昨天才提醒,今天就有网友点击QQ信息中的网址,中Worm.Viking.pk/Worm.Win32.Viking.jg了
endurer 原创
2007-03-20 第1版
昨天才提醒大家小心QQ信息中的网址会传播维金/Viking等病毒:
小心QQ信息中的网址传播维金Worm.Win32.Viking.ix/Worm.Viking.pg
http://endurer.bokee.com/6171794.html
http://blog.csdn.net/Purpleendurer/archive/2007/03/19/1534201.aspx
http://blog.sina.com.cn/u/49926d91010007zy
http://blog.i0778.com/?1314/action_viewspace_itemid_2795.html
想不到今天就有一位网友中标了。N多病毒,偶都不愿打包了。
pe_xscan 和 HijackThis 的log中也只包含了其中的一部分而已。
先把pe_xscan 和 HijackThis 的log。明天再细述。
pe_xscan 07-03-17 by Purple Endurer
2007-3-20 17:0:26
Windows XP Service Pack 1(5.1.2600)
管理员用户组
[System Process] * 0
C:/Documents and Settings/Administrator/Local Settings/Temporary Internet Files/Content.IE5/HZBCNCMU/3[1].exe | 2007-3-20 16:47:34
C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys | 2007-3-18 8:24:20
C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy0.dll | 2003-3-15 0:0:0
C:/WINDOWS/System32/Qqzos.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy1.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Rav30.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Msxo0.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy0r.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Gjzo0.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Rav20.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Wmzo0.dll | 2003-3-15 0:0:0
C:/WINDOWS/system32/svchost.exe * 840 | 2003-3-15 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.0 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.0 (xpclient.010817-1148) | Microsoft Corporation| ? | svchost.exe | svchost.exe
C:/WINDOWS/System32/cdnns.dll | 2007-3-20 10:47:16 | CNNIC cdnns | 2, 0, 0, 0 | cdnns | Copyright ? 2005 | 2, 0, 0, 0 | CNNIC | | cdnns | cdnns.dll
C:/WINDOWS/Explorer.exe * 1396 | 2003-3-15 0:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2800.1106 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2800.1106 (xpsp1.020828-1920) | Microsoft Corporation| ? | explorer | EXPLORER.EXE
C:/Program Files/Common Files/Microsoft Shared/MSINFO/NewInfo.rxk | 2007-3-20 15:16:42
C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys | 2007-3-18 8:24:20
C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
C:/Program Files/Internet Explorer/IEXPLORE.win | 2007-3-20 15:9:36
C:/WINDOWS/System32/ntd11.dll | 2007-3-19 14:16:54 | | 1.0.0.0 | | | 1.1.1.150 | | | |
C:/WINDOWS/System32/cdnns.dll | 2007-3-20 10:47:16 | CNNIC cdnns | 2, 0, 0, 0 | cdnns | Copyright ? 2005 | 2, 0, 0, 0 | CNNIC | | cdnns | cdnns.dll
C:/Program Files/Thunder Network/Thunder/ComDlls/XunLeiBHO_006.dll | 2006-11-24 0:42:22 | XunLeiBHO Module | 5, 0, 0, 3 | XunLeiBHO | Copyright 2004-2006 | 5, 0, 0, 3 | Thunder Networking Technologies,LTD | | XunLeiBHO | XunLeiBHO.dll
C:/Program Files/Thunder Network/Thunder/ComDlls/ThunderAgent_005.dll | 2006-11-6 16:56:50 | ThunderAgent Module | 1, 0, 0, 11 | ThunderAgent Module | Copyright 2005-2006 | 1, 0, 0, 11 | Thunder Networking Technologies,LTD | | ThunderAgent | ThunderAgent.DLL
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy0.dll | 2003-3-15 0:0:0
C:/WINDOWS/System32/Qqzos.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy1.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Rav30.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Msxo0.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Rav20.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Gjzo0.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy0r.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Wmzo0.dll | 2003-3-15 0:0:0
C:/PROGRA~1/一起搜/tbu08947/tbhelper.dll | 2007-3-19 14:35:16 | IE Toolbar | 3.0.1.0 | IE Toolbar Helper Module | Copyright ? 2001-2007. All rights reserved. | 3, 0, 1, 56 | | | tbhelper | tbhelper.dll
C:/WINDOWS/System32/conime.exe * 1876 | 2003-3-15 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.1106 | Console IME | ? Microsoft Corporation. All rights reserved. | 5.1.2600.1106 (xpsp1.020828-1920) | Microsoft Corporation| ? | Console | CONIME.EXE
C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys | 2007-3-18 8:24:20
C:/WINDOWS/System32/ctfmon.exe * 1940 | 2003-3-15 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.1106 | CTF Loader | ? Microsoft Corporation. All rights reserved. | 5.1.2600.1106 (xpsp1.020828-1920) | Microsoft Corporation| ? | CTFMON | CTFMON.EXE
C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys | 2007-3-18 8:24:20
C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/WINDOWS/servicer.exe * 952 | 2003-3-15 0:0:0
C:/WINDOWS/servicer.exe | 2003-3-15 0:0:0
C:/WINDOWS/System32/Qqzos.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/byetmr.exe * 1696 | 2007-3-20 16:48:52 | Microsoft(R) Windows(R) Operating System | 5.1.2600.0 | Windows Calculator application file | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.0 (xpclient.010817-1148) | Microsoft Corporation| ? | CALC | CALC.EXE
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/byetmr.exe | 2007-3-20 16:48:52 | Microsoft(R) Windows(R) Operating System | 5.1.2600.0 | Windows Calculator application file | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.0 (xpclient.010817-1148) | Microsoft Corporation| ? | CALC | CALC.EXE
C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys | 2007-3-18 8:24:20
C:/WINDOWS/System32/cdnns.dll | 2007-3-20 10:47:16 | CNNIC cdnns | 2, 0, 0, 0 | cdnns | Copyright ? 2005 | 2, 0, 0, 0 | CNNIC | | cdnns | cdnns.dll
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/packet.dll | 2007-3-20 16:48:52 | WinPcap low level packet library | 3, 1, 0, 27 | Packet | Copyright ? 1999-2005 NetGroup, Politecnico di Torino. Copyright ? 2005 CACE Technologies | 3, 1, 0, 27 | CACE Technologies | | Packet | Packet.dll
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/WanPacket.dll | 2007-3-20 16:48:52 | WinPcap low level NetMon wrapper library | 3, 1, 0, 27 | WanPacket | Copyright ? 2005 CACE Technologies. Copyright ? 2003-2005 NetGroup, Politecnico di Torino. | 3, 1, 0, 27 | CACE Technologies | | WanPacket | WanPacket.dll
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/NPPTools.dll | 2007-3-20 16:48:52 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | NPP Tools Helper DLL | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | NPPTools.DLL | NPPTools.DLL
