瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 此灰鸽子病毒我已无所事从.请教专家!~

1   1  /  1  页   跳转

此灰鸽子病毒我已无所事从.请教专家!~

收藏
星城念城
头像
初生襁褓狮
  • 帖子:19
  • 注册: 2006-05-13
  • 来自:
发表于: 2006-05-13 22:59 | 显示全部 短消息 资料
字号: 1楼

此灰鸽子病毒我已无所事从.请教专家!~

有那位专家能看出来这有些什么异常.我电脑中了四个病毒.名称:
trojan.dl.chomodo.b
Backdoor.Gpigeon.urw
Dropper.Agent.uz
Trojan.JS.DL.Agent.a
是驻留在我网页上面的病毒.用正版瑞星最高版本杀过.仍然不可以.手动删除灰鸽子的方法也试过了.仍然不行.我已心灰意冷..我的网页就如何了吗?请教专家高手.
下面是我通过hijackthis扫描的日志..我不会看.请教高手.那里有异样.本人万分感谢!~

HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 22:58:20, on 2006-5-13
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
f:\KAV2005\KWatch.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
f:\KAV2005\KPfwSvc.EXE
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
F:\Program Files\Serv-U\ServUDaemon.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\tlntsvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\dns.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Rundll32.exe
C:\Program Files\Yahoo!\Assistant\yassistse.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\KAV2005\KAVStart.exe
C:\WINNT\system32\internat.exe
C:\Program Files\jj4\jjsvr4.exe
C:\WINNT\system32\ntvdm.exe
F:\KAV2005\KPFW32.EXE
C:\hbsuiyue\Lotus\Domino\nserver.exe
C:\WINNT\system32\conime.exe
F:\KAV2005\KMailMon.EXE
C:\hbsuiyue\Lotus\Domino\nRouter.EXE
C:\hbsuiyue\Lotus\Domino\nReplica.EXE
C:\WINNT\system32\dllhost.exe
C:\hbsuiyue\Lotus\Domino\nUpdate.EXE
C:\hbsuiyue\Lotus\Domino\nAmgr.EXE
C:\hbsuiyue\Lotus\Domino\namgr.EXE
C:\hbsuiyue\Lotus\Domino\namgr.EXE
C:\hbsuiyue\Lotus\Domino\nAdminP.EXE
C:\hbsuiyue\Lotus\Domino\nCalConn.EXE
C:\hbsuiyue\Lotus\Domino\nEvent.EXE
C:\hbsuiyue\Lotus\Domino\nSched.EXE
C:\hbsuiyue\Lotus\Domino\nStats.EXE
C:\hbsuiyue\Lotus\Domino\nHTTP.EXE
C:\hbsuiyue\Lotus\Domino\nIMAP.EXE
C:\hbsuiyue\Lotus\Domino\nPOP3.EXE
C:\hbsuiyue\Lotus\Domino\nNNTP.EXE
C:\hbsuiyue\Lotus\Domino\nDECS.EXE
C:\hbsuiyue\Lotus\Domino\nmaps.EXE
E:\zj\123\hijackthis1.97_qoo\HijackThis.exe
C:\WINNT\system32\dllhost.exe

R3 - URLSearchHook: (no name) - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (no file)
R3 - URLSearchHook:
R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v14.dll
O2 - BHO: (no name) - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} - C:\Program Files\CoolWebsite\QuickLink.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll
O2 - BHO:
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - e:\Tencent\QQ\QQIEHelper.dll
O2 - BHO: (no name) - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\downlo~1\CnsHook.dll
O2 - BHO: (no name) - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll (file missing)
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ????? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [yassistse] "C:\Program Files\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [stup.exe] rem C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKLM\..\Run: [Rav] "C:\Program Files\Rising\Rav\Update\setup.exe" /UNINSTALL /S /ONCE
O4 - HKLM\..\Run: [KavStart] "f:\KAV2005\KAVStart.exe" -startup
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [pyjj] C:\Program Files\jj4\jjsvr4.exe
O4 - HKCU\..\Run: [KavPFW] "F:\KAV2005\KPFW32.EXE"
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: sys_log_18219808.upt
O4 - Startup: sys_log_193692837.upt
O4 - Global Startup: ntuser.pol
O8 - Extra context menu item: &使用迅雷下载 - f:\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - f:\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: QQ (HKLM)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cdnns.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://vnet.wuhan.net.cn/plugin/PowerPlr.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{98FF41F5-3479-4531-BC5A-DF46AFBA3EEC}: NameServer = 202.103.0.117,202.103.0.68
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll

最后编辑2006-05-13 23:54:26
分享到:
gototop
 
星城念城
头像
初生襁褓狮
  • 帖子:19
  • 注册: 2006-05-13
  • 来自:
发表于: 2006-05-13 23:37 | 显示全部 短消息 资料
字号: 2楼

好的..我马上下载扫描...
gototop
 
星城念城
头像
初生襁褓狮
  • 帖子:19
  • 注册: 2006-05-13
  • 来自:
发表于: 2006-05-13 23:54 | 显示全部 短消息 资料
字号: 3楼

我下载了一个是英文版的1.99.1设置如下.请专家提出异样..万分感谢.
Logfile of HijackThis v1.99.1
Scan saved at 23:53:02, on 2006-5-13
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

运行进程:           
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
F:\Program Files\Serv-U\ServUDaemon.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\tlntsvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\dns.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\Rundll32.exe
C:\WINNT\system32\ntvdm.exe
C:\WINNT\system32\conime.exe
C:\Program Files\Yahoo!\Assistant\yassistse.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\jj4\jjsvr4.exe
E:\zj\123\HijackThis v1.99.1 汉化版\HijackThis.exe

R3 - URLSearchHook: (no name) - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (没有文件) 
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v14.dll
O2 - BHO: QuickBtn - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} - C:\Program Files\CoolWebsite\QuickLink.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - e:\Tencent\QQ\QQIEHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (文件故障)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\downlo~1\CnsHook.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll (文件故障)
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [yassistse] "C:\Program Files\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [pyjj] C:\Program Files\jj4\jjsvr4.exe
O4 - Startup: 复件 快捷方式 nserver.lnk = C:\hbsuiyue\Lotus\Domino\nserver.exe
O8 - Extra context menu item: &使用迅雷下载 - f:\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - f:\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: 实用网址导航 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\CoolWebsite\QuickLink.dll
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (文件故障)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (文件故障)
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (文件故障)
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (文件故障)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (文件故障)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - e:\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - e:\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - e:\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - e:\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (文件故障)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (文件故障)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (文件故障)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (文件故障)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (文件故障)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cdnns.dll
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://vnet.wuhan.net.cn/plugin/PowerPlr.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{98FF41F5-3479-4531-BC5A-DF46AFBA3EEC}: NameServer =

gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT