Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:54, on 2008-7-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rfw\rfwsrv.exe
C:\Program Files\Rising\Rfw\rfwProxy.exe
C:\Program Files\Rising\Rfw\rfwstub.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rfw\RfwMain.exe
d:\Program Files\StormII\stormliv.exe
C:\Program Files\95599 Certificate Tools\CIDC\HD_CertService.exe
C:\Program Files\95599 Certificate Tools\CIDC\RegCertTool.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRAM FILES\RISING\RAV\ravmond.exe
C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\Program Files\sina\UT Game\UTGame.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\多特装机必备软件\Tencent\QQ\TIMPlatform.exe
C:\new_zxzq\TdxW.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Administrator\桌面\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O4 - HKLM\..\Run: [runeip] ; "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BigDogPath] ; C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet Network\Flashget\FlashGet.exe" /min
O4 - HKLM\..\Run: [UUSEE] "C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe"
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bgswitch] ; C:\WINDOWS\system32\bgswitch.exe
O4 - HKCU\..\Run: [POCOMAKER] "C:\Program Files\PocoMaker\poco_tools.exe" -p POCOMAKER
O4 - HKCU\..\Run: [PICer] "C:\Program Files\PICer\update.exe" -p PICer
O4 - HKCU\..\Run: [POCO] "C:\Program Files\Poco2007\poco_tools.exe" -p POCO
O4 - HKCU\..\Run: [PictureShow] "C:\Program Files\PictureShow\poco_tools.exe" -p PictureShow
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: QQ游戏启动加速程序.lnk = C:\Program Files\Tencent\QQGAME\Accel.exe
O4 - Global Startup: 新浪UC.lnk = C:\Program Files\sina\UC\uc.exe
O4 - Global Startup: 新浪UT Game.lnk = C:\Program Files\sina\UT Game\UTGame.exe
O8 - Extra context menu item: &使用快车(FlashGet)下载 - C:\Program Files\FlashGet Network\Flashget\ComDlls\Bholink.htm
O8 - Extra context menu item: &使用快车(FlashGet)下载全部链接 - C:\Program Files\FlashGet Network\Flashget\ComDlls\Bhoall.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\多特装机必备软件\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\多特装机必备软件\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 知识库 - {06926B30-424E-4f1c-8EE3-543CD96573DC} -
http://blank.la/?h (file missing)
O15 - Trusted Zone: easyabc.95599.cn
O15 - Trusted Zone:
www.95599.cnO15 - Trusted Zone:
www.abchina.comO23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - d:\Program Files\StormII\stormliv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HD_CertService - Unknown owner - C:\Program Files\95599 Certificate Tools\CIDC\HD_CertService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rfw\rfwProxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Remote Procedure Call Locator (RpcUsnsvc) - Unknown owner - C:\WINDOWS\usnsvc.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
--
End of file - 5569 bytes
用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
