各位斑竹大侠:
这是我昨天早上用瑞星查出的
Back door.Agent.aen(这个是什么呢?)
Trojan-Downloader.win32.Agent.ad
Trojan-Downloader.win32.Agent.cl
Trojan spy.Mslagent
但还是发现QQ不能用,而且QQ文件夹里(其它的文件夹也有)有一堆未知的.dll动态连接库文件(打开就是一个新浪围棋的连接)以下是用HijackThis1.99.1扫系统日志 请帮我看看!谢谢!!!
HijackThis_zww汉化版扫描日志 V1.99.1
保存于 17:16:12, 日期 2005-9-28
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINNT\system32\ctfmon.exe
C:\PROGRA~1\SUPERR~1\MagicSet\SRIECLI.EXE
C:\WINNT\system32\conime.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINNT\msagent\AgentSvr.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX01.896\HijackThis1991zww.exe
C:\WINNT\system32\wuauclt.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O2 - BHO: 好看123上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - C:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~1.DLL
O3 - IE工具栏增项: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - IE工具栏增项: (no name) - {EF72500A-C234-46C4-BF0A-9AA6913DDF34} - (no file)
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - IE工具栏增项: 好看123上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - C:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~1.DLL
O4 - 启动项HKLM\\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - 启动项HKLM\\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\CTFMON.EXE
O4 - HKCU\..\Run: [Super Rabbit IEPro] C:\PROGRA~1\SUPERR~1\MagicSet\SRIECLI.EXE /LOAD
O4 - Global Startup: EPSON Status Monitor 3 环境检测 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - IE右键菜单中的新增项目: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINNT\system32\shdocvw.dll
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINNT\system32\shdocvw.dll
O16 - DPF: {48FE89A0-486C-48DF-9DEC-BED22BDC6057} (XIsOro Control) - http://www.sinago.com/download/OroCheck.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - NT 服务: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