C:/WINDOWS/System32/npp/ndisnpp.dll | 2003-3-15 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.1106 | Network Monitor NDIS Network Packet Provider | ? Microsoft Corporation. All rights reserved. | 5.1.2600.1106 (xpsp1.020828-1920) | Microsoft Corporation| ? | NDISNPP.DLL | NDISNPP.DLL
C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/sl.exe * 1908 | 2007-3-20 16:49:2
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/sl.exe | 2007-3-20 16:49:2
C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/WINDOWS/System32/SVCH0ST.EXE * 1128 | 2003-3-15 0:0:0
C:/WINDOWS/System32/SVCH0ST.EXE | 2003-3-15 0:0:0
C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/Program Files/Internet Explorer/IEXPLORE.EXE * 240 | 2003-3-15 8:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2800.1106 | Internet Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2800.1106 (xpsp1.020828-1920) | Microsoft Corporation| ? | iexplore | IEXPLORE.EXE
C:/WINDOWS/System32/cdnns.dll | 2007-3-20 10:47:16 | CNNIC cdnns | 2, 0, 0, 0 | cdnns | Copyright ? 2005 | 2, 0, 0, 0 | CNNIC | | cdnns | cdnns.dll
C:/Program Files/Common Files/System/ado/msado15.dll | 2003-3-15 8:0:0 | Microsoft Data Access Components | 2.71.9030.0 | Microsoft Data Access - ActiveX Data Objects | Copyright ? Microsoft Corp. 1993-2001 | 2.71.9030.0 | Microsoft Corporation | Windows(TM) is a trademark of Microsoft Corporation. Microsoft? is a registered trademark of Microsoft Corporation | ADO15 | msado15.dll
C:/Program Files/Common Files/Microsoft Shared/MSINFO/NewInfo.rxk | 2007-3-20 15:16:42
C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys | 2007-3-18 8:24:20
C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
C:/Program Files/Internet Explorer/IEXPLORE.win | 2007-3-20 15:9:36
C:/WINDOWS/System32/ctfmon.exe * 308 | 2003-3-15 0:0:0 | Microsoft? Windows? Operating System | 5.1.2600.1106 | CTF Loader | ? Microsoft Corporation. All rights reserved. | 5.1.2600.1106 (xpsp1.020828-1920) | Microsoft Corporation| ? | CTFMON | CTFMON.EXE
C:/Program Files/Common Files/Microsoft Shared/MSINFO/NewInfo.rxk | 2007-3-20 15:16:42
C:/WINDOWS/Logo1_.exe * 740 | 2007-3-20 16:56:50
C:/WINDOWS/Logo1_.exe | 2007-3-20 16:56:50
C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys | 2007-3-18 8:24:20
C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/~I7PRUGI1VAC.CoM * 988 | 2007-3-20 16:57:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/~I7PRUGI1VAC.CoM | 2007-3-20 16:57:0
C:/Program Files/Common Files/Microsoft Shared/MSINFO/NewInfo.rxk | 2007-3-20 15:16:42
C:/WINDOWS/system32/notepad.exe * 1236 | 2003-3-15 0:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.0 | 记事本 | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.0 (xpclient.010817-1148) | Microsoft Corporation| ? | Notepad | NOTEPAD.EXE
C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys | 2007-3-18 8:24:20
C:/Program Files/Internet Explorer/IEXPLORE.Dat | 2007-3-20 15:9:36
C:/Program Files/Internet Explorer/IEXPLORE.Sys | 2007-3-20 15:9:38
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Wmzo0.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy0r.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Gjzo0.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Rav20.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Msxo0.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Rav30.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy1.dll | 2003-3-15 0:0:0
C:/WINDOWS/System32/Qqzos.dll | 2003-3-15 0:0:0
C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/LgSy0.dll | 2003-3-15 0:0:0
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:/PROGRA~1/一起搜/tbu08947/tbhelper.dll
F2 - REG:system.ini: Shell=Explorer.exe realshed.exe
F2 - REG:system.ini: UserInit=C:/WINDOWS/system32/userinit.exe,rundll32.exe C:/WINDOWS/System32/winsys16_070319.dll start
O2 - BHO CAdLogic Object - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:/Program Files/Common Files/CPUSH/cpush.dll
O2 - BHO Cbho Object - {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} - C:/PROGRA~1/CNNIC/Cdn/cdndrag.dll
O2 - BHO Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:/Documents and Settings/All Users/Application Data/Microsoft/PCTools/pctools.dll
O2 - BHO C:/Documents and Settings/All Users/Application Data/Microsoft/PCTools/pctools.dll - {5B02EBA1-EFDD-477D-A37F-05383165C9C0} -
O2 - BHO CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:/PROGRA~1/CNNIC/Cdn/cdnforie.dll
O2 - BHO IEExt Class - {634539A8-7FA8-45E2-8DC3-253AF98548A1} - C:/WINDOWS/system/MFS0FT.DLL
O2 - BHO 实用搜索 - {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} - C:/Program Files/superutilbar/superutilbar.dll
O2 - BHO HrefRedirect Class - {74BC093A-540E-4340-897B-4653A8EB2F47} - C:/WINDOWS/System32/mslink/mslink.dll
O2 - BHO SysShellKernel Class - {E04B27AA-3973-4D68-8F42-B7C2FC8C6CF7} - C:/WINDOWS/System32/SysShellKernel.dll
O2 - BHO WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:/PROGRA~1/CNNIC/Cdn/wmhlpr.dll
O2 - BHO TBSB04694 Class - {F943309C-4AF4-4D85-8064-FD20184B99EA} - C:/PROGRA~1/一起搜/tbu08947/cneqiso.dll
O3 - IE工具栏: 实用搜索工具条2.0 - {03465FF5-00AE-411a-9C34-960ED566EC03} - C:/Program Files/superutilbar/superutilbar.dll
O3 - IE工具栏: - {5558D3F3-87EB-4335-BE71-C6E8E468D166} - C:/Program Files/一起搜/tbu08947/cneqiso.dll
O4 - HKCR/../Run: [ST0RMSetEx] C:/WINDOWS/System32/rundll32.exe C:/WINDOWS/system/AV1CAP.dll,Run
O4 - HKCR/../Run: [svc] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/byetmr.exe
O4 - HKCR/../Run: [ravshell] C:/WINDOWS/System32/SVCH0ST.EXE
O4 - HKCR/../Run: [uv4vmwwc0] C:/WINDOWS/servicea.exe
O4 - HKCR/../Run: [miie7b7y1t51my] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/winlog0n.exe
O4 - HKCR/../Run: [r9k5] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/iexpl0re.exe
O4 - HKCR/../Run: [hvygr0xm] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Servere.exe
O4 - HKCR/../Run: [v55rkqmt6qgx4] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/crasos.exe
O4 - HKCR/../Run: [c7kx] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/rundl132.exe
O4 - HKCR/../Run: [e5dms3e6] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/c0nime.exe
O4 - HKCR/../Run: [1hg1t6] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/iexp1ore.exe
O4 - HKCR/../Run: [2969suv11ri9] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/cftmon.exe
O4 - HKLM/../Run: [System] C:/Program Files/Common Files/System/Updaterun.exe
O4 - HKLM/../Run: [CdnCtr] C:/Program Files/CNNIC/Cdn/cdnup.exe
O4 - HKLM/../Run: [load] C:/WINDOWS/uninstall/rundl132.exe
O4 - HKLM/../Run: [wtsttrs] C:/WINDOWS/wtsttrs.exe
O4 - HKLM/../Run: [cmdbgcs] C:/WINDOWS/cmdbgcs.exe
O4 - HKLM/../Run: [mppds] C:/WINDOWS/mppds.exe
O4 - HKLM/../Run: [msccrt] C:/WINDOWS/msccrt.exe
O4 - HKLM/../Run: [mhs3] C:/WINDOWS/mhs3.exe
O4 - HKLM/../Run: [cmdbcs] C:/WINDOWS/cmdbcs.exe
O4 - HKLM/../Run: [upxdnd] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/TIMPLATF0RM.exe
O4 - HKLM/../Run: [wgs3] C:/WINDOWS/wgs3.exe
O4 - HKLM/../Run: [wsttrs] C:/WINDOWS/wsttrs.exe
O4 - HKLM/../Run: [FYNEWS] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/sl.exe
O4 - Global Startup: WanSo.lnk ->
O8 - IE右键菜单附加项 : 访问通用网址 - C:/Program Files/CNNIC/Cdn/cnnic.htm
O21 - SSODL - nvwi(Windows nvwi Theme) - {D0A6302C-859C-471E-9082-6B865C0ACAA2} = C:/PROGRA~1/muvh/nvwi.dll
O23 - 服务: 7A04BC6 (7A04BC6) - C:/WINDOWS/System32/7A04BC6.EXE -service | 2007-3-20 14:59:36 | Microsoft(R) Windows(R) Operating System | 5.2.3790.1830 | ASN.2 Runtime APIs | (C) Microsoft Corporation. All rights reserved. | 5.2.3790.1830 | Microsoft Corporation| ?| ?| ?(自动)
O23 - 服务: bcjhjgfi (bcjhjgfi) - system32/drivers/bcjhjgfi.sys(引导)
O23 - 服务: bkvtszv () - C:/WINDOWS/System32/svchost.exe -k netsvcs -> C:/PROGRA~1/COMMON~1/okvtyzv/okvtyzv.dll | 2007-3-20 10:50:36 | | 2, 8, 0, 1 | | | 2, 8, 0, 1 | | | | (自动)
O23 - 服务: cdnprot (cdnprot) - system32/drivers/cdnprot.sys | 中文上网官方版 | 2, 4, 0, 27 | Driver Device | Copyright (c) . All rights reserved. | 2.4.0.27 | 中国互联网络信息中心(CNNIC)| ? | cdnprot.sys | cdnprot.sys(引导)
O23 - 服务: cdntran (cdntran) - system32/drivers/cdntran.sys | CNNIC cdntran | 2, 6, 0, 0 | cdntran | Copyright ? 2005 | 2, 6, 0, 0 | CNNIC | | cdntran | cdntran.sys(自动)
O23 - 服务: D0622BED (D0622BED) - C:/WINDOWS/System32/D0622BED.EXE -service | 2007-3-20 15:1:2 | Microsoft(R) Windows(R) Operating System | 5.2.3790.1830 | ASN.2 Runtime APIs | (C) Microsoft Corporation. All rights reserved. | 5.2.3790.1830 | Microsoft Corporation| ?| ?| ?(自动)
O23 - 服务: MOBILL (Windows Install Helper) - C:/WINDOWS/SYSTEM32/RUNDLL2000.EXE C:/WINDOWS/SYSTEM32/WBEM/OZCJI.DLL,Export 1087(自动)
O23 - 服务: Navoct () - C:/WINDOWS/System32/svchost.exe -k netsvcs -> C:/Program Files/iesnap/navoct.dll | 2007-3-12 10:28:46 | NAVOCT | 1, 0, 1, 1 | NAVOCT Module | Copyright 2006 | 1, 0, 1, 1 | | | NAVOCT | NAVOCT.DLL(自动)
O23 - 服务: Net Event (Net Event) - C:/WINDOWS/system32/netevent.exe | 2007-3-20 10:46:44(自动)
O23 - 服务: NPF (Netgroup Packet Filter) - System32/DRIVERS/npf.sys | WinPcap Netgroup Packet Filter Driver | 3, 1, 0, 27 | npf | Copyright ? 2005 CACE Technologies. Copyright ? 2003-2005 NetGroup, Politecnico di Torino. | 3, 1, 0, 27 | CACE Technologies | | NPF + TME | npf.sys(手动)
O23 - 服务: pxyk (Std pxyk Service) - C:/WINDOWS/System32/rundll32.exe C:/PROGRA~1/hptc/usdp.dll,Service -s(自动)
O23 - 服务: REM0TEREGISTRY (REM0TE REGISTRY) - C:/WINDOWS/system/REM0REG.EXE | 2007-3-20 10:45:38(自动)
O23 - 服务: WebPrint (WebPrint) - c:/windows/system32/webprint.exe | 2007-3-20 15:7:20 | Microsoft Web Printer | 5.2600.2180 | Microsoft Web Printer | C) Microsoft Corporation. All rights reserved. | 5.2600.2180 | Microsoft Corporation| ? | WEBPNT | WEBPNT.EXE(自动)
O23 - 服务: Windows Login (Windows Login) - C:/WINDOWS/System32/mslogin.exe | 2007-3-20 10:46:38(自动)
O24 - [] - {A6011F8F-A7F8-49AA-9ADA-49127D43138F} = C:/Program Files/Common Files/Microsoft Shared/MSINFO/NewInfo.rxk
O24 - [] - {754FB7D8-B8FE-4810-B363-A788CD060F1F} = C:/Program Files/Internet Explorer/PLUGINS/SystemKb.sys
O24 - [] - {99F1D023-7CEB-4586-80F7-BB1A98DB7602} = C:/Program Files/Internet Explorer/IEXPLORE.Sys
O24 - [] - {FEB94F5A-69F3-4645-8C2B-9E71D270AF2E} = C:/Program Files/Internet Explorer/IEXPLORE.Dat
O24 - [] - {923509F1-45CB-4EC0-BDE0-1DED35B8FD60} = C:/Program Files/Internet Explorer/IEXPLORE.win
***************************
Logfile of HijackThis v1.99.1
Scan saved at 18:20:11, on 2007-3-20
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:/WINDOWS/System32/SVCH0ST.EXE
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:/PROGRA~1/一起搜/tbu08947/tbhelper.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe realshed.exe
F2 - REG:system.ini: UserInit=C:/WINDOWS/system32/userinit.exe,rundll32.exe C:/WINDOWS/System32/winsys16_070319.dll start
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:/Program Files/Common Files/CPUSH/cpush.dll
O2 - BHO: CNNIC 网络工具Drag - {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} - C:/PROGRA~1/CNNIC/Cdn/cdndrag.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:/Documents and Settings/All Users/Application Data/Microsoft/PCTools/pctools.dll
O2 - BHO: (no name) - {5B02EBA1-EFDD-477D-A37F-05383165C9C0} - (no file)
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:/PROGRA~1/CNNIC/Cdn/cdnforie.dll
O2 - BHO: IEExt Class - {634539A8-7FA8-45E2-8DC3-253AF98548A1} - C:/WINDOWS/system/MFS0FT.DLL
O2 - BHO: 实用搜索 - {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} - C:/Program Files/superutilbar/superutilbar.dll
O2 - BHO: mslogin linker - {74BC093A-540E-4340-897B-4653A8EB2F47} - C:/WINDOWS/System32/mslink/mslink.dll
O2 - BHO: SysShellKernel - {E04B27AA-3973-4D68-8F42-B7C2FC8C6CF7} - C:/WINDOWS/System32/SysShellKernel.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:/PROGRA~1/CNNIC/Cdn/wmhlpr.dll
O2 - BHO: TBSB04694 - {F943309C-4AF4-4D85-8064-FD20184B99EA} - C:/PROGRA~1/一起搜/tbu08947/cneqiso.dll (file missing)
O3 - Toolbar: 实用搜索工具条2.0 - {03465FF5-00AE-411a-9C34-960ED566EC03} - C:/Program Files/superutilbar/superutilbar.dll
O3 - Toolbar: 一起搜 - {5558D3F3-87EB-4335-BE71-C6E8E468D166} - C:/Program Files/一起搜/tbu08947/cneqiso.dll (file missing)
O4 - HKLM/../Run: [System] C:/Program Files/Common Files/System/Updaterun.exe
O4 - HKLM/../Run: [CdnCtr] C:/Program Files/CNNIC/Cdn/cdnup.exe
O4 - HKLM/../Run: [load] C:/WINDOWS/uninstall/rundl132.exe
O4 - HKLM/../Run: [wtsttrs] C:/WINDOWS/wtsttrs.exe
O4 - HKLM/../Run: [cmdbgcs] C:/WINDOWS/cmdbgcs.exe
O4 - HKLM/../Run: [mppds] C:/WINDOWS/mppds.exe
O4 - HKLM/../Run: [msccrt] C:/WINDOWS/msccrt.exe
O4 - HKLM/../Run: [mhs3] C:/WINDOWS/mhs3.exe
O4 - HKLM/../Run: [cmdbcs] C:/WINDOWS/cmdbcs.exe
O4 - HKLM/../Run: [upxdnd] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/TIMPLATF0RM.exe
O4 - HKLM/../Run: [wgs3] C:/WINDOWS/wgs3.exe
O4 - HKLM/../Run: [wsttrs] C:/WINDOWS/wsttrs.exe
O4 - HKLM/../Run: [FYNEWS] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/sl.exe
O4 - HKLM/../Run: [spoel] C:/Program Files/Internet Explorer/spoel.exe
O4 - HKCU/../Run: [ST0RMSetEx] C:/WINDOWS/System32/rundll32.exe C:/WINDOWS/system/AV1CAP.dll,Run
O4 - HKCU/../Run: [svc] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/byetmr.exe
O4 - HKCU/../Run: [ravshell] C:/WINDOWS/System32/SVCH0ST.EXE
O4 - HKCU/../Run: [uv4vmwwc0] C:/WINDOWS/servicea.exe
O4 - HKCU/../Run: [miie7b7y1t51my] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/winlog0n.exe
O4 - HKCU/../Run: [r9k5] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/iexpl0re.exe
O4 - HKCU/../Run: [hvygr0xm] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/Servere.exe
O4 - HKCU/../Run: [v55rkqmt6qgx4] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/crasos.exe
O4 - HKCU/../Run: [c7kx] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/rundl132.exe
O4 - HKCU/../Run: [e5dms3e6] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/c0nime.exe
O4 - HKCU/../Run: [1hg1t6] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/iexp1ore.exe
O4 - HKCU/../Run: [2969suv11ri9] C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/cftmon.exe
O4 - Global Startup: WanSo.lnk = ?
O8 - Extra context menu item: 访问通用网址 - C:/Program Files/CNNIC/Cdn/cnnic.htm
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:/Program Files/Thunder Network/Thunder/Thunder.exe
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:/PROGRA~1/CNNIC/Cdn/cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:/PROGRA~1/CNNIC/Cdn/cdnforie.dll
O10 - Unknown file in Winsock LSP: c:/windows/system32/cdnns.dll
O11 - Options group: [CDNCLIENT] 中文上网
O21 - SSODL: nvwi - {D0A6302C-859C-471E-9082-6B865C0ACAA2} - C:/PROGRA~1/muvh/nvwi.dll
O23 - Service: 7A04BC6 - Unknown owner - C:/WINDOWS/System32/7A04BC6.EXE (file missing)
O23 - Service: D0622BED - Unknown owner - C:/WINDOWS/System32/D0622BED.EXE (file missing)
O23 - Service: sdhcvs (edfscv) - Unknown owner - C:/WINDOWS/System32/fgdfsdf.exe (file missing)
O23 - Service: KXAgent Service (KXAgentService) - SmartDove - C:/Program Files/LLJAgent/KXAgentS.exe
O23 - Service: Net Event - Unknown owner - C:/WINDOWS/system32/netevent.exe
O23 - Service: REM0TE REGISTRY (REM0TEREGISTRY) - Unknown owner - C:/WINDOWS/system/REM0REG.EXE
O23 - Service: Messaging (Remote Procedure) - Unknown owner - C:/WINDOWS/system32/explorcr.exe
O23 - Service: Service Transaction Provisioning (Transaction_Service) - Unknown owner - C:/WINDOWS/System32/explorer.exe
O23 - Service: Windows Login - Unknown owner - C:/WINDOWS/System32/mslogin.exe
O23 - Service: Windows Management Instrumentation Driver (WMID) - Unknown owner - C:/WINDOWS/System32/wmid.exe