瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 紧急求助!大侠们斑竹们帮帮忙哦,谢谢了!请进

1   1  /  1  页   跳转

紧急求助!大侠们斑竹们帮帮忙哦,谢谢了!请进

收藏
被毒弄得真累啊!
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-03-06
  • 来自:
发表于: 2006-03-06 15:30 | 显示全部 短消息 资料
字号: 1楼

紧急求助!大侠们斑竹们帮帮忙哦,谢谢了!请进

求助啊!Backdoor.Rbot.jcv和Backdoor.Rbot.ndt这些病毒(今天才把杀毒软件升的级)我怎么杀不死啊?斑竹大侠们,帮帮忙啊!而且我的网际快车也用不了,怎么办啊?谢谢了!教教我吧!


Backdoor.Rbot.ndt这个在D:\网络临时文件夹\Temporary Internet Files\content.Ie5\ECM50GN的目录下文件名字为 y1[1].exe

Backdoor.Rbot.ndt这个在C:\WINDOWS\system32的目录下文件名为a.exe
怎么杀啊?
最后编辑2006-03-06 16:56:22
分享到:
gototop
 
被毒弄得真累啊!
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-03-06
  • 来自:
发表于: 2006-03-06 15:41 | 显示全部 短消息 资料
字号: 2楼

第2个杀了又有!我是XP2的系统,怎么进入安全模式啊?
gototop
 
被毒弄得真累啊!
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-03-06
  • 来自:
发表于: 2006-03-06 15:58 | 显示全部 短消息 资料
字号: 3楼

这个是我的日志
Logfile of HijackThis v1.99.1
Scan saved at 下午 03:52:57, on 2006-03-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
d:\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
d:\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Rising\Rav\RavStub.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
d:\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HTime\HTime.exe
C:\Program Files\音量控制\音量控制.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\WINDOWS\VM_STI.EXE
D:\Rising\Rav\RavTask.exe
D:\Rising\Rav\Ravmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Maxthon\Maxthon.exe
D:\下载文件\快车\FlashGet\flashget.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\a.exe
D:\下载文件\HijackThis.exe

R3 - URLSearchHook: VeryCD Search Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O2 - BHO: QuickBtn - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} - C:\Program Files\CoolWebsite\QuickLink.dll
O2 - BHO: VeryCD超级搜索 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\下略载匚文募件\快斐车礬\FLASHGET\jccatch.dll (file missing)
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\下略载匚文募件\快斐车礬\FLASHGET\fgiebar.dll (file missing)
O3 - Toolbar: VeryCD超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - D:\Program Files\BitComet\BitCometBar\BitCometBar0.3.dll
O4 - HKLM\..\Run: [HTime] C:\Program Files\HTime\HTime.exe
O4 - HKLM\..\Run: [VolumeEasy] C:\Program Files\音量控制\音量控制.exe
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [RfwMain] "d:\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "d:\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [YOKAssiant] Rundll32.exe C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MiniPcast] C:\Program Files\pcast\PodcastbarMini\start.exe
O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDAT\Update.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\下载程序\eMule\eMule.exe -AutoStart
O8 - Extra context menu item: VeryCD搜索 - C:\Program Files\YOK.com\SuperSearch\yoksch.htm
O8 - Extra context menu item: YOK搜索 - C:\PROGRA~1\YOK.com\SUPERS~1\yoksch.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\下载文件\快车\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\下载文件\快车\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\SendMMS.htm
O9 - Extra button: 实用网址导航 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\CoolWebsite\QuickLink.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\下载文件\快车\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\下载文件\快车\FLASHGET\flashget.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://login.5u56.com/com/EGamesPlugin.cab
O16 - DPF: {C9BC4DFF-4248-4A3C-8A49-63A7D317F404} (NTKO Office文档控件) - http://www.sunxu.com:8088/module/OC/OfficeControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9216958-85F2-4213-A618-E664346F8EC1}: NameServer = 61.139.2.69
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Rising\Rav\Ravmond.exe
gototop
 
被毒弄得真累啊!
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-03-06
  • 来自:
发表于: 2006-03-06 16:26 | 显示全部 短消息 资料
字号: 4楼

这是我照你说的做了后的新日志。请看看有什么不对?飞鲱鱼大侠
Logfile of HijackThis v1.99.1
Scan saved at 下午 04:25:06, on 2006-03-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
d:\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
d:\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Rising\Rav\RavStub.exe
d:\rising\rfw\RfwMain.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HTime\HTime.exe
C:\Program Files\音量控制\音量控制.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\WINDOWS\VM_STI.EXE
D:\Rising\Rav\RavTask.exe
C:\Program Files\DAEMON Tools\daemon.exe
D:\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Rising\Rav\Rav.exe
D:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
D:\下载文件\日志扫描\HijackThis.exe
C:\WINDOWS\system32\a.exe

R3 - URLSearchHook: VeryCD Search Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O2 - BHO: QuickBtn - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} - C:\Program Files\CoolWebsite\QuickLink.dll
O2 - BHO: VeryCD超级搜索 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\下略载匚文募件\快斐车礬\FLASHGET\jccatch.dll (file missing)
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\下略载匚文募件\快斐车礬\FLASHGET\fgiebar.dll (file missing)
O3 - Toolbar: VeryCD超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - D:\Program Files\BitComet\BitCometBar\BitCometBar0.3.dll
O4 - HKLM\..\Run: [HTime] C:\Program Files\HTime\HTime.exe
O4 - HKLM\..\Run: [VolumeEasy] C:\Program Files\音量控制\音量控制.exe
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [RfwMain] "d:\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "d:\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [YOKAssiant] Rundll32.exe C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MiniPcast] C:\Program Files\pcast\PodcastbarMini\start.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\下载程序\eMule\eMule.exe -AutoStart
O8 - Extra context menu item: VeryCD搜索 - C:\Program Files\YOK.com\SuperSearch\yoksch.htm
O8 - Extra context menu item: YOK搜索 - C:\PROGRA~1\YOK.com\SUPERS~1\yoksch.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\下载文件\快车\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\下载文件\快车\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\SendMMS.htm
O9 - Extra button: 实用网址导航 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\CoolWebsite\QuickLink.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\下载文件\快车\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\下载文件\快车\FLASHGET\flashget.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://login.5u56.com/com/EGamesPlugin.cab
O16 - DPF: {C9BC4DFF-4248-4A3C-8A49-63A7D317F404} (NTKO Office文档控件) - http://www.sunxu.com:8088/module/OC/OfficeControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9216958-85F2-4213-A618-E664346F8EC1}: NameServer = 61.139.2.69
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Rising\Rav\Ravmond.exe
gototop
 
被毒弄得真累啊!
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-03-06
  • 来自:
发表于: 2006-03-06 16:29 | 显示全部 短消息 资料
字号: 5楼

完了我又杀了一次!还是有!没弄死
gototop
 
被毒弄得真累啊!
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-03-06
  • 来自:
发表于: 2006-03-06 16:31 | 显示全部 短消息 资料
字号: 6楼

还有在D盘网络临时文件夹的Backdoor.Rbot.jcv,我在安全模式下删除了还是有!怎么办啊?飞鲱鱼。我都要哭了
gototop
 
被毒弄得真累啊!
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-03-06
  • 来自:
发表于: 2006-03-06 16:43 | 显示全部 短消息 资料
字号: 7楼

我想强行删除也不行!  怎么办啊鱼大哥
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT