1   1  /  1  页   跳转

冰天雪地跪地求助

收藏
返毒大王
头像
初生襁褓狮
  • 帖子:2
  • 注册: 2005-09-12
  • 来自:
发表于: 2005-09-13 11:27 | 只看楼主 短消息 资料
字号: 1楼

冰天雪地跪地求助

看了大大们的杀灰鸽子精贴,也动手杀了,但还是不能搞定.只好发帖求助大大们了!!!
瑞星杀出来是Trojan.adclient.e和Trojan病毒。日志如下:
Logfile of HijackThis v1.99.1
Scan saved at 11:22:36, on 2005-9-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\krlmxzy.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CMAPP\Client\cmappclient.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\软件\155847200541134207\HijackThis.exe

O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\system32\rsyncmon.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll (file missing)
O3 - Toolbar: 卡卡安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RSync] C:\WINDOWS\system32\netsync.exe
O4 - HKLM\..\Run: [dl_accel] C:\Program Files\3721\Dlaccel\YDownloader.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [YDTMain.exe] C:\PROGRA~1\YDT\YDTMain.exe
O4 - HKLM\..\Run: [mjljpm18] C:\WINDOWS\system32\mjljpm18.exe
O4 - HKLM\..\Run: [krlmxzy] C:\WINDOWS\krlmxzy.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cwyxavj] c:\windows\system32\osmutog.exe
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O8 - Extra context menu item: &使用下载加速专家下载 - C:\Program Files\3721\Dlaccel\geturl.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAF9264D-4855-4152-AB40-E66901BBD37D}: NameServer = 10.202.0.9,211.90.216.130
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\CMAPP\Client\cmappmf.dll
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

最后编辑2005-09-13 11:34:30
分享到:
gototop
 
独孤豪侠
头像
横据古稀狮
  • 帖子:11896
  • 注册: 2005-08-10
  • 来自:花果山
发表于: 2005-09-13 11:34 | 短消息 资料
字号: 2楼

C:\WINDOWS\krlmxzy.EXE
O4 - HKLM\..\Run: [krlmxzy] C:\WINDOWS\krlmxzy.EXE
可能就是这个吧,你的日志怎么这么少??????
gototop
 
独孤豪侠
头像
横据古稀狮
  • 帖子:11896
  • 注册: 2005-08-10
  • 来自:花果山
发表于: 2005-09-13 11:34 | 短消息 资料
字号: 3楼

杀软报的病毒文件名和路径 是什么》?
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT