Logfile of HijackThis v1.99.1
Scan saved at 20:27:55, on 2006-7-4
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
D:\Program Files\rising\Rav\CCenter.exe
C:\WINNT\system32\MSTask.exe
C:\WINDOWS\update\updmgr.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\SOUNDMAN.EXE
D:\Program Files\Rising\Rfw\rfwmain.exe
C:\WINNT\System32\winIogon.exe
D:\Program Files\rising\Rav\RavTask.exe
C:\WINNT\svchost.exe
C:\WINNT\System32\internat.exe
C:\Program Files\QQ2006\QQ.exe
C:\Program Files\QQ2006\TIMPlatform.exe
C:\WINNT\REGEDIT.exe
C:\Program Files\Tencent\TT\TTraveler.exe
D:\HijackThis.exe
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll (file missing)
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINNT\System32\wmpdrm.dll
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users.WINNT\Application Data\Microsoft\IEHelper\IEHelper_4628.dll
O2 - BHO: MusicSearch Class - {3D33EAE4-9EAA-4542-BCC8-9A9061392D56} - C:\WINNT\System32\MyIMLite\MuSearch.dll
O2 - BHO: estAliveObj Class - {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} - C:\WINNT\estAlive.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RfwMain] "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINNT\System32\winIogon.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager] C:\WINDOWS\update\updmgr.exe
O4 - HKLM\..\Run: [RavTask] "D:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [MyIMLite_UpDate] rundll32 C:\WINNT\System32\MyIMLite\Update.dll,UpdateFirst
O4 - HKLM\..\Run: [MyIMLite] C:\WINNT\System32\MyIMLite\MyIMLite.exe -h
O4 - HKLM\..\Run: [spoolsv] C:\WINNT\System32\spoolsv\spoolsv.exe -printer
O4 - HKLM\..\Run: [System Manager] C:\WINNT\svchost.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O9 - Extra button: MyIM音乐随心听 - {98C3FD76-B058-474F-BB61-70ED205F7A5C} - C:\WINNT\System32\MyIMLite\Music.dll
O9 - Extra 'Tools' menuitem: MyIM音乐随心听 - {98C3FD76-B058-474F-BB61-70ED205F7A5C} - C:\WINNT\System32\MyIMLite\Music.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{D732E5A7-4077-4D4F-AC36-574B2FEB8BAB}: NameServer = 202.103.44.150 202.103.0.68
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Program Files\rising\Rav\CCenter.exe
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe