瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 斑主,我已将运行的日志重新传上了,希望你来看看。

1   1  /  1  页   跳转

斑主,我已将运行的日志重新传上了,希望你来看看。

斑主,我已将运行的日志重新传上了,希望你来看看。

我看过网上很多介绍杀死灰鸽子的方法,可是我都试过好多,都没有效果,比如在安全模式里杀毒、还有在注册表里删除等。可是都不管用,还是在每次重新启动电脑时,病毒照样存在,请斑主帮个忙好么?谢谢!!

附件附件:

下载次数:0
文件类型:image/pjpeg
文件大小:
上传时间:2005-9-5 22:38:27
描述:



最后编辑2005-09-06 00:28:31
分享到:
gototop
 

我再将我现在机子的进程发上来看看。


Logfile of HijackThis v1.99.1
Scan saved at 22:47:07, on 2005-9-5
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Rising\Rfw\rfwsrv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
D:\Program Files\Rising\Rfw\rfwmain.exe
D:\Program Files\Ringz Studio\Storm Downloader\StormDownloader.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\rising\rav\RsAgent.exe
D:\WINDOWS\msagent\AgentSvr.exe
D:\WINDOWS\System32\conime.exe
D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
D:\PROGRAM FILES\RISING\RAV\RavStub.exe
d:\program files\rising\rav\RAVMON.EXE
d:\program files\rising\rav\RAV.EXE
D:\Program Files\Tencent\qq\QQ.exe
D:\Program Files\Tencent\qq\QQ.exe
D:\Program Files\Tencent\qq\TIMPlatform.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Kingsoft\FastAIT 2003\FastAIT.exe
E:\155847200541134207\HijackThis.exe

R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - D:\WINDOWS\System32\xunleibho_v4.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - (no file)
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - D:\PROGRA~1\MMSASS~1\MMSASS~1.DLL (file missing)
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - D:\WINDOWS\System32\stdup.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O3 - Toolbar: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RfwMain] "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [StormCodec_Helper] "D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [MINI_BFYY] D:\Program Files\Ringz Studio\Storm Downloader\StormDownloader.exe
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe D:\WINDOWS\System32\advpack.dll,DelNodeRunDLL32 "D:\DOCUME~1\tw\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [WMC_0] RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection RegSection 128 D:\WINDOWS\inf\WMFSDK10.inf
O4 - HKLM\..\RunOnce: [WMC_1] "D:\WINDOWS\System32\logagent.exe" /RegServer
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &使用暴风下载器下载 - D:\Program Files\Ringz Studio\Storm Downloader\geturl.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\qq\AddEmotion.htm
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - D:\PROGRA~1\MMSASS~1\MMSASS~1.DLL (file missing)
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - D:\PROGRA~1\MMSASS~1\MMSASS~1.DLL (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: d:\windows\system32\sunvlsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\sunvlsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\sunvlsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\sunvlsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\sunvlsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\sunvlsp.dll
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://219.133.46.45/video/ActiveXCab/mgaxctrl.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab
O23 - Service: config - Unknown owner - D:\WINDOWS\config.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - D:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: Senver - Unknown owner - D:\WINDOWS\Server.exe
gototop
 

【回复“ttwwxiaowan”的帖子】
用HijackThis1.99.1扫日志贴上来。
gototop
 

【回复“baohe”的帖子】
你看看上面的是么?
重新贴上的
gototop
 

【回复“ttwwxiaowan”的帖子】

O4 - HKLM\..\RunOnce: [WMC_0] RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection RegSection 128 D:\WINDOWS\inf\WMFSDK10.inf
O4 - HKLM\..\RunOnce: [WMC_1] "D:\WINDOWS\System32\logagent.exe" /RegServer

这两项没见过,不知道是什么。
——————————————

O23 - Service: Senver - Unknown owner - D:\WINDOWS\Server.exe

O23 - Service: config - Unknown owner - D:\WINDOWS\config.exe

两只木马。可能是鸽子,也可能是别的。建议:找到D:\WINDOWS\Server.exe和D:\WINDOWS\config.exe,打包传上来。

——————————————

如果你没安装代理程序,请用LSPxpFIX修复O10项。
gototop
 

我还是个最菜最菜的那种,搞了半天,打不到包.
真是对不住斑主了.
gototop
 
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT