Logfile of HijackThis v1.99.1
Scan saved at 10:14:58, on 2006-9-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
D:\软件\完美卸载V2006\PnpWMmng.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system\realsched.exe
C:\Program Files\Rising\Rfw\rfwmain.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\软件\TouchNet\TouchNet\TouchNet.exe
D:\软件\hijackthis\HijackThis.exe
O2 - BHO: (no name) - {3A134B8D-CA84-42A9-BF88-CE45F8C395BF} - C:\WINDOWS\system32\IEOPENGL.DLL
O2 - BHO: BHOImp Class - {70AFF2CB-9DA2-499C-8D15-900729FCE83D} - C:\WINDOWS\system32\YHBO.dll
O2 - BHO: Yahoo Bar - {A697BC46-BC93-4833-93F5-1E365011E88A} - C:\WINDOWS\ODBINT.dll
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSService_v1.0] C:\WINDOWS\system\realsched.exe
O4 - HKLM\..\Run: [RfwMain] C:\Program Files\Rising\Rfw\rfwmain.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnnt] C:\WINDOWS\winampa.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\软件\QQb3fianl\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\软件\QQb3fianl\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\软件\QQb3fianl\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\软件\QQb3fianl\QQ\SendMMS.htm
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\软件\QQ06\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\软件\QQ06\QQ.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\espi11.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espi11.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{65B2CD3F-9564-4061-827E-587E9553DB09}: NameServer = 61.147.37.1 61.177.7.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PnpWMmng - Unknown owner - D:\软件\完美卸载V2006\PnpWMmng.exe (file missing)
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Management NetWork Service Extensions - Unknown
高手帮给看看~~~
