Logfile of HijackThis v1.99.1
Scan saved at 8:42:52, on 2006-3-11
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\rising\Rav\CCenter.exe
C:\Program Files\rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
d:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\rising\Rav\RavStub.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RunDll32.exe
D:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\rising\Rav\RavTask.exe
C:\Program Files\rising\Rav\Ravmon.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\10moons\TVMaster II\TTVMaster.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\gl\LOCALS~1\Temp\Rar$EX00.750\HijackThis.exe
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 202.85.22.10 bbs.100free.net
O1 - Hosts: 202.85.22.10 100free.net
O1 - Hosts: 202.85.22.10 www.100free.net
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32}
- C:\WINNT\system32\NaviHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} -
C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: ltmenu Class - {78C21EFD-53BA-406C-AF1A-33A38ABD3958} -
C:\Program Files\LtUcx\1002\c0.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
D:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: 博采 - {4DA2EE61-6399-4C39-AEB9-0D990E610D29} -
C:\WINNT\system32\BOCAIT~1.DLL (file missing)
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} -
C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} -
C:\WINNT\WORLD2\TOOLBAR\hmtoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} -
d:\Program Files\BitComet\BitCometBar\BitCometBar0.3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [rfw] C:\Program Files\rising\rfw\Rfw.EXE
O4 - HKLM\..\Run: [InCD] d:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\rising\Rfw\rfwmain.exe"
-Startup
O4 - HKLM\..\Run: [StormCodec_Helper] "D:\Program Files\Ringz
Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe"
-system
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program
Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: 使用FlashExplorer播放 - d:\Program
Files\FlashExplorer\IELink.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\Program
Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program
Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 反向链接 - res://C:\Program
Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: 导出当前页到超星阅览器(&A) - d:\Program
Files\SSREADER36\ss_all.htm
O8 - Extra context menu item: 导出选中部分到超星阅览器(&S) - d:\Program
Files\SSREADER36\ss_select.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program
Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program
Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program
Files\Tencent\qq\SendMMS.htm
O8 - Extra context menu item: 百度-搜索MP3 -
res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度-搜索图片 -
res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度-搜索新闻 -
res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度-搜索歌词 -
res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度-搜索网页 -
res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度-搜索贴吧 -
res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 百度-词典搜索 -
res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM
O8 - Extra context menu item: 类似网页 - res://C:\Program
Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: 缓存的网页快照 - res://C:\Program
Files\Google\googletoolbar.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: 浩方对战平台 -
{0A155D3C-68E2-4215-A47A-E800A446447A} - D:\Program
Files\浩方对战平台\GameClient.exe
O9 - Extra button: 豪杰超级解霸V8 -
{367E0A21-8601-4986-9C9A-153BF5ACA118} - d:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 -
{367E0A21-8601-4986-9C9A-153BF5ACA118} - d:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: 视频聊天 - {6924091F-CD97-41E1-B1D4-D9079409D413} -
http://www.liantang.net (file missing)
O9 - Extra 'Tools' menuitem: 视频聊天 -
{6924091F-CD97-41E1-B1D4-D9079409D413} - http://www.liantang.net (file
missing)
O9 - Extra button: 寻论网--中学作业解答 -
{6924091F-CD97-41E1-B1D4-D9079409D423} - http://www.xunlun.com (file
missing)
O9 - Extra 'Tools' menuitem: 中学作业 -
{6924091F-CD97-41E1-B1D4-D9079409D423} - http://www.xunlun.com (file
missing)
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
d:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite -
{B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program
Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} -
http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-195?cn=song;icon;hp&m
pro=http://www.ebay.com.cn (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 -
{DE60714F-AC17-427e-861A-FD60CBDF119A} -
http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-195?cn=song;icon;hp&m
pro=http://www.ebay.com.cn (file missing)
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) -
https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {448A5F6B-8C03-4B54-A338-F00237C508AD} (WEBChatRoomOCX
Control) - http://chat.51uc.com/cab/WEBChatRoom_1_38.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/w
uweb_site.cab?1124449314843
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
http://61.152.96.12:1995/talk.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
-
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client
/muweb_site.cab?1134721072109
O17 -
HKLM\System\CCS\Services\Tcpip\..\{2425983E-F887-469C-9A2C-F7A10DBFCC20
}: NameServer = 202.96.69.38 202.96.64.68
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software -
d:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising
Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing
Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) -
Beijing Rising Technology Co., Ltd. - C:\Program
Files\rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology
Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe
现在每当开网页的时候老是弹下面这个小窗口的广告(http://www.139love.com/union_mms/ring500X300.asp?unionid=2006彩信铃声),有时候是开第一个网页弹出来,有的是开第二个网页弹出来,另外隔几个新开的网页又会重新弹出。请版主和高手帮帮我!谢谢!!!
