Ê× Ò³ ©ª ÎÄÕÂÖÐÐÄ ©ª ÏÂÔØÖÐÐÄ ©ª ÓéÀÖ°ËØÔ ©ª ±¾Õ¾ÂÛ̳ ©ª °ÝÈÊÁªÃË ©ª ÇòÃÔÉçÇø ©ª ²©¿ÍÈÕÖ¾ ©ª ½¨Õ¾·þÎñ ©ª ÓòÃûÇÀ×¢ ©ª ·±ówÖÐÎÄ
ÉèΪÊ×Ò³
¼ÓÈëÊÕ²Ø
ÁªÏµÎÒÃÇ
E-mail:WebMaster#fcbu.com
¡¡|  Ô´ÂëÏÂÔØ | ¹¤¾ßÏÂÔØ | ËزÄÏÂÔØ | ½Ì³ÌÏÂÔØ | ASP Ô´Âë | PHP Ô´Âë | JSP Ô´Âë | ASP ½Ì³Ì | .NET½Ì³Ì | PHP ½Ì³Ì | ·þÎñÆ÷½Ì³Ì |
¡¡|  ÍøÂç×ÊѶ | ÍøÕ¾ÔËÓª | ÍøÒ³ÖÆ×÷ | Êý ¾Ý ¿â | ÍøÂç±à³Ì | ͼÏóýÌå | ²Ù×÷ϵͳ | ÍøÂçÓ¦Óà | Èí¼þ½Ìѧ | »ð±¬Ó°ÊÓ | Îå »¨ °Ë ÃÅ|
¡¡|  µçÄÔÒ½Ôº | ϵͳ¹¥ÂÔ | Íø¹Ü¼¼Êõ | µçÄÔÓ²¼þ | Èí¼þÌìµØ | ÍøÂç֪ʶ | ÍøÒ³ÖÆ×÷ | ±à³ÌÌÖÂÛ | ×ÛºÏÎÊÌâ | Ö°³¡ÉúÑÄ | Êý Âë ÊÖ »ú|
ÔØÈëÖС­
µ±Ç°Î»ÖÃ:Õ¾³¤ÌìÏ -> µçÄÔÒ½Ôº -> ÇóÖú ÏÔʾ¡°Yourcomputer is infected¸ßÊÖÖ¸µã

ÇóÖú ÏÔʾ¡°Yourcomputer is infected¸ßÊÖÖ¸µã
×÷ÕߣºTTXS(Fcbu.Com)¡¡¡¡ À´Ô´£º»¥ÁªÍø¡¡¡¡ ·¢±íʱ¼ä£º2006-08-23¡¡¡¡
ÎÒµçÄÔ¿ª»úºó£¬ÓÖÏ»áÏÔʾºÍ¡°X¡±µÄͼ±ê£¬²¢ÏÔʾÖж¾
ÓÃHijackThisɨÃèºóÏÔʾÈçÏ£º
Logfile of HijackThis v1.99.1
Scan saved at 19:36:31, on 2006-7-10
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\sv[¼á¾ö´ò»÷¸÷ÖÖÐÎʽµÄ¹ã¸æÐÐΪ>.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\sv[¼á¾ö´ò»÷¸÷ÖÖÐÎʽµÄ¹ã¸æÐÐΪ>.exe
C:\Program Files\KV2006\KVSrvXP.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\winscntrl.exe
C:\WINNT\system32\sv[¼á¾ö´ò»÷¸÷ÖÖÐÎʽµÄ¹ã¸æÐÐΪ>.exe
C:\WINNT\system32\Rundll32.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\WINNT\system32\rundll32.exe
C:\PROGRA~1\SkyNet\Firewall\pfw.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\KV2006\KVMonXP.kxp
C:\winnt\system32\_zskdmwinxnqyksc`vn>jucsh.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\KV2006\TrojDie.kxp
c:\qjixxntx.exe
C:\Program Files\KV2006\KRegEx.exe
C:\Program Files\KV2006\UIHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\FlashGet\flashget.exe
C:\Documents and Settings\leiyuhui\×ÀÃæ\ha_hijackthis_1991\HijackThis.exe
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡¡¡ ¡¡ £¢C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe£¢
O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll
O2 - BHO: ÑÅ»¢ÖúÊÖ - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - C:\Program Files\KV2006\KvShell.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\downlo~1\CnsHook.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,µç̨(£¦R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: ÑÅ»¢ÖúÊÖ - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: £¦Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ½­Ãñɱ¶¾¹¤¾ßÀ¸ - {B5A34A93-D538-43A7-8371-864CB6148D12} - C:\Program Files\KV2006\KvShell.dll
O4 - HKLM\..\Run: [Synchronization Manager> mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray> C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds> C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP> C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX> £¢C:\Program Files\Analog Devices\SoundMAX\Smax4.exe£¢ /tray
O4 - HKLM\..\Run: [HP Component Manager> £¢C:\Program Files\HP\hpcoretech\hpcmpmgr.exe£¢
O4 - HKLM\..\Run: [HP Software Update> £¢C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe£¢
O4 - HKLM\..\Run: [YLive.exe> C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse> £¢C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe£¢
O4 - HKLM\..\Run: [CnsMin> Rundll32.exe C:\WINNT\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [IMSCMig> C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [helper.dll> C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [SKYNET Personal FireWall> C:\PROGRA~1\SkyNet\Firewall\pfw.exe
O4 - HKLM\..\Run: [TkBellExe> £¢C:\Program Files\Common Files\Real\Update_OB\realsched.exe£¢¡¡¡¡-osboot
O4 - HKLM\..\Run: [KvMonXP> £¢C:\Program Files\KV2006\KVMonXP.kxp£¢ /auto
O4 - HKLM\..\Run: [ÿ_zskxb[szfdhjtkcpnc_niwmdksz_> c:\winnt\system32\_zskdmwin_cnpcktjhdfzs[bx.exe
O4 - HKLM\..\Run: [ÿ_zskhscuj>nv`cskyqnxniwmdksz_> c:\winnt\system32\_zskdmwinxnqyksc`vn>jucsh.exe
O4 - HKLM\..\Run: [SysTray> c:\Program Files\bmllajh.exe
O4 - HKLM\..\Run: [ÿ_zsk[VZ>> C:\WINNT\system32\_zskdmwinBPKS\DXLUWV\>ZV[.exe
O4 - HKLM\..\RunServices: [ÿ_zskxb[szfdhjtkcpnc_niwmdksz_> c:\winnt\system32\_zskdmwin_cnpcktjhdfzs[bx.exe
O4 - HKLM\..\RunServices: [ÿ_zskhscuj>nv`cskyqnxniwmdksz_> c:\winnt\system32\_zskdmwinxnqyksc`vn>jucsh.exe
O4 - HKLM\..\RunServices: [ÿ_zsk[VZ>> C:\WINNT\system32\_zskdmwinBPKS\DXLUWV\>ZV[.exe
O4 - HKCU\..\Run: [KvXP> £¢C:\Program Files\KV2006\KvXP.kxp£¢ /ScanBoot
O4 - HKCU\..\Run: [ctfmon.exe> ctfmon.exe
O4 - HKCU\..\Run: [ÿ_zskxb[szfdhjtkcpnc_niwmdksz_> c:\winnt\system32\_zskdmwin_cnpcktjhdfzs[bx.exe
O4 - HKCU\..\Run: [ÿ_zskhscuj>nv`cskyqnxniwmdksz_> c:\winnt\system32\_zskdmwinxnqyksc`vn>jucsh.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: ʹÓÃÍø¼Ê¿ì³µÏÂÔØ - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: ʹÓÃÍø¼Ê¿ì³µÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Ìí¼Óµ½ÑÅ»¢¶©ÔÄ(£¦Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: ÑÅ»¢ËÑË÷ - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java ¿ØÖÆ̨ - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Yahoo 1GµçÓÊ - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - (file missing)
O9 - Extra button: Ñ°±¦ÀÖȤ¶à - {59BC54A2-56B3-44a0-93E5-432D58746E26} - (file missing)
O9 - Extra button: ÑÅ»¢ÖúÊÖ - {5D73EE86-05F1-49ed-B850-E423120EC338} - (file missing)
O9 - Extra button: Çé¾°ÁÄÌì - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - (file missing)
O9 - Extra 'Tools' menuitem: ÐÞ¸´ä¯ÀÀÆ÷ - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - (file missing)
O9 - Extra 'Tools' menuitem: ÇåÀíÉÏÍø¼Ç¼ - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - (file missing)
O11 - Options group: [!CNS>¡¡¡¡ÍøÂçʵÃû
O17 - HKLM\System\CCS\Services\Tcpip\..\{13F0D7C1-DFB8-4B66-834E-31306D1376D1}: NameServer = 202.103.0.117,202.103.24.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{13F0D7C1-DFB8-4B66-834E-31306D1376D1}: NameServer = 202.103.0.117,202.103.24.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{13F0D7C1-DFB8-4B66-834E-31306D1376D1}: NameServer = 202.103.0.117,202.103.24.68
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: KVSrvXP - Jiangmin Co. Ltd - C:\Program Files\KV2006\KVSrvXP.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Çë¸ßÊÖ°ïÎÒ¿´¿´ÊÇÄÄÀï³öÁËÎÊÌ⣬Ôõô¶Ô¸¶£¬Íò·Ö¸Ðл£¡£¡£¡£¡
[ ±¾Ìû×îºóÓÉ jxby068298 ÓÚ 2006-7-10 20:31 ±à¼­ > Ôõô¡°s v c h o s t.exe¡±ÏÔʾ³É¡°sv[¼á¾ö´ò»÷¸÷ÖÖÐÎʽµÄ¹ã¸æÐÐΪ>.exe¡±£¿£¿
Á¬×Åд¾Í±ä³ÉºóÃ棬ֻºÃÖмä¼Ó¿Õ¸ñ
[ ±¾Ìû×îºóÓÉ jxby068298 ÓÚ 2006-7-10 20:35 ±à¼­ > infected ºÃÏóÊǸÐȾµÄÒâ˼ ºÜ¶àÁ÷Ã¥Èí¼þ~½¨Òéϸö³¬¼¶ÍÃ×ÓÇåÀí~ ÀïÃæÊDz»ÊÇÓ벡¶¾Ñ½£¿ O4 - HKLM\..\Run: [ÿ_zskxb[szfdhjtkcpnc_niwmdksz_> c:\winnt\system32\_zskdmwin_cnpcktjhdfzs[bx.exe
O4 - HKLM\..\Run: [ÿ_zskhscuj>nv`cskyqnxniwmdksz_> c:\winnt\system32\_zskdmwinxnqyksc`vn>jucsh.exe
O4 - HKLM\..\Run: [SysTray> c:\Program Files\bmllajh.exe
