wxsyncli.exe] [成都吉胜科技有限公司, 1.0.1.259]
[C:\WINDOWS\System32\4C33D3E9.DLL] [Microsoft Corporation, 5.2.3790.1830]
[C:\PROGRA~1\COMMON~1\wwhg\jmxw.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\wwhg\orsy.dll] [ , 1, 0, 0, 6]
[PID: 1412][C:\WINDOWS\System32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[C:\WINDOWS\System32\4C33D3E9.DLL] [Microsoft Corporation, 5.2.3790.1830]
[PID: 596][C:\WINDOWS\System32\13EF79B4.exe] [N/A, N/A]
[C:\WINDOWS\System32\vb6chs.dll] [Microsoft Corporation, 6.00.8988]
[C:\WINDOWS\System32\INDICDLL.dll] [Microsoft Corporation, 5.00.2920.0000]
[C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A]
[C:\PROGRA~1\四川省~1\Gather.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\WINDOWS\System32\4C33D3E9.DLL] [Microsoft Corporation, 5.2.3790.1830]
[C:\PROGRA~1\COMMON~1\wwhg\jmxw.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\wwhg\orsy.dll] [ , 1, 0, 0, 6]
[PID: 1528][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.win] [N/A, N/A]
[C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\System32\4C33D3E9.DLL] [Microsoft Corporation, 5.2.3790.1830]
[c:\SysWsj3\Ghook.dll] [N/A, N/A]
[C:\WINDOWS\System32\msdmo.dll] [N/A, N/A]
[c:\Syswm1e\Ghook.dll] [N/A, N/A]
[C:\WINDOWS\System32\ffdshow.ax] [N/A, 1.0.2.2028]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll] [Gabest, 1, 0, 1, 3]
[c:\SysMa1\Ghook.dll] [N/A, N/A]
[C:\WINDOWS\System32\SDOMSAudio.dll] [é?o￡ê￠′óí???·￠?1óD?T1???, 1.6.0.1016]
[D:\Program Files\DoShow\plugins\MPAudioPlugIn.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\System32\SDOMSVideo.dll] [é?o￡ê￠′óí???·￠?1óD?T1???, 1.6.0.1016]
[C:\Program Files\superutilbar\superutilbar.dll] [www.shiyongsousuo.com, 2, 1, 8, 24]
[PID: 1752][C:\WINDOWS\System32\dfsdfsg.exe] [Microsoft Corporation, 5.2.3790.1830]
[C:\WINDOWS\System32\4C33D3E9.DLL] [Microsoft Corporation, 5.2.3790.1830]
[PID: 412][C:\WINDOWS\system32\cmd.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[E:\GAMES1\街头篮球\HackShield\EGRNAPX2.DLL] [AhnLab, Inc., 0, 0, 0, 43]
[C:\WINDOWS\System32\4C33D3E9.DLL] [Microsoft Corporation, 5.2.3790.1830]
[PID: 688][C:\WINDOWS\System32\cmd.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[E:\GAMES1\街头篮球\HackShield\EGRNAPX2.DLL] [AhnLab, Inc., 0, 0, 0, 43]
[C:\WINDOWS\System32\4C33D3E9.DLL] [Microsoft Corporation, 5.2.3790.1830]
[PID: 3124][c:\SysWsj3\svchost.exe] [N/A, N/A]
[c:\SysWsj3\Ghook.dll] [N/A, N/A]
[PID: 3240][c:\Syswm1e\svchost.exe] [N/A, N/A]
[c:\Syswm1e\Ghook.dll] [N/A, N/A]
[PID: 3480][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[c:\Syswm1e\Ghook.dll] [N/A, N/A]
[c:\SysWsj3\Ghook.dll] [N/A, N/A]
[c:\SysMa1\Ghook.dll] [N/A, N/A]
[PID: 3532][c:\SysMa1\svchost.exe] [N/A, N/A]
[c:\SysMa1\Ghook.dll] [N/A, N/A]
[PID: 3680][C:\DOCUME~1\chenchi\LOCALS~1\Temp\11.exe] [N/A, N/A]
[c:\SysMa1\Ghook.dll] [N/A, N/A]
[c:\Syswm1e\Ghook.dll] [N/A, N/A]
[c:\SysWsj3\Ghook.dll] [N/A, N/A]
[PID: 4040][C:\WINDOWS\System32\rundll32.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\PROGRA~1\COMMON~1\wwhg\gjut.dll] [ , 4, 1, 0, 4]
[C:\PROGRA~1\COMMON~1\wwhg\jmxw.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\wwhg\orsy.dll] [ , 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\wwhg\lowv.dll] [ , 1, 0, 0, 6]
[PID: 1508][C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE] [Microsoft Corporation, 5.00.2134.1]
[C:\WINDOWS\SYSTEM32\WBEM\RTGDH.DLL] [Microsoft Corporation, 5, 1, 2600, 2709]
[PID: 2844][F:\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\WINDOWS\System32\INDICDLL.dll] [Microsoft Corporation, 5.00.2920.0000]
[C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A]
[C:\PROGRA~1\COMMON~1\wwhg\jmxw.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\wwhg\orsy.dll] [ , 1, 0, 0, 6]
[C:\PROGRA~1\四川省~1\Gather.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
[C:\DOCUME~1\chenchi\LOCALS~1\Temp\LgSy0.dll] [N/A, N/A]
[C:\DOCUME~1\chenchi\LOCALS~1\Temp\Rav20.dll] [N/A, N/A]
[C:\DOCUME~1\chenchi\LOCALS~1\Temp\Gjzo1.dll] [N/A, N/A]
[C:\DOCUME~1\chenchi\LOCALS~1\Temp\Msxo0.dll] [N/A, N/A]
[C:\DOCUME~1\chenchi\LOCALS~1\Temp\LgSy0r.dll] [N/A, N/A]
[C:\DOCUME~1\chenchi\LOCALS~1\Temp\Rav30.dll] [N/A, N/A]
[C:\WINDOWS\System32\wsttrs.dll] [N/A, N/A]
[C:\DOCUME~1\chenchi\LOCALS~1\Temp\Qqzo0.dll] [N/A, N/A]
[C:\WINDOWS\System32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[F:\sreng2\Plugins\SRECXTMG.SRE] [Smallfrogs Studio, 1, 5, 0, 55]
[PID: 2992][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\Program Files\superutilbar\superutilbar.dll] [www.shiyongsousuo.com, 2, 1, 8, 24]
[C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]

缘若不灭 - 2007-3-21 7:57:00

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 mmm.caifu18.net
127.0.0.1 www.18dmm.com
127.0.0.1 d.qbbd.com
127.0.0.1 www.5117music.com
127.0.0.1 www.union123.com
127.0.0.1 www.wu7x.cn
127.0.0.1 www.54699.com
127.0.0.1 60.169.0.66
127.0.0.1 60.169.1.29
127.0.0.1 www.97725.com
127.0.0.1 down.97725.com
127.0.0.1 ip.315hack.com
127.0.0.1 ip.54liumang.com
127.0.0.1 www.41ip.com
127.0.0.1 xulao.com
127.0.0.1 www.heixiou.com
127.0.0.1 www.9cyy.com
127.0.0.1 www.hunll.com
127.0.0.1 www.down.hunll.com
127.0.0.1 do.77276.com
127.0.0.1 www.baidulink.com
127.0.0.1 adnx.yygou.cn
127.0.0.1 222.73.220.45
127.0.0.1 www.f5game.com
127.0.0.1 www.guazhan.cn
127.0.0.1 wm,103715.com
127.0.0.1 www.my6688.cn
127.0.0.1 i.96981.com

==================================
API HOOK
N/A

==================================

[/CODE]

天天玩玩 - 2007-3-21 14:08:00

毒窝

素就像天上的浮云 - 2007-3-21 14:15:00

噢～上帝～居然楼主还能继续用～

上网裸奔？还是把防火墙当做装饰什么的

缘若不灭 - 2007-3-22 11:26:00

谁告诉我怎么解决啊。。。。

我是流浪猪 - 2007-3-22 12:05:00

先安装个杀毒软件或者在线杀毒，杀完了再扫日志上来

佩服LZ

菜鸟玩病毒 - 2007-3-22 12:07:00

汗....
lz是养马的吧........

修罗撒旦 - 2007-3-22 12:28:00

合乎瑞星捕获病毒的机器有的一拼

gfdfsdgds - 2007-3-22 12:42:00

一场恶战

水树雨下 - 2007-3-22 12:55:00

<50><C:\SysAd5C\svchost.exe> [N/A]
<4><C:\SysWsj3\svchost.exe> [N/A]
<333><C:\Syswm1e\svchost.exe> [N/A]
<100><C:\SysMa1\svchost.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<wxClient><C:\WINDOWS\System32\Clsmn.exe> []
<cmdbcs><C:\WINDOWS\cmdbcs.exe> [N/A]
<mppds><C:\WINDOWS\mppds.exe> [N/A]
<winform><C:\WINDOWS\winform.exe> [N/A]
<upxdnd><C:\DOCUME~1\chenchi\LOCALS~1\Temp\3.exe> [N/A]
<msccrt><C:\WINDOWS\msccrt.exe> [N/A]
<wsttrs><C:\WINDOWS\wsttrs.exe> [N/A]
<uanl><C:\WINDOWS\uanl.exe> [N/A]
<FYNEWS><C:\DOCUME~1\chenchi\LOCALS~1\Temp\11.exe> [N/A]
<System><C:\Program Files\Common Files\System\Updaterun.exe> [N/A]
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys> [N/A]
<{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys> [N/A]
<{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat> [N/A]
<{923509F1-45CB-4EC0-BDE0-1DED35B8FD60}><C:\Program Files\Internet Explorer\IEXPLORE.win> [N/A]
还有N只鸽子，建议重做系统

饭后点心 - 2007-3-22 12:57:00

这机器还能跑,配置不错......建议直接重装,太多东西了......快成动物园了

sanjingshou - 2007-3-22 13:14:00

楼主是养病毒和鸽子的啊？

misaboa - 2007-3-22 14:00:00

格C，重装把，这样最好

异族风剑 - 2007-3-22 14:06:00

..你电脑满厉害的嘛！~ 病毒鸽子成群！~

缘若不灭 - 2007-3-24 15:54:00

告诉我那些是病毒。。。那些是鸽子啊。。

快来救命啊啊 - 2007-3-24 16:21:00

到我的网盘http://free.ys168.com/?demonkyo01
查杀毒文件夹下的杀毒文件夹下载灰鸽子专杀和木马专杀、橙色8月专杀回来扫描一下系统

看你的日志看得眼睛都花。懒得看了以下是手动删除滴。你先扫完系统再用SRENG2扫一次日志发上来。

打开SRENG2 启动项目删除以下
<Internat.exe><Internat.exe> [Microsoft Corporation]
<kavshell><C:\Progra~1\Eset\svch0st.exe> [N/A]
<hl15zjyvl6><C:\DOCUME~1\chenchi\LOCALS~1\Temp\servicer.exe>
<50><C:\SysAd5C\svchost.exe> [N/A]
<4><C:\SysWsj3\svchost.exe> [N/A]
<333><C:\Syswm1e\svchost.exe> [N/A]
<100><C:\SysMa1\svchost.exe> [N/A]
<cmdbcs><C:\WINDOWS\cmdbcs.exe> [N/A]
<mppds><C:\WINDOWS\mppds.exe> [N/A]
<winform><C:\WINDOWS\winform.exe> [N/A]
<upxdnd><C:\DOCUME~1\chenchi\LOCALS~1\Temp\3.exe> [N/A]
<msccrt><C:\WINDOWS\msccrt.exe> [N/A]
<wsttrs><C:\WINDOWS\wsttrs.exe> [N/A]
<uanl><C:\WINDOWS\uanl.exe> [N/A]
<FYNEWS><C:\DOCUME~1\chenchi\LOCALS~1\Temp\11.exe> [N/A]
<twin><C:\WINDOWS\System32\ctfnom.exe>
<GinaDLL><C:\WINDOWS\system32\LogUser.dll> []
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys> [N/A]
<{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys> [N/A]
<{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat> [N/A]
<{923509F1-45CB-4EC0-BDE0-1DED35B8FD60}><C:\Program Files\Internet Explorer\IEXPLORE.win> [N/A]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll>
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Corporation]
相同的全部删
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Corporation]
<SCRNSAVE.EXE><C:\WINDOWS\System32\wxAScr.scr> [N/A]

服务
把[Error Reporting Service / ERSvc][Running/Auto Start]
设置修改启动类型为Disabled

删除[Vedio Adapter / VGADown][Stopped/Auto Start]
<C:\WINDOWS\lsass.exe><N/A>

[Remote Control Server / WinVNC4][Stopped/Manual Start]
<"C:\WINDOWS\System32\rmserver.exe" -service><>

[D39A235A / D39A235A][Stopped/Auto Start]
<C:\WINDOWS\System32\D39A235A.EXE -service><Microsoft Corporation>

[sadsaads / afdsfsgg][Running/Auto Start]
<C:\WINDOWS\System32\dfsdfsg.exe><Microsoft Corporation>

[4C33D3E9 / 4C33D3E9][Stopped/Auto Start]
<C:\WINDOWS\System32\4C33D3E9.EXE -service><Microsoft Corporation>

删除不了的话设置启动类型为Disabled

瑞星卡卡安全论坛