Logfile of HijackThis v1.99.1
Scan saved at 9:03:17, on 2005-11-9
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Iparmor\Iparmor.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINDOWS\System32\ctfmon.exe
D:\系统工具\wom6.7\Womcc.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Tencent\TT\TTraveler.exe
D:\系统工具\HijackThis1.99.1\HijackThis.exe
O1 - Hosts: 218.89.172.105 www.people.com.cn
O1 - Hosts: 220.181.26.209 alumni.chinaren.com
O1 - Hosts: 202.101.43.16 www.crsky.com
O1 - Hosts: 219.153.11.194 bbs.gamebbx.com
O1 - Hosts: 218.93.114.213 www.hanzify.org
O1 - Hosts: 218.72.250.86 city.niu8.net
O1 - Hosts: 219.136.252.167 come.6to23.com
O1 - Hosts: 202.104.237.248 www.st020.com
O1 - Hosts: 218.89.172.105 www.people.com.cn
O1 - Hosts: 218.89.172.142 www.xinhuanet.com
O1 - Hosts: 61.166.155.109 www.yninfo.com
O1 - Hosts: 219.153.3.166 www.cctv.com
O1 - Hosts: 211.157.21.112 www.weathercn.com
O1 - Hosts: 61.129.115.79 www.cngsd.com
O1 - Hosts: 218.23.50.12 www.yocksky.com
O1 - Hosts: 219.153.11.194 bbs.gamebbx.com
O1 - Hosts: 219.153.12.65 www.wg8888.com
O1 - Hosts: 222.77.177.113 mir3.17173.com
O1 - Hosts: 61.157.96.24 www.mydj2005.com
O1 - Hosts: 221.3.131.36 yncnc.onlinedown.net
O1 - Hosts: 219.238.233.207 online.rising.com.cn
O1 - Hosts: 218.72.250.86 city.niu8.net
O1 - Hosts: 202.102.249.211 hardware.mydrivers.com
O1 - Hosts: 222.137.116.85 mir3.92wy.com
O1 - Hosts: 222.137.116.97 bbs.92wy.com
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v8.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Router Layer - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} - C:\WINDOWS\System32\aclayer.dll (file missing)
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\PROGRA~1\Kingsoft\FASTAI~1\IEBand.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 卡卡安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\kakatool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iparmor] C:\Program Files\Iparmor\Iparmor.exe mini
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WrCtrl] "C:\Program Files\WinRoute Pro\wrctrl.exe"
O8 - Extra context menu item: &使用迅雷下载 - D:\系统工具\下载工具\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\系统工具\下载工具\Thunder\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - D:\系统工具\下载工具\BitSpirit\bsurl.htm
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: 网际飞音 - {8E4E4123-AAC7-42CA-AF1B-68CE70B8D385} - C:\Program Files\Donor\donor.exe
O9 - Extra 'Tools' menuitem: 网际飞音(&D) - {8E4E4123-AAC7-42CA-AF1B-68CE70B8D385} - C:\Program Files\Donor\donor.exe
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan
Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec Corporation - F:\ghost8\bin\dbserv.exe
O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec Corporation - F:\ghost8\ngserver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: Remote Administrator Service (r_server) - Realtek Semiconductor Corporation - (no file)
