瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 帮我看下报告...感觉电脑有点问题了
嘿嘿臭蛋 - 2006-2-5 17:59:00
Logfile of HijackThis v1.99.1
Scan saved at 17:51:53, on 2006-2-5
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\internat.exe
C:\WINDOWS\system32\mspps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ServiceP.exe
D:\QQ资料包\QQ.exe
D:\QQ资料包\TIMPlatform.exe
F:\超级兔子\winspeed.exe
F:\HijackThis.exe

O2 - BHO: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - F:\超级兔子\HaokanBar.dll
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\PROGRA~1\Kingsoft\FASTAI~1\IEBand.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - F:\超级兔子\HaokanBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Thunder] ; "F:\上网助手\新建文件夹\ThunderShell.exe" /s
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [mspps.exe] C:\WINDOWS\system32\mspps.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: 腾讯QQ.lnk = ?
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\QQ资料包\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\QQ资料包\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\QQ资料包\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\QQ资料包\SendMMS.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ资料包\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ资料包\QQ.EXE
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DE511C7-8E44-422B-AEBD-686E87B4DD0C}: NameServer = 211.98.4.1 211.98.2.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{D510E58D-5B91-4BC3-82BC-0C6466589E16}: NameServer = 202.103.176.22,202.103.176.28
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DE511C7-8E44-422B-AEBD-686E87B4DD0C}: NameServer = 211.98.4.1 211.98.2.4
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceP - Unknown owner - C:\WINDOWS\system32\ServiceP.exe

天使之剑 - 2006-2-5 19:45:00
【回复“嘿嘿臭蛋”的帖子】



请楼主使用下面的两个多引擎扫描器扫描下列文件:
C:\WINDOWS\system32\mspps.exe
C:\WINDOWS\system32\ServiceP.exe
多引擎扫描之Virustotal:

http://www.virustotal.com/
多引擎扫描之Jotti:

http://virusscan.jotti.org/


请务必将报告贴全。
嘿嘿臭蛋 - 2006-2-6 20:18:00
This is a report processed by VirusTotal on 02/06/2006 at 13:17:41 (CET) after scanning the file "ServiceP.exe" file.
Antivirus Version Update Result
AntiVir 6.33.0.81 02.06.2006 no virus found
Avast 4.6.695.0 02.04.2006 no virus found
AVG 718 02.04.2006 no virus found
Avira 6.33.0.81 02.06.2006 no virus found
BitDefender 7.2 02.06.2006 no virus found
CAT-QuickHeal 8.00 02.04.2006 no virus found
ClamAV devel-20060126 02.06.2006 no virus found
DrWeb 4.33 02.06.2006 no virus found
eTrust-InoculateIT 23.71.69 02.05.2006 no virus found
eTrust-Vet 12.4.2066 02.06.2006 no virus found
Ewido 3.5 02.06.2006 Trojan.Agent.jv
Fortinet 2.54.0.0 02.06.2006 no virus found
F-Prot 3.16c 02.04.2006 no virus found
Ikarus 0.2.59.0 02.06.2006 no virus found
Kaspersky 4.0.2.24 02.06.2006 no virus found
McAfee 4689 02.03.2006 no virus found
NOD32v2 1.1394 02.05.2006 no virus found
Norman 5.70.10 02.06.2006 no virus found
Panda 9.0.0.4 02.06.2006 Suspicious file
Sophos 4.02.0 02.06.2006 no virus found
Symantec 8.0 02.06.2006 no virus found
TheHacker 5.9.3.091 02.06.2006 no virus found
UNA 1.83 02.03.2006 no virus found
VBA32 3.10.5 02.06.2006 no virus found



VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
嘿嘿臭蛋 - 2006-2-6 20:22:00
a
This is a report processed by VirusTotal on 02/06/2006 at 13:22:40 (CET) after scanning the file "mspps.exe" file.
Antivirus Version Update Result
AntiVir 6.33.0.81 02.06.2006 no virus found
Avast 4.6.695.0 02.04.2006 no virus found
AVG 718 02.04.2006 Generic.OIM
Avira 6.33.0.81 02.06.2006 no virus found
BitDefender 7.2 02.06.2006 no virus found
CAT-QuickHeal 8.00 02.04.2006 no virus found
ClamAV devel-20060126 02.06.2006 no virus found
DrWeb 4.33 02.06.2006 no virus found
eTrust-InoculateIT 23.71.69 02.05.2006 no virus found
eTrust-Vet 12.4.2066 02.06.2006 no virus found
Ewido 3.5 02.06.2006 Trojan.Agent.jv
Fortinet 2.54.0.0 02.06.2006 W32/Delf.QC!tr
F-Prot 3.16c 02.04.2006 no virus found
Ikarus 0.2.59.0 02.06.2006 Trojan.Win32.Delf.QC
Kaspersky 4.0.2.24 02.06.2006 Trojan.Win32.Delf.qc
McAfee 4689 02.03.2006 no virus found
NOD32v2 1.1394 02.05.2006 no virus found
Norman 5.70.10 02.06.2006 no virus found
Panda 9.0.0.4 02.06.2006 no virus found
Sophos 4.02.0 02.06.2006 no virus found
Symantec 8.0 02.06.2006 no virus found
TheHacker 5.9.3.091 02.06.2006 Trojan/Delf.qc
UNA 1.83 02.03.2006 Trojan.Win32.Delf
VBA32 3.10.5 02.06.2006 suspected of Trojan.Agent.38



VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
嘿嘿臭蛋 - 2006-2-6 20:28:00
Service load:  0%        100% 

File:  mspps.exe 
Status:  INFECTED/MALWARE 
MD5  47bad69428d0b8fd4b7e341a967827a1 
Packers detected:  -
Scanner results 
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found Generic.OIM 
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
Fortinet  Found W32/Delf.QC!tr 
Kaspersky Anti-Virus  Found Trojan.Win32.Delf.qc 
NOD32  Found nothing
Norman Virus Control  Found nothing
UNA  Found Trojan.Win32.Delf 
VBA32  Found Trojan.Agent.38 (probable variant) 
 
嘿嘿臭蛋 - 2006-2-6 20:32:00
File:  ServiceP.exe 
Status:  INCONCLUSIVE (scan still in progress)
MD5  ace84ab61e4b665ff488af4a2e84f47e 
Packers detected:  Analyzing...
Scanner results 
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Scanning, please wait...
ClamAV  Scanning, please wait...
Dr.Web  Scanning, please wait...
F-Prot Antivirus  Scanning, please wait...
Fortinet  Scanning, please wait...
Kaspersky Anti-Virus  Scanning, please wait...
NOD32  Scanning, please wait...
Norman Virus Control  Scanning, please wait...
UNA  Scanning, please wait...
VBA32  Scanning, please wait...
 
魔法学徒 - 2006-2-7 0:17:00
开始→控制面板→性能和维护→管理工具→服务→查找ServiceP→右击→属性→启动类型→禁止→应用→停止→确定。

重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows

运行Hijackthis,扫描结束后在下列选项前打上勾,然后选修复“Fix Checked”:

O4 - HKLM\..\Run: [mspps.exe] C:\WINDOWS\system32\mspps.exe

显示隐藏文件

双击我的电脑--工具---文件夹选项--查看选项卡--单击选取"显示隐藏文件或文件夹"--清除"隐藏受保护的操作系统文件(推荐)"复选框。在提示您确定更改时,单击“是”--单击“确定”。

然后找到如下文件并删除(如果有的话)。

C:\WINDOWS\system32\mspps.exe
C:\WINDOWS\system32\ServiceP.exe
嘿嘿臭蛋 - 2006-2-8 19:21:00
我把它按停止的时候出现了一个框
说无法终止这个服务
那我还在不在安全模式那里删它啊??
魔法学徒 - 2006-2-9 0:03:00
那就在安全模式下中止服务试试
嘿嘿臭蛋 - 2006-2-9 18:24:00
我已经把它在安全模式那里删了
为什么在服务那里还看见它啊
它说已禁用了
是不是没问题了??
嘿嘿臭蛋 - 2006-2-9 18:36:00
Logfile of HijackThis v1.99.1
Scan saved at 18:36:04, on 2006-2-9
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\QQ资料包\QQ.exe
D:\QQ资料包\TIMPlatform.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\HijackThis.exe

O2 - BHO: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - F:\超级兔子\HaokanBar.dll
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\PROGRA~1\Kingsoft\FASTAI~1\IEBand.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - F:\超级兔子\HaokanBar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Thunder] ; "F:\上网助手\新建文件夹\ThunderShell.exe" /s
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [mspps.exe] ; C:\WINDOWS\system32\mspps.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Super Rabbit IEPro] ; F:\超级兔子\SRIECLI.EXE /LOAD
O4 - HKCU\..\Run: [Super Rabbit Desktop Search] ; F:\超级兔子\srsearch.exe
O4 - Startup: 腾讯QQ.lnk = ?
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\QQ资料包\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\QQ资料包\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\QQ资料包\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\QQ资料包\SendMMS.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ资料包\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ资料包\QQ.EXE
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DE511C7-8E44-422B-AEBD-686E87B4DD0C}: NameServer = 211.98.4.1 211.98.2.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{D510E58D-5B91-4BC3-82BC-0C6466589E16}: NameServer = 202.103.176.22,202.103.176.28
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DE511C7-8E44-422B-AEBD-686E87B4DD0C}: NameServer = 211.98.4.1 211.98.2.4
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

嘿嘿臭蛋 - 2006-2-9 18:40:00
感觉机真的有问题
网速和机速真的比以前慢很多了
我知道这是网络供应商的问题还有新年网速是卡了一点
但是这种情况不是一时的了
是有2个月了
以前我发贴说机速和网速慢
你们说是网络不稳定啊..还是什么什么的
现在真的是有的问题了
麻烦你们看看日志了

月下积雪 - 2006-2-9 19:02:00
您可以重启到安全模式下 其实按扫描报告说的您应该升级一下杀软对系统进行扫描
修复
O4 - HKLM\..\Run: [mspps.exe] ; C:\WINDOWS\system32\mspps.exe
按版版说的显示隐藏文件删除C:\WINDOWS\system32\mspps.exe(如果还存在)

还有O17项的你查查是不是与您同在一个IP段(看看是不是一个地区的)不是请修复 

至于您说的网速慢和机子响应慢  你可以使用超级兔子清理一下系统
嘿嘿臭蛋 - 2006-2-9 21:15:00

听不明白你说什么啊
重启到安全模式做什么啊
扫描报告??
还有怎么升级杀软对系统??
不是很明白
嘿嘿臭蛋 - 2006-2-10 18:15:00
怎么没人回复
问题还没解决啊
月下积雪 - 2006-2-10 18:24:00
引用:
【嘿嘿臭蛋的贴子】晕
听不明白你说什么啊
重启到安全模式做什么啊
扫描报告??
还有怎么升级杀软对系统??
不是很明白
...........................


您如果不想 也可以不用去 安全模式 直接选中O4 - HKLM\..\Run: [mspps.exe] ; C:\WINDOWS\system32\mspps.exe    Fix Checked就可以了
然后您就按魔法版版说的显示隐藏文件  删除C:\WINDOWS\system32\mspps.exe(如果还存在)
我说的 扫描报告是说您用天使的两个多引擎扫描器得出的报告说您家的机子有可能感染病毒了  所以让您升级一下杀软(就是病毒库)对机子进行扫描
当然您如果Fix Checked了  没有毛病了  也不用升级杀软  的
鈊娌銤銪伱 - 2006-2-10 19:00:00
我家米有安全模式```进不去```
鈊娌銤銪伱 - 2006-2-10 19:01:00
http://forum.ikaka.com/topic.asp?board=39&artid=5255062
嘿嘿臭蛋 - 2006-2-10 21:14:00
ServiceP.exe
这个我已经在安全模式那里删了它
为什么在管理系统..服务那里见到它呢
它已经禁用了
没问题了吧??
魔法学徒 - 2006-2-10 21:29:00
引用:
【嘿嘿臭蛋的贴子】ServiceP.exe
这个我已经在安全模式那里删了它
为什么在管理系统..服务那里见到它呢
它已经禁用了
没问题了吧??
...........................

没问题,如果想彻底清除,请到注册表中搜索ServiceP,删除相关键值
1
查看完整版本: 帮我看下报告...感觉电脑有点问题了
© 2000 - 2026 Rising Corp. Ltd.