瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【原创】马"窝" ——致 使用外挂和乱下载东西的人们★★★★

123   1  /  3  页   跳转

【原创】马"窝" ——致 使用外挂和乱下载东西的人们★★★★

收藏
闪电风暴
头像
特邀体验者
  • 帖子:5462
  • 注册: 2005-01-12
  • 来自:0GiNr
发表于: 2006-09-17 10:36 | 只看楼主 短消息 资料
字号: 1楼

【原创】马"窝" ——致 使用外挂和乱下载东西的人们★★★★

今天看了一位同学的日志,差点晕过去。

Logfile of HijackThis v1.99.1
Scan saved at 10:11:33, on 2006-9-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\pcast\PodcastbarMini\PodcastBar.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\WINLOGON.EXE
C:\WINDOWS\LSASS.exe
C:\WINDOWS\system32\SVOHOST.exe
C:\WINDOWS\SMSS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Logo1_.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\softbox.exe
C:\Program Files\PPRich\MiniPPGou.exe
C:\Program Files\SystemInspect\SVCHAST.exe
C:\WINDOWS\system\realsched.exe
C:\WINDOWS\system\realsched.exe
c:\windows\system32\inetsrv\csrss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
D:\新建文件夹 (2)\qq\QQ.exe
D:\新建文件夹 (2)\qq\TIMPlatform.exe
C:\Documents and Settings\Admin\桌面\袁飞\新建文件夹 (2)\HijackThis\HijackThis.exe
C:\Documents and Settings\Admin\桌面\袁飞\新建文件夹 (2)\HijackThis\HijackThis.exe

R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr1.dll
F2 - REG:system.ini: Shell=Explorer.exe 1
F3 - REG:win.ini: load=C:\WINDOWS\rundl132.exe
O2 - BHO: IEMonitor Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\Program Files\DeskAdTop\deskipn.dll
O2 - BHO: 搜搜地址栏搜索 - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr1.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5072.dll
O2 - BHO: (no name) - {295CD217-AD34-4B66-91BA-48D5EFD9CA20} - C:\WINDOWS\system32\NBBHO.dll
O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\PROGRA~1\SYSTEM~1\SYSTEM~1.DLL
O2 - BHO: raObject Class - {46F194EB-B7DB-4B7A-BD42-5FF39FD17664} - C:\PROGRA~1\pcast\hbcast.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\新建文件夹 (2)\qq\QQIEHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: HSProgSDT - {5D15CEAC-3B27-4863-AAEA-93A4C8A6C57D} - C:\WINDOWS\system32\hssdtobm.dll
O2 - BHO: (no name) - {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\WINDOWS\system32\ssup.dll
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - E:\新建文件夹\MagicSet\haokanbar.dll (file missing)
O2 - BHO: CpapView Class - {77962960-536E-47EC-9DDB-52651519705F} - C:\WINDOWS\system32\Rundl132.dll
O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - C:\Program Files\KV2005\KvShell_2.dll
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\WinSC.dll
O2 - BHO: Macromedia. Flash8 Object - {C61A70F3-505E-4B90-916F-627A8706B4BC} - c:\WINDOWS\system32\FlashPlayer8OCX.dll
O2 - BHO: QuickBtn - {D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} - C:\Program Files\kuzhan\kuzhan.dll
O2 - BHO: 51导航 - {D271A289-57EB-4D0E-9131-A0CD25D4D1F8} - C:\WINDOWS\system32\browsewmzero.dll (file missing)
O2 - BHO: MEobjectSDT - {D4D5C535-BA95-4327-870D-A33826FDD17A} - C:\WINDOWS\system32\obwbkya.dll
O2 - BHO: 珊瑚虫 工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - D:\新陆建ㄎ文募件夹? (2)\qq\Infofo Bar\infofobar.dll (file missing)
O2 - BHO: Subconscious Intruder - {E2218499-2FD4-4EED-A94A-7F0B9C6E300E} - C:\WINDOWS\system32\Inte32.dll
O2 - BHO: Microsoft Solo Browser Helper Object - {E3DB85B5-C559-4894-B474-42E89FAA1EFD} - C:\WINDOWS\system32\wlbs.dll
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\system\db8o4050.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\PROGRA~1\Kingsoft\FASTAI~1\IEBand.dll (file missing)
O3 - Toolbar: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - C:\Program Files\KV2005\KvShell_2.dll
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - E:\新建文件夹\MagicSet\haokanbar.dll (file missing)
O3 - Toolbar: 珊瑚虫 工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - D:\新陆建ㄎ文募件夹? (2)\qq\Infofo Bar\infofobar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] rem RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] rem nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] rem RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Thunder] "E:\新建文件夹\ThunderShell.exe" /s
O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - HKLM\..\Run: [RichMedia] C:\WINDOWS\system32\Rundll32.exe  "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows
O4 - HKLM\..\Run: [pbmini] C:\Program Files\pcast\PodcastbarMini\PodcastBar.exe -hide
O4 - HKLM\..\Run: [Super Rabbit SRRestore] E:\PROGRA~1\SUPERR~1\MAGICSET\SRRest.exe /autosave
O4 - HKLM\..\Run: [svc] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [SoundMam] C:\WINDOWS\system32\SVOHOST.exe
O4 - HKLM\..\Run: [ToP] C:\WINDOWS\LSASS.exe
O4 - HKLM\..\Run: [TProgram] C:\WINDOWS\SMSS.EXE
O4 - HKLM\..\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - HKLM\..\Run: [Desktop] C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
O4 - HKLM\..\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [KvMonXP] "C:\Program Files\KV2005\KVMonXP_2.kxp" /auto
O4 - HKLM\..\Run: [MSService_v1.0] C:\WINDOWS\system\realsched.exe
O4 - HKLM\..\Run: [softbox] C:\WINDOWS\system32\softbox.exe
O4 - HKLM\..\RunServices: [TProgram] C:\WINDOWS\SMSS.EXE
O4 - HKLM\..\RunServices: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [KvXP] "C:\PROGRA~1\KV2005\KvXP.kxp" /ScanBoot /ScanSys
O4 - HKCU\..\Run: [Super Rabbit IEPro] E:\新建文件夹\MagicSet\SRIECLI.EXE /LOAD
O4 - HKCU\..\Run: [Super Rabbit Desktop Search] E:\Program Files\Super Rabbit\MagicSet\srsearch.exe
O4 - HKCU\..\Run: [svc] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [msnnt] C:\WINDOWS\winampa.exe
O4 - Startup: office文件检索.exe
O4 - Startup: 腾讯QQ.lnk = ?
O4 - Global Startup: IE-Bar.lnk = C:\Program Files\Common Files\IE-Bar\iebar.exe
O8 - Extra context menu item: &使用迅雷下载 - E:\新建文件夹\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\新建文件夹\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\新建文件夹 (2)\qq\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\新建文件夹 (2)\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\新建文件夹 (2)\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\新建文件夹 (2)\qq\SendMMS.htm
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\音乐\浩方对战平台\GameClient.exe (file missing)
O9 - Extra button: 酷站导航 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\kuzhan\kuzhan.dll
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: 珊瑚虫 工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F} - D:\新陆建ㄎ文募件夹? (2)\qq\Infofo Bar\infofobar.dll (file missing)
O9 - Extra 'Tools' menuitem: 珊瑚虫 工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F} - D:\新陆建ㄎ文募件夹? (2)\qq\Infofo Bar\infofobar.dll (file missing)
O9 - Extra button: 易趣购物 - {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} - http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-205?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} - http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-205?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\新建文件夹 (2)\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\新建文件夹 (2)\qq\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\新建文件夹 (2)\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\新建文件夹 (2)\qq\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
最后编辑2006-09-17 12:31:26
分享到:
gototop
 
闪电风暴
头像
特邀体验者
  • 帖子:5462
  • 注册: 2005-01-12
  • 来自:0GiNr
发表于: 2006-09-17 10:36 | 只看楼主 短消息 资料
字号: 2楼

O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\kvwspxp_1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\kvwspxp_1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\kvwspxp_1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll
O11 - Options group: [CDNCLIENT]  中文上网
O11 - Options group: [TBH] 搜搜地址栏搜索
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D8C3307-7DB6-4DC1-808C-25EE3BD5AB8E}: NameServer = 85.255.113.92,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFB18713-015A-4976-8C50-FA8C2CE8F7DF}: NameServer = 85.255.113.92 85.255.112.13
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.13
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\system\db8d4051.dll
O23 - Service: Database information combine (DbooInfo) - 易易加速科技有限公司 - C:\WINDOWS\dbmsinfo.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SDAgent Service (SDAgentService) - 北京兴华基业软件技术有限公司 - C:\Program Files\Common Files\smartde\sde.exe
O23 - Service: SVCHAST (SystemInspect) - Unknown owner - C:\Program Files\SystemInspect\SVCHAST.exe
gototop
 
闪电风暴
头像
特邀体验者
  • 帖子:5462
  • 注册: 2005-01-12
  • 来自:0GiNr
发表于: 2006-09-17 10:37 | 只看楼主 短消息 资料
字号: 3楼

其中有问题的:

R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C7688CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr1.dll
F2 - REG:system.ini: Shell=Explorer.exe 1
F3 - REG:win.ini: load=C:\WINDOWS\rundl132.exe
O2 - BHO: IEMonitor Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\Program Files\DeskAdTop\deskipn.dll
O2 - BHO: 搜搜地址栏搜索 - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr1.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} -

C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5072.dll
O2 - BHO: (no name) - {295CD217-AD34-4B66-91BA-
48D5EFD9CA20} - C:\WINDOWS\system32\NBBHO.dll
O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} -C:\PROGRA~1\SYSTEM~1\SYSTEM~1.DLL
O2 - BHO: raObject Class - {46F194EB-B7DB-4B7A-BD42-5FF39FD17664} - C:\PROGRA~1\pcast\hbcast.dll
O2 - BHO: (no name) - {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\WINDOWS\system32\ssup.dll
O2 - BHO: CpapView Class - {77962960-536E-47EC-9DDB-52651519705F} - C:\WINDOWS\system32\Rundl132.dll
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\WinSC.dll
O2 - BHO: Subconscious Intruder - {E2218499-2FD4-4EED-A94A
7F0B9C6E300E} - C:\WINDOWS\system32\Inte32.dll
O2 - BHO: Microsoft Solo Browser Helper Object - {E3DB85B5-C559-
4894-B474-42E89FAA1EFD} - C:\WINDOWS\system32\wlbs.dll
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\system\db8o4050.dll
O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - HKLM\..\Run: [RichMedia] C:\WINDOWS\system32\Rundll32.exe  "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows
O4 - HKLM\..\Run: [svc] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [SoundMam] C:\WINDOWS\system32\SVOHOST.exe
O4 - HKLM\..\Run: [ToP] C:\WINDOWS\LSASS.exe
O4 - HKLM\..\Run: [TProgram] C:\WINDOWS\SMSS.EXE
O4 - HKLM\..\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - HKLM\..\Run: [Desktop] C:\WINDOWS\system32\rundll32.exe

"C:\Program Files\DeskAdTop\Run.dll" ,Rundll
O4 - HKLM\..\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [MSService_v1.0] C:\WINDOWS\system\realsched.exe
O4 - HKLM\..\Run: [softbox] C:\WINDOWS\system32\softbox.exe
O4 - HKLM\..\RunServices: [TProgram] C:\WINDOWS\SMSS.EXE
O4 - HKLM\..\RunServices: [Torjan Program]

C:\WINDOWS\WINLOGON.EXE
O4 - HKCU\..\Run: [svc] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [msnnt] C:\WINDOWS\winampa.exe
O4 - Global Startup: IE-Bar.lnk = C:\Program Files\Common Files\IE-Bar\iebar.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll
O23 - Service: Database information combine (DbooInfo) - 易易加速科技有限公司 - C:\WINDOWS\dbmsinfo.exe
O23 - Service: SDAgent Service (SDAgentService) - 北京兴华基业软件技术有限公司 - C:\Program Files\Common Files\smartde\sde.exe
O23 - Service: SVCHAST (SystemInspect) - Unknown owner - C:\Program Files\SystemInspect\SVCHAST.exe
gototop
 
闪电风暴
头像
特邀体验者
  • 帖子:5462
  • 注册: 2005-01-12
  • 来自:0GiNr
发表于: 2006-09-17 10:37 | 只看楼主 短消息 资料
字号: 4楼

简直让人难以置信

这就是用外挂的结果——外挂捆绑的木马将整个系统都据为已有,搞得局面根本无法收拾。早知道如此,为何不多学一点反病毒技术?(他上网的时间比我还早)为什么非得等到江民被KILL掉才想起求助?
gototop
 
Flying1889
头像
初生襁褓狮
  • 帖子:1347
  • 注册: 2006-08-26
  • 来自:
发表于: 2006-09-17 10:41 | 短消息 资料
字号: 5楼

这电脑太厉害啦
gototop
 
闪电风暴
头像
特邀体验者
  • 帖子:5462
  • 注册: 2005-01-12
  • 来自:0GiNr
发表于: 2006-09-17 10:43 | 只看楼主 短消息 资料
字号: 6楼

木马比正常文件都多
gototop
 
我无邪
头像
高贵耄耋狮
  • 帖子:20720
  • 注册: 2004-06-10
  • 来自:广西玉林
发表于: 2006-09-17 10:44 | 短消息 资料
字号: 7楼

嗯,整个落雪家庭大团圆
重装系统会比修复来得更快
gototop
 
Flying1889
头像
初生襁褓狮
  • 帖子:1347
  • 注册: 2006-08-26
  • 来自:
发表于: 2006-09-17 10:45 | 短消息 资料
字号: 8楼

这贴大家都要重视才行啊
gototop
 
newcenturymoon
头像
社区嘉宾
  • 帖子:15158
  • 注册: 2005-08-03
  • 来自:
论坛8周年活动礼物幸运草
发表于: 2006-09-17 10:46 | 短消息 资料
字号: 9楼

O4 - HKLM\..\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
这个应该是正常的巴?
gototop
 
闪电风暴
头像
特邀体验者
  • 帖子:5462
  • 注册: 2005-01-12
  • 来自:0GiNr
发表于: 2006-09-17 10:47 | 只看楼主 短消息 资料
字号: 10楼

那个是腾讯的坏东西
gototop
 
<<上一主题|下一主题>>
123   1  /  3  页   跳转
页面顶部
Powered by Discuz!NT