瑞星卡卡安全论坛

首页 » 技术交流区 » 系统软件 » 各位大大进来看看呀!!帮个忙!!急救的呀!
【縱噺開始】 - 2005-12-6 2:56:00
我用卡卡上网助手和HijackThis V1.99.1 汉化版(第二版)扫描出来的不一样!!
卡卡的多出来了几像!怎么搞的!?


Logfile of Kaka v2. 0. 0. 2 Scan Module v2. 0. 0. 1
Scan saved at 02:49:56, on 2005-12-06
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))


Running processes:
[SMSS.EXE]
CommandLine =

[CSRSS.EXE]
CommandLine = C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[WINLOGON.EXE]
CommandLine = winlogon.exe

[SERVICES.EXE]
CommandLine = C:\WINDOWS\system32\services.exe

[LSASS.EXE]
CommandLine = C:\WINDOWS\system32\lsass.exe

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\system32\svchost -k DcomLaunch

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\system32\svchost -k rpcss

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\System32\svchost.exe -k netsvcs

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\system32\svchost.exe -k NetworkService

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\system32\svchost.exe -k LocalService

[RavMonD.exe]
CommandLine = D:\工具软件\瑞星\RISING\RAV\Ravmond.exe

[rfwsrv.exe]
CommandLine = d:\工具软件\瑞星\rising\rfw\rfwsrv.exe

[RavStub.exe]
CommandLine = D:\工具软件\瑞星\RISING\RAV\RavStub.exe /RAVMOND

[SPOOLSV.EXE]
CommandLine = C:\WINDOWS\system32\spoolsv.exe

[EXPLORER.EXE]
CommandLine = C:\WINDOWS\Explorer.EXE

[RavTimer.exe]
CommandLine = "D:\工具软件\瑞星\RISING\RAV\RAVTIMER.EXE"

[RavMon.exe]
CommandLine = "D:\工具软件\瑞星\RISING\RAV\RAVMON.EXE" -SYSTEM

[CTFMON.EXE]
CommandLine = "C:\WINDOWS\system32\ctfmon.exe"

[rfwmain.exe]
CommandLine =  -StartUp

[CCenter.exe]
CommandLine = D:\工具软件\瑞星\RISING\RAV\CCENTER.EXE

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\system32\svchost.exe -k imgsvc

[ALG.EXE]
CommandLine = C:\WINDOWS\System32\alg.exe

[WSCNTFY.EXE]
CommandLine = C:\WINDOWS\system32\wscntfy.exe

[TTraveler.exe]
CommandLine = "C:\Program Files\Tencent\TT\TTraveler.exe"

[IEXPLORE.EXE]
CommandLine = "C:\Program Files\Internet Explorer\iexplore.exe"

[QQ.exe]
CommandLine = "C:\Program Files\Tencent\QQ\QQ.exe"

[TIMPlatform.exe]
CommandLine = "C:\Program Files\Tencent\QQ\TIMPlatform.exe" -Embedding

[KkScan.exe]
CommandLine = "D:\工具软件\瑞星\卡卡上网安全肋手\KkScan.exe"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.accoona.cn/cn/search_assistant/accoona_search_assistant.jsp?&utm_id=c400105b&utm_content=leftnav&utm_source=ntes&utm_medium=tb&utm_campaign=ne105b
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.accoona.cn/cn
O2 - BHO:  (file missing)
O2 - BHO: ltmenu Class - {78C21EFD-53BA-406C-AF1A-33A38ABD3958} - C:\Program Files\LtUcx\1002\c0.dll
O2 - BHO:  (file missing)
O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll
O2 - BHO:  (file missing)
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - D:\BT下略载仄器鱘\FlashBT\IEHelper.dll (file missing)
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [RavTimer] D:\工具软件\瑞星\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] D:\工具软件\瑞星\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [SeAdUpdate] C:\WINDOWS\SeAd\SeAdUpdate43909639.exe
O4 - HKLM\..\Run: [Thunder] ; "D:\迅雷\ThunderShell.exe" /s
O4 - Global Startup: desktop.ini =
O8 - Extra context menu item: &使用迅雷下载 - D:\迅雷\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\迅雷\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - D:\酷狗\KuGoo3(2)\KuGoo3DownX.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra Button: 寻论网--中学作业解答 - {6924091F-CD97-41E1-B1D4-D9079409D423}? - http://www.xunlun.com (file missing)
O9 - Extra 'Tools' menuitem: 中学作业 - {6924091F-CD97-41E1-B1D4-D9079409D423}? - http://www.xunlun.com (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Macromedia Licensing Service (Macromedia Licensing Service) -  - "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\工具软件\瑞星\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\工具软件\瑞星\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\工具软件\瑞星\RISING\RAV\Ravmond.exe


下面是

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      2:53:39, 日期 2005-12-6
操作系统:  Windows XP SP2 (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\工具软件\瑞星\RISING\RAV\Ravmond.exe
d:\工具软件\瑞星\rising\rfw\rfwsrv.exe
D:\工具软件\瑞星\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\工具软件\瑞星\RISING\RAV\RAVTIMER.EXE
D:\工具软件\瑞星\RISING\RAV\RAVMON.EXE
C:\WINDOWS\system32\ctfmon.exe
d:\工具软件\瑞星\rising\rfw\RfwMain.exe
D:\工具软件\瑞星\RISING\RAV\CCENTER.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\Tencent\QQ\QQexternal.exe
D:\工具软件\HijackThis V1.99.1 汉化版(第二版)\HijackThis1991汉化版\HijackThis1991zww.exe

O2 - BHO: (no name) - {0005A87D-D626-4B3A-84F9-1D9571695F55}? - (no file)
O2 - BHO: ltmenu Class - {78C21EFD-53BA-406C-AF1A-33A38ABD3958} - C:\Program Files\LtUcx\1002\c0.dll
O2 - BHO: (no name) - {812886BE-AB50-4EAE-92CF-9AD63437E3EF}? - (no file)
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5}? - (no file)
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - D:\BT下略载仄器鱘\FlashBT\IEHelper.dll (file missing)
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - 启动项HKLM\\Run: [RavTimer] D:\工具软件\瑞星\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] D:\工具软件\瑞星\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [SeAdUpdate] C:\WINDOWS\SeAd\SeAdUpdate43909639.exe
O4 - 启动项HKLM\\Run: [Thunder] ; "D:\迅雷\ThunderShell.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\迅雷\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\迅雷\getallurl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - D:\酷狗\KuGoo3(2)\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: 寻论网--中学作业解答 - {6924091F-CD97-41E1-B1D4-D9079409D423}? - http://www.xunlun.com (file missing)
O9 - 浏览器额外的“工具”菜单项: 中学作业 - {6924091F-CD97-41E1-B1D4-D9079409D423}? - http://www.xunlun.com (file missing)
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\工具软件\瑞星\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - D:\工具软件\瑞星\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\工具软件\瑞星\RISING\RAV\Ravmond.exe


1
查看完整版本: 各位大大进来看看呀!!帮个忙!!急救的呀!