瑞星卡卡安全论坛
極鍍魅儷 - 2006-6-18 17:01:00
阿拉伯伯 - 2006-6-18 17:12:00
发个日志上来看看吧,HijackThis日志!
極鍍魅儷 - 2006-6-18 17:22:00
发什么日志。我不懂
mopery - 2006-6-18 17:43:00
参考:http://forum.ikaka.com/topic.asp?board=28&artid=8109186
極鍍魅儷 - 2006-6-18 17:52:00
| 引用: |
【mopery的贴子】参考:http://forum.ikaka.com/topic.asp?board=28&artid=8109186
........................... |
它的那个DLL文件是upfdll.dll
我的不是这个
我的是Upsrv.dll
不能用同种方法吧
極鍍魅儷 - 2006-6-18 18:14:00
| 引用: |
【mopery的贴子】参考:http://forum.ikaka.com/topic.asp?board=28&artid=8109186
........................... |
可是我的是Upsrv.dll
下载后打开没有Upsrv.dll这个选项
阿拉伯伯 - 2006-6-18 18:18:00
日志!
極鍍魅儷 - 2006-6-18 18:25:00
{0A155D3C-68E2-4215-A47A-E800A446447A} - E:\浩方对战平台\GameClient.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\upfdll.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\upfdll.dll
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {444689BB-651F-4087-8F30-CBF21CD2DC82} (MyP2T Control) - http://dial.koocall.com/new_activeX/p2t2.cab
O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_EN_XP.cab
O16 - DPF: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} - http://www.1000n.com/1000np2p/vodupdate_1.0.0.8.cab
O16 - DPF: {88734439-46D0-42C0-A13F-7E881EE550CF} (Filetran Control) - http://www.bluesky.cn/download/filetran.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O16 - DPF: {CF85459D-DFA7-4028-A065-3C6D1356DCC8} (CertInstall Control) - http://gd.chinavnet.com/CertInstall.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://www.tenpay.com/download/qqedit.cab
O23 - Service: COM+ Event - Unknown owner - C:\Program Files\HgzServer\G_Server2006.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Windows Video (VideoService) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: winaua - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\aua1\aua1.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - d:\winsock\winvnc\winvnc.exe" -service (file missing)
極鍍魅儷 - 2006-6-18 18:28:00
我的电脑里边还有什么垃圾?
阿拉伯伯 - 2006-6-18 18:31:00
前面的呢?09项以前的到哪儿去了?
極鍍魅儷 - 2006-6-18 18:32:00
是。不会是没复制上吧,
極鍍魅儷 - 2006-6-18 18:33:00
Logfile of HijackThis v1.99.1
Scan saved at 18:21:59, on 2006-6-18
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Rising\Rav\Ravmond.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Rising\Rav\RavStub.exe
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rav\Ravmon.exe
d:\program files\rising\rfw\RfwMain.exe
C:\Program Files\racer-han-cnc\racer.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\Internat.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\racer-han-cnc\RacerKp.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\浩方对战平台\GameClient.exe
D:\Program Files\WellGet\WellGet.exe
C:\Documents and Settings\Owner\桌面\ha_hijackthis_1991\HijackThis.exe
R3 - URLSearchHook: (no name) - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: HBObject Class - {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} - C:\PROGRA~1\hbclient\HBHelper.dll
O2 - BHO: SafeIE Utility - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - D:\Program Files\WellGet\safeie.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\KakaTool.dll
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [racer] C:\Program Files\racer-han-cnc\racer.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RichMedia] C:\WINDOWS\System32\Rundll32.exe "C:\PROGRA~1\hbclient\HBHelper.dll",WaitWindows
O4 - HKCU\..\Run: [Internat.exe] Internat.exe
O4 - HKCU\..\Run: [sys1] Rundll32.exe C:\WINDOWS\System32\Upsrv.dll,Run
O8 - Extra context menu item: 使用WellGet下载(&W) - D:\Program Files\WellGet\nxcatch.htm
O8 - Extra context menu item: 使用WellGet下载全部链接(&D) - D:\Program Files\WellGet\nxall.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
極鍍魅儷 - 2006-6-18 18:33:00
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\浩方对战平台\GameClient.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\upfdll.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\upfdll.dll
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {444689BB-651F-4087-8F30-CBF21CD2DC82} (MyP2T Control) - http://dial.koocall.com/new_activeX/p2t2.cab
O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_EN_XP.cab
O16 - DPF: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} - http://www.1000n.com/1000np2p/vodupdate_1.0.0.8.cab
O16 - DPF: {88734439-46D0-42C0-A13F-7E881EE550CF} (Filetran Control) - http://www.bluesky.cn/download/filetran.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O16 - DPF: {CF85459D-DFA7-4028-A065-3C6D1356DCC8} (CertInstall Control) - http://gd.chinavnet.com/CertInstall.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://www.tenpay.com/download/qqedit.cab
O23 - Service: COM+ Event - Unknown owner - C:\Program Files\HgzServer\G_Server2006.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Windows Video (VideoService) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: winaua - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\aua1\aua1.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - d:\winsock\winvnc\winvnc.exe" -service (file missing)
阿拉伯伯 - 2006-6-18 18:35:00
修复:
O10 - Unknown file in Winsock LSP: c:\windows\system32\upfdll.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\upfdll.dll
O23 - Service: COM+ Event - Unknown owner - C:\Program Files\HgzServer\G_Server2006.exe (file missing)
O23 - Service: Windows Video (VideoService) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: winaua - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\aua1\aua1.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - d:\winsock\winvnc\winvnc.exe" -service (file missing)
查找G_Server2006.DLL ,G_Server2006.exe ,G_Server2006hook.dll ,G_Server2006key.dll 这四个文件,找到后删除.
进入注册表查找C:\Program Files\HgzServer\G_Server2006.exe,找到后删除!
極鍍魅儷 - 2006-6-18 18:38:00
哦。。。。。谢谢。正在进行中..
阿拉伯伯 - 2006-6-18 18:39:00
查找的时候记得显示隐藏的受保护的系统文件!
極鍍魅儷 - 2006-6-18 18:40:00
显示隐藏的受保护的系统文件
还是找不到
阿拉伯伯 - 2006-6-18 18:45:00
那就是没有了,应该没问题了吧!
極鍍魅儷 - 2006-6-18 18:56:00
打开网页照样有....晕..
这是怎么回事
在注册表里找到
已经删了
阿拉伯伯 - 2006-6-18 18:58:00
修复:
O4 - HKCU\..\Run: [sys1] Rundll32.exe C:\WINDOWS\System32\Upsrv.dll,Run
極鍍魅儷 - 2006-6-18 19:00:00
这个怎么修复?
阿拉伯伯 - 2006-6-18 19:04:00
在你扫出的日志中,在该项前打勾然后点修复!
極鍍魅儷 - 2006-6-18 19:05:00
哦。。我试试,不行的话一会在见。都去吃饭吧
阿拉伯伯 - 2006-6-18 19:07:00
吃过了!
極鍍魅儷 - 2006-6-18 22:00:00
还是不行啊。这瑞星也杀不了。到底怎么样才行啊。
晕了~~~
我无邪 - 2006-6-18 23:08:00
开始→运行→输入services.msc,打开“服务”→查找 Windows Video,winaua, COM+ Event→双击→启动类型→禁止→停止→应用→确定。禁止 Windows Video,winaua, COM+ Event这3个服务 (每一个逗号隔开的就是一个病毒的服务,请逐一禁用)
进入控制面版的添加删除程序中卸载,很棒小秘书(RichMedia)
请到http://forum.ikaka.com/topic.asp?board=67&artid=5188931,下载,LSPFix.exe,WinsockXPFix这两个软件
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
运行LSPFix.exe
删除
upfdll.dll
附说明一份
LSPFix.exe这个软件主要用来辅助修复HijackThis扫描发现的O10项。
使用时,请关闭所有IE界面和文件夹界面后运行LSPFix,运行后,把要修复的那一个O10项从左边转到右边,点“Finish”即可。(不过这之前,需要在“I know what I`m doing”前面打勾。)
双击我的电脑,工具,文件夹选项,查看,单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件(推荐)"复选框。在提示确定更改时,单击“是”,清除“隐藏已知文件类型的扩展名
删除
C:\WINDOWS\svchost.exe
C:\Program Files\HgzServer
C:\DOCUME~1\Owner\LOCALS~1\Temp删除这个文件夹中所有能删除的东东
C:\WINDOWS\system32\upfdll.dll
:\PROGRA~1\hbclient
C:\WINDOWS\System32\Upsrv.dll
修复后重启,如果无法上网,请运行WinsockXPFix,让它修复一下。
我无邪 - 2006-6-18 23:09:00
另外提示(C:\DOCUME~1\你的用户名\LOCALS~1\Temp就是C:\Documents and Settings\你的用户名\Local Settings\Temp,C:\PROGRA~1就是C:\ProgramFiles,C:\WINDOWS\DOWNLO~1就是C:\WINDOWS\Downloaded Program Files)
極鍍魅儷 - 2006-6-18 23:26:00
试试
極鍍魅儷 - 2006-6-18 23:29:00
控制面版的添加删除程序中,这里边没有很棒小秘书(RichMedia)
我无邪 - 2006-6-18 23:38:00
略过这个。
© 2000 - 2026 Rising Corp. Ltd.
