发表于: 2005-09-28 08:17 | 只看楼主 短消息 资料
字号: 1楼

大家帮忙看看怎么杀?

HijackThis_815汉化版扫描日志 V1.99.1
保存于      7:59:24, 日期 2005-9-28
操作系统:  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器:    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程:         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\regsvc.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINNT\system32\r_server.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINNT\System32\SNMPTool.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\mssearch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\Phantom.exe
C:\WINNT\Explorer.exe
E:\Program Files\thtf\symbol\SymbolServer.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\Program Files\wsearch\Search.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINNT\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\mdm.exe
C:\Program Files\rising\Rfw\rfwmain.exe
D:\soft\HijackThis1991zww.exe

F2 - REG:system.ini: Shell=Explorer.exe Phantom.exe
F2 - REG:system.ini: UserInit=userinit.exe,Phantom.exe
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - 启动项HKLM\\Run: [SymbolServer] e:\Program Files\thtf\symbol\SymbolServer.exe
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - 启动项HKLM\\Run: [MoveSearch] C:\Program Files\wsearch\Search.exe
O4 - 启动项HKLM\\Run: [renewup] C:\Program Files\CNNIC\Cdn\cdnrenew.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: 服务管理器.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - IE右键菜单中的新增项目: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - IE右键菜单中的新增项目: 反向链接 - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - IE右键菜单中的新增项目: 在唯一下载中查找 - http://www.down8.org/down.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 类似网页 - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - IE右键菜单中的新增项目: 缓存的网页快照 - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - IE右键菜单中的新增项目: 翻译英文字词(&T) - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O9 - 浏览器额外的按钮: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - 浏览器额外的“工具”菜单项: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\cdnns.dll
O11 - Options group: [CDNCLIENT]  中文上网
O15 - “受信任的站点”中添加项: *.192.168.1.2
O15 - “受信任的站点”中添加项: *.www.hsfxah.com.cn
O15 - 添加的受信任的 IP 地址范围: http://192.168.1.2
O15 - 添加的受信任的 IP 地址范围: http://218.22.166.58
O16 - DPF: {3A2B370C-BA0A-11D1-B137-0000F8753F5D} (Microsoft Chart Control, version 6.0 (OLEDB)) - http://www.hsfxah.com.cn/webschool/mschrt20.cab
O16 - DPF: {4FA134F8-27DB-4416-8BC2-D70F2B77B8F5} (m_systemInt.syschu) - http://www.hsfxah.com.cn/sysadm/m_systemChu.ocx
O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} ({5DD731E6-D4F0-11D3-BE3F-00105A6FDA50}) - http://www.jx163.com/jsp/zvconline/plugin/myv3na.cab
O16 - DPF: {5E45513A-3BF6-4379-B9B8-77921391F0A7} (m_newbackup.NewBackUpCtrl) - http://www.hsfxah.com.cn/sysadm/m_newbackup.ocx
O16 - DPF: {79658FAA-A4D6-41B0-9238-6D121B89B9E0} (WebTreeView Control) - http://192.168.4.6/dsessweb/WebTreeView.ocx
O16 - DPF: {79B46E23-9C57-11D0-A9BF-00A024E3867F} (UrlTestFormControl) - http://192.168.4.6:8024/ocx/WebDownLoad.cab
O16 - DPF: {8FF64D58-114C-405B-886D-D2F006A394E9} (TaURLChange Control) - http://192.168.4.6/DsEssweb/UsedActiveX/TaURLChange.ocx
O16 - DPF: {BF630892-199F-4534-9487-B2C00FCF5B02} (AutoInstall Control) - http://192.168.1.2/autoinstall.cab
O16 - DPF: {E3F8172F-E24B-4DB0-BA3D-F68602965ED9} (Upload Control) - http://www.hsfxah.com.cn/eschool/include/upload.cab
O16 - DPF: {E503D89D-5347-46AA-84CB-2CF7B861B934} (User Class) - http://www.hsfxah.com.cn/ipschool/eread/AccessServer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD21E6A8-93A6-49B2-A379-3A4C89738687}: NameServer = 202.102.192.68
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Persits Software Email Agent (EmailAgent) - Persits Software, Inc. - C:\PROGRA~1\PERSIT~1\AspEmail\EMAILA~1\BIN\EMAILA~1.EXE
O23 - NT 服务: Regswinnthelp - Unknown owner - C:\WINNT\system\regsne.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Remote Procedure Call (RpcRemote) - Unknown owner - C:\WINNT\Temp\Setup\remote.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务: Remote Administrator Service (r_server) - Unknown owner - C:\WINNT\system32\r_server.exe" /service (file missing)
O23 - NT 服务: SNMP Tools - Unknown owner - C:\WINNT\System32\SNMPTool.exe
O23 - NT 服务: Regedits Help (Windows Regedit Help) - Unknown owner - C:\WINNT\iis\iehelp.exe

附件附件:

下载次数:0
文件类型:application/octet-stream
文件大小:
上传时间:2005-9-28 8:17:53
描述:



最后编辑2005-09-28 08:17:53