【求助】卡巴查出v20060831.rar和v20060901.rar病毒 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛【求助】卡巴查出v20060831.rar和v20060901.rar病毒

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

1 / 2 页

跳转页

【求助】卡巴查出v20060831.rar和v20060901.rar病毒

padocky 初生襁褓狮帖子:27 注册: 2006-09-02 来自:	发表于： 2006-09-02 12:50 \| 显示全部短消息资料字号：小中大 1楼【求助】卡巴查出v20060831.rar和v20060901.rar病毒 v20060831.rar和v20060901.rar病毒的路径为C:\Documents and Settings\Administrator\Local Settings\Temp和C:\windows\v20060831.rar 但是找到这两个目录又看不到这两个文件！用卡巴杀掉这两个文件后会出现出错信息：Runtime error 5 at 01AD44B5 单击确定后卡巴又会查出这两个病毒要求杀掉！在C:\Documents and Settings\Administrator\Local Settings\Temp文件夹下有很多~DF8E2A.tmp类似的tmp文件以及Perflib_Perfdata_478.dat等dat文件！这种文件会随着使用的时间增加！试图直接删除，会出现：无法删除该文件：文件正在被另一个人或程序使用！ 2006-09-02 16:39:34
padocky 初生襁褓狮帖子:27 注册: 2006-09-02 来自:	分享到：

padocky 初生襁褓狮帖子:27 注册: 2006-09-02 来自:	发表于： 2006-09-02 12:52 \| 显示全部短消息资料字号：小中大 2楼拜托！请不要让贴石沉大海丫！用7039那个试过了没有用
padocky 初生襁褓狮帖子:27 注册: 2006-09-02 来自:

padocky 初生襁褓狮帖子:27 注册: 2006-09-02 来自:	发表于： 2006-09-02 12:59 \| 显示全部短消息资料字号：小中大 3楼付上日志： Logfile of HijackThis v1.99.1 Scan saved at 12:48:21, on 2006-9-2 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Push\eMagUpdt.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\WinPoET Broadband Connection\WrOS.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Tencent\QQ\Messager.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\RaConfig2500.exe C:\Program Files\ChinaNet\VnetClient.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\conime.exe C:\Program Files\Maxthon\Maxthon.exe C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.750\HijackThis.exe R3 - Default URLSearchHook is missing O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [WebThunder] E:\download\WebThunder.exe O4 - HKLM\..\Run: [Messenger.exe] C:\Program Files\Tencent\QQ\Messenger.exe O4 - HKLM\..\Run: [realplayer.exe] C:\WINDOWS\system32\realplayer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Messenger.exe] C:\Program Files\Tencent\QQ\Messenger.exe O4 - HKCU\..\Run: [realplayer.exe] C:\WINDOWS\system32\realplayer.exe O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe O4 - Global Startup: 卡巴斯基反黑客.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe O4 - Global Startup: RaConfig2500.lnk = C:\WINDOWS\system32\RaConfig2500.exe O4 - Global Startup: 星空极速.lnk = C:\Program Files\ChinaNet\VnetClient.exe O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 使用Web迅雷下载 - E:\download\GetUrl.htm O8 - Extra context menu item: 使用Web迅雷下载全部链接 - E:\download\GetAllUrl.htm O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: 酷热影音 - {7D73FF86-05F1-39ed-C850-A423120EC338} - www.kuree.com/index.htm?id=00011001 (file missing) O9 - Extra button: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing) O9 - Extra 'Tools' menuitem: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing) O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing) O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing) O17 - HKLM\System\CCS\Services\Tcpip\..\{222B6BC0-A9E7-4D7E-872C-BE1BEE29C1F4}: NameServer = 202.96.209.5 O17 - HKLM\System\CCS\Services\Tcpip\..\{D9C190E2-6229-464B-B595-CF93715EC9A5}: NameServer = 202.101.8.18 202.96.209.5 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\WINDOWS\webwork\webwork.dll O23 - Service: 163 - Unknown owner - (no file) O23 - Service: eMagUpdt - Unknown owner - C:\PROGRA~1\Push\eMagUpdt.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
padocky 初生襁褓狮帖子:27 注册: 2006-09-02 来自:

