大家看看这个winsysupd11.exe等等一系列病毒是怎么回事啊？ - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛大家看看这个winsysupd11.exe等等一系列病毒是怎么回事啊？

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

大家看看这个winsysupd11.exe等等一系列病毒是怎么回事啊？

白色的猫初生襁褓狮帖子:5 注册: 2006-02-27 来自:	发表于： 2006-02-27 13:45 \| 只看楼主短消息资料字号：小中大 1楼大家看看这个winsysupd11.exe等等一系列病毒是怎么回事啊？一连接到网络就自动下载诸如drsmartload1.exe， gotya.exe， installerwebnex.exe， winsysban11.exe，gimmygames11.exe，winsysupd11.exe等等一堆乱七八糟的东西，我上网查了一下杀毒方法，如下：安全模式下删除 C:\windows\winsysupd.exe C:\WINDOWS\winsysban.exe ：(系统)C:\WINDOWS\system32\q0rq0a95ed.dll（正常模式下看不到此文件）需要打开查看系统文件的选项前两个都没问题，但是我在安全模式下，并且打开了显示系统文件和隐藏文件，却找不到那个q0rq0a95ed.dll文件，再正常启动的话还是要下载一堆这样的东西，请问到底应该怎么做啊？ 2006-02-27 14:40:15
白色的猫初生襁褓狮帖子:5 注册: 2006-02-27 来自:	分享到：

不言放弃社区嘉宾帖子:30678 注册: 2004-09-17 来自:蓝色星球	发表于： 2006-02-27 13:47 \| 短消息资料字号：小中大 2楼 http://forum.ikaka.com/topic.asp?board=28&artid=6979213 下载HIJACKTHIS 导出日志
不言放弃社区嘉宾帖子:30678 注册: 2004-09-17 来自:蓝色星球

白色的猫初生襁褓狮帖子:5 注册: 2006-02-27 来自:	发表于： 2006-02-27 14:07 \| 只看楼主短消息资料字号：小中大 3楼 Logfile of HijackThis v1.99.1 Scan saved at 14:10:18, on 2006-2-27 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINNT\system32\drivers\CDAC11BA.EXE C:\WINNT\System32\svchost.exe C:\WINNT\iexpress.exe C:\Program Files\Network Monitor\netmon.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\RunDLL32.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe c:\winsysban11.exe C:\WINNT\Explorer.EXE C:\Program Files\Rising\Rav\RavTask.exe C:\Program Files\Rising\Rav\Ravmon.exe G:\MyIE2\MyIE.exe C:\WINNT\system32\waywky.exe c:\winsysban11.exe C:\WINNT\system32\NOTEPAD.EXE C:\WINNT\system32\cmd.exe C:\WINNT\system32\FTP.EXE H:\K\software\Anti Virus Army\HijackThis.exe R3 - URLSearchHook: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINNT\system32\diybar2\diybar2.dll O1 - Hosts: localhost 127.0.0.1 O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v13.dll O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file) O2 - BHO: Link Filter - {4022F902-ABC7-4C79-924F-BB26F1D355A2} - C:\WINNT\system32\diybar2\diybar2.dll O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINNT\DH.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll O3 - Toolbar: 天下搜索 - {56A7DC70-E102-4408-A34A-AE06FEF01586} - (no file) O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINNT\system32\diybar2\diybar2.dll O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm O9 - Extra button: (no name) - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - C:\WINNT\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Link Filter - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - C:\WINNT\system32\shdocvw.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int12.exe O16 - DPF: {038318E8-0C2D-4DF5-A7AF-B4FB373F501E} (HBHelper.HBActivex) - http://download.henbang.net/download/updatelist/helper.cab O16 - DPF: {28E0FA88-ABA8-4937-A247-3031F1A11165} (Installer Class) - http://pi.51.net/download/diybar2.cab O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=5071 O16 - DPF: {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} (photo_uploader Control) - http://upload.photo.163.com/photoup.cab O16 - DPF: {C14D003A-DA41-4FEE-8204-62A94EAA29D1} (GLWebAvt Control) - http://bbs.ourgame.com/image/GLWebAvt.cab O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab O16 - DPF: {EF248BC9-F17D-4024-8868-71A5D22C667C} (Hbact.HbactObject) - http://download.henbang.net/download/updatelist/hap111.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4251B902-568C-4018-847E-7EA07DB6DBB9}: NameServer = 85.255.115.116 85.255.112.169 O17 - HKLM\System\CCS\Services\Tcpip\..\{D58FA1A0-925D-4E06-9F8F-D0E14392D95A}: NameServer = 85.255.115.116,85.255.112.169 O20 - Winlogon Notify: IPConfTSP - C:\WINNT\ O20 - Winlogon Notify: Welcome - C:\WINNT\ O20 - Winlogon Notify: winevl32 - winevl32.dll (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Dmmlogpiudi - VERITAS Software Corp. - (no file) O23 - Service: Express Internet Explorer (Internet Explorer) - Unknown owner - C:\WINNT\iexpress.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
白色的猫初生襁褓狮帖子:5 注册: 2006-02-27 来自:

不言放弃社区嘉宾帖子:30678 注册: 2004-09-17 来自:蓝色星球	发表于： 2006-02-27 14:19 \| 短消息资料字号：小中大 4楼结束如下进程： C:\WINNT\iexpress.exe c:\winsysban11.exe C:\WINNT\system32\waywky.exe c:\winsysban11.exe C:\WINNT\system32\cmd.exe C:\WINNT\system32\FTP.EXE 修复 R3 - URLSearchHook: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINNT\system32\diybar2\diybar2.dll O2 - BHO: Link Filter - {4022F902-ABC7-4C79-924F-BB26F1D355A2} - C:\WINNT\system32\diybar2\diybar2.dll O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINNT\DH.dll O3 - Toolbar: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINNT\system32\diybar2\diybar2.dll O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll O23 - Service: Express Internet Explorer (Internet Explorer) - Unknown owner - C:\WINNT\iexpress.exe 卸载 C:\Program Files\TheSearchAccelerator 删除 C:\Program Files\TheSearchAccelerator文件夹 C:\WINNT\iexpress.exe c:\winsysban11.exe C:\WINNT\system32\waywky.exe C:\WINNT\system32\diybar2文件夹 C:\WINNT\DH.dll
不言放弃社区嘉宾帖子:30678 注册: 2004-09-17 来自:蓝色星球

白色的猫初生襁褓狮帖子:5 注册: 2006-02-27 来自:	发表于： 2006-02-27 14:23 \| 只看楼主短消息资料字号：小中大 5楼请问一下你说的修复那些应该怎么操作啊？需要用什么软件么？修复： R3 - URLSearchHook: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINNT\system32\diybar2\diybar2.dll O2 - BHO: Link Filter - {4022F902-ABC7-4C79-924F-BB26F1D355A2} - C:\WINNT\system32\diybar2\diybar2.dll O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINNT\DH.dll O3 - Toolbar: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINNT\system32\diybar2\diybar2.dll O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll O23 - Service: Express Internet Explorer (Internet Explorer) - Unknown owner - C:\WINNT\iexpress.exe
白色的猫初生襁褓狮帖子:5 注册: 2006-02-27 来自:

不言放弃社区嘉宾帖子:30678 注册: 2004-09-17 来自:蓝色星球	发表于： 2006-02-27 14:40 \| 短消息资料字号：小中大 6楼【回复“白色的猫”的帖子】直接使用HIJACKTHIS来修复在待修复的选项前打勾然后点击修复按纽
不言放弃社区嘉宾帖子:30678 注册: 2004-09-17 来自:蓝色星球

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT