求助杀Backdoor.Gpigeon.zbg，请帮忙看一下日志 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛求助杀Backdoor.Gpigeon.zbg，请帮忙看一下日志

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

1 / 2 页

跳转页

求助杀Backdoor.Gpigeon.zbg，请帮忙看一下日志

雨后B小调初生襁褓狮帖子:7 注册: 2006-07-20 来自:	发表于： 2006-07-20 18:23 \| 只看楼主短消息资料字号：小中大 1楼求助杀Backdoor.Gpigeon.zbg，请帮忙看一下日志 Logfile of HijackThis v1.99.1 Scan saved at 18:08:12, on 2006-7-20 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Rising\Rav\RavStub.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\Rundll32.exe C:\Program Files\SurfAccuracy\SAcc.exe C:\WINNT\system32\rundll32.exe C:\Program Files\Rising\Rav\RavTask.exe C:\Program Files\Rising\Rav\Ravmon.exe C:\WINNT\system32\internat.exe C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE C:\Program Files\Rising\Rav\Rav.exe C:\Program Files\Rising\Rav\RsAgent.exe C:\WINNT\msagent\AgentSvr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe C:\WINNT\system32\rundll32.exe C:\WINNT\system32\rundll32.exe C:\Program Files\Rising\Rav\InBuild.exe C:\Program Files\WinRAR\WinRAR.exe C:\Program Files\Rising\Rav\Rav.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.350\HijackThis.exe O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - (no file) O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file) O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CnsHook.dll O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32 O4 - HKLM\..\Run: [helper.dll] C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32 O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKCU\..\Run: [Internat.exe] internat.exe O4 - HKCU\..\Run: [KVFW] C:\Program Files\KVFW\kvfw.exe -silent O4 - HKCU\..\Run: [Super Rabbit IEPro] C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD O4 - Global Startup: 核新SSL通讯安全代理.lnk = C:\Program Files\hexin\sslproxy\SSLCnt.exe O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Tencent\qq\AddToNetDisk.htm O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Tencent\qq\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - D:\Tencent\qq\AddEmotion.htm O8 - Extra context menu item: 添加到雅虎收藏+ - http://myweb.cn.yahoo.com/post.html?F=D2_A O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Tencent\qq\SendMMS.htm O9 - Extra button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing) O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing) O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing) O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Tencent\qq\QQ.EXE O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Tencent\qq\QQ.EXE O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Tencent\qq\QQIEHelper.dll (file missing) O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Tencent\qq\QQIEHelper.dll (file missing) O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing) O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing) O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing) O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing) O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing) O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\cdnns.dll' missing O11 - Options group: [!CNS] 网络实名 O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://216.127.33.119/ist/softwares/v4.0/ysb_regular.cab O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/aliedit.cab O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} - http://jump.cnnic.cn/stat/stat?sid=0008&debug=false&pid=c_95p&url=http://client.jogo.cn/download/cnnic/cdn.cab O16 - DPF: {9BBD100C-E820-4930-9937-E8F3AA40E584} (DFVSScanFile Control) - http://antivirus3.sunv.com/dfvsolDown/dfvsol.cab O16 - DPF: {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} (Kingsoft DUBA OnlineScan) - http://211.152.52.102/duba/antiscan/update/OCX/KAVClean.CAB O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} - http://download.ourgame.com/IEDown4.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2C4A7DBE-C019-4B8B-B0E9-5F8AD6CC5747}: NameServer = 202.106.46.151,202.106.0.20 O17 - HKLM\System\CCS\Services\Tcpip\..\{BCCB5E01-1EE4-4F1B-9863-DA7A5CEA270C}: NameServer = 202.106.0.20 202.106.46.151 O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: gvstk - Unknown owner - \\61.49.148.84\c\Sys33.exe" -service (file missing) O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe O23 - Service: Process Launcher Server (Windows Firewall) - Unknown owner - C:\WINNT\vsnpstd3.exe O23 - Service: wukafdo - Unknown owner - \\61.49.148.84\c\Sys33.exe" -service (file missing) 2006-07-22 11:40:14
雨后B小调初生襁褓狮帖子:7 注册: 2006-07-20 来自:	分享到：

710207 叱咤花甲狮帖子:2341 注册: 2006-02-06 来自:	发表于： 2006-07-20 18:27 \| 短消息资料字号：小中大 2楼打开注册表编辑器，展开：HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services。删除wukafdo和gvstk
710207 叱咤花甲狮帖子:2341 注册: 2006-02-06 来自:

710207 叱咤花甲狮帖子:2341 注册: 2006-02-06 来自:	发表于： 2006-07-20 18:30 \| 短消息资料字号：小中大 3楼修复 O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - (no file) O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file) O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O9 - Extra button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing) O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing) O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing) O11 - Options group: [!CNS] 网络实名这个是流氓,建议用超级兔子卸掉.
710207 叱咤花甲狮帖子:2341 注册: 2006-02-06 来自:

mopery 卡卡技术团队帖子:17737 注册: 2005-12-06 来自:New York	发表于： 2006-07-20 18:30 \| 短消息资料字号：小中大 4楼 O23 - Service: Process Launcher Server (Windows Firewall) - Unknown owner - C:\WINNT\vsnpstd3.exe 鸽子..安全模式...打开注册表编辑器，展开：HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 搜索Windows Firewall删除... 删除 C:\WINNT\vsnpstd3.exe 修复 O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - (no file) O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file) O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) (file missing)结尾的一并勾上修复..
mopery 卡卡技术团队帖子:17737 注册: 2005-12-06 来自:New York

雨后B小调初生襁褓狮帖子:7 注册: 2006-07-20 来自:	发表于： 2006-07-21 16:51 \| 只看楼主短消息资料字号：小中大 5楼 mopery,按您说的做了，但用瑞星杀病毒还是在呀，再扫个日志上来，请帮着再看一下Logfile of HijackThis v1.99.1 Scan saved at 16:43:04, on 2006-7-21 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\Rising\Rav\RavStub.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\Rundll32.exe C:\Program Files\SurfAccuracy\SAcc.exe C:\WINNT\system32\rundll32.exe C:\Program Files\Rising\Rav\RavTask.exe C:\WINNT\system32\internat.exe C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE C:\Program Files\Rising\Rav\Ravmon.exe C:\Program Files\hexin\sslproxy\SSLCnt.exe C:\Program Files\Rising\Rav\Rav.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe C:\Program Files\WinRAR\WinRAR.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.132\HijackThis.exe O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CnsHook.dll O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32 O4 - HKLM\..\Run: [helper.dll] C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32 O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKCU\..\Run: [Internat.exe] internat.exe O4 - HKCU\..\Run: [KVFW] C:\Program Files\KVFW\kvfw.exe -silent O4 - HKCU\..\Run: [Super Rabbit IEPro] C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD O4 - Global Startup: 核新SSL通讯安全代理.lnk = C:\Program Files\hexin\sslproxy\SSLCnt.exe O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Tencent\qq\AddToNetDisk.htm O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Tencent\qq\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - D:\Tencent\qq\AddEmotion.htm O8 - Extra context menu item: 添加到雅虎收藏+ - http://myweb.cn.yahoo.com/post.html?F=D2_A O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Tencent\qq\SendMMS.htm O9 - Extra button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing) O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing) O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing) O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Tencent\qq\QQ.EXE O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Tencent\qq\QQ.EXE O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Tencent\qq\QQIEHelper.dll (file missing) O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Tencent\qq\QQIEHelper.dll (file missing) O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing) O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing) O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing) O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing) O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing) O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\cdnns.dll' missing O11 - Options group: [!CNS] 网络实名 O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://216.127.33.119/ist/softwares/v4.0/ysb_regular.cab O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/aliedit.cab O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} - http://jump.cnnic.cn/stat/stat?sid=0008&debug=false&pid=c_95p&url=http://client.jogo.cn/download/cnnic/cdn.cab O16 - DPF: {9BBD100C-E820-4930-9937-E8F3AA40E584} (DFVSScanFile Control) - http://antivirus3.sunv.com/dfvsolDown/dfvsol.cab O16 - DPF: {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} (Kingsoft DUBA OnlineScan) - http://211.152.52.102/duba/antiscan/update/OCX/KAVClean.CAB O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} - http://download.ourgame.com/IEDown4.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2C4A7DBE-C019-4B8B-B0E9-5F8AD6CC5747}: NameServer = 202.106.46.151,202.106.0.20 O17 - HKLM\System\CCS\Services\Tcpip\..\{BCCB5E01-1EE4-4F1B-9863-DA7A5CEA270C}: NameServer = 202.106.0.20 202.106.46.151 O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: gvstk - Unknown owner - \\61.49.148.84\c\Sys33.exe" -service (file missing) O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe O23 - Service: wukafdo - Unknown owner - \\61.49.148.84\c\Sys33.exe" -service (file missing)
雨后B小调初生襁褓狮帖子:7 注册: 2006-07-20 来自:

mopery 卡卡技术团队帖子:17737 注册: 2005-12-06 来自:New York	发表于： 2006-07-21 16:55 \| 短消息资料字号：小中大 6楼修复 O23 - Service: gvstk - Unknown owner - \\61.49.148.84\c\Sys33.exe" -service (file missing) O23 - Service: wukafdo - Unknown owner - \\61.49.148.84\c\Sys33.exe" -service (file missing) http://forum.ikaka.com/topic.asp?board=28&artid=6979213第4楼下载System Repair Engineer导出全部日志
mopery 卡卡技术团队帖子:17737 注册: 2005-12-06 来自:New York

雨后B小调初生襁褓狮帖子:7 注册: 2006-07-20 来自:	发表于： 2006-07-21 17:08 \| 只看楼主短消息资料字号：小中大 7楼我又按710207说的删除了wukafdo和gvstk，瑞星杀还是有病毒
雨后B小调初生襁褓狮帖子:7 注册: 2006-07-20 来自:

710207 叱咤花甲狮帖子:2341 注册: 2006-02-06 来自:	发表于： 2006-07-21 17:10 \| 短消息资料字号：小中大 8楼对了,"O23 - Service: Process Launcher Server (Windows Firewall) - Unknown owner - C:\WINNT\vsnpstd3.exe"这个东西我查了查,发现不是灰鸽子: 进程文件:vsnpstd3.exe 进程名称:摄像头驱程文件描述:vsnpstd3.exe 来自于sonix摄像头驱程文件.这不是纯粹的系统程序，但是如果终止它，可能会导致不可知的问题。出品者:sonix摄像头属于:sonix 系统进程:否后台进程:是使用网络:否硬件相关:是常见错误: 内存使用: 安全等级:0 间谍软件:否广告软件:否病毒:否木马:否
710207 叱咤花甲狮帖子:2341 注册: 2006-02-06 来自:

叱咤花甲狮

帖子:2341
注册: 2006-02-06
来自:

发表于： 2006-07-21 17:12 | 短消息资料

字号：小中大 9楼

引用:

【雨后B小调的贴子】我又按710207说的删除了wukafdo和gvstk，瑞星杀还是有病毒
...........................

病毒路径?文件名?

