附上日志HijackThis_zww汉化版扫描日志 V1.99.1
保存于 21:51:18, 日期 2008-3-25
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\rising\rfw\rfwsrv.exe
c:\program files\rising\rfw\rfwproxy.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\rfwstub.exe
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\StormII\stormliv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\VM303_STI.EXE
F:\软件\卡卡\runiep.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Admin\LOCALS~1\Temp\~nsu.tmp\Au_.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\nskE.tmp\nsF.tmp
C:\WINDOWS\system32\conime.exe
F:\软件\QQ1\QQ.exe
F:\软件\QQ1\TXPlatform.exe
F:\万能五笔\wnwb\wnwb.exe
C:\Program Files\Rising\Rav\CopyRun\RavCopy.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\PROGRAM FILES\RISING\RAV\Update\Setup.exe
E:\杀毒工具\日志扫描\SREng\SREngPS.EXE
E:\杀毒工具\HijackThis1991zww.exe
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - F:\软件\迅雷\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - F:\软件\迅雷\ComDlls\xunleiBHO_Now.dll
O2 - BHO: (no name) - {9A568672-D437-469E-86C2-F6E4A1156071} - C:\WINDOWS\system32\hnpacsvinshsz.dll (file missing)
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - 启动项HKLM\\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - 启动项HKLM\\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - 启动项HKLM\\Run: [runeip] "F:\软件\卡卡\runiep.exe" /startup
O4 - 启动项HKLM\\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - 启动项HKLM\\Run: [Adobe Reader Speed Launcher] "F:\软件\adobe\Reader\Reader_sl.exe"
O4 - 启动项HKLM\\RunServices: [SchedulingAgent] mstask.exe
O4 - 启动项HKLM\\RunOnce: [KKDelay] F:\软件\卡卡\RunOnce.exe
O4 - 启动项HKLM\\RunOnce: [Rav] "C:\Program Files\Rising\Rav\Update\Setup.exe" /UPDATE /S /ONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O8 - IE右键菜单中的新增项目: 使用迅雷下载 - F:\软件\迅雷\Program\geturl.htm
O8 - IE右键菜单中的新增项目: 使用迅雷下载全部链接 - F:\软件\迅雷\Program\getallurl.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - F:\软件\QQ1\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 添加到我的网易博客 - C:\WINDOWS\system32\NetEase.html
O9 - 浏览器额外的按钮: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - F:\软件\迅雷\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - F:\软件\迅雷\Thunder.exe
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的按钮: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn/?u=RSTB (file missing)
O9 - 浏览器额外的按钮: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com/?u=RSTB (file missing)
O16 - DPF: {1F831FA1-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) -
file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {52FF336D-A05D-4A14-A3A1-7B6B4B427F88} (UploadControl Control) - http://st.blog.163.com/bin/UploadControl.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday 控件) -
file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} (163Uploader Control) - http://photo.163.com/163Uploader.cab
O16 - DPF: {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} (Submit Class) - https://pbank.95559.com.cn/personbank/ocx/safe_bankcomm.cab
O16 - DPF: {AE563722-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) -
file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview 控件) -
file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O20 - AppInit_DLLs: ieprot.dll
O23 - NT 服务: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - C:\Program Files\StormII\stormliv.exe
O23 - NT 服务: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) -
