瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 我中了Trojan.DL.Swizzor.bx和Trojan.Spy.LopBar怎么办?

1   1  /  1  页   跳转

我中了Trojan.DL.Swizzor.bx和Trojan.Spy.LopBar怎么办?

收藏
xiucai74
头像
初生襁褓狮
  • 帖子:2
  • 注册: 2006-07-07
  • 来自:
发表于: 2006-07-07 14:00 | 显示全部 短消息 资料
字号: 1楼

我中了Trojan.DL.Swizzor.bx和Trojan.Spy.LopBar怎么办?

最近中了这个木马,每次用瑞星杀显示为成功删除,可是一会就又出现了。高手帮忙看一下。
文件名:Explorer.EXE
文件路径:Explorer.EXE>>c:\WINNT\Explorer.EXE
病毒名:Trojan.Spy.LopBar

Logfile of HijackThis v1.99.1
Scan saved at 10:32:25, on 2006-7-7
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
D:\Program Files\Rising\Rav\CCenter.exe
D:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
D:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\system32\msdtc.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
c:\sybase\ASE-12_5\bin\sqlsrvr.exe
c:\sybase\SYSAM-1_0\bin\lmgrd.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
c:\sybase\SYSAM-1_0\bin\SYBASE.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\SOUNDMAN.EXE
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rav\Ravmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\svchost.exe
D:\EchoCaller\EchoCaller.exe
D:\EchoServer\Echo_Server.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Skyecho\CallCenter\EchoCallerC.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\My Documents\我接收到的文件\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
O2 - BHO: IEMonitor Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - (no file)
O2 - BHO: RichSoft Internet Explorer Helper - {0E2F5DD8-5B0D-438F-A618-B0403F62636A} - C:\WINNT\system32\reshtm.dll
O2 - BHO: IE Browser Helper - {3CE496D1-1746-41CD-9489-3C0B93DF10E2} - C:\WINNT\Downlo~1\p3q5w3v.dll
O2 - BHO: (no name) - {721D6BC4-7C19-0F43-AB6E-FDDC02041188} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zwig6] RunDll32 "C:\WINNT\Downlo~1\zwig6.dll",Run
O4 - HKLM\..\Run: [Pluswebgplshow] C:\Documents and Settings\All Users\Application Data\CHIC FACE PLUS WEB\Copy eq.exe
O4 - HKLM\..\Run: [KsgUpdateRun] C:\Program Files\Common Files\kingsoft\KSG\client.exe
O4 - HKLM\..\Run: [AddrPlus3] C:\PROGRA~1\TENCENT\Adplus\stup.exe C:\PROGRA~1\TENCENT\Adplus\Adplus1.dll Rundll32
O4 - HKLM\..\Run: [RavTask] "D:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\RunOnce: [{9D0351F9-8E49-4ed1-BBCE-0795F5B9F240}] C:\WINNT\system32\richnotify.exe
O4 - HKCU\..\Run: [Shim wma] C:\DOCUME~1\ADMINI~1\APPLIC~1\PLUSKE~1\meta third.exe
O8 - Extra context menu item: &Download by NetAnts - D:\PROGRA~1\NetAnts\NAGet.htm
O8 - Extra context menu item: Download &All by NetAnts - D:\PROGRA~1\NetAnts\NAGetAll.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\系统工具\qq\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\系统工具\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\系统工具\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\系统工具\qq\SendMMS.htm
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - D:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - D:\PROGRA~1\NetAnts\NetAnts.exe
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{864465D2-4866-49A9-9679-C39BA251CBE4}: NameServer = 192.168.1.1
O18 - Filter: text/html - {F14B0DF7-88E4-4513-9DFD-9973E75DD95D} - C:\WINNT\rich001.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Sybase BCKServer _ apple_BS (SYBBCK_apple_BS) - Unknown owner - c:\sybase\ASE-12_5\bin\bcksrvr.exe
O23 - Service: Sybase MONServer _ apple_MS (SYBMON_apple_MS) - Unknown owner - c:\sybase\ASE-12_5\bin\monsrvr.exe
O23 - Service: Sybase SQLServer _ apple (SYBSQL_apple) - Unknown owner - c:\sybase\ASE-12_5\bin\sqlsrvr.exe
O23 - Service: Sybase XPServer _ APPLE_XP (SYBXPS_APPLE_XP) - Unknown owner - c:\sybase\ASE-12_5\bin\xpserver.exe
O23 - Service: SYSAM - Unknown owner - c:\sybase\SYSAM-1_0\bin\lmgrd (file missing)





最后编辑2006-07-07 14:39:40
分享到:
gototop
 
xiucai74
头像
初生襁褓狮
  • 帖子:2
  • 注册: 2006-07-07
  • 来自:
发表于: 2006-07-07 14:16 | 显示全部 短消息 资料
字号: 2楼

帮忙看看呀
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT