瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 请各位高手帮我看看扫描的日志,是否有灰鸽子病毒,谢了!
lovezhu - 2005-11-6 15:31:00
Logfile of HijackThis v1.99.1
Scan saved at 15:19:00, on 2005-11-6
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
F:\PROGRAM FILES\RISING\RAV\Ravmond.exe
D:\WINDOWS\Explorer.EXE
F:\PROGRAM FILES\RISING\RAV\RavStub.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Analog Devices\SoundMAX\Smtray.exe
F:\Program Files\Logitech\iTouch\iTouch.exe
F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
F:\Program Files\HP\HP Software Update\HPWuSchd.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\CNNIC\Cdn\cdnup.exe
F:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
F:\quick time 6\qttask.exe
F:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
F:\PROGRA~1\RISING\RAV\RAVMON.EXE
D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
D:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
D:\Program Files\wsearch\Search.exe
D:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Logitech\iTouch\kbdtray.exe
D:\WINDOWS\system32\conime.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\zsxz\UrlService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\P4P\p2psvr.exe
F:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\zsxz\IEUrldrive.exe
D:\WINDOWS\System32\svchost.exe
F:\Program Files\Maxthon\Maxthon.exe
F:\PROGRA~1\FLASHGET\JETCAR.EXE
f:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\dz\LOCALS~1\Temp\Rar$EX00.797\HijackThis.exe


O4 - HKLM\..\Run: [RavTimer] F:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] F:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [YLive.exe] D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "D:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [CheckRes] D:\Program Files\MyBackDrop\ActivDesk.exe
O4 - HKLM\..\Run: [AutoUpdate] D:\WINDOWS\nshell\AutoUpdate.exe
O4 - HKLM\..\Run: [MoveSearch] D:\Program Files\wsearch\Search.exe
O4 - HKLM\..\RunOnce: [RavStub] "F:\PROGRAM FILES\RISING\RAV\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DrvMon.exe] D:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [MSMSGS] ; "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] ; "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: 娱乐心空.lnk = D:\Program Files\yulexk\Run.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item:  >> 彩信发送 << - res://D:\PROGRA~1\MMSASS~1\MMSASS~1.DLL/mms.htm
O8 - Extra context menu item: !搜一搜 - res://D:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/246
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: 中国搜索(&Z) - D:\WINDOWS\I_SearchIE.htm
O8 - Extra context menu item: 使用搜狗直通车下载 - D:\Program Files\P4P\dl.htm
O8 - Extra context menu item: 使用网际快车下载 - F:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - F:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: 发送图片到手机 - D:\Program Files\P4P\cx.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - F:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - F:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\Program Files\Tencent\qq\SendMMS.htm
O8 - Extra context menu item: 百度-搜索MP3 - res://D:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度-搜索图片 - res://D:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度-搜索新闻 - res://D:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度-搜索歌词 - res://D:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度-搜索网页 - res://D:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度-搜索贴吧 - res://D:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 百度-词典搜索 - res://D:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDU_DIC.HTM
O8 - Extra context menu item: 访问通用网址 - D:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: 维宇RealLink - {0713E8D2-850A-101B-AFC0-4210122A8DA9} - F:\Program Files\VerySoft\RealLink\RealLink.exe
O9 - Extra 'Tools' menuitem: 维宇RealLink - {0713E8D2-850A-101B-AFC0-4210122A8DA9} - F:\Program Files\VerySoft\RealLink\RealLink.exe
O9 - Extra button: 新浪UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - F:\Program Files\sina\UC\UC.exe
O9 - Extra button: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - D:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - D:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - Extra button: 常用网址 - {36B39F01-7B48-44AD-A165-5849CD8EF562} - D:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - D:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - D:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - Extra button: SoQ - {8F67DCF3-B1DF-4A39-A787-3775784BF737} - http://www.soq.com (file missing)
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FLASHGET\JETCAR.EXE
O20 - AppInit_DLLs: D:\WINDOWS\system32\SoDAHK.DLL
O23 - Service: IE URL Service - Unknown owner - D:\Program Files\zsxz\UrlService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: P4P Service - Sohu.com Inc. - D:\Program Files\P4P\p2psvr.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - F:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - F:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

1
查看完整版本: 请各位高手帮我看看扫描的日志,是否有灰鸽子病毒,谢了!
© 2000 - 2025 Rising Corp. Ltd.