瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 求救!郁闷啊!请大虾指点!急!急!急!

12   1  /  2  页   跳转

求救!郁闷啊!请大虾指点!急!急!急!

收藏
wo知道
头像
初生襁褓狮
  • 帖子:17
  • 注册: 2006-07-07
  • 来自:
发表于: 2006-07-07 17:23 | 显示全部 短消息 资料
字号: 1楼

求救!郁闷啊!请大虾指点!急!急!急!

一个文件不知道是不是病毒,每次启动计算机都在windows-temp下生成一个。exe文件且

每次文件名不同,不知道真实的文件在哪里?是不是病毒?木马?怎么清除?郁闷啊!

请大虾指点。
最后编辑2006-07-10 16:49:35
分享到:
gototop
 
wo知道
头像
初生襁褓狮
  • 帖子:17
  • 注册: 2006-07-07
  • 来自:
发表于: 2006-07-10 11:11 | 显示全部 短消息 资料
字号: 2楼

怎么没有回贴的,可能是trojan qhost.ey和trojan .dl.adload.ey是什么病毒?怎么清除?
gototop
 
wo知道
头像
初生襁褓狮
  • 帖子:17
  • 注册: 2006-07-07
  • 来自:
发表于: 2006-07-10 11:12 | 显示全部 短消息 资料
字号: 3楼

请高手快快教我啊!!!
gototop
 
wo知道
头像
初生襁褓狮
  • 帖子:17
  • 注册: 2006-07-07
  • 来自:
发表于: 2006-07-10 12:06 | 显示全部 短消息 资料
字号: 4楼

请问,怎么扫Hijackthis?贴在哪里的日志?
gototop
 
wo知道
头像
初生襁褓狮
  • 帖子:17
  • 注册: 2006-07-07
  • 来自:
发表于: 2006-07-10 15:08 | 显示全部 短消息 资料
字号: 5楼

Logfile of HijackThis v1.99.1
Scan saved at 14:59:01, on 2006-07-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Trend Micro\OfficeScan Client\Misc\xpupg.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\Rising\Rav\RAVTASK.EXE
C:\Program Files\Rising\Rav\Ravmond.exe
C:\Program Files\Rising\Rav\RAVMON.EXE
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\系统维护类\HijackThis V1.99.1 汉化版\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Gmail网络磁盘文件分割器 - {19741013-C829-11D1-8233-0020AF3E97A0} - C:\WINDOWS\system32\ShellExt\GMailFC.dll
O2 - BHO: i&Bar搜索引擎 - {2E7D3330-EB94-4518-B0FE-E05379A5C1DA} - C:\PROGRA~1\iBar\10002\iBar.dll (file missing)
O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} - C:\Program Files\baigoo\BGooBHO.dll (file missing)
O2 - BHO: NewWeb Controller - {9ACEEE30-143F-471A-AA45-72B061FE7D60} - C:\WINDOWS\system32\AdvSC.dll (file missing)
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: Yahoo Bar - {F60FAB6F-115D-4797-9ED1-89793B930876} - C:\WINDOWS\ODBINT.dll
O3 - Toolbar: i&Bar搜索引擎 - {2E7D3330-EB94-4518-B0FE-E05379A5C1DA} - C:\PROGRA~1\iBar\10002\iBar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 使用KuGoo3下载(&K) - D:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 新浪UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - d:\Program Files\sina\UC\uc.exe
O9 - Extra button: 常用网址 - {36B39F01-7B48-44AD-A165-5849CD8EF562} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://10.138.202.*
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.138.202.13:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.138.202.13:4343/officescan/console/ClientInstall/setup.cab
O16 - DPF: {09D9CF83-B007-4239-9894-0C2ADBA2A5C5} (停送电管理) - http://10.138.202.22/tsdgl/afxtsdlistprj.ocx
O16 - DPF: {0a454840-7232-11d5-b63d-00c04faedb18} - http://10.138.202.30/jinitiator/jinit.exe
O16 - DPF: {0F44ADEC-95C2-4A45-A739-6B573C971C72} (afxBugLcjk Control) - http://10.138.202.22/bug/afxbuglcjkprj.ocx
O16 - DPF: {2A9D6ED5-98EF-477A-B4E9-1D25F538674E} (afxBugList Control) - http://10.138.202.22/bug/afxbuglistprj.ocx
O16 - DPF: {32C2F9F5-C91E-4DDF-85D7-3BC1BF8E6F5B} (首页更新V2.0) - http://10.138.202.22/afxUpdateProj.ocx
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.138.202.13:4343/officescan/console/ClientInstall/RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142821143720
O16 - DPF: {74D3F705-F6F4-480C-BB84-D1698F18A120} (afxBugPrint Control) - http://10.138.202.22/bug/afxbugprintprj.ocx
O16 - DPF: {83AF09AE-B41D-43E2-8A6C-A01FB6E1B73E} (afxWorkflowOperation Control) - http://10.138.202.22/scjh/wf/afxworkflowoperationprj.ocx
O16 - DPF: {C46141E9-364F-4C66-A720-CDC72602C557} (一次设备维护) - http://10.138.202.22/sb/sbwh/axfsbwhprj.ocx
O16 - DPF: {C81B0B45-C289-11D3-92D0-00902777D99B} (密码更改) - http://10.138.202.22/qx/mmsz/UsrPswdPrj.ocx
O16 - DPF: {FA7C91B2-2DA5-4CA6-9B0A-269AFBCE2246} (停送电查询) - http://10.138.202.22/tsdgl/afxtsdqueryprj.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{47A6B398-2F54-4BC5-BE44-755C9AAD54C5}: NameServer = 10.138.202.202
O20 - AppInit_DLLs: APIHookDll.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: OfficeScanNT 实时扫描 (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT 个人防火墙 (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: OfficeScanNT 侦听程序 (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
gototop
 
wo知道
头像
初生襁褓狮
  • 帖子:17
  • 注册: 2006-07-07
  • 来自:
发表于: 2006-07-10 15:10 | 显示全部 短消息 资料
字号: 6楼

大虾看看,有什么不妥,我已经杀了2天毒了。
gototop
 
wo知道
头像
初生襁褓狮
  • 帖子:17
  • 注册: 2006-07-07
  • 来自:
发表于: 2006-07-10 15:39 | 显示全部 短消息 资料
字号: 7楼

Logfile of HijackThis v1.99.1
Scan saved at 15:28:55, on 2006-07-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\Misc\xpupg.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\系统维护类\HijackThis V1.99.1 汉化版\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Gmail网络磁盘文件分割器 - {19741013-C829-11D1-8233-0020AF3E97A0} - C:\WINDOWS\system32\ShellExt\GMailFC.dll
O2 - BHO: i&Bar搜索引擎 - {2E7D3330-EB94-4518-B0FE-E05379A5C1DA} - C:\PROGRA~1\iBar\10002\iBar.dll (file missing)
O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} - C:\Program Files\baigoo\BGooBHO.dll (file missing)
O2 - BHO: NewWeb Controller - {9ACEEE30-143F-471A-AA45-72B061FE7D60} - C:\WINDOWS\system32\AdvSC.dll (file missing)
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: Yahoo Bar - {F60FAB6F-115D-4797-9ED1-89793B930876} - C:\WINDOWS\ODBINT.dll
O3 - Toolbar: i&Bar搜索引擎 - {2E7D3330-EB94-4518-B0FE-E05379A5C1DA} - C:\PROGRA~1\iBar\10002\iBar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 使用KuGoo3下载(&K) - D:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 新浪UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - d:\Program Files\sina\UC\uc.exe
O9 - Extra button: 常用网址 - {36B39F01-7B48-44AD-A165-5849CD8EF562} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://10.138.202.*
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.138.202.13:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.138.202.13:4343/officescan/console/ClientInstall/setup.cab
O16 - DPF: {09D9CF83-B007-4239-9894-0C2ADBA2A5C5} (停送电管理) - http://10.138.202.22/tsdgl/afxtsdlistprj.ocx
O16 - DPF: {0a454840-7232-11d5-b63d-00c04faedb18} - http://10.138.202.30/jinitiator/jinit.exe
O16 - DPF: {0F44ADEC-95C2-4A45-A739-6B573C971C72} (afxBugLcjk Control) - http://10.138.202.22/bug/afxbuglcjkprj.ocx
O16 - DPF: {2A9D6ED5-98EF-477A-B4E9-1D25F538674E} (afxBugList Control) - http://10.138.202.22/bug/afxbuglistprj.ocx
O16 - DPF: {32C2F9F5-C91E-4DDF-85D7-3BC1BF8E6F5B} (首页更新V2.0) - http://10.138.202.22/afxUpdateProj.ocx
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.138.202.13:4343/officescan/console/ClientInstall/RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142821143720
O16 - DPF: {74D3F705-F6F4-480C-BB84-D1698F18A120} (afxBugPrint Control) - http://10.138.202.22/bug/afxbugprintprj.ocx
O16 - DPF: {83AF09AE-B41D-43E2-8A6C-A01FB6E1B73E} (afxWorkflowOperation Control) - http://10.138.202.22/scjh/wf/afxworkflowoperationprj.ocx
O16 - DPF: {C46141E9-364F-4C66-A720-CDC72602C557} (一次设备维护) - http://10.138.202.22/sb/sbwh/axfsbwhprj.ocx
O16 - DPF: {C81B0B45-C289-11D3-92D0-00902777D99B} (密码更改) - http://10.138.202.22/qx/mmsz/UsrPswdPrj.ocx
O16 - DPF: {FA7C91B2-2DA5-4CA6-9B0A-269AFBCE2246} (停送电查询) - http://10.138.202.22/tsdgl/afxtsdqueryprj.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{47A6B398-2F54-4BC5-BE44-755C9AAD54C5}: NameServer = 10.138.202.202
O20 - AppInit_DLLs: APIHookDll.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: OfficeScanNT 实时扫描 (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT 个人防火墙 (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: OfficeScanNT 侦听程序 (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
gototop
 
wo知道
头像
初生襁褓狮
  • 帖子:17
  • 注册: 2006-07-07
  • 来自:
发表于: 2006-07-10 15:43 | 显示全部 短消息 资料
字号: 8楼

oo123oo3快请帮我看看
gototop
 
wo知道
头像
初生襁褓狮
  • 帖子:17
  • 注册: 2006-07-07
  • 来自:
发表于: 2006-07-10 15:58 | 显示全部 短消息 资料
字号: 9楼

每次启动计算机文件名不同
gototop
 
wo知道
头像
初生襁褓狮
  • 帖子:17
  • 注册: 2006-07-07
  • 来自:
发表于: 2006-07-10 15:59 | 显示全部 短消息 资料
字号: 10楼

都是exe的文件
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT