HijackThis_815汉化版扫描日志 V1.99.1
保存于      17:45:44, 日期 2006-8-11
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Rising\Rav\Ravmond.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\lenovo\GUA\GUA.exe
C:\Program Files\lenovo\IGRS\IGRS.exe
C:\Program Files\lenovo\IGRS\Ext\IgrsMonitor.exe
C:\Program Files\lenovo\IGRS\Ext\router.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\lenovo\IGRS\Ext\wmcsvc.exe
C:\Program Files\lenovo\IGRS Profiles\File Profile\IgrsFile.exe
C:\Program Files\lenovo\IGRS EasyShare\FileShare.exe
C:\WINDOWS\Explorer.EXE
d:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\EnergyCut\utilty.exe
C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\xyq\桌面\Hijackthis1991zww\HijackThis1991zww.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\difd.exe
O2 - BHO: Shockwave Flash Object - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - C:\WINDOWS\system32\smflash.ocx
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - D:\PROGRA~1\SUPERR~1\MagicSet\haokanbar2.dll
O2 - BHO: IEHlprObj Class - {D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF} - C:\Progra~1\NetMeeting\conf.dll (file missing)
O3 - IE工具栏增项: 闪联任意通 - {0C9B3AB9-DEDF-11D8-A2D4-0050FC464B19} - C:\Program Files\lenovo\IGRS EasyShare\IgrsAnywhere.dll
O3 - IE工具栏增项: MSN 搜索工具栏 - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\zh-cn\msntb.dll
O3 - IE工具栏增项: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - D:\PROGRA~1\SUPERR~1\MagicSet\haokanbar2.dll
O4 - 启动项HKLM\\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - 启动项HKLM\\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - 启动项HKLM\\Run: [EnergyUtility] C:\Program Files\Lenovo\EnergyCut\utilty.exe
O4 - 启动项HKLM\\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
O4 - 启动项HKLM\\Run: [RfwMain] "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - 启动项HKLM\\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - 启动项HKLM\\Run: [RTHDCPL] RTHDCPL.EXE
O4 - 启动项HKLM\\Run: [Alcmtr] ALCMTR.EXE
O4 - 启动项HKLM\\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [Thunder] ; "d:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s
O4 - 启动项HKLM\\Run: [LetsCool] ; C:\Program Files\LetsCool\LetsCool.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 腾讯QQ.lnk = D:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: 蓝牙控制盘.lnk = ?
O4 - Global Startup: Windows 桌面搜索.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1105\zh-cn\bin\WindowsSearch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Excel(&x) - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\wshcon32.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\wshcon32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com
O16 - DPF: {1B7F63FD-BDD9-44DC-AFF3-8E4263B6644B} (SwxCrypt Control) - https://homebank.citicib.com.cn/eWallet.CAB
O16 - DPF: {88734439-46D0-42C0-A13F-7E881EE550CF} (Filetran Control) - http://www.bluesky.cn/download/filetran.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab
O18 - 列举现有的协议: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: igrswn - C:\Program Files\lenovo\IGRS\Ext\igrswn.dll
O21 - SSODL: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - (no file)
O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - (no file)
O23 - NT 服务: AccessInterfa - Unknown owner - C:\WINDOWS\G_S.23.exe
O23 - NT 服务: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - NT 服务: Server1.23 (GrayPigeonServer1.23) - Unknown owner - C:\Program Files\HgzServer\G_1.23.exe
O23 - NT 服务: General Updater/AutoUpdater Service (GUA) - lenovo - C:\Program Files\lenovo\GUA\GUA.exe
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - NT 服务: IGRS - Lenovo Group Limited - C:\Program Files\lenovo\IGRS\IGRS.exe
O23 - NT 服务: IGRSFILE - Lenovo Group Limited - C:\Program Files\lenovo\IGRS Profiles\File Profile\IgrsFile.exe
O23 - NT 服务: IgrsFileShare - 联想集团有限公司 - C:\Program Files\lenovo\IGRS EasyShare\FileShare.exe
O23 - NT 服务: IgrsMonitor - Lenovo Group Limited - C:\Program Files\lenovo\IGRS\Ext\IgrsMonitor.exe
O23 - NT 服务: MicroGrid DirectRouter (MicroGrid.DirectRouter) - Lenovo Group Limited - C:\Program Files\lenovo\IGRS\Ext\router.exe
O23 - NT 服务: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: SmartLinkService (SLService) -  - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - NT 服务: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - NT 服务: WMCSVC - Lenovo Group Limited - C:\Program Files\lenovo\IGRS\Ext\wmcsvc.exe

【回复“六指琴魔合肥”的帖子】
O23 - NT 服务: AccessInterfa - Unknown owner - C:\WINDOWS\G_S.23.exe
灰鸽子

最怕看诺顿用户的日志——N个服务项，搞得人眼花！！变态得诺顿！！

O23 - NT 服务: Server1.23 (GrayPigeonServer1.23) - Unknown owner - C:\Program Files\HgzServer\G_1.23.exe
O23 - NT 服务: AccessInterfa - Unknown owner - C:\WINDOWS\G_S.23.exe
鸽子..安全模式...打开注册表编辑器，展开：HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
搜索GrayPigeonServer1.23和AccessInterfa  删除..
删除
C:\Program Files\HgzServer\G_1.23.exe
C:\WINDOWS\G_S.23.exe

猫叔 你漏了只鸽子..


修复
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\difd.exe
O2 - BHO: IEHlprObj Class - {D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF} - C:\Progra~1\NetMeeting\conf.dll (file missing)
O21 - SSODL: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - (no file)
O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - (no file)
删除
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\difd.exe

引用:

【mopery的贴子】O23 - NT 服务: Server1.23 (GrayPigeonServer1.23) - Unknown owner - C:\Program Files\HgzServer\G_1.23.exe O23 - NT 服务: AccessInterfa - Unknown owner - C:\WINDOWS\G_S.23.exe 鸽子..安全模式...打开注册表编辑器，展开：HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 搜索GrayPigeonServer1.23和AccessInterfa  删除.. 删除 C:\Program Files\HgzServer\G_1.23.exe C:\WINDOWS\G_S.23.exe 猫叔 你漏了只鸽子.. 修复 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\difd.exe O2 - BHO: IEHlprObj Class - {D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF} - C:\Progra~1\NetMeeting\conf.dll (file missing) O21 - SSODL: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - (no file) O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - (no file) 删除 C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\difd.exe ………………

惭愧啊！
我眼花啊！
偏偏又遇到诺顿用户的日志！想死啊！！！