padocky 初生襁褓狮帖子:27 注册: 2006-09-02 来自:	发表于： 2006-09-02 14:42 \| 显示全部短消息资料字号：小中大 4楼我按照那个realplayer.exe的步骤加上后面的步骤试了，可是还是没有用，重新上线卡巴还是报出同样的错 realplayer.exe中说（结束Explorer.exe是为了删除那个C:\WINDOWS\system32\brlmon.dll或者C:\WINDOWS\System32\RavMon.dll或者C:\WINDOWS\system32\Rsvtub.dll　否则删不掉）但我没有找到那几个dll文件！
padocky 初生襁褓狮帖子:27 注册: 2006-09-02 来自:

padocky 初生襁褓狮帖子:27 注册: 2006-09-02 来自:	发表于： 2006-09-02 14:43 \| 显示全部短消息资料字号：小中大 5楼请再次帮帮我吧！谢谢重新贴上日志： Logfile of HijackThis v1.99.1 Scan saved at 14:25:39, on 2006-9-2 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\WinPoET Broadband Connection\WrOS.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Tencent\QQ\Messager.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe C:\Program Files\ChinaNet\VnetClient.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\conime.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Maxthon\Maxthon.exe C:\TDdownload\ha_hijackthis_1991\HijackThis.exe R3 - Default URLSearchHook is missing O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [WebThunder] E:\download\WebThunder.exe O4 - HKLM\..\Run: [Messenger.exe] C:\Program Files\Tencent\QQ\Messenger.exe O4 - HKLM\..\Run: [realplayer.exe] C:\WINDOWS\system32\realplayer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Messenger.exe] C:\Program Files\Tencent\QQ\Messenger.exe O4 - HKCU\..\Run: [realplayer.exe] C:\WINDOWS\system32\realplayer.exe O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe O4 - Global Startup: 卡巴斯基反黑客.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe O4 - Global Startup: 星空极速.lnk = C:\Program Files\ChinaNet\VnetClient.exe O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 使用Web迅雷下载 - E:\download\GetUrl.htm O8 - Extra context menu item: 使用Web迅雷下载全部链接 - E:\download\GetAllUrl.htm O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: 酷热影音 - {7D73FF86-05F1-39ed-C850-A423120EC338} - www.kuree.com/index.htm?id=00011001 (file missing) O9 - Extra button: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing) O9 - Extra 'Tools' menuitem: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing) O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing) O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing) O17 - HKLM\System\CCS\Services\Tcpip\..\{222B6BC0-A9E7-4D7E-872C-BE1BEE29C1F4}: NameServer = 202.96.209.5 O17 - HKLM\System\CCS\Services\Tcpip\..\{D9C190E2-6229-464B-B595-CF93715EC9A5}: NameServer = 202.101.8.18 202.96.209.5 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
padocky 初生襁褓狮帖子:27 注册: 2006-09-02 来自:

padocky 初生襁褓狮帖子:27 注册: 2006-09-02 来自:	发表于： 2006-09-02 15:16 \| 显示全部短消息资料字号：小中大 6楼那现在怎么把它杀了呢？我杀不掉
padocky 初生襁褓狮帖子:27 注册: 2006-09-02 来自:

padocky 初生襁褓狮帖子:27 注册: 2006-09-02 来自:	发表于： 2006-09-02 15:56 \| 显示全部短消息资料字号：小中大 7楼怎么才能在dos下删realplayer.exe呢？谢谢！
padocky 初生襁褓狮帖子:27 注册: 2006-09-02 来自:

padocky 初生襁褓狮帖子:27 注册: 2006-09-02 来自:	发表于： 2006-09-02 16:04 \| 显示全部短消息资料字号：小中大 8楼打上delete c:\windows\system32\realplayer.exe 上面说不对
padocky 初生襁褓狮帖子:27 注册: 2006-09-02 来自:

padocky 初生襁褓狮帖子:27 注册: 2006-09-02 来自:	发表于： 2006-09-02 16:07 \| 显示全部短消息资料字号：小中大 9楼用del，我知道了但他说The process cannot access the file because it is being used by another process
padocky 初生襁褓狮帖子:27 注册: 2006-09-02 来自:

padocky 初生襁褓狮帖子:27 注册: 2006-09-02 来自:	发表于： 2006-09-02 16:09 \| 显示全部短消息资料字号：小中大 10楼而且用win搜rsvtub.dll和v20060901.rar 都找不到，隐性文件夹里也查过了
padocky 初生襁褓狮帖子:27 注册: 2006-09-02 来自:

<<上一主题|下一主题>>

12

1 / 2 页

跳转页

页面顶部

Powered by Discuz!NT