瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 我有4个杀不了的病毒 希望有高手帮忙~3Q

12   1  /  2  页   跳转

我有4个杀不了的病毒 希望有高手帮忙~3Q

我有4个杀不了的病毒 希望有高手帮忙~3Q

第一个 Trojan.PSW.QQRobber.16.f
第二个 Trojan.DL.Agent.wi
第三个 Backdoor.Gpigeon.gz
第四个 Trojan.PSW.LMir.aep
    谢谢专家帮我解决``! 谢谢啊!
最后编辑2005-11-10 20:47:49
分享到:
gototop
 

顶哦~
gototop
 

用hijackthis扫描下,把日志扫面上来.
gototop
 

Logfile of HijackThis v1.99.1
Scan saved at 23:01:45, on 2005-10-5
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\P4P\p2psvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Svcohst.EXE
C:\Program Files\Sandai\ThunderMini\ThunderMini.exe
C:\WINDOWS\System32\explorer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\rising\Rav\Rav.exe
D:\Program Files\rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\System32\wuauclt.exe
E:\Program Files\Tencent2\QQ\QQ.exe
E:\Program Files\Tencent2\QQ\TIMPlatform.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ShellExt\services.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\luichang\LOCALS~1\Temp\Rar$EX00.453\HijackThis.exe

R3 - URLSearchHook: MyURLSearchHook Class - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - C:\PROGRA~1\P4P\ToolBar.dll
O1 - Hosts: 218.7.120.87 www.wwwggg.com
O1 - Hosts: 218.7.120.87 www.1717333.com
O1 - Hosts: 218.7.120.87 www.bb999.com
O1 - Hosts: 218.7.120.87 www.5073.com
O1 - Hosts: 218.7.120.87 www.wg999.com
O1 - Hosts: 218.7.120.87 www.txwg.com
O1 - Hosts: 218.7.120.87 www.d186.com
O1 - Hosts: 218.7.120.87 www.51wg.com
O1 - Hosts: 218.7.120.87 www.77wg.com
O1 - Hosts: 218.7.120.87 www.365sky.com
O1 - Hosts: 218.7.120.87 www.gameswg.com
O1 - Hosts: 218.7.120.87 www.5dgame.com
O1 - Hosts: 218.7.120.87 www.ttee.com
O1 - Hosts: 218.7.120.87 www.comv9.com
O1 - Hosts: 218.7.120.87 www.95wg.com
O1 - Hosts: 218.7.120.87 www.jxwg.com
O1 - Hosts: 218.7.120.87 www.wgwang.com
O1 - Hosts: 218.7.120.87 www.wgxz.com
O1 - Hosts: 218.7.120.87 www.91333.com
O1 - Hosts: 218.7.120.87 www.wg86.com
O1 - Hosts: 218.7.120.87 www.skyxz.com
O1 - Hosts: 218.7.120.87 www.tywg.com
O1 - Hosts: 218.7.120.87 www.py126.com
O1 - Hosts: 218.7.120.87 www.banbancq.com
O1 - Hosts: 218.7.120.87 www.92wg.com
O1 - Hosts: 218.7.120.87 www.9wg.com
O1 - Hosts: 218.7.120.87 www.jxtool.com
O1 - Hosts: 218.7.120.87 www.wg-xz.com
O1 - Hosts: 218.7.120.87 www.7ywg.com
O1 - Hosts: 218.7.120.87 www.hahawg.com
O1 - Hosts: 218.7.120.87 www.comv8.com
O1 - Hosts: 218.7.120.87 www.andown.com
O1 - Hosts: 218.7.120.87 www.gm169.com
O1 - Hosts: 218.7.120.87 www.wgshop.com
O1 - Hosts: 218.7.120.87 www.wolvip.com
O1 - Hosts: 218.7.120.87 www.9csf.com
O1 - Hosts: 218.7.120.87 www.mir222.com
O1 - Hosts: 218.7.120.87 www.py999.com
O1 - Hosts: 218.7.120.87 www.pycq.com
O1 - Hosts: 218.7.120.87 www.newpy.com
O1 - Hosts: 218.7.120.87 www.py173.com
O1 - Hosts: 218.7.120.87 www.wggame.com
O1 - Hosts: 218.7.120.87 www.wgzzz.com
O1 - Hosts: 218.7.120.87 www.117799.com
O1 - Hosts: 218.7.120.87 www.wgsky.com
O1 - Hosts: 218.7.120.87 www.wg00.com
O1 - Hosts: 218.7.120.87 www.wg8.com
O1 - Hosts: 218.7.120.87 www.wgx8.com
O1 - Hosts: 218.7.120.87 www.139wg.com
O1 - Hosts: 218.7.120.87 www.wgdd.com
O1 - Hosts: 218.7.120.87 www.lxwg.com
O1 - Hosts: 218.7.120.87 www.ly888.com
O1 - Hosts: 218.7.120.87 www.heiyun.com
O1 - Hosts: 218.7.120.87 www.mir888.com
O1 - Hosts: 218.7.120.87 www.chiyue.com
O1 - Hosts: 218.7.120.87 www.waigua8.com
O1 - Hosts: 218.7.120.87 www.wwwggg.net
O1 - Hosts: 218.7.120.87 www.1717333.net
O1 - Hosts: 218.7.120.87 www.bb999.net
O1 - Hosts: 218.7.120.87 www.5073.net
O1 - Hosts: 218.7.120.87 www.wg999.net
O1 - Hosts: 218.7.120.87 www.txwg.net
O1 - Hosts: 218.7.120.87 www.d186.net
O1 - Hosts: 218.7.120.87 www.51wg.net
O1 - Hosts: 218.7.120.87 www.77wg.net
O1 - Hosts: 218.7.120.87 www.365sky.net
O1 - Hosts: 218.7.120.87 www.gameswg.net
O1 - Hosts: 218.7.120.87 www.5dgame.net
O1 - Hosts: 218.7.120.87 www.ttee.net
O1 - Hosts: 218.7.120.87 www.comv9.net
O1 - Hosts: 218.7.120.87 www.95wg.net
O1 - Hosts: 218.7.120.87 www.jxwg.net
O1 - Hosts: 218.7.120.87 www.wgwang.net
O1 - Hosts: 218.7.120.87 www.wgxz.net
O1 - Hosts: 218.7.120.87 www.91333.net
O1 - Hosts: 218.7.120.87 www.wg86.net
O1 - Hosts: 218.7.120.87 www.skyxz.net
O1 - Hosts: 218.7.120.87 www.tywg.net
O1 - Hosts: 218.7.120.87 www.py126.net
O1 - Hosts: 218.7.120.87 www.banbancq.net
O1 - Hosts: 218.7.120.87 www.92wg.net
O1 - Hosts: 218.7.120.87 www.9wg.net
O1 - Hosts: 218.7.120.87 www.jxtool.net
O1 - Hosts: 218.7.120.87 www.wg-xz.net
O1 - Hosts: 218.7.120.87 www.7ywg.net
O1 - Hosts: 218.7.120.87 www.hahawg.net
O1 - Hosts: 218.7.120.87 www.comv8.net
O1 - Hosts: 218.7.120.87 www.andown.net
O1 - Hosts: 218.7.120.87 www.gm169.net
O1 - Hosts: 218.7.120.87 www.wgshop.net
O1 - Hosts: 218.7.120.87 www.wolvip.net
O1 - Hosts: 218.7.120.87 www.9csf.net
O1 - Hosts: 218.7.120.87 www.mir222.net
O1 - Hosts: 218.7.120.87 www.py999.net
O1 - Hosts: 218.7.120.87 www.pycq.net
O1 - Hosts: 218.7.120.87 www.newpy.net
O1 - Hosts: 218.7.120.87 www.py173.net
O1 - Hosts: 218.7.120.87 www.wggame.net
O1 - Hosts: 218.7.120.87 www.wgzzz.net
O1 - Hosts: 218.7.120.87 www.117799.net
O1 - Hosts: 218.7.120.87 www.wgsky.net
gototop
 

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v5.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F57} - C:\WINDOWS\System32\THUNDE~1.DLL
O2 - BHO: CPub Object - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\Program Files\Tencent2\QQ\QQIEHelper.dll
O2 - BHO: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O3 - Toolbar: 捜狗直通车 - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} - C:\PROGRA~1\P4P\ToolBar.dll
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [thunder_mini] C:\Program Files\Sandai\ThunderMini\ThunderMini.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\System32\SHELLEXT\services.exe
O4 - HKLM\..\Run: [explorer.exe] C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [VikaClient] "C:\Program Files\VIKA\vkclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: 腾讯QQ.lnk = E:\Program Files\Tencent2\QQ\QQ.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: !搜一搜 - res://C:\WINDOWS\DOWNLO~1\CnsMinEx.dll/1003
O8 - Extra context menu item: &使用迅雷下载 - F:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - F:\Program Files\Sandai Technologies Inc\Thunder\getAllurl.htm
O8 - Extra context menu item: &使用迷你迅雷下载 - C:\Program Files\Sandai\ThunderMini\geturl.htm
O8 - Extra context menu item: 使用搜狗直通车下载 - C:\PROGRA~1\P4P\dl.htm
O8 - Extra context menu item: 发送图片到手机 - C:\PROGRA~1\P4P\cx.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\Tencent2\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent2\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\Tencent2\QQ\SendMMS.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_qmacro_64020 (file missing)
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\浩方对战平台\GameClient.exe
O9 - Extra button: 迅雷 - {1FBA04EE-3024-11D2-8F1F-000019796948}} - F:\Program Files\Sandai Technologies Inc\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 迅雷 - {1FBA04EE-3024-11D2-8F1F-000019796948}} - F:\Program Files\Sandai Technologies Inc\Thunder\Thunder.exe
O9 - Extra button: 唯刊.VIKA - {2BB49E59-100F-4ca6-9127-E0E3FF76F98E} - C:\Program Files\VIKA\vkclient.exe.lnk (file missing)
O9 - Extra 'Tools' menuitem: 唯刊.VIKA - {2BB49E59-100F-4ca6-9127-E0E3FF76F98E} - C:\Program Files\VIKA\vkclient.exe.lnk (file missing)
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: SoQ - {8F67DCF3-B1DF-4A39-A787-3775784BF737} - http://www.soq.com (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent2\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent2\QQ\QQ.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\Program Files\Tencent2\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\Program Files\Tencent2\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O11 - Options group: [TBH] QQ地址栏搜索
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://bbsky.wuhan.net.cn/plugin/PowerPlr.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/136bb9760d8093cb0116/netzip/RdxIE601_cn.cab
O16 - DPF: {DF6FE46D-1D23-4668-AD3A-CDEA1262B282} (PowerDld Control) - http://bbsky.wuhan.net.cn/plugin/PowerDld.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{CABC11C1-B0DC-4615-9223-6E7C13E008F8}: NameServer = 202.103.0.68 202.103.24.68
O20 - AppInit_DLLs: C:\WINDOWS\System32\SoDAHK.DLL
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\P4P\p2psvr.exe
O23 - Service: Tortable Media Serial Number (TmSasv) - Unknown owner - C:\WINDOWS\Svcohst.EXE

gototop
 

修复01所有项目
gototop
 

C:\WINDOWS\Svcohst.EXE
C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\System32\SHELLEXT\services.exe
O4 - HKLM\..\Run: [explorer.exe] C:\WINDOWS\System32\explorer.exe
以上有问题.

O23 - Service: Tortable Media Serial Number (TmSasv) - Unknown owner - C:\WINDOWS\Svcohst.EXE
是鸽子
查杀灰鸽子步骤:请参照baohe斑竹的查杀“灰鸽子2005”的一点建议
http://forum.ikaka.com/topic.asp?board=28&artid=6202404


gototop
 

O23 - Service: Tortable Media Serial Number (TmSasv) - Unknown owner - C:\WINDOWS\Svcohst.EXE鸽子
修复所有01项
C:\WINDOWS\System32\explorer.exe
C:\WINDOWS\Svcohst.EXE
O4 - HKLM\..\Run: [explorer.exe] C:\WINDOWS\System32\explorer.exe修复
鸽子按照下帖查杀http://forum.ikaka.com/topic.asp?board=28&artid=6202404



下面这两个好像也有问题~~~~O4 - HKLM\..\Run: [services] C:\WINDOWS\System32\SHELLEXT\services.exe
C:\WINDOWS\system32\ShellExt\services.exe
搜狗是你自己装的吗,如果不是修复所有的关于P4P的项,

还有这个是什么,你重装显卡驱动的吗?(也不对啊,驱动应该在system里啊,,,晕啊~~~)
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

你的杀软呢,防火墙呢,怎么在服务里没看到,
你不会裸机上网的吧???
gototop
 

不知道哦
  没开防火墙
  太麻烦了  总是弹出小框框
gototop
 

哎    看不懂``!
  不知道怎么搞
gototop
 
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT