瑞星卡卡安全论坛

HijackThis_815汉化版扫描日志 V1.99.1
保存于      12:59:38, 日期 2007-7-21
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Program Files\Rising\AntiSpyware\runiep.exe
C:\WINNT\syshost.exe
C:\WINNT\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\JJOL\IME\JJSvr.EXE
C:\WINNT\system32\wscntfy.exe
D:\Program Files\Rising\AntiSpyware\Ras.exe
F:\download\hijack\HijackThis1991汉化版\HijackThis1991zww.exe

O3 - IE工具栏增项: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3}? - (no file)
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [IMEKRMIG6.1] C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE
O4 - 启动项HKLM\\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - 启动项HKLM\\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - 启动项HKLM\\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - 启动项HKLM\\Run: [runeip] "d:\Program Files\Rising\AntiSpyware\runiep.exe" /startup
O4 - 启动项HKLM\\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - 启动项HKLM\\Run: [syshost] C:\WINNT\syshost.exe
O4 - 启动项HKLM\\RunOnce: [KASTask] F:\Program Files\Kingsoft Antispy\KASTask.EXE
O4 - 启动项HKLM\\RunOnce: [KKDelay] d:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - e:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - e:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CS1\Services\Tcpip\..\{275A999F-3BE9-41EF-B13E-EB7626956CA7}: NameServer = 10.64.1.1,218.56.57.58
O20 - AppInit_DLLs: WMIApiSrv2.dll
O20 - Winlogon Notify: klogon - C:\WINNT\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - NT 服务: 卡巴斯基反病毒6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

C:\WINNT\syshost.exe
应该是个病毒吧
怎么才能彻底清楚呢？谢谢

安全模式 下找到直接删除

哦　谢谢　我试下

syshost.exe删除了　谢谢　但是xp防火墙还是不能打开怎么回事？

syshost.exe删除后日志


HijackThis_815汉化版扫描日志 V1.99.1
保存于      13:35:20, 日期 2007-7-21
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Program Files\Rising\AntiSpyware\runiep.exe
C:\WINNT\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
F:\download\hijack\HijackThis1991汉化版\HijackThis1991zww.exe

O3 - IE工具栏增项: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3}? - (no file)
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [IMEKRMIG6.1] C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE
O4 - 启动项HKLM\\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - 启动项HKLM\\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - 启动项HKLM\\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - 启动项HKLM\\Run: [runeip] "d:\Program Files\Rising\AntiSpyware\runiep.exe" /startup
O4 - 启动项HKLM\\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - e:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - e:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CS1\Services\Tcpip\..\{275A999F-3BE9-41EF-B13E-EB7626956CA7}: NameServer = 10.64.1.1,218.56.57.58
O20 - AppInit_DLLs: WMIApiSrv2.dll
O20 - Winlogon Notify: klogon - C:\WINNT\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - NT 服务: 卡巴斯基反病毒6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

修复
O20 - AppInit_DLLs: WMIApiSrv2.dll

重启删除
WMIApiSrv2.dll（搜索下）

无法删除的文件可以尝试用XDelBox1.3删除(enao.ys168.com 下载)

开始-运行,输入services.msc打开服务,看看Windows Firewall/Internet Connection Sharing (ICS)服务有无开启.

【回复“scriptman”的帖子】
已查开启的　谢谢

引用:

【Enao2005的贴子】修复 O20 - AppInit_DLLs: WMIApiSrv2.dll 重启删除 WMIApiSrv2.dll（搜索下） 无法删除的文件可以尝试用XDelBox1.3删除(enao.ys168.com 下载) ………………

经过你的方法我的防火墙终于好用了　谢谢

发下修复过的谁能帮忙再看看　谢谢！


HijackThis_815汉化版扫描日志 V1.99.1
保存于      18:41:25, 日期 2007-7-21
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Program Files\Rising\AntiSpyware\runiep.exe
C:\WINNT\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\JJOL\IME\JJSvr.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
F:\download\hijack\HijackThis1991汉化版\HijackThis1991zww.exe

O3 - IE工具栏增项: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3}? - (no file)
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [IMEKRMIG6.1] C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE
O4 - 启动项HKLM\\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - 启动项HKLM\\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - 启动项HKLM\\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - 启动项HKLM\\Run: [runeip] "d:\Program Files\Rising\AntiSpyware\runiep.exe" /startup
O4 - 启动项HKLM\\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - e:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - e:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - F:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - F:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - F:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - F:\Program Files\Tencent\QQ\SendMMS.htm
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CS1\Services\Tcpip\..\{275A999F-3BE9-41EF-B13E-EB7626956CA7}: NameServer = 10.64.1.1,218.56.57.58
O20 - Winlogon Notify: klogon - C:\WINNT\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - NT 服务: 卡巴斯基反病毒6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

修复
O3 - IE工具栏增项: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3}? - (no file)

日志没问题。

好了　谢谢大家，
祝大家好运