前天，有个朋友ＱＱ给我发了个文件，说是照片，我接受后，结果就中了毒了，网页每１０分钟跳出电影广告，而且我的ＱＱ也自动给好友发送那个有毒的照片文件，请各位帮帮我吧～以下是日志扫描！



Logfile of HijackThis v1.99.1
Scan saved at 12:42:30, on 2006-4-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\BENQ\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\smss.exe
C:\WINDOWS\LSASS.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wmimgrnt.exe
C:\WINDOWS\WINLOGON.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\讯雷\新建文件夹\Thunder.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\Timcp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\赵雪的文档\study\电脑知识\HijackThis.exe

R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
F2 - REG:system.ini: Shell=explorer.exe 1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\BENQ\IEXPLORE.EXE
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v5.dll
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll (file missing)
O2 - BHO: QuickBtn - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} - C:\Program Files\CoolWebsite\QuickLink.dll
O2 - BHO: DTSvc Class - {6B280AC7-8B18-46A4-BF70-FC579A1B2F76} - C:\Program Files\DTSVC\DTS\DTS.dll
O2 - BHO: MICROQIL2 - {832C0563-0820-4fef-83D8-418261DBC233} - C:\WINDOWS\system32\RAdminl.dll
O2 - BHO: MacroMediapd - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINDOWS\system32\microapmddt.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINDOWS\system32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - HKLM\..\Run: [SearchNet_Up] "C:\Program Files\SearchNet\ServeUp.exe"
O4 - HKLM\..\Run: [supdate2.dll] RUNDLL32.EXE C:\WINDOWS\system32\supdate2.dll,Run
O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDAT\Update.exe
O4 - HKLM\..\Run: [WMI Manager For NT] C:\WINDOWS\system32\wmimgrnt.exe
O4 - HKLM\..\Run: [Msinfo] C:\Program Files\Common Files\System\Msinfo.exe
O4 - HKLM\..\Run: [ToP] C:\WINDOWS\LSASS.exe
O4 - HKLM\..\Run: [TProgram] C:\WINDOWS\smss.exe
O4 - HKLM\..\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 迅雷4.lnk = ?
O4 - Global Startup: eBay易趣--全球商品一网打尽.lnk = C:\Program Files\EbayShop\EbayShop.exe
O4 - Global Startup: 服务管理器.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &使用迅雷下载 - D:\讯雷\新建文件夹\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\讯雷\新建文件夹\getAllurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: 实用网址导航 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\CoolWebsite\QuickLink.dll
O9 - Extra button: 新浪UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - C:\Program Files\sina\UC\uc.exe
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{412665B5-324B-4B82-B426-5E2829DBE8C0}: NameServer = 202.103.0.117 202.103.0.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{412665B5-324B-4B82-B426-5E2829DBE8C0}: NameServer = 202.103.0.117 202.103.0.68
O20 - AppInit_DLLs: KB759761.LOG

【回复“Qoo雪℃”的帖子】
C:\BENQ\IEXPLORE.EXE
C:\WINDOWS\smss.exe
C:\WINDOWS\LSASS.exe
C:\WINDOWS\system32\wmimgrnt.exe
C:\WINDOWS\WINLOGON.EXE
这几项有问题

楼主的机器中了QQ爱虫及龙字传奇两个变态木马

个人估计楼主需要重装系统了

先同情一下吧

唉

在网络中要时时保持警惕
不要看到什么花花图片或文件就打开

闪人

啊~~~~~~~~~重装系统,不可以呀~~你叫:不言放弃的,怎么可以说这样放弃的话呀,一定有办法的,帮帮我好吗,请大家帮帮我好吗

至少,可以让我电脑撑一段时间呀,不要这么快判死刑呀~不言放弃~
别放弃我呀~救救我的电脑吧~