日志文件 Trend Micro HijackThis v 2.0.2
日志保存时间: 9:39:58,2008-6-15
操作系统: Windows XP SP2 (WinNT 5.01.2600)
IE版本: Internet Explorer v6.00 SP2 (6.00.2900.2180)
启动模式: 正常
正在运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\rising\rfw\rfwsrv.exe
c:\program files\rising\rfw\rfwproxy.exe
c:\program files\rising\rfw\rfwstub.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\8.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\RavMon.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ChinaNet\VnetClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\快车\FlashGet.exe
E:\hijackthis.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsf9.tmp\hijackthis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
F2 - REG:system.ini: Shell=Explorer.exe,22.exe,8.exe
O2 - BHO: (未命名) - {22596546-2036-9451-6058-658402589722} - C:\WINDOWS\system32\opshbbty.dll(文件不存在)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\快车\jccatch.dll
O2 - BHO: nhmxcjkl.dll - {37AC9076-C898-B098-D098-A18319080973} - C:\WINDOWS\system32\nhmxcjkl.dll(文件不存在)
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: ptjhehlp.dll - {528DF602-9541-A985-210A-984A698C6F25} - C:\WINDOWS\system32\ptjhehlp.dll(文件不存在)
O2 - BHO: ozfyebyt.dll - {5A069845-2036-6084-9054-6087502480A5} - C:\WINDOWS\system32\ozfyebyt.dll(文件不存在)
O2 - BHO: oohxdbyt.dll - {5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5} - C:\WINDOWS\system32\oohxdbyt.dll(文件不存在)
O2 - BHO: apsgejba.dll - {5FD45A54-9875-698F-E56E-65102358FDF5} - C:\WINDOWS\system32\apsgejba.dll(文件不存在)
O2 - BHO: zxmscwin.dll - {6A041F13-A111-12A3-B0CF-F99818AA68A6} - C:\WINDOWS\system32\zxmscwin.dll(文件不存在)
O2 - BHO: ypdjfbmp.dll - {81954FAC-1023-154F-895A-1458258AD818} - C:\WINDOWS\system32\ypdjfbmp.dll(文件不存在)
O2 - BHO: yzztimsn.dll - {9490415F-65F8-B5C5-D8BA-9405FB120549} - C:\WINDOWS\system32\yzztimsn.dll(文件不存在)
O3 - IE 工具栏: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll(文件不存在)
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - 扩展右键菜单项: &使用快车(FlashGet)下载 - E:\快车\jc_link.htm
O8 - 扩展右键菜单项: &使用快车(FlashGet)下载全部链接 - E:\快车\jc_all.htm
O8 - 扩展右键菜单项: 导出到 Microsoft Office Excel(&X) - res://E:\office\OFFICE11\EXCEL.EXE/3000
O8 - 扩展右键菜单项: 添加到QQ表情 - E:\QQ\AddEmotion.htm
O9 - 额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\office\OFFICE11\REFIEBAR.DLL
O9 - 额外的“工具”菜单项目: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\office\OFFICE11\REFIEBAR.DLL
O9 - 额外的按钮: 快车 - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\快车\FlashGet.exe
O9 - 额外的“工具”菜单项目: 快车 - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\快车\FlashGet.exe
O9 - 额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 额外的“工具”菜单项目: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tomatolei.com
O15 - Trusted Zone: easyabc.95599.cn
O15 - Trusted Zone:
www.95599.cnO16 - DPF: {3072B1F1-0C4D-4E76-A7C6-FBAF129DBCC9} (Share Control) -
http://www.bluesky.cn/download/share.cabO16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) -
https://img.alipay.com/download/1101/aliedit.cabO16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) -
https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cabO16 - DPF: {BF8C499A-AC6E-4F58-82EA-9E5FCC41C34B} (PicUploadCtrl Class) -
http://tb.sogou.com/PicUpload.cab?ppO17 - HKLM\System\CCS\Services\Tcpip\..\{84E4B51F-C1BA-4833-9112-CA0777E8D7D5}: NameServer = 61.177.7.1 221.228.255.1
O21 - SSODL: midimapmy - {4F4F0064-71E0-4f0d-0015-708476C7815F} - C:\WINDOWS\system32\midimapmy.dll(文件不存在)
O21 - SSODL: midimapcb - {4F4F0064-71E0-4f0d-0006-708476C7815F} - C:\WINDOWS\system32\midimapcb.dll(文件不存在)
O21 - SSODL: midimapzx - {4F4F0064-71E0-4f0d-0005-708476C7815F} - C:\WINDOWS\system32\midimapzx.dll(文件不存在)
O21 - SSODL: midimaptl - {4F4F0064-71E0-4f0d-0017-708476C7815F} - C:\WINDOWS\system32\midimaptl.dll(文件不存在)
O21 - SSODL: midimapwl - {4F4F0064-71E0-4f0d-0004-708476C7815F} - C:\WINDOWS\system32\midimapwl.dll(文件不存在)
O21 - SSODL: midimapjr - {4F4F0064-71E0-4f0d-0012-708476C7815F} - C:\WINDOWS\system32\midimapjr.dll(文件不存在)
O23 - NT 服务: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: Rising RealTime Monitor (RsRavMon) - Unknown owner - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
--
文件结束 - 6146 字节
用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
