HijackThis_zww汉化版扫描日志 V1.99.1
保存于      17:43:57 上午, 日期 2005-12-28
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
D:\瑞星杀毒\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
D:\nero\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
D:\瑞星杀毒\Rising\Rav\Ravmond.exe
d:\瑞星防火墙下载\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
D:\瑞星杀毒\Rising\Rav\RavStub.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
d:\瑞星防火墙下载\rising\rfw\RfwMain.exe
D:\nero\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\瑞星杀毒\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\cl\桌面\daojishi\完成版HA_SmartClock21_zly\SmartClock.exe
D:\瑞星杀毒\Rising\Rav\Ravmon.exe
D:\tt浏览器\TTraveler.exe
C:\Documents and Settings\cl\桌面\2535952005811174944\HijackThis1991zww.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - 启动项HKLM\\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - 启动项HKLM\\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - 启动项HKLM\\Run: [InCD] D:\nero\InCD\InCD.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SmartClock] C:\Documents and Settings\cl\桌面\daojishi\完成版HA_SmartClock21_zly\SmartClock.exe /boot
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\qq\SendMMS.htm
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2761225D-F0F2-44E8-A2C9-476FB6A3316A} - http://dl_dir.qq.com/qqtools/trsetup.exe
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {40CFEA79-ED5B-4B2B-8B8D-B567E40AF812} (sslclient Control) - http://www.tol24.com/download/ocx/sslclientnew.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.hnpgc.com/cbsweb/newmap/viewsdown/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128177549953
O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.co.kr/install/mv/p3bvset.cab
O16 - DPF: {98A62E3F-A8C5-4EF0-8A00-C70CF9D18A89} (LoaderCore Class) - http://tb.sogou.com/DLLoader.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} (Qzone Media Tools) - http://imgcache.qq.com/music/QQMusicSetup.exe
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/BugsLoader20041018.cab
O16 - DPF: {C5D0DFF5-6D39-4F98-88CD-12E8430A6300} (clienttime.client) - http://www.time.ac.cn/times/client.CAB
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O16 - DPF: {E1207373-6721-4AAD-888B-C8C5A0209E17} (VnetAnpr Class) - http://service.chinavnet.com/zx/VNetInterface/VNetForSP/VnetPlugin.CAB
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://www.tenpay.com/download/qqedit.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} - http://club.jiangmin.com/kvscan/KvDown.cab
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy Class) - http://218.85.138.27/vqqsdl1009.cab
O16 - DPF: {FABF66A6-9C3F-4FF4-9499-5B9F4AD6FD4B} (BigHead Control) - http://q-zone.qq.com/client/mall/BigheadControl.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://pcastdl.dudu.com/files/pCastCtl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BA68E3A-9826-4DB0-849A-A5664BFC5D77}: NameServer = 210.30.0.1,202.96.64.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{78C545DD-CF36-40A0-BDB8-B592D704E0F2}: NameServer = 219.150.32.132 202.96.209.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BA68E3A-9826-4DB0-849A-A5664BFC5D77}: NameServer = 210.30.0.1,202.96.64.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{0BA68E3A-9826-4DB0-849A-A5664BFC5D77}: NameServer = 210.30.0.1,202.96.64.68
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - NT 服务: InCD Helper (InCDsrv) - Ahead Software AG - D:\nero\InCD\InCDsrv.exe
O23 - NT 服务: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - NT 服务: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - NT 服务: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\瑞星防火墙下载\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\瑞星杀毒\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\瑞星杀毒\Rising\Rav\Ravmond.exe
O23 - NT 服务: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - NT 服务: Microsoft Windows OneCare Live (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)
O23 - NT 服务: WLANKEEPER - Intel? Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

瑞星听诊信息
自启动项
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\Currentversion\Run
  IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef
  /Migration32
  PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
  PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
  (默认) =
  IntelWireless = C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel
  PROSet/Wireless
  IMSCMig = C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
  NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
  InCD = D:\nero\InCD\InCD.exe
  RfwMain = "D:\ruixing\Rising\Rfw\rfwmain.exe" -Startup
  RavTask = "D:\瑞星防火墙下载\Rising\Rav\RavTask.exe" -system
  TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
  -osboot
  Windows木马防火墙 = D:\fhg\Trojanwall.exe

HKEY_CURRENT_USER Software\Microsoft\Windows\Currentversion\Run
  ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
  SmartClock = C:\Documents and
  Settings\cl\桌面\daojishi\完成版HA_SmartClock21_zly\SmartClock.exe /boot

HKEY_LOCAL_MACHINE
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
  C:\WINDOWS\system32\RavExt.dll= Rising Execute File Exts hook

HKEY_LOCAL_MACHINE
Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
  PostBootReminder = %SystemRoot%\system32\SHELL32.dll
  CDBurn = %SystemRoot%\system32\SHELL32.dll
  WebCheck = %SystemRoot%\system32\webcheck.dll
  SysTray = C:\WINDOWS\system32\stobject.dll

HKEY_LOCAL_MACHINE
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
  %SystemRoot%\system32\browseui.dll= Browseui 预加载程序
  %SystemRoot%\system32\browseui.dll= 组件类别缓存程序


SYSTEM.INI BOOT SHELL Explorer.exe
SYSTEM.INI BOOT SCRNSAVE.EXE C:\WINDOWS\system32\logon.scr


其他相关项
HKEY_CURRENT_USER Software\Microsoft\Internet Explorer\Main start page ---->
http://www.baidu.com/
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon
DefaultUserName ----> cl
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon
AltDefaultUserName ----> cl
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit ----> C:\WINDOWS\system32\userinit.exe,


WININIT.INI
[Rename]
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=

Hosts
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
127.0.0.1 tol24.com



进程列表

[System Process]
System
C:\WINDOWS\system32\Ati2evxx.exe (Made by ATI Technologies Inc.)
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (Made by Dell Inc.)
C:\WINDOWS\system32\Ati2evxx.exe (Made by ATI Technologies Inc.)
C:\Documents and Settings\cl\桌面\daojishi\完成版HA_SmartClock21_zly\SmartClock.exe
(Made by Pavel Chmela?)

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\瑞星防火墙下载\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
D:\nero\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\瑞星防火墙下载\Rising\Rav\Ravmond.exe
d:\ruixing\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
D:\瑞星防火墙下载\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
d:\ruixing\rising\rfw\RfwMain.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
D:\nero\InCD\InCD.exe
D:\瑞星防火墙下载\Rising\Rav\RavTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\瑞星防火墙下载\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
D:\tt浏览器\TTraveler.exe
D:\瑞星防火墙下载\Rising\Rav\RsLogVw.exe
D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ftp.exe
C:\Documents and Settings\cl\桌面\RavDetect.exe

进程详细信息


D:\tt浏览器\TTraveler.exe
  D:\tt浏览器\Plugins\QQFloatBar\QQFloatBar4TT2.dll (made by 腾讯公司)


  D:\tt浏览器\PersonalDesktop.dll (made by 深圳市腾讯计算机系统公司QQ工作小组)
 

C:\Documents and Settings\cl\桌面\daojishi\完成版HA_SmartClock21_zly\SmartClock.exe
  C:\Documents and Settings\cl\桌面\daojishi\完成版HA_SmartClock21_zly\SmartClock.exe
  (made by Pavel Chmela?)
 
 


C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\Ati2evxx.exe (made by ATI Technologies Inc.)


  C:\WINDOWS\system32\Ati2edxx.dll (made by ATI Technologies, Inc.)
  UnhandledExceptionFilter

 
  c:\workarea\8.063.2.1\drivers\2d\dal\extevents\ati
  Q



C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
  C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (made by Dell Inc.)
 

C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\Ati2evxx.dll (made by ATI Technologies Inc.)

  \??\C:\WINDOWS\system32\winlogon.exe

我中间删了不少乱码我也不懂啊

谢谢了!呵呵