ＯＫ我到出了，帮忙看下，谢谢你 bbs.ikaka.com

十方叶子 - 2006-2-6 13:33:00

Logfile of HijackThis v1.99.1
Scan saved at 13:31:05, on 2006-2-6
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwproxy.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\RECYCLER\RECYCLER.com
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\ChinaNet\VnetClient.exe
C:\Program Files\DuDu\DddClient\DuDuAcc.exe
C:\Program Files\DuDu\DddClient\dudupros.exe
C:\WINDOWS\QmlsbGdhdGVz\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Internet Explorer\IExplore.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Thunder Network\Thunder\Thunder.exe
C:\WINDOWS\system32\conime.exe
D:\HijackThis.exe

F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\RECYCLER\RECYCLER.com
O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - (no file)
O2 - BHO: (no name) - {0C7C23EF-A848-485B-873C-0ED954731014}? - (no file)
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB}? - (no file)
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410}? - (no file)
O2 - BHO: (no name) - {3E422F49-1566-40D3-B43D-077EF739AC32}? - (no file)
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD}? - (no file)
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: (no name) - {4E83D567-4697-4F7B-B1F0-A513B01DB89A}? - (no file)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\新建文件夹\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B}? - (no file)
O2 - BHO: DuDu.com - {6BDE1669-B490-48E3-B668-456314F2D6C3} - C:\Program Files\DuDu\DddClient\dddiemon.dll (file missing)
O2 - BHO: (no name) - {6E28339B-7A2A-47B6-AEB2-197004272379}? - (no file)
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll
O2 - BHO: MAngle Class - {9A556B8F-FD02-420E-A1FD-9DB33808254E} - C:\Program Files\MySec\secmouseaaa.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7}? - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4}? - (no file)
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB}? - (no file)
O3 - Toolbar: (no name) - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5}? - (no file)
O3 - Toolbar: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD}? - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {364B6276-C6C1-40B6-A6D7-6C48871FD707}? - (no file)
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SECUPDATE] C:\Program Files\MySec\secupdateaaa.exe -sv
O4 - HKLM\..\Run: [AddrPlus3] C:\PROGRA~1\TENCENT\AdPlus\Runner.exe C:\PROGRA~1\TENCENT\AdPlus\QAHook1.dll Rundll32
O4 - HKLM\..\RunServices: [Configuration Loader] scvhost.exe
O4 - HKLM\..\RunServices: [MSN Messenger] msnmsgi.exe
O4 - HKLM\..\RunServices: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKLM\..\RunServices: [Z]MNI_Ojrpek]`]JPV]`] C:\WINDOWS\System32\ikwhpntkmr.exe
O4 - HKLM\..\RunServices: [TMUHY[IMLWUZ] C:\WINDOWS\System32\iqhou.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用DuDu 加速器下载 - res://C:\Program Files\DuDu\DddClient\dddmext.dll/202
O8 - Extra context menu item: &使用DuDu 加速器下载全部链接 - res://C:\Program Files\DuDu\DddClient\dddmext.dll/203
O8 - Extra context menu item: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\新建文件夹\AddToNetDisk.htm
O8 - Extra context menu item: 反向链接 - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\新建文件夹\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\新建文件夹\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\新建文件夹\SendMMS.htm
O8 - Extra context menu item: 类似网页 - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: 缓存的网页快照 - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: 翻译英文字词(&T) - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289}? - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - F:\浩方对战平台\GameClient.exe
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A}? - F:\浩方对战平台\GameClient.exe
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97}? - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26}? - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=?allyesPara=816 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338}? - http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263}? - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\新建文件夹\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\新建文件夹\QQ.EXE
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b}? - F:\ps\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b}? - F:\ps\QQ.EXE (file missing)
O9 - Extra button: 东方大典 - {d7489fa7-4f38-da83-e876-ad56f2e8d761} - C:\PROGRA~1\!SUNV\EasyDict\PlugInIE.dll
O9 - Extra 'Tools' menuitem: &Easy Dict - {d7489fa7-4f38-da83-e876-ad56f2e8d761} - C:\PROGRA~1\!SUNV\EasyDict\PlugInIE.dll
O9 - Extra button: 东方大典 - {d7489fa7-4f38-da83-e876-ad56f2e8d761}? - C:\PROGRA~1\!SUNV\EasyDict\PlugInIE.dll
O9 - Extra 'Tools' menuitem: &Easy Dict - {d7489fa7-4f38-da83-e876-ad56f2e8d761}? - C:\PROGRA~1\!SUNV\EasyDict\PlugInIE.dll
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\新建文件夹\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\新建文件夹\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}? - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}? - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}? - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [TBH] QQ地址栏搜索插件
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137746271937
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BCE0CE4-5F66-40B2-A89A-063BAFC529D5}: NameServer = 61.177.7.1 221.228.255.1
O18 - Protocol: mbox - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\system32\mbprot.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QmlsbGdhdGVz\command.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

不言放弃 - 2006-2-6 13:47:00

结束如下进程
C:\WINDOWS\QmlsbGdhdGVz\command.exe
C:\RECYCLER\RECYCLER.com

修复
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\RECYCLER\RECYCLER.com
O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - (no file)
O2 - BHO: (no name) - {0C7C23EF-A848-485B-873C-0ED954731014}? - (no file)
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB}? - (no file)
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410}? - (no file)
O2 - BHO: (no name) - {3E422F49-1566-40D3-B43D-077EF739AC32}? - (no file)
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD}? - (no file)
O2 - BHO: (no name) - {4E83D567-4697-4F7B-B1F0-A513B01DB89A}? - (no file)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B}? - (no file)
O2 - BHO: DuDu.com - {6BDE1669-B490-48E3-B668-456314F2D6C3} - C:\Program Files\DuDu\DddClient\dddiemon.dll (file missing)
O2 - BHO: (no name) - {6E28339B-7A2A-47B6-AEB2-197004272379}? - (no file)
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll
O2 - BHO: MAngle Class - {9A556B8F-FD02-420E-A1FD-9DB33808254E} - C:\Program Files\MySec\secmouseaaa.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7}? - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4}? - (no file)
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB}? - (no file)
O3 - Toolbar: (no name) - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5}? - (no file)
O3 - Toolbar: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD}? - (no file)
O3 - Toolbar: (no name) - {364B6276-C6C1-40B6-A6D7-6C48871FD707}? - (no file)
O4 - HKLM\..\Run: [SECUPDATE] C:\Program Files\MySec\secupdateaaa.exe -sv
O4 - HKLM\..\RunServices: [Configuration Loader] scvhost.exe
O4 - HKLM\..\RunServices: [MSN Messenger] msnmsgi.exe
O4 - HKLM\..\RunServices: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKLM\..\RunServices: [Z]MNI_Ojrpek]`]JPV]`] C:\WINDOWS\System32\ikwhpntkmr.exe
O4 - HKLM\..\RunServices: [TMUHY[IMLWUZ] C:\WINDOWS\System32\iqhou.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QmlsbGdhdGVz\command.exe

卸载
C:\Program Files\Accoona
C:\Program Files\MySec

删除
C:\WINDOWS\QmlsbGdhdGVz\command.exe
C:\RECYCLER\RECYCLER.com
scvhost.exe
msnmsgi.exe
taskmnegr.exe
msconfg.exe
C:\WINDOWS\System32\ikwhpntkmr.exe
C:\WINDOWS\System32\iqhou.exe
C:\WINDOWS\QmlsbGdhdGVz
C:\Program Files\Accoona
C:\Program Files\MySec

附件: 364052200626134758.JPG

瑞星卡卡安全论坛