日志文件 Trend Micro HijackThis v 2.0.2
日志保存时间: 10:09:18,2008/8/9
操作系统: Windows Vista (WinNT 6.00.1904)
IE版本: Internet Explorer v7.00 (7.00.6000.16609)
启动模式: 正常
正在运行的进程:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\admin\Saved Games\Rising\Rfw\RfwMain.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\FixCamera.exe
C:\Windows\vsnpstd3.exe
C:\Windows\tsnpstd3.exe
C:\Windows\System32\MWekeyStaMon.exe
D:\卡卡上网助手\RSTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\admin\Saved Games\Rising\Rav\Ravmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\admin\Saved Games\818江湖.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
D:\WinRAR\WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$EX14.067\HijackThis.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - d:\迅雷\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (没有文件)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - d:\迅雷\ComDlls\xunleiBHO_Now.dll
O2 - BHO: 卡卡上网安全助手 - {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - C:\Windows\system32\UrlFilter.dll
O3 - IE 工具栏: (未命名) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (没有文件)
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "d:\暴风影音\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [MwUsbStaMon] C:\Windows\system32\MWekeyStaMon.exe
O4 - HKLM\..\Run: [RavTask] "C:\Users\admin\Saved Games\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Users\admin\Saved Games\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [runeip] "d:\卡卡上网助手\rstray.exe" /startup
O4 - HKLM\..\RunOnce: [KKDelay] D:\卡卡上网助手\RunOnce.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O8 - 扩展右键菜单项: 使用迅雷下载 - d:\迅雷\Program\GetUrl.htm
O8 - 扩展右键菜单项: 使用迅雷下载全部链接 - d:\迅雷\Program\GetAllUrl.htm
O8 - 扩展右键菜单项: 导出到 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - 扩展右键菜单项: 添加到QQ表情 - d:\QQ\AddEmotion.htm
O9 - 额外的按钮: (未命名) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - 额外的“工具”菜单项目: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - 额外的按钮: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\迅雷\Thunder.exe
O9 - 额外的“工具”菜单项目: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\迅雷\Thunder.exe
O9 - 额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\浩方对战平台\GameClient.exe
O9 - 额外的按钮: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\users\admin\saved games\rising\rav\hookspi.dll
O10 - Unknown file in Winsock LSP: c:\users\admin\saved games\rising\rav\hookspi.dll
O10 - Unknown file in Winsock LSP: c:\users\admin\saved games\rising\rav\hookspi.dll
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {219A9041-2709-4FAB-96E4-93E4FA495E1E} (WSView Class) -
http://www.csj.sh.gov.cn/shuiy/WSViewer.cabO16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) -
https://img.alipay.com/download/2121/aliedit.cabO16 - DPF: {B48B9648-E9F0-48A3-90A5-8C588CE0898F} (SafeEngineCtl Class) -
http://www.csj.sh.gov.cn/shuiy/SafeEngineCOM.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{4BFFFE4A-D8B2-40F5-ABC5-1132CDBF4BDF}: NameServer = 202.96.209.133,202.109.117.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{94413CCE-77E9-49E8-BF0A-68A7B301D7F8}: NameServer = 202.96.209.133,202.109.117.200
O17 - HKLM\System\CS1\Services\Tcpip\..\{4BFFFE4A-D8B2-40F5-ABC5-1132CDBF4BDF}: NameServer = 202.96.209.133,202.109.117.200
O20 - AppInit_DLLs: kmon.dll
O23 - NT 服务: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - NT 服务: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - NT 服务: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - NT 服务: Rising Proxy Service (RfwProxySrv) - Beijing Rising Information Technology Co., Ltd. - C:\Users\admin\Saved Games\Rising\Rfw\rfwProxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Information Technology Co., Ltd. - C:\Users\admin\Saved Games\Rising\Rfw\rfwsrv.exe
O23 - NT 服务: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Users\admin\Saved Games\Rising\Rav\CCenter.exe
O23 - NT 服务: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\USERS\ADMIN\SAVED GAMES\RISING\RAV\Ravmond.exe
O23 - NT 服务: Rising Vista Scanner (RsVScanner) - Beijing Rising Information Technology Co., Ltd. - C:\Users\admin\Saved Games\Rising\Rav\scannerd.exe
O23 - NT 服务: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
文件结束 - 8199 字节
用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506)
