瑞星卡卡安全论坛

我的电脑每次在开机一段时间后就自动往外发送邮件而且还刷不出网页
用瑞星查到病毒删除之后 重起完了还有 请问怎么解决？

扫个日志上来

不好意思啊 我是个菜鸟不知道怎么扫
教我一下 谢谢

上面超级主题 天天泡泡小工具下载HijackThis1.99.1 扫描保存日志 贴上来

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\ssms.exe
C:\WINNT\spool32.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\system32\MSTask.exe
C:\WINDOWS\secure.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\ADSL拨号王\HNMainUI.exe
C:\Documents and Settings\Administrator\桌面\hijackthis\HijackThis1991zww.exe

O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\BaiduBar.dll
O3 - IE工具栏增项: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\BaiduBar.dll
O4 - 启动项HKLM\\Run: [keyboard] c:\windows\keyboard7.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [Microsoft (R) Windows Security Service] C:\WINDOWS\secure.exe
O4 - 启动项HKLM\\Run: [newname] C:\windows\newname11.exe
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - E:\QQ2006\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - E:\QQ2006\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\QQ2006\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - E:\QQ2006\SendMMS.htm
O8 - IE右键菜单中的新增项目: 用比特精灵下载(&B) - C:\Program Files\BitSpirit\bsurl.htm
O9 - 浏览器额外的按钮: 易趣购物 - {DE607142-AC19-422e-868A-8D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {DE607142-AC19-422e-868A-8D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\QQ2006\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\QQ2006\QQIEHelper.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O17 - HKLM\System\CCS\Services\Tcpip\..\{71E5A16A-7A01-4438-9145-D6703105DB13}: NameServer = 202.99.96.68 202.99.64.69
O20 - AppInit_DLLs: APIHookDll.dll
O20 - Winlogon Notify: Dynamic Directory - C:\WINNT\system32\k4no0e53eh.dll (file missing)
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: windows file explorer (explorer) - Unknown owner - C:\WINNT\ssms.exe
O23 - NT 服务: Windows File Indexing Service (FIS) - Unknown owner - C:\WINNT\system32\ntfs.exe (file missing)
O23 - NT 服务: msn32update - Unknown owner - C:\WINNT\spool32.exe
O23 - NT 服务: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINNT\system32\fixmppli.exe (file missing)
O23 - NT 服务: Windows Security Service (WindowsSecurity) - Unknown owner - C:\WINDOWS\secure.exe

哪位高手帮我看看

看到不言大大在 赶快来求救一下

【回复“百看蓝色”的帖子】
楼主好像中了龙字传奇木马
HIJACKTHIS日志有很大的问题

建议：
http://forum.ikaka.com/topic.asp?board=28&artid=6979213
下载System Repair Engineer 2.0.12.350
导出全部日志

2006-04-20,12:00:38

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows 2000 Professional Service Pack 4 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <keyboard><c:\windows\keyboard7.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Microsoft (R) Windows Security Service><C:\WINDOWS\secure.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Synchronization Manager><mobsync.exe /logon>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINNT\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><APIHookDll.dll>

==================================
启动文件夹
服务
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[windows file explorer / explorer]
  <"C:\WINNT\ssms.exe"><N/A>
[Windows File Indexing Service / FIS]
  <C:\WINNT\system32\ntfs.exe /service><N/A>
[msn32update / msn32update]
  <"C:\WINNT\spool32.exe"><N/A>
[Network Monitor / Network Monitor]
  <C:\Program Files\Network Monitor\netmon.exe service><N/A>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows Update Manager / UpdateManager]
  <C:\WINNT\system32\fixmppli.exe /updatemgr><N/A>
[Windows Security Service / WindowsSecurity]
  <C:\WINDOWS\secure.exe /secure><N/A>

==================================
浏览器加载项
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\BaiduBar.dll, Baidu.com, Inc.>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\BaiduBar.dll, Baidu.com, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
  <E:\QQ2006\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <E:\QQ2006\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\QQ2006\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\QQ2006\SendMMS.htm, N/A>
[用比特精灵下载(&B)]
  <C:\Program Files\BitSpirit\bsurl.htm, N/A>

==================================
正在运行的进程
[PID: 1016][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [C:\PROGRA~1\baidu\bar\BaiduBar.dll]  <Baidu.com, Inc.><2, 0, 2, 70>
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\WINNT\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
[PID: 1084][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3510>
[PID: 1108][C:\Program Files\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 1132][C:\Program Files\Rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 17>
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [C:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1388][C:\Program Files\ADSL拨号王\HNMainUI.exe]  <N/A><2, 3, 0, 1>
    [C:\Program Files\ADSL拨号王\HNKernel.dll]  <HelloNet><2.2.0.1>
    [C:\Program Files\ADSL拨号王\HNUtils.dll]  <N/A><2, 2, 0, 1>
    [C:\Program Files\ADSL拨号王\HNRes_0804.dll]  <N/A><2, 2, 0, 1>
    [C:\Program Files\ADSL拨号王\plugins\Diagnose.dll]  <HelloNet><2.2.0.1>
[PID: 992][C:\Documents and Settings\Administrator\桌面\sreng2\SREng.exe]  <Smallfrogs Studio><2.0.12.350>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==============================================
这个是我用System Repair Engineer重新扫描的数据
==============================================

【回复“百看蓝色”的帖子】
结束如下进程
C:\WINNT\ssms.exe
C:\WINNT\spool32.exe
C:\WINDOWS\secure.exe

用HIJACKTHIS修复
O4 - 启动项HKLM\\Run: [keyboard] c:\windows\keyboard7.exe
O4 - 启动项HKLM\\Run: [Microsoft (R) Windows Security Service] C:\WINDOWS\secure.exe
O4 - 启动项HKLM\\Run: [newname] C:\windows\newname11.exe
O20 - Winlogon Notify: Dynamic Directory - C:\WINNT\system32\k4no0e53eh.dll (file missing)
O23 - NT 服务: windows file explorer (explorer) - Unknown owner - C:\WINNT\ssms.exe
O23 - NT 服务: Windows File Indexing Service (FIS) - Unknown owner - C:\WINNT\system32\ntfs.exe (file missing)
O23 - NT 服务: msn32update - Unknown owner - C:\WINNT\spool32.exe
O23 - NT 服务: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINNT\system32\fixmppli.exe (file missing)
O23 - NT 服务: Windows Security Service (WindowsSecurity) - Unknown owner - C:\WINDOWS\secure.exe

开始－－控制面板－－性能和维护－－管理工具－－服务
禁用如下服务：
windows file explorer / explorer]
[Windows File Indexing Service / FIS]
[msn32update / msn32update]
[Windows Update Manager / UpdateManager]
[Windows Security Service / WindowsSecurity]

开始－－运行
输入regedit
确定
进入注册表
展开[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
找到后删除如下系统服务文件夹：
explorer
FIS
msn32update
UpdateManager
WindowsSecurity

删除
C:\WINNT\ssms.exe
C:\WINNT\spool32.exe
C:\WINDOWS\secure.exe
c:\windows\keyboard7.exe
C:\windows\newname11.exe
C:\WINNT\system32\fixmppli.exe
C:\windows\

提示：
若正常模式下无法解决
建议进入安全模式下操作