瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】请帮我分析一下【求助】

1   1  /  1  页   跳转

【求助】请帮我分析一下【求助】

收藏
Lucifer2008
头像
初生襁褓狮
  • 帖子:1
  • 注册: 2008-01-28
  • 来自:
发表于: 2008-01-29 00:11 | 只看楼主 短消息 资料
字号: 1楼

【求助】请帮我分析一下【求助】

昨天中毒,瑞星防火墙被破坏,卸载从新安装后又杀毒,又杀马,又安全模式杀了一夜,累个半死
谁知今天开机还有病毒,是什么原因啊,我要愁死了,杀不死的啊

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      23:10:58  日期 2008-1-28
操作系统:  Windows XP SP2 (WinNT 5.01.2600)
浏览器:    Internet Explorer v7.00 (7.00.6000.16574)

当前运行的进程:         
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
e:\Program Files\Rising\Rav\CCenter.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
e:\program files\rising\rfw\rfwsrv.exe
e:\program files\rising\rfw\rfwproxy.exe
e:\program files\rising\rfw\rfwstub.exe
E:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
e:\program files\rising\rfw\RfwMain.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\windows\system32\BoBoTurbo\BoBoTurbo.exe
C:\windows\system32\slserv.exe
C:\windows\System32\alg.exe
C:\Program Files\Rising\AntiSpyware\runiep.exe
E:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\360safe\safemon\360Tray.exe
C:\windows\system32\ctfmon.exe
E:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Tencent\QQ\TXPlatform.exe
E:\Program Files\GreenBrowser\GreenBrowser.exe
E:\Program Files\Rising\Rav\Rav.exe
D:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\Program Files\WinRAR\WinRAR.exe
D:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderKAV\bin\ScanningProcess.exe
C:\DOCUME~1\BENQ\LOCALS~1\Temp\Rar$EX05.890\HijackThis.exe
C:\DOCUME~1\BENQ\LOCALS~1\Temp\Rar$EX04.297\HijackThis.exe
C:\TDDOWNLOAD\HijackThis1991【teyqiu】.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - D:\Program Files\360safe\safemon\safemon.dll
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\windows\system32\kakatool.dll
O4 - 启动项HKLM\\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup
O4 - 启动项HKLM\\Run: [RavTask] "e:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [360Safetray] D:\Program Files\360safe\safemon\360Tray.exe /start
O4 - 启动项HKLM\\Run: [RfwMain] "e:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O8 - IE右键菜单中的新增项目: 使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - IE右键菜单中的新增项目: 使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - IE右键菜单中的新增项目: 把图片收藏到好网角 - C:\Program Files\wang1314\wang1314pic.html
O8 - IE右键菜单中的新增项目: 收藏此页到好网角收藏夹 - C:\Program Files\wang1314\wang1314.html
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - 浏览器额外的按钮: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的按钮: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - 浏览器额外的“工具”菜单项: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://site.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {52FF336D-A05D-4A14-A3A1-7B6B4B427F88} (UploadControl Control) - http://st.blog.163.com/bin/UploadControl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201472972312
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lucifer-vip.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} (163Uploader Control) - http://photo.163.com/163Uploader.cab
O16 - DPF: {B4D9857D-8A55-4442-A577-6B3ED5D4E41B} (ScreenCapture Class) - http://m47.mail.qq.com/zh_CN/activex/TencentMailActiveX.cab
O16 - DPF: {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} (ScreenCapture Class) - http://m47.mail.qq.com/zh_CN/activex/TencentMailActiveX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D9306BD1-2325-4C28-8632-B02330C1BB02} (PhotoUploadCtrlMini Control) - http://st.blog.163.com/bin/PhotoUploadCtrlMini.cab
O16 - DPF: {E847C78C-C210-4195-8799-FBF3BF89797D} - http://cu004.www.duba.net/duba/scan/Package/KOSInit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E876EE16-1EA3-4023-978A-A0B588A2D59F}: NameServer = 211.98.2.4 61.236.93.33
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O23 - NT 服务: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - NT 服务: BoBoTurbo - 广州易播信息科技有限公司 - C:\windows\system32\BoBoTurbo\BoBoTurbo.exe
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - e:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - e:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - e:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务: SmartLinkService (SLService) -  - C:\windows\SYSTEM32\slserv.exe

最后编辑2008-01-29 10:40:28
分享到:
gototop
 
lqqk7
头像
社区嘉宾
  • 帖子:4876
  • 注册: 2006-03-15
  • 来自:
发表于: 2008-01-29 10:49 | 短消息 资料
字号: 2楼

lz提供一下病毒路径
gototop
 
風在江湖
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2008-01-29
  • 来自:
发表于: 2008-01-29 10:52 | 短消息 资料
字号: 3楼

嚴重感染..
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT