【回复“独孤豪侠”的帖子】
Logfile of HijackThis v1.99.1
Scan saved at 13:41:35, on 2005-9-26
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\Winfgate\winntfgate.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\regsvc.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\ZETRONIC\ZEUPDATE\zeupdsvr.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\system32\Dfssvc.exe
C:\Winfgate\ServerGuard.exe
C:\WINNT\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\wsearch\Search.exe
C:\WINNT\System32\BCUP.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\WINNT\System32\internat.exe
C:\WINNT\System32\conime.exe
C:\Program Files\Zetronic\过滤王网吧版2.8 - 控制台\PW_Manager.exe
C:\Program Files\Hintsoft\Pubsrv\Pubsrv.exe
C:\Program Files\Hintsoft\Pubsrv\RecBmp.exe
C:\Program Files\Hintsoft\Pubsrv\LockClient.exe
C:\Program Files\Rising\Rav\RavMon.exe
C:\WINNT\System32\mdm.exe
\192.168.0.200\photoshop701_cn\auto\cct\HijackThis.exe
R3 - URLSearchHook: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINNT\System32\diybar2\diybar2.dll
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O2 - BHO: URLMonitor Class - {3ED9FFDA-79DB-4B2D-99B7-16EA3C4A3A92} - C:\WINNT\System32\hap.dll
O2 - BHO: Link Filter - {4022F902-ABC7-4C79-924F-BB26F1D355A2} - C:\WINNT\System32\diybar2\diybar2.dll
O2 - BHO: DownloadValue Class - {616D4040-5712-4F0F-BCF1-5C6420A99E14} - C:\WINNT\System32\winhtp.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\YiSou\yisou.dll
O4 - HKLM\..\Run: [MoveSearch] C:\PROGRA~1\wsearch\Search.exe
O4 - HKLM\..\Run: [BCUpdate] C:\WINNT\System32\BCUP.exe
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [KPContext] C:\WINNT\System32\KPContext.exe
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [renewup] C:\Program Files\CNNIC\Cdn\cdnrenew.exe
O4 - HKCU\..\Run: [internat] internat.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getAllurl.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\BAK\PUBWIN\pubwin4.3.0.7\PUBWIN_4.3.0.7\DataMng\Database\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\BAK\PUBWIN\pubwin4.3.0.7\PUBWIN_4.3.0.7\DataMng\Database\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\BAK\PUBWIN\pubwin4.3.0.7\PUBWIN_4.3.0.7\DataMng\Database\SendMMS.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_mytongji_62662 (file missing)
O9 - Extra button: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - Extra button: (no name) - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Link Filter - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: 网际飞音 - {8E4E4123-AAC7-42CA-AF1B-68CE70B8D385} - C:\Program Files\Donor\donor.exe
O9 - Extra 'Tools' menuitem: 网际飞音(&D) - {8E4E4123-AAC7-42CA-AF1B-68CE70B8D385} - C:\Program Files\Donor\donor.exe
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\BAK\PUBWIN\pubwin4.3.0.7\PUBWIN_4.3.0.7\DataMng\Database\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\BAK\PUBWIN\pubwin4.3.0.7\PUBWIN_4.3.0.7\DataMng\Database\QQ.EXE (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\BAK\PUBWIN\pubwin4.3.0.7\PUBWIN_4.3.0.7\DataMng\Database\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\BAK\PUBWIN\pubwin4.3.0.7\PUBWIN_4.3.0.7\DataMng\Database\QQIEHelper.dll (file missing)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cdnns.dll
O11 - Options group: [!CNS] 网络实名
O11 - Options group: [CDNCLIENT] 中文上网
O11 - Options group: [TBH] QQ地址栏搜索
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://origin-www.ahn.com.cn/aspservice/plugin/myv3.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} (CNNIC_IDN) - http://client.jogo.cn/download/cnnic/cdn.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan
Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E8E419A-225A-4342-880A-DF250A0D0E8E}: NameServer = 202.98.160.68,202.98.161.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2FF281A-0CEC-4536-9FEB-A5824F53B37E}: NameServer = 202.98.160.68,202.98.160.78
O17 - HKLM\System\CS1\Services\Tcpip\..\{5E8E419A-225A-4342-880A-DF250A0D0E8E}: NameServer = 202.98.160.68,202.98.161.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{5E8E419A-225A-4342-880A-DF250A0D0E8E}: NameServer = 202.98.160.68,202.98.161.68
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FG3000 Server (FG3000Server) - Zhuhai Zetronic Ltd. - C:\Winfgate\winntfgate.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: Zetronic Update Service (ZeupdServer) - Zhuhai Zetronic Ltd. - C:\Program Files\ZETRONIC\ZEUPDATE\zeupdsvr.exe
