Logfile of HijackThis v1.99.1
Scan saved at 9:43:59, on 2005-9-10
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\System32\llssrv.exe
E:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\tcpsvcs.exe
E:\WINNT\system32\stisvc.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\System32\mspmspsv.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\Dfssvc.exe
E:\WINNT\System32\dns.exe
E:\WINNT\System32\msdtc.exe
E:\WINNT\System32\locator.exe
E:\WINNT\Explorer.EXE
E:\WINNT\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\CursorXP\c\CursorXP.exe
E:\WINNT\system32\internat.exe
E:\WINNT\system32\taskmgr.exe
E:\PROGRA~1\SYMPAT~1\ACCESS~1\app\EnterNet.exe
C:\Program Files\Tencent\qq\QQ.exe
C:\Program Files\Tencent\qq\TIMPlatform.exe
C:\Program Files\Tencent\TT\TTraveler.exe
E:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
c:\program files\rising\rav\RAVMON.EXE
E:\WINNT\system32\regsvr32.exe
E:\WINNT\system32\regsvr32.exe
C:\PROGRA~1\Tencent\TT\TCPlus.exe
E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.825\HijackThis.exe
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - E:\WINNT\Downloaded Program Files\TBHMain.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] c:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [CursorXP] f:\CursorXP\c\CursorXP.exe
O4 - HKCU\..\Run: [BIND MEOW] E:\DOCUME~1\ADMINI~1\APPLIC~1\BOWSAN~1\32 win build.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\qq\QQ.exe
O4 - Global Startup: STARTER.lnk = E:\WINNT\system32\STARTER.EXE
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Quick Search (Yisou.com) - res://E:\WINNT\DOWNLO~1\CnsMinEx.dll/1003
O8 - Extra context menu item: 使用Kugoo下载 - C:\PROGRA~1\KUGOO2\KugooDownX.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINNT\web\related.htm
O11 - Options group: [!CNS] Chinese keywords
O11 - Options group: [TBH] QQ地址栏搜索
O12 - Plugin for .m3u: E:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca/homepage.html
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {04953C68-6EA4-11D7-9EB2-00104B9B5229} (Kincent QVideoCapture Class) - http://202.109.129.103:8901/qvideo.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtangent.com/webdrivers/webinstall/shockwave/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} (V2 Control) - http://202.96.140.88/vchat/v27.cab
O16 - DPF: {359F7E49-1EA0-4671-92E9-61E32FE25C5E} - http://69.0.137.190/version3/Netster.dll
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29565de2d27f84e1ee22/netzip/RdxIE601.cab
O16 - DPF: {6349DFE5-7947-4704-A0AB-AD13DDEC40A8} (NameObj Class) - http://159.226.6.188/cnc/name.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://61.129.90.93:1995/talk.cab
O16 - DPF: {8CC55BB0-E742-4206-8DC9-EEF6A690B73E} (Kincent Q.Audio Control Class) - http://demo1.m4u.cn:6666/qaudio.cab
O16 - DPF: {8DE5C094-A41B-45C8-8589-6302170CA7ED} (Kincent AppShare Class) - http://218.245.255.13:6000/qshare.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {99888952-AC62-437C-AFC6-7B5CF05A7F2F} (IEDown Class) - http://www.ourgame.com/srvcenter/download/IEDown.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {BA0F088C-72C1-475A-92F8-42391DEF6961} (BlueskyAudio Class) - http://202.96.140.88/vchat/blueskyvoice.dll
O16 - DPF: {BAA07C31-16C7-4E8B-BC40-5096ADA26C03} (VTPlug Class) - http://61.152.160.40:1995/VTrans.cab
O16 - DPF: {CF051549-EDE1-40F5-B440-BCD646CF2C25} (Ppinstall Control) - http://www.163.com/wwwimages/sms/ppinstall22.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {F0AA2376-F073-4E57-86E8-0238F99087C7} (AInst Class) - http://216.129.173.30/xxxnaughty/activeinstaller.dll
O16 - DPF: {F2ADA3F0-3C12-417B-9299-D052F9BDCB24} (Kincent Q.Audio Meeting Control Class) - http://202.109.129.103:8901/qaudiomeeting.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C771F77-A2C0-4552-A1B7-3776C15718C7}: NameServer = 127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C771F77-A2C0-4552-A1B7-3776C15718C7}: NameServer = 127.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C771F77-A2C0-4552-A1B7-3776C15718C7}: NameServer = 127.0.0.1
O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - E:\WINNT\system32\mbprot.dll
O18 - Protocol: mp3 - (no CLSID) - (no file)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - E:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - E:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe