1   1  /  1  页   跳转

威金变种,大家帮忙看下!!

收藏
悔心乱舞
头像
叱咤花甲狮
  • 帖子:2749
  • 注册: 2004-11-26
  • 来自:
发表于: 2006-12-22 21:37 | 只看楼主 短消息 资料
字号: 1楼

威金变种,大家帮忙看下!!

2006-12-22,21:23:46

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <KvXP><"C:\Program Files\KV2006\KvXP.kxp" /ScanBoot /ScanSys>  [Jiangmin Co.Ltd]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><C:\PROGRA~1\svhost32.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <KvMonXP><"C:\Program Files\KV2006\KVMonXP.kxp" /auto>  [Jiangmin Co.Ltd]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <zts2><C:\DOCUME~1\lin\LOCALS~1\Temp\vveQjE.exe>  [N/A]
    <mhs2><C:\DOCUME~1\lin\LOCALS~1\Temp\vSojVL.exe>  [N/A]
    <rxzs><C:\DOCUME~1\lin\LOCALS~1\Temp\zdSAbn.exe>  [N/A]
    <wlzs><C:\DOCUME~1\lin\LOCALS~1\Temp\PUoarp.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{729B6C61-BDC5-4C09-A1DE-A296BA0B89EC}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[KVSrvXP / KVSrvXP]
  <C:\Program Files\KV2006\KVSrvXP.exe /Service><Jiangmin Co. Ltd>
[KVWSC / KVWSC]
  <"C:\Program Files\KV2006\kvwsc.exe"><Jiangmin Co.Ltd>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[O&O Defrag / O&O Defrag]
  <E:\Program Files\Defrag_Server_Edition磁盘整理\oodag.exe><N/A>
[StarWind iSCSI Service / StarWindService]
  <C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe><Rocket Division Software>
[Windows DHCP Service / WinDHCPsvc]
  <C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>

==================================
驱动程序
[Belcarra USBLAN / Belcarra USBLAN]
  <system32\DRIVERS\btblan.sys><Belcarra Technologies>
[BHDCKEY / BHDCKEY]
  <System32\Drivers\usbdriver.sys><BHDC>
[DirectDrv / DirectDrv]
  <system32\DRIVERS\MotoVisionDP.sys><Mjtsai Corp>
[EagleNT / EagleNT]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[KRegEx / KRegEx]
  <\??\C:\PROGRA~1\KV2006\KRegEx.sys><Jiangmin Co. Ltd.>
[KSysCall Service / KSysCall]
  <\??\C:\PROGRA~1\KV2006\KSysCall.sys><Jiangmin Co. Ltd.>
[KVDP_1 / KVDP_1]
  <\??\C:\Program Files\KV2006\KVDP_1.sys><Jiangmin Co., Ltd.>
[KvMemon / KvMemon]
  <\??\C:\PROGRA~1\KV2006\KvMemon.sys><Jiangmin Co. Ltd.>
[KVREDIR / KVREDIR]
  <\??\C:\Program Files\KV2006\KVREDIR.sys><Jiangmin Co. Ltd>
[MotoVision For E680/680i, A780/760/768 Virtual Camera / MOTOVISION]
  <system32\DRIVERS\motovision.sys><Windows (R) 2000 DDK provider>
[npkcrypt / npkcrypt]
  <\??\E:\QQ\npkcrypt.sys><N/A>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Motorola USB Device / P2k]
  <system32\DRIVERS\P2k.sys><Motorola Inc>
[PProtect / PProtect]
  <\??\C:\PROGRA~1\KV2006\PProtect.sys><Jiangmin Co. Ltd.>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[sptd / sptd]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[Spy Emergency Driver / SpyEmrg]
  <System32\Drivers\spyemrg.sys><N/A>
[SVKP / SVKP]
  <\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>
[TCP/IP Protocol Driver / Tcpip]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TSP / TSP]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><N/A>
[vaxscsi / vaxscsi]
  <\SystemRoot\System32\Drivers\vaxscsi.sys><N/A>
[Vinyl AC'97 Audio Controller (WDM) / VIAudio]
  <system32\drivers\vinyl97.sys><VIA Technologies, Inc.>
[WIBU-KEY Kernel Driver / WIBUKEY]
  <SYSTEM32\DRIVERS\Wibukey.sys><WIBU-SYSTEMS AG>
[World Standard Teletext Codec / WSTCODEC]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[FiltrateWebObj Class]
  {42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} <C:\Program Files\KV2006\KVBHO.dll, Jiangmin Co.Ltd>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <C:\Program Files\KV2006\KvShell.dll, Jiangmin Co.Ltd>
[启动迅雷]
  {0062C9BD-B349-40DE-91A0-755F37ACD559} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, N/A>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, N/A>
[Alcohol Toolbar]
  {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} <C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll, N/A>
[&Radio]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[InfoSecNetSign Class]
  {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINDOWS\system32\NetSign.dll, Infosec Technologies Co., Ltd.>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[InfosecCertInstall Class]
  {0EB487C8-E9AC-43A6-8C4C-083999B0622F} <C:\WINDOWS\system32\certInStall.dll, >
[FiltrateWebObj Class]
  {42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} <C:\Program Files\KV2006\KVBHO.dll, Jiangmin Co.Ltd>
[Alcohol Toolbar]
  {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} <C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll, N/A>
[Alcohol Toolbar Helper]
  {52D06F97-5511-43FA-8FDA-C481864FD26E} <C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll, N/A>
[InfoSecNetSign Class]
  {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINDOWS\system32\NetSign.dll, Infosec Technologies Co., Ltd.>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <C:\Program Files\KV2006\KvShell.dll, Jiangmin Co.Ltd>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SUBMIT~1.DLL, >
[江民杀毒工具栏]

