【回复“阿诺8979”的帖子】
修复了这两项:
O4 - HKCU\..\Run: [Realplayer.exe] C:\WINDOWS\System32\Realplayer.exe
O4 - HKLM\..\Run: [Realplayer.exe] C:\WINDOWS\System32\Realplayer.exe
病毒呀!!!!
还有什么需要做的吗?再附上日志。
Logfile of HijackThis v1.99.1
Scan saved at 10:31:47, on 2006-10-9
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\rising\rfw\rfwproxy.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\SVOHOST.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\racer-henan-cnc\racer.exe
C:\WINDOWS\system32\conime.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\racer-henan-cnc\RacerKp.exe
C:\Program Files\Rising\Rav\RavMon.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Documents\新建文件夹\Thunder\Program\Thunder5.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\Documents and Settings\zzp\桌面\HijackThis.exe
O1 - Hosts: 59.34.148.98 www.hao123.com
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3}? - (no file)
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [Thunder] "C:\Documents and Settings\All Users\Documents\新建文件夹\Thunder\Thunder.exe" /s
O4 - HKLM\..\Run: [SoundMam] C:\WINDOWS\system32\SVOHOST.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: microsoft office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: 联想键盘驱动程序.lnk = ?
O4 - Global Startup: 河南网通宽带用户客户端.lnk = C:\Program Files\racer-henan-cnc\racer.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\软件包\QQ2006\AddToNetDisk.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Documents and Settings\All Users\Documents\新建文件夹\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Documents and Settings\All Users\Documents\新建文件夹\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\软件包\QQ2006\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\软件包\QQ2006\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\软件包\QQ2006\SendMMS.htm
O9 - Extra button: 解霸 - {367E0A21-8601-4986-9C9A-153BF5ACA118}? - C:\HEROSOFT\Hero3000\MPLAYER.EXE
O9 - Extra 'Tools' menuitem: 超级解霸 - {367E0A21-8601-4986-9C9A-153BF5ACA118}? - C:\HEROSOFT\Hero3000\MPLAYER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
