首先我的瑞星是正版的,每天都升级了,是最新的,但是杀了之后重启这个毒又冒出来了,用专杀工具的话查都查不出来,请高手帮帮我吧!下面是我用HijackThis 扫描出来的日志,帮忙看看吧Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
F:\software\setupped\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
F:\software\setupped\Rising\Rav\Ravmond.exe
f:\software\setupped\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
F:\software\setupped\Rising\Rav\RavStub.exe
f:\software\setupped\rising\rfw\RfwMain.exe
F:\software\setupped\淘宝旺旺\WangWang.EXE
F:\software\setupped\Rising\Rav\RavTask.exe
F:\software\setupped\Rising\Rav\Ravmon.exe
C:\ThAMS2000\bin\BDEConfig.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\DELL\LOCALS~1\Temp\Rar$EX00.969\HijackThis.exe
F:\software\setupped\Rising\Rav\Smartup.exe
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: QQIEHelper - _{54EBD53A-9BC1-480B-966A-843A333CA162} - (no file)
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\software\setupped\Adobe Reader 7.0.7\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\software\setupped\FlashGet\jccatch.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O2 - BHO: NewWeb Controller - {9ACEEE30-143F-471A-AA45-72B061FE7D60} - C:\WINDOWS\system32\WinSC64.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - F:\software\setupped\KuGoo3\KuGoo3DownXControl.ocx (file missing)
O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yassist.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\software\setupped\FlashGet\fgiebar.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINDOWS\system32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - HKLM\..\Run: [WangWang] "F:\software\setupped\淘宝旺旺\WangWang.EXE"
O4 - HKLM\..\Run: [RavTask] "F:\software\setupped\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "F:\software\setupped\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\RunOnce: [RavStub] "F:\software\setupped\Rising\Rav\ravstub.exe" /RUNONCE
O4 - Global Startup: 服务器设置工具.lnk = C:\ThAMS2000\bin\BDEConfig.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - F:\software\setupped\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - F:\software\setupped\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - F:\software\setupped\FlashGet\jc_all.htm
O8 - Extra context menu item: 使用迅雷下载 - F:\software\setupped\Thunder\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - F:\software\setupped\Thunder\getallurl.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - F:\software\setupped\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - F:\software\setupped\qq\AddEmotion.htm
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\software\setupped\qq\SendMMS.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/203
O9 - Extra button: 新浪UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - F:\software\setupped\UC\uc.exe (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\software\setupped\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\software\setupped\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\software\setupped\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\software\setupped\qq\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://10.66.48.36
O15 - Trusted IP range: http://10.66.48.212
O16 - DPF: {190F83F0-697B-4F26-9232-2E98596463B2} (ZotnClientLib.ZotnClient) - http://10.66.48.36/codebase/ZotnClientLib.CAB
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {46BF5CFC-0536-459B-976E-E6FF8C1C2E4A} (ZotnClientFigure.WorkFlowFigure) - http://10.66.48.36/codebase/ZotnClientFigure.CAB
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl
Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {6AAD4967-D42B-11D3-9E9C-0080C8BAC3E7} (En_Decrypt Control) - http://10.66.48.36/codebase/En_Decrypt.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab
O16 - DPF: {85685942-1553-4381-96C2-5C7C3B7EA73F} (ZotnCmnDlg.MainDlg) - http://10.66.48.36/codebase/ZotnCmnDlg.CAB
O16 - DPF: {8FF3B784-0106-4411-9653-38F97F77548B} (ZotnTree.Tree) - http://10.66.48.36/codebase/Tree.CAB
O16 - DPF: {C3A57B60-C117-11D2-BD9B-00105A0A7E89} (SAXFile ActiveX Control) - http://10.66.48.36/codebase/SAXFile.cab
O16 - DPF: {DECEDC28-10BC-4D9F-9D83-50C2856F4441} (INetDisplay2 Control) - http://10.66.48.212/INetDisplay2.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan
Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3CC221F-8BBB-44CF-9BCB-D9B592395A08}: NameServer = 61.128.128.68
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - F:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - f:\software\setupped\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - f:\software\setupped\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - F:\software\setupped\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - F:\software\setupped\Rising\Rav\Ravmond.exe
O23 - Service: 硬件管理设备 - Unknown owner - C:\WINDOWS\oasis.exe
