高考问答心灵终结2.0psiini:【进程与病毒】哪位大虾帮我看看到底是怎么回事?
来源:百度文库 编辑:高考问答 时间:2024/05/10 15:24:20
在运行任何程序的时候系统进程都会运行一串exe文件,文件名相同,都是在c:\windows\system32\下的
都删不掉,我试过了用kaspersky和木马杀客,检测不出来,用DOS引导杀,文件是删掉了,可再启动又蹦出个另外文件名的exe文件,同样目录下。
文件名大致有Glet.exe Acuvw.exe Dvazy.exe等等
大小大概只有30K~50K~但是在进程中也占了300K~2000K的内存,而且一运行就是近10个~痛苦啊~~~
实在没办法了,大虾们帮帮我
Logfile of HijackThis v1.99.1
Scan saved at 14:51:00, on 2006-6-23
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\CSU\桌面\hijackthis\HijackThis.exe
R3 - URLSearchHook: (no name) - {6575FB3E-48B8-4289-8AB4-3783B09C3902} - C:\WINDOWS\System32\Pygnj.dll
R3 - URLSearchHook: (no name) - {4E220532-61A0-489F-BE8B-4F2D9DD71A8B} - C:\WINDOWS\System32\Rtiojb.dll
R3 - URLSearchHook: (no name) - {8C166205-07BE-4BA7-8CBA-
你还是到这2个地方去看看吧,这个软件扫描出来的LOG太过专业了,
预防浏览器劫持-HijackThis的应用http://it.rising.com.cn/newSite/Channels/anti_virus/Antivirus_Faq/TopicExplorerPagePackage/hijackthis.htm
日志详解http://www.nm165.net/Article/Print.asp?ArticleID=692&Page=1
Logfile of HijackThis v1.99.1
Scan saved at 14:51:00, on 2006-6-23
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\CSU\桌面\hijackthis\HijackThis.exe
R3 - URLSearchHook: (no name) - {6575FB3E-48B8-4289-8AB4-3783B09C3902} - C:\WINDOWS\System32\Pygnj.dll
R3 - URLSearchHook: (no name) - {4E220532-61A0-489F-BE8B-4F2D9DD71A8B} - C:\WINDOWS\System32\Rtiojb.dll
R3 - URLSearchHook: (no name) - {8C166205-07BE-4BA7-8CBA-93B95F03C387} - (no file)
R3 - URLSearchHook: (no name) - {BAB88C82-BA00-4F4E-950F-5DC99BFEC880} - (no file)
R3 - URLSearchHook: (no name) - {04692ACD-1DE3-4A0D-AAFA-77C7EA342F5F} - C:\WINDOWS\System32\Ohhg.dll
R3 - URLSearchHook: (no name) - {06738CA5-7DBD-4078-8489-B9EB604BEB41} - C:\WINDOWS\System32\Vlmalg.dll
R3 - URLSearchHook: (no name) - {F82C5248-EEFB-49C7-A7E6-EEDA37B16F9D} - (no file)
R3 - URLSearchHook: (no name) - {F23EDC75-B645-4901-8D1D-46B7CB796864} - (no file)
R3 - URLSearchHook: (no name) - {79761012-8D9D-4075-B20E-95FED3D1C0B6} - (no file)
R3 - URLSearchHook: (no name) - {D50255AB-FA0E-4B9C-B1EB-F9547E83935A} - (no file)
R3 - URLSearchHook: (no name) - {3FED950A-1483-475E-9D81-9305F7B2B045} - C:\WINDOWS\System32\Sguhej.dll
R3 - URLSearchHook: (no name) - {41BA8C43-270D-4B0E-9B39-4E187DE63F26} - C:\WINDOWS\System32\Lnjl.dll
R3 - URLSearchHook: (no name) - {FFA0E5E1-325C-4630-8074-075CC0091F87} - (no file)
R3 - URLSearchHook: (no name) - {C4784BCB-EF15-4955-B282-AD8C0F54B9C9} - (no file)
R3 - URLSearchHook: (no name) - {8B8665DB-BF75-4C4D-ABEA-700DCF9E42AC} - (no file)
R3 - URLSearchHook: (no name) - {29A5BACC-FB42-44DD-B5A7-E8918DCCD321} - C:\WINDOWS\System32\Qeeyy.dll
R3 - URLSearchHook: (no name) - {22A60DBF-E7F2-4773-A926-945C622E9169} - C:\WINDOWS\System32\Ngsc.dll
R3 - URLSearchHook: (no name) - {7CB5AE9D-E6C4-4C14-8C77-73D159EE2B44} - (no file)
R3 - URLSearchHook: (no name) - {1BB0CA34-B154-436E-9241-B24C2474F1C3} - C:\WINDOWS\System32\Pvup.dll
R3 - URLSearchHook: (no name) - {7C6C0B30-8922-414D-ADBD-BFEC0A8D04AF} - (no file)
R3 - URLSearchHook: (no name) - {B4333730-3ADB-4CD9-AECF-1A983FB68743} - (no file)
R3 - URLSearchHook: (no name) - {CDB20122-9CA9-4FB9-BC6E-04756F28F327} - (no file)
R3 - URLSearchHook: (no name) - {989E07F2-EF3C-43DA-BE32-65476223B29A} - C:\WINDOWS\System32\Dzrrto.dll
R3 - URLSearchHook: (no name) - {A679BBF2-CD60-486D-8BF0-595F16DE2456} - C:\WINDOWS\System32\Aicft.dll
R3 - URLSearchHook: (no name) - {88827FE4-F2E5-44C7-BCED-DB659C8BC026} - C:\WINDOWS\System32\Nkfy.dll
R3 - URLSearchHook: (no name) - {55D7F288-C0BB-493E-A872-B85885F8D6BB} - C:\WINDOWS\System32\Txgguc.dll
R3 - URLSearchHook: (no name) - {DDB3B2E6-2BB2-46CE-80B7-3D1E5F132B33} - C:\WINDOWS\System32\Vqvczr.dll
R3 - URLSearchHook: (no name) - {3F974741-271C-4CE7-B27F-76EA34D6B69D} - C:\WINDOWS\System32\Unpwp.dll
R3 - URLSearchHook: (no name) - {94FA969E-52B7-431B-B17D-7264452AD6D0} - C:\WINDOWS\System32\Wopc.dll
R3 - URLSearchHook: (no name) - {59D17B85-B32A-46FF-8873-530CC4F7B972} - C:\WINDOWS\System32\Iqaa.dll
R3 - URLSearchHook: (no name) - {D935604B-E00B-40D9-A5A8-215F6C037E4E} - C:\WINDOWS\System32\Qtpjd.dll
R3 - URLSearchHook: (no name) - {B81BFBF5-7189-483A-9830-DDD42836B170} - C:\WINDOWS\System32\Dwiuj.dll
R3 - URLSearchHook: (no name) - {ACA07D98-BE49-4D71-B3CC-94AFDA9695A9} - C:\WINDOWS\System32\Cytoz.dll
R3 - URLSearchHook: (no name) - {53E226BA-49F4-416F-94C6-9503E4A7C394} - C:\WINDOWS\System32\Wzcryk.dll
R3 - URLSearchHook: (no name) - {F249B9A0-3CD8-413C-B3B3-BF9EF7FAEF16} - C:\WINDOWS\System32\Kllw.dll
R3 - URLSearchHook: (no name) - {F0033F0D-25E9-4726-874A-D88AD8CEB302} - C:\WINDOWS\System32\Qthgdc.dll
R3 - URLSearchHook: (no name) - {B034A3F3-E8F3-49F9-A3F3-0FC4A2C845D1} - C:\WINDOWS\System32\Gtor.dll
R3 - URLSearchHook: (no name) - {9981A82C-6DB4-4C86-8E76-BE0CF6692E84} - C:\WINDOWS\System32\Hfcy.dll
R3 - URLSearchHook: (no name) - {5D245A79-CBFC-493B-ABC2-05EF6526E331} - C:\WINDOWS\System32\Wbmh.dll
R3 - URLSearchHook: (no name) - {7A9D12FE-BD09-4361-A99F-93236A98D827} - C:\WINDOWS\System32\Wzbjyr.dll
R3 - URLSearchHook: (no name) - {98E9AC73-15B1-4D47-8112-477EF713F00A} - C:\WINDOWS\System32\Frexh.dll
R3 - URLSearchHook: (no name) - {FD23D9A4-BF4C-4971-A5AD-BF6C371F4C12} - C:\WINDOWS\System32\Qeci.dll
R3 - URLSearchHook: (no name) - {5A8E5432-7A14-42E9-A900-B57F64337B33} - C:\WINDOWS\System32\Sxaxw.dll
R3 - URLSearchHook: (no name) - {887A32F5-89D8-4525-A37F-95B79E476AEC} - C:\WINDOWS\System32\Wjzwnz.dll
R3 - URLSearchHook: (no name) - {C5210EF3-8746-4991-A6AC-0D229605D48C} - C:\WINDOWS\System32\Ufkc.dll
R3 - URLSearchHook: (no name) - {F2C5E7B0-F055-4733-B840-674442FCB3E5} - C:\WINDOWS\System32\Avzl.dll
R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
R3 - URLSearchHook: (no name) - {4469E825-1533-4407-AE2A-EAFF565892DB} - C:\WINDOWS\System32\Auxnif.dll
R3 - URLSearchHook: (no name) - {FA67A197-0095-46E1-AB54-1F2D3A433EFF} - C:\WINDOWS\System32\Rzdydg.dll
R3 - URLSearchHook: (no name) - {150010A0-850C-41F4-A36F-B71FCD63ED7C} - C:\WINDOWS\System32\Vfxk.dll
R3 - URLSearchHook: (no name) - {17DC23F0-2F9C-4341-904C-C2083EBE6901} - C:\WINDOWS\System32\Axif.dll
R3 - URLSearchHook: (no name) - {9545819F-EFC6-4F4E-A0D8-24AE04BB4512} - C:\WINDOWS\System32\Dtxnuy.dll
R3 - URLSearchHook: (no name) - {5D7A15DF-BF6B-4B43-8A1B-1B2EC44638B1} - C:\WINDOWS\System32\Dbbdo.dll
R3 - URLSearchHook: (no name) - {9B6F8884-B1A5-479E-80D7-B3473EC6BEF9} - C:\WINDOWS\System32\Blinl.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v14.dll
O2 - BHO: (no name) - {04692ACD-1DE3-4A0D-AAFA-77C7EA342F5F} - C:\WINDOWS\System32\Ohhg.dll
O2 - BHO: (no name) - {06738CA5-7DBD-4078-8489-B9EB604BEB41} - C:\WINDOWS\System32\Vlmalg.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO: (no name) - {150010A0-850C-41F4-A36F-B71FCD63ED7C} - C:\WINDOWS\System32\Vfxk.dll
O2 - BHO: (no name) - {17DC23F0-2F9C-4341-904C-C2083EBE6901} - C:\WINDOWS\System32\Axif.dll
O2 - BHO: (no name) - {1BB0CA34-B154-436E-9241-B24C2474F1C3} - C:\WINDOWS\System32\Pvup.dll
O2 - BHO: (no name) - {22A60DBF-E7F2-4773-A926-945C622E9169} - C:\WINDOWS\System32\Ngsc.dll
O2 - BHO: (no name) - {29A5BACC-FB42-44DD-B5A7-E8918DCCD321} - C:\WINDOWS\System32\Qeeyy.dll
O2 - BHO: (no name) - {4469E825-1533-4407-AE2A-EAFF565892DB} - C:\WINDOWS\System32\Auxnif.dll
O2 - BHO: (no name) - {53E226BA-49F4-416F-94C6-9503E4A7C394} - C:\WINDOWS\System32\Wzcryk.dll
O2 - BHO: (no name) - {59D17B85-B32A-46FF-8873-530CC4F7B972} - C:\WINDOWS\System32\Iqaa.dll
O2 - BHO: (no name) - {5A8E5432-7A14-42E9-A900-B57F64337B33} - C:\WINDOWS\System32\Sxaxw.dll
O2 - BHO: (no name) - {5D245A79-CBFC-493B-ABC2-05EF6526E331} - C:\WINDOWS\System32\Wbmh.dll
O2 - BHO: (no name) - {5D7A15DF-BF6B-4B43-8A1B-1B2EC44638B1} - C:\WINDOWS\System32\Dbbdo.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: (no name) - {7A9D12FE-BD09-4361-A99F-93236A98D827} - C:\WINDOWS\System32\Wzbjyr.dll
O2 - BHO: (no name) - {887A32F5-89D8-4525-A37F-95B79E476AEC} - C:\WINDOWS\System32\Wjzwnz.dll
O2 - BHO: (no name) - {9545819F-EFC6-4F4E-A0D8-24AE04BB4512} - C:\WINDOWS\System32\Dtxnuy.dll
O2 - BHO: (no name) - {98E9AC73-15B1-4D47-8112-477EF713F00A} - C:\WINDOWS\System32\Frexh.dll
O2 - BHO: (no name) - {9981A82C-6DB4-4C86-8E76-BE0CF6692E84} - C:\WINDOWS\System32\Hfcy.dll
O2 - BHO: (no name) - {9B6F8884-B1A5-479E-80D7-B3473EC6BEF9} - C:\WINDOWS\System32\Blinl.dll
O2 - BHO: (no name) - {ACA07D98-BE49-4D71-B3CC-94AFDA9695A9} - C:\WINDOWS\System32\Cytoz.dll
O2 - BHO: (no name) - {B034A3F3-E8F3-49F9-A3F3-0FC4A2C845D1} - C:\WINDOWS\System32\Gtor.dll
O2 - BHO: (no name) - {B81BFBF5-7189-483A-9830-DDD42836B170} - C:\WINDOWS\System32\Dwiuj.dll
O2 - BHO: (no name) - {C5210EF3-8746-4991-A6AC-0D229605D48C} - C:\WINDOWS\System32\Ufkc.dll
O2 - BHO: (no name) - {D935604B-E00B-40D9-A5A8-215F6C037E4E} - C:\WINDOWS\System32\Qtpjd.dll
O2 - BHO: (no name) - {F0033F0D-25E9-4726-874A-D88AD8CEB302} - C:\WINDOWS\System32\Qthgdc.dll
O2 - BHO: (no name) - {F249B9A0-3CD8-413C-B3B3-BF9EF7FAEF16} - C:\WINDOWS\System32\Kllw.dll
O2 - BHO: (no name) - {F2C5E7B0-F055-4733-B840-674442FCB3E5} - C:\WINDOWS\System32\Avzl.dll
O2 - BHO: (no name) - {FA67A197-0095-46E1-AB54-1F2D3A433EFF} - C:\WINDOWS\System32\Rzdydg.dll
O2 - BHO: (no name) - {FD23D9A4-BF4C-4971-A5AD-BF6C371F4C12} - C:\WINDOWS\System32\Qeci.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [kav] "D:\防火\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [stup1.exe] C:\PROGRA~1\TENCENT\Adplus\stup1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: &使用迷你迅雷下载 - C:\Program Files\Sandai\ThunderMini\geturl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\防火\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O11 - Options group: [TBH] 搜搜地址栏搜索
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147170891942
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - D:\防火\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\tools\Kerio\Personal Firewall 4\kpf4ss.exe
--------------------------------------------------------
?????啥一思
弄个好的杀毒软件给我杀~~