【回复“力克千年虫”的帖子】
马力先生你好: log如下,同时我还装了kingsoft,还有部分程序我知道是OK的,如
1. C:\Program Files\datawin\licenselock\licenselock.exe
2. O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
3. O23 - Service: AdminService for PROGRESS 9.1C (AdminService9.1C) - Unknown owner - e:\dlc\bin\AdmSrvc.exe (file missing)
多谢了!!!!!!!!!
Logfile of HijackThis v1.99.1
Scan saved at 2:19:46 PM, on 2005-09-20
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\KavNet\KANSvr.EXE
C:\Program Files\Kingsoft\Antivirus\KANServer\SystemCenter\server\kservice.exe
C:\WINNT\System32\llssrv.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Kingsoft\Antivirus\KANServer\SystemCenter\tomcat\bin\tomcat.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\Program Files\Kingsoft\Antivirus\KANServer\SystemCenter\HttpProxyServer\KANHttpProxyMain.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe
C:\WINNT\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\WINNT\System32\hkcmd.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Kingsoft\Antivirus\KANServer\SystemCenter\server\PublicServerControl.exe
C:\KavNet\KANSGUI.EXE
C:\KavNet\KANSA.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\regedit.exe
C:\WINNT\system32\mmc.exe
C:\Program Files\datawin\licenselock\licenselock.exe
C:\PROGRA~1\RISING\RAV\Rav.exe
C:\PROGRA~1\RISING\RAV\RsAgent.exe
C:\WINNT\msagent\AgentSvr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.985\HijackThis.exe
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SystemServiceTool] "C:\Program Files\Kingsoft\Antivirus\KANServer\SystemCenter\server\PublicServerControl.exe" -s
O4 - HKLM\..\Run: [KANGUI.EXE] "C:\KavNet\KANSGUI.EXE" -s
O4 - HKLM\..\Run: [KANSA] "C:\KavNet\KANSA.EXE" -s -u -z
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: ERUNT AutoBackup.lnk = J:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Quick Search (Yisou.com) - res://C:\WINNT\downlo~1\CnsMinEx.dll/1003
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - G:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - G:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - G:\qq\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\JETCAR.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\JETCAR.EXE
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://www.trendmicro.com.cn/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F147B7C-302E-44E5-97BC-F924756E80AB}: NameServer = 61.144.56.101
O17 - HKLM\System\CS1\Services\Tcpip\..\{4F147B7C-302E-44E5-97BC-F924756E80AB}: NameServer = 61.144.56.101
O17 - HKLM\System\CS2\Services\Tcpip\..\{4F147B7C-302E-44E5-97BC-F924756E80AB}: NameServer = 61.144.56.101
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AdminService for PROGRESS 9.1C (AdminService9.1C) - Unknown owner - e:\dlc\bin\AdmSrvc.exe (file missing)
O23 - Service: DATAWIN LICENSE LOCK (DATAWINLICENSELOCK) - Unknown owner - C:\Program Files\datawin\licenselock\licenselock.exe
O23 - Service: DATAWIN SERVER LOCK (DATAWINSERVERLOCK) - Unknown owner - C:\Program Files\datawin\Server Lock\serverlock.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kingsoft Antivirus Net Communication (KANetCommService) - kingsoft - C:\KavNet\KANSvr.EXE
O23 - Service: Kingsoft Antivirus Http Proxy Server - KingSoft - C:\Program Files\Kingsoft\Antivirus\KANServer\SystemCenter\HttpProxyServer\KANHttpProxyMain.exe
O23 - Service: Kingsoft Antivirus Net System Center - 珠海金山软件股份有限公司 - C:\Program Files\Kingsoft\Antivirus\KANServer\SystemCenter\server\kservice.exe
O23 - Service: Microsoft Windows XP - Unknown owner - C:\WINNT\system32\Explorer.exe (file missing)
O23 - Service: PMS (Portable Media Serial) - Unknown owner - C:\WINNT\service.exe
O23 - Service: ProService for 9.1C (ProService9.1C) - Unknown owner - e:\dlc\bin\ProSrvc.exe (file missing)
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINNT\system32\r_server.exe" /service (file missing)
O23 - Service: TomcatKS - Alexandria Software Consulting - C:\Program Files\Kingsoft\Antivirus\KANServer\SystemCenter\tomcat\bin\tomcat.exe
ÔÞÅdpÕ�Äbbs.ikaka.com6¾(Q3ðñ&dotå
