瑞星卡卡安全论坛

Logfile of HijackThis v1.99.1
Scan saved at 10:44:58, on 2006-9-9
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINDOWS\System32\ctfmon.exe
D:\QQ2006\QQ\QQ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\SAND\qqfacerclient.exe
D:\QQ2006\QQ\TIMPlatform.exe
D:\外挂\时空游侠网络版\幻影变速.exe
D:\外挂\时空游侠网络版\幻影变速.exe
D:\外挂\lq16\www 8yw net.dll
D:\外挂\lq16\www 8yw net.dll
D:\外挂\lq16\www 8yw net.dll
D:\外挂\lq16\www 8yw net.dll
C:\HijackThis.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5043.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\迅累5\ComDlls\XunLeiBHO_002.dll
O2 - BHO: (no name) - {CF2464EB-AE06-42A7-BFB7-A9B22344DE95} - C:\DOCUME~1\ADMINI~1\APPLIC~1\GIGANO~1\IE_HEL~1.DLL
O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - Toolbar: My 网蜜(&M) - {102293E4-758B-4483-946B-714EBCEC91B8} - C:\Program files\MySec\secbarj4ckoz.dll
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: 腾讯QQ珊瑚虫版.lnk = D:\QQ2006\QQ\CoralQQ.exe
O8 - Extra context menu item: &使用迅雷下载 - D:\迅累5\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\迅累5\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\QQ2006\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\QQ2006\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\QQ2006\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\QQ2006\QQ\SendMMS.htm
O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\迅累5\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\迅累5\Thunder.exe
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\QQ2006\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\QQ2006\QQ\QQIEHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\srvdll.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\srvdll.dll
O11 - Options group: [CDNCLIENT]  中文上网
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FABBAD9-0020-4BA8-ADD3-3D38C0DC7094}: NameServer = 61.128.128.68 61.128.192.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{7596FD3E-8263-4621-97A4-7954E4930B0F}: NameServer = 61.128.128.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FABBAD9-0020-4BA8-ADD3-3D38C0DC7094}: NameServer = 61.128.128.68 61.128.192.68
O23 - Service: GrayPigeon_Hacker.com.cn - Unknown owner - C:\WINDOWS\Hacker.com.cn.exe
O23 - Service: Intel_Server (Intel Server) - Unknown owner - C:\WINDOWS\Longman.exe
O23 - Service: Microsoft Webserver - Unknown owner - C:\WINDOWS\Microsoft Webserver.exe (file missing)
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Te1net - Unknown owner - C:\WINDOWS\System32\VIPTray.exe (file missing)
O23 - Service: QQFace (Universal Disk Manager) - COMENET TECHNOLOGY - C:\Program Files\Common Files\SAND\qqfacerclient.exe
O23 - Service: Windows Audio Services (winAudSer) - Unknown owner - C:\WINDOWS\System32\Winms.exe (file missing)

如果开不了绿的你好象中招了
杀下看看
或者在安一下!

晕啊

你用外挂????那些通常全有毒的你应该装前先杀杀啊
Platform: Windows XP SP1 (WinNT 5.01.2600)
打个SP2 啊SP2出来好久了都

运行:services.msc,双击"GrayPigeon_Hacker.com.cn "服务停用

显示隐藏文件删除:C:\WINDOWS\Hacker.com.cn.exe

运行:regedit,按F3查找"C:\WINDOWS\Hacker.com.cn.exe"按F3查找下一个找到后删除.

修复:

O23 - Service: Microsoft Webserver - Unknown owner - C:\WINDOWS\Microsoft Webserver.exe (file missing)

O23 - Service: Te1net - Unknown owner - C:\WINDOWS\System32\VIPTray.exe (file missing)

O23 - Service: Windows Audio Services (winAudSer) - Unknown owner - C:\WINDOWS\System32\Winms.exe (file missing)


以下两个文件你认识吗?不认识到http://virusscan.jotti.org/de/检测,把报告贴上来.

C:\WINDOWS\Longman.exe

C:\windows\system32\srvdll.dll


安全模式下用"恶意软件清理助手"清理流氓软件(开机按F8)

恶意软件清理助手:http://www.tommsoft.com/Products.aspx?pid=2