都帮俺看看啊，有毒找不到！ bbs.ikaka.com

厚道的虎哥 - 2005-12-27 18:05:00

HijackThis_815汉化版扫描日志 V1.99.1
保存于 17:58:53, 日期 2005-12-27
操作系统： Windows XP SP1 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\Program Files\Rising\Rfw\rfwsrv.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rfw\RfwMain.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\beelink\bverify\bverify.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\杀毒\HijackThis1991zww扫描注册表项和系统\HijackThis1991zww.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\看报纸\所有读报组件\ActiveX\AcroIEHelper.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll (file missing)
O2 - BHO: apronA Class - {557B9038-FC87-453C-8B08-32D85F46EAC4} - C:\WINDOWS\REALON~1.DLL
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - D:\下载软件\BitComet\BitCometBar\BitCometBar0.1.dll (file missing)
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\KakaTool.dll
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - 启动项HKLM\\Run: [QuickTime Task] rem "D:\播放器\quicktime\qttask.exe" -atboottime
O4 - 启动项HKLM\\Run: [AC] C:\Program Files\beelink\bverify\bverify.exe
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O8 - IE右键菜单中的新增项目: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 反向链接 - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\QQ\SendMMS.htm
O8 - IE右键菜单中的新增项目: 百度-搜索MP3 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUMP3.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索图片 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUIMG.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索新闻 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUNEWS.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索歌词 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDULYRIC.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索网页 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUSEARCH.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索贴吧 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUPOST.HTM
O8 - IE右键菜单中的新增项目: 百度-词典搜索 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDU_DIC.HTM
O8 - IE右键菜单中的新增项目: 类似网页 - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - IE右键菜单中的新增项目: 缓存的网页快照 - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - IE右键菜单中的新增项目: 翻译英文字词(&T) - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O9 - 浏览器额外的按钮: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - 浏览器额外的按钮: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - 浏览器额外的按钮: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: 随身行网络电话 - {A22261F5-F9DC-444C-9F77-DC061C9CD1C1} - D:\网络电话\新版2.0\cnc-voip.exe
O9 - 浏览器额外的“工具”菜单项: 随身行网络电话 - {A22261F5-F9DC-444C-9F77-DC061C9CD1C1} - D:\网络电话\新版2.0\cnc-voip.exe
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] 上网助手-地址栏搜索
O12 - IE插件，支持文件类型.mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://origin-www.ahn.com.cn/aspservice/plugin/myv3.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5C20D5F-C07F-4914-936E-8BE67291827F}: NameServer = 10.254.131.253
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - NT 服务: Read Ini Services (Readini32) - Unknown owner - C:\WINDOWS\System32\Readini32.exe (file missing)
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

另网页监控发现...............

虎哥老大 - 2005-12-28 19:15:00

引用:

【玉面修罗的贴子】发现的什么。。。有报告吗？
文件的名字及路径
...........................[/qu病毒名称处理结果发现日期扫描方式路径文件病毒来源
Exploit.HTML.CodeExec 需要解压缩后杀毒 2005-12-26 14:09 手动扫描 C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\7B6VNCVW down[1].chm>>/down.htm 本机
Exploit.HTML.CodeExec 需要解压缩后杀毒 2005-12-26 14:09 手动扫描 C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\0PWI4QFS 30686[1].chm>>/30686.htm 本机
Trojan.DL.Agent.egv 删除成功 2005-12-26 14:29 手动扫描 C:\FOUND.001 FILE0000.CHK 本机
ote]病毒名称处理结果发现日期扫描方式路径文件
Exploit.HTML.Mht.cj 删除成功 2005-12-16 13:01 文件监控 C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\G5AB4HYF a6.a6[1].htm
Exploit.HTML.Mht.cj 跳过脚本 2005-12-16 13:01 网页/脚本监控 C:\DOCUME~1\BLUEWA~1\LOCALS~1\Temp 101639927720.tmp
VBS.StartPage.d 跳过脚本 2005-12-17 19:23 网页/脚本监控 C:\DOCUME~1\BLUEWA~1\LOCALS~1\Temp 239224590112.tmp
Js.hta.StartPage 忽略 2005-12-17 19:40 文件监控 C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\H012UVEX test[1].hta
Js.hta.StartPage 删除成功 2005-12-17 19:40 文件监控 C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\H012UVEX test[2].hta
Js.hta.StartPage 忽略 2005-12-18 20:47 文件监控 C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\WXYBSDUB test[1].hta
Js.hta.StartPage 删除成功 2005-12-18 20:47 文件监控 C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\GPYVOLER test[1].hta
Trojan.Saghost.20 删除成功 2005-12-22 13:43 文件监控 C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\SZ672XYH windows[1].exe
Js.hta.StartPage 删除成功 2005-12-22 13:44 文件监控 C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\01ERSTI7 home[1].hta
Exploit.HTML.mht.br 重新启动计算机后删除文件 2005-12-25 21:35 文件监控 C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\SZ672XYH 30686[1].htm
VBS.StartPage.h 删除成功 2005-12-25 21:35 文件监控 C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\0PWI4QFS tongji1[2].hta
VBS.StartPage.g 重新启动计算机后删除文件 2005-12-25 21:35 文件监控 C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\RT4RROHA tongji2[2].hta
Exploit.HTML.mht.br 删除成功 2005-12-25 21:35 文件监控 C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\01ERSTI7 30686[1].htm
VBS.StartPage.g 删除成功 2005-12-25 21:35 文件监控 C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\RT4RROHA tongji2[1].hta
VBS.StartPage.h 删除成功 2005-12-25 21:35 文件监控 C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\E3GNUDWF tongji1[1].hta
Exploit.HTML.mht.br 忽略 2005-12-25 21:36 文件监控 C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\IPKRAHO1 30686[1].htm
VBS.StartPage.g 删除成功 2005-12-25 21:36 文件监控 C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\RT4RROHA tongji2[1].hta
Exploit.HTML.mht.br 删除成功 2005-12-25 21:36 文件监控 C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\RT4RROHA 30686[1].htm
VBS.StartPage.h 删除成功 2005-12-25 21:36 文件监控 C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\RT4RROHA tongji1[1].hta
VBS.StartPage.d 跳过脚本 2005-12-25 22:08 网页/脚本监控 C:\DOCUME~1\BLUEWA~1\LOCALS~1\Temp 3948117716808.tmp
Exploit.HTML.mht.br 删除成功 2005-12-25 22:35 文件监控 C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\E3GNUDWF 30686[1].htm
VBS.StartPage.h 忽略 2005-12-25 22:35 文件监控 C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\0PWI4QFS tongji1[1].hta
VBS.StartPage.d 跳过脚本 2005-12-26 14:00 网页/脚本监控 C:\DOCUME~1\BLUEWA~1\LOCALS~1\Temp 2492117978752.tmp
VBS.StartPage.d 跳过脚本 2005-12-26 16:36 网页/脚本监控 C:\DOCUME~1\BLUEWA~1\LOCALS~1\Temp 124145831576.tmp
VBS.StartPage.d 跳过脚本 2005-12-26 20:49 网页/脚本监控 C:\DOCUME~1\BLUEWA~1\LOCALS~1\Temp 2840136395128.tmp
VBS.StartPage.d 跳过脚本 2005-12-27 14:39 网页/脚本监控 C:\DOCUME~1\BLUEWA~1\LOCALS~1\Temp 900116799648.tmp
VBS.StartPage.d 跳过脚本 2005-12-27 18:08 网页/脚本监控 C:\DOCUME~1\BLUEWA~1\LOCALS~1\Temp 2096117782184.tmp
Backdoor.RBot.bge 删除成功 2005-12-27 21:21 文件监控 C:\WINDOWS\System32 MSWSA32.exe
VBS.StartPage.d 跳过脚本 2005-12-27 22:28 网页/脚本监控 C:\DOCUME~1\BLUEWA~1\LOCALS~1\Temp 204115554024.tmp
Backdoor.RBot.bge 删除成功 2005-12-27 23:03 文件监控 C:\WINDOWS\SYSTEM32 MSWSA32.EXE
Exploit.HTML.mht.br 删除成功 2005-12-28 12:14 文件监控 C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\ODMFS9YR 30686[1].htm
VBS.StartPage.g 删除成功 2005-12-28 12:15 文件监控 C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\GPSV4B8N tongji2[2].hta

查看完整版本: 都帮俺看看啊，有毒找不到！

瑞星卡卡安全论坛