Logfile of HijackThis v1.99.1
Scan saved at 16:33:51, on 2006-7-7
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\Explorer.EXE
C:\WINNT\SYSTEM32\DWRCST.exe
C:\WINNT\SOUNDMAN.EXE
D:\Program Files\Rising\Rav\RavMon.exe
D:\Program Files\Rising\Rav\RavTask.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
D:\Program Files\Tencent\QQ\TMDlls\TM.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\shikong\scm\skscms813.exe
C:\Program Files\shikong\查询专用\查询专用.exe
D:\GENERSOFT\MYGS_PSERIES\KZT.EXE
D:\GENERSOFT\MYGS_PSERIES\fzgl.exe
D:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\cw\LOCALS~1\Temp\Rar$EX02.802\HijackThis.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll (file missing)
O2 - BHO: Shockwave Flash
Object - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - C:\WINNT\system32\swflash.ocx
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users.WINNT\Application Data\Microsoft\IEHelper\IEHelper_4590.dll (file missing)
O2 - BHO: WinSearch - {27E96DE0-8211-42CF-9A1E-FA6246A95B77} - C:\WINNT\system32\winsearch.dll (file missing)
O2 - BHO: BrowserHelper Class - {2D99E8F4-56B7-457B-9A92-61B5D247D263} - C:\WINNT\system32\WinDefendor.dll (file missing)
O2 - BHO: DTSvc Class - {2EF14E3B-45CE-45d6-913E-7AA65331A933} - C:\WINNT\DTSVC\DTS\DTS.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O2 - BHO: QQBrowserHelper
Object Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: XBTP03129 Class - {6029B367-250A-4696-925C-641709CA7381} - C:\PROGRA~1\KUAISO~1\KUAISO~1.DLL (file missing)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: DTSvc Class - {6B280AC7-8B18-46A4-BF70-FC579A1B2F76} - C:\Program Files\DTSVC\DTS\DTS.dll (file missing)
O2 - BHO: Router Video 40 - {8465D755-AFE0-40ef-BC5E-2290D2C1F31F} - C:\WINNT\System32\rv40.dll
O2 - BHO: Thunder Browser Helper - {889D2FEB-5411-4565-8998-1DD2C5261283} - d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll
O2 - BHO: Mini PPGou BHO - {92FB5F8F-8254-4978-9C50-03D9B0405062} - C:\PROGRA~1\MINIPP~1\MINIPP~1.DLL (file missing)
O2 - BHO: Webacc Class - {CAC068F3-A608-406B-8581-458788A67694} - C:\WINNT\system32\svchost.dll (file missing)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O2 - BHO: InsIII - {DDDE2452-AF9E-4577-AE6C-465DBCB54D49} - C:\WINNT\system32\opngl32.dll
O2 - BHO: IEHlprObj Class - {F5B3ECED-9BF3-4f7e-882B-A6E75343C499} - C:\Progra~1\NetMeeting\netinit.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RavTimer] D:\Program Files\Rising\Rav\RavTimer.exe
O4 - HKLM\..\Run: [RavMon] D:\Program Files\Rising\Rav\RavMon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\RunServices: [RavMon] D:\Program Files\Rising\Rav\RavMon.exe /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O8 - Extra context menu item: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\卡车\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\卡车\jc_all.htm
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O11 - Options group: [CDNCLIENT] 中文上网
O16 - DPF: {18F57D30-EF36-4C0E-9343-7BFA6DF79B4A} (XLink Class) - http://active.micr0media.com/swflash21.CAB
O16 - DPF: {43E839C5-E10F-443A-BC1F-F09CFD2ABC77} (updatePanelX Control) - http://www.uusee.com/player/updateC.cab
O16 - DPF: {53AF6E02-F18F-4228-AC13-3E79773FBE50} (CMCBooter
Object) - http://download.mysee.com/plugin/booter.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://www.ppstream.com/bin/powerplayer.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148738549482
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} (LiveMediaOcx Control) - http://dl_dir.qq.com/qqtv/QQLiveOcxSetup.exe
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O16 - DPF: {D1056C7C-E30B-4234-9A4B-7E1038B167A7} (RootCertInstall Class) - https://mybank.icbc.com.cn/icbc/perbank/RootCert.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan
Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl
Object) - https://account.qq.com/qqedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8A59C4A-0F1F-4929-A9DF-4F312D95E2C5}: NameServer = 202.106.196.115
O20 - AppInit_DLLs: C:\WINNT\system32\SoDAHK.DLL
O23 - Service: ChannelRg - Unknown owner - C:\Program Files\Common Files\GoldenSoft\ChannelRg.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: P4P Service - Unknown owner - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe (file missing)
O23 - Service: RavService - Unknown owner - d:\Program Files\Rising\Rav\RavService.exe" /service (file missing)
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINNT\system32\r_server.exe" /service (file missing)
