backdoor.Pcshare.f病毒怎么才能杀干净?每次开机检查都有,并且每次显示清除成功,但还反反复复的,好烦人啊!
请斑竹回复!

请问上传的日志文件要用什么格式的？

引用:

【coolhahaye的贴子】backdoor.Pcshare.f病毒怎么才能杀干净?每次开机检查都有,并且每次显示清除成功,但还反反复复的,好烦人啊! 请斑竹回复! 请问上传的日志文件要用什么格式的？ ...........................

日志在:http://forum.ikaka.com/topic.asp?board=28&artid=8054246

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      9:40:24, 日期 2006-5-17
操作系统：  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\twain_32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\sfmsvc.exe
C:\WINNT\System32\sfmprint.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\RsFsa.exe
C:\WINNT\system32\RsSub.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\lserver.exe
E:\mpvodhaha\mpvod.exe
E:\mpvodhaha\VODServer.exe
E:\mpvodhaha\server\vodclientserver.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
C:\WINNT\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
E:\Program Files\TTOD\KNS5.0\TPISvr.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Rising\Rav\rav.exe
C:\WINNT\system32\wuauclt.exe
F:\ftproot\杀毒软件\update\rav2005\HijackThis1991zww.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CIEStub Class - {EBBFE27C-BDF0-11D2-BBE5-00609419F467} - C:\WINNT\system32\amcis.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [TPI40] "E:\Program Files\TTOD\KNS5.0\TPISvr.exe"
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Global Startup: 服务管理器.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - E:\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - E:\qq\SendMMS.htm
O9 - 浏览器额外的按钮: 网址大全 - {C18CB140-0BBB-11D4-8FE8-0088CC102438} - http://www.k369.com (file missing)
O9 - 浏览器额外的“工具”菜单项: 网址大全 - {C18CB140-0BBB-11D4-8FE8-0088CC102438} - http://www.k369.com (file missing)
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O15 - 添加的受信任的 IP 地址范围: http://210.37.79.3
O16 - DPF: {124C5F0D-DD02-4150-8F59-0F3E712F2BC8} (Test2 Control) - http://210.37.67.4/myocx.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://210.37.67.17/tsweb/msrdp.cab
O16 - DPF: {D43D8CE3-AE10-4872-B626-61BFC3939956} (CDTowerFileOpenOCX Control) - http://210.37.79.3:83/CDTowerFileOpenOCX.cab
O16 - DPF: {EC2AEAB7-BCA5-49A0-8A2F-0736E52A599A} (CheckPlayer Control) - http://210.37.67.4:81/CheckPlayer.cab
O16 - DPF: {F66CE3AF-9E51-4325-9878-F7F88034821E} (WebClientOCX Control) - http://210.37.79.3:83/WebClientOCX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8FCBD2D-A3EA-49A2-9AE4-9C227B64B86F}: NameServer = 210.37.79.1,202.100.192.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{F92CF26E-3032-4A3E-98D3-EA9ED0923BCE}: NameServer = 210.37.79.1,202.100.192.68
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Location Awareness Management Instrumentation (lawsvc) - Unknown owner - C:\WINNT\twain_32\svchost.exe
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: TPIProcessLogService -  - e:\program files\ttod\kns5.0_mngr\programs\tpiprocesslogservice.exe

引用:

【不言放弃的贴子】【回复“coolhahaye”的帖子】 修复 O2 - BHO: CIEStub Class - {EBBFE27C-BDF0-11D2-BBE5-00609419F467} - C:\WINNT\system32\amcis.dll 开始－－控制面板－－性能和维护－－管理工具－－服务 禁用Awareness Management Instrumentation (lawsvc) 开始－－运行 输入regedit 确定 进入注册表 展开[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] 找到后删除lawsvc文件夹 删除 C:\WINNT\system32\amcis.dll C:\WINNT\twain_32\svchost.exe ...........................

不行啊，做完后重新启动服务器，扫描内存还出现同样的提示！

引用:

【不言放弃的贴子】【回复“coolhahaye”的帖子】 不行啊，做完后重新启动服务器，扫描内存还出现同样的提示！ ...........................

http://forum.ikaka.com/topic.asp?board=28&artid=6979213
下载System Repair Engineer 2.0.12.350
导出全部日志
...........................