发表于: 2006-06-24 14:32 | 只看楼主 短消息 资料
字号: 1楼

中病毒了杀不掉谢谢帮助

c:\...\UOGTCSXO\open_01[2].js被拒绝感染了Trojan-Downloader,JS.IstBar.ai
日志:
HijackThis_zww汉化版扫描日志 V1.99.1
保存于      14:20:33, 日期 2006-6-24
操作系统:  Windows XP SP2 (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
D:\腾讯QQ\QQ.exe
D:\腾讯QQ\TIMPlatform.exe
D:\千千静听\TTPlayer.exe
D:\Maxthon\Maxthon.exe
D:\查看日志\HijackThis1991zww.exe

R3 - URLSearchHook: (no name) - {5EEDFD70-963C-42C5-B406-81D38DA4E101} - C:\WINDOWS\system32\Pkqnux.dll
R3 - URLSearchHook: (no name) - {A5C6F50C-990F-4E96-BF3E-F024C31332E6} - C:\WINDOWS\system32\Xndc.dll
R3 - URLSearchHook: (no name) - {67FCA5C0-63BD-46FE-8E4C-C869EEDDE4FA} - C:\WINDOWS\system32\Rxilbw.dll
R3 - URLSearchHook: (no name) - {99826E6A-7C2F-48A4-A602-0649AC502EEC} - C:\WINDOWS\system32\Gsnygm.dll
R3 - URLSearchHook: (no name) - {7A1373EF-A0CB-4C52-91CF-A42D1BFF4191} - C:\WINDOWS\system32\Adzix.dll
R3 - URLSearchHook: (no name) - {B0B06169-D367-4F64-A64C-5EB764E4043C} - C:\WINDOWS\system32\Okgxa.dll
R3 - URLSearchHook: (no name) - {4133D2F7-B852-4CB6-912C-0D4853F8834A} - C:\WINDOWS\system32\Jdhs.dll
R3 - URLSearchHook: (no name) - {54852376-E4F5-4A1D-8077-5ED3C18C12F5} - C:\WINDOWS\system32\Mdpywm.dll
R3 - URLSearchHook: (no name) - {38A75C16-EE6C-4BA4-A300-16D2236BAD12} - C:\WINDOWS\system32\Iwratz.dll
R3 - URLSearchHook: (no name) - {1DADFA74-6E96-411F-9206-BA7D7D074762} - C:\WINDOWS\system32\Ujbe.dll
R3 - URLSearchHook: (no name) - {6F1E84A3-E8D8-40B6-8F7F-FD5ADD8901D0} - C:\WINDOWS\system32\Dedbqx.dll
R3 - URLSearchHook: (no name) - {072F142C-0781-4195-876F-A3F54EBE9656} - C:\WINDOWS\system32\Khdjf.dll
R3 - URLSearchHook: (no name) - {F65D8FD7-7512-4A06-B8F8-9FB86D5E9666} - C:\WINDOWS\system32\Wyeyui.dll
R3 - URLSearchHook: (no name) - {311419C1-1794-42E0-B996-C275A8B1EECB} - C:\WINDOWS\system32\Cshpdm.dll
R3 - URLSearchHook: (no name) - {EC485203-23C2-43A0-BE21-A786E3F657F4} - C:\WINDOWS\system32\Mbpfc.dll
R3 - URLSearchHook: (no name) - {494F1294-2CD3-43B8-A7C1-44CC2AE37F7D} - C:\WINDOWS\system32\Sdyxy.dll
R3 - URLSearchHook: (no name) - {BA47EF3E-E40D-43DB-9D55-659A3E12E16F} - C:\WINDOWS\system32\Vjiz.dll
R3 - URLSearchHook: (no name) - {9A6AD992-34FC-470C-BB7F-647AE7911ED2} - C:\WINDOWS\system32\Kjjm.dll
R3 - URLSearchHook: (no name) - {31F16AE0-5685-43D9-A6D9-F479FBEE6B7B} - C:\WINDOWS\system32\Nwso.dll
R3 - URLSearchHook: (no name) - {2B6518D4-0137-4C3F-9762-7B6116497801} - C:\WINDOWS\system32\Fbccrw.dll
R3 - URLSearchHook: (no name) - {377011FD-1C60-4188-B325-FDBC873227DE} - C:\WINDOWS\system32\Usbmoc.dll
R3 - URLSearchHook: (no name) - {5438BCE9-CC0A-4378-9CF9-541D0455A393} - C:\WINDOWS\system32\Ttuug.dll
R3 - URLSearchHook: (no name) - {F8EA06E0-6D0F-44AA-AF5B-5D2046AC5613} - C:\WINDOWS\system32\Qiari.dll
R3 - URLSearchHook: (no name) - {F25E2DF0-C3A6-4508-9EDA-3801B38E1C3C} - C:\WINDOWS\system32\Terh.dll
R3 - URLSearchHook: (no name) - {01A09498-53C0-4FB1-A9B0-24236486699C} - C:\WINDOWS\system32\Mepckj.dll
R3 - URLSearchHook: (no name) - {BEB5EFD2-C43C-4345-A7F2-E4D9527405A4} - C:\WINDOWS\system32\Vlenb.dll
R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr1.dll
R3 - URLSearchHook: (no name) - {A982323E-C604-49A4-950E-70DC97B6FDDC} - C:\WINDOWS\system32\Sqsodm.dll
R3 - URLSearchHook: (no name) - {F3ADD63B-64BB-46CB-8F25-47B65509C44A} - C:\WINDOWS\system32\Rephi.dll
R3 - URLSearchHook: (no name) - {4C293D0E-C277-4803-8084-98A5BDEDECF5} - C:\WINDOWS\system32\Cduayr.dll
R3 - URLSearchHook: (no name) - {C845791E-EF2D-48E9-86FB-B5BAED1BB3F4} - C:\WINDOWS\system32\Duiy.dll
R3 - URLSearchHook: (no name) - {637DD078-D30D-472C-B24D-FFA749A7EC59} - C:\WINDOWS\system32\Ixrab.dll
O2 - BHO: (no name) - {01A09498-53C0-4FB1-A9B0-24236486699C} - C:\WINDOWS\system32\Mepckj.dll
O2 - BHO: (no name) - {072F142C-0781-4195-876F-A3F54EBE9656} - C:\WINDOWS\system32\Khdjf.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr1.dll
O2 - BHO: (no name) - {1DADFA74-6E96-411F-9206-BA7D7D074762} - C:\WINDOWS\system32\Ujbe.dll
O2 - BHO: (no name) - {2B6518D4-0137-4C3F-9762-7B6116497801} - C:\WINDOWS\system32\Fbccrw.dll
O2 - BHO: (no name) - {311419C1-1794-42E0-B996-C275A8B1EECB} - C:\WINDOWS\system32\Cshpdm.dll
O2 - BHO: (no name) - {31F16AE0-5685-43D9-A6D9-F479FBEE6B7B} - C:\WINDOWS\system32\Nwso.dll
O2 - BHO: (no name) - {377011FD-1C60-4188-B325-FDBC873227DE} - C:\WINDOWS\system32\Usbmoc.dll
O2 - BHO: (no name) - {38A75C16-EE6C-4BA4-A300-16D2236BAD12} - C:\WINDOWS\system32\Iwratz.dll
O2 - BHO: (no name) - {4133D2F7-B852-4CB6-912C-0D4853F8834A} - C:\WINDOWS\system32\Jdhs.dll
O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - (no file)
O2 - BHO: (no name) - {494F1294-2CD3-43B8-A7C1-44CC2AE37F7D} - C:\WINDOWS\system32\Sdyxy.dll
O2 - BHO: (no name) - {4C293D0E-C277-4803-8084-98A5BDEDECF5} - C:\WINDOWS\system32\Cduayr.dll
O2 - BHO: (no name) - {5438BCE9-CC0A-4378-9CF9-541D0455A393} - C:\WINDOWS\system32\Ttuug.dll
O2 - BHO: (no name) - {54852376-E4F5-4A1D-8077-5ED3C18C12F5} - C:\WINDOWS\system32\Mdpywm.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\腾讯QQ\QQIEHelper.dll
O2 - BHO: (no name) - {5EEDFD70-963C-42C5-B406-81D38DA4E101} - C:\WINDOWS\system32\Pkqnux.dll
O2 - BHO: (no name) - {637DD078-D30D-472C-B24D-FFA749A7EC59} - C:\WINDOWS\system32\Ixrab.dll
O2 - BHO: (no name) - {67FCA5C0-63BD-46FE-8E4C-C869EEDDE4FA} - C:\WINDOWS\system32\Rxilbw.dll
O2 - BHO: (no name) - {6F1E84A3-E8D8-40B6-8F7F-FD5ADD8901D0} - C:\WINDOWS\system32\Dedbqx.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: (no name) - {7A1373EF-A0CB-4C52-91CF-A42D1BFF4191} - C:\WINDOWS\system32\Adzix.dll
O2 - BHO: (no name) - {99826E6A-7C2F-48A4-A602-0649AC502EEC} - C:\WINDOWS\system32\Gsnygm.dll
O2 - BHO: (no name) - {9A6AD992-34FC-470C-BB7F-647AE7911ED2} - C:\WINDOWS\system32\Kjjm.dll
O2 - BHO: (no name) - {A5C6F50C-990F-4E96-BF3E-F024C31332E6} - C:\WINDOWS\system32\Xndc.dll
O2 - BHO: (no name) - {A982323E-C604-49A4-950E-70DC97B6FDDC} - C:\WINDOWS\system32\Sqsodm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B0B06169-D367-4F64-A64C-5EB764E4043C} - C:\WINDOWS\system32\Okgxa.dll
O2 - BHO: (no name) - {BA47EF3E-E40D-43DB-9D55-659A3E12E16F} - C:\WINDOWS\system32\Vjiz.dll
O2 - BHO: (no name) - {BEB5EFD2-C43C-4345-A7F2-E4D9527405A4} - C:\WINDOWS\system32\Vlenb.dll
O2 - BHO: (no name) - {C845791E-EF2D-48E9-86FB-B5BAED1BB3F4} - C:\WINDOWS\system32\Duiy.dll
O2 - BHO: (no name) - {EC485203-23C2-43A0-BE21-A786E3F657F4} - C:\WINDOWS\system32\Mbpfc.dll
O2 - BHO: (no name) - {F25E2DF0-C3A6-4508-9EDA-3801B38E1C3C} - C:\WINDOWS\system32\Terh.dll
O2 - BHO: (no name) - {F3ADD63B-64BB-46CB-8F25-47B65509C44A} - C:\WINDOWS\system32\Rephi.dll
O2 - BHO: (no name) - {F65D8FD7-7512-4A06-B8F8-9FB86D5E9666} - C:\WINDOWS\system32\Wyeyui.dll
O2 - BHO: (no name) - {F8EA06E0-6D0F-44AA-AF5B-5D2046AC5613} - C:\WINDOWS\system32\Qiari.dll
O3 - IE工具栏增项: 比特精灵搜索工具栏 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [KAVPersonal50] D:\卡巴斯基\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - 启动项HKLM\\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [stup1.exe] C:\PROGRA~1\TENCENT\Adplus\stup1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Cn99QDNS] D:\Program Files\cn99qdns\Cn99qdns.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\腾讯QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Excel(&x) - res://D:\新建文~1\Office10\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\腾讯QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\腾讯QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\腾讯QQ\SendMMS.htm
O8 - IE右键菜单中的新增项目: 用比特精灵下载(&B) - D:\BT\BitSpirit\bsurl.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\腾讯QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\腾讯QQ\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\腾讯QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\腾讯QQ\QQIEHelper.dll
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [TBH]  搜搜地址栏搜索
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF1419F6-AA9A-4C1C-878A-F4F8F8E68274}: NameServer = 192.168.0.1
O20 - AppInit_DLLs: KB9193311.LOG
O23 - NT 服务: kavsvc - Kaspersky Lab - D:\卡巴斯基\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: Remote Control - Unknown owner - C:\Program Files\firefly-remote\firefly.exe (file missing)

最后编辑2006-06-24 14:32:34.360000000