版主大人这是我的日志，麻烦你了

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛版主大人这是我的日志，麻烦你了

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12 3 4

1 / 4 页

跳转页

四月一日君寻初生襁褓狮帖子:28 注册: 2006-09-16 来自:	发表于： 2006-09-17 09:24 \| 只看楼主短消息资料字号：小中大 1楼版主大人这是我的日志，麻烦你了 Logfile of HijackThis v1.99.1 Scan saved at 9:19:46, on 2006-09-17 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe e:\program files\rising\rfw\rfwsrv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\hidserv.exe C:\WINNT\system32\rundll32.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINNT\system32\pansos.exe C:\WINNT\explorer.exe e:\program files\rising\rfw\RfwMain.exe C:\WINNT\system32\downasp.exe C:\Program Files\Common Files\UPDATE2\Update.exe C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe C:\WINNT\Intel\rundll32.exe E:\Program Files\Rising\Rav\RavTask.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\WESTEL\南京菲亚特4S经销商管理系统(C)\nanya.exe C:\WINNT\system32\NMSSvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\SoftUpdate.exe C:\WINNT\SYSTEM32\RUNDLL32.EXE C:\WINNT\system32\rundll32.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\wincup\wincup.exe C:\WINNT\system32\svchost.exe E:\Program Files\Rising\Rav\Rav.exe E:\Program Files\Rising\Rav\RsAgent.exe C:\WINNT\msagent\AgentSvr.exe C:\Program Files\Maxthon\Maxthon.exe D:\wnwb2005\wnwb.exe D:\wnwb2005\selectso.exe C:\Program Files\普通发票开票系统\ptfp.exe E:\常用软件\ha_hijackthis_1991\HijackThis.exe R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=explorer.exe,C:\WINNT\system32\downasp.exe F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\pansos.exe O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINNT\SYSTEM32\stdup.dll O2 - BHO: (no name) - {E730189A-9973-4121-B046-AD1C161EC3AF} - C:\WINNT\system32\37211.dll O2 - BHO: update wnwb - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [IgfxTray] rem C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] rem C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDATE2\Update.exe O4 - HKLM\..\Run: [IESAddr] rem O4 - HKLM\..\Run: [StormCodec_Helper] rem "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe" O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe O4 - HKLM\..\Run: [ETypeAssistant] C:\Program Files\英文打字助手\ETypeAssistant.exe O4 - HKLM\..\Run: [Tray] C:\WINNT\command\rundll32.exe O4 - HKLM\..\Run: [zt] C:\WINNT\Intel\rundll32.exe O4 - HKLM\..\Run: [svc] C:\WINNT\svchost.exe O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - HKLM\..\Run: [RfwMain] "E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup O4 - HKLM\..\Run: [RavTask] "E:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [DesktopSprite] rem C:\Program Files\SnowFox\DesktopSprite2\DesktopSprite.exe O4 - HKCU\..\Run: [MsnMsgr] rem "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Realplayer.exe] C:\WINNT\system32\Realplayer.exe O4 - Global Startup: 南京菲亚特4S经销商管理系统.lnk = ? O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O14 - IERESET.INF: SEARCH_PAGE_URL= O14 - IERESET.INF: START_PAGE_URL= O16 - DPF: _{488A4255-3236-44B3-8F27-FA1AECAA8844} - https://img.alipay.com/download/1007/aliedit.cab O16 - DPF: _{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab O16 - DPF: _{8F00D534-4044-43E0-9B97-A60A8D17C4A9} - http://mail.yanghai.cn/CebcApi.cab O16 - DPF: _{ACFE8232-03C5-4AEC-AF5E-42B806724096} - http://safe.qq.com/scan/KAllScan.CAB O16 - DPF: {52DF16E3-6C4F-4B22-8BAF-09263E463B48} - http://zs.kingsoft.com/KOSInit.cab O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: System Safety Monitor - C:\WINNT\SYSTEM32\SSMWinlogonEx.dll O21 - SSODL: SysTime - {724C75F1-B757-408D-A50A-4CF99DA35D73} - C:\PROGRA~1\WinKld\WinKld.dll (file missing) O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\WINNT\webwork\webwork.dll O21 - SSODL: themeadp - {64274C93-3CE7-4663-9C8D-CD2DC8A3590B} - C:\WINNT\system32\themeadp.dll O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Network Logon (NetWorkLogon) - Unknown owner - rundll32.exe (file missing) O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\system32\NMSSvc.exe O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - e:\program files\rising\rfw\rfwsrv.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\Program Files\Rising\Rav\Ravmond.exe O23 - Service: Update Service For Windows (SoftUpdate) - Unknown owner - C:\WINNT\SoftUpdate.exe O23 - Service: System Event - Unknown owner - C:\WINNT\SVCH0ST.exe O23 - Service: UF2000财务软件 (UFNet) - Unknown owner - C:\WINNT\system32\ServerNT.exe O23 - Service: WinWrCup - MsWinCup - C:\WINNT\wincup\wincup.exe 2006-09-17 14:02:07
四月一日君寻初生襁褓狮帖子:28 注册: 2006-09-16 来自:	分享到：

Flying1889 初生襁褓狮帖子:1347 注册: 2006-08-26 来自:	发表于： 2006-09-17 09:27 \| 短消息资料字号：小中大 2楼 O4 - HKLM\..\Run: [Tray] C:\WINNT\command\rundll32.exe O4 - HKLM\..\Run: [zt] C:\WINNT\Intel\rundll32.exe O23 - Service: WinWrCup - MsWinCup - C:\WINNT\wincup\wincup.exe O23 - Service: Update Service For Windows (SoftUpdate) - Unknown owner - C:\WINNT\SoftUpdate.exe O23 - Service: Network Logon (NetWorkLogon) - Unknown owner - rundll32.exe (file missing) 前2个04项先停止进程然后修复+删除第1个023项参照http://forum.ikaka.com/topic.asp?board=28&artid=7713905 第2个参照http://forum.ikaka.com/topic.asp?board=28&artid=8166191 第3个修复一下
Flying1889 初生襁褓狮帖子:1347 注册: 2006-08-26 来自:

四月一日君寻初生襁褓狮帖子:28 注册: 2006-09-16 来自:	发表于： 2006-09-17 09:44 \| 只看楼主短消息资料字号：小中大 3楼大人们~~~~~~~~~~~~~~~现在变这样了，怎么撒~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 9:41:30, on 2006-09-17 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe e:\program files\rising\rfw\rfwsrv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\hidserv.exe C:\WINNT\system32\rundll32.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINNT\system32\NMSSvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\SoftUpdate.exe C:\WINNT\SYSTEM32\RUNDLL32.EXE C:\WINNT\system32\rundll32.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\pansos.exe C:\WINNT\explorer.exe C:\WINNT\system32\downasp.exe e:\program files\rising\rfw\RfwMain.exe C:\Program Files\Common Files\UPDATE2\Update.exe C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe E:\Program Files\Rising\Rav\RavTask.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\WESTEL\南京菲亚特4S经销商管理系统(C)\nanya.exe E:\Program Files\Rising\Rav\Ravmon.exe C:\Program Files\Maxthon\Maxthon.exe E:\常用软件\ha_hijackthis_1991\HijackThis.exe R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=explorer.exe C:\WINNT\system32\downasp.exe F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\pansos.exe O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINNT\SYSTEM32\stdup.dll O2 - BHO: (no name) - {E730189A-9973-4121-B046-AD1C161EC3AF} - C:\WINNT\system32\37211.dll O2 - BHO: update wnwb - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [IgfxTray] rem C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] rem C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDATE2\Update.exe O4 - HKLM\..\Run: [IESAddr] rem O4 - HKLM\..\Run: [StormCodec_Helper] rem "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe" O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe O4 - HKLM\..\Run: [ETypeAssistant] C:\Program Files\英文打字助手\ETypeAssistant.exe O4 - HKLM\..\Run: [svc] C:\WINNT\svchost.exe O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - HKLM\..\Run: [RfwMain] "E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup O4 - HKLM\..\Run: [RavTask] "E:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [DesktopSprite] rem C:\Program Files\SnowFox\DesktopSprite2\DesktopSprite.exe O4 - HKCU\..\Run: [MsnMsgr] rem "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Realplayer.exe] C:\WINNT\system32\Realplayer.exe O4 - Global Startup: 南京菲亚特4S经销商管理系统.lnk = ? O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O14 - IERESET.INF: SEARCH_PAGE_URL= O14 - IERESET.INF: START_PAGE_URL= O16 - DPF: _{488A4255-3236-44B3-8F27-FA1AECAA8844} - https://img.alipay.com/download/1007/aliedit.cab O16 - DPF: _{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab O16 - DPF: _{8F00D534-4044-43E0-9B97-A60A8D17C4A9} - http://mail.yanghai.cn/CebcApi.cab O16 - DPF: _{ACFE8232-03C5-4AEC-AF5E-42B806724096} - http://safe.qq.com/scan/KAllScan.CAB O16 - DPF: {52DF16E3-6C4F-4B22-8BAF-09263E463B48} - http://zs.kingsoft.com/KOSInit.cab O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: System Safety Monitor - C:\WINNT\SYSTEM32\SSMWinlogonEx.dll O21 - SSODL: SysTime - {724C75F1-B757-408D-A50A-4CF99DA35D73} - C:\PROGRA~1\WinKld\WinKld.dll (file missing) O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\WINNT\webwork\webwork.dll O21 - SSODL: themeadp - {64274C93-3CE7-4663-9C8D-CD2DC8A3590B} - C:\WINNT\system32\themeadp.dll O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Network Logon (NetWorkLogon) - Unknown owner - rundll32.exe (file missing) O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\system32\NMSSvc.exe O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - e:\program files\rising\rfw\rfwsrv.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\Program Files\Rising\Rav\Ravmond.exe O23 - Service: Update Service For Windows (SoftUpdate) - Unknown owner - C:\WINNT\SoftUpdate.exe O23 - Service: UF2000财务软件 (UFNet) - Unknown owner - C:\WINNT\system32\ServerNT.exe
四月一日君寻初生襁褓狮帖子:28 注册: 2006-09-16 来自:

mopery 卡卡技术团队帖子:17737 注册: 2005-12-06 来自:New York	发表于： 2006-09-17 09:45 \| 短消息资料字号：小中大 4楼 O23 - Service: WinWrCup - MsWinCup - C:\WINNT\wincup\wincup.exe 参考:http://forum.ikaka.com/topic.asp?board=28&artid=8122728 O4 - HKCU\..\Run: [Realplayer.exe] C:\WINNT\system32\Realplayer.exe 参考:http://forum.ikaka.com/topic.asp?board=28&artid=8157088 O23 - Service: Update Service For Windows (SoftUpdate) - Unknown owner - C:\WINNT\SoftUpdate.exe 参考:http://forum.ikaka.com/topic.asp?board=28&artid=8166191 O23 - Service: Network Logon (NetWorkLogon) - Unknown owner - rundll32.exe (file missing) O23 - Service: System Event - Unknown owner - C:\WINNT\SVCH0ST.exe 灰鸽子..安全模式...打开注册表编辑器，展开：HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 搜索NetWorkLogon和 System Event删除... 删除 C:\WINNT\SVCH0ST.exe 修复 R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=explorer.exe,C:\WINNT\system32\downasp.exe F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\pansos.exe O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINNT\SYSTEM32\stdup.dll O2 - BHO: (no name) - {E730189A-9973-4121-B046-AD1C161EC3AF} - C:\WINNT\system32\37211.dll O4 - HKLM\..\Run: [IESAddr] rem O4 - HKLM\..\Run: [Tray] C:\WINNT\command\rundll32.exe O4 - HKLM\..\Run: [zt] C:\WINNT\Intel\rundll32.exe O4 - HKLM\..\Run: [svc] C:\WINNT\svchost.exe O21 - SSODL: SysTime - {724C75F1-B757-408D-A50A-4CF99DA35D73} - C:\PROGRA~1\WinKld\WinKld.dll (file missing) O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\WINNT\webwork\webwork.dll O21 - SSODL: themeadp - {64274C93-3CE7-4663-9C8D-CD2DC8A3590B} - C:\WINNT\system32\themeadp.dll 删除 C:\WINNT\system32\downasp.exe C:\WINNT\system32\pansos.exe C:\WINNT\SYSTEM32\stdup.dll C:\WINNT\system32\37211.dll C:\WINNT\command\rundll32.exe C:\WINNT\Intel\rundll32.exe C:\WINNT\svchost.exe C:\WINNT\system32\themeadp.dll 控制面版-添加和删除程序-卸载 WinKld和webwork 删除 C:\WINNT\webwork http://www.pctutu.com/srmsdown.asp (安装版) http://download5.pctutu.com/soft/magicset78.zip (免安装版) 下载超级兔子..用超级兔子清理王在安全模式下卸载流氓软件... 处理完.. http://mopery.hits.io/sreng2.zip 下载System Repair Engineer 1 解压缩sreng2.zip 2 运行SREng.exe 3 智能扫描=》扫描=》保存报告 4 把日志中的报告完整拷贝贴上来，不要修改
mopery 卡卡技术团队帖子:17737 注册: 2005-12-06 来自:New York

四月一日君寻初生襁褓狮帖子:28 注册: 2006-09-16 来自:	发表于： 2006-09-17 11:29 \| 只看楼主短消息资料字号：小中大 5楼版主大人，我找不到Realplay.exe，昨天有删
四月一日君寻初生襁褓狮帖子:28 注册: 2006-09-16 来自:

四月一日君寻初生襁褓狮帖子:28 注册: 2006-09-16 来自:	发表于： 2006-09-17 11:30 \| 只看楼主短消息资料字号：小中大 6楼 2006-09-17,11:22:57 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><ctfmon.exe> [Microsoft Corporation] <DesktopSprite><rem C:\Program Files\SnowFox\DesktopSprite2\DesktopSprite.exe> [] <MsnMsgr><rem "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [] <Super Rabbit Desktop Search><E:\常用软件\magicset78\MagicSet\SRSearch.exe> [] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] <run><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation] <IgfxTray><rem C:\WINNT\system32\igfxtray.exe> [Intel Corporation] <HotKeysCmds><rem C:\WINNT\system32\hkcmd.exe> [] <StormCodec_Helper><rem "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [] <ETypeAssistant><C:\Program Files\英文打字助手\ETypeAssistant.exe> [] <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation] <RfwMain><"E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Corporation Limited] <RavTask><"E:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><explorer.exe C:\WINNT\system32\downasp.exe> [] <Userinit><C:\WINNT\system32\userinit.exe,C:\WINNT\system32\pansos.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\System Safety Monitor] <WinlogonNotify: System Safety Monitor><SSMWinlogonEx.dll> [System Safety Limited] ================================== 启动文件夹 [南京菲亚特4S经销商管理系统] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\南京菲亚特4S经销商管理系统.lnk><N> ================================== 服务 [Logical Disk Manager Administrative Service / dmadmin] <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.> [Intel(R) NMS / NMSSvc] <C:\WINNT\system32\NMSSvc.exe><Intel Corporation> [Rising Personal Firewall Service / RfwService] <e:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Corporation Limited> [RsRavMon Service / RsRavMon] <"E:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [Update Service For Windows / SoftUpdate] <C:\WINNT\SoftUpdate.exe><N/A> [Internet Protect Service / SoSCAR] <C:\WINNT\SYSTEM32\RUNDLL32.EXE C:\WINNT\SYSTEM32\WBEM\SMTPCONFS.DLL,Export 1087><N/A> [System Event / System Event] <C:\WINNT\SVCH0ST.exe><N/A> [UF2000财务软件 / UFNet] <C:\WINNT\system32\ServerNT.exe><N/A> ================================== 浏览器加载项 [] {E730189A-9973-4121-B046-AD1C161EC3AF} <C:\WINNT\system32\37211.dll, 3721公司<推荐使用>> [@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A> [@msdxmLC.dll,-1@2052,电台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> ================================== 正在运行的进程 [PID: 148][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 172][\??\C:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 168][\??\C:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6898> [C:\WINNT\SVCH0STKey.DLL] <N/A><N/A> [C:\WINNT\system32\WNWBIO.IME] <深圳世强软件开发部 www.wnwb.com ><2005, 1, 31, 1> [C:\WINNT\system32\SSMWinlogonEx.dll] <System Safety Limited><2.1.15.588> [PID: 220][C:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.6700> [C:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3> [PID: 232][C:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.6902> [PID: 412][e:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Corporation Limited><3, 1, 0, 36> [e:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Corporation Limited><3, 0, 1, 5> [e:\program files\rising\rfw\rfwrule.dll] <Beijing Rising Technology Corporation Limited><3, 1, 0, 0> [e:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Corporation Limited><3, 1, 0, 2> [PID: 472][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 496][C:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.6659> [PID: 524][C:\WINNT\System32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 548][C:\WINNT\system32\hidserv.exe] <Microsoft Corporation><5.00.2195.6655> [PID: 572][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] <Microsoft Corporation><7.00.9466> [C:\WINNT\SVCH0STKey.DLL] <N/A><N/A> [PID: 604][C:\WINNT\system32\NMSSvc.exe] <Intel Corporation><2.1.9.0> [C:\WINNT\SVCH0STKey.DLL] <N/A><N/A> [PID: 688][C:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701> [PID: 692][C:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6704> [C:\WINNT\SVCH0STKey.DLL] <N/A><N/A> [PID: 760][C:\WINNT\SoftUpdate.exe] <N/A><N/A> [C:\WINNT\SVCH0STKey.DLL] <N/A><N/A> [PID: 812][C:\WINNT\SYSTEM32\RUNDLL32.EXE] <Microsoft Corporation><5.00.2134.1> [PID: 860][C:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100> [PID: 876][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 940][C:\WINNT\system32\ctfmon.exe] <Microsoft Corporation><1.00.2409.34 built by: Lab06_N> [C:\WINNT\SVCH0STKey.DLL] <N/A><N/A> [PID: 1220][C:\WINNT\explorer.exe] <Microsoft Corporation><5.00.3700.6690> [C:\WINNT\SVCH0STKey.DLL] <N/A><N/A> [C:\WINNT\system32\WNWBIO.IME] <深圳世强软件开发部 www.wnwb.com ><2005, 1, 31, 1> [E:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [C:\WINNT\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21> [C:\WINNT\system32\37211.dll] <3721公司<推荐使用>><1.0.0.0> [E:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\Program Files\ACDSee\picaview.dll] <ACD Systems, Ltd.><2, 0, 0, 78> [C:\Program Files\ACDSee\PlugIns\IDE_ACDStd.apl] <ACD Systems, Ltd.><1, 3, 4, 22> [PID: 1244][e:\program files\rising\rfw\RfwMain.exe] <Beijing Rising Technology Corporation Limited><3, 1, 0, 18> [e:\program files\rising\rfw\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 40> [e:\program files\rising\rfw\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17> [e:\program files\rising\rfw\PngDll.dll] <Rising><17, 0, 0, 2> [C:\WINNT\SVCH0STKey.DLL] <N/A><N/A> [C:\WINNT\system32\WNWBIO.IME] <深圳世强软件开发部 www.wnwb.com ><2005, 1, 31, 1> [PID: 1084][E:\Program