HijackThis_zww汉化版扫描日志 V1.99.1
保存于      17:36:54, 日期 2005-11-29
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Unable to get Internet Explorer version!

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\RISINGRAV17.53.40\RISING\RAV\Ravmond.exe
C:\WINDOWS\Explorer.EXE
d:\rfirewall-17.42\rfw\rfw\rfwsrv.exe
d:\rfirewall-17.42\rfw\rfw\RfwMain.exe
D:\RISINGRAV17.53.40\RISING\RAV\CCENTER.EXE
D:\HijackThis1.99.1二次汉化版\HijackThis1991zww.exe
C:\WINDOWS\system32\wuauclt.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - 启动项HKLM\\Run: [RfwMain] ; "D:\RFireWall-17.42\Rfw\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\迅雷5\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\迅雷5\getallurl.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB61E914-3CCA-4B27-B9B8-F077A519B65D}: NameServer = 210.43.64.10,218.76.65.107
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\rfirewall-17.42\rfw\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - D:\RISINGRAV17.53.40\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\RISINGRAV17.53.40\RISING\RAV\Ravmond.exe



=========================================
以下是SREng的扫描LOG

2005-11-29,17:37:56

System Repair Engineer 1.1.0.269
    Windows XP Professional Service Pack 2 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RfwMain><"D:\RFireWall-17.42\Rfw\Rfw\rfwmain.exe" -Startup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><EXPLORER.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINDOWS\system32\userinit.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
服务
[Rising Personal Firewall Service / RfwService]
  <d:\rfirewall-17.42\rfw\rfw\rfwsrv.exe><Beijing Rising Technology Corporation Limited>
[Rising Process Communication Center / RsCCenter]
  <D:\RISINGRAV17.53.40\RISING\RAV\CCENTER.EXE><rising>
[RsRavMon Service / RsRavMon]
  <D:\RISINGRAV17.53.40\RISING\RAV\Ravmond.exe><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[ThunderIEHelper Class]
  <C:\WINDOWS\system32\xunleibho_v8.dll>
[AcroIEHlprObj Class]
  <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx>
[ThunderIEHelper Class]
  <C:\WINDOWS\system32\xunleibho_v8.dll>
[AcroIEHlprObj Class]
  <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx>
[&使用迅雷下载]
  <D:\迅雷5\geturl.htm>
[&使用迅雷下载全部链接]
  <D:\迅雷5\getallurl.htm>

==================================
正在运行的进程
[PID: 444][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 500][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 524][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 576][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 592][C:\WINDOWS\system32\savedump.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 600][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 744][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 792][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 852][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 900][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 980][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1076][D:\RISINGRAV17.53.40\RISING\RAV\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><17, 0, 1, 57>
    [D:\RISINGRAV17.53.40\RISING\RAV\guidll.dll]  <rising><17, 0, 0, 13>
    [D:\RISINGRAV17.53.40\RISING\RAV\RsCommX.dll]  <rising><17, 0, 0, 3>
    [D:\RISINGRAV17.53.40\RISING\RAV\RSAPPMGR.DLL]  <Rising Corp.><17, 0, 0, 7>
    [D:\RISINGRAV17.53.40\RISING\RAV\CfgDll.dll]  <rising><17, 0, 0, 60>
    [D:\risingRav17.53.40\Rising\Rav\Scanner.dll]  <Rising><17, 0, 0, 43>
    [D:\RISINGRAV17.53.40\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
    [D:\risingRav17.53.40\Rising\Rav\libload.dll]  <Rising><17, 0, 0, 14>
    [D:\risingRav17.53.40\Rising\Rav\VirusLib.dll]  <Rising><17, 0, 0, 26>
    [D:\RISINGRAV17.53.40\RISING\RAV\MailMon.dll]  < ><17, 0, 0, 9>
    [D:\risingRav17.53.40\Rising\Rav\SpamEng.dll]  <N/A><17, 0, 0, 7>
    [D:\RISINGRAV17.53.40\RISING\RAV\MemMon.dll]  <北京瑞星><17, 8, 0, 0>
    [D:\RISINGRAV17.53.40\RISING\RAV\expscan.dll]  <N/A><17, 0, 0, 6>
    [D:\RISINGRAV17.53.40\RISING\RAV\mPorts.dll]  <Beijing Rising Technology Corporation Limited><3, 0, 0, 3>
    [D:\RISINGRAV17.53.40\RISING\RAV\regmon.dll]  < ><17, 0, 0, 12>
    [D:\RISINGRAV17.53.40\RISING\RAV\HookWeb.dll]  <rising><17, 0, 0, 4>
[PID: 1180][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1276][d:\rfirewall-17.42\rfw\rfw\rfwsrv.exe]  <Beijing Rising Technology Corporation Limited><3, 1, 0, 36>
    [d:\rfirewall-17.42\rfw\rfw\Rfwdrv.dll]  <Beijing Rising Technology Corporation Limited><3, 0, 1, 5>
    [d:\rfirewall-17.42\rfw\rfw\rfwrule.dll]  <Beijing Rising Technology Corporation Limited><3, 1, 0, 0>
    [d:\rfirewall-17.42\rfw\rfw\rfwlog.dll]  <Beijing Rising Technology Corporation Limited><3, 1, 0, 2>
[PID: 1484][d:\rfirewall-17.42\rfw\rfw\RfwMain.exe]  <Beijing Rising Technology Corporation Limited><3, 1, 0, 19>
    [d:\rfirewall-17.42\rfw\rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 40>
    [d:\rfirewall-17.42\rfw\rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
    [d:\rfirewall-17.42\rfw\rfw\PngDll.dll]  <Rising><17, 0, 0, 2>
[PID: 1684][D:\RISINGRAV17.53.40\RISING\RAV\CCENTER.EXE]  <rising><17, 0, 0, 1>
[PID: 1752][C:\WINDOWS\system32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 216][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 492][C:\WINDOWS\system32\wuauclt.exe]  <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 300][D:\HijackThis1.99.1二次汉化版\System Repair Engineer.exe]  <Smallfrogs Studio><1.1.0.269>

==================================
文件关联
.TXT  OK. [C:\WINDOWS\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [C:\WINDOWS\system32\winhlp32.exe %1]
.INI  OK. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [C:\WINDOWS\System32\NOTEPAD.EXE %1]

==================================

请指教日志中有什么地方是要注意并要修复的？
SREng提示提示有病毒[如下图],应这样处理?




还有就是瑞星防火墙更换新规则包,频繁提示如下图,请问是怎么回事？





敬待佳音,谢谢！

好的,现在就去看看,多谢指点！