日志文件 Trend Micro HijackThis v 2.0.2
日志保存时间: 10:03:38,2012/7/8
操作系统: Unknown Windows (WinNT 6.01.3505 SP1)
IE版本: Internet Explorer v8.00 (8.00.7601.17514)
启动模式: 正常
正在运行的进程:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\360\360sd\360rp.exe
C:\Program Files\360\360Safe\safemon\360tray.exe
C:\Program Files\95599 Certificate Tools\Watertek\ComyTool20.exe
C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Windows\evdo_Local_path\setup\CT_General_SRE\C+WSpy.exe
C:\Program Files\360\360sd\360sd.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Program Files\隐身侠\PCKii.exe
C:\Program Files\Rising\RSD\popwndexe.exe
C:\Users\Administrator\AppData\Roaming\360se\bin\360se.exe
C:\Users\Administrator\AppData\Roaming\360se\bin\SafeCentral\urlproc.exe
C:\Users\Administrator\AppData\Roaming\360Notify\Bin\360seNotify.exe
C:\Users\Administrator\AppData\Roaming\360se\bin\360se.exe
C:\Program Files\SogouInput\6.2.0.7476\SogouCloud.exe
D:\爱酷\common\YoukuMediaCenter.exe
D:\爱酷\common\ikuacc.exe
C:\Users\Administrator\AppData\Roaming\360se\bin\360se.exe
C:\Users\Administrator\AppData\Roaming\360se\bin\360se.exe
C:\Windows\system32\NOTEPAD.EXE
F:\IE诊断工具\HijackThis.exe
O2 - BHO: XlBrowserAddinBho.XlBrowserAddinBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.3.55.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.2.1.3136.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360\360Safe\safemon\safemon.dll
O4 - HKLM\..\Run: [360Safetray] "C:\Program Files\360\360Safe\safemon\360Tray.exe" /start
O4 - HKLM\..\Run: [Comyct20] "C:\Program Files\95599 Certificate Tools\Watertek\ComyTool20.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [DetectCDROM] C:\Windows\evdo_Local_path\setup\CT_General_SRE\C+WSpy.exe
O4 - HKCU\..\Run: [360sd] "C:\Program Files\360\360sd\360sd.exe" /autorun
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: 隐身侠后台服务程序.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - 扩展右键菜单项: &使用115优蛋 3下载 - D:\115网盘\115\UDown\getUrl.htm
O8 - 扩展右键菜单项: &使用115优蛋 3下载全部链接 - D:\115网盘\115\UDown\getAllUrl.htm
O8 - 扩展右键菜单项: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm
O8 - 扩展右键菜单项: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\BHO\getAllurl.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\360downloads\common\ikutm.dll
O10 - Unknown file in Winsock LSP: c:\360downloads\common\ikutm.dll
O10 - Unknown file in Winsock LSP: c:\360downloads\common\ikutm.dll
O13 - Gopher Prefix:
O15 - Trusted Zone:
http://easyabc.95599.cnO15 - Trusted Zone:
http://www.95599.cnO15 - Trusted Zone:
http://www.abchina.comO15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.taobao.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{D95B3773-84CF-4C19-A8EF-E94104FF6018}: NameServer = 202.101.224.69 202.101.226.69
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - D:\Kugou7\KuGoo3DownXControl.ocx
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - D:\Kugou7\KuGoo3DownXControl.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
O23 - NT 服务: 360 杀毒实时防护加载服务 (360rp) - 360.cn - C:\Program Files\360\360sd\360rps.exe
O23 - NT 服务: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe(文件不存在)
O23 - NT 服务: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - NT 服务: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - NT 服务: c20ukdrwsvc - Unknown owner - C:\Program Files\95599 Certificate Tools\Watertek\c20ukdrwsvr.exe
O23 - NT 服务: CDROM_Detect - Unknown owner - C:\Windows\evdo_Local_path\setup\CT_General_SRE\C+WDetect.exe
O23 - NT 服务: eChance PCKii Service (PCKiiService) - Beijing eChance Hi-Tech Software Company Ltd. - C:\Windows\SYSTEM32\PCKiiService.exe
O23 - NT 服务: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ralink\Common\RaRegistry.exe
O23 - NT 服务: Rsd Service (RsMgrSvc) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\RSD\RsMgrSvc.exe
O23 - NT 服务: 主动防御 (ZhuDongFangYu) - 360.cn - C:\Program Files\360\360Safe\deepscan\zhudongfangyu.exe
--
文件结束 - 5410 字节