backdoor.hupigon.jn.ut.dll

MHTMLRedir.Exploit.c

Script.Htmlstring.Encode

Chm.Exefile.container.s

我用的是费尔托斯特
没有注册没有杀毒功能
所以也不告诉路径以及文件说明
谢谢你

这是兄弟扫描日记请帮忙看下 先谢谢了HijackThis_zww汉化版扫描日志 V1.99.1
保存于      20:31:44, 日期 11/30/05
操作系统：  Windows 98 SE (Win9x 4.10.2222A)
浏览器：    Internet Explorer v5.00 (5.00.2614.3500)

当前运行的进程：         
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\RISING\RAV\RAVTIMER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\FILSECLAB\FILMSG.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS1991ZWW.EXE

O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASBAR.DLL
O3 - IE工具栏增项: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASBAR.DLL
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\SYSTEM\KAKATOOL.DLL
O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [SystemTray] systray.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [internat.exe] internat.exe
O4 - 启动项HKLM\\Run: [helper.dll] C:\WINDOWS\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - 启动项HKLM\\Run: [Super Rabbit SafeEdit] C:\PROGRAM FILES\SUPER RABBIT\MAGICSET\SRFC.EXE /Load
O4 - 启动项HKLM\\RunServices: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\RunServices: [RsCcenter] C:\PROGRA~1\RISING\RAV\CCENTER.EXE
O4 - 启动项HKLM\\RunServices: [RavMond] C:\PROGRA~1\RISING\RAV\RAVMOND.EXE
O4 - 启动项HKLM\\RunOnce: [Micropoint] C:\Program Files\Common Files\Micropoint Share\Dustman.exe &C:\WINDOWS\TEMP\mp5
O4 - Startup: 费尔消息服务.lnk = C:\Program Files\Common Files\Filseclab\FilMsg.exe
O4 - User Startup: 费尔消息服务.lnk = C:\Program Files\Common Files\Filseclab\FilMsg.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\getallurl.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\PROGRAM FILES\QQLITE\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\PROGRAM FILES\QQLITE\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\PROGRAM FILES\QQLITE\SendMMS.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\下载软件\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\下载软件\jc_all.htm
O11 - Options group: [!CNS]  网络实名
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://origin-www.ahn.com.cn/aspservice/plugin/myfirewall20.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 219.150.32.132,202.97.224.68,210.46.80.1

各位我该怎么办

扫描一个log贴上来了农哥有时间帮忙看下谢谢

backdoor.hupigon.jn.ut.dll

MHTMLRedir.Exploit.c

Script.Htmlstring.Encode

Chm.Exefile.container.s

谁知道这是什么病毒

影子巡警你好
有什么好办法吗？不是说有事找警察吗？
谢谢

先谢谢您
偶去查一下

麻烦各位看下 谢谢ProcessPIDCPUDescriptionCompany Name
CCENTER.EXE0xFFFE451FCCenterrising
DDHELP.EXE0xFFF98433Microsoft DirectX HelperMicrosoft Corporation
EXPLORER.EXE0xFFFECB8F0.20Windows ExplorerMicrosoft Corporation
FILMSG.EXE0xFFFB3F1B费尔消息服务费尔安全实验室
Idle0x055.83System Idle Process
IEXPLORE.EXE0xFFFAA8EF22.33Microsoft Internet ExplorerMicrosoft Corporation
IEXPLORE.EXE0xFFFA623B9.89Microsoft Internet ExplorerMicrosoft Corporation
INTERNAT.EXE0xFFFCD617Keyboard Language Indicator AppletMicrosoft Corporation
KERNEL32.DLL0xFF0F5E271.27Win32 Kernel core componentMicrosoft Corporation
mmtask.tsk0xFFFEEC8FMultimedia background task support moduleMicrosoft Corporation
MPREXE.EXE0xFFFFE167WIN32 Network Interface Service ProcessMicrosoft Corporation
MSGSRV32.EXE0xFFFF9337Windows 32-bit VxD Message ServerMicrosoft Corporation
PROCEXP.EXE0xFFFA76EB6.07Sysinternals Process ExplorerSysinternals
PSTORES.EXE0xFFF9E04BProtected storage serverMicrosoft Corporation
RAVMON.EXE0xFFFE2F231.86RavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.
RAVMOND.EXE0xFFFE55C72.45RavMonBeijing Rising Technology Co., Ltd.
RAVTIMER.EXE0xFFFC422F0.10RavTimerBeijing Rising Technology Co., Ltd.
REALSCHED.EXE0xFFFCF703RealNetworks SchedulerRealNetworks, Inc.
RPCSS.EXE0xFFFD75C7Distributed COM ServicesMicrosoft Corporation
SYSTRAY.EXE0xFFFCA40FSystem Tray AppletMicrosoft Corporation
WMIEXE.EXE0xFFFBD093WMI service exe housingMicrosoft Corporation

Process: Procexp Pid: FFFFFFFE

TypeName