发表于: 2007-10-24 04:00 | 显示全部 短消息 资料
字号: 1楼

刚刚发现2个木马trojdownloader/win32.ieser 。。。帮忙看下。。感激。。

求大侠帮忙看看日志,我觉的好乱了。。。想清理又不敢乱下手。。。
日志文件 Trend Micro HijackThis v 2.0.2
日志保存时间: 3:42:13,2007-10-24
操作系统: Windows XP SP2 (WinNT 5.01.2600)
IE版本: Internet Explorer v6.00 SP2 (6.00.2900.2180)
启动模式: 正常

正在运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\360safe\safemon\360Tray.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\WINDOWS\system32\wuauclt.exe
E:\下载\专杀\HijackThis.exe

O2 - BHO: NavigatMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360safe\safemon\safemon.dll
O4 - HKLM\..\Run: [igfxtray] ; C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [360Safetray] C:\Program Files\360safe\safemon\360Tray.exe /start
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [CertificateRegistration] SafeSignCertReg.exe
O4 - HKLM\..\Run: [bjcacertd_ft11] ; C:\Program Files\Feitian\BJCA\bjcacertd_ft11.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] ; "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - 扩展右键菜单项: &使用BitComet下载 - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - 扩展右键菜单项: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - 扩展右键菜单项: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - 扩展右键菜单项: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - 额外的按钮: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 额外的“工具”菜单项目: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 额外的按钮: BitComet 资源搜索 - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\system32\shdocvw.dll
O9 - 额外的“工具”菜单项目: BitComet 资源搜索 - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\system32\shdocvw.dll
O15 - Trusted Zone: http://www.icbc.com.cn
O16 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} (iTrusPTA Class) - https://img.alipay.com/download/1101/aliedit.cab
O16 - DPF: {5AB9367B-DD7F-411D-A030-DF7DE5E17AAE} (ICBC Security Ctrl) - http://securitycheck.icbc.com.cn/download/NetBankSecurity_cn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192019171828
O16 - DPF: {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} (VqqSpeedDlProxy Class) - http://qqgame.gamedl.qq.com/minigamefile/vqqsdl.cab
O16 - DPF: {B4D9857D-8A55-4442-A577-6B3ED5D4E41B} (ScreenCapture Class) - http://mail.qq.com/zh_CN/activex/TencentMailActiveX.cab
O16 - DPF: {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} (Tencent Safety Online Base Module) - http://safe.qq.com/cgi-bin/tso/TSOBase.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{593A7ED6-3B93-4B6E-BE7F-764A4E4FDA22}: NameServer = 211.98.4.1,211.98.2.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF03A471-7E3B-4B00-B5B2-9AC580EDF5D9}: NameServer = 211.98.4.1 61.235.70.98
O17 - HKLM\System\CS1\Services\Tcpip\..\{593A7ED6-3B93-4B6E-BE7F-764A4E4FDA22}: NameServer = 211.98.4.1,211.98.2.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{593A7ED6-3B93-4B6E-BE7F-764A4E4FDA22}: NameServer = 211.98.4.1,211.98.2.4
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O23 - NT 服务:  InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - NT 服务:  Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务:  Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务:  Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务:  Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务:  StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler )
最后编辑2007-10-29 22:06:01.483000000