HijackThis_zww汉化版扫描日志 V1.99.1
保存于 22:13:01, 日期 2005-10-27
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\SkyNet\FireWall\PFW.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\human\bdc2\bin\BDCClock.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Sony\桌面\HijackThis1991zww.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BrowserHAP Class - {AEF6F648-78D8-4456-BEE7-5ADE23D209FD} - C:\PROGRA~1\HBClient\hapast.dll
O2 - BHO: DownloadBHO T2BHO - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINDOWS\Downloaded Program Files\barhelp22.0.dll
O3 - IE工具栏增项: 天下搜索 - {56A7DC70-E102-4408-A34A-AE06FEF01586} - C:\WINDOWS\DOWNLO~1\IEBAR2~1.DLL
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - 启动项HKLM\\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - 启动项HKLM\\Run: [SKYNET Personal FireWall] C:\Program Files\SkyNet\FireWall\PFW.exe
O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [Cmpnt] C:\WINDOWS\system\netcompt.exe
O4 - 启动项HKLM\\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - 启动项HKLM\\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - 启动项HKLM\\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - 启动项HKLM\\Run: [usbn] C:\WINDOWS\system32\usbn.exe -go -c28 -w
O4 - 启动项HKLM\\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - 启动项HKLM\\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0
\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - 启动项HKLM\\Run: [RealTray] C:\Program Files\Media Player Classic\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - 启动项HKLM\\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
O4 - 启动项HKLM\\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - 启动项HKLM\\Run: [IdnMail] C:\WINDOWS\System32\IdnMail.exe
O4 - 启动项HKLM\\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - 启动项HKLM\\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - 启动项HKLM\\Run: [CApp] C:\WINDOWS\System32\capp.exe
O4 - 启动项HKLM\\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - 启动项HKLM\\Run: [BDCII] c:\human\bdc2\bin\BDCClock.exe /silent
O4 - 启动项HKLM\\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - 启动项HKLM\\Run: [hbpassport] C:\PROGRA~1\HBClient\hbast.exe
O4 - 启动项HKLM\\RunServices: [Shell] c:\windows\system\mainsv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IEXPLORE.EXE] IEXPLORE.EXE http://www.z263.net
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: 在洪恩全能词典中查找单词 - c:\human\bdc2\bin\opendict.htm
O8 - IE右键菜单中的新增项目: 添加单词到洪恩个人词库 - c:\human\bdc2\bin\saveword.htm
O9 - 浏览器额外的按钮: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - IE插件,支持文件类型.spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {11111111-1111-1111-1111-111191113457} -
file://c:\ied_s7.cab
O16 - DPF: {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - http://image2.sina.com.cn/home/ddtsource/ddt.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} -
file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} -
file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} -
file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} -
file://c:\ex.cab
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097287582042
O16 - DPF: {EF248BC9-F17D-4024-8868-71A5D22C667C} (Hbact.Hbact
Object) -
http://download.henbang.net/download/updatelist/hap111.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{77E53AA8-8C20-4A0E-AF97-90ABAC812F1C}: NameServer = 202.106.46.151 202.106.0.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE2A14EF-BC88-4FF1-BE8A-71E207F35EA8}: NameServer = 202.99.166.4,202.99.168.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3EB419A-3F1E-4CB5-98FF-AFE6BE8182F6}: NameServer = 10.245.131.253
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
O23 - NT 服务: iPod 服务 (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - NT 服务: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
