HijackThis_zww汉化版扫描日志 V1.99.1
保存于 18:37:53, 日期 2006-4-27
操作系统: Windows 2000 SP4 (WinNT 5.00.2195)
浏览器: Internet Explorer v6.00 SP1 (6.00.2800.1106)
当前运行的进程:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
G:\程序\Rising\Rav\CCenter.exe
G:\程序\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\zsxz\UrlService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\zsxz\IEUrldrive.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
G:\程序\Rising\Rav\RavStub.exe
C:\WINNT\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\BCUP.exe
G:\程序\Rising\Rav\RavTask.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
G:\程序\Rising\Rav\Ravmon.exe
C:\WINNT\system32\Rundll32.exe
C:\WINNT\system32\conime.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\regedit.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\SXY~1.SHE\LOCALS~1\Temp\Rar$EX00.516\HijackThis1991zww.exe
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINNT\system32\wmpdrm.dll
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINNT\system32\CdnIEHlp.dll
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINNT\SYSTEM32\stdup.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Program Files\BaiDu\bar\BaiduBar.dll
O3 - IE工具栏增项: 博采 - {4DA2EE61-6399-4C39-AEB9-0D990E610D29} - C:\WINNT\system32\BOCAIT~1.DLL
O3 - IE工具栏增项: (no name) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - (no file)
O3 - IE工具栏增项: 新浪ViVi收藏夹 - {15DDE989-CD45-4561-BF99-D22C0D5C2B85} - C:\WINNT\Downlo~1\vivimin.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE工具栏增项: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files\BaiDu\bar\BaiduBar.dll
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - 启动项HKLM\\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - 启动项HKLM\\Run: [hschat] C:\WINNT\system32\SysH_OA0302\GQQ.exe 1
O4 - 启动项HKLM\\Run: [Super Rabbit SRRestore] C:\PROGRA~1\SUPERR~1\IEPro\SRRest.exe /FIRST
O4 - 启动项HKLM\\Run: [NMGameX_AutoRun] C:\WINNT\system32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - 启动项HKLM\\Run: [Timplatform] C:\Documents and Settings\sxy\Timplatform.exe
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [BCUpdate] C:\WINNT\system32\BCUP.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [RavTask] "G:\程序\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [AddrPlus3] C:\PROGRA~1\TENCENT\Adplus\stup.exe C:\PROGRA~1\TENCENT\Adplus\Adplus1.dll Rundll32
O4 - 启动项HKLM\\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run: [CnsMin] Rundll32.exe C:\WINNT\downlo~1\CnsMin.dll,Rundll32
O4 - 启动项HKLM\\Run: [spoolsv] C:\WINNT\system32\spoolsv\spoolsv.exe -printer
O4 - HKCU\..\Run: [Super Rabbit SRRestore] C:\PROGRA~1\SUPERR~1\IEPro\SRRest.exe /autosave
O4 - Startup: 播霸网络电视.lnk = C:\Program Files\pcast\PodcastbarMini\PodcastBarMiniStarter.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: 腾讯通.lnk = C:\Program Files\Tencent\RTX\rtxc.exe
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq1\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq1\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\qq1\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq1\SendMMS.htm
O9 - 浏览器额外的按钮: 中文域名 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINNT\system32\CdnIEHlp.dll
O9 - 浏览器额外的“工具”菜单项: 中文域名 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINNT\system32\CdnIEHlp.dll
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O11 - Options group: [!CNS] 网络实名
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://10.188.122.200/officescan/ClientInstall/WinNTChk.cab
O16 - DPF: {2F940E6E-543C-4D20-9470-09E60ADE3CE5} (RJeGov.RJWord) - http://10.188.122.200:88/domcfg.nsf/cabs/$file/RJeGov.CAB
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://10.188.122.200/officescan/clientinstall/RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134382013468
O16 - DPF: {724A8FDB-C2FF-4314-92B5-26A67AAE2C06} (ActiveFormX Control) - http://10.188.240.207/GCaSecurity.ocx
O16 - DPF: {A041EA73-1508-4D79-A9FF-19B8DCFD87CD} (RJeFlow.MainControl) - http://10.188.122.200:88/domcfg.nsf/cabs/$file/rjeflow.CAB
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab
O16 - DPF: {E292EFB0-EE32-11D1-8C74-0000C0B0E2E9} (RptViewerAX Class) - http://10.188.242.251/wi/ActiveX/RptViewerEN.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan
Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O16 - DPF: {EA63C0F6-57F8-45AE-998F-6217DAC93078} (AXHsEip1 Control) - http://10.188.240.207:8080/ocx/HsEip.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{05C9FD4F-C493-4DA0-B772-FD483D6CA7AA}: NameServer = 10.188.122.226
O17 - HKLM\System\CS2\Services\Tcpip\..\{05C9FD4F-C493-4DA0-B772-FD483D6CA7AA}: NameServer = 10.188.122.226
O17 - HKLM\System\CS3\Services\Tcpip\..\{05C9FD4F-C493-4DA0-B772-FD483D6CA7AA}: NameServer = 10.188.122.226
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Download Service - Unknown owner - C:\WINNT\system32\SeedServ.exe
O23 - NT 服务: Event Client - Unknown owner - C:\Program Files\zsxz\UrlService.exe
O23 - NT 服务: RemoteLuo (Remote Procedure Call RPC Luo) - Unknown owner - C:\WINNT\locaitor.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - G:\程序\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - G:\程序\Rising\Rav\Ravmond.exe
O23 - NT 服务: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