Files\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22> [E:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [E:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2> [E:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11> [E:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1> [C:\WINNT\SVCH0STKey.DLL] <N/A><N/A> [C:\WINNT\system32\WNWBIO.IME] <深圳世强软件开发部 www.wnwb.com ><2005, 1, 31, 1> [PID: 972][C:\Program Files\WESTEL\南京菲亚特4S经销商管理系统(C)\nanya.exe] <北京西讯计算机技术有限公司 Bejing WESTEL Computer Technology Co., Ltd.><1.0.0.0> [C:\WINNT\SVCH0STKey.DLL] <N/A><N/A> [C:\WINNT\system32\WNWBIO.IME] <深圳世强软件开发部 www.wnwb.com ><2005, 1, 31, 1> [PID: 932][E:\Program Files\Rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33> [E:\Program Files\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26> [E:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19> [E:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2> [E:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11> [E:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [E:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1> [E:\Program Files\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5> [C:\WINNT\SVCH0STKey.DLL] <N/A><N/A> [C:\WINNT\system32\WNWBIO.IME] <深圳世强软件开发部 www.wnwb.com ><2005, 1, 31, 1> [PID: 1080][C:\Program Files\Maxthon\Maxthon.exe] <MY Soft Technology><1, 1, 0, 39> [C:\Program Files\Maxthon\zlib.dll] <N/A><N/A> [C:\WINNT\SVCH0STKey.DLL] <N/A><N/A> [C:\WINNT\system32\WNWBIO.IME] <深圳世强软件开发部 www.wnwb.com ><2005, 1, 31, 1> [C:\Program Files\Maxthon\Plugin\ViewSource\ViewSrc.dll] <><1, 0, 0, 1> [C:\Program Files\Maxthon\Plugin\FloatBar\FloatBar.dll] <><1, 7, 0, 0> [C:\Program Files\Maxthon\Plugin\uc\uc.dll] <><1, 0, 0, 1> [C:\Program Files\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1> [E:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\WINNT\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [PID: 1364][C:\Program Files\普通发票开票系统\ptfp.exe] <N/A><N/A> [C:\Program Files\普通发票开票系统\PBVM90.dll] <Sybase Inc.><9.0.2.7534> [C:\Program Files\普通发票开票系统\libjcc.dll] <N/A><N/A> [C:\WINNT\SVCH0STKey.DLL] <N/A><N/A> [C:\WINNT\system32\WNWBIO.IME] <深圳世强软件开发部 www.wnwb.com ><2005, 1, 31, 1> [C:\Program Files\普通发票开票系统\pbODB90.dll] <Sybase Inc.><9.0.2.7534> [C:\Program Files\普通发票开票系统\pbdwe90.dll] <Sybase Inc.><9.0.2.7534> [C:\Program Files\普通发票开票系统\ETCFALT.dll] <N/A><N/A> [PID: 1404][E:\常用软件\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [C:\WINNT\SVCH0STKey.DLL] <N/A><N/A> [C:\WINNT\system32\WNWBIO.IME] <深圳世强软件开发部 www.wnwb.com ><2005, 1, 31, 1> ================================== 文件关联 .TXT Error. [notepad.exe %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM Error. [hh.exe %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [notepad.exe %1] .INF Error. [notepad.exe %1] .VBS Error. [wscript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}]
四月一日君寻初生襁褓狮帖子:28 注册: 2006-09-16 来自:

初生襁褓狮

帖子:1347
注册: 2006-08-26
来自:

发表于： 2006-09-17 11:30 | 短消息资料

字号：小中大 7楼

引用:

【四月一日君寻的贴子】大人们~~~~~~~~~~~~~~~现在变这样了，怎么撒~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 9:41:30, on 2006-09-17
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
e:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\NMSSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\SoftUpdate.exe
C:\WINNT\SYSTEM32\RUNDLL32.EXE
C:\WINNT\system32\rundll32.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\pansos.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\downasp.exe
e:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Common Files\UPDATE2\Update.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
E:\Program Files\Rising\Rav\RavTask.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\WESTEL\南京菲亚特4S经销商管理系统(C)\nanya.exe
E:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Maxthon\Maxthon.exe
E:\常用软件\ha_hijackthis_1991\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe C:\WINNT\system32\downasp.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\pansos.exe
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINNT\SYSTEM32\stdup.dll
O2 - BHO: (no name) - {E730189A-9973-4121-B046-AD1C161EC3AF} - C:\WINNT\system32\37211.dll
O2 - BHO: update wnwb - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] rem C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] rem C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDATE2\Update.exe
O4 - HKLM\..\Run: [IESAddr] rem
O4 - HKLM\..\Run: [StormCodec_Helper] rem "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [ETypeAssistant] C:\Program Files\英文打字助手\ETypeAssistant.exe
O4 - HKLM\..\Run: [svc] C:\WINNT\svchost.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [RfwMain] "E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "E:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [DesktopSprite] rem C:\Program Files\SnowFox\DesktopSprite2\DesktopSprite.exe
O4 - HKCU\..\Run: [MsnMsgr] rem "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Realplayer.exe] C:\WINNT\system32\Realplayer.exe
O4 - Global Startup: 南京菲亚特4S经销商管理系统.lnk = ?
O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra ''Tools'' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra ''Tools'' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: _{488A4255-3236-44B3-8F27-FA1AECAA8844} - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: _{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab
O16 - DPF: _{8F00D534-4044-43E0-9B97-A60A8D17C4A9} - http://mail.yanghai.cn/CebcApi.cab
O16 - DPF: _{ACFE8232-03C5-4AEC-AF5E-42B806724096} - http://safe.qq.com/scan/KAllScan.CAB
O16 - DPF: {52DF16E3-6C4F-4B22-8BAF-09263E463B48} - http://zs.kingsoft.com/KOSInit.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: System Safety Monitor - C:\WINNT\SYSTEM32\SSMWinlogonEx.dll
O21 - SSODL: SysTime - {724C75F1-B757-408D-A50A-4CF99DA35D73} - C:\PROGRA~1\WinKld\WinKld.dll (file missing)
O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\WINNT\webwork\webwork.dll
O21 - SSODL: themeadp - {64274C93-3CE7-4663-9C8D-CD2DC8A3590B} - C:\WINNT\system32\themeadp.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Network Logon (NetWorkLogon) - Unknown owner - rundll32.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\system32\NMSSvc.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - e:\program files\rising\rfw\rfwsrv.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Update Service For Windows (SoftUpdate) - Unknown owner - C:\WINNT\SoftUpdate.exe
O23 - Service: UF2000财务软件 (UFNet) - Unknown owner - C:\WINNT\system32\ServerNT.exe

………………

这位楼主..你有看我回你的贴吗??

四月一日君寻初生襁褓狮帖子:28 注册: 2006-09-16 来自:	发表于： 2006-09-17 11:34 \| 只看楼主短消息资料字号：小中大 8楼有呀，但是找不到你说的东东撒6-_-！！！
四月一日君寻初生襁褓狮帖子:28 注册: 2006-09-16 来自:

Flying1889 初生襁褓狮帖子:1347 注册: 2006-08-26 来自:	发表于： 2006-09-17 11:36 \| 短消息资料字号：小中大 9楼 .......我汗
Flying1889 初生襁褓狮帖子:1347 注册: 2006-08-26 来自:

四月一日君寻初生襁褓狮帖子:28 注册: 2006-09-16 来自:	发表于： 2006-09-17 11:37 \| 只看楼主短消息资料字号：小中大 10楼那我该怎么办撒，救我，HELP ME~~~~~~~~~~
四月一日君寻初生襁褓狮帖子:28 注册: 2006-09-16 来自:

<<上一主题|下一主题>>

12 3 4

1 / 4 页

跳转页

四月一日君寻初生襁褓狮帖子:28 注册: 2006-09-16 来自:	发表于： 2006-09-17 09:24 \| 只看楼主短消息资料字号：小中大 1楼版主大人这是我的日志，麻烦你了 Logfile of HijackThis v1.99.1 Scan saved at 9:19:46, on 2006-09-17 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe e:\program files\rising\rfw\rfwsrv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\hidserv.exe C:\WINNT\system32\rundll32.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINNT\system32\pansos.exe C:\WINNT\explorer.exe e:\program files\rising\rfw\RfwMain.exe C:\WINNT\system32\downasp.exe C:\Program Files\Common Files\UPDATE2\Update.exe C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe C:\WINNT\Intel\rundll32.exe E:\Program Files\Rising\Rav\RavTask.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\WESTEL\南京菲亚特4S经销商管理系统(C)\nanya.exe C:\WINNT\system32\NMSSvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\SoftUpdate.exe C:\WINNT\SYSTEM32\RUNDLL32.EXE C:\WINNT\system32\rundll32.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\wincup\wincup.exe C:\WINNT\system32\svchost.exe E:\Program Files\Rising\Rav\Rav.exe E:\Program Files\Rising\Rav\RsAgent.exe C:\WINNT\msagent\AgentSvr.exe C:\Program Files\Maxthon\Maxthon.exe D:\wnwb2005\wnwb.exe D:\wnwb2005\selectso.exe C:\Program Files\普通发票开票系统\ptfp.exe E:\常用软件\ha_hijackthis_1991\HijackThis.exe R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=explorer.exe,C:\WINNT\system32\downasp.exe F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\pansos.exe O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINNT\SYSTEM32\stdup.dll O2 - BHO: (no name) - {E730189A-9973-4121-B046-AD1C161EC3AF} - C:\WINNT\system32\37211.dll O2 - BHO: update wnwb - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [IgfxTray] rem C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] rem C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDATE2\Update.exe O4 - HKLM\..\Run: [IESAddr] rem O4 - HKLM\..\Run: [StormCodec_Helper] rem "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe" O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe O4 - HKLM\..\Run: [ETypeAssistant] C:\Program Files\英文打字助手\ETypeAssistant.exe O4 - HKLM\..\Run: [Tray] C:\WINNT\command\rundll32.exe O4 - HKLM\..\Run: [zt] C:\WINNT\Intel\rundll32.exe O4 - HKLM\..\Run: [svc] C:\WINNT\svchost.exe O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - HKLM\..\Run: [RfwMain] "E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup O4 - HKLM\..\Run: [RavTask] "E:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [DesktopSprite] rem C:\Program Files\SnowFox\DesktopSprite2\DesktopSprite.exe O4 - HKCU\..\Run: [MsnMsgr] rem "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Realplayer.exe] C:\WINNT\system32\Realplayer.exe O4 - Global Startup: 南京菲亚特4S经销商管理系统.lnk = ? O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O14 - IERESET.INF: SEARCH_PAGE_URL= O14 - IERESET.INF: START_PAGE_URL= O16 - DPF: _{488A4255-3236-44B3-8F27-FA1AECAA8844} - https://img.alipay.com/download/1007/aliedit.cab O16 - DPF: _{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab O16 - DPF: _{8F00D534-4044-43E0-9B97-A60A8D17C4A9} - http://mail.yanghai.cn/CebcApi.cab O16 - DPF: _{ACFE8232-03C5-4AEC-AF5E-42B806724096} - http://safe.qq.com/scan/KAllScan.CAB O16 - DPF: {52DF16E3-6C4F-4B22-8BAF-09263E463B48} - http://zs.kingsoft.com/KOSInit.cab O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: System Safety Monitor - C:\WINNT\SYSTEM32\SSMWinlogonEx.dll O21 - SSODL: SysTime - {724C75F1-B757-408D-A50A-4CF99DA35D73} - C:\PROGRA~1\WinKld\WinKld.dll (file missing) O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\WINNT\webwork\webwork.dll O21 - SSODL: themeadp - {64274C93-3CE7-4663-9C8D-CD2DC8A3590B} - C:\WINNT\system32\themeadp.dll O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Network Logon (NetWorkLogon) - Unknown owner - rundll32.exe (file missing) O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\system32\NMSSvc.exe O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - e:\program files\rising\rfw\rfwsrv.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\Program Files\Rising\Rav\Ravmond.exe O23 - Service: Update Service For Windows (SoftUpdate) - Unknown owner - C:\WINNT\SoftUpdate.exe O23 - Service: System Event - Unknown owner - C:\WINNT\SVCH0ST.exe O23 - Service: UF2000财务软件 (UFNet) - Unknown owner - C:\WINNT\system32\ServerNT.exe O23 - Service: WinWrCup - MsWinCup - C:\WINNT\wincup\wincup.exe 2006-09-17 14:02:07
四月一日君寻初生襁褓狮帖子:28 注册: 2006-09-16 来自:	分享到：

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 版主大人这是我的日志，麻烦你了

版主大人这是我的日志，麻烦你了

版主大人这是我的日志，麻烦你了

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛版主大人这是我的日志，麻烦你了