木马自动生成,木马快速自动生成文件,救命!

木马快速自动生成文件,救命! - 故障解答 - 电脑教程网
站点导航
相关链接

木马快速自动生成文件,救命!

日期:2007-08-18   荐:
.Tzo492 木马快速自动生成文件,C:\winnt\system32\fhkmp.tmp2.
但是在文件夹里找不到。还通过139端口不断攻击局域网内其他机器,中者会不断在一分钟内自动关机!救命!
hijackthis扫描如下:
Logfile of HijackThis v1.99.1
Scan saved at 16:15:26, on 2006-9-14
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\Program Files\rising\Rav\Ravmond.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\System32\sfmprint.exe
e:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
C:\Program Files\RemotelyAnywhere\RaMaint.exe
C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe ;
C:\Program Files\rising\Rav\RavTask.exe
C:\Program Files\rising\Rav\Ravmon.exe
C:\Program Files\RemotelyAnywhere\ragui.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\rundll32.exe
e:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe
C:\WINNT\system32\internat.exe
C:\Program Files\GlobalSCAPE\CuteFTP 7 Professional\ftpte.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\sfmsvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\dllhost.exe
C:\WINNT\system32\dllhost.exe


C:\WINNT\System32\mdm.exe
C:\WINNT\system32\rundll32.exe
C:\Documents and Settings\Administrator\桌面\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\Trojanwall.exe
C:\WINNT\system32\conime.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\桌面\ha_hijackthis_1991\HijackThis.exe dngz.net
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll (file missing)
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O4 - HKLM\..\Run: [PAVNT] PAVNT.EXE
O4 - HKLM\..\Run: [YDTMain.exe] C:\PROGRA~1\YDT\YDTMain.exe
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe


O4 - HKLM\..\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RemotelyAnywhere GUI] "C:\Program Files\RemotelyAnywhere\ragui.exe"
O4 - HKLM\..\Run: [风云谷IE监视] C:\Documents and Settings\Administrator\桌面\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\iefind.exe
O4 - HKLM\..\Run: [Windows木马防火墙] C:\Documents and Settings\Administrator\桌面\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\Trojanwall.exe www.dngz.net
O4 - HKLM\..\Run: [bthsvc] rundll32.exe C:\WINNT\system32\bthsvc.dll,start
O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\PROGRA~1\SkyNet\FireWall\pfw.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [Stee] C:\Program Files\trno\aslw.exe
O4 - HKCU\..\Run: [Efhzjuw] C:\Program Files\Ivlsrn\Wfiwp.exe
O4 - HKCU\..\Run: [CuteFTP TE] "C:\Program Files\GlobalSCAPE\CuteFTP 7 Professional\ftpte.exe"
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Administrator\桌面\hijackthis_PConline\HijackThis.exe /startupsca


O4 - Startup: CuteFTP 7 Professional.lnk = C:\Program Files\GlobalSCAPE\CuteFTP 7 Professional\cuteftppro.exe
O4 - Global Startup: 服务管理器.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0EE6551D\qq\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0EE6551D\qq\AddPanel.htm 本文来自(www.dngz.net)
O8 - Extra context menu item: 添加到QQ表情 - C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0EE6551D\qq\AddEmotion.htm
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0EE6551D\qq\SendMMS.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com (www.dngz.net)为您排除一切电脑故障
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_ringtones.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/joysaver.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=4678
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://binzhou:2000/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCCC6D1A-E5F0-49A3-9181-ECE75966CDCB}: NameServer = 202.102.152.3,202.102.154.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7AE05BD-A249-4D7C-8E22-4FCAEC94A9FD}: NameServer = 202.102.152.3,202.102.154.3
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Servicio de Ejecucion NT (ExecPav) - Unknown owner - C:\WINNT\system32\ExecPav.exe (file missing) ;
O23 - Service: ftp - GlobalSCAPE Texas, LP. - C:\Program Files\GlobalSCAPE\CuteFTP 7 Professional\ftpte.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - 3am Labs, Inc. - C:\Program Files\RemotelyAnywhere\RaMaint.exe
O23 - Service: RemotelyAnywhere - 3am Labs, Inc. - C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINNT\svrhost.exe" /service (file missing)

又见流氓:
安全模式下,用超级兔子清理王的专业卸载,把里面发现的已安装的全部删除,包括IE插件,尤其哑虎3721和网络实名,一次不行多删几次;

dngz.net


O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINNT\svrhost.exe" /service (file missing)(删除服务和文件)
然后再扫日志看

现在一见病毒就烦!!

你安装的什么反病毒软件,难道没有提示过中什么病毒吗?

标签:

Powered by 电脑教程网 © 2004-2015 pc.ximizi.com Inc.