我的监空控打不开了
也升级了,修复也不行
杀毒也杀过了,还是不行!
Backdoor.Gpigeon.uql路径总是:IEXPLORE.EXE>>C:\program Files\Internet Explorer\IEXPLORE.EXE还有一个Trojan.PSW.LMir.atc总是这个 winasse.exe
每次都能杀掉。但是每次重启又有了!
以下是日志:
Logfile of HijackThis v1.99.1
Scan saved at 18:32:32, on 2006-9-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
c:\program files\rising\rfw\rfwproxy.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\windows\system32\conime.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\windows\system32\Rundll32.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\windows\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\windows\System32\svchost.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\windows\system32\inetsrv\csrss.exe
C:\Program Files\ChinaNet\VnetClient.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Downloads\248783200522382732\HijackThis.exe
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\windows\system32\Userinit.exe
O1 - Hosts: 59.34.197.239 www.baidu.com
O1 - Hosts: 59.34.197.239 baidu.com
O1 - Hosts: 59.34.197.239 www.sohu.com
O1 - Hosts: 59.34.197.239 sohu.com
O1 - Hosts: 59.34.197.239 www.sina.com
O1 - Hosts: 59.34.197.239 sina.com
O1 - Hosts: 59.34.197.239 www.sina.com.cn
O1 - Hosts: 59.34.197.239 sina.com.cn
O1 - Hosts: 59.34.197.239 www.163.com
O1 - Hosts: 59.34.197.239 163.com
O1 - Hosts: 59.34.197.239 www.google.com
O1 - Hosts: 59.34.197.239 google.com
O1 - Hosts: 59.34.197.239 www.qq.com
O1 - Hosts: 59.34.197.239 qq.com
O1 - Hosts: 59.34.197.239 www.hao123.com
O1 - Hosts: 59.34.197.239 hao123.com
O1 - Hosts: 59.34.197.239 ttlttt.com
O2 - BHO: Thunder Browser Helper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\XunLeiBHO_v12.dll
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5036.dll (file missing)
O2 - BHO: (no name) - {16B770A0-0E87-4278-B748-2460D64A8386}? - (no file)
O2 - BHO: (no name) - {4BBC1A4D-DD20-4980-A645-2E13F6FC286D} - C:\WINDOWS\system32\3721.1.dll
O2 - BHO: (no name) - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}? - (no file)
O2 - BHO: google bar - {607E95A1-8F89-4343-B9BC-2EFC2B291BB4}? - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll (file missing)
O2 - BHO: is
Object Class - {BE0B5843-553A-48C2-9A42-258A1D791AFC} - C:\PROGRA~1\pcast\hbcast.dll
O2 - BHO: (no name) - {BE0B5843-553A-48C2-9A42-258A1D791AFC}? - (no file)
O2 - BHO: Macromedia. Flash8
Object - {C61A70F3-505E-4B90-916F-627A8706B4BC} - c:\WINDOWS\system32\FlashPlayer8OCX.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll (file missing)
O3 - Toolbar: Micrsoft SearchBar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Micrsoft SearchBar\SearchBar.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [RavScanBD] "C:\Program Files\Rising\Rfw\ScanBD.exe" /INST
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RichMedia] C:\windows\system32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone 快速启动 .lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\QQ2005\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\QQ2005\AddEmotion.htm
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}? - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}? - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O9 - Extra button: 易趣购物 - {EE60714F-AC17-427e-861A-FD60CBDF119A}? - http://click2.ad4all.net/url2/urlmanage/url.asp?id=50 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {EE60714F-AC17-427e-861A-FD60CBDF119A}? - http://click2.ad4all.net/url2/urlmanage/url.asp?id=50 (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll
O11 - Options group: [CDNCLIENT] 中文上网
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan
Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{00F80BFA-69DE-4B33-819B-BF1DC29E4CC6}: NameServer = 222.88.88.88 219.150.150.150
O17 - HKLM\System\CS1\Services\Tcpip\..\{00F80BFA-69DE-4B33-819B-BF1DC29E4CC6}: NameServer = 222.88.88.88 219.150.150.150
O17 - HKLM\System\CS3\Services\Tcpip\..\{00F80BFA-69DE-4B33-819B-BF1DC29E4CC6}: NameServer = 222.88.88.88 219.150.150.150
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\system32\mlcoenjp.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ClipBook (ClipSrv) - Unknown owner - C:\WINDOWS\system32\SVCH0ST.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: System Application - Unknown owner - C:\WINDOWS\Hacker.com.cn.exe
请高手帮忙!~~谢~~~~
