秋天的波罗 - 2007-1-30 16:40:00
现象:打开IE,就是http://www.69262.com.这一网站,修改成空白页后,重新启动后又出现了。在IE的工具条上出现了百度、搜狗等插件,浏览网站的过程中,不时会出现阻断进程报告(c:\docume~1\lypost~1\locals~1\temp\win1c.exe,同时瑞星提示杀毒Trojan.PSW.LMir.lzb),整个系统运行速度明显慢。用卡卡和ROGUECLEANER扫描流氓软件,扫出了十来个流氓软件,清除后系统运行有所改善,可重新开机故障现象依旧。请专家帮忙看看出啥乱子了,谢谢!
Logfile of HijackThis v1.99.1
Scan saved at 16:28:48, on 2007-1-30
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\SYSTEM32\RUNDLL32.EXE
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Rising\AntiSpyware\runiep.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINNT\system32\internat.exe
C:\chenhu2\chenqxms.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\wuauclt.exe
D:\日志扫描\HijackThis.exe
R3 - Default URLSearchHook is missing
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\BaiduBar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\kakatool.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\BaiduBar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [iwfyih] C:\WINNT\system32\oaxxol.exe
O4 - HKLM\..\Run: [upxdn] C:\DOCUME~1\LYPOST~1\LOCALS~1\Temp\TIMPLATF0RM.exe
O4 - HKLM\..\Run: [mytsf] C:\DOCUME~1\LYPOST~1\LOCALS~1\Temp\csrss.exe
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [mppds] C:\WINNT\mppds.exe
O4 - HKLM\..\Run: [synn] C:\WINNT\synn.exe
O4 - HKLM\..\Run: [msccr] C:\WINNT\msccr.exe
O4 - HKLM\..\Run: [upsy] C:\DOCUME~1\LYPOST~1\LOCALS~1\Temp\TIMPLATF0RM.exe
O4 - HKLM\..\Run: [wsye] C:\WINNT\wsye.exe
O4 - HKLM\..\Run: [mscci] C:\WINNT\mscci.exe
O4 - HKLM\..\Run: [w3sttrs] C:\WINNT\w3sttrs.exe
O4 - HKLM\..\Run: [wstti] C:\WINNT\wstti.exe
O4 - HKLM\..\Run: [mppd] C:\WINNT\mppd.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINNT\cmdbcs.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [2qk69j7cs4] C:\WINNT\iexpl0re.exe
O4 - HKCU\..\Run: [ravshell] C:\WINNT\rund1132.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{91089284-D415-4014-BE40-54C2C32C35F7}: NameServer = 211.138.156.66
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
© 2000 - 2026 Rising Corp. Ltd.