瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 各位,请帮我看看014这项是正常的吗?
roymond - 2006-11-16 16:46:00
我最近为了支持瑞星,在98这边我又用回了瑞星,把原来哪个熊猫给卸了,现在只在XP中用熊猫,之后,我用HJ扫了一下,就发现多了014这项,而且想修复它也不行,请帮忙看看,还有我在XP那边中了一个新的病毒,熊猫97钛金也暂时查不到他,只有NOD32有抱,我已打包好了,谁要,快告诉我,我发给他,迟了我就把它删了!HJLogo如下:
HijackThis_815汉化版扫描日志 V1.99.1
保存于      16:35:09, 日期 06-11-16
操作系统:  Windows 98 SE (Win9x 4.10.2222A)
浏览器:    Internet Explorer v5.00 (5.00.2614.3500)

当前运行的进程:         
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE
C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE
C:\PROGRAM FILES\VNETCLIENT1.6\VNETCLIENT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\杀毒工具集\HIJACHTHIS V1.99.1.2汉化版\HIJACKTHIS1991ZWW.EXE

O4 - 启动项HKLM\\Run: [internat.exe] internat.exe
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - 启动项HKLM\\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - 启动项HKLM\\RunServices: [RsCcenter] "C:\Program Files\Rising\Rav\CCenter.exe"
O4 - 启动项HKLM\\RunServices: [RavMond] "C:\Program Files\Rising\Rav\RavMond.exe"
O4 - 启动项HKLM\\RunServices: [RavMon] "C:\Program Files\Rising\Rav\RavMon.exe" -system
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {371B29D9-4563-4E7F-B93D-F85ED5682ABC} (CoRaise Player Object) - http://202.104.212.55/tsplay/tsplay.cab
6981313 - 2006-11-16 16:59:00
你的电脑要执行一些远程程序调用服务吗?
C:\WINDOWS\SYSTEM\RPCSS.EXE
roymond - 2006-11-16 17:01:00
没有啊,是病毒吗
6981313 - 2006-11-16 17:07:00
扫个SRENG日志贴上来!
roymond - 2006-11-16 17:08:00
好,等等,不过那太大了!
roymond - 2006-11-16 17:12:00
2006-11-16,16:59:47

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows 98 SE  -

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <internat.exe><internat.exe>  [Microsoft Corporation]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <LoadPowerProfile><Rundll32.exe powrprof.dll,LoadCurrentPwrScheme>  [Microsoft Corporation]
    <SchedulingAgent><C:\WINDOWS\SYSTEM\mstask.exe>  [Microsoft Corporation]
    <RsCcenter><"C:\Program Files\Rising\Rav\CCenter.exe">  [Beijing Rising Technology Co., Ltd.]
    <RavMond><"C:\Program Files\Rising\Rav\RavMond.exe">  [Beijing Rising Technology Co., Ltd.]
    <RavMon><"C:\Program Files\Rising\Rav\RavMon.exe" -system>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
N/A

==================================
服务
N/A

==================================
驱动程序
N/A
roymond - 2006-11-16 17:12:00

==================================
浏览器加载项
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX, Macromedia, Inc.>
[CoRaise Player Object]
  {371B29D9-4563-4E7F-B93D-F85ED5682ABC} <C:\WINDOWS\SYSTEM\CRPLAYCTL.DLL, 上海同腾电子技术有限公司>

==================================
正在运行的进程
[PID: 4294943963][C:\WINDOWS\SYSTEM\MPREXE.EXE]  [Microsoft Corporation, 4.10.1998]
[PID: 4294854979][C:\WINDOWS\SYSTEM\MSTASK.EXE]  [Microsoft Corporation, 4.71.1959.1]
[PID: 4294935415][C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\PROGRAM FILES\RISING\RAV\UNPACKER.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\PROGRAM FILES\RISING\RAV\SCANEXEC.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [C:\PROGRAM FILES\RISING\RAV\SCANSCT.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\SCANMAC.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\PROGRAM FILES\RISING\RAV\NVFILE.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [C:\PROGRAM FILES\RISING\RAV\SCANEX.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
    [C:\PROGRAM FILES\RISING\RAV\EXTFILE.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 24]
    [C:\PROGRAM FILES\RISING\RAV\RSUNPACK.DLL]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\UNEXE.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\PROGRAM FILES\RISING\RAV\POSTTRT.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
    [C:\PROGRAM FILES\RISING\RAV\ENGINE.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 35]
    [C:\PROGRAM FILES\RISING\RAV\SPAMENG.DLL]  [N/A, 18, 0, 0, 6]
    [C:\PROGRAM FILES\RISING\RAV\MAILMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\PROGRAM FILES\RISING\RAV\MEMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [C:\PROGRAM FILES\RISING\RAV\HOOKWEB.DLL]  [rising, 18, 0, 0, 2]
    [C:\PROGRAM FILES\RISING\RAV\REGMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\PROGRAM FILES\RISING\RAV\VIRUSLIB.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\PROGRAM FILES\RISING\RAV\LIBLOAD.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\PROGRAM FILES\RISING\RAV\SCANNER.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33]
    [C:\PROGRAM FILES\RISING\RAV\HOOKSYS.DLL]  [Beijing Rising Technology Co., Ltd., 18, 1, 0, 12]
    [C:\PROGRAM FILES\RISING\RAV\RSLOG.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
roymond - 2006-11-16 17:13:00