最后编辑2006-12-22 22:02:33
分享到:
gototop
 
悔心乱舞
头像
叱咤花甲狮
  • 帖子:2749
  • 注册: 2004-11-26
  • 来自:
发表于: 2006-12-22 21:48 | 只看楼主 短消息 资料
字号: 2楼

来人啊
gototop
 
FCOME
头像
快乐黄口狮
  • 帖子:207
  • 注册: 2006-09-09
  • 来自:
发表于: 2006-12-22 22:01 | 短消息 资料
字号: 3楼

日志没贴完!!
gototop
 
FCOME
头像
快乐黄口狮
  • 帖子:207
  • 注册: 2006-09-09
  • 来自:
发表于: 2006-12-22 22:04 | 短消息 资料
字号: 4楼

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><C:\PROGRA~1\svhost32.exe> [N/A]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<zts2><C:\DOCUME~1\lin\LOCALS~1\Temp\vveQjE.exe> [N/A]
<mhs2><C:\DOCUME~1\lin\LOCALS~1\Temp\vSojVL.exe> [N/A]
<rxzs><C:\DOCUME~1\lin\LOCALS~1\Temp\zdSAbn.exe> [N/A]
<wlzs><C:\DOCUME~1\lin\LOCALS~1\Temp\PUoarp.exe> [N/A]

用sreng2删除上面的那个启动
在安全模式下清空临时文件夹
还有就是你的日志没贴完
gototop
 
FCOME
头像
快乐黄口狮
  • 帖子:207
  • 注册: 2006-09-09
  • 来自:
发表于: 2006-12-22 22:07 | 短消息 资料
字号: 5楼

引用:
【悔心乱舞的贴子】来人啊
………………

<load><C:\PROGRA~1\svhost32.exe> [N/A]
把这个文件压缩一下发到我的邮箱里去吧
wdt3385@yahoo.com.cn
谢谢
密码 123456
gototop
 
gmgmgmgm
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2006-04-20
  • 来自:
发表于: 2006-12-22 22:11 | 短消息 资料
字号: 6楼

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      21:53:02, 日期 2006-12-22
操作系统:  Windows XP SP2 (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\svhost32.exe
C:\WINDOWS\Intel\rundll32.exe
C:\WINDOWS\down\rundll32.exe
C:\WINDOWS\Download\svhost32.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Microsoft\svhost32.exe
C:\WINDOWS\Microsoft\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yayad\AdPop.Exe
C:\WINDOWS\system32\wuauclt.exe
D:\杀毒软件\HijackThis1[1].99.1\HijackThis1991zww.exe

R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr1.dll
F3 - REG:win.ini: load=C:\PROGRA~1\svhost32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ad Engine - {077FD0C3-1291-4104-A356-41E36B252682} - C:\Program Files\Yayad\AdCore.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr1.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: BHOHelper Class - {67A90DD5-128D-43AB-B97C-565D2DD42A28} - C:\Program Files\adx\atloader.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O4 - 启动项HKLM\\Run: [sys] C:\WINDOWS\Intel\rundll32.exe
O4 - 启动项HKLM\\Run: [r] C:\WINDOWS\down\rundll32.exe
O4 - 启动项HKLM\\Run: [adx.exe] C:\Program Files\adx\adx.exe
O4 - 启动项HKLM\\Run: [wl] C:\WINDOWS\Download\svhost32.exe
O4 - 启动项HKLM\\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - 启动项HKLM\\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - 启动项HKLM\\Run: [mhs2] C:\DOCUME~1\yaya\LOCALS~1\Temp\smss.exe
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [HF_GameClient] C:\Program Files\浩方对战平台\GameClient.exe
O4 - 启动项HKLM\\Run: [Micro] C:\WINDOWS\Microsoft\rundll32.exe
O4 - 启动项HKLM\\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - 启动项HKLM\\Run: [rxzs] C:\DOCUME~1\yaya\LOCALS~1\Temp\svchost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [myZt1] C:\DOCUME~1\yaya\LOCALS~1\Temp\Zt1\SVCH0ST.EXE
O4 - Startup: 腾讯QQ.lnk = D:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\浩方对战平台\GameClient.exe
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [TBH] 中文搜搜
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT