瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 【求助】
2006414 - 2007-8-8 12:15:00
Logfile of HijackThis v1.99.1
Scan saved at 11:53:40, on 2007-8-8
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\rundll32.exe
D:\Downloads\常用工具\软件\新建文件夹\Trojanwall.exe
C:\WINDOWS\system32\svchost.exe
D:\Downloads\常用工具\软件\Thunder\Program\Thunder5.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Rising\Rav.com\Rav.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\桌面\HijackThis.exe

R3 - URLSearchHook: SrchspHook Class - {22F86F33-9CBB-49a8-BB12-CDBE51B4C294} - C:\PROGRA~1\OCINS\srchsp.dll
F3 - REG:win.ini: run=C:\PROGRA~1\COMMON~1\Microsoft\CTHELPER.EXE
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\Downloads\常用工具\软件\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {11F09AFC-75AD-4E51-AB43-E09E9351CE16} - D:\Downloads\常用工具\软件\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush.dll (file missing)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: 腾讯QQ - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\WINDOWS\QQIEHelper.dll (file missing)
O2 - BHO: ff Class - {BFD74C09-98E7-4498-A1F8-3500DC9D85DE} - C:\WINDOWS\system32\e8d1.dll (file missing)
O2 - BHO: CPPIE Class - {C6844939-C324-41E0-84D0-D42F8DA5EBAD} - C:\WINDOWS\system32\hbcmd.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {406F94F0-504F-4A40-8DFD-58B0666ABEBD}? - (no file)
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Thunder] "D:\Downloads\常用工具\软件\Thunder\Thunder.exe" /s
O4 - HKLM\..\Run: [WebThunder] C:\Documents and Settings\Administrator\桌面\WebThunder.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [360Safetray] C:\Documents and Settings\Administrator\桌面\safemon\360Tray.exe /start
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Documents and Settings\Administrator\桌面\新建文件夹\eMule\eMule.exe -AutoStart
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &使用快车(FlashGet)下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &使用快车(FlashGet)下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 使用迅雷下载 - D:\Downloads\常用工具\软件\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - D:\Downloads\常用工具\软件\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 87265上网导航,带您进入精彩的网络世界! - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.87265.com/?btn (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: 快车 - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: 快车(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: 雨林木风 - {AEE5EC29-E980-4423-97F7-F5304D71B9FF} - http://www.ylmf.com (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\isapir.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\isapir.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186213185125
O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} (KvScanOnline Control) - http://online.jiangmin.com/KvDown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{571414CA-3290-47F6-8951-C686DC80DA22}: NameServer = 202.98.160.68 202.98.161.68
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: error monitor (EmonSrv) - Unknown owner - C:\WINDOWS\system32\lfrmewrk.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe



[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
1
查看完整版本: 【求助】
© 2000 - 2026 Rising Corp. Ltd.