HijackThis@Qoo的扫描日志 V1.97.7
Scan saved at 2:13:07, on 2006-1-22
Platform: Unknown Windows (WinNT 5.02.3790
SP1)
MSIE: Internet Explorer v6.00 SP1
(6.00.3790.1830)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\Program Files\rising\Rav\Ravmond.exe
C:\Program Files\rising\Rav\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI
Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\capp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\rising\Rav\RavTask.exe
C:\Program Files\rising\Rav\Ravmon.exe
C:\Program Files\ATI
Technologies\ATI.ACE\CLI.exe
D:\pc\UC2005\uc.exe
D:\zy\MyIE402B0525GB[1]\MyIE.exe
C:\Program Files\Internet
Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.6
56\HijackThis.exe
O2 - BHO: (no name) -
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} -
C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
(file missing)
O2 - BHO: (no name) -
{35980F6E-A137-4E50-953D-813BB8556899} -
C:\WINDOWS\system32\CdnIEHlp.dll
O2 - BHO: QQIEHelper -
{54EBD53A-9BC1-480B-966A-843A333CA162} -
D:\pc2\QQIEHelper.dll
O2 - BHO: YDragSearch -
{62EED7C6-9F02-42f9-B634-98E2899E147B} -
C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.D
LL (file missing)
O2 - BHO: Google Web Accelerator Helper -
{69A87B7D-DE56-4136-9655-716BA50C19C7} -
C:\Program Files\Google\Web
Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) -
{A5366673-E8CA-11D3-9CD9-0090271D075B} -
C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: IE -
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no
file)
O2 - BHO: (no name) -
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} -
C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - Toolbar: Google Web Accelerator -
{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} -
C:\Program Files\Google\Web
Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: FlashGet Bar -
{E0E899AB-F487-11D5-8D29-0050BA6940E3} -
C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) -
{F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no
file)
O3 - Toolbar: ????? -
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} -
C:\WINDOWS\system32\KakaTool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil
/RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
/SYNC
O4 - HKLM\..\Run: [PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
/IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program
Files\ATI Technologies\ATI.ACE\cli.exe"
runtime
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [MSSER]
C:\WINDOWS\system32\appmgmt\msser.exe
O4 - HKLM\..\Run: [CApp]
C:\WINDOWS\system32\capp.exe
O4 - HKLM\..\Run: [IMSCMIG40W]
C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMS
CMIG.EXE /SetPreload /Log
O4 - HKLM\..\Run: [StormCodec_Helper]
"C:\Program Files\Ringz Studio\Storm
Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [MiniPcast] C:\Program
Files\pcast\PodcastbarMini\start.exe
O4 - HKLM\..\Run: [BigDogPath]
C:\WINDOWS\VM_STI.EXE 10moons USB PC Camera
(ZC0301PL)
O4 - HKLM\..\Run: [RavTask] "C:\Program
Files\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [CnsMHlp.exe]
C:\WINDOWS\Downloaded Program
files\CnsMHlp.exe
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: ntuser.pol
O4 - Startup: Sti_Trace.log
O4 - Startup: wiadebug.log
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O4 - Global Startup: ntuser.pol
O8 - Extra context menu item: 上传到QQ网络硬
盘 - D:\pc2\AddToNetDisk.htm
O8 - Extra context menu item: 使用Kugoo下载 -
D:\Program Files\KuGoo\KugooDownX.htm
O8 - Extra context menu item: 使用网际快车下
载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下
载全部链接 - C:\Program
Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到
Microsoft Excel(&x) -
res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE
/3000
O8 - Extra context menu item: 收藏此页到ViVi
- http://vivi.sina.com.cn/collect/click.php?
agent=ddt
O8 - Extra context menu item: 新浪搜索 -
http://cha.sina.com.cn/ddt.html
O8 - Extra context menu item: 添加到QQ自定义
面板 - D:\pc2\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 -
D:\pc2\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该
图片 - D:\pc2\SendMMS.htm
O8 - Extra context menu item: 访问通用网址 -
C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: QQ (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O10 - Unknown file in Winsock LSP:
c:\windows\system32\cdnns.dll
O11 - Options group: [!CNS]
O11 - Options group: [CDNCLIENT]
O16 - DPF:
{3D8F74EE-8692-4F8F-B8D2-7522E732519E}
(WebActivater Control) -
http://game.qq.com/QQGame2.cab
O16 - DPF:
{6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/
V5Controls/en/x86/client/wuweb_site.cab?10815
00223828
O16 - DPF:
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD}
(AxInputControl Class) -
https://mybank.icbc.com.cn/icbc/perbank/AXSaf
eControls.cab
O16 - DPF:
{9F1C11AA-197B-4942-BA54-47A8489BB47F} -
http://v4.windowsupdate.microsoft.com/CAB/x86
/unicode/iuctl.CAB?38473.8998032407
O16 - DPF:
{D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash
Object) -
http://download.macromedia.com/pub/shockwave/
cabs/flash/swflash.cab
O16 - DPF:
{FEE1002D-90A5-4A5D-AABE-01803FFBCF7A}
(pCastPanel Class) -
http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0
.76_20051110.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{E7A96086-3
F84-43CE-8198-84D985B74D82}: NameServer =
202.96.209.5
