大哥们    我电脑什么都不太会  能不能帮忙看下日志  好象有病毒在




ogfile of HijackThis v1.99.1
Scan saved at 20:25:26, on 2006-11-9
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\OpenSSL.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetinfo.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINNT\system32\ctfmon.exe
D:\浪人算盘湖州红十\超级兔子\MagicSet\SRIECLI.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\浪人算盘湖州红十\mmmmmmmmm\HijackThis.exe

O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - D:\浪人算~1\超级兔子\MAGICSET\haokanbar.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\网络缈快斐车礬\FLASHGET\fgiebar.dll (file missing)
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - d:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - D:\浪人算~1\超级兔子\MAGICSET\haokanbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [Super Rabbit Desktop Set] ; D:\浪人算盘湖州红十\超级兔子\MagicSet\DS.EXE /Load
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] D:\浪人算盘湖州红十\超级兔子\MagicSet\SRIECLI.EXE /LOAD
O8 - Extra context menu item: &使用迅雷下载 - D:\讯雷\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\讯雷\Program\GetAllUrl.htm
O8 - Extra context menu item: Google 搜索(&G) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - F:\最新qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - E:\网络快车\FLASHGET\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\网络快车\FLASHGET\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - F:\最新qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - F:\最新qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\最新qq\SendMMS.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\最新qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\最新qq\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\网络快车\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\网络快车\FLASHGET\flashget.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{912C18B1-6192-4ED1-ABF4-06507DD52767}: NameServer = 61.130.254.34 61.130.254.35
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

【回复“风雨缥缈”的帖子】
C:\WINNT\system32\inetinfo.exe
打包，加密（密码用123）发给我：baohelin@yahoo.com.cn

我怀疑这个文件

猫哥  这个文件拒绝访问  无法打包怎么办啊

先结束进程

引用:

【风雨缥缈的贴子】猫哥  这个文件拒绝访问  无法打包怎么办啊 ………………

先结束C:\WINNT\system32\inetinfo.exe进程，才能打包。

结束进程以后  这个文件找不到了  但是瑞星不停的提示有病毒  不知道该怎么办了  55555555555555555555555555555

顶
起
来

显示所有系统和隐藏文件试着找一下！

请到我的网盘：http://free5.ys168.com/?echowj下载 System Repair Engineer，使用“智能扫描”，勾选“检查进程模块的数字签名”按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
日志一次粘不完，分次粘完，请不要修改。谢谢．．．

2006-11-09,21:29:20

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 3 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><ctfmon.exe>  [Microsoft Corporation]
    <Super Rabbit IEPro><D:\浪人算盘湖州红十\超级兔子\MagicSet\SRIECLI.EXE /LOAD>  [Super Rabbit Soft]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [Microsoft Corporation]
    <NvCplDaemon><RUNDLL32.EXE NvQTwk,NvCplDaemon initialize>  [N/A]
    <nwiz><nwiz.exe /install>  [(Verified)NVIDIA Corporation]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <Super Rabbit Desktop Set><; D:\浪人算盘湖州红十\超级兔子\MagicSet\DS.EXE /Load>  [Super Rabbit Software]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINNT\system32\ssmarque.scr>  [Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Alerter / Alerter]
  <C:\WINNT\System32\services.exe><Microsoft Corporation>
[Application Management / AppMgmt]
  <C:\WINNT\system32\services.exe><Microsoft Corporation>
[Computer Browser / Browser]
  <C:\WINNT\System32\services.exe><Microsoft Corporation>
[Indexing Service / cisvc]
  <C:\WINNT\System32\cisvc.exe><Microsoft Corporation>
[ClipBook / ClipSrv]
  <C:\WINNT\system32\clipsrv.exe><Microsoft Corporation>
[DHCP Client / Dhcp]
  <C:\WINNT\System32\services.exe><Microsoft Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Logical Disk Manager / dmserver]
  <C:\WINNT\System32\services.exe><Microsoft Corporation>
[DNS Client / Dnscache]
  <C:\WINNT\System32\services.exe><Microsoft Corporation>
[Event Log / Eventlog]
  <C:\WINNT\system32\services.exe><Microsoft Corporation>
[Fax Service / Fax]
  <C:\WINNT\system32\faxsvc.exe><Microsoft Corporation>
[Server / lanmanserver]
  <C:\WINNT\System32\services.exe><Microsoft Corporation>
[Workstation / lanmanworkstation]
  <C:\WINNT\System32\services.exe><Microsoft Corporation>
[TCP/IP NetBIOS Helper Service / LmHosts]
  <C:\WINNT\System32\services.exe><Microsoft Corporation>
[Messenger / Messenger]
  <C:\WINNT\System32\services.exe><Microsoft Corporation>
[NetMeeting Remote Desktop Sharing / mnmsrvc]
  <C:\WINNT\System32\mnmsrvc.exe><Microsoft Corporation>
[Distributed Transaction Coordinator / MSDTC]
  <C:\WINNT\System32\msdtc.exe><Microsoft Corporation>
[Removable Storage / NtmsSvc]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\NtmsSvc.dll><Microsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc]
  <C:\WINNT\System32\nvsvc32.exe><NVIDIA Corporation>
[Plug and Play / PlugPlay]
  <C:\WINNT\system32\services.exe><Microsoft Corporation>
[Protected Storage / ProtectedStorage]
  <C:\WINNT\system32\services.exe><Microsoft Corporation>
[Remote Access Auto Connection Manager / RasAuto]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\rasauto.dll><Microsoft Corporation>
[Remote Access Connection Manager / RasMan]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\rasmans.dll><Microsoft Corporation>
[Routing and Remote Access / RemoteAccess]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\mprdim.dll><Microsoft Corporation>
[Remote Registry Service / RemoteRegistry]
  <C:\WINNT\system32\regsvc.exe><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[QoS RSVP / RSVP]
  <C:\WINNT\System32\rsvp.exe -s><Microsoft Corporation>
[Smart Card Helper / SCardDrv]
  <C:\WINNT\System32\SCardSvr.exe><Microsoft Corporation>
[Smart Card / SCardSvr]
  <C:\WINNT\System32\SCardSvr.exe><Microsoft Corporation>
[RunAs Service / seclogon]
  <C:\WINNT\system32\services.exe><Microsoft Corporation>
[System Event Notification / SENS]
  <C:\WINNT\system32\svchost.exe -k netsvcs-->%SystemRoot%\system32\sens.dll><Microsoft Corporation>
[Print Spooler / Spooler]
  <C:\WINNT\system32\spoolsv.exe><Microsoft Corporation>
[Performance Logs and Alerts / SysmonLog]
  <C:\WINNT\system32\smlogsvc.exe><Microsoft Corporation>
[Telephony / TapiSrv]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\tapisrv.dll><Microsoft Corporation>
[Telnet / TlntSvr]
  <C:\WINNT\system32\tlntsvr.exe><Microsoft Corporation>
[Distributed Link Tracking Client / TrkWks]
  <C:\WINNT\system32\services.exe><Microsoft Corporation>
[Uninterruptible Power Supply / UPS]
  <C:\WINNT\System32\ups.exe><Microsoft Corporation>
[Utility Manager / UtilMan]
  <C:\WINNT\System32\UtilMan.exe><Microsoft Corporation>

==================================