HijackThis_zww汉化版扫描日志 V1.99.1 保存于 23:05:05, 日期 2013-12-17 操作系统: Windows XP SP3 (WinNT 5.01.2600) 浏览器: Internet Explorer v8.00 (8.00.6001.18702) 当前运行的进程: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\Program Files\Rising\RSD\RsMgrSvc.exe d:\Program Files\Rising\RAV\RavMonD.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\windows\system32\LEXBCES.EXE C:\windows\system32\LEXPPS.EXE C:\windows\system32\spoolsv.exe C:\windows\Explorer.EXE C:\WINDOWS\system32\dllhost.exe C:\windows\System32\svchost.exe C:\windows\system32\rundll32.exe C:\windows\System32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\windows\system32\WatchData\Watchdata CCB OCL CSP v3.2\WDKeyMonitorCCB.exe C:\windows\SOUNDMAN.EXE D:\Program Files\Rising\RFW\Rfw\RSTRAY.EXE D:\Program Files\Rising\RAV\RSTRAY.EXE C:\Program Files\CCBComponents\DMWZ\CCBCertificate.exe C:\Program Files\CCBComponents\HDZB\USBKeyTools.exe C:\windows\system32\WatchData\Watchdata CCB OCL CSP v3.2\WDCertM_CCB.exe C:\windows\system32\ctfmon.exe C:\windows\system32\wuauclt.exe C:\Program Files\Rising\RSD\popwndexe.exe D:\Program Files\Rising\RFW\Rfw\ravmond.exe D:\abc\LOSTFILE\an chuan gon ji\HijackThis1991zw.exe\HijackThis1991zww.exe O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - d:\Program Files\Thunder Network\Thunder\ComDlls\TDMediaDetector5.9.28.1564.dll O2 - BHO: XLLiteView BrowserHelper Object - {2D90D33C-DE76-42D0-9040-E4466DDC24AC} - d:\Program Files\Thunder Network\Thunder\Program\EmbedDetectNow.dll O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE O4 - 启动项HKLM\\Run: [RFWTRAY] "D:\Program Files\Rising\RFW\Rfw\RSTRAY.EXE" -system O4 - 启动项HKLM\\Run: [RavTRAY] "d:\Program Files\Rising\RAV\RSTRAY.EXE" -system O4 - 启动项HKLM\\Run: [CCBCertificate] C:\Program Files\CCBComponents\DMWZ\CCBCertificate.exe O4 - 启动项HKLM\\Run: [USBKeyTools.exe] C:\Program Files\CCBComponents\HDZB\USBKeyTools.exe O4 - 启动项HKLM\\Run: [wdcertm_ccb] C:\windows\system32\WatchData\Watchdata CCB OCL CSP v3.2\WDCertM_CCB.exe O4 - 启动项HKLM\\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O8 - IE右键菜单中的新增项目: 使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm O8 - IE右键菜单中的新增项目: 使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm O8 - IE右键菜单中的新增项目: 使用迅雷查看图片 - d:\Program Files\Thunder Network\Thunder\Program\repairimage.htm O9 - 浏览器额外的按钮: 查看网页全部图片 - {548BF84E-9665-47f9-B635-7380F8943E90} - d:\Program Files\Thunder Network\Thunder\Program\repairimage.htm O9 - 浏览器额外的“工具”菜单项: 查看网页全部图片 - {548BF84E-9665-47f9-B635-7380F8943E90} - d:\Program Files\Thunder Network\Thunder\Program\repairimage.htm O11 - Options group: [INTERNATIONAL] International O16 - DPF: {01D4C318-44D5-4AB8-894F-5F95341E4459} - https://pbank.psbc.com/pweb/ocx/psbc/PowerEnterPSBC.CAB O16 - DPF: {1DABF8D5-8430-4985-9B7F-A30E53D709B3} (InstallHelper Class) - http://dl_dir.qq.com/qqtv/MMInstaller.cab O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) - https://img.alipay.com/download/2121/aliedit.cab O16 - DPF: {62B938C4-4190-4F37-8CF0-A92B0A91CC77} - https://mybank.icbc.com.cn/icbc/NetSign.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1309670455859 O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://b2c.icbc.com.cn/icbc/newperbank/AxSafeControls.cab O16 - DPF: {7978461C-CC22-48F2-BC69-02220D3E101D} (CertEnroll Class) - https://img.alipay.com/download/itrusenroll.cab O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/newperbank/AxSafeControls.cab O16 - DPF: {93E730CA-32AA-4C56-B5FB-65932E954CFE} (IEKeyControl Class) - https://mybank.icbc.com.cn/icbc/newperbank/ICBC_IE_FULL_SCREEN.CAB O16 - DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} - https://mybank.icbc.com.cn/icbc/ICBC_NetSign.dll O16 - DPF: {C7EC0B9B-074B-40FE-BF29-B135FB4F57D7} - https://mybank.icbc.com.cn/icbc/icbc_gemplus2006dv.dll O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (QQPasswordCtrl Class) - https://www.tenpay.com/download/qqcert.cab O20 - Winlogon Notify: RsAutorunsDisabled - C:\windows\ O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll O23 - NT 服务: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - NT 服务: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\windows\system32\bgsvcgen.exe O23 - NT 服务: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\windows\system32\LEXBCES.EXE O23 - NT 服务: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - NT 服务: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - NT 服务: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - NT 服务: Rsd Service (RsMgrSvc) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\RSD\RsMgrSvc.exe O23 - NT 服务: Rav Service (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - d:\Program Files\Rising\RAV\RavMonD.exe O23 - NT 服务: RFW Service (RsRFWMon) - Beijing Rising Information Technology Co., Ltd. - D:\Program Files\Rising\RFW\Rfw\ravmond.exe O23 - NT 服务: Shadow System Service (ShadowSystemService) - Unknown owner - C:\WINDOWS\system32\shadow\ShadowService.exe O23 - NT 服务: WatchData ccb V3.2 (WDMonitorCCB) - Beijing WatchData System Co., Ltd. - C:\windows\system32\WatchData\Watchdata CCB OCL CSP v3.2\WDKeyMonitorCCB.exe