发表于: 2007-05-15 11:30 | 显示全部 短消息 资料
字号: 1楼

中了VIKING,能帮我看一下日志么?

Logfile of HijackThis v1.99.1
Scan saved at 11:19:03, on 2007-05-15
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Dell\OpenManage\OMSA\bin\dcevt32.exe
C:\Program Files\Dell\OpenManage\OMSA\bin\dcstor32.exe
C:\Program Files\Rising\Rav\RAVTASK.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
d:\MICROS~1\MSSQL\binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
d:\orant\bin\oracle80.exe
d:\orant\bin\oracle80.exe
d:\orant\BIN\TNSLSNR80.EXE
d:\orant\bin\OWASTsvr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\RsFsa.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe
d:\MICROS~1\MSSQL\binn\sqlagent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\lserver.exe
C:\WINNT\System32\ups.exe
C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\system32\mqsvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
d:\orant\BIN\strtdb80.exe
d:\orant\BIN\strtdb80.exe
C:\PROGRA~1\Dell\OPENMA~1\oldiags\vendor\pcdoctor\bin\diagorb.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\atiptaxx.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Rising\AntiSpyware\runiep.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINNT\system32\RsSub.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\Program Files\Rising\Rav\RAVMON.EXE
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\conime.exe
\Lsserver\wwwroot\Vikingkiller.scr
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINNT\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\wwwroot\ha_hijackthis_1991\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [CAP3ON] C:\WINNT\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Canon LASER SHOT LBP-1120 状态窗口.LNK = C:\WINNT\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: 服务管理器.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: 使用网际快车下载 - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{21D20BE6-026A-44C2-843C-DBA249BB99F0}: NameServer = 202.101.172.35
O17 - HKLM\System\CS1\Services\Tcpip\..\{21D20BE6-026A-44C2-843C-DBA249BB99F0}: NameServer = 218.108.248.245,218.108.248.219
O17 - HKLM\System\CS2\Services\Tcpip\..\{21D20BE6-026A-44C2-843C-DBA249BB99F0}: NameServer = 202.101.172.35
O17 - HKLM\System\CS3\Services\Tcpip\..\{21D20BE6-026A-44C2-843C-DBA249BB99F0}: NameServer = 202.101.172.35
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Dell OpenManage Server Agent Event Monitor (dcevt32) - Dell Inc. - C:\Program Files\Dell\OpenManage\OMSA\bin\dcevt32.exe
O23 - Service: Dell OpenManage Server Agent (dcstor32) - Dell Inc. - C:\Program Files\Dell\OpenManage\OMSA\bin\dcstor32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\system32\dmadmin.exe
O23 - Service: mr2kserv - Unknown owner - C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: OracleAgent80 - oracle - d:\orant\agentbin\DBSNMP.EXE
O23 - Service: OracleClientCache80 - Unknown owner - d:\orant\BIN\ONRSD80.EXE
O23 - Service: OracleCMAdminService80 - Unknown owner - d:\orant\BIN\CMADM80.EXE
O23 - Service: OracleCManService80 - Unknown owner - d:\orant\BIN\CMGW80.EXE
O23 - Service: OracleDataGatherer - Unknown owner - d:\orant\bin\vppdc.exe
O23 - Service: OracleExtprocAgent - Unknown owner - d:\orant\BIN\EXTPROCT.EXE
O23 - Service: OracleNamesService80 - Unknown owner - d:\orant\BIN\NAMES80.EXE
O23 - Service: OracleServiceBASE - Oracle Corporation - d:\orant\bin\oracle80.exe
O23 - Service: OracleServiceTLT - Oracle Corporation - d:\orant\bin\oracle80.exe
O23 - Service: OracleStartBASE - Unknown owner - d:\orant\BIN\strtdb80.exe
O23 - Service: OracleStartTLT - Unknown owner - d:\orant\BIN\strtdb80.exe
O23 - Service: OracleTNSListener80 - Unknown owner - d:\orant\BIN\TNSLSNR80.EXE
O23 - Service: OracleWebAssistant - Oracle Corporation - d:\orant\bin\OWASTsvr.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Secure Port Server (Server Administrator) - Unknown owner - %SystemDrive%\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe (file missing)
O23 - Service: Disk Management Service (VxSvc) - VERITAS Software Corp. - C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
最后编辑2007-05-15 11:30:14.233000000