HijackThis_zww汉化版扫描日志 V1.99.1
保存于      21:48:20, 日期 2005-07-17
操作系统：  Windows XP SP1 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\KAV6\KAVSvc.EXE
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\Explorer.EXE
F:\WsSoft\上网计时\AdslTime.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\KAV6\Kavpfw.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\Program Files\Media Gateway\MediaGateway.exe
C:\WINDOWS\System32\ctfmon.exe
F:\Maxthon\Maxthon.exe
C:\WINDOWS\System32\wuauclt.exe
F:\HijackThis V1.99.1 完全汉化版\HijackThis1991zww.exe

O1 - Hosts: 127.0.0.0 008.cn
O1 - Hosts: 127.0.0.0 ******
O1 - Hosts: 127.0.0.0 abcdesign.ru
O1 - Hosts: 127.0.0.0 ad.qingyule.com
O1 - Hosts: 127.0.0.0 alexey.pioneers.com.ru
O1 - Hosts: 127.0.0.0 baltnet.ru
O1 - Hosts: 127.0.0.0 cctv1.net
O1 - Hosts: 127.0.0.0 cctv8.net
O1 - Hosts: 127.0.0.0 ciachoo.pl
O1 - Hosts: 127.0.0.0 dicto.ru
O1 - Hosts: 127.0.0.0 elemental.ru
O1 - Hosts: 127.0.0.0 errorguard.com
O1 - Hosts: 127.0.0.0 financial.washingtonpost.com
O1 - Hosts: 127.0.0.0 free.bestialityhost.com
O1 - Hosts: 127.0.0.0 friendlygreeting.com
O1 - Hosts: 127.0.0.0 gamma.vyborg.ru
O1 - Hosts: 127.0.0.0 gin.ru
O1 - Hosts: 127.0.0.0 glass-master.ru
O1 - Hosts: 127.0.0.0 gutemine.wu-wien.ac.at
O1 - Hosts: 127.0.0.0 hack-gegen-rechts.com
O1 - Hosts: 127.0.0.0 hgrstrailer.com
O1 - Hosts: 127.0.0.0 home.profootball.ru
O1 - Hosts: 127.0.0.0 hotbar.com
O1 - Hosts: 127.0.0.0 intellect.lvc
O1 - Hosts: 127.0.0.0 interfoodtd.ru
O1 - Hosts: 127.0.0.0 it.trendmicro-europe.com
O1 - Hosts: 127.0.0.0 jewishgen.org
O1 - Hosts: 127.0.0.0 k2kapital.com
O1 - Hosts: 127.0.0.0 lars-s.privat.t-online.de
O1 - Hosts: 127.0.0.0 laugh-mail.net
O1 - Hosts: 127.0.0.0 lavasoft.com
O1 - Hosts: 127.0.0.0 lavasoft.de
O1 - Hosts: 127.0.0.0 lavasoftusa.com
O1 - Hosts: 127.0.0.0 marketscore.com
O1 - Hosts: 127.0.0.0 math.kobe-u.ac.jp
O1 - Hosts: 127.0.0.0 me.5e163.com
O1 - Hosts: 127.0.0.0 momentum.ru
O1 - Hosts: 127.0.0.0 nefkom.net
O1 - Hosts: 127.0.0.0 no-abi2003.de
O1 - Hosts: 127.0.0.0 packages.debian.or.jp
O1 - Hosts: 127.0.0.0 page.taobao.com
O1 - Hosts: 127.0.0.0 perfectgirls.net
O1 - Hosts: 127.0.0.0 peterstar.ru
O1 - Hosts: 127.0.0.0 pgipearls.com
O1 - Hosts: 127.0.0.0 phg.pl
O1 - Hosts: 127.0.0.0 photo.gornet.ru
O1 - Hosts: 127.0.0.0 polobeer.de
O1 - Hosts: 127.0.0.0 porno-mania.net
O1 - Hosts: 127.0.0.0 puldk490gj.da.ru
O1 - Hosts: 127.0.0.0 qianbai.com
O1 - Hosts: 127.0.0.0 quotes.barchart.com
O1 - Hosts: 127.0.0.0 relay.great.ru
O1 - Hosts: 127.0.0.0 republika.pl
O1 - Hosts: 127.0.0.0 rollenspielzirkel.de
O1 - Hosts: 127.0.0.0 safer-networking.org
O1 - Hosts: 127.0.0.0 sdsauto.ru
O1 - Hosts: 127.0.0.0 search.taobao.com
O1 - Hosts: 127.0.0.0 sec.polbox.pl
O1 - Hosts: 127.0.0.0 security.kolla.de
O1 - Hosts: 127.0.0.0 shadkhan.ru
O1 - Hosts: 127.0.0.0 slavarik.ru
O1 - Hosts: 127.0.0.0 sovea.de
O1 - Hosts: 127.0.0.0 spybot.info
O1 - Hosts: 127.0.0.0 tdi-router.opola.pl
O1 - Hosts: 127.0.0.0 trendmicro.it
O1 - Hosts: 127.0.0.0 truefriends.net
O1 - Hosts: 127.0.0.0 tuhart.net
O1 - Hosts: 127.0.0.0 u.t2cn.com
O1 - Hosts: 127.0.0.0 ultimate-best-hgh.0my.net
O1 - Hosts: 127.0.0.0 vconsole.net
O1 - Hosts: 127.0.0.0 vip.pnet.pl
O1 - Hosts: 127.0.0.0 virtumonde.com
O1 - Hosts: 127.0.0.0 webpark.pl
O1 - Hosts: 127.0.0.0 wishken.com
O1 - Hosts: 127.0.0.0 www.139500.com
O1 - Hosts: 127.0.0.0 www.1yin.net
O1 - Hosts: 127.0.0.0 www.37021.com
O1 - Hosts: 127.0.0.0 www.47555.net
O1 - Hosts: 127.0.0.0 www.511ring.com
O1 - Hosts: 127.0.0.0 www.777888.com
O1 - Hosts: 127.0.0.0 www.77ttt.com
O1 - Hosts: 127.0.0.0 www.9p.cn
O1 - Hosts: 127.0.0.0 www.aifind.info
O1 - Hosts: 127.0.0.0 www.allyes.com
O1 - Hosts: 127.0.0.0 www.aogo.net
O1 - Hosts: 127.0.0.0 www.cctv8.net
O1 - Hosts: 127.0.0.0 www.cnqb.net
O1 - Hosts: 127.0.0.0 www.coolcdrom.com
O1 - Hosts: 127.0.0.0 www.coolseach.com
O1 - Hosts: 127.0.0.0 www.dj3344.com
O1 - Hosts: 127.0.0.0 www.donttrip.org
O1 - Hosts: 127.0.0.0 www.ebay.com.cn
O1 - Hosts: 127.0.0.0 www.ehomeday.com
O1 - Hosts: 127.0.0.0 www.gg888.net
O1 - Hosts: 127.0.0.0 www.girlchinese.com
O1 - Hosts: 127.0.0.0 www.homepage.com
O1 - Hosts: 127.0.0.0 www.jixian.net
O1 - Hosts: 127.0.0.0 www.kuliao.com
O1 - Hosts: 127.0.0.0 www.mir0.com
O1 - Hosts: 127.0.0.0 www.mtv51.com
O1 - Hosts: 127.0.0.0 www.mydj2005.com
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v5.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - (no file)
O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\WINDOWS\System32\mewin.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - F:\Xi\NetTransport 2\NTIEHelper.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: 金山毒霸 - {A9BE2902-C447-420A-BB7F-A5DE921E6138} - C:\KAV6\KAIEPlus.DLL
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - F:\Kingsoft\FastAIT 2005\IEBand.dll
O3 - IE工具栏增项: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O4 - 启动项HKLM\\Run: [AdslTime] f:\WsSoft\上网计时\AdslTime.exe hide
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [iDuba Personal FireWall] C:\KAV6\Kavpfw.EXE
O4 - 启动项HKLM\\Run: [Logitech Utility] Logi_MwX.Exe
O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [iDuba Personal FireWall] C:\KAV6\Kavpfw.EXE
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - f:\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - f:\Thunder\getAllurl.htm
O8 - IE右键菜单中的新增项目: 使用影音传送带下载 - F:\Xi\NetTransport 2\NTAddLink.html
O8 - IE右键菜单中的新增项目: 使用影音传送带下载全部链接 - F:\Xi\NetTransport 2\NTAddList.html
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - F:\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - F:\FlashGet\jc_all.htm
O9 - 浏览器额外的按钮: 添加点这里或者用收藏热键Ctrl+S - {06926B30-424E-4f1c-8EE3-543CD96573DC} - C:\WINDOWS\System32\shdocvw.dll
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\浩方对战平台\GameClient.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c9.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120483808703
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCDB7D13-F6F6-4CCC-AA5E-90E01CA612F2}: NameServer = 202.99.160.68 202.99.166.4
O23 - NT 服务: Kingsoft AntiVirus Service (KAVSvc) - kingsoft Antivirus - C:\KAV6\KAVSvc.EXE
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe

请到控制面板的添加删除程序中卸载Media Gateway

重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows

运行Hijackthis，扫描结束后在下列选项前打上勾，然后选修复“Fix Checked”：

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - (no file)
O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\WINDOWS\System32\mewin.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - IE工具栏增项: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O4 - 启动项HKLM\\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c9.cab
O23 - NT 服务: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

显示隐藏文件

双击我的电脑--工具---文件夹选项--查看选项卡--单击选取"显示隐藏文件或文件夹"--清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”--单击“确定”。

然后找到如下文件并删除（如果有的话）。
C:\WINDOWS\System32\mewin.dll
C:\Program Files\Media Gateway\整个目录

所有01 项O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - (no file)
O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\WINDOWS\System32\mewin.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - IE工具栏增项: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O23 - NT 服务: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
如果使用了系统还原，请先关闭。
请关闭所有浏览器窗口和文件夹窗口, 在安全摸试下修复上面几项)（如果你清楚某项是安全的，可以不处理）
，将隐藏的文件不隐藏。找到下面几项 C:\WINDOWS\System32\mewin.dll把它删除。

谢谢建能大哥!!!