HijackThis@Qoo的扫描日志 V1.97.7
Scan saved at 6:44:05, on 2009-1-15
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Rising\Rav\CCENTER.EXE
d:\Program Files\Rising\Rfw\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Rising\Rfw\rfwsrv.exe
d:\Program Files\Rising\Rav\RavMonD.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hhukcert.exe
C:\WINDOWS\system32\BHDCRegC.exe
D:\Program Files\Rising\Rav\RsTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Rising\Rfw\RsTray.exe
C:\Program Files\360\360safebox\safeboxTray.exe
C:\Program Files\360\360Safe\safemon\360tray.exe
C:\WINDOWS\system32\ctfmon.exe
d:\Program Files\Rising\Rav\rsnetsvr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Nuqx\免疫墙路由器上网驱动\CWall.exe
C:\WINDOWS\system32\nhsrvice.exe
C:\Program Files\95599 Certificate Tools\CIDC\HD_CertService.exe
C:\Program Files\95599 Certificate Tools\CIDC\RegCertTool.exe
d:\Program Files\Rising\Rav\RavTask.exe
d:\Program Files\Rising\Rfw\RavTask.exe
d:\Program Files\Rising\Rav\ScanFrm.exe
D:\Program Files\cgtech603\windows\license\lservnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Rising\Rav\RsMain.exe
D:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\WINDOWS\system32\cidaemon.exe
d:\Program Files\ZDSoft.net\EISV\main.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\yuanzhi\LOCALS~1\Temp\Rar$EX00.360\HijackThis.exe
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - d:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO:
O2 - BHO:
O2 - BHO: (no name) - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - d:\Program Files\justDo\FlashSaver\Jd2002.dll
O2 - BHO: (no name) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360\360Safe\safemon\safemon.dll
O3 - Toolbar: ????? - {DBAC56F9-1623-425F-BC03-EB2602F423A0} - D:\Program Files\
O4 - HKLM\..\Run: [hhukcert] C:\WINDOWS\system32\hhukcert.exe
O4 - HKLM\..\Run: [BHDCRegC] C:\WINDOWS\system32\BHDCRegC.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pdfFactory Pro 分配器 v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [RavTray] "d:\Program Files\Rising\Rav\RsTray.exe" -system
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RFWTray] "d:\Program Files\Rising\Rfw\RsTray.exe" -system
O4 - HKLM\..\Run: [360Safebox] "C:\Program Files\360\360safebox\safeboxTray.exe" /r
O4 - HKLM\..\Run: [360Safetray] C:\Program Files\360\360Safe\safemon\360tray.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: vericut.log
O4 - Startup: cgtech_60_user.prefs
O4 - Startup: polyfix.log
O8 - Extra context menu item: 使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - d:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 网童,取图片、FLASH...(&Q) - d:\Program Files\webportero\HTML\saveimg.htm
O8 - Extra context menu item: 网童,取所选内容(&Z) - d:\Program Files\webportero\HTML\save.htm
O8 - Extra context menu item: 网童,取网页正文(&Z) - d:\Program Files\webportero\HTML\save.htm
O8 - Extra context menu item: 网童,另存为Word文件(&W) - d:\Program Files\webportero\HTML\savew.htm
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: easyabc.95599.cn
O15 - Trusted Zone:
www.95599.cnO15 - Trusted Zone:
www.abchina.comO15 - Trusted Zone:
http://www.icbc.com.cnO16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) -
https://www.sz1.cmbchina.com/download/CMBEdit.cabO16 - DPF: {0EB487C8-E9AC-43A6-8C4C-083999B0622F} (InfosecCertInstall Class) -
https://mybank.icbc.com.cn/icbc/newperbank/certInStall.dllO16 - DPF: {339C1EE2-1029-46B8-81F1-360217F26FC4} (PowerCreator VGAPlayer Control) -
http://58.251.57.146:8000/booksfile/gct/w20080810/w20080810-2/VGAPlayer.cabO16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) -
https://img.alipay.com/download/2121/aliedit.cabO16 - DPF: {5AB9367B-DD7F-411D-A030-DF7DE5E17AAE} (ICBC Security Ctrl) -
http://securitycheck.icbc.com.cn/download/NetBankSecurity_cn.cabO16 - DPF: {5CB840B5-A94E-4AD9-B785-4866E3B04476} (InfoSecNetSign Class) -
https://b2c.icbc.com.cn/icbc/ICBCNetSignG.dllO16 - DPF: {62B938C4-4190-4F37-8CF0-A92B0A91CC77} (InfoSecNetSign Class) -
https://www.95599.cn/perbank/netBank/zh_CN/InfoSec/NetSign.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209657148781O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) -
https://b2c.icbc.com.cn/icbc/newperbank/AXSafeControls.cabO16 - DPF: {77709A87-71F9-41AE-904F-886976F99E3E} (WebObject Class) -
http://oa3.jmqx.com/module/websign/websign.dllO16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) -
https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cabO16 - DPF: {B219E31C-E110-4638-AF01-7BDD5ACA552C} (ICBCQPKCom_HH Class) -
https://b2c.icbc.com.cn/icbc/ICBCQPK_HH.cabO16 - DPF: {BAEA0695-03A4-43BB-8495-C7025E1A8F42} (QQCertCtrl Class) -
https://www.tenpay.com/download/qqedit.cabO16 - DPF: {C9BC4DFF-4248-4A3C-8A49-63A7D317F404} (NTKO OFFICE
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {E4BFF825-2E50-4BCC-8497-6EFDFB6C9B3D} -
https://mybank.icbc.com.cn/icbc/perbank/USBKEY.cab用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)