日志文件: 趋势科技 HijackThis v2.0.0 (BETA) 保存时间: 8:50:02, on 2009-3-25 操作系统: Windows 2000 SP4 (WinNT 5.00.2195) 启动模式: 正常 正在运行的进程: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe D:\PROGRAM FILES\RISING\RAV\ravmond.exe C:\WINNT\system32\watchclient.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\vrvrf_c.exe C:\WINNT\system32\VrvEdp_m.exe C:\WINNT\System32\msdtc.exe C:\WINNT\SYSTEM32\DWRCS.EXE C:\WINNT\System32\svchost.exe C:\WINNT\system32\hidserv.exe C:\WINNT\system32\Vrvsafec.exe C:\WINNT\System32\llssrv.exe C:\WINNT\System32\nvsvc32.exe d:\Program Files\Rising\Rav\RavService.exe C:\WINNT\system32\regsvc.exe d:\Program Files\Rising\Rav\CCenter.exe C:\WINNT\system32\MSTask.exe C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\Dfssvc.exe C:\WINNT\System32\inetsrv\inetinfo.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\EasyShutDownPro\EasyShutDownPro.exe D:\Program Files\Rising\Rav\RavTray.exe D:\Program Files\Rising\Rav\RavTask.exe C:\WINNT\SOUNDMAN.EXE C:\WINNT\system32\rundll32.exe C:\WINNT\system32\ctfmon.exe D:\Program Files\Rising\Rav\Ravmon.exe C:\Program Files\SecCopy 汉化版\SecCopy.exe C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe D:\Program Files\Rising\Rav\Rav.exe C:\WINNT\System32\mdm.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.671\HA_HijackThisv2_PP\HiJackThis_v2.exe O3 - 工具栏: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - HKLM\..\Run: [ESDPro] C:\Program Files\EasyShutDownPro\EasyShutDownPro.exe O4 - HKLM\..\Run: [RavTray] "d:\Program Files\Rising\Rav\RavTray.exe" O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [Second Copy 2000] "C:\Program Files\SecCopy 汉化版\SecCopy.exe" O4 - HKCU\..\Run: [ServUTrayIcon] C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe O4 - HKUS\.DEFAULT\..\Run: [Internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O8 - 扩展右键菜单项: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (未命名) - {233A9694-667E-11d1-9DFB-006097D5040A} - (没有文件) O9 - Extra button: 联系人 - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - C:\Program Files\Internet Explorer\iecont.dll O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O14 - IERESET.INF: SEARCH_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=iear=iesearch(&A) O15 - Trusted IP range: http://76.44.16.4 O16 - DPF: {34CF449F-7298-4CC4-A2C6-FAD1C21CF004} (dzgsAXV.DzgsCmd) - http://76.44.16.4/dll/dzgsAXV.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{193623F1-3E16-44C0-9EE2-48CB1372C0DF}: NameServer = 76.16.16.13 O17 - HKLM\System\CCS\Services\Tcpip\..\{C0DB11B1-9D43-4059-A6CE-5267539BE152}: NameServer = 76.16.16.13 O17 - HKLM\System\CS1\Services\Tcpip\..\{193623F1-3E16-44C0-9EE2-48CB1372C0DF}: NameServer = 76.16.16.13 O17 - HKLM\System\CS2\Services\Tcpip\..\{193623F1-3E16-44C0-9EE2-48CB1372C0DF}: NameServer = 76.16.16.13 O22 - SharedTaskScheduler: Browseui 预加载程序 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll O22 - SharedTaskScheduler: 组件类别缓存程序 - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: RavService - Beijing Rising Information Technology Co., Ltd. - d:\Program Files\Rising\Rav\RavService.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Information Technology Co., Ltd. - d:\Program Files\Rising\Rav\CCenter.exe O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe O23 - Service: Serv-U FTP 服务器 (Serv-U) - Rhino Software, Inc. +1(262) 560-9627 - C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe O23 - Service: VRVWatchServer - Unknown owner - C:\WINNT\system32\watchclient.exe -- 文件结束 - 5155 字节