瑞星卡卡安全论坛

HijackThis_815汉化版扫描日志 V1.99.1
保存于      16:16:41, 日期 2006-8-13
操作系统：  Windows XP SP1 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Hmonitor\hmonitor.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NoAds\NoAds.exe
F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\FlashGet\Flashget.exe
F:\Program Files\Iparmor\Iparmor.exe
C:\Documents and Settings\user\My Documents\hjthis\HijackThis1991汉化版\HijackThis1991zww.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - IE工具栏增项: (no name) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - (no file)
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [SystemTray] systray.exe
O4 - 启动项HKLM\\Run: [NeroCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [hmonitor] C:\Program Files\Hmonitor\hmonitor.exe
O4 - 启动项HKLM\\Run: [RavMon] ; C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [Super Rabbit SafeEdit] C:\Program Files\MagicSet\SRFC.EXE /Load
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{617EA572-EA0D-493F-B8A4-1F047D037CFE}: NameServer = 202.96.128.166 202.96.128.86
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - NT 服务: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - NT 服务: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - NT 服务: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - NT 服务: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - NT 服务: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - NT 服务: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe



生成后，不能上网，ie死  又不知什么病毒

可能是  backdoor.win32.ircbot.st的变种

怎么清楚？
老自动生成

各位帮帮忙

O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll


...

换个autoruns的日志上来,注意option-hide microsoft services

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run           

+ hmonitor    Hardware sensors monitor    AB Software    c:\program files\hmonitor\hmonitor.exe

+ RavMon            File not found: ;

+ RavTask    RavTimer    Beijing Rising Technology Co., Ltd.    c:\program files\rising\rav\ravtask.exe

+ Super Rabbit SafeEdit    Super Rabbit Safe File Client    Super Rabbit Soft    c:\program files\magicset\srfc.exe

C:\Documents and Settings\All Users\「开始」菜单\程序\启动           

+ BlueSoleil.lnk    Bluetooth Application    IVT Corporation    c:\program files\ivt corporation\bluesoleil\bluesoleil.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run           

+ NoAds    NoAds    South Bay Software    c:\program files\noads\noads.exe

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components           

+ n/a            File not found: C:\WINDOWS\System32\pop3net.exe

+ n/a            File not found: C:\WINDOWS\svchost.exe s

+ 能源规则设置            File not found: setupx.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks           

+ IEXPLORE.DLL            File not found: C:\WINDOWS\System32\IEXPLORE.DLL

+ new123.sys            File not found: C:\Program Files\Internet Explorer\PLUGINS\new123.sys

+ Rising Execute File Exts hook    Rising Shell Ext Module    Beijing Rising Technology Co., Ltd.    c:\windows\system32\ravext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved           

+ iTunes    iTunes Mini Player DLL    Apple Computer, Inc.    f:\program files\itunes\itunesminiplayer.dll

+ RISING    Rising Shell Ext Module    Beijing Rising Technology Co., Ltd.    c:\windows\system32\ravext.dll

+ Shell Extensions for RealOne Player    RealPlayer Shell Extensions    RealNetworks, Inc.    c:\program files\real\realone player\rpshell.dll

+ Web Anti-Virus    Script Monitor Internet Explorer plugin    Kaspersky Lab    f:\program files\kaspersky lab\kaspersky anti-virus 6.0\scieplugin.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers           

+ PDF Shell Extension    PDF Shell Extension    Adobe Systems, Inc.    c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects           

+ AcroIEHlprObj Class    Adobe Acrobat IE Helper Version 7.0 for ActiveX    Adobe Systems Incorporated    c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar           

+ FlashGet Bar    FlashGet IE Bar    Amaze Soft    c:\program files\flashget\fgiebar.dll

HKLM\System\CurrentControlSet\Services           

+ BlueSoleil Hid Service            c:\program files\ivt corporation\bluesoleil\btntservice.exe

+ NVSvc    NVIDIA Driver Helper Service, Version 40.72    NVIDIA Corporation    c:\windows\system32\nvsvc32.exe

+ PDSched    PerfectDisk Scheduling module    Raxco Software, Inc.    c:\program files\raxco\perfectdisk\pdsched.exe

+ RsCCenter    CCenter    Beijing Rising Technology Co., Ltd.    c:\program files\rising\rav\ccenter.exe

+ RsRavMon    RavMond    Beijing Rising Technology Co., Ltd.    c:\program files\rising\rav\ravmond.exe

HKLM\System\CurrentControlSet\Services           

+ BaseTDI    basetdi    Beijing Rising Technology Co., Ltd.    c:\windows\system32\drivers\basetdi.sys

+ BlueletAudio    Bluelet Audio Driver    IVT Corporation    c:\windows\system32\drivers\blueletaudio.sys

+ BT    Bluetooth PAN Network Adapter Driver    IVT Corporation    c:\windows\system32\drivers\btnetdrv.sys

+ Btcsrusb    Bluetooth USB Device Driver    IVT Corporation    c:\windows\system32\drivers\btcusb.sys

+ BTHidEnum            c:\windows\system32\drivers\vbtenum.sys

+ BTHidMgr    Bluetooth HID Manager driver    IVT Corporation    c:\windows\system32\drivers\bthidmgr.sys

+ BTNetFilter            c:\windows\system32\drivers\btnetfilter.sys

+ cmpci    C-Media Audio WDM Driver    C-Media Inc    c:\windows\system32\drivers\cmaudio.sys

+ ExpScaner    ExpScan.sys        c:\program files\rising\rav\expscan.sys

+ GEARAspiWDM    CDRom Class Filter Driver    GEAR Software Inc.    c:\windows\system32\drivers\gearaspiwdm.sys

+ hmonitor            c:\windows\system32\drivers\hmonitor.sys

+ HookCont    TDI HOOK Driver    Rising tech Co. ltd    c:\program files\rising\rav\hookcont.sys

+ HookReg            c:\program files\rising\rav\hookreg.sys

+ HookSys    Hooksys    Rising    c:\program files\rising\rav\hooksys.sys

+ kl1    Kaspersky Unified Driver    Kaspersky Lab    c:\windows\system32\drivers\kl1.sys

+ klif    spuper-ptor    Kaspersky Lab    c:\windows\system32\drivers\klif.sys

+ MEMSCAN    MemScan Driver    瑞星软件有限公司    c:\program files\rising\rav\memscan.sys

+ New0            c:\windows\system32\new.sys

+ npkcrypt            File not found: C:\Program Files\Tencent\qq\npkcrypt.sys

+ nv    NVIDIA Compatible Windows 2000 Miniport Driver, Version 40.72     NVIDIA Corporation    c:\windows\system32\drivers\nv4_mini.sys

+ OVT511Plus    Stream Class Mini Driver    OmniVision Technologies, Inc.    c:\windows\system32\drivers\omcamvid.sys

+ pnpshark    PnP BIOS Extension         c:\windows\system32\drivers\pnpshark.sys

+ prodrv06    StarForce Protection Environment Driver    Protection Technology    c:\windows\system32\drivers\prodrv06.sys

+ prohlp02    StarForce Protection Helper Driver    Protection Technology    c:\windows\system32\drivers\prohlp02.sys

+ prosync1    StarForce Protection Synchronization Driver    Protection Technology    c:\windows\system32\drivers\prosync1.sys

+ Ptilink    Direct Parallel Link Driver    Parallel Technologies, Inc.    c:\windows\system32\drivers\ptilink.sys

+ rtl8139    NDIS 5.0 driver                                                                      Realtek Semiconductor Corporation                                                    c:\windows\system32\drivers\rtl8139.sys

+ Secdrv    SafeDisc driver    Macrovision Europe Ltd    c:\windows\system32\drivers\secdrv.sys

+ sfhlp01    StarForce Protection Helper Driver    Protection Technology    c:\windows\system32\drivers\sfhlp01.sys

+ st3shark    SCSI miniport         c:\windows\system32\drivers\st3shark.sys

+ TSP    spuper-ptor    Kaspersky Lab    c:\windows\system32\drivers\klif.sys

+ U3sHlpDr            c:\windows\system32\drivers\u3shlpdr.sys

+ VComm    Bluetooth Serial Port Driver    IVT Corporation    c:\windows\system32\drivers\vcomm.sys

+ VcommMgr    Bluetooth VcommMgr driver    IVT Corporation    c:\windows\system32\drivers\vcommmgr.sys

+ W9986    I82930 Bulk IO Test Driver    Windows (R) 2000 DDK provider    c:\windows\system32\drivers\w9986.sys

+ XONEUSB    YMDC-3071 MP3 Player Device Driver    Yountel Corporation    c:\windows\system32\drivers\xoneusb.sys

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute           

+ PDBoot.exe    PerfectDisk Boot Time Defragmentation    Raxco Software, Inc.    c:\windows\system32\pdboot.exe

+ SsiEfr.ex            File not found: SsiEfr.ex

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify           

+ klogon    Logon Visualizer    Kaspersky Lab    c:\windows\system32\klogon.dll

is this one ok?

thx