O4 - HKLM\..\Run: [ÿ_zsk[VZ>> C:\WINNT\system32\_zskdmwinBPKS\DXLUWV\>ZV[.exe
O4 - HKLM\..\RunServices: [ÿ_zskxb[szfdhjtkcpnc_niwmdksz_> c:\winnt\system32\_zskdmwin_cnpcktjhdfzs[bx.exe
O4 - HKLM\..\RunServices: [ÿ_zskhscuj>nv`cskyqnxniwmdksz_> c:\winnt\system32\_zskdmwinxnqyksc`vn>jucsh.exe
O4 - HKLM\..\RunServices: [ÿ_zsk[VZ>> C:\WINNT\system32\_zskdmwinBPKS\DXLUWV\>ZV[.exe
O4 - HKCU\..\Run: [ÿ_zskxb[szfdhjtkcpnc_niwmdksz_> c:\winnt\system32\_zskdmwin_cnpcktjhdfzs[bx.exe
O4 - HKCU\..\Run: [ÿ_zskhscuj>nv`cskyqnxniwmdksz_> c:\winnt\system32\_zskdmwinxnqyksc`vn>jucsh.exe
ÕâЩ¶¼²»ÊǺö«Î÷£¬ÐÞ¸´É¾³ý ºÃµÄллÀ²£¬ÂíÉϽøÐÐ Ôõôɾ²»µôѽ Ô­ÌûÓÉ jxby068298 ÓÚ 2006-7-11 10:43 ·¢±í
Ôõôɾ²»µôѽ
ÒòΪÓÐÌØÊâ·ûºÅ£¬¿É½èÖúһЩǿÖÆɾ³ý¹¤¾ßµ½°²È«Ä£Ê½ÏÂɾ³ý£¬¹¤¾ßÖö¥ÌûÓУ¡ Ŷ£¬Ð»Ð»ÁË£¬ÂíÉÏÈ¥ÕÒ Ô­ÌûÓÉ ÍøÂçvsÀË×Ó ÓÚ 2006-7-11 11:01 ·¢±í
ÒòΪÓÐÌØÊâ·ûºÅ£¬¿É½èÖúһЩǿÖÆɾ³ý¹¤¾ßµ½°²È«Ä£Ê½ÏÂɾ³ý£¬¹¤¾ßÖö¥ÌûÓУ¡
Äܲ»ÄÜÍƼö1¸öѽ£¬ºÇºÇ ¶ÔÏÂÃæ³ÌÐò²»ÊìϤ½¨Òéɾ³ý
c:\qjixxntx.exe
C:\WINNT\system32\winscntrl.exe
winscntrl.exe´óС239KB£¬ÔËÐкó½«×ÔÉí¸´ÖƵ½%windir%\system32\winscntrl.exe£¬²¢´´½¨ÏÂÃæ·þÎñ£¬´ïµ½ËæϵͳÆô¶¯µÄÄ¿µÄ£º
·þÎñÃû£ºwins
ÃèÊö£ºWinsock network detection layer
·þÎñ³ÌÐò£º%windir%\system32\winscntrl.exe Ô­ÌûÓÉ ÍøÂçvsÀË×Ó ÓÚ 2006-7-11 10:31 ·¢±í
O4 - HKLM\..\Run:¡¡¡¡c:\winnt\system32\_zskdmwin_cnpcktjhdfzs[bx.exe
O4 - HKLM\..\Run: nv`cskyqnxniwmdksz_> c:\winnt\system32\_zskdmwinxnqyksc`vn>jucsh.exe
O4 - HKLM\..\Run:¡¡¡¡c:\Program Files\bmlla ...
ÎÒÓÃKILLBOXÖØÆô¶¼É¾²»µôѽ£¬¿ª»úɨÃèºó»¹ÊÇ´æÔÚ Ô­ÌûÓÉ jxby068298 ÓÚ 2006-7-11 11:48 ·¢±í
ÎÒÓÃKILLBOXÖØÆô¶¼É¾²»µôѽ£¬¿ª»úɨÃèºó»¹ÊÇ´æÔÚ
Éý¼¶·À¶¾Èí¼þ²¡¶¾¿â£¬½øÈ밲ȫģʽºó£¬³¹µ×²éɱ²¡¶¾¡£ Ô­ÌûÓÉ keeper11 ÓÚ 2006-7-11 14:29 ·¢±í
Éý¼¶·À¶¾Èí¼þ²¡¶¾¿â£¬½øÈ밲ȫģʽºó£¬³¹µ×²éɱ²¡¶¾¡£
¿ÉÊÇÎÒÓÃ10ºÅµÄKV2006²¡¶¾¿âʶ±ð²»Á˸ò¡¶¾£¬Ö»ÊÇÔÚδ֪ÀïÃæ³öÏָ߶ȿÉÒÉ£¬Ôõô°ì£¿£¿ Ôõô°ìѽ£¬ÇëÀÏ´ó´Í½ÌŶ Ô­ÌûÓÉ jxby068298 ÓÚ 2006-7-11 14:57 ·¢±í
¿ÉÊÇÎÒÓÃ10ºÅµÄKV2006²¡¶¾¿âʶ±ð²»Á˸ò¡¶¾£¬Ö»ÊÇÔÚδ֪ÀïÃæ³öÏָ߶ȿÉÒÉ£¬Ôõô°ì£¿£¿
ÓÒ»÷ɾ³ý£¡
´òÓ¡±¾ÎÄ¡¡ ·µ»Ø¶¥²¿¡¡ ¼ÓÈëÊղء¡ ¹Ø±Õ´°¿Ú
¹ã ¸æ λ ÕÐ ×â
  • ÉÏһƪ£º ¹ØÓÚÖÕ½ØÕßʵսÃâɱ°æQQ´óµÁ µÄÒÉÎÊ
  • ÏÂһƪ£º Õâ¸öÊÇʲô½ø³Ì°¡£¿
    		•
    ¹ØÓÚ±¾Õ¾ - ÍøÕ¾°ïÖú - ¹ã¸æºÏ×÷ - ÏÂÔØÉùÃ÷ - ÓÑÇéÁ¬½Ó - ÍøÕ¾µØͼ - ¹ÜÀíµÇ¼
    ÁªÏµ·½Ê½
    Copyright © 2004-2007 FCBU.Com All Rights Reserved.
    °æȨËùÓÐ:¡ºÕ¾³¤ÌìÏ¡» ÐÂÁèѶÍøÂç;±£ÁôËùÓÐȨÀû. ¸ÓICP±¸05002812