在听从高手的意见以后,我扫描日志并关闭了4个文件,不幸的是由于走眼漏看的一个名为KB7860932.LOG的文件。然后就手动杀掉了名为TINTSEFP.EXE的文件、HACKER.COM.CN.EXE\INI以及ADMIN_NEW.EXE这4个文件,后发现LSASS。EXE手动无法杀掉,于是我重查日志,发现了问题,并关闭了KB7860932,结果重新搜索的时候,搜不到KB7860932,并且LSASS。EXE无法杀掉,而且日志中的HACKER。COM。CN。INI无法关闭(虽然我杀掉了,他的名字却留着)而且还有一个名叫HACKER。COM。CN的文件,300多KB呢,也是同样的杀不掉,求助各位帮忙了。
另外,我容瑞星杀毒时,终于将连三个病毒变成了连两个,但情况仍然十分危机,先我的日志情况如下:
Logfile of HijackThis v1.99.1
Scan saved at 23:15:33, on 2006-8-15
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CCProxy\CCProxy.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Kingsoft\XDict\XDICT.EXE
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\***论文\HijackThis.exe
O1 - Hosts: 58.215.74.93 www.lottery.gov.cn
O1 - Hosts: 58.215.74.93 lottery.gov.cn
O1 - Hosts: 58.215.74.93 www.zgzcw.com
O1 - Hosts: 58.215.74.93 zgzcw.com
O1 - Hosts: 58.215.74.93 www.zhcw.com
O1 - Hosts: 58.215.74.93 zhcw.com
O1 - Hosts: 58.215.74.93 www.50018.com
O1 - Hosts: 58.215.74.93 50018.com
O1 - Hosts: 58.215.74.93 www.lottery.sinosports.net
O1 - Hosts: 58.215.74.93 lottery.sinosports.net
O1 - Hosts: 58.215.74.93 www.sinosports.net
O1 - Hosts: 58.215.74.93 sinosports.net
O1 - Hosts: 58.215.74.93 www.cpbz.com
O1 - Hosts: 58.215.74.93 cpbz.com
O1 - Hosts: 58.215.74.93 www.teyi21.com
O1 - Hosts: 58.215.74.93 teyi21.com
O1 - Hosts: 58.215.74.93 www.cocololo.com
O1 - Hosts: 58.215.74.93 cocololo.com
O1 - Hosts: 58.215.74.93 www.cp168.com
O1 - Hosts: 58.215.74.93 cp168.com
O1 - Hosts: 58.215.74.93 www.95003.net
O1 - Hosts: 58.215.74.93 95003.net
O1 - Hosts: 58.215.74.93 www.cn-loans.com
O1 - Hosts: 58.215.74.93 cn-loans.com
O1 - Hosts: 58.215.74.93 www.guocai.com
O1 - Hosts: 58.215.74.93 guocai.com
O1 - Hosts: 58.215.74.93 www.cncpw.com
O1 - Hosts: 58.215.74.93 cncpw.com
O1 - Hosts: 58.215.74.93 www.fulicaipiao.cn
O1 - Hosts: 58.215.74.93 fulicaipiao.cn
O1 - Hosts: 58.215.74.93 www.lotole.com
O1 - Hosts: 58.215.74.93 lotole.com
O1 - Hosts: 58.215.74.93 www.lottery.people.com.cn
O1 - Hosts: 58.215.74.93 lottery.people.com.cn
O1 - Hosts: 58.215.74.93 www.sdcp.com.cn
O1 - Hosts: 58.215.74.93 sdcp.com.cn
O1 - Hosts: 58.215.74.93 www.lottery.21cn.com
O1 - Hosts: 58.215.74.93 lottery.21cn.com
O1 - Hosts: 58.215.74.93 www.gdcpw.com
O1 - Hosts: 58.215.74.93 gdcpw.com
O1 - Hosts: 58.215.74.93 www.gxcaipiao.com
O1 - Hosts: 58.215.74.93 gxcaipiao.com
O1 - Hosts: 58.215.74.93 www.3d3d3d.cn
O1 - Hosts: 58.215.74.93 3d3d3d.cn
O1 - Hosts: 58.215.74.93 www.3d2006.cn
O1 - Hosts: 58.215.74.93 3d2006.cn
O1 - Hosts: 58.215.74.93 www.runtsoft.com
O1 - Hosts: 58.215.74.93 runtsoft.com
O1 - Hosts: 58.215.74.93 www.hy3d.com
O1 - Hosts: 58.215.74.93 hy3d.com
O1 - Hosts: 58.215.74.93 www.jccp_lottery.nease.net
O1 - Hosts: 58.215.74.93 jccp_lottery.nease.net
O1 - Hosts: 58.215.74.93 www.nease.net
O1 - Hosts: 58.215.74.93 nease.net
O1 - Hosts: 58.215.74.93 www.world-lotteries.org
O1 - Hosts: 58.215.74.93 world-lotteries.org
O1 - Hosts: 58.215.74.93 www.cp518.com
O1 - Hosts: 58.215.74.93 cp518.com
O1 - Hosts: 58.215.74.93 www.295.com.cn
O1 - Hosts: 58.215.74.93 295.com.cn
O1 - Hosts: 58.215.74.93 www.house.lnd.com.cn
O1 - Hosts: 58.215.74.93 house.lnd.com.cn
O1 - Hosts: 58.215.74.93 www.lnd.com.cn
O1 - Hosts: 58.215.74.93 lnd.com.cn
O1 - Hosts: 58.215.74.93 www.bet310.com
O1 - Hosts: 58.215.74.93 bet310.com
O1 - Hosts: 58.215.74.93 www.betcn.com
O1 - Hosts: 58.215.74.93 betcn.com
O1 - Hosts: 58.215.74.93 www.1soccer.com
O1 - Hosts: 58.215.74.93 1soccer.com
O1 - Hosts: 58.215.74.93 www.titansports.cn
O1 - Hosts: 58.215.74.93 titansports.cn
O1 - Hosts: 58.215.74.93 www.sinosports.china.com.cn
O1 - Hosts: 58.215.74.93 sinosports.china.com.cn
O1 - Hosts: 58.215.74.93 www.china.com.cn
O1 - Hosts: 58.215.74.93 china.com.cn
O1 - Hosts: 58.215.74.93 www.pl.sportscn.com
O1 - Hosts: 58.215.74.93 pl.sportscn.com
O1 - Hosts: 58.215.74.93 www.sportscn.com
O1 - Hosts: 58.215.74.93 sportscn.com
O1 - Hosts: 58.215.74.93 www.lottery.eastday.com
O1 - Hosts: 58.215.74.93 lottery.eastday.com
O1 - Hosts: 58.215.74.93 www.eastday.com
O1 - Hosts: 58.215.74.93 eastday.com
O1 - Hosts: 58.215.74.93 www.xinancaipiao.com
O1 - Hosts: 58.215.74.93 xinancaipiao.com
O1 - Hosts: 58.215.74.93 www.sdticai.com
O1 - Hosts: 58.215.74.93 sdticai.com
O1 - Hosts: 58.215.74.93 www.fjtc.com.cn
O1 - Hosts: 58.215.74.93 fjtc.com.cn
O1 - Hosts: 58.215.74.93 www.zjlottery.com
O1 - Hosts: 58.215.74.93 zjlottery.com
O1 - Hosts: 58.215.74.93 www.gdtc.com.cn
O1 - Hosts: 58.215.74.93 gdtc.com.cn
O1 - Hosts: 58.215.74.93 www.cqlottery.gov.cn
O1 - Hosts: 58.215.74.93 cqlottery.gov.cn
O1 - Hosts: 58.215.74.93 www.sctycp.com
O1 - Hosts: 58.215.74.93 sctycp.com
O1 - Hosts: 58.215.74.93 www.jxlottery.com
O1 - Hosts: 58.215.74.93 jxlottery.com
O1 - Hosts: 58.215.74.93 www.ahlottery.com
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v8.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\System32\qylhelper.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: BitComet工具栏 - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - E:\***论文\BitComet\BitCometBar\BitCometBar0.6.dll (file missing)
O4 - HKLM\..\Run: [CCProxy] C:\Program Files\CCProxy\CCProxy.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Macafee Virus Scanner] mcvscn.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\RunServices: [Macafee Virus Scanner] mcvscn.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\System32\DrvMon.exe
O4 - Startup: 腾讯TM.lnk = ?
O4 - Global Startup: 金山词霸 2002.lnk = C:\Program Files\Kingsoft\XDict\XDICT.EXE
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Sandai Technologies Inc\Thunder\getallurl.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\青龙\风之源\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\青龙\风之源\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\青龙\风之源\qq\SendMMS.htm
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\***论文\浩方对战平台\GameClient.exe (file missing)
O9 - Extra button: 卓越 - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll
O9 - Extra button: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: 百万图库 - {6713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/p (file missing) (HKCU)
O9 - Extra button: 铃声图片下载 - {7713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/sms/index.htm (file missing) (HKCU)
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://bb.wuhan.net.cn/plugin/PowerPlr.ocx
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://spgamecn.com/xml/msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {FA7D78BA-3EA7-4E52-B0E2-0772F577E6CC} (VideoOcx Control) - http://www.gbq.cn/VP/videoocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B767E96-914E-421D-96E3-77A8053641E6}: NameServer = 202.103.24.68,202.103.0.117
O23 - Service: NetWindowsVista (NetWindowsVista ) - Unknown owner - C:\WINDOWS\Hacker.com.cn.ini
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Wentstat nuer (Wentstat nuer ) - Unknown owner - C:\WINDOWS\xiaoyao4.exe