    [C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL]  [rising, 18, 0, 0, 1]
[PID: 4294844875][C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 47]
    [C:\PROGRAM FILES\RISING\RAV\BWLIST.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\PNGDLL.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL]  [rising, 18, 0, 0, 1]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[PID: 4294899135][C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 39]
    [C:\PROGRAM FILES\RISING\RAV\BWLIST.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RSGUILIB.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
    [C:\WINDOWS\SYSTEM\RAVEXT.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\SYSTEM\DHCPCSVC.DLL]  [N/A, N/A]
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  [N/A, N/A]
[PID: 4294736171][C:\WINDOWS\EXPLORER.EXE]  [Microsoft Corporation, 4.72.3110.1]
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  [N/A, N/A]
[PID: 4294734743][C:\WINDOWS\SYSTEM\RPCSS.EXE]  [Microsoft Corporation, 4.71.2900]
[PID: 4294754667][C:\WINDOWS\SYSTEM\INTERNAT.EXE]  [Microsoft Corporation, 4.10.2222]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL]  [rising, 18, 0, 0, 1]
    [C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 4294755943][C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX]  [Macromedia, Inc., 7,0,19,0]
    [C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 4294934971][C:\PROGRAM FILES\VNETCLIENT1.6\VNETCLIENT.EXE]  [,, 1, 0, 0, 1]
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  [N/A, N/A]
[PID: 4294672855][C:\WINDOWS\SYSTEM\RNAAPP.EXE]  [Microsoft Corporation, 4.10.2222]
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  [N/A, N/A]
[PID: 4294605659][C:\WINDOWS\SYSTEM\TAPISRV.EXE]  [Microsoft Corporation, 4.10.2222]
    [C:\WINDOWS\SYSTEM\NVDD32.DLL]  [NVidia Corporation, 4.12.01.0648]
    [C:\WINDOWS\SYSTEM\NVARCH32.DLL]  [NVidia Corporation, 4.12.01.0648]
[PID: 4294511131][C:\WINDOWS\SYSTEM\DDHELP.EXE]  [Microsoft Corporation, 4.09.00.0900]
[PID: 4294567879][C:\WINDOWS\SYSTEM\PSTORES.EXE]  [Microsoft Corporation, 5.00.1877.3]
    [C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX]  [Macromedia, Inc., 7,0,19,0]
    [C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  [N/A, N/A]
    [C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB FOLDERS\MSONSEXT.DLL]  [N/A, N/A]
[PID: 4294456727][C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE]  [Microsoft Corporation, 5.00.2614.3500]
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  [N/A, N/A]
[PID: 4294502459][C:\杀毒工具集\SRENG2\SRENG\SRENG.EXE]  [Smallfrogs Studio, 2.2.6.605]
roymond - 2006-11-16 17:13:00

文件关联
.TXT  OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [C:\WINDOWS\winhlp32.exe %1]
.INI  OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF  OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS  OK. [C:\WINDOWS\WScript.exe "%1" %*]
.JS  OK. [C:\WINDOWS\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MS.w95.spi.osp
    C:\WINDOWS\SYSTEM\mswsosp.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MS.w95.spi.tcp
    C:\WINDOWS\SYSTEM\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MS.w95.spi.udp
    C:\WINDOWS\SYSTEM\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MS.w95.spi.raw
    C:\WINDOWS\SYSTEM\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MS.w95.spi.rsvptcp
    C:\WINDOWS\SYSTEM\rsvpsp.dll(Microsoft Corporation, Microsoft Windows Rsvp 1.0 Service Provider)
MS.w95.spi.rsvpudp
    C:\WINDOWS\SYSTEM\rsvpsp.dll(Microsoft Corporation, Microsoft Windows Rsvp 1.0 Service Provider)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1localhost

==================================
1
查看完整版本: 各位,请帮我看看014这项是正常的吗?
© 2000 - 2026 Rising Corp. Ltd.