HijackThis_zww汉化版扫描日志 V1.99.1
保存于      17:18:29, 日期 2005-10-6
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\RISING\RAV\Ravmond.exe
D:\RISING\RAV\RavStub.exe
D:\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\RISING\RAV\CCENTER.EXE
C:\WINDOWS\Explorer.EXE
D:\RISING\RAV\RAVTIMER.EXE
D:\RISING\RAV\RAVMON.EXE
C:\WINDOWS\ime\jj4\jjsvr4.exe
D:\Tencent\QQ.exe
C:\Documents and Settings\yuanyu2\My Documents\My Pictures\HijackThis\HijackThis1991zww.exe

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\FLASHGET\jccatch.dll
O4 - 启动项HKLM\\Run: [RavTimer] D:\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] D:\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKCU\..\Run: [pyjj] C:\WINDOWS\ime\jj4\jjsvr4.exe
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - D:\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - D:\FlashGet\jc_all.htm
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {1DCEAEFB-ABD9-490F-894B-E7A99103CD05} - http://219.239.88.187/cab/EChat2Client.cab
O16 - DPF: {2882C368-D508-11D4-A2AB-000102598CE4} (LProtect Control) - http://www.cbht.com.cn/livecalltest/livechn.cab
O16 - DPF: {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} (BlueskyVideo Control) - http://www.bluesky.cn/download/v2_60.cab
O16 - DPF: {3072B1F1-0C4D-4E76-A7C6-FBAF129DBCC9} (Share Control) - http://www.bluesky.cn/download/share.cab
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {405B09E4-BBDA-4564-989E-15DE26B416EA} (EricClient Class) - http://www.gsmserver.com/info/EricControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100039532563
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {991481A7-4669-4E15-8C24-100404E1F5CB} (Blueskyvoice Control) - http://www.bluesky.cn/download/blueskyvoice.cab
O16 - DPF: {ACFE8232-03C5-4AEC-AF5E-42B806724096} (KSHScan Control) - http://safe.qq.com/scan/KAllScan.CAB
O16 - DPF: {BA0F088C-72C1-475A-92F8-42391DEF6961} (Blueskyvoice Control) - http://www.bliao.com/download/blueskyvoice_27.cab
O16 - DPF: {E3489C0D-D07D-4281-A4A7-ADA8E9A0893F} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/cn/filesharingctrl.cab
O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} - http://online.jiangmin.com/KvDown.cab
O23 - NT 服务: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - D:\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\RISING\RAV\Ravmond.exe

【回复“难得清醒”的帖子】
C:\WINDOWS\ime\jj4\jjsvr4.exe

什么东东？高度怀疑它是个木马。

那一堆O16——自己一一审查。如果不是你自己装的，删！