瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 有谁能告诉我HijackThis中哪个是病毒

1   1  /  1  页   跳转

有谁能告诉我HijackThis中哪个是病毒

有谁能告诉我HijackThis中哪个是病毒

O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
这是我的日志,哪位好心人帮我看看啊```告诉我哪个是病毒,谢谢了```
最后编辑2005-07-06 14:25:48
分享到:
gototop
 

【回复“紫陌0”的帖子】
似乎并无木马病毒信息...

建议楼主把日志贴完整
gototop
 

没看到病毒啊?
gototop
 

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      13:43:11, 日期 2005-7-6
操作系统:  Windows XP SP1 (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\NetSpeeder\NetSpeeder.exe
D:\Program Files\Rising\Rfw\rfwmain.exe
D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ChinaNet\VnetClient.exe
D:\Program Files\Maxthon\Maxthon.exe
d:\Program Files\Sandai Technologies Inc\ThunderMini\ThunderMini.exe
D:\PROGRA~1\RISING\RAV\RavMon.exe
C:\WINDOWS\System32\conime.exe
F:\HT\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: IeControler Class - {9AFD91F9-6B03-4D22-A1E1-67D224CB7AB1} - d:\Program Files\NetSpeeder\IEMate.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\flashget\fgiebar.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - IE工具栏增项: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINDOWS\WORLD2\TOOLBAR\hmtoolbar.dll
O4 - 启动项HKLM\\Run: [NetSpeeder] "D:\Program Files\NetSpeeder\NetSpeeder.exe" hide
O4 - 启动项HKLM\\Run: [RfwMain] d:\Program Files\Rising\Rfw\rfwmain.exe
O4 - 启动项HKLM\\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\Program Files\Sandai Technologies Inc\Thunder\getAllurl.htm
O8 - IE右键菜单中的新增项目: &使用迷你迅雷下载 - d:\Program Files\Sandai Technologies Inc\ThunderMini\geturl.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - D:\Program Files\flashget\jc_link.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\Tencent\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\Tencent\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\Tencent\qq\SendMMS.htm
O8 - IE右键菜单中的新增项目: 用比特精灵下载(&B) - D:\Program Files\BitSpirit\bsurl.htm
O9 - 浏览器额外的按钮: 迅雷 - {1FBA04EE-3024-11D2-8F1F-000019796948}} - d:\Program Files\Sandai Technologies Inc\Thunder\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 迅雷 - {1FBA04EE-3024-11D2-8F1F-000019796948}} - d:\Program Files\Sandai Technologies Inc\Thunder\Thunder.exe
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O11 - Options group: [!ANetSpeeder]  NetSpeeder
O16 - DPF: {0400AC1C-EEF0-4638-A501-31D5A0DC2002} (VTPlug3 Class) - http://202.101.62.196:1995/VTrans.cab
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {54F8C0E2-34F9-474F-B47F-2CFCFE2300A2} (IEBHOLiver Class) - http://download.imu.com.cn/client/chatatwill/ie/imuliver.cab
O16 - DPF: {59CCB4A0-727D-11CF-AC36-00AA00A47DD2} (Timer Object) - http://www.xintv.com/download/ietimer.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://202.101.62.196:1995/talk.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.CAB
O16 - DPF: {7B6FE245-928D-47FC-81EA-01DBDAC5C1B2} (InstallCtl Class) - http://god.chinavnet.com/download/DIAX.cab
O16 - DPF: {8819C261-5B61-4628-908C-9BE795EABEC3} (IE Class) - http://www.95599.cn/download/ABC.cab
O16 - DPF: {991481A7-4669-4E15-8C24-100404E1F5CB} (Blueskyvoice Control) - http://www.bluesky.cn/download/blueskyvoice_60.cab
O16 - DPF: {ACFE8232-03C5-4AEC-AF5E-42B806724096} (KSHScan Control) - http://scan.kingsoft.com/scan/fangyi/KAllScan.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{33D8273C-643A-4E37-B27A-CCB3F5BFCA2F}: NameServer = 202.102.192.68 202.102.199.68
O18 - 列举现有的协议: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\System32\mbprot.dll
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - (no file)
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

不好意思啊```
gototop
 

O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
我在想是不是这个```
gototop
 

【回复“紫陌0”的帖子】
Process File: ati2sgag or ati2sgag.exe
Process Name: ATI Smart System Service
Description: ati2sgag.exe is a process associated with the drivers for ATI graphic cards
gototop
 

接下来怎么清除啊???我不知道啊```麻烦给我详解好吗???谢谢了```
gototop
 

R3项修复,O16项显示你的机器中插件较多,看看,没必要的都可以修复。
gototop
 

可是我每次开机都有病毒啊```我该怎么办???
gototop
 
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT