今天忽然发现鼠标总自己闪,我的机器上任何程序运行都是有声音提示的,现在响个不停!鼠标总闪,估计肯定有什么程序在后台运行~~~~~~~~~~~~
我使用了ewido anti-spyware没有查出木马,
但是有恶意COOKS,都删除了,还是闪。。。。。。
用木马杀客查没病毒,用绿鹰精灵查没病毒,用瑞星查(今天升级的最新版本)也是没病毒,
可是那个不知名的程序还在后台运行着!!!!!
但是我用LDM木马检测程序查杀的时候发现很多病毒,因为没有注册不能杀:
检测结果如下:
LDM木马检测程序记录档案
执行扫描的日期: 23,October,2006
执行扫描的时间: 19:18:19
捕获威胁的引擎: LinDirMicro V7.1 -歼灭模式
执行扫描的路径: C:\
捕获威胁的数量: 16
捕获威胁的信息:
C:\WINDOWS\SET3.tmp
C:\WINDOWS\SET4.tmp
C:\WINDOWS\SET8.tmp
C:\Documents and Settings\LDM\桌面\询问\询问\netip.exe
C:\Documents and Settings\LDM\桌面\工作程序\huigezi.exe
C:\Documents and Settings\LDM\桌面\工作程序\virus\2.exe
C:\Documents and Settings\LDM\桌面\工作程序\virus\AntiVir_keygen.exe
C:\Documents and Settings\LDM\桌面\工作程序\virus\bootconf.exe
C:\Documents and Settings\LDM\桌面\工作程序\virus\AdmDll.dll
C:\Documents and Settings\LDM\桌面\工作程序\virus\CServer.dat
C:\Documents and Settings\LDM\桌面\工作程序\virus\3721.exe
C:\Documents and Settings\LDM\桌面\工作程序\virus\37d21.exe
C:\Documents and Settings\LDM\桌面\工作程序\virus\Cwwbip.exe
C:\Documents and Settings\LDM\桌面\工作程序\virus\3a\RavMonE.exe
C:\Documents and Settings\LDM\Local Settings\Temporary Internet Files\Content.IE5\6PQRABC4\mm[1].htm
C:\Documents and Settings\LDM\桌面\工作程序\virus\8.exe
--------------------------------------------------
LDM木马检测程序记录档案
执行扫描的日期: 25,October,2006
执行扫描的时间: 21:07:14
捕获威胁的引擎: Clock Up V7.1
捕获威胁的数量: 0
捕获威胁的信息:
--------------------------------------------------
LDM木马检测程序记录档案
执行扫描的日期: 25,October,2006
执行扫描的时间: 21:07:21
捕获威胁的引擎: LinDirMicro V7.1 -歼灭模式
执行扫描的路径: C:\
捕获威胁的数量: 3
捕获威胁的信息:
C:\WINDOWS\SET3.tmp
C:\WINDOWS\SET4.tmp
C:\WINDOWS\SET8.tmp
--------------------------------------------------
LDM木马检测程序记录档案
执行扫描的日期: 3,November,2006
执行扫描的时间: 0:16:20
捕获威胁的引擎: LinDirMicro V7.1 -歼灭模式
执行扫描的路径: C:\
捕获威胁的数量: 1
捕获威胁的信息:
C:\WINDOWS\wc98pp.dll
--------------------------------------------------
LDM木马检测程序记录档案
执行扫描的日期: 3,November,2006
执行扫描的时间: 0:37:57
捕获威胁的引擎: LinDirMicro V7.1 -歼灭模式
执行扫描的路径: C:\
捕获威胁的数量: 6
捕获威胁的信息:
C:\WINDOWS\SET3.tmp
C:\WINDOWS\SETA.tmp
C:\WINDOWS\wc98pp.dll
C:\Program Files\Tencent\Viewpoint Media Player\MtsAxInstaller.exe
C:\Program Files\Tencent\Viewpoint Media Player\ComponentMgr.dll
C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll
--------------------------------------------------
LDM木马检测程序记录档案
执行扫描的日期: 3,November,2006
执行扫描的时间: 1:40:43
捕获威胁的引擎: LinDirMicro V7.1 -歼灭模式
执行扫描的路径: C:\
捕获威胁的数量: 6
捕获威胁的信息:
C:\WINDOWS\SET3.tmp
C:\WINDOWS\SETA.tmp
C:\WINDOWS\wc98pp.dll
C:\Program Files\Tencent\Viewpoint Media Player\MtsAxInstaller.exe
C:\Program Files\Tencent\Viewpoint Media Player\ComponentMgr.dll
C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll
--------------------------------------------------
也不知道是真的假的,我想我花了200多买瑞星,就是为了买个放心,不能再单独花钱买杀木马的吧??
用HijackThis查了下,结果如下,麻烦哪位大大给看下:
Logfile of HijackThis v1.99.1
Scan saved at 1:45:42真真上午好, on 2006-11-3
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\RocketDock\RocketDock.exe
D:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolbar.exe
C:\Program Files\flvplayer\flvplayer.exe
d:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
d:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
E:\程序备份\专杀工具\hijackthis\HijackThis.exe
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "d:\program files\rising\rfw\rfwmain.exe" -startup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [lfw] D:\Program Files\LinDirMicro Lab\LAV\lfw.exe
O4 - Startup: Y'z Toolbar.lnk = ?
O4 - Startup: Flash Video.lnk = C:\Program Files\flvplayer\flvplayer.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用影音传送带下载 - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - D:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152120715656
O17 - HKLM\System\CCS\Services\Tcpip\..\{37567A12-B8A9-45BC-A53B-05EFAFD106E0}: NameServer = 211.143.60.56 219.150.150.150
O17 - HKLM\System\CS1\Services\Tcpip\..\{37567A12-B8A9-45BC-A53B-05EFAFD106E0}: NameServer = 211.143.60.56 219.150.150.150
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - d:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\Ravmond.exe
平时机器上装着 瑞星用于病毒防护 瑞星防火墙用于网络安全 ewido anti-spywar用于查杀木马 超级兔子用于查杀流氓软件 一直以来认为自己的系统还是比较安全的
请问我中的到底是什么啊??????如果我这些进程没问题,那么我只能怀疑是
RavMonE.exe的问题了
求高手相助!!!!! 另请求各位有类似问题的朋友上来顶啊!!!
如果只是瑞星升级后出现的问题,也请大家说明!!!
