HijackThis_zww汉化版扫描日志 V1.99.1
保存于      20:48:01, 日期 2006-11-10
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rfw\rfwmain.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\System\Update.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\Common Files\{6CF9DF18-0635-2052-0212-040123020056}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\SVCHOST.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mstrandom.exe
C:\WINDOWS\explorer.exe
\l\本地磁盘 (F)\杂乱\杂乱\HijackThis1991zww.exe

R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr1.dll
F3 - REG:win.ini: load=C:\WINDOWS\system\tpkIM32.exe
O1 - Hosts: 203.171.236.215 www.17173.com
O1 - Hosts: 203.171.236.215 www.wowchina.com
O1 - Hosts: 203.171.236.215 www.ztgame.com.cn
O1 - Hosts: 203.171.236.215 rxjh.17game.com
O1 - Hosts: 203.171.236.215 www.17game.com
O1 - Hosts: 203.171.236.215 www.kd171.cn
O1 - Hosts: 203.171.236.215 www.72g.com
O1 - Hosts: 203.171.236.215 www.muchina.com
O1 - Hosts: 203.171.236.215 xyq.163.com
O1 - Hosts: 203.171.236.215 xy2.163.com
O1 - Hosts: 203.171.236.215 www.the9.com
O1 - Hosts: 203.171.236.215 www.5173.com
O1 - Hosts: 203.171.236.215 www.tkgame.com
O1 - Hosts: 59.34.197.239 www.baidu.com
O1 - Hosts: 59.34.197.239 baidu.com
O1 - Hosts: 59.34.197.239 www.sohu.com
O1 - Hosts: 59.34.197.239 sohu.com
O1 - Hosts: 59.34.197.239 www.sina.com
O1 - Hosts: 59.34.197.239 sina.com
O1 - Hosts: 59.34.197.239 www.sina.com.cn
O1 - Hosts: 59.34.197.239 sina.com.cn
O1 - Hosts: 59.34.197.239 www.163.com
O1 - Hosts: 59.34.197.239 163.com
O1 - Hosts: 59.34.197.239 www.google.com
O1 - Hosts: 59.34.197.239 google.com
O1 - Hosts: 59.34.197.239 www.qq.com
O1 - Hosts: 59.34.197.239 qq.com
O1 - Hosts: 59.34.197.239 www.hao123.com
O1 - Hosts: 59.34.197.239 hao123.com
O1 - Hosts: 59.34.197.239 ttlttt.com
O1 - Hosts: 59.34.197.239 www.ddspn.com
O2 - BHO: IEMonitor Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\Program Files\DeskAdTop\deskipn.dll
O2 - BHO: 搜搜地址栏搜索 - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr1.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush.dll
O2 - BHO: Google Bar  - {12365484-96a1-6974-3269-123555124655} - C:\WINDOWS\system32\GoogleBar.dll
O2 - BHO: ui Class - {4CEB0B7C-0729-412b-8627-0088FB4F6D9F} - C:\WINDOWS\system32\BHO04.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - G:\杂乱\tem\QQIEHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O2 - BHO: (no name) - {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\WINDOWS\system32\ssup.dll (file missing)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\SCIntruder.dll (file missing)
O2 - BHO: Spoolsv Class - {9C363D55-07D7-433d-A13E-D9C105202F6F} - C:\WINDOWS\system32\drivers\spoolsv.dll
O2 - BHO: (no name) - {AF3876B1-7D5F-4F0F-BECA-A6324D125A48} - C:\WINDOWS\system32\ATIDEMGREDEM.dll
O2 - BHO: BrowserProxy4  - {BCF4D74B-E6BD-4C8F-83D7-90D6439705B9} - C:\WINDOWS\system32\AlxTbl.dll
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3CF9DF18-0635-2052-0212-040123020056}\888Bar.dll
O3 - IE工具栏增项: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O3 - IE工具栏增项: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3CF9DF18-0635-2052-0212-040123020056}\888Bar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - 启动项HKLM\\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - 启动项HKLM\\Run: [Desktop] C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
O4 - 启动项HKLM\\Run: [System] C:\Program Files\Common Files\System\Update.exe
O4 - 启动项HKLM\\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - 启动项HKLM\\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pit] C:\WINDOWS\SVCHOST.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm
O9 - 浏览器额外的按钮: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的按钮: 酷标 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\coolsign\coolsign.dll
O9 - 浏览器额外的按钮: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - 浏览器额外的“工具”菜单项: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - 浏览器额外的按钮: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - 浏览器额外的“工具”菜单项: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\system32\shdocvw.dll
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\system32\shdocvw.dll
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - G:\杂乱\tem\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - G:\杂乱\tem\QQIEHelper.dll
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}? - C:\WINDOWS\system32\shdocvw.dll
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}? - C:\WINDOWS\system32\shdocvw.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\changsh001.dll' missing
O11 - Options group: [CDNCLIENT]  中文上网
O11 - Options group: [TBH] 搜搜地址栏搜索
O16 - DPF: {A16FC0A3-CC2D-4CBC-8F84-D6341AE6EDDB} (SnInputControl Class) - http://jf.sdo.com/sndasec.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DFFE59B-B370-4935-9318-BBA0F3371305}: NameServer = 202.101.107.55,202.101.98.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{4DFFE59B-B370-4935-9318-BBA0F3371305}: NameServer = 202.101.107.55,202.101.98.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{4DFFE59B-B370-4935-9318-BBA0F3371305}: NameServer = 202.101.107.55,202.101.98.55
O21 - SSODL: NetWork - {FC055E7D-8144-4706-8586-2F1C49FCDD2A} - C:\WINDOWS\system32\cmspl.dll
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

怎么没人来啊  哭 ~~~~~~

【回复“寂寞男孩啊虎”的帖子】
C:\Program Files\Common Files\System\Update.exe
C:\Program Files\Common Files\{6CF9DF18-0635-2052-0212-040123020056}\Update.exe
C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE
C:\Program Files\ipwins\ipwins.exe
C:\WINDOWS\system32\mstrandom.exe
断网。
关闭所有应用程序。

用HijackThis修复下列项目：
F3 - REG:win.ini: load=C:\WINDOWS\system\tpkIM32.exe

O2 - BHO: IEMonitor Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\Program Files\DeskAdTop\deskipn.dll

O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush.dll

O2 - BHO: ui Class - {4CEB0B7C-0729-412b-8627-0088FB4F6D9F} - C:\WINDOWS\system32\BHO04.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - G:\杂乱\tem\QQIEHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O2 - BHO: (no name) - {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\WINDOWS\system32\ssup.dll (file missing)
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\SCIntruder.dll (file missing)
O2 - BHO: Spoolsv Class - {9C363D55-07D7-433d-A13E-D9C105202F6F} - C:\WINDOWS\system32\drivers\spoolsv.dll
O2 - BHO: (no name) - {AF3876B1-7D5F-4F0F-BECA-A6324D125A48} - C:\WINDOWS\system32\ATIDEMGREDEM.dll
O2 - BHO: BrowserProxy4 - {BCF4D74B-E6BD-4C8F-83D7-90D6439705B9} - C:\WINDOWS\system32\AlxTbl.dll
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3CF9DF18-0635-2052-0212-040123020056}\888Bar.dll
O3 - IE工具栏增项: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3CF9DF18-0635-2052-0212-040123020056}\888Bar.dll


O4 - 启动项HKLM\\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - 启动项HKLM\\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - 启动项HKLM\\Run: [Desktop] C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll

O4 - 启动项HKLM\\Run: [System] C:\Program Files\Common Files\System\Update.exe
O4 - 启动项HKLM\\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe

O4 - HKCU\..\Run: [pit] C:\WINDOWS\SVCHOST.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - 浏览器额外的按钮: 酷标 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\coolsign\coolsign.dll
O9 - 浏览器额外的按钮: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - 浏览器额外的“工具”菜单项: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - 浏览器额外的按钮: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - 浏览器额外的“工具”菜单项: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll

O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - G:\杂乱\tem\QQIEHelper.dll
O11 - Options group: [CDNCLIENT] 中文上网
O11 - Options group: [TBH] 搜搜地址栏搜索
O16 - DPF: {A16FC0A3-CC2D-4CBC-8F84-D6341AE6EDDB} (SnInputControl Class) - http://jf.sdo.com/sndasec.cab
O21 - SSODL: NetWork - {FC055E7D-8144-4706-8586-2F1C49FCDD2A} - C:\WINDOWS\system32\cmspl.dll

重启。

显示隐藏文件。

删除下列文件以及上述加载项指向的文件：
C:\Program Files\Common Files\System\Update.exe
C:\Program Files\Common Files\{6CF9DF18-0635-2052-0212-040123020056}\Update.exe
C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE
C:\Program Files\ipwins\ipwins.exe
C:\WINDOWS\system32\mstrandom.exe

问一下HijackThis这个是什么  我不懂的哦

引用:

【寂寞男孩啊虎的贴子】问一下HijackThis这个是什么  我不懂的哦 ………………

你这个日志就是用HijackThis扫的