发表于: 2006-03-02 14:46 | 短消息 资料
字号: 11楼


版主帮我看一HijackThis@Qoo的扫描日志 V1.97.7
Scan saved at 14:18:18, on 2006-3-2
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
F:\Program Files\Rising\Rav\CCenter.exe
F:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\SYSTEM32\RUNDLL32.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\COMM\Network.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
F:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\Rundll32.exe
C:\WINNT\System32\internat.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\WINNT\system32\rundll32.exe
F:\Program Files\Rising\Rav\RavTask.exe
F:\Program Files\Rising\Rav\Ravmon.exe
C:\WINNT\System32\conime.exe
C:\Program Files\Tencent\QQ\TMDlls\TM.exe
C:\quarantine\TIMPlatform.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\chen\LOCALS~1\Temp\Rar$EX00.878\HijackThis.exe

R3 - URLSearchHook:
R3 - URLSearchHook: (no name) - <default> - (no file)
O1 - Hosts: 218.85.133.223 www.hkyzx.com
O1 - Hosts: 218.85.133.223 hkyzx.com
O1 - Hosts: 218.85.133.223 www.ty22.com
O1 - Hosts: 218.85.133.223 ty22.com
O1 - Hosts: 218.85.133.223 www.tu333.com
O1 - Hosts: 218.85.133.223 tu333.com
O1 - Hosts: 218.85.133.223 tk.83263.com
O1 - Hosts: 218.85.133.223 tu.hk9588.com
O1 - Hosts: 218.85.133.223 www.558tk.com
O1 - Hosts: 218.85.133.223 558tk.com
O1 - Hosts: 218.85.133.223 jpg.55tk.com
O1 - Hosts: 218.85.133.223 www.fc669.com
O1 - Hosts: 218.85.133.223 fc669.com
O1 - Hosts: 218.85.133.223 www.tk339.net
O1 - Hosts: 218.85.133.223 tk339.net
O1 - Hosts: 218.85.133.223 tk.5868.cn
O1 - Hosts: 218.85.133.223 www.2399.cn
O1 - Hosts: 218.85.133.223 2399.cn
O1 - Hosts: 218.85.133.223 www.2388.cn
O1 - Hosts: 218.85.133.223 2388.cn
O1 - Hosts: 218.85.133.223 www.bb520.com
O1 - Hosts: 218.85.133.223 bb520.com
O1 - Hosts: 218.85.133.223 wwww.cctv100.com
O1 - Hosts: 218.85.133.223 .cctv100.com
O1 - Hosts: 218.85.133.223 tk.tttuuu.net
O1 - Hosts: 218.85.133.223 tk.tttuuu.com
O1 - Hosts: 218.85.133.223 cd.vkv.cn
O1 - Hosts: 218.85.133.223 www.tvs66.net
O1 - Hosts: 218.85.133.223 tvs66.net
O1 - Hosts: 218.85.133.223 www.tvs66.com
O1 - Hosts: 218.85.133.223 tvs66.com
O1 - Hosts: 218.85.133.223 www.3d080.com
O1 - Hosts: 218.85.133.223 3d080.com
O1 - Hosts: 218.85.133.223 www.okok66.com
O1 - Hosts: 218.85.133.223 okok66.com
O1 - Hosts: 218.85.133.223 www.hj200.com
O1 - Hosts: 218.85.133.223 hj200.com
O1 - Hosts: 218.85.133.223 www.hj200.net
O1 - Hosts: 218.85.133.223 hj200.net
O1 - Hosts: 218.85.133.223 tk.4523.com
O1 - Hosts: 218.85.133.223 www.tk098.net
O1 - Hosts: 218.85.133.223 tk098.net
O1 - Hosts: 218.85.133.223 www.711722.com
O1 - Hosts: 218.85.133.223 711722.com
O1 - Hosts: 218.85.133.223 www.12142.com
O1 - Hosts: 218.85.133.223 12142.com
O1 - Hosts: 218.85.133.223 www.77tk.net
O1 - Hosts: 218.85.133.223 77tk.net
O1 - Hosts: 218.85.133.223 www.77tk.com
O1 - Hosts: 218.85.133.223 77tk.com
O1 - Hosts: 218.85.133.223 www.345tk.net
O1 - Hosts: 218.85.133.223 345tk.net
O1 - Hosts: 218.85.133.223 www.35777.net
O1 - Hosts: 218.85.133.223 35777.net
O1 - Hosts: 218.85.133.223 www.a9tk.com
O1 - Hosts: 218.85.133.223 a9tk.com
O1 - Hosts: 218.85.133.223 wwww.a9tk.com
O1 - Hosts: 218.85.133.223 .a9tk.com
O1 - Hosts: 218.85.133.223 www.m88888.com
O1 - Hosts: 218.85.133.223 m88888.com
O1 - Hosts: 218.85.133.223 www.86886.net
O1 - Hosts: 218.85.133.223 86886.net
O1 - Hosts: 218.85.133.223 lh.6288.net
O1 - Hosts: 218.85.133.223 wwww.6288.net
O1 - Hosts: 218.85.133.223 .6288.net
O1 - Hosts: 218.85.133.223 www.6533.net
O1 - Hosts: 218.85.133.223 6533.net
O1 - Hosts: 218.85.133.223 www.42789.com
O1 - Hosts: 218.85.133.223 42789.com
O1 - Hosts: 218.85.133.223 www.tu18.com
O1 - Hosts: 218.85.133.223 tu18.com
O1 - Hosts: 218.85.133.223 www.tk46.com
O1 - Hosts: 218.85.133.223 tk46.com
O1 - Hosts: 218.85.133.223 www.tk02.net
O1 - Hosts: 218.85.133.223 tk02.net
O1 - Hosts: 218.85.133.223 www.tk02.com
O1 - Hosts: 218.85.133.223 tk02.com
O1 - Hosts: 218.85.133.223 wwww.fc236.com
O1 - Hosts: 218.85.133.223 .fc236.com
O1 - Hosts: 218.85.133.223 www.fc339.com
O1 - Hosts: 218.85.133.223 fc339.com
O1 - Hosts: 218.85.133.223 cai.tk123.com
O1 - Hosts: 218.85.133.223 www.tm1997.com
O1 - Hosts: 218.85.133.223 tm1997.com
O1 - Hosts: 218.85.133.223 www.lhcty.com
O1 - Hosts: 218.85.133.223 lhcty.com
O1 - Hosts: 218.85.133.223 ww.128t.com
O1 - Hosts: 218.85.133.223 wwww.a8tk.com
O1 - Hosts: 218.85.133.223 .a8tk.com
O1 - Hosts: 218.85.133.223 www.a8tk.com
O1 - Hosts: 218.85.133.223 a8tk.com
O1 - Hosts: 218.85.133.223 www.a8tk.net
O1 - Hosts: 218.85.133.223 a8tk.net
O1 - Hosts: 218.85.133.223 WWW.FC236.COM
O1 - Hosts: 218.85.133.223 wwww.shc88.com
O1 - Hosts: 218.85.133.223 .shc88.com
O1 - Hosts: 218.85.133.223 www.tu688.net
O1 - Hosts: 218.85.133.223 tu688.net
O1 - Hosts: 218.85.133.223 www.tu688.com
O1 - Hosts: 218.85.133.223 tu688.com
O1 - Hosts: 218.85.133.223 www.tk688.net
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll (file missing)
O2 - BHO: (no name) - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} - C:\Program Files\CoolWebsite\QuickLink.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: (no name) - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll
O2 - BHO:
O2 - BHO: (no name) - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\quarantine\QQIEHelper.dll
O2 - BHO: (no name) - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\downlo~1\CnsHook.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [helper.dll] C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [zcom] \zPlatform.exe MIN
O4 - HKLM\..\Run: [RavTask] "F:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\sp4custom.dll
O4 - HKLM\..\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat
O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\sp4custom.dll
O4 - Startup: cnmss3y.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Global Startup: ntuser.pol
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\quarantine\AddToNetDisk.htm
O8 - Extra context menu item: 收藏此页到新浪ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 新浪搜索 - http://cha.sina.com.cn/ddt.html
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\quarantine\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\quarantine\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\quarantine\SendMMS.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: QQ (HKLM)
O11 - Options group: [!CNS]
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1F831FA1-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://D:\AutoCAD 2002\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday
O16 - DPF: {AE563722-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://D:\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview