瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】发现新的顽固软件更本无法删除,请专家帮忙啊.

12   1  /  2  页   跳转

【求助】发现新的顽固软件更本无法删除,请专家帮忙啊.

收藏
anndyk
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-08-01
  • 来自:
发表于: 2006-08-01 02:23 | 只看楼主 短消息 资料
字号: 1楼

【求助】发现新的顽固软件更本无法删除,请专家帮忙啊.

也不知道什么时候被强行安装了“酷桌面”的程序,在C盘的C:\Program Files\LetsCool里面,就是用尽办法也无法删.更可气的是那酷桌面(作用是能设定时间自动切换桌面图片)有个IE,好象能自动链接,老是每几秒就弹出“手机图铃下载站”“色情电影网站”“广告”什么的。基本每5分钟就会弹出来一次。我在IE工具设置里用了最高的弹窗阻止程序,也没用。控制面板也找不到那程序,在C盘点DEL也删不动。
  还有两个是 C:\Program Files\nb46.com (搜索程序) 和 
              C:\WINDOWS\system32\ServeHost.exe  病毒名是Trojan.Spy.Agent.bcu
这个病毒瑞星每次查杀都有发现,但总是重起后删除.但我重起后还在,手动也删不了.
  这3个东西让我现在无法正常使用电脑,老是被广告或那些什么的弹出,而且还引起死机卡机现象.
  感谢谁能给我帮助,指教该如何处理?别人推荐了黄山IE修复,也没用.
  谢谢帮个忙.感激不尽!!
最后编辑2006-08-01 14:37:28
分享到:
gototop
 
yanmings
头像
锋芒艾服狮
  • 帖子:1698
  • 注册: 2005-01-10
  • 来自:
发表于: 2006-08-01 02:29 | 短消息 资料
字号: 2楼

唉,我都说了不在这里回贴子了,看到楼主这么早就来问了,感动
参考http://forum.ikaka.com/topic.asp?board=36&artid=8131157
gototop
 
yanmings
头像
锋芒艾服狮
  • 帖子:1698
  • 注册: 2005-01-10
  • 来自:
发表于: 2006-08-01 02:30 | 短消息 资料
字号: 3楼

另两个问题:
http://forum.ikaka.com/topic.asp?board=28&artid=8105899
下载HijackThis...把日志帖上来让他们帮你看吧
gototop
 
anndyk
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-08-01
  • 来自:
发表于: 2006-08-01 02:49 | 只看楼主 短消息 资料
字号: 4楼

传日志是吗?哦,这样啊,知道了,谢谢你.
gototop
 
anndyk
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-08-01
  • 来自:
发表于: 2006-08-01 02:57 | 只看楼主 短消息 资料
字号: 5楼

没用过这个,而且全英文,看不懂,请问是这个日志吗?
gototop
 
anndyk
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-08-01
  • 来自:
发表于: 2006-08-01 03:01 | 只看楼主 短消息 资料
字号: 6楼

Logfile of HijackThis v1.99.1
Scan saved at 2:46:33, on 2006-8-1
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Rundll.exe
C:\sfda_licence\resin\bin\httpd.exe
C:\WINDOWS\System32\svchost.exe
C:\sfda_licence\j2sdk1.4.2_01\bin\java.exe
C:\WINDOWS\popo\server.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\BCUP.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
F:\d585\WCESCOMM.EXE
C:\Program Files\LetsCool\LetsCool.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\工具\首页绑架克星\HijackThis.exe
gototop
 
anndyk
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-08-01
  • 来自:
发表于: 2006-08-01 03:02 | 只看楼主 短消息 资料
字号: 7楼

R3 - URLSearchHook: (no name) - <default> - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\dcib.exe
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v5.dll
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll (file missing)
O2 - BHO: Shockwave Flash Object - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - C:\WINDOWS\system32\smflash.ocx
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4572.dll
O2 - BHO: NB46 BHO Object - {1A50BDD0-01A6-4D58-958B-B9BC66789327} - C:\PROGRA~1\nb46.com\NB46TO~1.DLL
O2 - BHO: FltSetUp Class - {1D49D58D-5C84-4B50-8359-D9809BEB2B32} - C:\Program Files\Internet Explorer\Connection Wizard\icwnet.dll
O2 - BHO: IE Address Browser Helper - {2A0176FE-008B-4706-90F5-BBA532A49731} - C:\Program Files\SearchNet\SNHpr.dll
O2 - BHO: IE Browser Helper - {3CE496D1-1746-41CD-9489-3C0B93DF10E2} - C:\WINDOWS\Downlo~1\xtkq.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O2 - BHO: ActiveBHO Class - {63C55A7F-6E29-8D4F-5C76-4F850F28D13A} - C:\Progra~1\DoDoorRSSFinder\ActiveBandObject.dll
O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} - C:\Program Files\baigoo\BGooBHO.dll (file missing)
O2 - BHO: CBHOBJObj Object - {8A406068-D45C-40B9-A096-38AC717FB608} - C:\WINDOWS\BHOBJ.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\WinSC32.dll
O2 - BHO: Yahoo Bar - {A697BC46-BC93-4833-93F5-1E365011E88A} - C:\WINDOWS\DBINT.dll
O2 - BHO: Flash 8 ocx  - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINDOWS\system32\flash8.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O2 - BHO: IEHlprObj Class - {D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF} - C:\Progra~1\NetMeeting\nmview.dll
O2 - BHO: update wnwb - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll
O2 - BHO: Letscool System Helper - {F0C15012-7DBD-4068-95A2-0A82DB03AC35} - C:\WINDOWS\system32\CoolBho.dll
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\system\ecfoa8a0.dll
O3 - Toolbar: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - E:\金山快译\IEBand.dll
O3 - Toolbar: NB46 - {56E88004-7AF8-474C-BB30-76E0B7B2B003} - C:\PROGRA~1\nb46.com\NB46TO~1.DLL
gototop
 
anndyk
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-08-01
  • 来自:
发表于: 2006-08-01 03:02 | 只看楼主 短消息 资料
字号: 8楼

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [YDTMain.exe] C:\PROGRA~1\YDT\YDTMain.exe
O4 - HKLM\..\Run: [BCUpdate] C:\WINDOWS\system32\BCUP.exe
O4 - HKLM\..\Run: [ADShow] C:\WINDOWS\system32\bcsysnote.exr
O4 - HKLM\..\Run: [PigLocalSearch] F:\新建文件夹\PigStart.exe
O4 - HKLM\..\Run: [迅雷4] C:\Program Files\Sandai Technologies Inc\Thunder\MediaIssue\TDUpdate.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [SearchNet_Up] "C:\Program Files\SearchNet\ServeUp.exe"
O4 - HKLM\..\Run: [zcom] C:\Program Files\zcom\zPlatform.exe MIN
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [y8kqc] RunDll32 "C:\WINDOWS\Downlo~1\hd6lxo0.dll",Run
O4 - HKLM\..\Run: [MSService_v1.0] C:\WINDOWS\system\realsched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Kuro_M3] ??
O4 - HKCU\..\Run: [update] update.exe
O4 - HKCU\..\Run: [RegBar] regsvr32.exe /u C:\progra~1\blogmark\bocaitoolbar.dll /s /i /n
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\d585\WCESCOMM.EXE"
O4 - HKCU\..\Run: [LetsCool] C:\Program Files\LetsCool\LetsCool.exe
O4 - Startup: 桌面媒体.lnk = C:\WINDOWS\system32\rundll32.exe
O4 - Startup: 网络猪 风行天下版.lnk = ?
O4 - Global Startup: IE-Bar.lnk = C:\Program Files\Common Files\IE-Bar\iebar.exe
O4 - Global Startup: Microsoft Office.lnk = F:\d585\Office10\OSA.EXE
gototop
 
anndyk
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-08-01
  • 来自:
发表于: 2006-08-01 03:03 | 只看楼主 短消息 资料
字号: 9楼

O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Sandai Technologies Inc\Thunder\getAllurl.htm
O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - F:\腾讯QQ珊瑚虫版\AddToNetDisk.htm
O8 - Extra context menu item: 加入POCO网摘(&K) - http://my.poco.cn/fav/rightClick.php
O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 我的POCO网摘(&O) - http://my.poco.cn/fav/open_myfav.php
O8 - Extra context menu item: 收藏此页到ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 收藏此页到新浪ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 新浪搜索 - http://cha.sina.com.cn/ddt.html
O8 - Extra context menu item: 添加到QQ自定义面板 - F:\腾讯QQ珊瑚虫版\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - F:\腾讯QQ珊瑚虫版\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\腾讯QQ珊瑚虫版\SendMMS.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - F:\BitSpirit\bsurl.htm
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - F:\浩方平台\浩方对战平台\GameClient.exe
O9 - Extra button: 创建移动收藏 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - f:\d585\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - f:\d585\INetRepl.dll
O9 - Extra 'Tools' menuitem: 创建移动收藏... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - f:\d585\INetRepl.dll
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\QQ2006\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\QQ2006\QQ.EXE (file missing)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: 易趣购物 - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=86 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=86 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
gototop
 
anndyk
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-08-01
  • 来自:
发表于: 2006-08-01 03:03 | 只看楼主 短消息 资料
字号: 10楼

O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {5932517A-3326-4439-A708-1C98EDB5C549} (Downloader Class) - file://C:\Documents and Settings\All Users\Application Data\Share Helper\Cast\GGS\d16a519918a\js\iMopDl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115817384191
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} (photo_uploader Control) - http://upload.photo.163.com/photoup.cab
O16 - DPF: {AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} (Qzone Media Tools) - http://219.133.62.236/QQPlayer.cab
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://www.tenpay.com/download/qqedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{61DD4372-B751-491B-85BA-7F2EE2048067}: NameServer = 202.101.98.55,202.101.98.54
O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\system32\mbprot.dll
O18 - Filter: text/html - {E7009873-0D40-45B1-8D59-5B9AE98C7D38} - C:\Program Files\Internet Explorer\Connection Wizard\icwnet.dll
O21 - SSODL: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll
O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll (file missing)
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\system32\ecfda8a0.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mysql - Unknown owner - C:\sfda_licence\mysql\bin\mysqld-max-nt.exe
O23 - Service: Windows NetWork Management (NvCore) - Unknown owner - C:\WINDOWS\system32\Rundll.exe
O23 - Service: Resin Web Server (Resin) - Unknown owner - C:\sfda_licence\resin\bin\httpd.exe" -service -env-classpath  "C:\DOCUME~1\何志捷\LOCALS~1\Temp\I1151830875\InstallerData\IAClasses.zip;C:\DOCUME~1\何志捷\LOCALS~1\Temp\I1151830875\Windows\resource\jdglue.zip;C:\DOCUME~1\何志捷\LOCALS~1\Temp\I1151830875\InstallerData\Installer.zip;C:\DOCUME~1\何志捷\LOCALS~1\Temp\I1151830875\Windows\InstallerData\Installer.zip;C:\DOCUME~1\何志捷\LOCALS~1\Temp\I1151830875\InstallerData;C:\DOCUME~1\何志捷\LOCALS~1\Temp\I1151830875\Windows\InstallerData;"  "-java_home"  "C:\sfda_licence\j2sdk1.4.2_01 (file missing)
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Network ConnectionPPO2 (ServicePPO2) - Unknown owner - C:\WINDOWS\popo\server.exe
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT