日志文件 Trend Micro HijackThis v 2.0.2
日志保存时间: 10:27:47,2010-6-4
操作系统: Windows XP SP3 (WinNT 5.01.2600)
IE版本: Internet Explorer v8.00 (8.00.6001.18702)
启动模式: 正常
正在运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Rising\Ris\RavMonD.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Rising\Ris\RsTray.exe
D:\Program Files\彩影软件\ARP防火墙单机版\AntiARP.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Tencent\RTXC\RTX.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
d:\Program Files\CoCreate\CoCreate License Server 2008\MEls32.exe
d:\Program Files\CoCreate\CoCreate License Server 2008\MEls32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Backup\QQ\Bin\QQ.exe
D:\Program Files\win_LibFetion_V1.3_release\LibFx.exe
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Misc\QQExp.exe
d:\Program Files\Rising\AntiSpyware\rstray.exe
D:\Backup\QQ\Bin\QQ.exe
D:\Program Files\Maxthon\Maxthon.exe
D:\Backup\QQ\Bin\QQ.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Program Files\SolidWorks\SLDWORKS.exe
f:\Temp\SolidWorksLicTemp.0001
C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
C:\WINDOWS\system32\calc.exe
D:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
D:\Program Files\Rising\AntiSpyware\knownsvr.exe
D:\Program Files\Rising\Ris\RsMain.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\软件\检查小工具\hijackthis_v2.02h\HijackThis.exe
O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - d:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: IE2EMBHO Class - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - D:\Program Files\easyMule\modules\IE2EM.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: XLLiteView BrowserHelper Object - {2D90D33C-DE76-42D0-9040-E4466DDC24AC} - d:\Program Files\Thunder Network\Thunder\Program\EmbedDetectNow.dll
O2 - BHO: HaoKanBar BrowserHelper - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - d:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O3 - IE 工具栏: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - d:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O4 - HKLM\..\Run: [runeip] "d:\Program Files\Rising\AntiSpyware\rstray.exe" /startup
O4 - HKLM\..\Run: [RisTray] "D:\Program Files\Rising\Ris\RsTray.exe" -system
O4 - HKLM\..\Run: [AntiARPStandalone] D:\Program Files\彩影软件\ARP防火墙单机版\AntiARP.exe
O4 - HKLM\..\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: 腾讯通RTX.lnk = D:\Program Files\Tencent\RTXC\RTX.exe
O8 - 扩展右键菜单项: &U使用米人下载并收藏 - D:\Program Files\NamiRobot\Data\du.html
O8 - 扩展右键菜单项: 使用电驴下载 - D:\Program Files\easyMule\IE2EM.htm
O8 - 扩展右键菜单项: 使用网页迅雷下载 - d:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 - 扩展右键菜单项: 使用网页迅雷下载全部链接 - d:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O8 - 扩展右键菜单项: 使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - 扩展右键菜单项: 使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - 扩展右键菜单项: 使用迅雷查看图片 - d:\Program Files\Thunder Network\Thunder\Program\repairimage.htm
O9 - 额外的按钮: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - 额外的“工具”菜单项目: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - 额外的按钮: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - 额外的“工具”菜单项目: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - 额外的按钮: 查看网页全部图片 - {548BF84E-9665-47f9-B635-7380F8943E90} - d:\Program Files\Thunder Network\Thunder\Program\repairimage.htm
O9 - 额外的“工具”菜单项目: 查看网页全部图片 - {548BF84E-9665-47f9-B635-7380F8943E90} - d:\Program Files\Thunder Network\Thunder\Program\repairimage.htm
O9 - 额外的按钮: InPrivate 隐私模式 - {6D78AEE0-EBD7-4A32-B2DC-91FA87BE875B} - C:\WINDOWS\YuanJing\InPrivate.lnk
O9 - 额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 额外的按钮: 启动网页迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} -
http://my.xunlei.com(文件不存在)
O9 - 额外的“工具”菜单项目: 启动网页迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} -
http://my.xunlei.com(文件不存在)
O9 - 额外的按钮: InPrivate 隐私模式 - {AF4CE2EC-5AA4-454E-9F1A-4673C8B9823D} - C:\WINDOWS\YuanJing\InPrivate.lnk
O15 - Trusted Zone:
http://*.alipay.comO15 - Trusted Zone:
http://*.alisoft.comO15 - Trusted Zone:
http://*.bankofchina.comO15 - Trusted Zone:
http://*.boc.cnO15 - Trusted Zone:
http://*.taobao.comO15 - ESC Trusted Zone:
http://*.update.microsoft.comO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) -
http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{72C38EC8-D07D-4545-8948-CE2D5C270540}: NameServer = 202.106.0.20,192.168.3.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{72C38EC8-D07D-4545-8948-CE2D5C270540}: NameServer = 202.106.0.20,192.168.3.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{72C38EC8-D07D-4545-8948-CE2D5C270540}: NameServer = 202.106.0.20,192.168.3.2
O23 - NT 服务: ARP防火墙加载程序 (AntiARPClientLoader) - Unknown owner - d:\Program Files\彩影软件\ARP防火墙单机版\AntiARPClientLoader.exe
O23 - NT 服务: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - NT 服务: CoCreate License Server - Unknown owner - d:\Program Files\CoCreate\CoCreate License Server 2008\MEls32.exe
O23 - NT 服务: Google 更新服务 (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe(文件不存在)
O23 - NT 服务: NetMeeting Remote Desktop Sharing (mnmsrvc) -
http://www.138soft.com - (没有文件)
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: Ris Service (RsRisMon) - Beijing Rising Information Technology Co., Ltd. - D:\Program Files\Rising\Ris\RavMonD.exe
O23 - NT 服务: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
--
文件结束 - 7891 字节
麻烦帮我看看分析分析谢谢
用户系统信息:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Maxthon; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
