引用:

【baoduo的贴子】 这样还有吗？ 还有我用优化大师木马检测时说：                   发现InCommand木马                   位置：d:\Herosoft\HeroV8\SysExplr.EXE 在日志中也有，不明白，并且删不掉   应该怎么做啊？ ...........................

这是一个纪录键盘的，不用理他，这是豪杰的文件

多谢了
那我这里面还有别的病毒没有啊？

【回复“baoduo”的帖子】没空看了，今天玩游戏了

各位老大呀  帮小弟看看好吗?还有灰鸽子吗????
Logfile of HijackThis v1.99.1
Scan saved at 19:13:26 上午, on 2005-9-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\VM_STI.EXE
D:\应用程序\瑞星\RAV\RAVTIMER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
D:\影音播放器\暴风影音\Storm Downloader\StormDownloader.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINDOWS\system32\ctfmon.exe
D:\应用程序\ADSL超频奇兵 V3.07\ADSLx2.exe
C:\WINDOWS\system32\conime.exe
D:\应用程序\瑞星\RAV\CCENTER.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\应用程序\瑞星\RAV\Ravmond.exe
D:\应用程序\瑞星\RAV\RavStub.exe
d:\应用程序\瑞星\rav\RAVMON.EXE
F:\我的文档\新建文件夹\155847200541134207\HijackThis.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v5.dll
O2 - BHO: i&Bar搜索引擎 - {2E7D3330-EB94-4518-B0FE-E05379A5C1DA} - C:\PROGRA~1\iBar\10002\iBar.dll
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\system32\stdup.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\应τ用贸程绦序騖\NetTransport 2\NetTransport 2\NTIEHelper.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll
O3 - Toolbar: i&Bar搜索引擎 - {2E7D3330-EB94-4518-B0FE-E05379A5C1DA} - C:\PROGRA~1\iBar\10002\iBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
O4 - HKLM\..\Run: [RavTimer] D:\应用程序\瑞星\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] D:\应用程序\瑞星\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MINI_BFYY] D:\影音播放器\暴风影音\Storm Downloader\StormDownloader.exe
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: ADSL超频奇兵 V3.07.lnk = ?
O4 - Startup: 娱乐心空.lnk = C:\Program Files\yulexk\Run.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item:  >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL/mms.htm
O8 - Extra context menu item: &使用暴风下载器下载 - D:\影音播放器\暴风影音\Storm Downloader\geturl.htm
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Sandai Technologies Inc\Thunder\getAllurl.htm
O8 - Extra context menu item: 中国搜索(&Z) - C:\WINDOWS\I_SearchIE.htm
O8 - Extra context menu item: 使用影音传送带下载 - D:\应用程序\NetTransport 2\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - D:\应用程序\NetTransport 2\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: 网址大全 - {1FBA04EE-3024-11D2-8F1F-0000F87ABD18} - http://www.coc.cc (file missing)
O9 - Extra button: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - Extra button: 常用网址 - {36B39F01-7B48-44AD-A165-5849CD8EF562} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - Extra button: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - Extra 'Tools' menuitem: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - Extra button: 网际飞音 - {8E4E4123-AAC7-42CA-AF1B-68CE70B8D385} - D:\Program Files\Donor\donor.exe
O9 - Extra 'Tools' menuitem: 网际飞音(&D) - {8E4E4123-AAC7-42CA-AF1B-68CE70B8D385} - D:\Program Files\Donor\donor.exe
O9 - Extra button: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [CDNCLIENT]  中文上网
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {ABA7CC7F-019D-47DB-A0D2-B3C2B3AC1B44} (Fc2Boot Class) - http://210.51.5.80/fun/system/fc2boot.cab
O16 - DPF: {D57A1919-CB3C-461C-8F34-A87A1CD9127E} (My99Launch Control) - http://www.99lover.com/launcher/99launch_1000.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1ED76899-DA1B-435C-ADC9-83D6CAB74C36}: NameServer = 218.30.19.40 61.134.1.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{1ED76899-DA1B-435C-ADC9-83D6CAB74C36}: NameServer = 218.30.19.40 61.134.1.4
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\应用程序\瑞星\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\应用程序\瑞星\RAV\Ravmond.exe
O23 - Service: Windows Times (W32Times) - Unknown owner - C:\Program Files\Internet Explorer\PLUGINS\TIMEMAN32.EXE (file missing)

我用了论坛上的方法清除,就是不知道还有没有了?用瑞星现在是没有查出来  恳请各位老大帮忙了!!!!!!!顿首!!!!!

http://forum.ikaka.com/topic.asp?board=28&artid=6979213
第一页就有专杀灰鸽子的软件
  杀完就保准没事了

引用:

【baoduo的贴子】http://forum.ikaka.com/topic.asp?board=28&artid=6979213 第一页就有专杀灰鸽子的软件   杀完就保准没事了 ...........................

老大 我就是不懂呀  心里没有底呀!!!!所以请各位给看看呀