日志文件 Trend Micro HijackThis v 2.0.2 日志保存时间: 19:10:12,2009-2-18 操作系统: Windows XP SP2 (WinNT 5.01.2600) IE版本: Internet Explorer v6.00 SP2 (6.00.2900.2180) 启动模式: 正常 正在运行的进程: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Rising\Rav\CCENTER.EXE C:\Program Files\Rising\Rfw\CCENTER.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Rising\Rfw\rfwsrv.exe C:\Program Files\Rising\Rav\RavMonD.exe C:\Program Files\Rising\Rav\rsnetsvr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Rising\Rav\RsTray.exe C:\Program Files\Rising\AntiSpyware\rstray.exe C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Rising\RFW\RsTray.exe C:\Program Files\Rising\Rav\RavTask.exe C:\Program Files\Rising\Rav\rssafety.exe C:\Program Files\Rising\Rfw\RavTask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\nuhese\nudoes.exe D:\PPStream\ppsap.exe C:\Program Files\Rising\Rav\ScanFrm.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Tencent\TT\bin\TTraveler.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.047\HijackThis.exe O2 - BHO: QQCycloneHelper - {00000000-12C9-4305-82F9-43058F20E8D2} - C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll O2 - BHO: (未命名) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (没有文件) O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll O2 - BHO: 卡卡上网安全助手 - {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - C:\WINDOWS\system32\UrlFilter.dll O3 - IE 工具栏: 瑞星卡卡工具条(&R) - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll O4 - HKLM\..\Run: [switch] c:\windows\system32\壁纸自动换.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [RavTray] "C:\Program Files\Rising\Rav\RsTray.exe" -system O4 - HKLM\..\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [RFWTray] "C:\Program Files\Rising\RFW\RsTray.exe" -system O4 - HKLM\..\Run: [safety3] "C:\Program Files\Rising\Rav\rssafety.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PPS Accelerator] D:\PPStream\ppsap.exe O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Startup: QQ游戏启动加速程序.lnk = C:\Program Files\Tencent\QQGame\Accel.exe O8 - 扩展右键菜单项: &使用超级旋风下载 - C:\Program Files\Tencent\QQDownload\geturl.htm O8 - 扩展右键菜单项: &使用超级旋风下载全部链接 - C:\Program Files\Tencent\QQDownload\getAllurl.htm O8 - 扩展右键菜单项: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm O8 - 扩展右键菜单项: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm O8 - 扩展右键菜单项: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - 扩展右键菜单项: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O9 - 额外的按钮: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe O9 - 额外的“工具”菜单项目: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe O20 - AppInit_DLLs: kmon.dll,hpepdhfm.dll O21 - SSODL: 19E9D1F6 - {19E9D1F6-54EE-4CD2-90FA-C60B2D92940A} - C:\WINDOWS\system32\hpepdhfm.dll(文件不存在) O23 - NT 服务: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - NT 服务: Application Memory R/W Log (amrwl) - Unknown owner - C:\Program Files\Common Files\nuhese\cuvosel.exe O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - NT 服务: Rav Process Communication Center (RavCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCENTER.EXE O23 - NT 服务: Rising RavTask Manager (RavTask) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\RavTask.exe O23 - NT 服务: Rfw Process Communication Center (RfwCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rfw\CCENTER.EXE O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rfw\rfwsrv.exe O23 - NT 服务: Rising RfwTask Manager (RfwTask) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rfw\RavTask.exe O23 - NT 服务: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\RavMonD.exe O23 - NT 服务: Rising Scan Service (RsScanSrv) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\ScanFrm.exe -- 文件结束 - 5778 字节