发表于: 2006-08-28 12:41 | 显示全部 短消息 资料
字号: 1楼

内存都爆了!

C:\WINDOWS\system32\Ravdm.exe
一开机就启动无数个ie。删了这个文件重启后还会有。头大啊。
HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 12:38:39, on 2006-8-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Tencent\TT\TTraveler.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\LIYING~1\LOCALS~1\Temp\Rar$EX00.593\IEscan.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\3721\ske\TrojanAssistant.exe
F:\Program Files\Tencent\qq\QQ.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

F:\a\电脑上网必备\电脑上网必备\恶意代码查看工具.EXE

O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_011.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yassist.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [a.cmd] C:\a.cmd
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\RunOnce: [DelIE4dir] rundll32.exe advpack.dll,DelNodeRunDLL32
O4 - HKLM\..\RunOnce: [DelIE4dir2] rundll32.exe advpack.dll,DelNodeRunDLL32
O4 - HKLM\..\RunOnce: [DelIE4dir3] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\program files\internet explorer
O4 - HKLM\..\RunOnce: [DelUninstalldir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\program files\uninstall information
O4 - HKLM\..\RunOnce: [DelCatrootdir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\catroot
O4 - HKLM\..\RunOnce: [DelCookiesdir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\cookies
O4 - HKLM\..\RunOnce: [DelHistorydir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\history
O4 - HKLM\..\RunOnce: [DelDownloaddir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\downloaded program files
O4 - HKLM\..\RunOnce: [DelFavoritesdir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\favorites
O4 - HKLM\..\RunOnce: [DelSubscripdir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\subscriptions
O4 - HKLM\..\RunOnce: [DelWelcomedir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\application data\microsoft\welcome
O4 - HKLM\..\RunOnce: [DelTempIFilesdir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\temporary internet files
O4 - HKLM\..\RunOnce: [DelJavadir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\java
O4 - HKLM\..\RunOnce: [DelOnlineServdesk] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\desktop\online services
O4 - HKLM\..\RunOnce: [DelOnlineServdir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\program files\online services
O4 - HKLM\..\RunOnce: [Deldownloadtmp] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\msdownld.tmp
O4 - HKLM\..\RunOnce: [DelMacromeddir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\system32\Macromed
O4 - HKLM\..\RunOnce: [Deloobe] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\system32\oobe
O4 - HKLM\..\RunOnce: [Delcatroot] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\system32\catroot
O4 - HKLM\..\RunOnce: [DelOccache] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\occache
O4 - HKLM\..\RunOnce: [DelTrieditdir] rundll32.exe advpack.dll,DelNodeRunDLL32 \triedit
O4 - HKLM\..\RunOnce: [GDelUninstalldir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\programme\uninstall information
O4 - HKLM\..\RunOnce: [GDelHistorydir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\verlauf
O4 - HKLM\..\RunOnce: [GDelFavoritesdir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\favoriten
O4 - HKLM\..\RunOnce: [GDelWelcomedir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\anwendungsdaten\microsoft\welcome
O4 - HKLM\..\RunOnce: [GDelOnlineServdesk] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\desktop\online-dienste
O4 - HKLM\..\RunOnce: [GDelOnlineServdir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\programme\online-dienste
O4 - HKLM\..\RunOnce: [SDelUninstalldir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\program\uninstall information
O4 - HKLM\..\RunOnce: [SDelHistorydir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\tidigare
O4 - HKLM\..\RunOnce: [SDelFavoritesdir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\favoriter
O4 - HKLM\..\RunOnce: [SDelOnlineServdesk] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\skrivbord\onlinetj
O4 - HKLM\..\RunOnce: [SDelOnlineServdir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\program\onlinetj
O4 - HKLM\..\RunOnce: [IDelUninstalldir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\programmi\uninstall information
O4 - HKLM\..\RunOnce: [IDelHistorydir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\cronologia
O4 - HKLM\..\RunOnce: [IDelFavoritesdir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\preferiti
O4 - HKLM\..\RunOnce: [IDelOnlineServdir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\programmi\onlinetj
O4 - HKLM\..\RunOnce: [DDelHistorydir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\historique
O4 - HKLM\..\RunOnce: [DDelFavoritesdir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\favoris
O4 - HKLM\..\RunOnce: [SpDelUninstalldir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\archivos de programa\uninstall information
O4 - HKLM\..\RunOnce: [SpDelOnlineServdir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\escritorio\servicios en l
O4 - HKLM\..\RunOnce: [SpDelFavoritesdir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\favoritos
O4 - HKLM\..\RunOnce: [SpDelHistorydir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\historial
O4 - HKLM\..\RunOnce: [DaDelUninstalldir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\programmer\uninstall information
O4 - HKLM\..\RunOnce: [DaDelFavoritesdir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\foretrukne
O4 - HKLM\..\RunOnce: [DaDelHistorydir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\oversigt
O4 - HKLM\..\RunOnce: [PbDelUninstalldir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\arquivos de programas\internet explorer
O4 - HKLM\..\RunOnce: [Install_Shell] RunDll32.exe advpack.dll,LaunchINFSection c:\IErad.inf,InstallShell
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O11 - Options group: [!CNS] 
O17 - HKLM\System\CCS\Services\Tcpip\..\{445737DD-9892-4A2E-80EB-12886FD1286A}: NameServer = 219.150.32.132 219.146.0.130

最后编辑2006-08-28 13:08:52