realplayer进程用KILLBOX也关不掉,关掉一个马上又出来一个,而且killbox只有在安全模式下才能打开,平时一打开就自动关闭,这是什么问题?
在安全模式下用killbox删除realplyer.exe和brlmon.dll,再改浏览器首页,进普通模式,一开始是好的,但是过一会这两个病毒文件又会自动回来了,而且浏览器也自动设成了7939.com
以下是扫描的日志,请斑竹帮忙
HijackThis_815汉化版扫描日志 V1.99.1
保存于 8:37:12, 日期 2006-8-30
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Rising\Rav\CCenter.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Rising\Rav\Ravmond.exe
D:\WINDOWS\Explorer.EXE
d:\program files\rising\rfw\rfwsrv.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rav\Ravmon.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
d:\program files\rising\rfw\RfwMain.exe
D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
D:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Tencent\qq\QQ.exe
D:\Program Files\Tencent\qq\TIMPlatform.exe
G:\soft\HijackThis1991zww.exe
O2 - BHO: shdocvwhlp Class - {BE442802-3911-46E0-B227-076B15A4EAD3} - D:\WINDOWS\system32\mssnmp16.dll
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - D:\WINDOWS\system32\kakatool.dll
O4 - 启动项HKLM\\Run: [RavTask] "D:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [RfwMain] "d:\program files\rising\rfw\rfwmain.exe" -startup
O4 - 启动项HKLM\\Run: [Realplayer.exe] D:\WINDOWS\system32\Realplayer.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Realplayer.exe] D:\WINDOWS\system32\Realplayer.exe
O4 - HKCU\..\RuunServices:[Windows SRT Client] winsrt.exe
O4 - HKCU\..\RuunServices:[Windows SRS Client] winsrs.exe
O4 - HKCU\..\RuunServices:[ATI AS Filter] msnse.exe
O4 - Global Startup: Service Manager.lnk = D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan
Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEDD9BC2-AB58-4FB0-8944-F0C85B323434}: NameServer = 218.2.135.1,202.102.24.35
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dns-0.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dns-0.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dns-0.net
O18 - 列举现有的协议: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - NT 服务: Autodesk Licensing Service - Unknown owner - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - NT 服务: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\Ravmond.exe
