HijackThis_zww汉化版扫描日志 V1.99.1
保存于      15:57:10, 日期 2006-3-2
操作系统：  Windows 2000  (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 (6.00.2600.0000)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
F:\Program Files\Rising\Rav\CCenter.exe
F:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\SYSTEM32\RUNDLL32.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\COMM\Network.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
F:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\Rundll32.exe
C:\WINNT\System32\internat.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\WINNT\system32\rundll32.exe
F:\Program Files\Rising\Rav\RavTask.exe
F:\Program Files\Rising\Rav\Ravmon.exe
C:\WINNT\System32\conime.exe
C:\Program Files\Tencent\QQ\TMDlls\TM.exe
C:\quarantine\TIMPlatform.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\chen\LOCALS~1\Temp\Rar$EX00.877\HijackThis1991zww.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
R3 - URLSearchHook: (no name) - <default> - (no file)
O1 - Hosts: 218.85.133.223 www.hkyzx.com
O1 - Hosts: 218.85.133.223 hkyzx.com
O1 - Hosts: 218.85.133.223 www.ty22.com
O1 - Hosts: 218.85.133.223 ty22.com
O1 - Hosts: 218.85.133.223 www.tu333.com
O1 - Hosts: 218.85.133.223 tu333.com
O1 - Hosts: 218.85.133.223 tk.83263.com
O1 - Hosts: 218.85.133.223 tu.hk9588.com
O1 - Hosts: 218.85.133.223 www.558tk.com
O1 - Hosts: 218.85.133.223 558tk.com
O1 - Hosts: 218.85.133.223 jpg.55tk.com
O1 - Hosts: 218.85.133.223 www.fc669.com
O1 - Hosts: 218.85.133.223 fc669.com
O1 - Hosts: 218.85.133.223 www.tk339.net
O1 - Hosts: 218.85.133.223 tk339.net
O1 - Hosts: 218.85.133.223 tk.5868.cn
O1 - Hosts: 218.85.133.223 www.2399.cn
O1 - Hosts: 218.85.133.223 2399.cn
O1 - Hosts: 218.85.133.223 www.2388.cn
O1 - Hosts: 218.85.133.223 2388.cn
O1 - Hosts: 218.85.133.223 www.bb520.com
O1 - Hosts: 218.85.133.223 bb520.com
O1 - Hosts: 218.85.133.223 wwww.cctv100.com
O1 - Hosts: 218.85.133.223 .cctv100.com
O1 - Hosts: 218.85.133.223 tk.tttuuu.net
O1 - Hosts: 218.85.133.223 tk.tttuuu.com
O1 - Hosts: 218.85.133.223 cd.vkv.cn
O1 - Hosts: 218.85.133.223 www.tvs66.net
O1 - Hosts: 218.85.133.223 tvs66.net
O1 - Hosts: 218.85.133.223 www.tvs66.com
O1 - Hosts: 218.85.133.223 tvs66.com
O1 - Hosts: 218.85.133.223 www.3d080.com
O1 - Hosts: 218.85.133.223 3d080.com
O1 - Hosts: 218.85.133.223 www.okok66.com
O1 - Hosts: 218.85.133.223 okok66.com
O1 - Hosts: 218.85.133.223 www.hj200.com
O1 - Hosts: 218.85.133.223 hj200.com
O1 - Hosts: 218.85.133.223 www.hj200.net
O1 - Hosts: 218.85.133.223 hj200.net
O1 - Hosts: 218.85.133.223 tk.4523.com
O1 - Hosts: 218.85.133.223 www.tk098.net
O1 - Hosts: 218.85.133.223 tk098.net
O1 - Hosts: 218.85.133.223 www.711722.com
O1 - Hosts: 218.85.133.223 711722.com
O1 - Hosts: 218.85.133.223 www.12142.com
O1 - Hosts: 218.85.133.223 12142.com
O1 - Hosts: 218.85.133.223 www.77tk.net
O1 - Hosts: 218.85.133.223 77tk.net
O1 - Hosts: 218.85.133.223 www.77tk.com
O1 - Hosts: 218.85.133.223 77tk.com
O1 - Hosts: 218.85.133.223 www.345tk.net
O1 - Hosts: 218.85.133.223 345tk.net
O1 - Hosts: 218.85.133.223 www.35777.net
O1 - Hosts: 218.85.133.223 35777.net
O1 - Hosts: 218.85.133.223 www.a9tk.com
O1 - Hosts: 218.85.133.223 a9tk.com
O1 - Hosts: 218.85.133.223 wwww.a9tk.com
O1 - Hosts: 218.85.133.223 .a9tk.com
O1 - Hosts: 218.85.133.223 www.m88888.com
O1 - Hosts: 218.85.133.223 m88888.com
O1 - Hosts: 218.85.133.223 www.86886.net
O1 - Hosts: 218.85.133.223 86886.net
O1 - Hosts: 218.85.133.223 lh.6288.net
O1 - Hosts: 218.85.133.223 wwww.6288.net
O1 - Hosts: 218.85.133.223 .6288.net
O1 - Hosts: 218.85.133.223 www.6533.net
O1 - Hosts: 218.85.133.223 6533.net
O1 - Hosts: 218.85.133.223 www.42789.com
O1 - Hosts: 218.85.133.223 42789.com
O1 - Hosts: 218.85.133.223 www.tu18.com
O1 - Hosts: 218.85.133.223 tu18.com
O1 - Hosts: 218.85.133.223 www.tk46.com
O1 - Hosts: 218.85.133.223 tk46.com
O1 - Hosts: 218.85.133.223 www.tk02.net
O1 - Hosts: 218.85.133.223 tk02.net
O1 - Hosts: 218.85.133.223 www.tk02.com
O1 - Hosts: 218.85.133.223 tk02.com
O1 - Hosts: 218.85.133.223 wwww.fc236.com
O1 - Hosts: 218.85.133.223 .fc236.com
O1 - Hosts: 218.85.133.223 www.fc339.com
O1 - Hosts: 218.85.133.223 fc339.com
O1 - Hosts: 218.85.133.223 cai.tk123.com
O1 - Hosts: 218.85.133.223 www.tm1997.com
O1 - Hosts: 218.85.133.223 tm1997.com
O1 - Hosts: 218.85.133.223 www.lhcty.com
O1 - Hosts: 218.85.133.223 lhcty.com
O1 - Hosts: 218.85.133.223 ww.128t.com
O1 - Hosts: 218.85.133.223 wwww.a8tk.com
O1 - Hosts: 218.85.133.223 .a8tk.com
O1 - Hosts: 218.85.133.223 www.a8tk.com
O1 - Hosts: 218.85.133.223 a8tk.com
O1 - Hosts: 218.85.133.223 www.a8tk.net
O1 - Hosts: 218.85.133.223 a8tk.net
O1 - Hosts: 218.85.133.223 WWW.FC236.COM
O1 - Hosts: 218.85.133.223 wwww.shc88.com
O1 - Hosts: 218.85.133.223 .shc88.com
O1 - Hosts: 218.85.133.223 www.tu688.net
O1 - Hosts: 218.85.133.223 tu688.net
O1 - Hosts: 218.85.133.223 www.tu688.com
O1 - Hosts: 218.85.133.223 tu688.com
O1 - Hosts: 218.85.133.223 www.tk688.net
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll (file missing)
O2 - BHO: QuickBtn - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} - C:\Program Files\CoolWebsite\QuickLink.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: AntiFish Class - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\quarantine\QQIEHelper.dll
O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\downlo~1\CnsHook.dll
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [internat.exe] internat.exe
O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run: [CnsMin] Rundll32.exe C:\WINNT\downlo~1\CnsMin.dll,Rundll32
O4 - 启动项HKLM\\Run: [helper.dll] C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - 启动项HKLM\\Run: [zcom] \zPlatform.exe MIN
O4 - 启动项HKLM\\Run: [RavTask] "F:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [] regedit -s C:\$NtUninstallQ5926809$\sp4custom.dll
O4 - 启动项HKLM\\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat
O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\sp4custom.dll
O4 - Startup: 腾讯TM.lnk = C:\Program Files\Tencent\QQ\TMShell.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\quarantine\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 收藏此页到新浪ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - IE右键菜单中的新增项目: 新浪搜索 - http://cha.sina.com.cn/ddt.html
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\quarantine\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\quarantine\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\quarantine\SendMMS.htm
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - 浏览器额外的按钮: 实用网址导航 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\CoolWebsite\QuickLink.dll
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - 浏览器额外的按钮: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\quarantine\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\quarantine\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\quarantine\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\quarantine\QQIEHelper.dll
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {1F831FA1-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://D:\AutoCAD 2002\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday 控件) - file://D:\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563722-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://D:\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview 控件) - file://D:\AutoCAD 2002\AcPreview.ocx
O23 - NT 服务: C-DillaCdaC11BA - Macrovision - C:\WINNT\System32\drivers\CDAC11BA.EXE
O23 - NT 服务: C-DillaSrv - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - F:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - F:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: Network System (Universal Disk Manager) - COMENET TECHNOLOGY - C:\Program Files\Common Files\COMM\Network.exe

O4 - 启动项HKLM\\Run: [] regedit -s C:\$NtUninstallQ5926809$\sp4custom.dll
O4 - 启动项HKLM\\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat
O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\sp4custom.dll

O23 - NT 服务: Network System (Universal Disk Manager) - COMENET TECHNOLOGY - C:\Program Files\Common Files\COMM\Network.exe

修复
重启
删除C:\Program Files\Common Files\COMM\Network.exe；C:\$NtUninstallQ5926809$\3721.bat；C:\$NtUninstallQ5926809$\3721.bat；C:\$NtUninstallQ5926809$\sp4custom.dll

修复01的Host