求助：我的电脑是不是出现了问题？（急切；线上等） bbs.ikaka.com

忽略存在 - 2005-7-15 23:23:00

刚刚看到这里大虾介绍hijackthis软件，试验了一下，看不懂，能否告诉我，我的机器是否有问题了？该如何操作，我会一直等下去，谢谢

启动项报告： 2005-7-15, 23:00:28
启动项扫描器版本： 1.52.2
开始于： E:\HIJACKTHIS\HIJACKTHIS1991汉化版\HIJACKTHIS1991ZWW.EXE
系统检测： Windows ME (Win9x 4.90.3000)
系统检测： Internet Explorer v6.00 SP1 (6.00.2800.1106)
* 使用默认选项
* 选择“列出主要的部分(标准)”方式
==================================================

当前运行的进程：

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\KAV2005\KAVSTART.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\KAV2005\KAVPFW.EXE
E:\PROGRAM FILES\MYIE2\MAXTHON\MAXTHON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
E:\PROGRAM FILES\SANDAI TECHNOLOGIES INC\THUNDER\THUNDER.EXE
E:\PROGRAM FILES\SANDAI TECHNOLOGIES INC\THUNDER\MEDIAISSUE\ISSUE.EXE
G:\DOWNLOAD\HIJACKTHISV1.99.1.EXE
E:\HIJACKTHIS\HIJACKTHIS1991汉化版\HIJACKTHIS1991ZWW.EXE

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
MSConfigReminder = C:\WINDOWS\SYSTEM\msconfig.exe /reminder
iDuba Personal FireWall =
KavStart = "C:\KAV2005\KAVStart.exe" -startup
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
CdnCtr = C:\Program Files\CNNIC\Cdn\cdnup.exe
BCUpdate = C:\WINDOWS\SYSTEM\BCUP.exe

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

KB891711 = C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

--------------------------------------------------

注册表中的启动项:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

iDuba Personal FireWall =

--------------------------------------------------

文件打开方式关联 for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(黙认) = NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[PerUser_LinkBar_URLs] *
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\SYSTEM\ie4uinit.exe

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

--------------------------------------------------

外壳扩展和屏幕保护程序的键值从 C:\WINDOWS\SYSTEM.INI:

Shell=explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 14/7/2005, 0:25:4)

[Rename]
NUL=C:\WINDOWS\SYSTEM\BROWSEUI.DLL
C:\WINDOWS\SYSTEM\BROWSEUI.DLL=C:\WINDOWS\SYSTEM\SET4234.TMP
NUL=C:\WINDOWS\SYSTEM\IEPEERS.DLL
C:\WINDOWS\SYSTEM\IEPEERS.DLL=C:\WINDOWS\SYSTEM\SET4272.TMP
NUL=C:\WINDOWS\SYSTEM\MSHTML.DLL
C:\WINDOWS\SYSTEM\MSHTML.DLL=C:\WINDOWS\SYSTEM\SET42E0.TMP
NUL=C:\WINDOWS\SYSTEM\SHDOCVW.DLL
C:\WINDOWS\SYSTEM\SHDOCVW.DLL=C:\WINDOWS\SYSTEM\SET4360.TMP
NUL=C:\WINDOWS\SYSTEM\SHLWAPI.DLL
C:\WINDOWS\SYSTEM\SHLWAPI.DLL=C:\WINDOWS\SYSTEM\SET43B1.TMP
NUL=C:\WINDOWS\SYSTEM\URLMON.DLL
C:\WINDOWS\SYSTEM\URLMON.DLL=C:\WINDOWS\SYSTEM\SET5012.TMP
NUL=C:\WINDOWS\SYSTEM\WININET.DLL
C:\WINDOWS\SYSTEM\WININET.DLL=C:\WINDOWS\SYSTEM\SET5031.TMP
NUL=C:\WINDOWS\TEMP\OLD51A2.TMP
NUL=C:\WINDOWS\TEMP\OLD5183.TMP
NUL=C:\WINDOWS\SYSTEM\WMP.DLL
C:\WINDOWS\SYSTEM\WMP.DLL=C:\WINDOWS\SYSTEM\SET60D3.TMP
C:\WINDOWS\SYSTEM\jscript.dll=C:\WINDOWS\SYSTEM\jscript.001
C:\WINDOWS\SYSTEM\crypt32.dll=C:\WINDOWS\SYSTEM\crypt32.001

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$g
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

列举IE浏览器辅助对象(BHO模块):

(no name) - (no file) - {A5366673-E8CA-11D3-9CD9-0090271D075B}
(no name) - C:\WINDOWS\SYSTEM\THUNDERBHO.DLL - {0005A87D-D626-4B3A-84F9-1D9571695F57}
(no name) - (no file) - {B72F75B8-93F3-429D-B13E-660B206D897A}
(no name) - C:\WINDOWS\SYSTEM\XUNLEIBHO_V4.DLL - {0005A87D-D626-4B3A-84F9-1D9571695F55}
(no name) - C:\PROGRA~1\CNNIC\CDN\CDNIEHLP.DLL - {35980F6E-A137-4E50-953D-813BB8556899}

--------------------------------------------------

列举“计划任务”服务:

启用 Application Start.job
用于收集数据的 PCHealth 计划程序.job

--------------------------------------------------

列举下载的程序文件：

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38338.9203819444

[DIYBAR]
InProcServer32 = C:\WINDOWS\SYSTEM\51.NET\DIYBAR\DIYBAR.DLL
CODEBASE = http://diy.51.net/download/diybar.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNMESSENGERSETUPDOWNLOADER.OCX
CODEBASE = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

[WebActivater Control]
InProcServer32 = C:\WINDOWS\SYSTEM\WEBACT~1.OCX
CODEBASE = http://game.qq.com/QQGame2.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\SYSTEM\LEGITCHECKCONTROL.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\OPUC.DLL
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc2.cab

--------------------------------------------------

列举 Winsock LSP 文件：

NameSpace #2: C:\WINDOWS\SYSTEM\cdnns.dll

--------------------------------------------------

列举 ShellServiceObjectDelayLoad 项目：

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

INET = C:\WINDOWS\SYSTEM\INETSRV\inetsync.exe

--------------------------------------------------

报告完毕，共 8,736 字节
报告生成用时：0.791秒

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

瑞星卡卡安全论坛