1. WINDOWS下的PE病毒 Backdoor.Rbot.ayj
瑞星查出的木马病毒,无法删除
Logfile of HijackThis v1.99.1
Scan saved at :15:40, on 2006-8-7
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\SMSS.EXE
C:\windows\System32\ctfmon.exe
C:\WINDOWS\System32\hkcmd.exe
D:\Rising\Rav\RavTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\igfxtray.exe
D:\xl\WebThunder.exe
C:\Program Files\explore.exe
C:\dfih.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\windows\System32\scvhost9.exe
F:\tt浏览器\TTraveler.exe
D:\1\HijackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe 1
O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB}? - (no file)
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410}? - (no file)
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD}? - (no file)
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
O3 - Toolbar: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD}? - (no file)
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\KakaTool.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RavTask] "D:\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "D:\防火墙\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [桌面图标文字自动透明] D:\优化大师\WinMem.exe XP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StormCodec_Helper] "F:\暴风影音\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [explore.exe] C:\Program Files\explore.exe
O4 - HKLM\..\Run: [WebThunder] D:\xl\WebThunder.exe
O4 - HKLM\..\Run: [DHCP Hotfix] C:\dfih.exe
O4 - HKLM\..\Run: [TProgram] C:\windows\SMSS.EXE
O4 - HKLM\..\Run: [ZswkugzuXauhuLfobcZ] C:\windows\System32\npfizluzxwy.exe
O4 - HKLM\..\Run: [o^zP] C:\windows\System32\aysbh.exe
O4 - HKLM\..\Run: [Generic Host Process9 System Backup] scvhost9.exe
O4 - HKLM\..\RunServices: [TProgram] C:\windows\SMSS.EXE
O4 - HKLM\..\RunServices: [ZswkugzuXauhuLfobcZ] C:\windows\System32\npfizluzxwy.exe
O4 - HKLM\..\RunServices: [o^zP] C:\windows\System32\aysbh.exe
O4 - HKLM\..\RunServices: [Generic Host Process9 System Backup] scvhost9.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\System32\ctfmon.exe
O8 - Extra context menu item: >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm
O8 - Extra context menu item: Google 搜索(&G) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: 使用Web迅雷下载 - D:\xl\GetUrl.htm
O8 - Extra context menu item: 使用Web迅雷下载全部链接 - D:\xl\GetAllUrl.htm
O8 - Extra context menu item: 反向链接 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: 用比特精灵下载(&B) - D:\bt\BitSpirit\bsurl.htm
O8 - Extra context menu item: 类似网页 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: 缓存的网页快照 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: 翻译英文字词(&T) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra button: 酷热影音 - {7D73FF86-05F1-39ed-C850-A423120EC338} - www.kuree.com/index.htm?id=00011001 (file missing)
O9 - Extra button: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: 易趣购物 - {DE607141-AC19-421e-869A-9D70ABDF119A}? - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {DE607141-AC19-421e-869A-9D70ABDF119A}? - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4AB6CE7-87A1-4ECB-9C21-EF751771767A}: NameServer = 202.103.44.5 202.103.0.68
O20 - AppInit_DLLs: APIHookDll.dll
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\防火墙\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Unknown owner - d:\防火墙\rising\rfw\rfwsrv.exe
O23 - Service: Rising Firewall 2006 - Unknown owner - C:\WINDOWS\system32\Com\com
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Rising\Rav\Ravmond.exe
