瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 杀38个病毒,可是浏览器还冒出很多网站!帮我看看日志

1   1  /  1  页   跳转

[求助] 杀38个病毒,可是浏览器还冒出很多网站!帮我看看日志

收藏
青春鸦片
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2008-07-09
  • 来自:
发表于: 2008-07-09 11:00 | 只看楼主 短消息 资料
字号: 1楼

杀38个病毒,可是浏览器还冒出很多网站!帮我看看日志

我查杀38个病毒,可是浏览器还是时不时的跳出很多网站!帮我看看日志...谢谢各位了,,,

[CODE]
2000-07-09,10:48:55
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTask><"D:\瑞星杀毒\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Publisher]
    <bndfxdh><C:\WINDOWS\system32\bndfxdh.exe>  []
    <RavMonS><C:\WINDOWS\soni.exe>  [瑞星]
    <360><C:\WINDOWS\360safe.exe>  [奇虎网]
    <usmsvc><C:\WINDOWS\system32\usmsvc.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><MMWLANGH1006.dll,tisqctyu.dll,nhmxejkl.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <{00070007-0007-0007-0007-00070007BB15}><C:\WINDOWS\system32\dpvvoxmh.dll>  []
    <{00010001-0001-0001-0001-00010001BB15}><C:\WINDOWS\system32\adsntzt.dll>  []
    <{528DF602-9541-A985-210A-984A698C6F25}><C:\WINDOWS\system32\ptjhehlp.dll>  []
    <{00230023-0023-0023-0023-00230023BB15}><C:\WINDOWS\system32\rasdlgcq.dll>  [N/A]
    <{55694105-5108-9405-3695-954187462155}><C:\WINDOWS\system32\mpwdeapi.dll>  []
    <{00050005-0005-0005-0005-00050005BB15}><C:\WINDOWS\system32\cliconfgzx.dll>  [N/A]
    <{6C648541-1025-9650-9057-6541258720C6}><C:\WINDOWS\system32\mndhfdwd.dll>  []
    <{00170017-0017-0017-0017-00170017BB15}><C:\WINDOWS\system32\msobjstl.dll>  [N/A]
    <{00130013-0013-0013-0013-00130013BB15}><C:\WINDOWS\system32\ksuserfy.dll>  [N/A]
    <{00030003-0003-0003-0003-00030003BB15}><C:\WINDOWS\system32\bootvidgj.dll>  []
    <{8942ff57-5cf4-4ef5-9ffa-1b6d48b4d3fc}><C:\WINDOWS\system32\MMWLANGH1006.dll>  []
    <{6351a63c-4042-433a-a64f-6974e875f835}><C:\WINDOWS\system32\MMWLVAHB1045.dll>  [N/A]
    <{00330033-0033-0033-0033-00330033BB15}><C:\WINDOWS\system32\tscfgwmijxsj.dll>  []
    <{4D698451-2015-6358-9871-2015987452D4}><C:\WINDOWS\system32\apzhdtde.dll>  []
    <{38093456-9012-4568-9076-908765467183}><C:\WINDOWS\system32\tisqctyu.dll>  [N/A]
    <{30618412-C528-C784-C056-C164D1F7C503}><C:\WINDOWS\system32\detxciua.dll>  []
    <{25FD6584-698F-BCD2-602C-698745210352}><C:\WINDOWS\system32\rijxbkin.dll>  []
    <{00060006-0006-0006-0006-00060006BB15}><C:\WINDOWS\system32\dispexcb.dll>  [N/A]
    <{43512378-9874-5641-1025-985420368734}><C:\WINDOWS\system32\oswxdttb.dll>  [N/A]
    <{57AC9076-C898-B098-D098-A18319080975}><C:\WINDOWS\system32\nhmxejkl.dll>  [N/A]
    <{470165F1-9F65-569F-F895-F14F58F41074}><C:\WINDOWS\system32\lofsdjbo.dll>  []
    <{1c0f1519-297a-4c5c-a27b-f2d43e8c6597}><C:\WINDOWS\system32\MMHADPQG1100.dll>  []
    <{39109876-7619-9101-7012-901938475193}><C:\WINDOWS\system32\ietzcpaq.dll>  []
    <{00300030-0030-0030-0030-00300030BB15}><C:\WINDOWS\system32\imgutilhx2.dll>  [N/A]
    <{ACADABAE-1102-0010-8000-00AA006D2EA8}><C:\WINDOWS\system32\ShowAD.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <dpvvoxmh.dll><C:\WINDOWS\system32\dpvvoxmh.dll>  []
    <adsntzt.dll><C:\WINDOWS\system32\adsntzt.dll>  []
    <rasdlgcq.dll><C:\WINDOWS\system32\rasdlgcq.dll>  [N/A]
    <cliconfgzx.dll><C:\WINDOWS\system32\cliconfgzx.dll>  [N/A]
    <msobjstl.dll><C:\WINDOWS\system32\msobjstl.dll>  [N/A]
    <ksuserfy.dll><C:\WINDOWS\system32\ksuserfy.dll>  [N/A]
    <bootvidgj.dll><C:\WINDOWS\system32\bootvidgj.dll>  []
    <tscfgwmijxsj.dll><C:\WINDOWS\system32\tscfgwmijxsj.dll>  []
    <dispexcb.dll><C:\WINDOWS\system32\dispexcb.dll>  [N/A]
    <imgutilhx2.dll><C:\WINDOWS\system32\imgutilhx2.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
==================================

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
分享到:
gototop
 
青春鸦片
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2008-07-09
  • 来自:
发表于: 2008-07-09 11:01 | 只看楼主 短消息 资料
字号: 2楼

回复:杀38个病毒,可是浏览器还冒出很多网站!帮我看看日志

启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> F:\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IPRIP / IPRIP][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\icpb.dll><N/A>
[Irmon / Irmon][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\irmon64.dll><Microsoft Corporation>
[网络服务 / Network Services][Stopped/Auto Start]
  <C:\WINDOWS\MayaBaby\MayaBabyMain.exe><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Nwsapagent / Nwsapagent][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\iasxin.dll><Microsoft Corporation>
[Remote Procedure Call Locator / RpcUsnsvc][Running/Auto Start]
  <C:\WINDOWS\usnsvc.exe><>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\瑞星杀毒\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"D:\瑞星杀毒\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Stormser / Stormser][Running/Auto Start]
  <C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe><暴风网际>
[WbWin / WbWin][Others/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\avtapit.dll><Microsoft Corporation>

==================================
驱动程序
[0e58a9ac922fb55a / 0e58a9ac922fb55a][Stopped/Manual Start]
  <\??\C:\0e58a9ac922fb55a.dat><N/A>
[4zi64ok9l / 4zi64ok9l3][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\4zi64ok9l3.sys><>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[AliIde / AliIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[b315553490be6574 / b315553490be6574][Stopped/Manual Start]
  <\??\C:\b315553490be6574.dat><N/A>
[CmdIde / CmdIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
  <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[Hdv32 / Hdv32][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\Hdv32_c.sys><N/A>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[pbkhqj / pbkhqj][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\pbkhqj.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[qxvfs8sa / qxvfs8sa][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\qxvfs8sa.sys><N/A>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaidexp.sys><VIA Technologies, Inc.>
[VIA AC'97 Audio Controller (WDM) / VIAudio][Running/Manual Start]
  <system32\drivers\viaudio.sys><VIA Technologies, Inc.>

==================================
浏览器加载项
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, >
[]
  {38093456-9012-4568-9076-908765467183} <C:\WINDOWS\system32\tisqctyu.dll, N/A>
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, N/A>
[]
  {43512378-9874-5641-1025-985420368734} <C:\WINDOWS\system32\oswxdttb.dll, N/A>
[]
  {57AC9076-C898-B098-D098-A18319080975} <C:\WINDOWS\system32\nhmxejkl.dll, N/A>
[CMsgCenter Class]
  {6014EABC-B61A-4F07-A32B-440EAE835DF9} <C:\WINDOWS\System32\usmsho.dll, >
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[SrchHook Class]
  {F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, N/A>
[知识库]
  {06926B30-424E-4f1c-8EE3-543CD96573DC} <http://blank.la/?h, N/A>
[IE搜索工具条]
  {BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, N/A>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, >
[]
  {38093456-9012-4568-9076-908765467183} <C:\WINDOWS\system32\tisqctyu.dll, N/A>
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, N/A>
[]
  {43512378-9874-5641-1025-985420368734} <C:\WINDOWS\system32\oswxdttb.dll, N/A>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[]
  {57AC9076-C898-B098-D098-A18319080975} <C:\WINDOWS\system32\nhmxejkl.dll, N/A>
[CMsgCenter Class]
  {6014EABC-B61A-4F07-A32B-440EAE835DF9} <C:\WINDOWS\System32\usmsho.dll, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\D盘内容(软件)\360safe\live.dll, 360safe.com>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[IE搜索工具条]
  {BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[SrchHook Class]
  {F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <F:\QQ\AddEmotion.htm, N/A>

==================================
gototop
 
青春鸦片
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2008-07-09
  • 来自:
发表于: 2008-07-09 11:01 | 只看楼主 短消息 资料
字号: 3楼

回复:杀38个病毒,可是浏览器还冒出很多网站!帮我看看日志

正在运行的进程
[PID: 548 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 632 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 656 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MMWLANGH1006.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 700 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 712 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 868 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 932 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1032 / SYSTEM][D:\瑞星杀毒\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.28]
[PID: 1048 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\icpb.dll]  [N/A, ]
    [c:\windows\system32\irmon64.dll]  [Microsoft Corporation, 1, 0, 0, 1]
    [c:\windows\iasxin.dll]  [Microsoft Corporation, 1, 0, 0, 2]
    [c:\windows\avtapit.dll]  [Microsoft Corporation, 1, 0, 0, 1]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1088 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1172 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1416 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\MMWLANGH1006.dll]  [N/A, ]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
    [C:\WINDOWS\system32\adsntzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\ptjhehlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\mpwdeapi.dll]  [N/A, ]
    [C:\WINDOWS\system32\mndhfdwd.dll]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\tscfgwmijxsj.dll]  [N/A, ]
    [C:\WINDOWS\system32\apzhdtde.dll]  [N/A, ]
    [C:\WINDOWS\system32\detxciua.dll]  [N/A, ]
    [C:\WINDOWS\system32\rijxbkin.dll]  [N/A, ]
    [C:\WINDOWS\system32\lofsdjbo.dll]  [N/A, ]
    [C:\WINDOWS\system32\MMHADPQG1100.dll]  [N/A, ]
    [C:\WINDOWS\system32\ietzcpaq.dll]  [N/A, ]
    [C:\WINDOWS\system32\ShowAD.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\ghjsw.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxdtye.dll]  [N/A, ]
    [C:\WINDOWS\system32\bndfxdh.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [C:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [D:\瑞星杀毒\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[PID: 1540 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\MMWLANGH1006.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxdtye.dll]  [N/A, ]
    [C:\WINDOWS\system32\ghjsw.dll]  [N/A, ]
    [C:\WINDOWS\system32\bndfxdh.dll]  [N/A, ]
[PID: 608 / SYSTEM][C:\WINDOWS\System32\360up.exe]  [Microsoft, 1, 0, 0, 3]
    [C:\WINDOWS\System32\MMWLANGH1006.dll]  [N/A, ]
[PID: 676 / SYSTEM][C:\WINDOWS\RavNT.exe]  [瑞星, 1, 0, 0, 1]
    [C:\WINDOWS\system32\MMWLANGH1006.dll]  [N/A, ]
[PID: 824 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.8198]
    [C:\WINDOWS\system32\MMWLANGH1006.dll]  [N/A, ]
[PID: 920 / SYSTEM][C:\WINDOWS\usnsvc.exe]  [, 1, 0, 1, 7]
    [C:\WINDOWS\system32\MMWLANGH1006.dll]  [N/A, ]
[PID: 972 / SYSTEM][C:\WINDOWS\qqshel.exe]  [Microsoft, 1, 0, 0, 1]
    [C:\WINDOWS\system32\MMWLANGH1006.dll]  [N/A, ]
[PID: 996 / SYSTEM][C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe]  [暴风网际, 1, 0, 0, 11]
    [C:\WINDOWS\system32\MMWLANGH1006.dll]  [N/A, ]
[PID: 1340 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [C:\WINDOWS\system32\MMWLANGH1006.dll]  [N/A, ]
[PID: 1512 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\MMWLANGH1006.dll]  [N/A, ]
[PID: 1844 / Administrator][D:\瑞星杀毒\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.23]
    [D:\瑞星杀毒\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\瑞星杀毒\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\瑞星杀毒\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\瑞星杀毒\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\瑞星杀毒\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.18]
    [C:\WINDOWS\system32\tscfgwmijxsj.dll]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\adsntzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
[PID: 2128 / Administrator][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\system32\MMWLANGH1006.dll]  [N/A, ]
    [C:\WINDOWS\system32\tscfgwmijxsj.dll]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\adsntzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 2244 / Administrator][C:\WINDOWS\system32\usmsvc.exe]  [, 1, 0, 1, 0]
    [C:\WINDOWS\system32\TElem32.dll]  [, 1, 0, 1, 0]
    [C:\WINDOWS\system32\MMWLANGH1006.dll]  [N/A, ]
    [C:\WINDOWS\system32\tscfgwmijxsj.dll]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\adsntzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
[PID: 2256 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MMWLANGH1006.dll]  [N/A, ]
    [C:\WINDOWS\system32\tscfgwmijxsj.dll]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\adsntzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
gototop
 
青春鸦片
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2008-07-09
  • 来自:
发表于: 2008-07-09 11:02 | 只看楼主 短消息 资料
字号: 4楼

回复:杀38个病毒,可是浏览器还冒出很多网站!帮我看看日志

[PID: 2316 / Administrator][F:\QQ\QQ.exe]  [TENCENT, 8,0,830,1811]
    [F:\QQ\QQBaseClassInDll.dll]  [TENCENT, 8,0,830,1811]
    [F:\QQ\QQHelperDll.dll]  [TENCENT, 8,0,830,1811]
    [F:\QQ\BasicCtrlDll.dll]  [TENCENT, 8,0,830,1811]
    [F:\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\WINDOWS\system32\MMWLANGH1006.dll]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\adsntzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
    [C:\WINDOWS\system32\tscfgwmijxsj.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxdtye.dll]  [N/A, ]
    [C:\WINDOWS\system32\ghjsw.dll]  [N/A, ]
    [C:\WINDOWS\system32\bndfxdh.dll]  [N/A, ]
    [F:\QQ\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [F:\QQ\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [F:\QQ\QQAPI.dll]  [TENCENT, 8,0,830,1811]
    [F:\QQ\LoginCtrl.dll]  [TENCENT, 8,0,830,1811]
    [F:\QQ\LoginCtrlRes.dll]  [TENCENT, 8,0,830,1811]
    [F:\QQ\QQRes.dll]  [TENCENT, 8, 0, 830, 1811]
    [F:\QQ\QQMainFrame.dll]  [N/A, ]
    [F:\QQ\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [F:\QQ\QQPlugin.dll]  [N/A, ]
    [F:\QQ\UnReadMsgMgr.dll]  [N/A, ]
    [F:\QQ\CQQApplication.dll]  [N/A, ]
    [F:\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [F:\QQ\NewSkin.dll]  [TENCENT, 8,0,830,1811]
    [F:\QQ\MailSummary.dll]  [TENCENT, 8,0,773,1801]
    [F:\QQ\QQSpace.dll]  [TENCENT, 8,0,830,1811]
    [F:\QQ\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [F:\QQ\QQKnowledgeSearch.dll]  [TENCENT, 8,0,830,1811]
    [F:\QQ\OEMApplication.dll]  [TENCENT, 8,0,830,1811]
    [F:\QQ\QQGroupMng.dll]  [TENCENT, 8,0,830,1811]
    [F:\QQ\QQAllInOne.dll]  [TENCENT, 8,0,830,1811]
    [F:\QQ\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
    [F:\QQ\CameraDll.dll]  [TENCENT, 8,0,830,1811]
    [F:\QQ\QQPet.dll]  [TENCENT, 8,0,830,1811]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [F:\QQ\QRingMng.dll]  [N/A, ]
    [F:\QQ\UserDefinedHead.dll]  [TENCENT, 8,0,830,1811]
    [F:\QQ\QQCustomFace.dll]  [N/A, ]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [F:\QQ\QQSysMsgMng.dll]  [N/A, ]
    [F:\QQ\QQConfigPlugin.dll]  [TENCENT, 8,0,830,1811]
    [F:\QQ\ImageOle.dll]  [TENCENT, 8,0,830,1811]
    [F:\QQ\QQAvatar.dll]  [N/A, ]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [F:\QQ\QQMagicFace.dll]  [TENCENT, 8,0,830,1811]
    [F:\QQ\QQLiveQMng.dll]  [TENCENT, 8,0,830,1811]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [F:\QQ\LongConnection.dll]  [TENCENT, 8,0,830,1811]
    [F:\QQ\PhoneAPI.dll]  [TENCENT, 8,0,830,1811]
    [F:\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [F:\QQ\QQSceneMng.dll]  [N/A, ]
    [F:\QQ\GroupConnection.dll]  [TENCENT, 8,0,830,1811]
    [F:\QQ\BQQApplication.dll]  [N/A, ]
    [D:\瑞星杀毒\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [F:\QQ\CommercesMng.dll]  [TENCENT, 8,0,830,1811]
    [F:\QQ\PersonalDesktop.dll]  [TENCENT, 8,0,830,1811]
    [F:\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330]
    [F:\QQ\AddrSearch.dll]  [腾讯科技(深圳)有限公司, 2, 2, 1, 15]
[PID: 2924 / Administrator][F:\QQ\TXPlatform.exe]  [Tencent, 1, 5, 225, 0]
    [C:\WINDOWS\system32\MMWLANGH1006.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxdtye.dll]  [N/A, ]
    [C:\WINDOWS\system32\ghjsw.dll]  [N/A, ]
    [C:\WINDOWS\system32\tscfgwmijxsj.dll]  [N/A, ]
    [C:\WINDOWS\system32\bndfxdh.dll]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\adsntzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
[PID: 6136 / Administrator][D:\扫描工具\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\MMWLANGH1006.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxdtye.dll]  [N/A, ]
    [C:\WINDOWS\system32\ghjsw.dll]  [N/A, ]
    [C:\WINDOWS\system32\bndfxdh.dll]  [N/A, ]
    [C:\WINDOWS\system32\tscfgwmijxsj.dll]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\adsntzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
    [D:\扫描工具\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
0.0.0.0 182838.com
0.0.0.0 204.177.92.68
0.0.0.0 asiafriendfinder.com
0.0.0.0 asqin123.51.net
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
0.0.0.0 www.jpbeauty.com
0.0.0.0 beautishow.com
0.0.0.0 goodmovies88.com
0.0.0.0 hothack.home.chinaren.com
0.0.0.0 hualiao.net
0.0.0.0 iplus.allyes.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 asqin123.51.net
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
219.153.32.215 auto.search.msn.com

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 608, C:\WINDOWS\SYSTEM32\360UP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 676, C:\WINDOWS\RAVNT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 972, C:\WINDOWS\QQSHEL.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2244, C:\WINDOWS\SYSTEM32\USMSVC.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2244, C:\WINDOWS\SYSTEM32\USMSVC.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
小日来了
头像
社区嘉宾
  • 帖子:3992
  • 注册: 2008-06-18
  • 来自:南京
发表于: 2008-07-09 11:09 | 短消息 资料
字号: 5楼

回复:杀38个病毒,可是浏览器还冒出很多网站!帮我看看日志

请把日志从附件中上传~~~

便于编辑,中的病毒比较多~~需要手工操作
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT