1   1  /  1  页   跳转

都来帮帮我

收藏
pgvjigijhogk
头像
拙长孩提狮
  • 帖子:107
  • 注册: 2005-08-29
  • 来自:
发表于: 2006-01-12 23:43 | 只看楼主 短消息 资料
字号: 1楼

都来帮帮我

我中了4个病毒,全都在系统还原文件夹中,我用卡巴在线查毒查出的,上次版主让我关掉系统还原,我试过了,但一查还是有,我该怎么办?
这是卡巴的日志:C:\System Volume Information\_restore{BA15772D-7090-41AB-99D8-5052F8A47E9C}\RP44\A0012289.exe/data.rar/down.exe/data.rar/vip.exe  感染:Trojan-Dropper.Win32.Agent.zz  跳过 

C:\System Volume Information\_restore{BA15772D-7090-41AB-99D8-5052F8A47E9C}\RP44\A0012289.exe/data.rar/down.exe/data.rar  感染:Trojan-Dropper.Win32.Agent.zz  跳过 

C:\System Volume Information\_restore{BA15772D-7090-41AB-99D8-5052F8A47E9C}\RP44\A0012289.exe/data.rar/down.exe  感染:Trojan-Dropper.Win32.Agent.zz  跳过 

C:\System Volume Information\_restore{BA15772D-7090-41AB-99D8-5052F8A47E9C}\RP44\A0012289.exe/data.rar  感染:Trojan-Dropper.Win32.Agent.zz  跳过 

C:\System Volume Information\_restore{BA15772D-7090-41AB-99D8-5052F8A47E9C}\RP44\A0012289.exe  RarSFX: 被感染 - 4  跳过 

C:\System Volume Information\_restore{BA15772D-7090-41AB-99D8-5052F8A47E9C}\RP55\A0014619.COM  感染:EICAR-Test-File  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP170\A0042904.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP171\A0042964.dll/YDTMain.exe  感染:Trojan-Downloader.Win32.Agent.pm  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP171\A0042964.dll/ydtmain.dll  感染:Trojan-Downloader.Win32.Agent.pm  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP171\A0042964.dll  CAB: 被感染 - 2  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP171\A0042972.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP171\A0042980.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP171\A0042995.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP172\A0043005.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP180\A0043291.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP180\A0043302.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP181\A0043336.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP182\A0043366.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP183\A0043390.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP183\A0043398.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP184\A0043421.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP184\A0043448.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP184\A0044470.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP185\A0044500.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP185\A0044516.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP186\A0044541.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP186\A0044549.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP186\A0044565.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP186\A0044575.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP187\A0045586.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP187\A0046586.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP187\A0046597.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP187\A0046603.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP187\A0046610.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP187\A0046626.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP188\A0047620.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP189\A0047634.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP189\A0047684.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP189\A0047697.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP190\A0047715.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP190\A0047729.dll  感染:Trojan-Downloader.Win32.Small.bme  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP191\A0047810.dll/YDTMain.exe  感染:Trojan-Downloader.Win32.Agent.pm  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP191\A0047810.dll/ydtmain.dll  感染:Trojan-Downloader.Win32.Agent.pm  跳过 

C:\System Volume Information\_restore{BE3506B0-6960-4F50-BCCB-42885F44B210}\RP191\A0047810.dll  CAB: 被感染 - 2  跳过 
最后编辑2006-01-13 01:07:47
分享到:
gototop
 
pgvjigijhogk
头像
拙长孩提狮
  • 帖子:107
  • 注册: 2005-08-29
  • 来自:
发表于: 2006-01-12 23:46 | 只看楼主 短消息 资料
字号: 2楼

Logfile of HijackThis v1.99.1
Scan saved at 23:44:49, on 2006-1-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lenovo\TimerService\LenovoTimer.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lenovo\TimerService\TimerClient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\LocalService.NT AUTHORITY\My Documents\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R3 - Default URLSearchHook is missing
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v11.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TimerClient.exe] "C:\Program Files\Lenovo\TimerService\TimerClient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 使用超级解霸播放 - E:\1\MPURLGET.HTM
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 江民在线杀毒 - {06926B30-424E-4f1c-8EE3-543CD96573DC} - http://online.jiangmin.com/online.asp (file missing)
O9 - Extra button: 豪杰超级解霸9 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - E:\1\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸9 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - E:\1\STHSDVD.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com
O16 - DPF: _{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4613/mcfscan.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com.cn/webscanner/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (趋势科技在线扫毒程序) - http://www.trendmicro.com.cn/housecall/xscan53.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/McMySec/en-us/1,0,0,2/mcmysec.cab
O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} - http://club.jiangmin.com/kvscan/KvDown.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LenovoTimerService - Unknown owner - C:\Program Files\Lenovo\TimerService\LenovoTimer.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus 自动防护服务 (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
gototop
 
魔法学徒
头像
卡卡技术团队
  • 帖子:11465
  • 注册: 2004-10-03
  • 来自:
发表于: 2006-01-13 01:07 | 短消息 资料
字号: 3楼

关闭系统还原后,C:\System Volume Information文件夹会被清空,但是从日志上看您的系统还原并未关闭,请问您是如何操作的?
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT