Logfile of HijackThis v1.99.1
Scan saved at 10:57:02, on 2007-8-8
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\AntiSpyware\runiep.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Internet Explorer\Connection Wizard\QQ堂刷12挂.exe
d:\Program Files\Tencent\QQDownload\QQDownload.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.126\HijackThis.exe
R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\SSPlus\SAddr.dll
O2 - BHO: QQCycloneHelper Class - {00000000-12C5-4305-82F9-43058F20E8D2} - d:\Program Files\Tencent\QQDownload\QQIEHelper01.dll
O2 - BHO: ThunderBHO - {00000000-12C6-4305-82F9-43058F20E8D2} - d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\SSPlus\SAddr.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup
O4 - HKLM\..\Run: [stup.exe] Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [vwusefs] C:\Program Files\Common Files\System\eqrdrnr.exe
O4 - HKLM\..\Run: [txwslhg] C:\Program Files\Common Files\Microsoft Shared\websrdu.exe
O4 - HKLM\..\Run: [RAVMHMON] C:\WINDOWS\system32\RAVMHMON.exe
O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\ytovap.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [RAVZTMON] C:\WINDOWS\system32\RAVZTMON.exe
O4 - HKLM\..\Run: [RAV00B2] C:\WINDOWS\system32\RAV00B2.exe
O4 - HKLM\..\Run: [RAV00A0] C:\WINDOWS\system32\RAV00A0.exe
O4 - HKLM\..\Run: [RAV0138] C:\WINDOWS\system32\RAV0138.exe
O4 - HKLM\..\Run: [Winsockd32 Driver] C:\Program Files\Internet Explorer\90dqq.exe
O4 - HKLM\..\Run: [RAVZXMON] C:\WINDOWS\system32\RAVZXMON.exe
O4 - HKLM\..\Run: [RAV00CF] C:\WINDOWS\system32\RAV00CF.exe
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用超级旋风下载 - d:\Program Files\Tencent\QQDownload\geturl.htm
O8 - Extra context menu item: &使用超级旋风下载全部链接 - d:\Program Files\Tencent\QQDownload\getAllurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn/?u=RSTB (file missing)
O9 - Extra button: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com/?u=RSTB (file missing)
O9 - Extra button: 雨林木风 - {7550D5D5-D85C-414F-B623-0AD223AEC216} - http://www.ylmf.com (file missing) (HKCU)
O11 - Options group: [TBH] 中文搜搜
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156754453019
O16 - DPF: {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} (Tencent Safety Online Base Module) - http://safe.qq.com/cgi-bin/tso/TSOBase.ocx
O16 - DPF: {E847C78C-C210-4195-8799-FBF3BF89797D} (金山毒霸在线产品升级) - [url=http://cu004.www.duba.net/duba/scan/Package/KOSInit.cab]http://cu004.www.duba.net/duba/scan/Package/KOSInit.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{21403C92-D47F-43BE-A1A2-B34C5AF5BA84}: NameServer = 219.150.32.132 219.146.0.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{21403C92-D47F-43BE-A1A2-B34C5AF5BA84}: NameServer = 219.150.32.132 219.146.0.130
O17 - HKLM\System\CS3\Services\Tcpip\..\{21403C92-D47F-43BE-A1A2-B34C5AF5BA84}: NameServer = 219.150.32.132 219.146.0.130
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - D:\PROGRA~1\KuGoo3\InExtend\KUGOO3~1.OCX
O20 - AppInit_DLLs: mydpri.dll
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe