要天落泪 - 2005-8-13 21:35:00
HijackThis_zww汉化版扫描日志 V1.99.1
保存于 21:27:08, 日期 2005-8-13
操作系统: Windows 2003 (WinNT 5.02.3790)
浏览器: Internet Explorer v6.00 (6.00.3790.0000)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Rising\Rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
D:\RISING\RAV\RAVTIMER.EXE
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\conime.exe
D:\RISING\RAV\RAVMON.EXE
D:\Rising\Rfw\rfwmain.exe
C:\WINDOWS\system32\ctfmon.exe
D:\SnowFox\DesktopSprite2\DesktopSprite.exe
C:\Program Files\Thunder Network\Thunder\Thunder.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
D:\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe
C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
D:\RISING\RAV\CCENTER.EXE
D:\RISING\RAV\Ravmond.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\Dfssvc.exe
D:\RISING\RAV\RavStub.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
D:\Tencent\QQ2005\QQ.exe
D:\Tencent\qq2005\TIMPlatform.exe
D:\Tencent\TT\TTraveler.exe
D:\FlashGet\flashget.exe
D:\Microsoft Office\OFFICE11\WINWORD.EXE
E:\temp\HijackThis1991汉化版\HijackThis1991zww.exe
R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ie60helperObj Class - {3E499F49-1566-40D3-B43D-077EF739AC92} - C:\WINDOWS\system32\Iehelper60.dll (file missing)
O2 - BHO: ReviseHelper Class - {749D1D7D-1969-4014-A98D-9E867E7508D0} - C:\Progra~1\8848\MySearch\0.9.8.0\PageRevisor.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\FlashGet\jccatch.dll
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\FlashGet\fgiebar.dll
O3 - IE工具栏增项: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [ATIModeChange] Ati2mdxx.exe
O4 - 启动项HKLM\\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - 启动项HKLM\\Run: [RavTimer] D:\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] D:\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [RfwMain] "d:\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DesktopSprite] d:\SnowFox\DesktopSprite2\DesktopSprite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: &使用暴风下载器下载 - D:\Storm Downloader\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getAllurl.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - D:\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - D:\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 导出当前页到超星阅览器(&A) - d:\SSREADER36\ss_all.htm
O8 - IE右键菜单中的新增项目: 导出选中部分到超星阅览器(&S) - d:\SSREADER36\ss_select.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Tencent\qq2005\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Tencent\qq2005\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Tencent\qq2005\SendMMS.htm
O9 - 浏览器额外的按钮: QQKav - {55080AC5-8FAA-4C8E-9D8D-494FB1CC6277} - C:\WINDOWS\system32\shdocvw.dll
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Tencent\qq2005\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Tencent\qq2005\QQ.EXE
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe
O9 - 浏览器额外的按钮: 易趣购物 - {DE607145-AC19-425e-862A-2D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {DE607145-AC19-425e-862A-2D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - 浏览器额外的按钮: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-219?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-219?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing)
O11 - Options group: [!MySearch] 搜索助手(MySearch)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123753536191
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} (KvScanOnline Control) - http://club.jiangmin.com/kvscan/KvDown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA365C90-929C-460F-AC78-9185C1869F6F}: NameServer = 211.98.2.4 211.98.4.1
O18 - 列举现有的协议: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - NT 服务: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: GhostStartService - Symantec Corporation - D:\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - D:\Rising\Rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - D:\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\RISING\RAV\Ravmond.exe
O23 - NT 服务: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
保存于 21:27:08, 日期 2005-8-13
操作系统: Windows 2003 (WinNT 5.02.3790)
浏览器: Internet Explorer v6.00 (6.00.3790.0000)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Rising\Rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
D:\RISING\RAV\RAVTIMER.EXE
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\conime.exe
D:\RISING\RAV\RAVMON.EXE
D:\Rising\Rfw\rfwmain.exe
C:\WINDOWS\system32\ctfmon.exe
D:\SnowFox\DesktopSprite2\DesktopSprite.exe
C:\Program Files\Thunder Network\Thunder\Thunder.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
D:\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe
C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
D:\RISING\RAV\CCENTER.EXE
D:\RISING\RAV\Ravmond.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\Dfssvc.exe
D:\RISING\RAV\RavStub.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
D:\Tencent\QQ2005\QQ.exe
D:\Tencent\qq2005\TIMPlatform.exe
D:\Tencent\TT\TTraveler.exe
D:\FlashGet\flashget.exe
D:\Microsoft Office\OFFICE11\WINWORD.EXE
E:\temp\HijackThis1991汉化版\HijackThis1991zww.exe
R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ie60helperObj Class - {3E499F49-1566-40D3-B43D-077EF739AC92} - C:\WINDOWS\system32\Iehelper60.dll (file missing)
O2 - BHO: ReviseHelper Class - {749D1D7D-1969-4014-A98D-9E867E7508D0} - C:\Progra~1\8848\MySearch\0.9.8.0\PageRevisor.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\FlashGet\jccatch.dll
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\FlashGet\fgiebar.dll
O3 - IE工具栏增项: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [ATIModeChange] Ati2mdxx.exe
O4 - 启动项HKLM\\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - 启动项HKLM\\Run: [RavTimer] D:\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] D:\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [RfwMain] "d:\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DesktopSprite] d:\SnowFox\DesktopSprite2\DesktopSprite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: &使用暴风下载器下载 - D:\Storm Downloader\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getAllurl.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - D:\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - D:\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 导出当前页到超星阅览器(&A) - d:\SSREADER36\ss_all.htm
O8 - IE右键菜单中的新增项目: 导出选中部分到超星阅览器(&S) - d:\SSREADER36\ss_select.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Tencent\qq2005\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Tencent\qq2005\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Tencent\qq2005\SendMMS.htm
O9 - 浏览器额外的按钮: QQKav - {55080AC5-8FAA-4C8E-9D8D-494FB1CC6277} - C:\WINDOWS\system32\shdocvw.dll
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Tencent\qq2005\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Tencent\qq2005\QQ.EXE
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe
O9 - 浏览器额外的按钮: 易趣购物 - {DE607145-AC19-425e-862A-2D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {DE607145-AC19-425e-862A-2D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - 浏览器额外的按钮: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-219?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-219?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing)
O11 - Options group: [!MySearch] 搜索助手(MySearch)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123753536191
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} (KvScanOnline Control) - http://club.jiangmin.com/kvscan/KvDown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA365C90-929C-460F-AC78-9185C1869F6F}: NameServer = 211.98.2.4 211.98.4.1
O18 - 列举现有的协议: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - NT 服务: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: GhostStartService - Symantec Corporation - D:\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - D:\Rising\Rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - D:\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\RISING\RAV\Ravmond.exe
O23 - NT 服务: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe