瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 请帮忙看我的日志,谢谢
冰儿123456 - 2005-7-31 11:13:00
Logfile of HijackThis v1.99.1
Scan saved at 11:14:23, on 2005-7-31
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\csrss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
E:\PROGRAM FILES\RISING\RAV\RavStub.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\msdtc.exe
E:\WINNT\System32\tcpsvcs.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\System32\llssrv.exe
E:\WINNT\System32\WINDOW~1\Server\nspmon.exe
E:\WINNT\System32\WINDOW~1\Server\nscm.exe
E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
E:\WINNT\System32\rsvp.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\snmp.exe
E:\WINNT\system32\stisvc.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\System32\wins.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\dns.exe
E:\WINNT\System32\inetsrv\inetinfo.exe
E:\WINNT\System32\WINDOW~1\Server\nspm.exe
E:\WINNT\System32\WINDOW~1\Server\nsum.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\Dfssvc.exe
E:\WINNT\Explorer.EXE
E:\WINNT\System32\Rundll32.exe
E:\WINNT\SOUNDMAN.EXE
E:\WINNT\System32\igfxtray.exe
E:\WINNT\System32\hkcmd.exe
E:\Program Files\Wom\WinMem.exe
E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
E:\PROGRA~1\RISING\RAV\RAVMON.EXE
E:\WINNT\system32\rundll32.exe
E:\PROGRA~1\SKYNET\FIREWALL\PFW.exe
E:\WINNT\etb\pokapoka62.exe
E:\WINNT\System32\internat.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\cmd.exe
E:\Program Files\Tencent\QQ\QQ.exe
E:\WINNT\System32\dllhost.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\rising\Rav\Rav.exe
E:\Program Files\rising\Rav\RsAgent.exe
E:\WINNT\msagent\AgentSvr.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Documents and Settings\Administrator\My Documents\HijackThis.exe

O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - E:\WINNT\DOWNLO~1\CnsHook.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] E:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Windows内存整理] E:\Program Files\Wom\WinMem.exe
O4 - HKLM\..\Run: [RavTimer] E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] E:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [helper.dll] E:\WINNT\system32\rundll32.exe E:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe E:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [SKYNET Personal FireWall] E:\PROGRA~1\SKYNET\FIREWALL\PFW.exe
O4 - HKLM\..\Run: [System service62] E:\WINNT\etb\pokapoka62.exe
O4 - HKLM\..\Run: [Media Access] E:\Program Files\Media Access\MediaAccK.exe
O4 - HKCU\..\Run: [internat] internat.exe
O8 - Extra context menu item: !搜一搜 - res://E:\WINNT\DOWNLO~1\CnsMinEx.dll/1003
O8 - Extra context menu item: !搜一搜(&S) - res://E:\Program Files\yisou\yisou.dll/232
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=206671_1006 (file missing)
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B0F5BC3-2BAE-48C3-AB64-69FD043BD666}: NameServer = 202.101.103.54 202.101.103.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{924924AA-3791-4946-A27D-605BED3676E2}: NameServer = 192.168.0.1
O20 - Winlogon Notify: igfxcui - E:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe

请帮忙看我的日志,电脑中了病毒。病毒名: backdoor.Rbot.hvw
瑞星杀完了又有,请告知怎么彻底清除,谢谢!

★蓝色羽毛★ - 2005-7-31 11:31:00
请装全补丁
冰儿123456 - 2005-7-31 12:48:00
谢谢!

backdoor.Rbot.hvw病毒要怎么清除呢?
杀完后重启还是存在。 郁闷ING!

快乐营 - 2005-7-31 12:52:00
在安全模式下查杀
冰儿123456 - 2005-7-31 13:01:00
已经在安全模式下杀了,没查到病毒
冰儿123456 - 2005-7-31 13:02:00
另:电脑自动跳出这个框,好象是注册表有错误需修改,可以点确定吗? 不知道是什么,请帮忙指教!

Computer Performance Recommendation

?/td>  Errors in your computer's registry database, if present, could case slow performance, slow startup, or erratic operation including system freezes and crashes.

To ensure that your system is operating correctly, we recommend that you run Registry Cleaner now, which will scan for and, if found, correct up to 20 different registry errors that could be causing slow performance.
Click OK to download Registry Cleaner which can scan for registry errors now.
?/font>


?/td>

The free Registry Cleaner software in this advertisement provided courtesy SysTweak.com, which is not affiliated with Microsoft Corporation.


?/p>
现在进行时 - 2005-7-31 13:16:00
E:\WINNT\System32\wins.exe
这个是什么

对不起搞错了,这个是系统的正常进程.
冰儿123456 - 2005-7-31 13:20:00
【回复“现在进行时”的帖子】

我也不知道啊。怎么办?
冰儿123456 - 2005-7-31 14:03:00
瑞星杀毒结果查出病毒在:
E:\WINNT\System32\wininit.exe

我可不可以直接找出这个文件然后直接手工删除啊?
我对电脑一窍不通,请指教啊。
那是程序文件,怕不小心删除了影响运行。

在线等。。。
花落花又开 - 2005-7-31 14:27:00
【回复“冰儿123456”的帖子】
转到安全模式下修复此项:
O4 - HKLM\..\Run: [System service62] E:\WINNT\etb\pokapoka62.exe

删除文件:

E:\WINNT\etb\pokapoka62.exe

到windows update打全补丁.
冰儿123456 - 2005-7-31 14:43:00
【回复“花落花又开”的帖子】


好的,谢谢大哥!
天才少年 - 2005-7-31 14:45:00
ddd
为毒而疯 - 2005-7-31 14:51:00
打补丁~!
^_^
冰儿123456 - 2005-7-31 14:59:00
按照上面的方法操作了。现在还有问题吗?

Logfile of HijackThis v1.99.1
Scan saved at 15:03:59, on 2005-7-31
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\csrss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
E:\PROGRAM FILES\RISING\RAV\RavStub.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\msdtc.exe
E:\WINNT\System32\tcpsvcs.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\System32\llssrv.exe
E:\WINNT\System32\WINDOW~1\Server\nspmon.exe
E:\WINNT\System32\WINDOW~1\Server\nscm.exe
E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
E:\WINNT\System32\rsvp.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\snmp.exe
E:\WINNT\system32\stisvc.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\System32\wins.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\dns.exe
E:\WINNT\System32\inetsrv\inetinfo.exe
E:\WINNT\System32\WINDOW~1\Server\nspm.exe
E:\WINNT\System32\WINDOW~1\Server\nsum.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\Dfssvc.exe
E:\WINNT\Explorer.EXE
E:\WINNT\System32\Rundll32.exe
E:\WINNT\SOUNDMAN.EXE
E:\WINNT\System32\igfxtray.exe
E:\WINNT\System32\hkcmd.exe
E:\Program Files\Wom\WinMem.exe
E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
E:\PROGRA~1\RISING\RAV\RAVMON.EXE
E:\WINNT\system32\rundll32.exe
E:\PROGRA~1\SKYNET\FIREWALL\PFW.exe
E:\pokapoka62.exe
E:\WINNT\System32\internat.exe
E:\WINNT\System32\wuauclt.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\System32\wininit.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Documents and Settings\Administrator\桌面\HijackThis.exe

O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - E:\WINNT\DOWNLO~1\CnsHook.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] E:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Windows内存整理] E:\Program Files\Wom\WinMem.exe
O4 - HKLM\..\Run: [RavTimer] E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] E:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [helper.dll] E:\WINNT\system32\rundll32.exe E:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe E:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [SKYNET Personal FireWall] E:\PROGRA~1\SKYNET\FIREWALL\PFW.exe
O4 - HKLM\..\Run: [System service62] \pokapoka62.exe
O4 - HKLM\..\Run: [Media Access] E:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe
O4 - HKCU\..\Run: [internat] internat.exe
O8 - Extra context menu item: !搜一搜 - res://E:\WINNT\DOWNLO~1\CnsMinEx.dll/1003
O8 - Extra context menu item: !搜一搜(&S) - res://E:\Program Files\yisou\yisou.dll/232
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=206671_1006 (file missing)
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122788132421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122788760968
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B0F5BC3-2BAE-48C3-AB64-69FD043BD666}: NameServer = 202.101.103.54 202.101.103.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{924924AA-3791-4946-A27D-605BED3676E2}: NameServer = 192.168.0.1
O20 - Winlogon Notify: igfxcui - E:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe

冰儿123456 - 2005-7-31 15:14:00
呀呀呀,重新启动后查杀病毒还是存在呀?
瑞星杀毒结果查出病毒在:
E:\WINNT\System32\wininit.exe
病毒名称:backdoor.Rbot.hvj


哭哭哭哭哭哭。。。。。。
为毒而疯 - 2005-7-31 15:18:00
【回复“冰儿123456”的帖子】
不怎么会看喔~!?
^_^ 不好意思
冰儿123456 - 2005-7-31 15:33:00
高手快来啊,我玩游戏都不成,老是跳出一个框。烦~
冰儿123456 - 2005-7-31 15:34:00
呀呀呀,重新启动后查杀病毒还是存在呀?
瑞星杀毒结果查出病毒在:
E:\WINNT\System32\wininit.exe
病毒名称:backdoor.Rbot.hvj


哭哭哭哭哭哭。。。。。。
高手快来啊!!!怎么清除这个该死的病毒!!!
冰儿123456 - 2005-7-31 18:57:00
顶~~请帮忙看啊
1
查看完整版本: 请帮忙看我的日志,谢谢
© 2000 - 2026 Rising Corp. Ltd.