陌上茱萸 - 2006-8-16 9:47:00
请各位高手指点一二,不胜感激!
HijackThis_815汉化版扫描日志 V1.99.1
保存于 9:37:08, 日期 2006-8-16
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
E:\Program Files\Maxthon\Maxthon.exe
E:\Program Files\Tencent\qq\QQ.exe
E:\Program Files\Tencent\qq\TIMPlatform.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\刘仕芬\程序\HijackThis1991zww.exe
O3 - IE工具栏增项: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - E:\PROGRA~1\SUPERR~1\MagicSet\haokanbar.dll
O4 - 启动项HKLM\\Run: [NvCplDaemon] ; ; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] ; ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [IMSCMig] ; ; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [KernelFaultCheck] ; ; %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [NvMediaCenter] ; ; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [nwiz] ; ; nwiz.exe /install
O4 - 启动项HKLM\\Run: [PHIME2002A] ; ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [PHIME2002ASync] ; ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [RavScanBD] ; "E:\Program Files\Rising\Rav\ScanBD.exe" /INST
O4 - 启动项HKLM\\Run: [RavTask] ; "E:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [SoundMan] ; ; SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [TkBellExe] ; ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [WebThunder] ; ; C:\Program Files\Thunder Network\WebThunder\WebThunder.exe
O4 - HKCU\..\Run: [ctfmon.exe] ; C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DesktopSprite] ; ; D:\刘仕芬\程序\DesktopSprite2\DesktopSprite.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - e:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - e:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - IE右键菜单中的新增项目: 使用Web迅雷下载 - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A72FFC5-3FB9-43D5-BCD5-9B018D6B469B}: NameServer = 192.168.254.25
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - E:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\Program Files\Rising\Rav\Ravmond.exe
闪电风暴 - 2006-8-16 9:53:00
驱动灰鸽子与ROOKIT。
按照:http://forum.ikaka.com/topic.asp?board=36&artid=8144360
扫个Autoruns日志上来
陌上茱萸 - 2006-8-16 10:02:00
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ IMJPMIG8.1找不到文件:;
+ IMSCMig找不到文件:;
+ KernelFaultCheck找不到文件:;
+ NvCplDaemon找不到文件:;
+ NvMediaCenter找不到文件:;
+ nwiz找不到文件:;
+ PHIME2002A找不到文件:;
+ PHIME2002ASync找不到文件:;
+ RavScanBD找不到文件:;
+ RavTask找不到文件:;
+ SoundMan找不到文件:;
+ TkBellExe找不到文件:;
+ WebThunder找不到文件:;
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ ctfmon.exe找不到文件:;
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0找不到文件:About:Home
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Desktop ExplorerNVIDIA Desktop Explorer, Version 66.93 NVIDIA Corporationc:\windows\system32\nvshell.dll
+ Desktop Explorer MenuNVIDIA Desktop Explorer, Version 66.93 NVIDIA Corporationc:\windows\system32\nvshell.dll
+ Display Panning CPL Extension找不到文件:deskpan.dll
+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll
+ NvCpl DesktopContext ClassNVIDIA Display Properties ExtensionNVIDIA Corporationc:\windows\system32\nvcpl.dll
+ nView Desktop Context MenuNVIDIA Desktop Explorer, Version 66.93 NVIDIA Corporationc:\windows\system32\nvshell.dll
+ Play on my TV helperNVIDIA Display Properties ExtensionNVIDIA Corporationc:\windows\system32\nvcpl.dll
+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.c:\program files\real\realplayer\rpshell.dll
+ WinRAR shell extensionc:\program files\winrar\rarext.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ 超级兔子上网精灵HaoKanBar Toolbar ModuleXiang Feng Technologye:\program files\super rabbit\magicset\haokanbar.dll
HKLM\System\CurrentControlSet\Services
+ NVSvcProvides system and desktop level support to the NVIDIA display driverNVIDIA Corporationc:\windows\system32\nvsvc32.exe
+ RsCCenterCCenterBeijing Rising Technology Co., Ltd.e:\program files\rising\rav\ccenter.exe
+ RsRavMonRavMondBeijing Rising Technology Co., Ltd.e:\program files\rising\rav\ravmond.exe
HKLM\System\CurrentControlSet\Services
+ 10379421c:\windows\system32\drivers\10379421.sys
+ ALCXWDMRealtek AC'97 Audio Driver (WDM)Realtek Semiconductor Corp.c:\windows\system32\drivers\alcxwdm.sys
+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.c:\windows\system32\drivers\basetdi.sys
+ ExpScanerExpScan.syse:\program files\rising\rav\expscan.sys
+ HookContTDI HOOK DriverRising tech Co. ltde:\program files\rising\rav\hookcont.sys
+ HookRege:\program files\rising\rav\hookreg.sys
+ HookSysHooksysRisinge:\program files\rising\rav\hooksys.sys
+ MEMSCANMemScan Driver瑞星软件有限公司e:\program files\rising\rav\memscan.sys
+ npkcryptnProtect KeyCrypt DriverINCA Internet Co., Ltd.e:\program files\tencent\qq\npkcrypt.sys
+ npkycryp找不到文件:E:\Program Files\Tencent\qq\npkycryp.sys
+ nvNVIDIA Compatible Windows 2000 Miniport Driver, Version 66.93 NVIDIA Corporationc:\windows\system32\drivers\nv4_mini.sys
+ pfcPadus(R) ASPI ShellPadus, Inc.c:\windows\system32\drivers\pfc.sys
+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys
+ rtl8139Realtek RTL8139 NDIS 5.0 DriverRealtek Semiconductor Corporationc:\windows\system32\drivers\rtl8139.sys
+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys
+ SONYPVU1Sony USB Lower Filter driverSony Corporationc:\windows\system32\drivers\sonypvu1.sys
+ viamraidVIA RAID DRIVER FOR WIN 2000/XP/2003IA32VIA Technologies inc,.ltdc:\windows\system32\drivers\viamraid.sys
闪电风暴 - 2006-8-16 10:10:00
先删除所有的“找不到文件”项
闪电风暴 - 2006-8-16 10:11:00
+ 10379421c:\windows\system32\drivers\10379421.sys
应该是驱动木马
闪电风暴 - 2006-8-16 10:18:00
http://forum.ikaka.com/topic.asp?board=28&artid=7538008
闪电风暴 - 2006-8-16 10:19:00
没有EXE文件/?
陌上茱萸 - 2006-8-18 11:08:00
系统彻底崩了,重装
© 2000 - 2026 Rising Corp. Ltd.