gototop

雨后B小调初生襁褓狮帖子:7 注册: 2006-07-20 来自:	发表于： 2006-07-21 17:14 \| 只看楼主短消息资料字号：小中大 10楼扫了全部日志，请看一下，2006-07-21,17:03:36 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联启动项目注册表启动文件夹 [核新SSL通讯安全代理] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\核新SSL通讯安全代理.lnk><N> ================================== 服务 [Logical Disk Manager Administrative Service / dmadmin] <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.> [gvstk / gvstk] <2 - 系统找不到指定的文件。 ><N/A> [RealNetworks / RealNetworks] <C:\Program Files\Real\RealPlayer\realbox.exe><N/A> [Rising Process Communication Center / RsCCenter] <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [RsRavMon Service / RsRavMon] <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> ================================== 浏览器加载项 [CnsHook Class] {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINNT\DOWNLO~1\CnsHook.dll, 北京三七二一科技有限公司> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Tencent\qq\QQ.EXE, TENCENT> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Tencent\qq\QQIEHelper.dll, N/A> [情景聊天] {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A> [] {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A> [] {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A> [@msdxmLC.dll,-1@2052,电台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation> [FlashGet Bar] {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft> [超级兔子上网精灵] {43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology> [Edit Class] {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINNT\system32\CMBEdit.dll, > [Installer Class] {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} <C:\WINNT\Downloaded Program Files\ysbactivex.dll, N/A> [CEditCtrl Object] {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com> [DFVSScanFile Control] {9BBD100C-E820-4930-9937-E8F3AA40E584} <C:\WINNT\system32\dfvs\dfvsol\DFVSSFOL.ocx, > [Kingsoft DUBA OnlineScan] {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} <C:\WINNT\system32\kingsoft\ONLINE~1\kavclean.ocx, kingsoft> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [&使用迅雷下载] <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A> [&使用迅雷下载全部链接] <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A> [上传到QQ网络硬盘] <D:\Tencent\qq\AddToNetDisk.htm, N/A> [使用网际快车下载] <C:\Program Files\FlashGet\jc_link.htm, N/A> [使用网际快车下载全部链接] <C:\Program Files\FlashGet\jc_all.htm, N/A> [添加到QQ自定义面板] <D:\Tencent\qq\AddPanel.htm, N/A> [添加到QQ表情] <D:\Tencent\qq\AddEmotion.htm, N/A> [添加到雅虎收藏+] <http://myweb.cn.yahoo.com/post.html?F=D2_A, N/A> [用QQ彩信发送该图片] <D:\Tencent\qq\SendMMS.htm, N/A> ================================== 正在运行的进程 [PID: 136][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 164][\??\C:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 160][\??\C:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6997> [C:\Program Files\Real\RealPlayer\realboxKey.DLL] <N/A><N/A> [PID: 212][C:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.7035> [C:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3> [PID: 224][C:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.7011> [PID: 384][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [c:\winnt\system32\yxaijvul.d1l] <N/A><N/A> [PID: 428][C:\Program Files\Rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3> [PID: 444][C:\Program Files\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 29> [C:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19> [C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1> [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2> [C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11> [C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\Program Files\Rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20> [C:\Program Files\Rising\Rav\HOOKSYS.dll] <Rising><18, 1, 0, 9> [C:\Program Files\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30> [C:\Program Files\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10> [C:\Program Files\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10> [C:\Program Files\Rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6> [C:\Program Files\Rising\Rav\HookWeb.dll] <rising><18, 0, 0, 2> [C:\Program Files\Rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9> [C:\Program Files\Rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\Program Files\Rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3> [C:\Program Files\Rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5> [C:\Program Files\Rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6> [C:\Program Files\Rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30> [C:\Program Files\Rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9> [C:\Program Files\Rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11> [C:\Program Files\Rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11> [C:\Program Files\Rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11> [C:\Program Files\Rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7> [C:\Program Files\Rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8> [C:\Program Files\Rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 17> [C:\Program Files\Rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3> [C:\Program Files\Rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6> [PID: 488][C:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.7059> [C:\WINNT\system32\spool\PRTPROCS\W32X86\vprproc.dll] <Windows (R) 2000 DDK provider><5.00.2195.1620> [PID: 520][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 604][C:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6972> [C:\Program Files\Real\RealPlayer\realboxKey.DLL] <N/A><N/A> [PID: 632][C:\WINNT\system32\stisvc.exe] <Microsoft Corporation><5.00.2195.6656> [PID: 704][C:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100> [PID: 736][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 804][C:\Program Files\Rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16> [C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1> [C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [PID: 1036][C:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690> [C:\Program Files\Real\RealPlayer\realboxKey.DLL] <N/A><N/A>
雨后B小调初生襁褓狮帖子:7 注册: 2006-07-20 来自:

<<上一主题|下一主题>>

12

1 / 2 页

跳转页

页面顶部

Powered by Discuz!NT