紧急求助，中木马Trojan.Spy.Agent.xv帮忙看看怎么杀 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛紧急求助，中木马Trojan.Spy.Agent.xv帮忙看看怎么杀

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

紧急求助，中木马Trojan.Spy.Agent.xv帮忙看看怎么杀

第一个ID 初生襁褓狮帖子:22 注册: 2005-08-15 来自:	发表于： 2006-03-06 10:18 \| 显示全部短消息资料字号：小中大 1楼紧急求助，中木马Trojan.Spy.Agent.xv帮忙看看怎么杀瑞星总是能发现这个木马并杀毒，不过杀完以后一段时间就又出现，总是这样。各位高手帮帮忙，看看怎么能彻底杀掉。 Logfile of HijackThis v1.99.1 Scan saved at 10:10:22, on 2006-3-6 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Rising\Rav\Ravmond.exe c:\program files\rising\rfw\rfwsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Rising\Rav\RavStub.exe D:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\System32\vmnat.exe C:\WINDOWS\System32\vmnetdhcp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Rising\Rav\RavTask.exe C:\WINDOWS\System32\RUNDLL32.exe C:\Program Files\Rising\Rav\Ravmon.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe D:\downloads\hijackthis\HijackThis.exe O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - d:\Program Files\Thunder\xunleibho_v11.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: ltmenu Class - {78C21EFD-53BA-406C-AF1A-33A38ABD3958} - C:\Program Files\LtUcx\1002\c0.dll O2 - BHO: IEHlprObj Class - {C5E5DB7E-46B1-47E6-8447-2E517F269925} - C:\Program Files\Xplus\GETIE.dll (file missing) O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup O4 - HKLM\..\Run: [mscfs] RUNDLL32 C:\WINDOWS\System32\msibm\cfsys.dll,cfs O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Thunder] "d:\Program Files\Thunder\ThunderShell.exe" /s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: !搜一搜 - res://C:\WINDOWS\DOWNLO~1\CnsMinEx.dll/1003 O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\AddToNetDisk.htm O8 - Extra context menu item: 使用迅雷下载 - d:\Program Files\Thunder\geturl.htm O8 - Extra context menu item: 使用迅雷下载全部链接 - d:\Program Files\Thunder\getallurl.htm O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\SendMMS.htm O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing) O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing) O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing) O9 - Extra button: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing) O9 - Extra 'Tools' menuitem: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing) O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing) O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing) O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing) O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing) O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing) O11 - Options group: [!CNS] 网络实名 O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com O16 - DPF: {3F166327-8030-4881-8BD2-EA25350E574A} (CellWeb5 Control) - http://10.16.51.18:7001/em/cell/cellweb5.cab O16 - DPF: {5FAF9429-04EB-4EE8-B968-19814C800129} (UserKeyOCX Control) - http://10.16.51.9:9080/stmacmbas_commerce/stmacmbas/commerce/jsp/common/code/dbcode/UKOCX.cab O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} - http://s5.liaoliao.com:1995/talk.cab O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{92BD8A76-92FD-462A-9258-C604F341CFFF}: NameServer = 202.99.160.68 O20 - AppInit_DLLs: APIHookDll.dll O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: OracleMTSRecoveryService - Oracle Corporation - F:\oracle\ora92\bin\omtsreco.exe O23 - Service: OracleOraHome92ClientCache - Unknown owner - F:\oracle\ora92\BIN\ONRSD.EXE O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe 2006-03-06 10:46:09
第一个ID 初生襁褓狮帖子:22 注册: 2005-08-15 来自:	分享到：

第一个ID 初生襁褓狮帖子:22 注册: 2005-08-15 来自:	发表于： 2006-03-06 10:32 \| 显示全部短消息资料字号：小中大 2楼路径 C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8XY7O163 病毒文件名称 linbak[1].txt
第一个ID 初生襁褓狮帖子:22 注册: 2005-08-15 来自:

第一个ID 初生襁褓狮帖子:22 注册: 2005-08-15 来自:	发表于： 2006-03-06 10:43 \| 显示全部短消息资料字号：小中大 3楼你的意思说把8XY7O163这个文件夹删除吗？我昨天把C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 在安全模式下都清空了，可今天又是出现了
第一个ID 初生襁褓狮帖子:22 注册: 2005-08-15 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT