瑞星卡卡安全论坛
冬日风暴 - 2005-11-30 8:28:00
病毒分类 WINDOWS下的PE病毒 病毒名称 Trojan.Spy.Agent.ct
行为类型 WINDOWS下的木马程序
近日此病毒在我的电脑里肆意横行,瑞星(已升级到最新版本)好象也拿它没办法。我查了一下病毒库,好象里面没有记载这种病毒。对付它,我该怎么办?
幽灵行动 - 2005-11-30 10:42:00
瑞 星 版 本 号
17.39.12 可查杀
冬日风暴 - 2005-12-1 9:28:00
病毒分类 WINDOWS下的PE病毒 病毒名称 Trojan.Spy.Agent.ct
行为类型 WINDOWS下的木马程序
瑞 星 版 本 号 17.39.12
我现在已经是这个版本了,可是昨天杀完了今天一开机又有很多病毒,各位快救救我!
BlackStone - 2005-12-1 9:31:00
用Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)
工具的下载、使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7318038第
冬日风暴 - 2005-12-1 9:54:00
不知道保存的对不对,烦请大侠看一下:
Process PID CPU Description Company Name
Rav.exe 3332 95.19
procexp.exe 2548 3.85
SERVICES.EXE 704 0.96
DPCs n/a Deferred Procedure Calls
Interrupts n/a Hardware Interrupts
EXPLORER.EXE 1460
WINLOGON.EXE 660
System Idle Process 0
System 4
SVCHOST.EXE 1020
SVCHOST.EXE 868
SVCHOST.EXE 932
SVCHOST.EXE 1160
SVCHOST.EXE 1360
SVCHOST.EXE 240
SPOOLSV.EXE 1568
SMSS.EXE 560
SAgent2.exe 1784
realsched.exe 1060
RavTimer.exe 1216
RavStub.exe 484
RavMonD.exe 2024
RavMon.exe 1356
LSASS.EXE 716
InCDsrv.exe 1044
IEXPLORE.EXE 2244
flashget.exe 2308
CTFMON.EXE 1612
CSRSS.EXE 636
CCenter.exe 1960
ALG.EXE 972
Process: System Idle Process Pid: 0
Type Name
6825cc - 2005-12-1 9:59:00
用HiJackThis1.99.1版扫描日志
冬日风暴 - 2005-12-1 10:07:00
是这样吗?
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ IMSCMig File not found: rem
+ RavMon RavMon Rising realtime monitor Beijing Rising Technology Co., Ltd. d:\program files\rising\rav\ravmon.exe
+ RavTimer RavTimer Beijing Rising Technology Co., Ltd. d:\program files\rising\rav\ravtimer.exe
+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe
+ WindowsUpdate File not found: C:\WINDOWS\system32\WindowsUpdate.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
+ RavStub Rising Rav Stub Beijing Rising Technology Co., Ltd. d:\program files\rising\rav\ravstub.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ NBJ Nero BackItUp Scheduler Application Ahead Software AG c:\program files\ahead\nero backitup\nbj.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Display Panning CPL Extension File not found: deskpan.dll
+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll
+ RISING Rising Shell Ext Module Beijing Rising Technology Co., Ltd. c:\windows\system32\ravext.dll
+ Shell Extension for CDRW UDF Shell Extension DLL Ahead Software AG c:\program files\ahead\incd\incdshx.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll
+ WinRAR shell extension c:\program files\winrar\rarext.dll
+ 粉碎文件 File not found: C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll
+ 我的数字照相机 CAMVIEW DLL FotoNation Inc. d:\fotonation explorer\camview.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ AcroIEHlprObj Class Adobe Acrobat IE Helper Version 6.0 for ActivieX Adobe Systems Incorporated c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll
+ DragSearch BHO File not found: C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
+ i&Bar搜索引擎 c:\program files\ibar\10002\ibar.dll
+ IeCatch2 Class jccatch Module Amaze Soft d:\program files\flashget\jccatch.dll
+ MMSAssist BHO MMSAssist c:\program files\mmsassist\mmsassist.dll
+ QQBrowserHelperObject Class QQIEHelper Module 深圳市腾讯计算机系统有限公司 d:\qq\qqiehelper.dll
+ std software AOL Corp. c:\windows\system32\stdup.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ FlashGet Bar FlashGet IE Bar Amaze Soft d:\program files\flashget\fgiebar.dll
+ ibar.dll c:\program files\ibar\10002\ibar.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ &FlashGet FlashGet Amaze Soft d:\program files\flashget\flashget.exe
+ 豪杰超级解霸V8 c:\herosoft\herov8\sthsdvd.exe
HKLM\System\CurrentControlSet\Services
+ EPSONStatusAgent2 EPSON Printer Status Agent SEIKO EPSON CORPORATION c:\program files\common files\epson\ebapi\sagent2.exe
+ InCDsrv Helper service for the InCD filesystem driver Ahead Software AG c:\program files\ahead\incd\incdsrv.exe
+ RsCCenter CCenter rising d:\program files\rising\rav\ccenter.exe
+ RsRavMon RavMon Beijing Rising Technology Co., Ltd. d:\program files\rising\rav\ravmond.exe
HKLM\System\CurrentControlSet\Services
+ ac97intc Intel(r) Integrated Controller Hub Audio Driver Intel Corporation c:\windows\system32\drivers\ac97intc.sys
+ Achernar Achernar.sys An Chen Computer Co., Ltd. c:\windows\system32\drivers\achernar.sys
+ Aldebaran Aldebaran.sys An Chen Computer Co., Ltd. c:\windows\system32\drivers\aldebaran.sys
+ BaseTDI basetdi Rising c:\windows\system32\drivers\basetdi.sys
+ E100B NDIS 5 driver Intel Corporation c:\windows\system32\drivers\e100b325.sys
+ ExpScaner ExpScan.sys d:\program files\rising\rav\expscan.sys
+ ferdr c:\windows\system32\drivers\ferdr.sys
+ HookCont TDI HOOK Driver Rising tech Co. ltd d:\program files\rising\rav\hookcont.sys
+ HookReg d:\program files\rising\rav\hookreg.sys
+ HookSys 瑞星 d:\program files\rising\rav\hooksys.sys
+ InCDPass Ahead RW Filter Driver Ahead Software AG c:\windows\system32\drivers\incdpass.sys
+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys
+ nv4 NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys
+ pfc Padus(R) ASPI Shell Padus, Inc. c:\windows\system32\drivers\pfc.sys
+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys
+ Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys
+ xinstall c:\windows\system32\drivers\xinstall.sys
+ Yczaxnbt File not found: C:\WINDOWS\system32\drivers\Yczaxnbt.sys
+ ZSMC302 Video streaming and Capture Device Driver VM c:\windows\system32\drivers\usbvm31b.sys
HKCU\Control Panel\Desktop\Scrnsave.exe
+ C:\DOCUME~1\11\MYDOCU~1\qmsht.scr File not found: C:\DOCUME~1\11\MYDOCU~1\qmsht.scr
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ EPSON V5 2KMonitor EPSON Bidirectional Monitor SEIKO EPSON CORPORATION c:\windows\system32\ebpmon2.dll
BlackStone - 2005-12-1 10:21:00
+ std software AOL Corp. c:\windows\system32\stdup.dll
删除启动项
重启
删除c:\windows\system32\stdup.dll
这个不知是什么东东
+ InCDsrv Helper service for the InCD filesystem driver Ahead Software AG c:\program files\ahead\incd\incdsrv.exe
冬日风暴 - 2005-12-1 11:03:00
| 引用: |
【BlackStone的贴子】+ std software AOL Corp. c:\windows\system32\stdup.dll
删除启动项
重启
删除c:\windows\system32\stdup.dll
这个不知是什么东东
+ InCDsrv Helper service for the InCD filesystem driver Ahead Software AG c:\program files\ahead\incd\incdsrv.exe
........................... |
上述两项已经删除,可重开机后还是有病毒,正在杀毒中,谢谢楼上各位的帮忙,如果再有问题我会随时报告大家,再次感谢!
+ InCDsrv Helper service for the InCD filesystem driver Ahead Software AG c:\program files\ahead\incd\incdsrv.exe这是个刻录软件
冬日风暴 - 2005-12-1 15:57:00
天啊,这招不管用,重启后还是有那么多病毒!
各位还有什么招数?快帮帮我
冬日风暴 - 2005-12-1 16:01:00
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ IMSCMigFile not found: rem
+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravmon.exe
+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravtimer.exe
+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe
+ WindowsUpdateFile not found: C:\WINDOWS\system32\WindowsUpdate.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
+ RavStubRising Rav StubBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravstub.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ NBJNero BackItUp Scheduler ApplicationAhead Software AGc:\program files\ahead\nero backitup\nbj.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Display Panning CPL ExtensionFile not found: deskpan.dll
+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll
+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
+ Shell Extension for CDRWUDF Shell Extension DLLAhead Software AGc:\program files\ahead\incd\incdshx.dll
+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.c:\program files\real\realplayer\rpshell.dll
+ WinRAR shell extensionc:\program files\winrar\rarext.dll
+ 粉碎文件File not found: C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll
+ 我的数字照相机CAMVIEW DLLFotoNation Inc.d:\fotonation explorer\camview.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ AcroIEHlprObj ClassAdobe Acrobat IE Helper Version 6.0 for ActivieXAdobe Systems Incorporatedc:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll
+ DragSearch BHOFile not found: C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
+ i&Bar搜索引擎c:\program files\ibar\10002\ibar.dll
+ IeCatch2 Classjccatch ModuleAmaze Softd:\program files\flashget\jccatch.dll
+ MMSAssist BHOMMSAssistc:\program files\mmsassist\mmsassist.dll
+ QQBrowserHelperObject ClassQQIEHelper Module深圳市腾讯计算机系统有限公司d:\qq\qqiehelper.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ FlashGet BarFlashGet IE BarAmaze Softd:\program files\flashget\fgiebar.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ &FlashGetFlashGetAmaze Softd:\program files\flashget\flashget.exe
+ 豪杰超级解霸V8c:\herosoft\herov8\sthsdvd.exe
HKLM\System\CurrentControlSet\Services
+ EPSONStatusAgent2EPSON Printer Status AgentSEIKO EPSON CORPORATIONc:\program files\common files\epson\ebapi\sagent2.exe
+ InCDsrvHelper service for the InCD filesystem driverAhead Software AGc:\program files\ahead\incd\incdsrv.exe
+ RsCCenterCCenterrisingd:\program files\rising\rav\ccenter.exe
+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravmond.exe
HKLM\System\CurrentControlSet\Services
+ ac97intcIntel(r) Integrated Controller Hub Audio DriverIntel Corporationc:\windows\system32\drivers\ac97intc.sys
+ AchernarAchernar.sysAn Chen Computer Co., Ltd.c:\windows\system32\drivers\achernar.sys
+ AldebaranAldebaran.sysAn Chen Computer Co., Ltd.c:\windows\system32\drivers\aldebaran.sys
+ BaseTDIbasetdiRisingc:\windows\system32\drivers\basetdi.sys
+ E100BNDIS 5 driverIntel Corporationc:\windows\system32\drivers\e100b325.sys
+ ExpScanerExpScan.sysd:\program files\rising\rav\expscan.sys
+ ferdrc:\windows\system32\drivers\ferdr.sys
+ HookContTDI HOOK DriverRising tech Co. ltdd:\program files\rising\rav\hookcont.sys
+ HookRegd:\program files\rising\rav\hookreg.sys
+ HookSys瑞星d:\program files\rising\rav\hooksys.sys
+ InCDPassAhead RW Filter DriverAhead Software AGc:\windows\system32\drivers\incdpass.sys
+ nvNVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 NVIDIA Corporationc:\windows\system32\drivers\nv4_mini.sys
+ nv4NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 NVIDIA Corporationc:\windows\system32\drivers\nv4_mini.sys
+ pfcPadus(R) ASPI ShellPadus, Inc.c:\windows\system32\drivers\pfc.sys
+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys
+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys
+ xinstallc:\windows\system32\drivers\xinstall.sys
+ YczaxnbtFile not found: C:\WINDOWS\system32\drivers\Yczaxnbt.sys
+ ZSMC302Video streaming and Capture Device DriverVMc:\windows\system32\drivers\usbvm31b.sys
HKCU\Control Panel\Desktop\Scrnsave.exe
+ C:\DOCUME~1\11\MYDOCU~1\qmsht.scrFile not found: C:\DOCUME~1\11\MYDOCU~1\qmsht.scr
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ EPSON V5 2KMonitorEPSON Bidirectional MonitorSEIKO EPSON CORPORATIONc:\windows\system32\ebpmon2.dll
BlackStone - 2005-12-1 16:05:00
杀毒软件报毒的路径是什么?
冬日风暴 - 2005-12-1 16:25:00
以下是查杀日志:
病毒名称 处理结果 发现日期 扫描方式 路径 文件 病毒来源
Trojan.Spy.Agent.ct 删除成功 05-11-30 08:02 实时监控 C:\WINDOWS\system32rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-11-30 08:06 手动扫描 Rav.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-11-30 08:06 手动扫描 Rav.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-11-30 08:06 手动扫描 Rav.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-11-30 08:06 手动扫描 Rav.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-11-30 08:06 手动扫描 Rav.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Backdoor.Bifrose.ch 清除成功 05-11-30 08:06 手动扫描 iexplore.exe>>C:\Program Files\Internet Explorer\iexplore.exe\本机
Backdoor.Bifrose.ch 清除成功 05-11-30 08:06 手动扫描 iexplore.exe>>C:\Program Files\Internet Explorer\iexplore.exe\本机
Trojan.Spy.Agent.ct 清除成功 05-11-30 08:06 手动扫描 Explorer.EXE>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-11-30 08:06 手动扫描 svchost.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-11-30 08:06 手动扫描 Ravmond.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-11-30 08:10 手动扫描 Rav.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-11-30 08:10 手动扫描 Rav.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 删除成功 05-11-30 08:12 手动扫描 C:\WINDOWS\system32rapcklo.dll\本机
Trojan.Spy.Agent.ct 删除成功 05-11-30 18:33 实时监控 C:\WINDOWS\system32rapcklo.dll\本机
Trojan.Spy.Agent.ct 删除成功 05-12-01 08:02 实时监控 C:\WINDOWS\system32rapcklo.dll\本机
Trojan.Spy.Agent.ct 删除成功 05-12-01 08:48 实时监控 C:\WINDOWS\system32rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-12-01 08:54 手动扫描 Rav.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-12-01 08:54 手动扫描 Rav.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-12-01 08:54 手动扫描 Rav.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Backdoor.Bifrose.ch 清除成功 05-12-01 08:54 手动扫描 iexplore.exe>>C:\Program Files\Internet Explorer\iexplore.exe\本机
Trojan.Spy.Agent.ct 清除成功 05-12-01 08:54 手动扫描 Explorer.EXE>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-12-01 08:54 手动扫描 svchost.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-12-01 08:54 手动扫描 Ravmond.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 删除成功 05-12-01 08:59 手动扫描 C:\WINDOWS\system32rapcklo.dll\本机
Trojan.Spy.Agent.ct 删除成功 05-12-01 09:45 手动扫描 C:\System Volume Information\_restore{540B61E5-BBEF-4F3C-B25C-D4E095038B76}\RP128A0030914.DLL\本机
Trojan.Spy.Agent.ct 清除成功 05-12-01 10:43 手动扫描 Rav.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-12-01 10:43 手动扫描 Rav.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Backdoor.Bifrose.ch 清除成功 05-12-01 10:43 手动扫描 iexplore.exe>>C:\Program Files\Internet Explorer\iexplore.exe\本机
Trojan.Spy.Agent.ct 清除成功 05-12-01 10:43 手动扫描 Explorer.EXE>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-12-01 10:43 手动扫描 lsass.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-12-01 10:43 手动扫描 svchost.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-12-01 10:43 手动扫描 Ravmond.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-12-01 10:49 手动扫描 Rav.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-12-01 10:49 手动扫描 Rav.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-12-01 10:49 手动扫描 Rav.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 删除成功 05-12-01 10:51 手动扫描 C:\WINDOWS\system32rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-12-01 15:48 手动扫描 Rav.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-12-01 15:48 手动扫描 Rav.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-12-01 15:48 手动扫描 Rav.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Backdoor.Bifrose.ch 清除成功 05-12-01 15:48 手动扫描 iexplore.exe>>C:\Program Files\Internet Explorer\iexplore.exe\本机
Backdoor.Bifrose.ch 清除成功 05-12-01 15:48 手动扫描 iexplore.exe>>C:\Program Files\Internet Explorer\iexplore.exe\本机
Trojan.Spy.Agent.ct 清除成功 05-12-01 15:48 手动扫描 Explorer.EXE>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-12-01 15:48 手动扫描 svchost.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除成功 05-12-01 15:48 手动扫描 Ravmond.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 删除成功 05-12-01 16:03 实时监控 C:\WINDOWS\system32rapcklo.dll\本机
Trojan.Spy.Agent.ct 清除失败 05-12-01 16:08 手动扫描 Rav.exe>>C:\WINDOWS\system32\rapcklo.dll\本机
Trojan.Spy.Agent.ct 删除成功 05-12-01 16:10 实时监控 C:\WINDOWS\system32rapcklo.dll\本机
BlackStone - 2005-12-1 16:30:00
C:\WINDOWS\system32rapcklo.dll
C:\WINDOWS\system32\rapcklo.dll
手动删除这两个文件试试
若删除不掉
用Unlocker工具删除试试
工具下载、使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7471002
冬日风暴 - 2005-12-1 16:33:00
冬日风暴 - 2005-12-3 17:59:00
C:\WINDOWS\system32rapcklo.dll
上面这个文件找不到,病毒还是除不掉
一开机就有许多病毒
冬日风暴 - 2005-12-3 18:00:00
C:\WINDOWS\system32\rapcklo.dll是在隐藏文件中找到的,而另一个就找不到
冬日风暴 - 2005-12-3 18:07:00
不知道什么时候又有了Backdoor.Bifrose.ch病毒,NND,真是败了.各位大侠快救救我吧
冬日风暴 - 2005-12-3 18:24:00
帮帮我吧,热切地盼望中……
冬日风暴 - 2005-12-3 18:31:00
冬日风暴 - 2005-12-3 18:48:00
刚扫的日志:
Logfile of HijackThis v1.99.1
Scan saved at 18:43:50, on 2005-12-3
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - _{54EBD53A-9BC1-480B-966A-843A333CA162} - (no file)
O2 - BHO: (no name) - _{AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\qq\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMSCMig] rem C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\system32\WindowsUpdate.exe
O4 - HKLM\..\RunOnce: [RavStub] "D:\PROGRAM FILES\RISING\RAV\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O8 - Extra context menu item: >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL/mms.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\qq\AddEmotion.htm
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: 常用网址 - {36B39F01-7B48-44AD-A165-5849CD8EF562} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7FC751A9-492D-41B1-9F8D-D2C8809D8907} (EmoWebInstallerCtl Class) - http://img.365ren.com/tv/cabs/EmoWebInstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3147DA0B-C374-4B5E-B65C-DAB219D02714}: NameServer = 202.56.57.58,202.102.128.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{3147DA0B-C374-4B5E-B65C-DAB219D02714}: NameServer = 202.56.57.58,202.102.128.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{3147DA0B-C374-4B5E-B65C-DAB219D02714}: NameServer = 202.56.57.58,202.102.128.68
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
影子110 - 2005-12-3 19:08:00
关闭IE等不必要的程序
清空临时文件夹:
IE》属性》删除文件(包括脱机文件)》确定
我的电脑》属性》系统还原》关闭所有盘的系统还原》确定
打开 我的电脑》工具》文件夹选项》查看》显示所有文件,不隐藏受保护的操作系统文件》确定
查找C:\WINDOWS\system32\rapcklo.dll
删除
开始 》 运行 》输入 Regedit.exe 》确定》编辑》查找~~~
用rapcklo.dll做为查找项,整个的查找下~~~找到后删了它
(注意如果你要删除注册表中的项请先将该项导出,或备份注册表后再操作,以免出错!)
影子110 - 2005-12-3 19:13:00
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\system32\WindowsUpdate.exe
这项也要修复~~~(和上面的同时进行~~~)
并删除病毒文件
C:\WINDOWS\system32\WindowsUpdate.exe
冬日风暴 - 2005-12-3 19:54:00
谢谢影子110,我现在正在处理中
再次感谢!
1
© 2000 - 2026 Rising Corp. Ltd.
