HijackThis_zww汉化版扫描日志 V1.99.1
保存于      13:34:58, 日期 2013-10-22
操作系统：  Windows XP SP3 (WinNT 5.01.2600)
浏览器：    Internet Explorer v8.00 (8.00.6001.18702)

当前运行的进程：          
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Rising\RSD\RsMgrSvc.exe
d:\Program Files\Rising\RAV\RavMonD.exe
D:\Program Files\Rising\RFW\Rfw\ravmond.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\LEXBCES.EXE
C:\windows\system32\LEXPPS.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\WINDOWS\system32\dllhost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\HZ_CommSrv.exe
C:\Program Files\iQIYI\QiyiService.exe
C:\WINDOWS\system32\dllhost.exe
C:\windows\system32\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe
C:\windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\截图绿色小工具.exe
D:\abc\LOSTFILE\an chuan gon ji\HijackThis1991zw.exe\HijackThis1991zww.exe

O2 - BHO: Ask Toolbar BHO - {434D472D-5636-006A-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\CMG-V6\Passport.dll" (file missing)
O2 - BHO: Ask Shopping Toolbar BHO - {434D4756-372D-5341-5400-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\CMGV7-SAT\Passport.dll" (file missing)
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Administrator\Application Data\FlashGetBHO\FlashGetBHO.dll
O3 - IE工具栏增项: Ask Toolbar - {434D472D-5636-006A-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\CMG-V6\Passport.dll" (file missing)
O3 - IE工具栏增项: Ask Shopping Toolbar - {434D4756-372D-5341-5400-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\CMGV7-SAT\Passport.dll" (file missing)
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [RFWTRAY] "D:\Program Files\Rising\RFW\Rfw\RSTRAY.EXE" -system
O4 - 启动项HKLM\\Run: [RavTRAY] "d:\Program Files\Rising\RAV\RSTRAY.EXE" -system
O4 - 启动项HKLM\\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - 启动项HKLM\\Run: [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [FlashGet 3] "d:\Program Files\FlashGet Network\FlashGet 3\flashget3.exe" -minimize
O4 - HKCU\..\Run: [QiyiClient] "C:\Program Files\iQIYI\QiyiClient.exe" autostart
O8 - IE右键菜单中的新增项目: 使用快车3下载 - d:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {01D4C318-44D5-4AB8-894F-5F95341E4459} - https://pbank.psbc.com/pweb/ocx/psbc/PowerEnterPSBC.CAB
O16 - DPF: {1DABF8D5-8430-4985-9B7F-A30E53D709B3} (InstallHelper Class) - http://dl_dir.qq.com/qqtv/MMInstaller.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) - https://img.alipay.com/download/2121/aliedit.cab
O16 - DPF: {62B938C4-4190-4F37-8CF0-A92B0A91CC77} - https://mybank.icbc.com.cn/icbc/NetSign.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1309670455859
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://b2c.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
O16 - DPF: {7978461C-CC22-48F2-BC69-02220D3E101D} (CertEnroll Class) - https://img.alipay.com/download/itrusenroll.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
O16 - DPF: {93E730CA-32AA-4C56-B5FB-65932E954CFE} (IEKeyControl Class) - https://mybank.icbc.com.cn/icbc/newperbank/ICBC_IE_FULL_SCREEN.CAB
O16 - DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} - https://mybank.icbc.com.cn/icbc/ICBC_NetSign.dll
O16 - DPF: {C7EC0B9B-074B-40FE-BF29-B135FB4F57D7} - https://mybank.icbc.com.cn/icbc/icbc_gemplus2006dv.dll
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (QQPasswordCtrl Class) - https://www.tenpay.com/download/qqcert.cab
O20 - Winlogon Notify: RsAutorunsDisabled - C:\windows\
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O23 - NT 服务: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - NT 服务: Alipay security service (AlipaySecSvc) - Alipay Inc.  - C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe
O23 - NT 服务: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - NT 服务: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\windows\system32\bgsvcgen.exe
O23 - NT 服务: HDZB Comm Service For V2.0 (HZ_CommSrv) - 华大智宝电子系统有限公司 - C:\windows\system32\HZ_CommSrv.exe
O23 - NT 服务: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\windows\system32\LEXBCES.EXE
O23 - NT 服务: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - NT 服务: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - NT 服务: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - NT 服务: IQIYI Video Platform Service (QiyiService) - BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD. - C:\Program Files\iQIYI\QiyiService.exe
O23 - NT 服务: Rsd Service (RsMgrSvc) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\RSD\RsMgrSvc.exe
O23 - NT 服务: Rav Service (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - d:\Program Files\Rising\RAV\RavMonD.exe
O23 - NT 服务: RFW Service (RsRFWMon) - Beijing Rising Information Technology Co., Ltd. - D:\Program Files\Rising\RFW\Rfw\ravmond.exe
O23 - NT 服务: Shadow System Service (ShadowSystemService) - Unknown owner - C:\WINDOWS\system32\shadow\ShadowService.exe
O23 - NT 服务: WatchData ccb V3.2 (WDMonitorCCB) -  Beijing WatchData System Co., Ltd. - C:\windows\system32\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe