瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 谁帮帮我下非常急 我中招了 郁闷啊~!

12   2  /  2  页   跳转

谁帮帮我下非常急 我中招了 郁闷啊~!

收藏
lh22397908
头像
拙长孩提狮
  • 帖子:81
  • 注册: 2005-12-18
  • 来自:
发表于: 2007-03-13 15:16 | 显示全部 短消息 资料
字号: 11楼


6.02.3104.0
Microsoft Corporation
Microsoft (R) C++ Runtime Library
2006-07-10 08:00:00

schannel.dll
0x767c0000
C:\WINDOWS\system32\schannel.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
TLS / SSL Security Provider
2006-07-10 08:00:00

CRYPT32.dll
0x765e0000
C:\WINDOWS\system32\crypt32.dll
5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Crypto API32
2006-07-10 08:00:00

wdigest.dll
0x742e0000
C:\WINDOWS\system32\wdigest.dll
5.1.2600.2874 (xpsp_sp2_gdr.060323-1516)
Microsoft Corporation
Microsoft Digest Access
2006-03-24 12:39:46
gototop
 
lh22397908
头像
拙长孩提狮
  • 帖子:81
  • 注册: 2005-12-18
  • 来自:
发表于: 2007-03-13 15:16 | 显示全部 短消息 资料
字号: 12楼



rsaenh.dll
0xffd0000
C:\WINDOWS\system32\rsaenh.dll
5.1.2600.2161 (xpsp.040706-1629)
Microsoft Corporation
Microsoft Enhanced Cryptographic Provider
2006-07-10 08:00:00

nwprovau.dll
0x5f300000
C:\WINDOWS\system32\nwprovau.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Client Service for NetWare Provider and Authentication Package DLL
2006-07-10 08:00:00

setupapi.dll
0x76060000
C:\WINDOWS\system32\setupapi.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows Setup API
2006-07-10 08:00:00

scecli.dll
0x74370000
C:\WINDOWS\system32\scecli.dll
gototop
 
lh22397908
头像
拙长孩提狮
  • 帖子:81
  • 注册: 2005-12-18
  • 来自:
发表于: 2007-03-13 15:16 | 显示全部 短消息 资料
字号: 13楼


5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows Security Configuration Editor Client Engine
2006-07-10 08:00:00

ipsecsvc.dll
0x74340000
C:\WINDOWS\system32\ipsecsvc.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows IPSec SPD Server DLL
2006-07-10 08:00:00

AUTHZ.dll
0x77fe0000
C:\WINDOWS\system32\authz.dll
5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)
Microsoft Corporation
Authorization Framework
2005-03-03 02:10:05

oakley.DLL
0x73ed0000
C:\WINDOWS\system32\oakley.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Oakley Key Manager
2006-07-10 08:00:00
gototop
 
lh22397908
头像
拙长孩提狮
  • 帖子:81
  • 注册: 2005-12-18
  • 来自:
发表于: 2007-03-13 15:18 | 显示全部 短消息 资料
字号: 14楼

最主要的就是这个里面全部是这个进程30多个没个暂用资源
1BM-3BM
[sobar.exe]
PID = 0x15a0
CommandLine = C:\WINDOWS\system32\sobar.exe
sobar.exe
0x400000
C:\WINDOWS\system32\sobar.exe



2007-02-13 15:15:58

ntdll.dll
0x7c920000
C:\WINDOWS\system32\ntdll.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
NT Layer DLL
2006-07-10 08:00:00

kernel32.dll
0x7c800000
C:\WINDOWS\system32\kernel32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows NT BASE API Client DLL
2006-07-10 08:00:00

USER32.dll
0x77d10000
C:\WINDOWS\system32\user32.dll
5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)
Microsoft Corporation
Windows XP USER API Client DLL
2005-03-03 02:10:05

GDI32.dll
0x77ef0000
C:\WINDOWS\system32\gdi32.dll
5.1.2600.2818 (xpsp_sp2_gdr.051228-1427)
Microsoft Corporation
GDI Client DLL
2005-12-29 10:56:04

SHELL32.dll
0x7d590000
C:\WINDOWS\system32\shell32.dll
6.00.2900.2869 (xpsp_sp2_gdr.060316-1512)
Microsoft Corporation
Windows Shell Common Dll
2006-03-17 12:04:41

ADVAPI32.dll
0x77da0000
C:\WINDOWS\system32\advapi32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Advanced Windows 32 Base API
2006-07-10 08:00:00

RPCRT4.dll
0x77e50000
C:\WINDOWS\system32\rpcrt4.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Remote Procedure Call Runtime
2006-07-10 08:00:00

msvcrt.dll
0x77be0000
C:\WINDOWS\system32\msvcrt.dll
7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows NT CRT DLL
2006-07-10 08:00:00

SHLWAPI.dll
0x77f40000
C:\WINDOWS\system32\shlwapi.dll
6.00.2900.2904 (xpsp_sp2_gdr.060509-0218)
Microsoft Corporation
Shell Light-weight Utility Library
2006-05-10 13:25:08

COMCTL32.dll
0x77180000
C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
6.0 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
User Experience Controls Library
2006-07-10 08:00:00

ole32.dll
0x76990000
C:\WINDOWS\system32\ole32.dll
5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)
Microsoft Corporation
Microsoft OLE for Windows
2005-07-26 12:39:50

VERSION.dll
0x77bd0000
C:\WINDOWS\system32\version.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Version Checking and File Installation Libraries
2006-07-10 08:00:00

IMM32.DLL
0x76300000
C:\WINDOWS\system32\imm32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows XP IMM32 API Client DLL
2006-07-10 08:00:00

LPK.DLL
0x62c20000
C:\WINDOWS\system32\lpk.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Language Pack
2006-07-10 08:00:00

USP10.dll
0x73fa0000
C:\WINDOWS\system32\usp10.dll
1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Uniscribe Unicode script processor
2006-07-10 08:00:00

cdnforie.dll
0x10000000
C:\Program Files\CNNIC\Cdn\cdnforie.dll
2, 1, 0, 3
CNNIC
CdnForIE
2007-03-13 12:56:12

OLEAUT32.dll
0x770f0000
C:\WINDOWS\system32\oleaut32.dll
5.1.2600.2180
Microsoft Corporation

2006-07-10 08:00:00

WININET.dll
0x76680000
C:\WINDOWS\system32\wininet.dll
6.00.2900.2904 (xpsp_sp2_gdr.060509-0218)
Microsoft Corporation
Internet Extensions for Win32
2006-05-10 13:25:08

CRYPT32.dll
0x765e0000
C:\WINDOWS\system32\crypt32.dll
5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Crypto API32
2006-07-10 08:00:00

MSASN1.dll
0x76db0000
C:\WINDOWS\system32\msasn1.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
ASN.1 Runtime APIs
2006-07-10 08:00:00

xjkwqd16.dll
0xb30000
C:\WINDOWS\system32\xjkwqd16.dll
1, 1, 1, 1002


2006-07-10 08:00:00

MFC42.DLL
0x73d30000
C:\WINDOWS\system32\mfc42.dll
6.02.4131.0
Microsoft Corporation
MFCDLL Shared Library - Retail Version
2006-07-10 08:00:00

NETAPI32.dll
0x5fdd0000
C:\WINDOWS\system32\netapi32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Net Win32 API DLL
2006-07-10 08:00:00

MFC42LOC.DLL
0x61be0000
C:\WINDOWS\system32\mfc42loc.dll
6.00.8665.0
Microsoft Corporation
MFC Language Specific Resources
2006-07-10 08:00:00
gototop
 
lh22397908
头像
拙长孩提狮
  • 帖子:81
  • 注册: 2005-12-18
  • 来自:
发表于: 2007-03-13 15:22 | 显示全部 短消息 资料
字号: 15楼

进程里面有35个左右[sobar.exe]这个进程
每个占用资源1BM-3BM
gototop
 
lh22397908
头像
拙长孩提狮
  • 帖子:81
  • 注册: 2005-12-18
  • 来自:
发表于: 2007-03-13 15:28 | 显示全部 短消息 资料
字号: 16楼

扫描出来的日志
-----------------------
Logfile of HijackThis v1.99.1
Scan saved at 15:15:26, on 2007-3-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
c:\recycle\svohost.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\桌面\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,c:\recycle\svohost.exe hrun "%1"
O2 - BHO: MyLoader Class - {09BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38} - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEMDATA\qGKenW04hE_2040.dll
O2 - BHO: MyFavor Web - {5537AA9F-7FE5-40E1-AEC7-D3B7E01FCA73} - C:\WINDOWS\system32\MyFavor32.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: 实用搜索 - {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} - C:\Program Files\superutilbar\superutilbar.dll
O2 - BHO: browser Class - {C86488AF-13D5-4FEF-9DDF-9FB88698CFC1} - C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\xW6sprP9kc_2040.dll
O3 - Toolbar: 实用搜索工具条2.0 - {03465FF5-00AE-411a-9C34-960ED566EC03} - C:\Program Files\superutilbar\superutilbar.dll
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [System] C:\Program Files\Common Files\System\Updaterun.exe
O4 - HKLM\..\Run: [wdfmgr32] C:\WINDOWS\system32\wdfmgr32.exe
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [zdvtuv60] %systemroot%\system32\Rundll32.exe "%systemroot%\system32\zdvtuv60.dll",Start
O4 - HKLM\..\Run: [mwpbog07] %systemroot%\system32\Rundll32.exe "%systemroot%\system32\mwpbog07.dll",Start
O4 - HKLM\..\Run: [xjkwqd16] %systemroot%\system32\Rundll32.exe "%systemroot%\system32\xjkwqd16.dll",Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用超级旋风下载 - C:\Program Files\Tencent\QQDownload\geturl.htm
O8 - Extra context menu item: &使用超级旋风下载全部链接 - C:\Program Files\Tencent\QQDownload\getAllurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra 'Tools' menuitem: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra button: 雅虎WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O11 - Options group: [CDNCLIENT]  中文上网
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BD8187C-9502-4356-87D3-B800390B75B6}: NameServer = 61.128.128.68 61.128.192.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BD8187C-9502-4356-87D3-B800390B75B6}: NameServer = 61.128.128.68 61.128.192.68
O18 - Protocol: qyl - {C79BF22F-25C4-4D3D-8183-14149EAB9C0C} - C:\WINDOWS\system32\qylprotocol.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\WINDOWS\webwork\webwork.dll (file missing)
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
gototop
 
lh22397908
头像
拙长孩提狮
  • 帖子:81
  • 注册: 2005-12-18
  • 来自:
发表于: 2007-03-14 11:05 | 显示全部 短消息 资料
字号: 17楼

banzhu 能帮我解决下吗斑竹  没人管啊
gototop
 
lh22397908
头像
拙长孩提狮
  • 帖子:81
  • 注册: 2005-12-18
  • 来自:
发表于: 2007-03-14 11:06 | 显示全部 短消息 资料
字号: 18楼

没有人管吗  板主可以帮我解决下吗 教我下怎么解决这个问题啊
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT