HijackThis_zww汉化版扫描日志 V1.99.1
保存于 11:19:36 PM, 日期 2005-11-4
操作系统: Windows XP (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP1 (6.00.2600.0000)
当前运行的进程:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
d:\program files\rising\rfw\rfwsrv.exe
D:\PROGRAM FILES\RISING\RAV\RavStub.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\drivers\CDAC11BA.EXE
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\Explorer.EXE
d:\program files\rising\rfw\RfwMain.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\VM_STI.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
D:\Program Files\MessengerPlus! 3\MsgPlus.exe
D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
D:\PROGRA~1\RISING\RAV\RAVMON.EXE
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\MSNShell\BIN\MSNShell.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\System32\taskmgr.exe
D:\Program Files\Xi\NetTransport 2\NetTransport.exe
D:\Program Files\Real\RealPlayer\RealPlay.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\DOCUME~1\HAPPYF~1\LOCALS~1\Temp\Rar$EX00.273\HijackThis1991zww.exe
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - D:\WINDOWS\System32\xunleibho_v5.dll
O2 - BHO: Search assistant - {04844102-FC0B-4f44-9E93-0C4293BB5E80} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - D:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - D:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: NLBHO Class - {FEBDACA2-86EC-4305-B9A7-CE839241FA6B} - D:\Program Files\Orient Orchid\NetLines\NetLinesAPI.dll
O3 - IE工具栏增项: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - D:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - 启动项HKLM\\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - 启动项HKLM\\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - 启动项HKLM\\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [eBayToolbar] D:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - 启动项HKLM\\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - 启动项HKLM\\Run: [RfwMain] "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [hmonitor] D:\Program Files\Hmonitor\hmonitor.exe
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [DAEMON Tools-2052] "D:\Program Files\D-Tools\daemon.exe" -lang 2052
O4 - 启动项HKLM\\Run: [NeroCheck] D:\WINDOWS\System32\\NeroCheck.exe
O4 - 启动项HKLM\\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - 启动项HKLM\\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - 启动项HKLM\\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - 启动项HKLM\\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\RunServices: [Win32 Ms Auto Updater] AutomsUPD.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [NetZero_uoltray] D:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [MSNShell] D:\Program Files\MSNShell\BIN\MSNShell.exe autorun
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [vbuzzer] D:\Program Files\vbuzzer\vbuzzer.exe
O4 - Startup: 腾讯QQ.lnk = D:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - IE右键菜单中的新增项目: &Download by NetLines - D:\PROGRA~1\ORIENT~1\NETLINES\NLGet.htm
O8 - IE右键菜单中的新增项目: &eBay Search - res://D:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - IE右键菜单中的新增项目: &Yahoo! Search -
file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\Program Files\Sandai Technologies Inc\Thunder\getAllurl.htm
O8 - IE右键菜单中的新增项目: 使用影音传送带下载 - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - IE右键菜单中的新增项目: 使用影音传送带下载全部链接 - D:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - 浏览器额外的按钮: o?·???????ì¨ - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\Program Files\haofang\GameClient.exe
O9 - 浏览器额外的按钮: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - 浏览器额外的按钮: (no name) - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - D:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll
O9 - 浏览器额外的按钮: PowerWord - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - D:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: ìú??QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQì?2ê1¤??ì?éè?? - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的按钮: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\DOCUME~1\HAPPYF~1\LOCALS~1\Temp\Rar$EX00.656\DSLite2\DSLite.exe (file missing)
O9 - 浏览器额外的“工具”菜单项: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\DOCUME~1\HAPPYF~1\LOCALS~1\Temp\Rar$EX00.656\DSLite2\DSLite.exe (file missing)
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'nlhk.dll' missing
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131171628944
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131171617207
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan
Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O18 - 列举现有的协议: mbox - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - D:\WINDOWS\System32\mbprot.dll
O18 - 列举现有的协议: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - NT 服务: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - NT 服务: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - NT 服务: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - NT 服务: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe
