HijackThis_815汉化版扫描日志 V1.99.1
保存于 18:52:03, 日期 2008-6-5
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v7.00 (7.00.6000.16640)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\inf\svchostc.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\BHDCRegC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\太通实业 T&T Devices\太通实业 T&T ADSL
2118U\dslmon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\软件\扫描工具\HijackThis1991zww.exe
F2 - REG:system.ini: Shell=Explorer.exe,22.exe
O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} -
C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} -
C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (file
missing)
O2 - BHO: tisqatyu.dll - {18093456-9012-4568-9076-908765467181} -
C:\WINDOWS\system32\tisqatyu.dll
O2 - BHO: apzhbtde.dll - {2D698451-2015-6358-9871-2015987452D2} -
C:\WINDOWS\system32\apzhbtde.dll
O2 - BHO: oswxcttb.dll - {33512378-9874-5641-1025-985420368733} -
C:\WINDOWS\system32\oswxcttb.dll
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} -
C:\WINDOWS\system32\yxcschlp.dll
O2 - BHO: nhmxcjkl.dll - {37AC9076-C898-B098-D098-A18319080973} -
C:\WINDOWS\system32\nhmxcjkl.dll
O2 - BHO: mndhddwd.dll - {4C648541-1025-9650-9057-6541258720C4} -
C:\WINDOWS\system32\mndhddwd.dll
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} -
C:\WINDOWS\system32\mnmhgsrv.dll
O2 - BHO: ypdjfbmp.dll - {81954FAC-1023-154F-895A-1458258AD818} -
C:\WINDOWS\system32\ypdjfbmp.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE"
/Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32
\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32
\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "D:\软件\影音风暴\Storm
Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB
PC Camera (ZC0301PLH)
O4 - 启动项HKLM\\Run: [BHDCRegC] C:\WINDOWS\system32\BHDCRegC.exe
O4 - 启动项HKLM\\Run: [runeip] "C:\Program
Files\Rising\AntiSpyware\runiep.exe" /startup
O4 - 启动项HKLM\\Run: [RavTask] "D:\软件\瑞星\Rising\Rav\RavTask.exe"
-system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: QQ游戏启动加速程序.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: explorer.exe
O8 - IE右键菜单中的新增项目: 使用WEB迅雷下载 - C:\Program Files\Thunder
Network\WebThunder\GetUrl.htm
O8 - IE右键菜单中的新增项目: 使用WEB迅雷下载全部链接 - C:\Program
Files\Thunder Network\WebThunder\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 使用迅雷下载 - C:\Program Files\Thunder
Network\Thunder\Program\geturl.htm
O8 - IE右键菜单中的新增项目: 使用迅雷下载全部链接 - C:\Program
Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) -
res://D:\软件\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\软件
\QQ\qq\AddEmotion.htm
O9 - 浏览器额外的按钮: (no name) - {09BA8F6D-CB54-424B-839C-
C2A6C8E6B436} - (no file)
O9 - 浏览器额外的按钮: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977}
- D:\软件\PPLive\PPLive.exe
O9 - 浏览器额外的“工具”菜单项: PPLive - {95B3F550-91C4-4627-BCC4-
521288C52977} - D:\软件\PPLive\PPLive.exe
O9 - 浏览器额外的按钮: 启动WEB迅雷 - {962EFB8E-2683-42d4-AC74-
AAA4C759B9C6} -
http://my.xunlei.com (file missing)
O9 - 浏览器额外的“工具”菜单项: 启动WEB迅雷 - {962EFB8E-2683-42d4-
AC74-AAA4C759B9C6} -
http://my.xunlei.com (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - “受信任的站点”中添加项:
http://www.icbc.com.cnO16 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} (iTrusPTA Class) -
https://img.alipay.com/download/1101/aliedit.cabO16 - DPF: {5CB840B5-A94E-4AD9-B785-4866E3B04476} (InfoSecNetSign
Class) -
https://mybank.icbc.com.cn/icbc/ICBCNetSignG.dllO16 - DPF: {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} (Submit Class) -
https://pbank.95559.com.cn/personbank/ocx/safe_bankcomm.cabO16 - DPF: {B219E31C-E110-4638-AF01-7BDD5ACA552C} (ICBCQPKCom_HH Class)
-
https://mybank.icbc.com.cn/icbc/ICBCQPK_HH.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) -
http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{AE31F43E-9127-4677-9D48-
F6C91135B9C5}: NameServer = 202.99.192.68 202.99.192.66
O20 - AppInit_DLLs: ieprot.dll,tisqatyu.dll,nhmxcjkl.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O21 - SSODL: midimapms - {4F4F0064-71E0-4f0d-0014-708476C7815F} -
C:\WINDOWS\system32\midimapms.dll
O21 - SSODL: midimapzx - {4F4F0064-71E0-4f0d-0005-708476C7815F} -
C:\WINDOWS\system32\midimapzx.dll
O21 - SSODL: midimapqn3 - {4F4F0064-71E0-4f0d-0022-708476C7815F} -
C:\WINDOWS\system32\midimapqn3.dll
O21 - SSODL: midimapgj - {4F4F0064-71E0-4f0d-0003-708476C7815F} -
C:\WINDOWS\system32\midimapgj.dll
O21 - SSODL: midimapwl - {4F4F0064-71E0-4f0d-0004-708476C7815F} -
C:\WINDOWS\system32\midimapwl.dll
O21 - SSODL: midimapjr - {4F4F0064-71E0-4f0d-0012-708476C7815F} -
C:\WINDOWS\system32\midimapjr.dll
O21 - SSODL: midimapcq - {4F4F0064-71E0-4f0d-0023-708476C7815F} -
C:\WINDOWS\system32\midimapcq.dll
O23 - NT 服务: Rising Proxy Service (RfwProxySrv) - Unknown owner -
d:\软件\瑞星\rising\rfw\rfwproxy.exe (file missing)
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Unknown
owner - d:\软件\瑞星\rising\rfw\rfwsrv.exe (file missing)
