1   1  /  1  页   跳转

[求助] 電腦中Msn病毒,已附hijackthis

電腦中Msn病毒,已附hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:46:54, on 23/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCENTER.EXE
C:\Program Files\Rising\Rfw\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rfw\rfwsrv.exe
C:\Program Files\Rising\Rav\RavMonD.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\rsnetsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Rising\Rav\RsTray.exe
C:\Program Files\Rising\Rfw\RsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\\Eraser\Eraser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rfw\RavTask.exe
C:\Program Files\Rising\Rav\ScanFrm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\conime.exe
E:\Program Files\ken\360safebox\SafeBoxtray.exe
E:\Program Files\ken\360safe\safemon\360tray.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrator\桌面\HiJackThis.exe.EXE

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - E:\Program Files\ken\ComDlls\TDAtOnce_Now.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\Program Files\ken\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live 祅腊? - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: 縐縐奻厙假翑忒 - {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - C:\WINDOWS\system32\UrlFilter.dll (file missing)
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - E:\Program Files\ken\360safe\safemon\safemon.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: ALiBaBar_Helper - {CE439C63-384A-747A-A357-23D96B5D652B} - C:\PROGRA~1\ALiBaBar\ALiBaBar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ALiBaBar - {0A1375E1-56C2-11D6-8E45-8933A0FB5235} - C:\PROGRA~1\ALiBaBar\ALiBaBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [FlashgetMini] E:\Program Files\Download Files\FlashGet\Temp\setup.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RavTray] "C:\Program Files\Rising\Rav\RsTray.exe" -system
O4 - HKLM\..\Run: [RFWTray] "C:\Program Files\Rising\Rfw\RsTray.exe" -system
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [360Safebox] "E:\Program Files\ken\360safebox\safeboxTray.exe" /r
O4 - HKLM\..\Run: [360Safetray] E:\Program Files\ken\360safe\safemon\360tray.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [foxy] "E:\Program Files\Download Files\Foxy\Foxy.exe" -tray
O4 - HKCU\..\Run: [Yahoo!Mini] "E:\Program Files\Download Files\Mini\YMiniUpdat2.exe" -c
O4 - HKCU\..\Run: [Eraser] C:\Documents and Settings\Administrator\\Eraser\Eraser.exe -hide
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Foxy 下載 - res://E:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://E:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: UseFlashGet - E:\Program Files\Download Files\FlashGet\ComDlls\Bholink.htm
O8 - Extra context menu item: UseFlashGetDownloadAllLink - E:\Program Files\Download Files\FlashGet\ComDlls\Bhoall.htm
O8 - Extra context menu item: 上傳到QQ網路硬碟 - E:\Program Files\lolo\AddToNetDisk.htm
O8 - Extra context menu item: 使用影音傳送帶下載 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音傳送帶下載全部連結 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 使用迅雷下載 - E:\Program Files\ken\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下載全部鏈接 - E:\Program Files\ken\Program\GetAllUrl.htm
O8 - Extra context menu item: 剪貼簿文字:  簡 > 繁 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToTrad
O8 - Extra context menu item: 剪貼簿文字:  繁 > 簡 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToSim
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 新增到QQ自定義面板 - E:\Program Files\lolo\AddPanel.htm
O8 - Extra context menu item: 新增到QQ表情 - E:\Program Files\lolo\AddEmotion.htm
O8 - Extra context menu item: 添加到QQ自定義面板 - E:\Program Files\lolo\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\lolo\AddEmotion.htm
O8 - Extra context menu item: 用QQ MMS傳送該圖片 - E:\Program Files\lolo\SendMMS.htm
O8 - Extra context menu item: 用QQ彩信發送該圖片 - E:\Program Files\lolo\SendMMS.htm
O8 - Extra context menu item: 網頁:  [簡體] 顯示 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToSim
O8 - Extra context menu item: 網頁:  [繁體] 顯示 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToTrad
O9 - Extra button: 運行迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - E:\Program Files\ken\Thunder.exe
O9 - Extra 'Tools' menuitem: 運行迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - E:\Program Files\ken\Thunder.exe
O9 - Extra button: 浩方??平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\Program Files\新資料夾\GameClient.exe (file missing)
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\lolo\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 騰訊QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\lolo\QQ.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=tw.yahoo.com
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rav Process Communication Center (RavCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCENTER.EXE
O23 - Service: Rising RavTask Manager (RavTask) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\RavTask.exe
O23 - Service: Rfw Process Communication Center (RfwCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rfw\CCENTER.EXE
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising RfwTask Manager (RfwTask) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rfw\RavTask.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\RavMonD.exe
O23 - Service: Rising Scan Service (RsScanSrv) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\ScanFrm.exe

--
End of file - 8901 bytes
分享到:
gototop
 

回复:電腦中Msn病毒,已附hijackthis

C:\Documents and Settings\Administrator\\Eraser\Eraser.exe
建议换SREng日志,日志更详细一点

下载SREng
下载之后解压缩,运行SREngLdr.EXE,如果不能运行,可以尝试改名为123.com;
点击“智能扫描”,勾选所有扫描项,勾选“检查进程模块的数字签名”;
然后点击“扫描”;
等待扫描完成,点击“保存报告”;
将保存的日志文件SREnglog.log作为附件上传到论坛;
gototop
 

回复: 電腦中Msn病毒,已附hijackthis

這個嗎@@?

那是同一個人來的..只是忘了密xxx重新註冊而已@@..

麻煩你囉~

附件附件:

文件名:SREngLOG.log
下载次数:107
文件类型:application/octet-stream
文件大小:
上传时间:2009-4-24 14:03:19
描述:log

gototop
 

回复:電腦中Msn病毒,已附hijackthis

各位大大...請問我的電腦有事嗎
gototop
 
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT