日志文件: 趋势科技 HijackThis v2.0.0 (BETA) 保存时间: 07:59:38, on 2009/03/25 操作系统: Windows 2000 SP4 (WinNT 5.00.2195) 启动模式: 正常 正在运行的进程: D:\WINNT\System32\smss.exe D:\WINNT\system32\winlogon.exe D:\WINNT\system32\services.exe D:\WINNT\system32\lsass.exe D:\WINNT\system32\WatchClient.exe D:\WINNT\system32\svchost.exe D:\WINNT\system32\spoolsv.exe D:\WINNT\system32\vrvrf_c.exe D:\WINNT\system32\VrvEdp_m.exe D:\WINNT\System32\svchost.exe D:\WINNT\system32\cba\pds.exe D:\WINNT\System32\llssrv.exe D:\WINNT\system32\Vrvsafec.exe D:\WINNT\system32\regsvc.exe D:\Program Files\Real\RealServer\Bin\rmserver.exe D:\Program Files\Rising\Rav\CCenter.exe D:\WINNT\system32\MSTask.exe D:\WINNT\System32\WBEM\WinMgmt.exe D:\WINNT\system32\Dfssvc.exe D:\WINNT\System32\inetsrv\inetinfo.exe D:\WINNT\system32\ams_ii\hndlrsvc.exe D:\WINNT\system32\MsgSys.EXE D:\WINNT\system32\ams_ii\iao.exe D:\WINNT\system32\cba\xfr.exe D:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe D:\WINNT\System32\svchost.exe D:\Program Files\Rising\Rav\RavService.exe D:\PROGRAM FILES\RISING\RAV\ravmond.exe D:\Program Files\Rising\Rav\RavService.exe D:\WINNT\Explorer.EXE D:\Program Files\EasyShutDownPro\EasyShutDownPro.exe D:\Program Files\Rising\Rav\RavTray.exe D:\Program Files\Rising\Rav\RavTask.exe D:\WINNT\system32\internat.exe D:\PROGRA~1\Serv-U\SERVUT~1.EXE D:\Program Files\Rising\Rav\Ravmon.exe D:\Program Files\GlobalSCAPE\CuteFTP Professional\ftpte.exe D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe D:\WINNT\system32\conime.exe D:\Program Files\GlobalSCAPE\CuteFTP Professional\cuteftppro.exe D:\WINNT\System32\mdm.exe D:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Documents and Settings\Administrator\My Documents\RsDetect.exe D:\Program Files\WinRAR\WinRAR.exe D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.938\HA_HijackThisv2_PP\HiJackThis_v2.exe D:\Program Files\WinRAR\WinRAR.exe O3 - 工具栏: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [ESDPro] D:\Program Files\EasyShutDownPro\EasyShutDownPro.exe O4 - HKLM\..\Run: [RavTray] "D:\Program Files\Rising\Rav\RavTray.exe" O4 - HKLM\..\Run: [RavTask] "D:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKCU\..\Run: [Internat.exe] internat.exe O4 - HKCU\..\Run: [KVFW] D:\Program Files\KVFW\kvfw.exe O4 - HKCU\..\Run: [ServUTrayIcon] D:\PROGRA~1\Serv-U\SERVUT~1.EXE O4 - HKCU\..\Run: [CuteFTP TE] "D:\Program Files\GlobalSCAPE\CuteFTP Professional\\ftpte.exe" O4 - HKUS\S-1-5-21-2025429265-1935655697-1801674531-1010\..\Run: [Internat.exe] internat.exe (User 'NetShowServices') O4 - HKUS\S-1-5-21-2025429265-1935655697-1801674531-1010\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NetShowServices') O4 - HKUS\.DEFAULT\..\Run: [Internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: 服务管理器.lnk = D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm O14 - IERESET.INF: SEARCH_PAGE_URL= O14 - IERESET.INF: START_PAGE_URL= O16 - DPF: {34CF449F-7298-4CC4-A2C6-FAD1C21CF004} (dzgsAXV.DzgsCmd) - http://76.44.88.4/dll/dzgsAXV.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINNT\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINNT\System32\browseui.dll O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe O23 - Service: Intel Alert Handler - Intel Corporation - D:\WINNT\system32\ams_ii\hndlrsvc.exe O23 - Service: Intel Alert Originator - Intel Corporation - D:\WINNT\system32\ams_ii\iao.exe O23 - Service: Intel File Transfer - Intel Corporation - D:\WINNT\system32\cba\xfr.exe O23 - Service: Intel PDS - Intel Corporation - D:\WINNT\system32\cba\pds.exe O23 - Service: RavService - Beijing Rising Information Technology Co., Ltd. - D:\Program Files\Rising\Rav\RavService.exe O23 - Service: RMServer - RealNetworks, Inc. - D:\Program Files\Real\RealServer\Bin\rmserver.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Information Technology Co., Ltd. - D:\Program Files\Rising\Rav\CCenter.exe O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe O23 - Service: VRVWatchServer - Unknown owner - D:\WINNT\system32\WatchClient.exe -- 文件结束 - 4938 字节