1970 |
2007-01-28 12:03 |
Logfile of HijackThis v1.99.1 Scan saved at 11:39:19, on 2007-1-28 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Rising\Rav\RavTask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Rising\Rav\Ravmon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\1xClient.dll C:\WINDOWS\system32\conime.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Maxthon\Maxthon.exe C:\Documents and Settings\m.M-04F99F7AC26D4\桌面\ha_hijackthis_1991\HijackThis.exe
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O2 - BHO: jsss - {AB3BAE61-8BA9-4063-AC44-469A82D58F40} - C:\PROGRA~1\COMMON~1\syyi\wccm.dll (file missing) O2 - BHO: 5999 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4c52ntos.dll O3 - Toolbar: 华彩即时讯息通(&C) - {8666E0BE-132E-4712-B7BD-141153889CE1} - C:\WINDOWS\system32\smsband2005.dll (file missing) O3 - Toolbar: 5999 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4c52ntos.dll O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FLASHGET\SubDirectory\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FLASHGET\SubDirectory\jc_all.htm O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149477333416 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166249782531 O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://password.qq.com/download/qqedit.cab O20 - Winlogon Notify: cryptimg - C:\WINDOWS\SYSTEM32\cryptimg.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe O23 - Service: Provisioning Transaction Service (ttt_14) - Unknown owner - C:\WINDOWS\system32\win.exe (file missing) |
|