Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:43, on 2008-6-2
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\rising\rfw\rfwsrv.exe
c:\program files\rising\rfw\rfwproxy.exe
c:\program files\rising\rfw\rfwstub.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Rising\AntiSpyware\runiep.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Tencent\QQ\TXPlatform.exe
C:\PROGRAM FILES\RISING\RAV\ravmond.exe
C:\Program Files\Rising\Rav\RAVMON.EXE
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\应用软件\Thunder\Program\Thunder5.exe
D:\应用软件\Thunder\Components\Tips\TipsExtend.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JUJUMA~1.COM\LOCALS~1\Temp\Rar$EX00.328\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\应用软件\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\应用软件\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\应用软件\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C68B0149-C717-4041-BF00-C21569B97019} - C:\WINDOWS\system32\jlbecbkbgu.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: BitComet工具栏 - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\BitComet\BitCometBar\BitCometBar0.6.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: QQ游戏启动加速程序.lnk = ?
O4 - Startup: RsAutorunsDisabled
O4 - Startup: 宽带连接.lnk = ?
O8 - Extra context menu item: &V使用Vagaa哇嘎下载 - D:\Vagaa\Data\vg.htm
O8 - Extra context menu item: &使用BitComet下载 - res://D:\应用软件\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &使用BitComet下载全部链接 - res://D:\应用软件\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &使用BitComet下载本页视频 - res://D:\应用软件\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: 使用迅雷下载 - D:\应用软件\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - D:\应用软件\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\应用软件\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\应用软件\Thunder\Thunder.exe
O9 - Extra button: 讯通视频语音聊天 - {97C0CDFA-970D-4222-ADDE-6718E89E887C} - [url]http://www.bdsystem.com/[/url] (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\应用软件\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: easyabc.95599.cn
O15 - Trusted Zone: [url]www.95599.cn[/url]
O15 - Trusted Zone: [url]http://www.icbc.com.cn[/url]
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - [url]http://p3p.sogou.com/MMCShell.cab[/url]
O16 - DPF: {098A3F72-3110-4004-B954-2F9DC44934B4} (AddSHCARoot Control) - [url]http://y951.cn/BDC_Root_CA.cab[/url]
O16 - DPF: {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} (PhotoDraw Class) - [url]http://imgcache.qq.com/qzone/client/photo/pages/QQPhotoDrawSetup.exe[/url]
O16 - DPF: {2423AB16-9F42-457B-A337-FE3B11964DB0} - [url]http://www.bluesky.cn/download/recorder.cab[/url]
O16 - DPF: {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} - [url]http://www.bluesky.cn/download/v2.cab[/url]
O16 - DPF: {3072B1F1-0C4D-4E76-A7C6-FBAF129DBCC9} - [url]http://www.bluesky.cn/download/share.cab[/url]
O16 - DPF: {53AF6E02-F18F-4228-AC13-3E79773FBE50} (CMCBooter Object) - [url]http://download.mysee.com/plugin/booter.cab[/url]
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - [url]https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab[/url]
O16 - DPF: {991481A7-4669-4E15-8C24-100404E1F5CB} - [url]http://www.bluesky.cn/download/blueskyvoice.cab[/url]
O16 - DPF: {BF8C499A-AC6E-4F58-82EA-9E5FCC41C34B} (PicUploadCtrl Class) - [url]http://tb.sogou.com/PicUpload.cab?pp[/url]
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - [url]http://dl_dir.qq.com/3dshow/3DShowVM.cab[/url]
O16 - DPF: {F5CEC604-49EC-4F59-B04F-4048FED9EE13} - [url]http://dl.bysoo.com/bysooTBV10/nvwkanx1.cab[/url]
O16 - DPF: {F76637AD-C469-4412-BE00-2C2E805638B2} (SHLauncher Control) - [url]http://www.saynsay.com/soft/SHLaunch_1010.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{922DEE42-ABFB-4E24-B2AE-D8AA4A5D439C}: NameServer = 202.96.64.68 202.96.69.38
O20 - AppInit_DLLs: ieprot.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
--
End of file - 7775 bytes