HijackThis_815汉化版扫描日志 V1.99.1
保存于      13:06:31, 日期 2006-6-15
操作系统：  Windows XP SP1 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
D:\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Rising\Rav\Ravmond.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\asn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\Rising\Rav\RavStub.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\wntsec.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\SKYNET\FIREWALL\PFW.exe
D:\Rising\Rav\RavTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
D:\Rising\Rav\Ravmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
F:\3721\HijackThis1991zww.exe

R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yAngling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O4 - 启动项HKLM\\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - 启动项HKLM\\Run: [YLive.exe] rem C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [CnsMin] rem Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - 启动项HKLM\\Run: [ATIPTA] rem "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - 启动项HKLM\\Run: [SKYNET Personal FireWall] C:\PROGRA~1\SKYNET\FIREWALL\PFW.exe
O4 - 启动项HKLM\\Run: [RavTask] "D:\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - 启动项HKLM\\RunOnce: [RavStub] "D:\Rising\Rav\ravstub.exe" /RUNONCE
O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {52DF16E3-6C4F-4B22-8BAF-09263E463B48} (金山毒霸在线产品升级) - http://218.30.82.36/md5/YahooOnlineScanTest/KOSInit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02B8DC37-1BBC-4303-8100-B19BE6D242DF}: NameServer = 202.96.128.143,202.96.128.68,202.96.128.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{099CF056-325A-41F5-B9BA-9A04A819EC5D}: NameServer = 202.96.128.143,202.96.128.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{D547E1D4-B1B9-4F11-A8E3-F58D2747C006}: NameServer = 202.96.128.166 202.96.128.86
O17 - HKLM\System\CS1\Services\Tcpip\..\{02B8DC37-1BBC-4303-8100-B19BE6D242DF}: NameServer = 202.96.128.143,202.96.128.68,202.96.128.110
O23 - NT 服务: ASN Service (asn.exe) - Unknown owner - C:\WINDOWS\asn.exe
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Rising\Rav\Ravmond.exe
O23 - NT 服务: smss - Unknown owner - C:\WINDOWS\G_Server2.0.exe
O23 - NT 服务: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

修复
R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe

O23 - NT 服务: ASN Service (asn.exe) - Unknown owner - C:\WINDOWS\asn.exe
O23 - NT 服务: smss - Unknown owner - C:\WINDOWS\G_Server2.0.exe
鸽子..安全模式...打开注册表编辑器，展开：HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
搜索 asn.exe  和 smss  删除

删除
C:\WINDOWS\asn.exe
C:\WINDOWS\G_Server2.0.exe


安全模式下全盘扫毒...

O23 - NT 服务: ASN Service (asn.exe) - Unknown owner - C:\WINDOWS\asn.exe
O23 - NT 服务: smss - Unknown owner - C:\WINDOWS\G_Server2.0.exe
上面2个是的  下面这个是ATI的什么东东？
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

哦 原来ati2sgag.exe是一个ati图形显示卡驱程的相关进程。

HijackThis_815汉化版删除后，重启后，瑞星终于没有杀到灰鸽子了，谢谢各位帮忙。偶正在删注册表里的垃圾。