出现4i5y进程就断线啊　删除后，重复出现啊 bbs.ikaka.com

luliang09 - 2005-8-30 15:03:00

Logfile of HijackThis v1.99.1
Scan saved at 15:02:43, on 2005-8-30
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DFVSX\DFVSX.exe
C:\WINDOWS\System32\ctfmon.exe
C:\KAV6\KAVSVC.EXE
C:\WINDOWS\netinfo.exe
C:\WINDOWS\pnpasn32.exe
C:\WINDOWS\WinUpdate.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\lsa.exe
E:\HijackThis.exe

O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [木马绝杀] C:\Program Files\木马绝杀\killer.exe -min
O4 - HKLM\..\Run: [dfvsx] "C:\Program Files\DFVSX\DFVSX.exe" -Min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunServices: [WinSysAnal] winsysanal.exe
O4 - HKCU\..\RunServices: [winrapid] winrapid.exe
O4 - HKCU\..\RunServices: [Windows Updating Service] updating.pif
O4 - HKCU\..\RunServices: [Windows Security Service] windows.pif
O4 - HKCU\..\RunServices: [sysmngr32] sys64mnger.exe
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O11 - Options group: [!CNS] 网络实名
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125379923609
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2F10976-D985-4022-B388-8DFC9383E226}: NameServer = 202.96.104.16 202.96.104.26
O23 - Service: Kingsoft AntiVirus Service (KAVSvc) - kingsoft Antivirus - C:\KAV6\KAVSVC.EXE
O23 - Service: lsa driver service (lsaDriver) - Unknown owner - C:\WINDOWS\lsa.exe
O23 - Service: Norton AntiVirus 自动防护服务 (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: netinfo - Unknown owner - C:\WINDOWS\netinfo.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: tsecure - Unknown owner - C:\WINDOWS\tsecure.exe (file missing)
O23 - Service: change me please (virus) - Unknown owner - C:\WINDOWS\pnpasn32.exe
O23 - Service: Windows Automatic Updates (Windows Automatic Update Service) - Unknown owner - C:\WINDOWS\WinUpdate.exe
O23 - Service: Windows HWinfo Loader - Unknown owner - C:\WINDOWS\iexplre.exe

sanadayukimura - 2005-8-30 15:09:00

【回复“luliang09”的帖子】
修复：
O4 - HKCU\..\RunServices: [WinSysAnal] winsysanal.exe
O4 - HKCU\..\RunServices: [winrapid] winrapid.exe
O4 - HKCU\..\RunServices: [Windows Updating Service] updating.pif
O4 - HKCU\..\RunServices: [Windows Security Service] windows.pif
O4 - HKCU\..\RunServices: [sysmngr32] sys64mnger.exe
O23 - Service: lsa driver service (lsaDriver) - Unknown owner - C:\WINDOWS\lsa.exe
O23 - Service: netinfo - Unknown owner - C:\WINDOWS\netinfo.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: tsecure - Unknown owner - C:\WINDOWS\tsecure.exe (file missing)
O23 - Service: change me please (virus) - Unknown owner - C:\WINDOWS\pnpasn32.exe
O23 - Service: Windows Automatic Updates (Windows Automatic Update Service) - Unknown owner - C:\WINDOWS\WinUpdate.exe
O23 - Service: Windows HWinfo Loader - Unknown owner - C:\WINDOWS\iexplre.exe
O23项怀疑是灰鸽子，请参考下面这个链接：
关于查杀“灰鸽子2005”的一点建议。
http://forum.ikaka.com/topic.asp?board=28&artid=6202404。
找到：
winsysanal.exe
winrapid.exe
updating.pif
windows.pif
sys64mnger.exe。

花落花又开 - 2005-8-30 15:11:00

【回复“luliang09”的帖子】
汗，机器都成了木马窝了！

重启电脑按F8进入安全模式下修复：
O4 - HKCU\..\RunServices: [WinSysAnal] winsysanal.exe
O4 - HKCU\..\RunServices: [winrapid] winrapid.exe
O4 - HKCU\..\RunServices: [Windows Updating Service] updating.pif
O4 - HKCU\..\RunServices: [Windows Security Service] windows.pif
O4 - HKCU\..\RunServices: [sysmngr32] sys64mnger.exe
O23 - Service: lsa driver service (lsaDriver) - Unknown owner - C:\WINDOWS\lsa.exe
O23 - Service: netinfo - Unknown owner - C:\WINDOWS\netinfo.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: tsecure - Unknown owner - C:\WINDOWS\tsecure.exe (file missing)
O23 - Service: change me please (virus) - Unknown owner - C:\WINDOWS\pnpasn32.exe
O23 - Service: Windows Automatic Updates (Windows Automatic Update Service) - Unknown owner - C:\WINDOWS\WinUpdate.exe
O23 - Service: Windows HWinfo Loader - Unknown owner - C:\WINDOWS\iexplre.exe

停止服务；开始--控制面版--管理工具--服务--分别找到lsa driver service ，netinfo，System Startup Service ，tsecure，change me please ，Windows Automatic Updates ，Windows HWinfo Loader 属性--改成已禁用。

显示隐藏文件，用开始--搜索功能找到以下文件，删除：
winsysanal.exe
winrapid.exe
updating.pif
windows.pif
sys64mnger.exe
C:\WINDOWS\lsa.exe
C:\WINDOWS\netinfo.exe
C:\WINDOWS\svcproc.exe
C:\WINDOWS\tsecure.exe
C:\WINDOWS\pnpasn32.exe
C:\WINDOWS\WinUpdate.exe
C:\WINDOWS\iexplre.exe

另，请打全补丁，最好挂个防火。

luliang09 - 2005-8-30 15:47:00

谢谢版主，我按你的方法做了
能不能在帮我看看　有没有清楚干净～～～
Logfile of HijackThis v1.99.1
Scan saved at 15:45:05, on 2005-8-30
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\木马绝杀\killer.exe
C:\Program Files\DFVSX\DFVSX.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\KAV6\KAVSVC.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\HijackThis.exe

O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [木马绝杀] C:\Program Files\木马绝杀\killer.exe -min
O4 - HKLM\..\Run: [dfvsx] "C:\Program Files\DFVSX\DFVSX.exe" -Min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O11 - Options group: [!CNS] 网络实名
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125379923609
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2F10976-D985-4022-B388-8DFC9383E226}: NameServer = 202.96.104.16 202.96.104.26
O23 - Service: Kingsoft AntiVirus Service (KAVSvc) - kingsoft Antivirus - C:\KAV6\KAVSVC.EXE
O23 - Service: Norton AntiVirus 自动防护服务 (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)

luliang09 - 2005-8-30 15:59:00

顺便问一下　补丁哪有下载，我ＷＩＮＤＯＷＳ　自动更新不了
防火墙哪个好用点

飞跃迷离 - 2005-8-30 20:18:00

【回复“luliang09”的帖子】
日志似乎并无异常...

您可以到下载补丁：
http://windowsupdate.microsoft.com/

您可以试试用瑞星防火墙

luliang09 - 2005-9-1 16:11:00

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DFVSX\DFVSX.exe
C:\KAV6\KAVSVC.EXE
C:\DOCUME~1\ll\LOCALS~1\Temp\Rar$EX04.141\for_XP\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
E:\HijackThis.exe

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
O4 - HKLM\..\Run: [木马绝杀] rem C:\Program Files\木马绝杀\killer.exe -min
O4 - HKLM\..\Run: [dfvsx] "C:\Program Files\DFVSX\DFVSX.exe" -Min
O4 - HKLM\..\Run: [assistse] rem "C:\Program Files\3721\AssistSe.exe"
O4 - HKCU\..\Run: [MSMSGS] rem "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O11 - Options group: [!CNS] 网络实名
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125409128828
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2F10976-D985-4022-B388-8DFC9383E226}: NameServer = 202.96.104.16 202.96.104.26
O23 - Service: Kingsoft AntiVirus Service (KAVSvc) - kingsoft Antivirus - C:\KAV6\KAVSVC.EXE
O23 - Service: Norton AntiVirus 自动防护服务 (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)

瑞星卡卡安全论坛