你好！

麻烦你帮我分析，万分谢谢！！

我的电脑每次启动的时候瑞星个人防火墙都显示：发现木马，删除成功

Explorer.EXE>>C:\WINDOWS\Explorer.EXE ->Worm.Mail.Fanbot

以下是扫描系统的情况：

Logfile of HijackThis v1.99.1
Scan saved at 18:33:51, on 2005-11-27
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\VM_STI.EXE
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\Program Files\ftc\Trojanwall.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\conime.exe
D:\Program Files\TT\TTraveler.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\BLUEWA~1\LOCALS~1\Temp\Rar$EX95.854\HijackThis.exe
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - d:\BitComet\BitCometBar\BitCometBar0.1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\\winampa.exe"
O4 - HKLM\..\Run: [Windows木马防火墙] C:\Program Files\ftc\Trojanwall.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\qq\SendMMS.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\qq\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE

O15 - Trusted Zone: http://www.icbc.com.cn
O16 - DPF: {2761225D-F0F2-44E8-A2C9-476FB6A3316A} (TRadio Control) - http://dl_dir.qq.com/qqtools/trsetup.exe
O16 - DPF: {276BF72D-CA22-4237-9BCF-593B4E490DE9} (DownLoad Class) - http://img.china.alibaba.com/club/upload/cy2101/onlinesetupimg/atdownload.cab
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/aliedit.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2633648bdc6d24a94b05/netzip/RdxIE601_cn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132878269086
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://www.tenpay.com/download/qqedit.cab
O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} - http://club.jiangmin.com/kvscan/KvDown.cab
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy Class) - http://218.85.138.27/vqqsdl1009.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F125A2DC-185E-4587-AED7-585D12AF598B}: NameServer = 202.101.224.69 202.101.226.68
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe

哪位高手帮忙分析呀???
先谢谢!

急呀,高手帮忙呀!

回5楼的朋友:(谢谢)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ BigDogPathStill Image (STI) DriverVM.c:\windows\vm_sti.exe

+ MSPY2002c:\windows\system32\ime\pintlgnt\imscinst.exe

+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmon.exe

+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtimer.exe

+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Corporation Limitedc:\program files\rising\rfw\rfwmain.exe

+ WinampAgentFile not found: C:\Program Files\Winamp3\\winampa.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ SystemSafetyMonitorMaster ModuleSystem Safetyd:\program files\system safety monitor\syssafe.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Auto Update Property Sheet ExtensionFile not found: C:\WINDOWS\System32\wuaucpl.cpl

+ Display Panning CPL ExtensionFile not found: deskpan.dll

+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

+ WinRAR shell extensionc:\program files\winrar\rarext.dll

+ 用户(&P)...File not found: CLSID\{32714800-2E5F-11d0-8B85-00AA0044F941}\InprocServer32

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Web 文件夹c:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ IeCatch2 Classjccatch ModuleAmaze Softd:\program files\flashget\jccatch.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet BarFlashGet IE BarAmaze Softd:\program files\flashget\fgiebar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGetFlashGetAmaze Softd:\program files\flashget\flashget.exe

+ @shdoclc.dll,-864c:\windows\web\related.htm

+ Yahoo! Messengerc:\program files\yahoo!\messenger\ypager.exe

+ 腾讯QQQQTENCENTd:\program files\qq\qq.exe

Task Scheduler

+ DDD_Install_Program.jobFile not found: C:\DOCUME~1\BLUEWA~1\LOCALS~1\Temp\remotesetup.exe

HKLM\System\CurrentControlSet\Services

+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Corporation Limitedc:\program files\rising\rfw\rfwsrv.exe

+ RsCCenterCCenterrisingc:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe

HKLM\System\CurrentControlSet\Services

+ ac97intcIntel(r) Integrated Controller Hub Audio DriverIntel Corporationc:\windows\system32\drivers\ac97intc.sys

+ ati2mtaaATI RAGE 128 Miniport DriverATI Technologies Inc.c:\windows\system32\drivers\ati2mtaa.sys

+ BaseTDIbasetdiRisingc:\windows\system32\drivers\basetdi.sys

+ ExpScanerExpScan.sysc:\program files\rising\rav\expscan.sys

+ FETNDISNDIS 5.0 miniport driverVIA Technologies, Inc.              c:\windows\system32\drivers\fetnd5a.sys

+ GMSIPCIFile not found: G:\INSTALL\GMSIPCI.SYS

+ HookContTDI HOOK DriverRising tech Co. ltdc:\program files\rising\rav\hookcont.sys

+ HookRegc:\program files\rising\rav\hookreg.sys

+ HookSys瑞星c:\program files\rising\rav\hooksys.sys

+ kmsinputc:\windows\system32\drivers\kmsinput.sys

+ npkcryptnProtect KeyCrypt DriverINCA Internet Co., Ltd.d:\program files\qq\npkcrypt.sys

+ npkycrypFile not found: D:\Program Files\qq\npkycryp.sys

+ nvNVIDIA Compatible Windows 2000 Miniport Driver, Version 29.58 NVIDIA Corporationc:\windows\system32\drivers\nv4_mini.sys

+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys

+ RsFwDrvnt_fwdrvRisingc:\program files\rising\rfw\rsfwdrv.sys

+ rtl8029File not found: System32\DRIVERS\RTL8029.SYS

+ rtl8139NDIS 5.0 driver                                                                  Realtek Semiconductor Corporation                                                c:\windows\system32\drivers\rtl8139.sys

+ S3PsddrS3 ProSavage(DDR) & Twister Miniport DriverS3 Graphics, Inc.c:\windows\system32\drivers\s3gnbm.sys

+ safemonSystem Safety Monitor 2.0 extension for Windows security layerSystem Safetyc:\windows\system32\drivers\safemon.sys

+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys

+ SetupNTc:\windows\system32\setupnt.sys

+ STAC97VIA VT82C686A Audio Driver (WDM)SigmaTel, Inc.c:\windows\system32\drivers\stac97.sys

+ viaagp1VIA NT AGP FilterVIA Technologies, Inc.c:\windows\system32\drivers\viaagp1.sys

+ VIAudioVIA AC'97 Enhanced Audio WDM Driver VIA Technologies, Inc.c:\windows\system32\drivers\viaudio.sys

+ vulfnthsVIA USB Host Controller Lower Filter DriverVIA Technologies, Inc.c:\windows\system32\drivers\vulfnth.sys

+ vulfntrsVIA USB Roothub Lower Filter DriverVIA Technologies, Inc.c:\windows\system32\drivers\vulfntr.sys

+ ZSMC301bVideo streaming and Capture Device DriverVMc:\windows\system32\drivers\usbvm31b.sys

你好！谢谢！
我试过了，还是不能成功呀！

重新扫描了，情况如下：
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ BigDogPathStill Image (STI) DriverVM.c:\windows\vm_sti.exe

+ MSPY2002c:\windows\system32\ime\pintlgnt\imscinst.exe

+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmon.exe

+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtimer.exe

+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Corporation Limitedc:\program files\rising\rfw\rfwmain.exe

+ WinampAgentFile not found: C:\Program Files\Winamp3\\winampa.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ SystemSafetyMonitorMaster ModuleSystem Safetyd:\program files\system safety monitor\syssafe.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

+ WinRAR shell extensionc:\program files\winrar\rarext.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Web 文件夹c:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ IeCatch2 Classjccatch ModuleAmaze Softd:\program files\flashget\jccatch.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet BarFlashGet IE BarAmaze Softd:\program files\flashget\fgiebar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGetFlashGetAmaze Softd:\program files\flashget\flashget.exe

+ @shdoclc.dll,-864c:\windows\web\related.htm

+ Yahoo! Messengerc:\program files\yahoo!\messenger\ypager.exe

+ 腾讯QQQQTENCENTd:\program files\qq\qq.exe

Task Scheduler

+ DDD_Install_Program.jobFile not found: C:\DOCUME~1\BLUEWA~1\LOCALS~1\Temp\remotesetup.exe

HKLM\System\CurrentControlSet\Services

+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Corporation Limitedc:\program files\rising\rfw\rfwsrv.exe

+ RsCCenterCCenterrisingc:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe

HKLM\System\CurrentControlSet\Services

+ ac97intcIntel(r) Integrated Controller Hub Audio DriverIntel Corporationc:\windows\system32\drivers\ac97intc.sys

+ ati2mtaaATI RAGE 128 Miniport DriverATI Technologies Inc.c:\windows\system32\drivers\ati2mtaa.sys

+ BaseTDIbasetdiRisingc:\windows\system32\drivers\basetdi.sys

+ ExpScanerExpScan.sysc:\program files\rising\rav\expscan.sys

+ FETNDISNDIS 5.0 miniport driverVIA Technologies, Inc.              c:\windows\system32\drivers\fetnd5a.sys

+ HookContTDI HOOK DriverRising tech Co. ltdc:\program files\rising\rav\hookcont.sys

+ HookRegc:\program files\rising\rav\hookreg.sys

+ HookSys瑞星c:\program files\rising\rav\hooksys.sys

+ kmsinputc:\windows\system32\drivers\kmsinput.sys

+ npkcryptnProtect KeyCrypt DriverINCA Internet Co., Ltd.d:\program files\qq\npkcrypt.sys

+ nvNVIDIA Compatible Windows 2000 Miniport Driver, Version 29.58 NVIDIA Corporationc:\windows\system32\drivers\nv4_mini.sys

+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys

+ RsFwDrvnt_fwdrvRisingc:\program files\rising\rfw\rsfwdrv.sys

+ rtl8139NDIS 5.0 driver                                                                  Realtek Semiconductor Corporation                                                c:\windows\system32\drivers\rtl8139.sys

+ S3PsddrS3 ProSavage(DDR) & Twister Miniport DriverS3 Graphics, Inc.c:\windows\system32\drivers\s3gnbm.sys

+ safemonSystem Safety Monitor 2.0 extension for Windows security layerSystem Safetyc:\windows\system32\drivers\safemon.sys

+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys

+ STAC97VIA VT82C686A Audio Driver (WDM)SigmaTel, Inc.c:\windows\system32\drivers\stac97.sys

+ viaagp1VIA NT AGP FilterVIA Technologies, Inc.c:\windows\system32\drivers\viaagp1.sys

+ VIAudioVIA AC'97 Enhanced Audio WDM Driver VIA Technologies, Inc.c:\windows\system32\drivers\viaudio.sys

+ vulfnthsVIA USB Host Controller Lower Filter DriverVIA Technologies, Inc.c:\windows\system32\drivers\vulfnth.sys

+ vulfntrsVIA USB Roothub Lower Filter DriverVIA Technologies, Inc.c:\windows\system32\drivers\vulfntr.sys

+ ZSMC301bVideo streaming and Capture Device DriverVMc:\windows\system32\drivers\usbvm31b.sys

你好!谢谢!
把瑞星防火墙设置为:不自动启动.
重新启动电脑;
监控不会报毒,但用瑞星杀毒,提示:发现病毒,删除成功

Explorer.EXE>>C:\WINDOWS\Explorer.EXE ->Worm.Mail.Fanbot

你好!谢谢!
ProcessPIDCPUDescriptionCompany Name
System Idle Process048.44
Interruptsn/a1.56Hardware Interrupts
DPCsn/a0.78Deferred Procedure Calls
System40.78
  SMSS.EXE584Windows NT Session ManagerMicrosoft Corporation
  CSRSS.EXE6523.13Client Server Runtime ProcessMicrosoft Corporation
  WINLOGON.EXE676Windows NT Logon ApplicationMicrosoft Corporation
    SERVICES.EXE72810.94Services and Controller appMicrosoft Corporation
    SVCHOST.EXE900Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE996Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE1116Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE1132Generic Host Process for Win32 ServicesMicrosoft Corporation
    RavMonD.exe11523.13RavMonBeijing Rising Technology Co., Ltd.
      RavStub.exe1280Rising Rav StubBeijing Rising Technology Co., Ltd.
    SPOOLSV.EXE1492Spooler SubSystem AppMicrosoft Corporation
    alg.exe912Application Layer Gateway ServiceMicrosoft Corporation
    SVCHOST.EXE1020Generic Host Process for Win32 ServicesMicrosoft Corporation
    LSASS.EXE740LSA Shell (Export Version)Microsoft Corporation
EXPLORER.EXE17043.91Windows ExplorerMicrosoft Corporation
VM_STI.EXE208Still Image (STI) DriverVM.
RavTimer.exe224RavTimerBeijing Rising Technology Co., Ltd.
RavMon.exe232RavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.
Trojanwall.exe2401.56Windows木马清道夫-木马防火墙风云谷
CTFMON.EXE248CTF LoaderMicrosoft Corporation
TTraveler.exe16964.69Tencent Traveler腾讯公司
conime.exe1220Console IMEMicrosoft Corporation
WinRAR.exe1656
procexp.exe13001.56Sysinternals Process ExplorerSysinternals
procexp.exe140819.53Sysinternals Process ExplorerSysinternals

Process: System Idle Process Pid: 0

TypeName

你好!我试了,还是没效果!
太感谢你了!谢谢!

如果哪位高手路过,请多多指点呀!我很需要量你们的帮助呀!
先谢谢了!