瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 还请版主大侠帮忙啊~!~!人命关天啊~!

1   1  /  1  页   跳转

还请版主大侠帮忙啊~!~!人命关天啊~!

收藏
rourou12
头像
初生襁褓狮
  • 帖子:41
  • 注册: 2005-10-12
  • 来自:
发表于: 2006-04-17 14:45 | 只看楼主 短消息 资料
字号: 1楼

还请版主大侠帮忙啊~!~!人命关天啊~!

HijackThis_815汉化版扫描日志 V1.99.1
保存于      14:48:01, 日期 2006-4-17
操作系统:  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器:    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程:         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\JAVA\Tools\cvsnt\cvsservice.exe
C:\JAVA\Tools\cvsnt\cvslock.exe
C:\WINNT\SYSTEM32\RUNDLL32.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\msdtc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Rundll32.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINNT\system32\RUNDLL32.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\ctfmon.exe
D:\program files\ActiveSync\WCESCOMM.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINNT\system32\conime.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\RUNDLL32.exe
C:\WINNT\system32\taskmgr.exe
F:\4842302005817230232\HijackThis1991zww.exe

R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll (file missing)
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper200647_8888.dll
O2 - BHO: QuickBtn - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} - C:\Program Files\CoolWebsite\QuickLink.dll
O2 - BHO: Zhongsou Browser Helper - {2A0176FE-008B-4706-90F5-BBA532A49731} - C:\Program Files\SearchNet\SNHpr.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\3721\Assist\Angling.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: BHelper - {8A4280AD-9B37-4922-A51D-73F3C3A32AF7} - C:\WINNT\system32\msibm\cfsbho.dll
O2 - BHO: NewWeb Controller - {9ACEEE30-143F-471A-AA45-72B061FE7D60} - C:\WINNT\system32\WinSC.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\downlo~1\CnsHook.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE工具栏增项: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\BitComet\BitCometBar\BitCometBar0.3.dll
O3 - IE工具栏增项: 捜狗直通车 - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} - C:\Program Files\P4P\ToolBar.dll
O3 - IE工具栏增项: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O4 - 启动项HKLM\\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [supdate2.dll] RUNDLL32.EXE C:\WINNT\system32\supdate2.dll,Run
O4 - 启动项HKLM\\Run: [mscfs] RUNDLL32 C:\WINNT\system32\msibm\cfsys.dll,cfs
O4 - 启动项HKLM\\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - 启动项HKLM\\Run: [SearchNet_Up] "C:\Program Files\SearchNet\ServeUp.exe"
O4 - 启动项HKLM\\Run: [helper.dll] C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - 启动项HKLM\\Run: [CnsMin] Rundll32.exe C:\WINNT\downlo~1\CnsMin.dll,Rundll32
O4 - 启动项HKLM\\Run: [Update] C:\Program Files\Common Files\UPDAT\Update.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\program files\ActiveSync\WCESCOMM.EXE"
O4 - Startup: 腾讯QQ珊瑚虫版.lnk = C:\Program Files\Tencent\QQ\CoralQQ.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: IE-BAR.lnk = C:\WINNT\system32\rundll32.exe
O4 - Global Startup: 服务管理器.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - IE右键菜单中的新增项目: + Offline &Explorer: Download the link - file://D:\Program Files\Offline Explorer Pro\Add_UrlO.htm
O8 - IE右键菜单中的新增项目: + Offline E&xplorer: Download the current page - file://D:\Program Files\Offline Explorer Pro\Add_AllO.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用搜狗直通车下载 - C:\Program Files\P4P\dl.htm
O8 - IE右键菜单中的新增项目: 使用网文快捕保存 - D:\Program Files\WebCatcher\script\savex.htm
O8 - IE右键菜单中的新增项目: 使用网文快捕保存当前网页 - D:\Program Files\WebCatcher\script\save.htm
O8 - IE右键菜单中的新增项目: 使用网文快捕保存选中部分 - D:\Program Files\WebCatcher\script\savesel.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - E:\工具\超级无敌FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - E:\工具\超级无敌FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - 浏览器额外的“工具”菜单项: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - 浏览器额外的按钮: 实用网址导航 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\CoolWebsite\QuickLink.dll
O9 - 浏览器额外的按钮: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\program files\ActiveSync\inetrepl.dll
O9 - 浏览器额外的“工具”菜单项: 创建移动收藏... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\program files\ActiveSync\inetrepl.dll
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - 浏览器额外的按钮: 使用网文快捕保存当前网页 - {0246d4c7-57d6-41eb-ae55-cc9a883929da} - D:\Program Files\WebCatcher\script\save.htm (HKCU)
O9 - 浏览器额外的按钮: 使用网文快捕保存 - {0246d4c7-57d6-41eb-ae55-cc9a883929db} - D:\Program Files\WebCatcher\script\savex.htm (HKCU)
O9 - 浏览器额外的按钮: (no name) - {0246d4c7-57d6-41eb-ae55-cc9a883929dc} - D:\Program Files\WebCatcher\script\save.htm (HKCU)
O9 - 浏览器额外的“工具”菜单项: 使用网文快捕保存当前网页 - {0246d4c7-57d6-41eb-ae55-cc9a883929dc} - D:\Program Files\WebCatcher\script\save.htm (HKCU)
O9 - 浏览器额外的按钮: (no name) - {0246d4c7-57d6-41eb-ae55-cc9a883929dd} - D:\Program Files\WebCatcher\script\savex.htm (HKCU)
O9 - 浏览器额外的“工具”菜单项: 使用网文快捕保存 - {0246d4c7-57d6-41eb-ae55-cc9a883929dd} - D:\Program Files\WebCatcher\script\savex.htm (HKCU)
O9 - 浏览器额外的按钮: (no name) - {0246d4c7-57d6-41eb-ae55-cc9a883929de} - D:\Program Files\WebCatcher\WebCatcher.exe (HKCU)
O9 - 浏览器额外的“工具”菜单项: 运行网文快捕 - {0246d4c7-57d6-41eb-ae55-cc9a883929de} - D:\Program Files\WebCatcher\WebCatcher.exe (HKCU)
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O11 - Options group: [CDNCLIENT]  中文上网
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126855871375
O17 - HKLM\System\CCS\Services\Tcpip\..\{393097C2-FAF5-44A0-AE57-3F38776C5002}: NameServer = 202.102.134.68,202.102.128.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8883C73-F5B9-4680-84F4-EB8B51F2970B}: NameServer = 218.56.57.58
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - NT 服务: CVSNT (CVS) - GNU - C:\JAVA\Tools\cvsnt\cvsservice.exe
O23 - NT 服务: CVSNT Locking Service (CVSLock) - Unknown owner - C:\JAVA\Tools\cvsnt\cvslock.exe
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - NT 服务: P4P Service - Sohu.com Inc. - C:\Program Files\P4P\p2psvr.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: Apache Tomcat (Tomcat5) - Unknown owner - C:\JAVA\Tools\Tomcat 4.1\bin\tomcat5.exe" //RS//Tomcat5 (file missing)

日志如上,还请帮忙!
最后编辑2006-04-17 15:56:39
分享到:
gototop
 
不言放弃
头像
社区嘉宾
  • 帖子:30678
  • 注册: 2004-09-17
  • 来自:蓝色星球
发表于: 2006-04-17 15:27 | 短消息 资料
字号: 2楼

【回复“rourou12”的帖子】
修复
R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll (file missing)
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper200647_8888.dll
O2 - BHO: QuickBtn - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} - C:\Program Files\CoolWebsite\QuickLink.dll
O2 - BHO: Zhongsou Browser Helper - {2A0176FE-008B-4706-90F5-BBA532A49731} - C:\Program Files\SearchNet\SNHpr.dll
O2 - BHO: BHelper - {8A4280AD-9B37-4922-A51D-73F3C3A32AF7} - C:\WINNT\system32\msibm\cfsbho.dll
O2 - BHO: NewWeb Controller - {9ACEEE30-143F-471A-AA45-72B061FE7D60} - C:\WINNT\system32\WinSC.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O4 - 启动项HKLM\\Run: [supdate2.dll] RUNDLL32.EXE C:\WINNT\system32\supdate2.dll,Run
O4 - 启动项HKLM\\Run: [mscfs] RUNDLL32 C:\WINNT\system32\msibm\cfsys.dll,cfs
O4 - 启动项HKLM\\Run: [SearchNet_Up] "C:\Program Files\SearchNet\ServeUp.exe"
O4 - 启动项HKLM\\Run: [Update] C:\Program Files\Common Files\UPDAT\Update.exe
O4 - Global Startup: IE-BAR.lnk = C:\WINNT\system32\rundll32.exe

卸载
C:\Program Files\CoolWebsite\
C:\Program Files\SearchNet\
C:\Program Files\Deskadtop\

删除
C:\Program Files\CoolWebsite\
C:\Program Files\SearchNet\
C:\Program Files\Deskadtop\
C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper200647_8888.dll
C:\WINNT\system32\WinSC.dll
RUNDLL32.EXE C:\WINNT\system32\supdate2.dll
C:\Program Files\Common Files\UPDAT\

C:\WINNT\system32\msibm\cfsbho.dll
是傲迅浏览器辅助流氓插件
具体操作参考
http://forum.ikaka.com/topic.asp?board=28&artid=7948848

C:\Program Files\SearchNet\是中搜流氓
具体操作参考:

1、重启进入安全模式

2、在注册表中删除如下注册表项目:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

SearchNet_Up --> ["C:\Program Files\SearchNet\ServeUp.exe"]

CdnCtr --> ["C:\Program Files\SearchNet\ServeUp.exe"]

3、重启到安全模式下运行searchnet目录中的uninstall,输入其验证码,则删除了该目录中的文件(除UNINSTALL外)

4、再删除uninstall,接着删SEARCHNET目录

5、删除如下文件:
C:\WINNT\system32\ServeHost.exe
C:\WINNT\system32\SeedServ.exe

6、重启回到正常模式,使用防毒软件对系统进行全盘扫描
gototop
 
rourou12
头像
初生襁褓狮
  • 帖子:41
  • 注册: 2005-10-12
  • 来自:
发表于: 2006-04-17 15:56 | 只看楼主 短消息 资料
字号: 3楼

非常感谢
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT