发表于: 2007-05-22 11:52 | 显示全部 短消息 资料
字号: 1楼

求助,开机总提示有木马和病毒。(附扫描日志)

Logfile of HijackThis v1.99.1
Scan saved at 11:37:45, on 2005-5-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Rising\Rfw\rfwmain.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\World of Warcraft\Launcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jesson\桌面\HijackThis.exe

O1 - Hosts: 61.152.169.246 www.kuaiso.com
O1 - Hosts: 61.152.169.246 www.my6688.cn
O1 - Hosts: 61.152.169.246 www.union123.com
O1 - Hosts: 61.152.169.246 www.ktan.cn
O1 - Hosts: 61.152.169.246 www.2t2t.cn
O1 - Hosts: 61.152.169.246 www.cq530.com
O1 - Hosts: 61.152.169.246 www.365tc.com
O1 - Hosts: 61.152.169.246 ad.qucha.net
O1 - Hosts: 61.152.169.246 www.tan8.cn
O1 - Hosts: 61.152.169.246 www.itjj.net
O1 - Hosts: 61.152.169.246 www.start188.com
O1 - Hosts: 61.152.169.246 www.at58.cn
O1 - Hosts: 61.152.169.246 union.yxad.com
O1 - Hosts: 61.152.169.246 www.iptan.com
O1 - Hosts: 61.152.169.246 www.ip2008.net
O1 - Hosts: 61.152.169.246 www.yqif.com
O1 - Hosts: 61.152.169.246 www.2t2t.cn
O1 - Hosts: 61.152.169.246 www.17tan8.com
O1 - Hosts: 61.152.169.246 17tan8.com
O1 - Hosts: 61.152.169.246 www.688ip.com
O1 - Hosts: 61.152.169.246 www.17tc.com
O1 - Hosts: 61.152.169.246 www.zztan.com
O1 - Hosts: 61.152.169.246 www.5tanip.com
O1 - Hosts: 61.152.169.246 www.16tc.com
O1 - Hosts: 61.152.169.246 www.163se.net
O1 - Hosts: 61.152.169.246 www.724tc.com
O1 - Hosts: 61.152.169.246 www1.6tan.com
O1 - Hosts: 61.152.169.246 www2.6tan.com
O1 - Hosts: 61.152.169.246 www.6tan.com
O1 - Hosts: 61.152.169.246 quxiuu.com
O1 - Hosts: 61.152.169.246 www.quxiuu.com
O1 - Hosts: 61.152.169.246 www.23b.cn
O1 - Hosts: 61.152.169.246 www.ookkw.com
O1 - Hosts: 61.152.169.246 www.97725.com
O1 - Hosts: 61.152.169.246 down.97725.com
O1 - Hosts: 61.152.169.246 www.54699.com
O1 - Hosts: 61.152.169.246 web.77276.com
O1 - Hosts: 61.152.169.246 www.77276.com
O1 - Hosts: 61.152.169.246 d.77276.com
O1 - Hosts: 61.152.169.246 do.77276.com
O1 - Hosts: 61.152.169.246 i.96981.com
O1 - Hosts: 61.152.169.246 wm.103715.com
O1 - Hosts: 61.152.169.246 www.138505.com
O1 - Hosts: 61.152.169.246 cool.47555.com
O1 - Hosts: 61.152.169.246 www.437799.com
O1 - Hosts: 61.152.169.246 www.168080.com
O1 - Hosts: 61.152.169.246 w.168080.com
O1 - Hosts: 61.152.169.246 q.168080.com
O1 - Hosts: 61.152.169.246 www.baidu8.org
O1 - Hosts: 61.152.169.246 d.qbbd.com
O1 - Hosts: 61.152.169.246 w.qbbd.com
O1 - Hosts: 61.152.169.246 www.npjxjy.com
O1 - Hosts: 61.152.169.246 www.wwwlm.net
O1 - Hosts: 61.152.169.246 new2.jixie123.cn
O1 - Hosts: 61.152.169.246 www.18dmm.com
O1 - Hosts: 61.152.169.246 www.souxse.cn
O1 - Hosts: 61.152.169.246 dm1.yiall.com
O1 - Hosts: 61.152.169.246 www.nze21.com
O1 - Hosts: 61.152.169.246 www.puma163.com
O1 - Hosts: 61.152.169.246 www.hyap98.com
O1 - Hosts: 61.152.169.246 www.51liulan.cn
O1 - Hosts: 61.152.169.246 s.gcuj.com
O1 - Hosts: 61.152.169.246 long.down988.cn
O1 - Hosts: 61.152.169.246 x.vvcyin.com
O1 - Hosts: 61.152.169.246 w.vvcyin.com
O1 - Hosts: 61.152.169.246 cc.wzxqy.com
O1 - Hosts: 61.152.169.246 ip.315hack.com
O1 - Hosts: 61.152.169.246 ip.54liumang.com
O1 - Hosts: 61.152.169.246 www.41ip.com
O1 - Hosts: 61.152.169.246 xulao.com
O1 - Hosts: 61.152.169.246 www.xulao.com
O1 - Hosts: 61.152.169.246 www.heixiou.com
O1 - Hosts: 61.152.169.246 www.9cyy.com
O1 - Hosts: 61.152.169.246 adnx.yygou.cn
O1 - Hosts: 61.152.169.246 www1.cw988.cn
O1 - Hosts: 61.152.169.246 www2.cw988.cn
O1 - Hosts: 61.152.169.246 www.asdwc.com
O1 - Hosts: 61.152.169.246 ceoww.com
O1 - Hosts: 61.152.169.246 boolom.com
O1 - Hosts: 61.152.169.246 www.boolom.com
O1 - Hosts: 61.152.169.246 www.tellumore.com
O1 - Hosts: 61.152.169.246 www.o1wg.com
O1 - Hosts: 61.152.169.246 www.qq756.com
O1 - Hosts: 61.152.169.246 ll.chinasese.net
O1 - Hosts: 61.152.169.246 www.cnwangmeng.cn
O1 - Hosts: 61.152.169.246 0.82211.net
O1 - Hosts: 61.152.169.246 rising.whatthishome.com
O1 - Hosts: 61.152.169.246 www.canqiou.com
O1 - Hosts: 61.152.169.246 www.if56.cn
O1 - Hosts: 61.152.169.246 woai777.com
O1 - Hosts: 61.152.169.246 www.cz-kc.com
O1 - Hosts: 61.152.169.246 www.f1ash8.net
O1 - Hosts: 61.152.169.246 new.hackpp.com
O1 - Hosts: 61.152.169.246 ad.taoip.cn
O1 - Hosts: 61.152.169.246 www.game53.com
O1 - Hosts: 61.152.169.246 up.boolom.com
O1 - Hosts: 61.152.169.246 t.gcuj.com
O1 - Hosts: 61.152.169.246 w.zpx520.com
O1 - Hosts: 61.152.169.246 www.08325.cn
O1 - Hosts: 61.152.169.246 d.fangni.net
O1 - Hosts: 61.152.169.246 psxiaokan1.mei7.com
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\RunOnce: [RavStub] "C:\PROGRAM FILES\RISING\RAV\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &使用快车(FlashGet)下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &使用快车(FlashGet)下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\浩方对战平台\GameClient.exe
O9 - Extra button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: 快车 - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: 快车(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A84EADCC-87DC-4F59-852A-AD4CA5972953}: NameServer = 202.106.195.68,202.106.46.151
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe

最后编辑2007-05-22 13:04:15