HijackThis v1.99.1扫描日志Logfile of HijackThis v1.99.1
Scan saved at 13:53:19, on 2005-7-22
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
D:\RISING\RAV\Ravmond.exe
D:\RISING\RAV\RavStub.exe
d:\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
d:\北京通信\宽带E~1\app\pppoeservice.exe
D:\RISING\RAV\CCENTER.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\DRIVERS\WtSrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Rundll32.exe
d:\rising\rfw\RfwMain.exe
C:\WINNT\system32\devldr32.exe
C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
D:\RISING\RAV\RAVMON.EXE
D:\RISING\RAV\RAVTIMER.EXE
E:\网络提速工具\网络狂飙V3.5\NetSpeeder.exe
D:\Wom\WinMem.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Tencent\QQ\QQ.exe
D:\Tencent\QQ\TIMPlatform.exe
d:\Macromedia\Dreamweaver MX\Dreamweaver.exe
D:\Winamp\winamp.exe
D:\Winamp\plugins\ls.exe
D:\BitSpirit\BitSpirit.exe
C:\WINNT\system32\taskmgr.exe
C:\WINNT\system32\NOTEPAD.EXE
E:\HijackThis\HijackThis.exe
R3 - URLSearchHook: BDSrchHook Class - {2C5AA40E-8814-4EB6-876E-7EFB8B3F9662} - C:\WINNT\DOWNLO~1\BDSrHook.dll
O1 - Hosts: 219.147.192.98 www.cteac.com #1
O1 - Hosts: 222.47.93.12 bbs.yuzi.net #1
O1 - Hosts: 219.153.18.162 bbs.dvbbs.net #1
O1 - Hosts: 219.147.192.98 www.d1tea.com #1
O1 - Hosts: 219.147.192.98 www.d1cha.com #1
O1 - Hosts: 219.147.192.98 www.d1hu.com #1
O1 - Hosts: 210.51.170.68 www.d1tea.com.cn #1
O1 - Hosts: 210.51.170.68 www.d1cha.com.cn #1
O1 - Hosts: 218.5.76.204 www.caipp.com #1
O1 - Hosts: 219.147.192.98 cteac.com #1
O1 - Hosts: 219.147.192.98 d1tea.com #1
O1 - Hosts: 219.147.192.98 d1cha.com #1
O1 - Hosts: 219.147.192.98 d1hu.com #1
O1 - Hosts: 210.51.170.68 d1tea.com.cn #1
O1 - Hosts: 210.51.170.68 d1cha.com.cn #1
O1 - Hosts: 218.244.111.3 ctrip.21cn.com #0
O1 - Hosts: 222.36.44.105 www.i70s.com #0
O1 - Hosts: 219.129.20.101 www.9i0.com #0
O1 - Hosts: 222.47.183.30 www.ntqq.com #0
O1 - Hosts: 202.106.124.50 digital.it168.com #0
O1 - Hosts: 65.54.206.30 office.microsoft.com #0
O1 - Hosts: 218.30.103.84 www.midigirl.com #0
O1 - Hosts: 67.18.195.21 www.liquidmusicnetwork.com #0
O1 - Hosts: 207.46.198.30 www.microsoft.com #0
O1 - Hosts: 66.203.115.26 www.real.com #0
O1 - Hosts: 61.135.150.215 life.sohu.com #0
O1 - Hosts: 63.80.215.233 www.liquidaudio.com #0
O1 - Hosts: 204.251.15.165 www.cnxbb.com #0
O1 - Hosts: 218.66.104.56 www.26-3.com #0
O1 - Hosts: 218.66.104.56 www.7169.com #0
O1 - Hosts: 218.57.138.159 icp.21cnbj.com #0
O1 - Hosts: 61.135.150.181 club.money.business.sohu.com #0
O1 - Hosts: 61.135.134.114 house.focus.cn #0
O1 - Hosts: 61.135.134.226 bjmsg.focus.cn #0
O1 - Hosts: 61.139.126.18 www.csmarket.com #0
O1 - Hosts: 202.96.106.6 www.wz.zj.cn #0
O1 - Hosts: 218.108.247.232 forum.taobao.com #0
O1 - Hosts: 61.135.158.237 games.tom.com #0
O1 - Hosts: 61.151.239.163 www.myangelgarden.net #0
O1 - Hosts: 64.111.103.171 www.worldfax.net #0
O1 - Hosts: 61.135.153.178 astro.sina.com.cn #0
O1 - Hosts: 61.152.104.209 www.009bbs.com #0
O1 - Hosts: 61.152.90.65 www.168tom.com #0
O1 - Hosts: 61.49.22.222 price.zol.com.cn #0
O1 - Hosts: 202.101.62.46 www.soucode.com #0
O1 - Hosts: 61.129.81.205 speed-top.com #0
O1 - Hosts: 192.67.198.6 21nl.com #0
O1 - Hosts: 218.75.79.215 www.epoint.cn #0
O1 - Hosts: 218.94.6.203 218.94.6.203 #0
O1 - Hosts: 216.109.127.60 login.yahoo.com #0
O2 - BHO: (no name) - {9AFD91F9-6B03-4D22-A1E1-67D224CB7AB1} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINNT\system32\AlxTB1.dll (file missing)
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\FlashGet\fgiebar.dll
O3 - Toolbar: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINNT\WORLD2\TOOLBAR\hmtoolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AudioHQ] ; C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Speed racer] ; C:\Program Files\Creative\SBLive2k\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [RavMon] D:\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RfwMain] "d:\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RavTimer] D:\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [HP Software Update] ; C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] ; C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [NetSpeeder] "E:\网络提速工具\网络狂飙V3.5\NetSpeeder.exe" hide
O4 - HKLM\..\Run: [Windows内存整理] D:\Wom\WinMem.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [PreAnnotate] ; C:\WINNT\system32\PreAnntt.exe
O4 - HKCU\..\Run: [PenCommander] ; C:\Program Files\Patriot\PenCmder.exe
O8 - Extra context menu item: 使用网际快车下载 - D:\FlashGet\jc_link.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用 Jerk Flash V2 提取该页资源(&U)... - F:\wss\JerkFlashV2\Jerk Flash V2\getresource.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - D:\BitSpirit\bsurl.htm
O9 - Extra button: 网址大全 - {1FBA04EE-3024-11D2-8F1F-0000F87ABD18} - http://www.coc.cc (file missing)
O9 - Extra button: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - d:\Kingsoft\XDict\IEPlugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Tencent\QQ\QQIEHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B936DE9F-E61F-445D-9399-4136140480CD}: NameServer = 202.106.0.20 202.106.46.151
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hpdj.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - d:\北京通信\宽带E~1\app\pppoeservice.exe
O23 - Service: RadClock - Unknown owner - C:\Program Files\RadLinker\RadClock.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\RISING\RAV\Ravmond.exe
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINNT\system32\DRIVERS\WtSrv.exe
