Logfile of HijackThis v1.99.1
Scan saved at 下午 15:12:45, on 2006-7-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Rising\Rav\CCenter.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Rising\Rav\Ravmond.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Rising\Rav\RavStub.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Rising\Rav\RavTask.exe
E:\Program Files\Rising\Rav\Ravmon.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\system32\conime.exe
E:\Program Files\rising\rfw\rfwmain.exe
e:\program files\rising\rfw\rfwsrv.exe
E:\Program Files\VnetClient1.6\VnetClient.exe
E:\Program Files\Tencent\QQ\QQ.exe
E:\Program Files\Tencent\QQ\TIMPlatform.exe
E:\Program Files\Tencent\TT\TTraveler.exe
E:\Documents and Settings\R\桌面\ha_hijackthis_1991\HijackThis.exe
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,E:\WINDOWS\system32\inituser.exe,E:\WINDOWS\system32\netsend.exe
O2 - BHO: (no name) - {00014B58-338A-45F2-81E2-6A86F27399B7} - E:\PROGRA~1\INTERN~1\PLUGINS\BOBOHE~1.DLL
O2 - BHO: internet explorer helper - {02C9B9AB-6372-46C5-B356-773FAF3B6B1E} - E:\WINDOWS\fonts\msshapi.dll
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - E:\PROGRA~1\DESKAD~1\deskipn.dll (file missing)
O2 - BHO: (no name) - {45A26E38-F931-4C6F-8106-FBB8534FB0AF} - E:\WINDOWS\ODBINT.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: IEYHlprObj Class - {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} - E:\WINDOWS\IEYHelper.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - E:\PROGRA~1\MMSASS~1\mmsass~1.dll
O2 - BHO: BHOImp Class - {70AFF2CB-9DA2-499C-8D15-900729FCE83D} - E:\WINDOWS\system32\YHBO.dll
O2 - BHO: MSHlper Class - {721E6521-4CAD-4A8D-A7F1-4E230B31EF19} - E:\WINDOWS\system32\MSHLP.DLL
O2 - BHO: CpapView Class - {77962960-536E-47EC-9DDB-52651519705F} - E:\WINDOWS\system32\rundll32.dll
O2 - BHO: IEHlprObj Class - {999ADFA2-8AD1-47ff-97FC-69FB847458F4} - C:\Progra~1\NetMeeting\nmview.dll
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - E:\WINDOWS\system32\WinSC.dll
O2 - BHO: estAliveObj Class - {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} - E:\WINDOWS\estAlive.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: IEHlprObj Class - {BA623AA0-9A82-4d0c-944C-0228CEA17780} - C:\Progra~1\Messenger\msgsf.dll
O2 - BHO: iehelper - {C1DE9E98-839F-4055-AEDF-781852C25895} - E:\WINDOWS\system32\aperferer.dll
O2 - BHO: IEHlprObj Class - {F5B3ECED-9BF3-4f7e-882B-A6E75343C499} - C:\Progra~1\NetMeeting\netinit.dll
O2 - BHO: google bar - {FAD11F89-F11E-4A15-92FB-6F0EDC4C8D59} - E:\WINDOWS\vwwreg.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RavTask] "E:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: >>彩信发送<< - res://E:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm
O8 - Extra context menu item: Google 搜索(&G) - res://e:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - E:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: 反向链接 - res://e:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 类似网页 - res://e:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: 缓存的网页快照 - res://e:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - E:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - E:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra button: 比较购物搜索 - {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - E:\WINDOWS\YayaBands.dll
O9 - Extra 'Tools' menuitem: The AskYaya VerticalBar - {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - E:\WINDOWS\YayaBands.dll
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: 时尚精品,体验快感 - {6E5EECAF-8879-4a75-8A88-B44B6382A763} - http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-334?cn=chaoyue;rgbutton_120x60;hp&mpro=http://www.ebay.com.cn (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: 易趣时尚购物 - {6E5EECAF-8879-4a75-8A88-B44B6382A763} - http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-334?cn=chaoyue;rgbutton_120x60;hp&mpro=http://www.ebay.com.cn (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: e:\windows\system32\msplus.dll
O10 - Unknown file in Winsock LSP: e:\windows\xboxcenter.dll
O10 - Unknown file in Winsock LSP: e:\windows\xboxcenter.dll
O10 - Unknown file in Winsock LSP: e:\windows\xboxcenter.dll
O10 - Unknown file in Winsock LSP: e:\windows\xboxcenter.dll
O10 - Unknown file in Winsock LSP: e:\windows\xboxcenter.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\msplus.dll
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C578274A-EE52-461A-93D6-FF85039F9A11}: NameServer = 202.96.128.86 202.96.128.166
O21 - SSODL: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - (no file)
O23 - Service: Alerter - Realtek Semiconductor Corp. - (no file)
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - e:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - e:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - E:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: WinkldUP - Conexant - (no file)
