【求助】Rootkit.AdProt.b 病毒怎么能清除 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛【求助】Rootkit.AdProt.b 病毒怎么能清除

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

【求助】Rootkit.AdProt.b 病毒怎么能清除

超级完美人生初生襁褓狮帖子:12 注册: 2006-09-16 来自:	发表于： 2006-09-26 15:22 \| 只看楼主短消息资料字号：小中大 1楼【求助】Rootkit.AdProt.b 病毒怎么能清除 Rootkit.AdProt.b 这个病毒使最新的瑞星杀不掉，重起又有了总是说重起后清除请高手帮忙 2006-09-26 17:54:37
超级完美人生初生襁褓狮帖子:12 注册: 2006-09-16 来自:	分享到：

超级完美人生初生襁褓狮帖子:12 注册: 2006-09-16 来自:	发表于： 2006-09-26 16:01 \| 只看楼主短消息资料字号：小中大 2楼一直在线等答案
超级完美人生初生襁褓狮帖子:12 注册: 2006-09-16 来自:

水树雨下横据古稀狮帖子:8397 注册: 2006-07-26 来自:	发表于： 2006-09-26 16:12 \| 短消息资料字号：小中大 3楼清空IE临时文件夹，根据路径找到手动删除
水树雨下横据古稀狮帖子:8397 注册: 2006-07-26 来自:

deadmanzj 特邀体验者帖子:2592 注册: 2006-07-24 来自:	发表于： 2006-09-26 16:15 \| 短消息资料字号：小中大 4楼请到http://forum.ikaka.com/topic.asp?board=28&artid=8105899 下载HijackThis 下载后运行HijackThis.rar,再运行HijackThis.exe 单机＂扫描日志并保存日志＂把保存的日志复制粘贴上来．
deadmanzj 特邀体验者帖子:2592 注册: 2006-07-24 来自:

心如流水初生襁褓狮帖子:4 注册: 2006-09-26 来自:	发表于： 2006-09-26 16:38 \| 短消息资料字号：小中大 5楼我的也中了,请高手看看日志: Logfile of HijackThis v1.99.1 Scan saved at 16:28:26, on 2006-9-26 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Rising\Rav\CCenter.exe C:\WINDOWS\System32\svchost.exe C:\Rising\Rav\Ravmond.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Rising\Rav\RavStub.exe C:\WINDOWS\system32\hkcmd.exe C:\Rising\Rav\RavTask.exe C:\Rising\Rav\Ravmon.exe C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe E:\Downloads\金山快译 2005\FastAIT.exe C:\WINDOWS\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe F:\ha_hijackthis_1991\HijackThis.exe R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll O2 - BHO: raObject Class - {46F194EB-B7DB-4B7A-BD42-5FF39FD17664} - C:\PROGRA~1\pcast\hbcast.dll O2 - BHO: (no name) - {46F194EB-B7DB-4B7A-BD42-5FF39FD17664}? - (no file) O2 - BHO: (no name) - {58DB541D-F15A-4e95-A5D9-5DF5EE13920C}? - (no file) O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B}? - (no file) O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283}? - (no file) O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B}? - (no file) O2 - BHO: (no name) - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD}? - (no file) O2 - BHO: Microsoft Solo Browser Helper Object - {E3DB85B5-C559-4894-B474-42E89FAA1EFD}? - (no file) O2 - BHO: (no name) - {E85DEA9A-826B-4a47-963A-5287968D7C0E}? - (no file) O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yassist.dll O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RavTask] "C:\Rising\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe" O4 - HKLM\..\Run: [RichMedia] C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows O4 - HKLM\..\RunOnce: [RavStub] "C:\Rising\Rav\ravstub.exe" /RUNONCE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com O17 - HKLM\System\CCS\Services\Tcpip\..\{1E095520-955F-42E0-B7FE-1BC4CB832A69}: NameServer = 202.102.152.3,202.102.154.3 O17 - HKLM\System\CS2\Services\Tcpip\..\{1E095520-955F-42E0-B7FE-1BC4CB832A69}: NameServer = 202.102.152.3,202.102.154.3 O17 - HKLM\System\CS3\Services\Tcpip\..\{1E095520-955F-42E0-B7FE-1BC4CB832A69}: NameServer = 202.102.152.3,202.102.154.3 O17 - HKLM\System\CS4\Services\Tcpip\..\{1E095520-955F-42E0-B7FE-1BC4CB832A69}: NameServer = 202.102.152.3,202.102.154.3 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Rising\Rav\Ravmond.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
心如流水初生襁褓狮帖子:4 注册: 2006-09-26 来自:

超级完美人生初生襁褓狮帖子:12 注册: 2006-09-16 来自:	发表于： 2006-09-26 16:48 \| 只看楼主短消息资料字号：小中大 6楼 Logfile of HijackThis v1.99.1 Scan saved at 16:27:54, on 2006-9-26 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\WINDOWS\Explorer.EXE c:\program files\rising\rfw\rfwsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Rising\Rav\RavStub.exe C:\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe c:\program files\rising\rfw\RfwMain.exe C:\WINDOWS\system32\nvsvc32.exe c:\windows\realscehd.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Elantech\ktp.exe C:\Program Files\Rising\Rav\RavTask.exe C:\Program Files\Rising\Rav\Ravmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\svchost.exe F:\qq\QQ.exe F:\qq\TIMPlatform.exe C:\Program Files\Windows Media Player\wmplayer.exe F:\qq\QQ.exe C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe C:\Documents and Settings\hujunjia\桌面\ha_hijackthis_1991\HijackThis.exe C:\Program Files\Kingsoft\FastAIT 2006\FastAIT.exe O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2006\IEBand.dll O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] ; nwiz.exe /install O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE O4 - HKCU\..\Run: [bgswitch] C:\WINDOWS\system32\bgswitch.exe O4 - Global Startup: AutoCAD 启动加速器.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm O8 - Extra context menu item: 上传到QQ网络硬盘 - F:\qq\AddToNetDisk.htm O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 添加到QQ自定义面板 - F:\qq\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - F:\qq\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\qq\SendMMS.htm O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{5CA67AE5-1E82-46DF-8BAC-B95B1BF50635}: NameServer = 211.98.2.4 211.98.4.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{5CA67AE5-1E82-46DF-8BAC-B95B1BF50635}: NameServer = 211.98.2.4 211.98.4.1 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe O23 - Service: Computer Browseres (Service610013) - Unknown owner - c:\windows\realscehd.exe
超级完美人生初生襁褓狮帖子:12 注册: 2006-09-16 来自:

超级完美人生初生襁褓狮帖子:12 注册: 2006-09-16 来自:	发表于： 2006-09-26 16:50 \| 只看楼主短消息资料字号：小中大 7楼日志已经上传完了在线等高手解答
超级完美人生初生襁褓狮帖子:12 注册: 2006-09-16 来自:

wenzhigang 初生襁褓狮帖子:1 注册: 2006-05-10 来自:	发表于： 2006-09-26 17:00 \| 短消息资料字号：小中大 8楼我的电脑也感染了这个病毒,请高手帮帮忙
wenzhigang 初生襁褓狮帖子:1 注册: 2006-05-10 来自:

超级完美人生初生襁褓狮帖子:12 注册: 2006-09-16 来自:	发表于： 2006-09-26 17:49 \| 只看楼主短消息资料字号：小中大 9楼高手怎么还不来啊急死了哦
超级完美人生初生襁褓狮帖子:12 注册: 2006-09-16 来自:

猪知山锋芒艾服狮帖子:1891 注册: 2005-03-11 来自:	发表于： 2006-09-26 18:02 \| 短消息资料字号：小中大 10楼 O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll 在http://forum.ikaka.com/topic.asp?board=67&artid=5188931 8楼下载lspfix修复修复后不能上网到2楼下载winsockfix.exe修复 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services。删除Service610013 重启后删除c:\windows\realscehd.exe
猪知山锋芒艾服狮帖子:1891 注册: 2005-03-11 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT