狗狗静电BBS - wwW.DoGGiEhoMe.CoM » 电脑全方位 Computer Guide » about.Brontok.A 求救啊    请帮忙!!
本页主题: about.Brontok.A 求救啊    请帮忙!! 打印 | 加为IE收藏 | 复制链接 | 收藏主题 | 上一主题 | 下一主题

zhaohaha
级别: 咿呀学语


精华: 0
发帖: 3
威望: 2 点
金钱: 7 静电币
支持度: 0 点
在线时间:0(小时)
注册时间:2006-04-04
最后登录:2006-04-04

 about.Brontok.A 求救啊    请帮忙!!

hijackthis的分析报告,请指教



Logfile of HijackThis v1.99.1
Scan saved at 11:01:13, on 2006-4-4
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\atievxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\oemuser\Local Settings\Application Data\winlogon.exe
C:\Documents and Settings\oemuser\Local Settings\Application Data\winlogon.exe
C:\WINDOWS\system32\conime.exe
C:\Documents and Settings\oemuser\Local Settings\Application Data\services.exe
C:\Documents and Settings\oemuser\Local Settings\Application Data\services.exe
C:\Documents and Settings\oemuser\Local Settings\Application Data\lsass.exe
C:\Documents and Settings\oemuser\Local Settings\Application Data\lsass.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Huawei-3Com\H3C 802.1X Client\Dot1XClient.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\system32\ping.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\system32\ping.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\oemuser\LOCALS~1\Temp\Rar$EX00.967\HijackThis.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v4.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: Router Layer - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} - C:\WINDOWS\System32\aclayer.dll (file missing)
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\ElnorB.exe"
O4 - HKLM\..\RunOnce: [Rav] "C:\Program Files\Rising\Rav\Update\Setup.exe" -REMOVEFOLDER
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\oemuser\Local Settings\Application Data\smss.exe"
O4 - Startup: Sunhay.lnk = ?
O4 - Startup: Empty.pif = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: 易趣购物 - {DE607143-AC19-423e-860A-0D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {DE607143-AC19-423e-860A-0D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Win32 Classes -
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C24D34C3-98A9-45B3-9167-F42DF4092FA1}: NameServer = 202.200.144.3

[p:4]
Posted: 2006-04-04 11:28 | [楼 主]
冰湖小生
生前何必久睡, 死后自会长眠
级别: 论坛版主


精华: 0
发帖: 1120
威望: 401 点
金钱: 557 静电币
支持度: 11496 点
在线时间:200(小时)
注册时间:2005-05-27
最后登录:2011-11-25

 

可疑进程有:
C:\WINDOWS\system32\atievxx.exe
C:\Documents and Settings\oemuser\Local Settings\Application Data\winlogon.exe
C:\Documents and Settings\oemuser\Local Settings\Application Data\services.exe
C:\Documents and Settings\oemuser\Local Settings\Application Data\lsass.exe
C:\WINDOWS\system32\ping.exe

可以确定是中了病毒,请使用杀毒工具在安全模式下来查杀病毒。
winlogon.exe services.exe lsass.exe三个程序名是正常的,但是,其出现的目录不对,不正常正常,这些名字的进程应该出现在System32目录下面的。
[ 此贴被冰湖小生在2006-04-08 18:06重新编辑 ]
偶尔出来吓一回人也无妨。。。
电脑有问题?到『电脑全方位』来吧!专家会给您满意的答复
Posted: 2006-04-04 23:14 | 1 楼
singularity
级别: 骑士


精华: 0
发帖: 226
威望: 88 点
金钱: 654 静电币
支持度: 0 点
在线时间:119(小时)
注册时间:2006-01-17
最后登录:2006-10-01

 

真厉害,请问是自学还是专业?
不是精华,不签名!
Posted: 2006-04-07 22:41 | 2 楼
帖子浏览记录 版块浏览记录
狗狗静电BBS - wwW.DoGGiEhoMe.CoM » 电脑全方位 Computer Guide

沪ICP备05008186号
Powered by PHPWind Styled by MagiColor