飞速妞子 - 2007-1-30 2:45:00
启动项报告: 2007-1-30, 2:29:28
启动项扫描器版本: 1.52.2
开始于: E:\歌\好歌\新建文件夹\HijackThis1991zww.EXE
系统检测: Windows XP SP2 (WinNT 5.01.2600)
系统检测: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* 使用默认选项
==================================================
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\新建文件夹 (2)\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\新建文件夹 (2)\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
E:\新建文件夹 (2)\Rising\Rav\Ravmond.exe
E:\新建文件夹 (2)\Rising\Rav\RAVMON.EXE
C:\WINDOWS\system32\svchost.exe
D:\QQ\QQ.exe
D:\QQ\TIMPlatform.exe
C:\WINDOWS\system32\conime.exe
E:\新建文件夹 (2)\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
D:\QQ\QQMusic.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\歌\好歌\新建文件夹\HijackThis1991zww.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe
--------------------------------------------------
注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
RavTask = "E:\新建文件夹 (2)\Rising\Rav\RavTask.exe" -system
runeip = E:\歌\runiep.exe
WebThunder = E:\新建文件夹 (2)\WebThunder.exe
--------------------------------------------------
注册表中的启动项:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=* 未找到INI相关项目值 *
run=* 未找到INI相关项目值 *
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *
HKLM\..\Windows\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *
HKLM\..\Windows\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *
HKCU\..\Windows\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *
HKCU\..\Windows\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: load=
HKLM\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
外壳扩展和屏幕保护程序的键值 从 C:\WINDOWS\SYSTEM.INI:
Shell=* 未找到INI相关项目值 *
SCRNSAVE.EXE=* 未找到INI相关项目值 *
drivers=* 未找到INI相关项目值 *
外壳扩展和屏幕保护程序的键值 从 注册表
Shell=explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\BLISS.SCR
drivers=* 未找到相关注册表键值 *
Policies Shell key:
HKCU\..\Policies: Shell=* 未找到相关注册表键值 *
HKLM\..\Policies: Shell=* 未找到相关注册表键值 *
--------------------------------------------------
列举IE浏览器辅助对象(BHO模块):
WebThunderBHO - E:\新建文件夹 (2)\WebThunderBHO_016.dll - {00000AAA-A363-466E-BEF5-9BB68697AA7F}
--------------------------------------------------
列举下载的程序文件:
[CPasswordEditCtrl Object]
InProcServer32 = C:\WINDOWS\system32\qqedit\qqedit.dll
CODEBASE = https://password.qq.com/download/qqedit.
© 2000 - 2026 Rising Corp. Ltd.