瑞星卡卡安全论坛

不知道是中了什么病毒,瑞星杀不掉

附件: 457778200574193743.JPG

还有一张图

附件: 457778200574193904.JPG

你更关了更新的功能 开翻就可以了

在线等==========

应该没事，去安全模式下转个圈？

我扫出来的,帮忙看看.
Logfile of HijackThis v1.99.1
Scan saved at 19:51:06, on 2005-7-4
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\SkyNet\FireWall\PFW.exe
C:\Program Files\rising\Rav\RavTimer.exe
C:\Program Files\rising\Rav\RavMon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\qqpet\qqpet.exe
C:\Program Files\Maxthon\Maxthon.exe
E:\软件\HijackThis.exe

O2 - BHO: 搜索助手 - {04844102-FC0B-4f44-9E93-0C4293BB5E80} - C:\Program Files\ydt\ydt.dll (file missing)
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\3721\Assist\Angling.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: ltmenu Class - {78C21EFD-53BA-406C-AF1A-33A38ABD3958} - C:\Program Files\LtUcx\1002\c0.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\Program Files\SkyNet\FireWall\PFW.exe
O4 - HKLM\..\Run: [RavTimer] C:\Program Files\rising\Rav\RavTimer.exe
O4 - HKLM\..\Run: [RavMon] C:\Program Files\rising\Rav\RavMon.exe -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: 商机直通车 - {13b0c05c-ef05-4bf6-b0ea-f6111af25544} - C:\WINDOWS\System32\alitb2\bar.dll
O9 - Extra button: 新浪UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - C:\Program Files\sina\UC\UC.exe
O9 - Extra button: 视频聊天 - {6924091F-CD97-41E1-B1D4-D9079409D413} - http://www.liantang.net (file missing)
O9 - Extra 'Tools' menuitem: 视频聊天 - {6924091F-CD97-41E1-B1D4-D9079409D413} - http://www.liantang.net (file missing)
O9 - Extra button: 寻论网--中学作业解答 - {6924091F-CD97-41E1-B1D4-D9079409D423} - http://www.xunlun.com (file missing)
O9 - Extra 'Tools' menuitem: 中学作业 - {6924091F-CD97-41E1-B1D4-D9079409D423} - http://www.xunlun.com (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://lobby.yumemisaki.co.jp:8080/kxhcm10.ocx
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {59324688-BAB1-4EC0-999A-BFA50D3D4F1D} (FullCtrl Class) - http://chat.qq.com/activex/curver/webvqq.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://61.152.96.82:1995/talk.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12F8E488-D146-443A-8CA7-03111ECB48E4}: NameServer = 69.50.176.196,195.225.176.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{5499C75D-E707-4537-99C3-2AEE56450BCC}: NameServer = 61.139.2.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BC28554-A46E-4EDE-ACD0-2970A8499AA2}: NameServer = 61.139.2.69
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.176.196,195.225.176.110
O17 - HKLM\System\CS1\Services\Tcpip\..\{12F8E488-D146-443A-8CA7-03111ECB48E4}: NameServer = 69.50.176.196,195.225.176.110
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.176.196,195.225.176.110
O17 - HKLM\System\CS2\Services\Tcpip\..\{12F8E488-D146-443A-8CA7-03111ECB48E4}: NameServer = 69.50.176.196,195.225.176.110
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.196,195.225.176.110
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe

【回复“laihuayue”的帖子】C:\WINDOWS\System32\wdfmgr.exe可能是个木马。请把这个文件打包传上来看看。

压缩了,看看,谢谢!

附件: 457778200574211425.rar

引用:

【baohe的贴子】【回复“laihuayue”的帖子】C:\WINDOWS\System32\wdfmgr.exe可能是个木马。请把这个文件打包传上来看看。 ...........................

Process File: wdfmgr or wdfmgr.exe
Process Name: Windows Driver Foundation Manager
Description: wdfmgr.exe is part of Microsoft Windows media player 10 and above.

什么意思?没有问题吗?

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

BAOHE斑竹怀疑C:\WINDOWS\System32\wdfmgr.exe可能是个木马造成你杀软和防火墙问题,另外信息可能已经外泄了

他的系统应该是有问题的,否则杀毒软件不会损坏,另外天网防火墙不会提示密码/电子邮件/数据外泄

看一下O17项吧，那几个IP地址是否都是你自己设置或是ISP的地址，不是就修复。

【回复“laihuayue”的帖子】
楼主，您好！
建议修复：
O2 - BHO: ltmenu Class - {78C21EFD-53BA-406C-AF1A-33A38ABD3958} - C:\Program Files\LtUcx\1002\c0.dll
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://lobby.yumemisaki.co.jp:8080/kxhcm10.ocx
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://61.152.96.82:1995/talk.cab
重新启动到安全模式，在文件夹选项中，显示隐藏文件和取消“隐藏受保护的操作系统文件”。删除以下文件（如果存在的话）：
C:\Program Files\LtUcx\1002\c0.dll。
您的播放器如果是Media Player 10的话，有C:\WINDOWS\System32\wdfmgr.exe进程是正常的。
此外，请您为系统打上SP2补丁。

想起了,那天我进了个网站后DNS就变成O17 - HKLM\System\CCS\Services\Tcpip\..\{12F8E488-D146-443A-8CA7-03111ECB48E4}: NameServer = 69.50.176.196    195.225.176.110中后面两个IP了,然后网页开不了,下载软件可以下载.然后我问电信的,他叫我把DNS改成O17 - HKLM\System\CCS\Services\Tcpip\..\{8BC28554-A46E-4EDE-ACD0-2970A8499AA2}: NameServer = 61.139.2.69后面的IP就可以开网页了.我现在是要把有69.50.176.196  195.225.176.110这两个IP的项都修复吗????还有我可以把C:\WINDOWS\System32\wdfmgr.exe进程结束,然后删除试试吗?

我把你们说的项都修复了,不知道行不行,先用用再说,谢谢各位了

昨天用工具恢复了,好了不久,今天开机用浏览器,又和昨天一样了.杀毒软件监控发现病毒但杀不了,病毒在C\WINDOWS\SYSTEM32.文件名叫X,EXE,但在正常开机下找不到此文件.

忘了,杀毒软件发现该病毒名为Trojan.Dialer.upy