瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 服务器遇到恶劣病毒,烦请高人指点

1   1  /  1  页   跳转

服务器遇到恶劣病毒,烦请高人指点

收藏
YClong
头像
拙长孩提狮
  • 帖子:108
  • 注册: 2006-07-04
  • 来自:
发表于: 2007-02-02 17:13 | 只看楼主 短消息 资料
字号: 1楼

服务器遇到恶劣病毒,烦请高人指点

这是扫出的日志,hosts文件不能删除(内容为01项),用windows清理助手发现下述流氓病毒:
360.abs3721.com
7939/9505
MoBILL
poraudio
system
实用搜索
实用搜索工具条
实用网址导航
未知木马/病毒[未认证]:
c:\progra~1\INTERN~1\InfoMs.tp3
c:\progra~1\INTERN~1\InfoMs.tdm

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      15:44:52, 日期 2007-2-2
操作系统:  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器:    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程:         

O1 - Hosts: 218.83.161.65 www.hao123.com
O1 - Hosts: 218.83.161.65 hao123.com
O1 - Hosts: 218.83.161.65 www.7939.com
O1 - Hosts: 218.83.161.65 www.360safe.com
O1 - Hosts: 218.83.161.65 360safe.com
O1 - Hosts: 218.83.161.65 update.360safe.com
O1 - Hosts: 218.83.161.65 dl.360safe.com
O1 - Hosts: 218.83.161.65 bbs.360safe.com
O1 - Hosts: 218.83.161.65 www.btbaicai.com
O1 - Hosts: 218.83.161.65 btbaicai.com
O1 - Hosts: 218.83.161.65 www.pctutu.com
O1 - Hosts: 218.83.161.65 www.7322.com
O1 - Hosts: 218.83.161.65 www.5566.net
O1 - Hosts: 218.83.161.65 www.9991.com
O1 - Hosts: 218.83.161.65 9991.com
O1 - Hosts: 218.83.161.65 forum.ikaka.com
O1 - Hosts: 218.83.161.65 www.ikaka.com
O1 - Hosts: 218.83.161.65 update.ikaka.com
O1 - Hosts: 218.83.161.65 www.piaoxue.com
O1 - Hosts: 218.83.161.65 forum.jiangmin.com
O1 - Hosts: 218.83.161.65 update.jiangmin.com
O1 - Hosts: 218.83.161.65 post.baidu.com
O1 - Hosts: 218.83.161.65 update.rising.com.cn
O1 - Hosts: 218.83.161.65 online.rising.com.cn
O1 - Hosts: 218.83.161.65 dl.pconline.com.cn
O1 - Hosts: 218.83.161.65 space.uwants.com
O1 - Hosts: 218.83.161.65 www.pcav.cn
O1 - Hosts: 218.83.161.65 mopery.hits.io
O1 - Hosts: 218.83.161.65 www.goodmv.cn
O1 - Hosts: 218.83.161.65 www.5566.net
O1 - Hosts: 218.83.161.65 www.piaoxue.com
O1 - Hosts: 218.83.161.65 www.luosoft.com
O1 - Hosts: 218.83.161.65 luosoft.com
O1 - Hosts: 218.83.161.65 www.7255.com
O1 - Hosts: 218.83.161.65 dl.pconline.com.cn
O1 - Hosts: 218.83.161.65 www.spjoy.com
O1 - Hosts: 218.83.161.65 www.adanywhere.cn
O1 - Hosts: 218.83.161.65 ip.adanywhere.cn
O1 - Hosts: 218.83.161.65 ip1.adanywhere.cn
O1 - Hosts: 218.83.161.65 ip2.adanywhere.cn
O1 - Hosts: 218.83.161.65 www.bannerbox.cn
O1 - Hosts: 218.83.161.65 www.caiqiyue.com
O1 - Hosts: 218.83.161.65 www.2t2t.cn
O1 - Hosts: 218.83.161.65 3.a.kal.cn
O1 - Hosts: 218.83.161.65 ip.alexaanywhere.com
O1 - Hosts: 218.83.161.65 go.ipcenter.cn
O1 - Hosts: 218.83.161.65 www.2yin.cn
O1 - Hosts: 218.83.161.65 wwww.systeel.com.cn
O1 - Hosts: 218.83.161.65 go.baibaoxiang.cn
O1 - Hosts: 218.83.161.65 www.gao58.com
O1 - Hosts: 218.83.161.65 www.2tu.cn
O1 - Hosts: 218.83.161.65 www.91tu.cn
O1 - Hosts: 218.83.161.65 www.haotop.com
O1 - Hosts: 218.83.161.65 www.ycdy.com
O1 - Hosts: 218.83.161.65 ycdy.com
O1 - Hosts: 218.83.161.65 www.maipao.com
O1 - Hosts: 218.83.161.65 www.sina-baidu.com
O1 - Hosts: 218.83.161.65 www.maohehe.com
O1 - Hosts: 218.83.161.65 www.1717kan.cn
O1 - Hosts: 218.83.161.65 www.feixue.net
O1 - Hosts: 218.83.161.65 www.xingkongitv.com
O1 - Hosts: 218.83.161.65 about-blank.cc
O1 - Hosts: 218.83.161.65 www.xfkz.com
O1 - Hosts: 218.83.161.65 xfkz.com
O1 - Hosts: 218.83.161.65 www.365tan.com
O1 - Hosts: 218.83.161.65 cg.9e3.com
O1 - Hosts: 218.83.161.65 www.qqplayer.net
O1 - Hosts: 218.83.161.65 www.sosok.com
O1 - Hosts: 218.83.161.65 img.zhangxiu.com
O1 - Hosts: 218.83.161.65 www.okeaa.com
O1 - Hosts: 218.83.161.65 www.winopen.cn
O1 - Hosts: 218.83.161.65 dnl-eu1.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 dnl-eu2.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 dnl-eu3.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 dnl-eu4.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 dnl-eu5.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 dnl-us1.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 dnl-us2.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 dnl-us3.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 dnl-us4.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 dnl-us5.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 dnl-ru1.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 dnl-ru2.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 dnl-ru3.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 dnl-ru4.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 dnl-ru5.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 dnl-jp1.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 dnl-jp2.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 dnl-jp3.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 dnl-jp4.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 dnl-jp5.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 dnl-kr1.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 dnl-kr2.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 dnl-kr3.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 dnl-kr4.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 dnl-kr5.kaspersky-labs.com
O1 - Hosts: 218.83.161.65 ishare.sina.com.cn
O1 - Hosts: 218.83.161.65 www.my123.com
O1 - Hosts: 218.83.161.65 www.58.com
O1 - Hosts: 218.83.161.65 www.zhaomeimei.cn
O1 - Hosts: 218.83.161.65 banzou6.wo99.com
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - 启动项HKLM\\Run: [RavTray] "C:\Program Files\Rising\Rav\RavTray.exe"
O4 - 启动项HKLM\\Run: [FTSafeNetRockeyService4.0] D:\Program Files\FeiTian\NetRockey Service\nrSvr.exe -systray
O4 - 启动项HKCU\\Run: [ctfmon.exe] ctfmon.exe
O15 - 添加的受信任的 IP 地址范围: http://192.168.1.5
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146304513625
O16 - DPF: {E86CD9A0-00A5-42BB-A872-B3572129C0C8} (WebInstall Control) - /icons/icons/WebInstall.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F9E44EB-8610-4768-8F85-4CC3FFEA7414}: NameServer = 211.91.120.129,172.168.1.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{5F9E44EB-8610-4768-8F85-4CC3FFEA7414}: NameServer = 211.91.120.129,172.168.1.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{5F9E44EB-8610-4768-8F85-4CC3FFEA7414}: NameServer = 211.91.120.129,172.168.1.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{5F9E44EB-8610-4768-8F85-4CC3FFEA7414}: NameServer = 211.91.120.129,172.168.1.2
O23 - NT 服务: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - NT 服务: Cobian Backup 6 service (CobBackup6) - Luis Cobian - d:\Program Files\Cobian Backup 6\cbs.exe
O23 - NT 服务: HP Insight NIC Agent (CpqNicMgmt) - Hewlett-Packard Company - C:\WINNT\system32\CPQNiM gt\cpqnimgt.exe
O23 - NT 服务: Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\Compaq\vcagent\vcagent.exe
O23 - NT 服务: HP Insight Web Agent (CpqWebMgmt) - HP Corporation - C:\WINNT\system32\CPQMgmt\cpqwmgmt.exe
O23 - NT 服务: HP Insight Foundation Agent (CqMgHost) - Hewlett-Packard Company - C:\WINNT\system32\CPQMgmt\CqMgHost\cqmghost.exe
O23 - NT 服务: HP Insight Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINNT\system32\CPQMgmt\CqMgServ\cqmgserv.exe
O23 - NT 服务: HP Insight Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINNT\system32\CPQMgmt\CqMgStor\cqmgstor.exe
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: FTSafe Net Rockey Service (FTSafeNetRockeyService4.0) - Feitian Technologies Co.,Ltd. - d:\Program Files\FeiTian\NetRockey Service\nrSvr.exe
O23 - NT 服务: Lotus Domino Server (LotusDominoData) - IBM Corp - d:\Lotus\Domino\nservice.exe
O23 - NT 服务: RavService - Unknown owner - C:\Program Files\Rising\Rav\RavService.exe" /service (file missing)
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: RTX_Admin - Tencent - C:\Program Files\RTXServer\bin\adminserver.exe
O23 - NT 服务: RTX_Directory - Unknown owner - C:\Program Files\RTXServer\bin\directory.exe
O23 - NT 服务: RTX_Event - Unknown owner - C:\Program Files\RTXServer\bin\event.exe
O23 - NT 服务: RTX_Gateway - Tencent - C:\Program Files\RTXServer\bin\RTXGateway.exe
O23 - NT 服务: RTX_HTTP - Unknown owner - C:\Program Files\RTXServer\apache\bin\apache.exe" -k runservice (file missing)
O23 - NT 服务: RTX_Information - Tencent - C:\Program Files\RTXServer\bin\infoserver.exe
O23 - NT 服务: RTX_Meeting - Tencent - C:\Program Files\RTXServer\bin\meetsvr.exe
O23 - NT 服务: RTX_S2SServer - Tencent - C:\Program Files\RTXServer\bin\S2SServer.exe
O23 - NT 服务: RTX_SDK_Server - Tencent - C:\Program Files\RTXServer\bin\SDKServer.exe
O23 - NT 服务: RTX_Server - Tencent - C:\Program Files\RTXServer\bin\RTXServer.exe
O23 - NT 服务: Surveyor - Hewlett-Packard Development Group, L.P. - C:\compaq\survey\Surveyor.EXE
O23 - NT 服务: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINNT\System32\sysdown.exe


最后编辑2007-02-02 17:07:10
分享到:
gototop
 
YClong
头像
拙长孩提狮
  • 帖子:108
  • 注册: 2006-07-04
  • 来自:
发表于: 2007-02-02 17:16 | 只看楼主 短消息 资料
字号: 2楼

【回复“YClong”的帖子】
SRE不能修改,执行360安全卫士服务器重起。

附件附件:

下载次数:272
文件类型:image/pjpeg
文件大小:
上传时间:2007-2-2 17:16:27
描述:
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT