日志文件: 趋势科技 HijackThis v2.0.0 (BETA)
保存时间: 9:01:55, on 2009-3-25
操作系统: Windows 2000 SP4 (WinNT 5.00.2195)
启动模式: 正常

正在运行的进程:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\PROGRAM FILES\RISING\RAV\ravmond.exe
C:\WINNT\system32\watchclient.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\vrvrf_c.exe
C:\WINNT\system32\VrvEdp_m.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Rising\Rav\RavService.exe
C:\WINNT\system32\Vrvsafec.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Real\RealServer\Bin\rmserver.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Rising\Rav\RavTray.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\360\360Safe\safemon\360tray.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\SecCopy 汉化版\SecCopy.exe
C:\Program Files\GlobalSCAPE\CuteFTP Professional\ftpte.exe
C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe
C:\WINNT\system32\rundll32.exe
E:\客户文件\R_server.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\My Documents\RsDetect.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.156\HA_HijackThisv2_PP\HiJackThis_v2.exe

R3 - URLSearchHook: (未命名) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (没有文件)
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360\360Safe\safemon\safemon.dll
O3 - 工具栏: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [RavTray] "C:\Program Files\Rising\Rav\RavTray.exe"
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [360Safetray] C:\Program Files\360\360Safe\safemon\360tray.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Second Copy 2000] "C:\Program Files\SecCopy 汉化版\SecCopy.exe"
O4 - HKCU\..\Run: [CuteFTP TE] "C:\Program Files\GlobalSCAPE\CuteFTP Professional\\ftpte.exe"
O4 - HKCU\..\Run: [ServUTrayIcon] C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe
O4 - HKUS\S-1-5-21-484763869-630328440-725345543-1003\..\Run: [Internat.exe] internat.exe (User 'NetShowServices')
O4 - HKUS\S-1-5-21-484763869-630328440-725345543-1003\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NetShowServices')
O4 - HKUS\.DEFAULT\..\Run: [Internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: 快捷方式 R_server.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - 扩展右键菜单项: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5AFDC96-2D06-4E14-BEB3-6373844BF73C}: NameServer = 76.16.16.13,76.16.16.14
O22 - SharedTaskScheduler: Browseui 预加载程序 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: 组件类别缓存程序 - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: RavService - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\RavService.exe
O23 - Service: RMServer - RealNetworks, Inc. - C:\Program Files\Real\RealServer\Bin\rmserver.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: Serv-U FTP 服务器 (Serv-U) - Rhino Software, Inc. +1(262) 560-9627 - C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe
O23 - Service: VRVWatchServer - Unknown owner - C:\WINNT\system32\watchclient.exe

--
文件结束 - 5082 字节