Trojan.DL.ConHook.d 是个什么病毒
为什么总杀不掉
而且还会自动关闭瑞星防火墙和监控


HijackThis_815汉化版扫描日志 V1.99.1
保存于      21:25:10, 日期 2005-12-4
操作系统：  Windows XP SP1 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\explorer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Rising\Rav\RavMon.exe
E:\TT\TTraveler.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\新建文件夹\HijackThis1991zww.exe

R3 - URLSearchHook: (no name) - <default> - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 202.109.114.149 www.99bb.com
O1 - Hosts: 202.109.114.149 99bb.com
O1 - Hosts: 202.109.114.149 www.zdao.com
O1 - Hosts: 202.109.114.149 zdao.com
O1 - Hosts: 202.109.114.149 www.aisex.com
O1 - Hosts: 202.109.114.149 aisex.com
O1 - Hosts: 202.109.114.149 www.qq190.com
O1 - Hosts: 202.109.114.149 qq190.com
O1 - Hosts: 202.109.114.149 www.wanmm.com
O1 - Hosts: 202.109.114.149 wanmm.com
O1 - Hosts: 202.109.114.149 www.qq163.com
O1 - Hosts: 202.109.114.149 qq163.com
O1 - Hosts: 202.109.114.149 www.sex141.com
O1 - Hosts: 202.109.114.149 sex141.com
O1 - Hosts: 202.109.114.149 www.my990.com
O1 - Hosts: 202.109.114.149 my990.com
O1 - Hosts: 202.109.114.149 ad.my990.com
O1 - Hosts: 202.109.114.149 www.ttjj.com
O1 - Hosts: 202.109.114.149 ttjj.com
O1 - Hosts: 202.109.114.149 www.7t7t.com
O1 - Hosts: 202.109.114.149 7t7t.com
O1 - Hosts: 202.109.114.149 www.123987.com
O1 - Hosts: 202.109.114.149 www.123987.com/7sese/
O1 - Hosts: 202.109.114.149 www.oursm.com
O1 - Hosts: 202.109.114.149 oursm.com
O1 - Hosts: 202.109.114.149 www.palacemoon.com
O1 - Hosts: 202.109.114.149 palacemoon.com
O1 - Hosts: 202.109.114.149 18dy.com
O1 - Hosts: 202.109.114.149 www.18dy.com
O1 - Hosts: 202.109.114.149 49m.cn
O1 - Hosts: 202.109.114.149 www.49m.cn
O1 - Hosts: 202.109.114.149 123.xuanji8.com
O1 - Hosts: 202.109.114.149 ohkk.xuanji8.com
O1 - Hosts: 202.109.114.149 123.52lhc.com
O1 - Hosts: 202.109.114.149 7sese.com202.109.114.149 www.7sese.com
O1 - Hosts: 202.109.114.149 www.hao119.com
O1 - Hosts: 202.109.114.149 7sese.com
O1 - Hosts: 202.109.114.149 www.7sese.com
O1 - Hosts: 202.109.114.149 www.hao358.com
O1 - Hosts: 202.109.114.149 www.ee456.com
O1 - Hosts: 202.109.114.149 video.12san.com
O1 - Hosts: 202.109.114.149 www.eachz.com
O1 - Hosts: 202.109.114.149 www.avl.cn
O1 - Hosts: 202.109.114.149 avl.cn
O1 - Hosts: 202.109.114.149 www.98756.net
O1 - Hosts: 202.109.114.149 7sese.org
O1 - Hosts: 202.109.114.149 www.7sese.org
O1 - Hosts: 202.109.114.149 kanvcd.com
O1 - Hosts: 202.109.114.149 www.kanvcd.com
O1 - Hosts: 202.109.114.149 cn.movies.yahoo
O1 - Hosts: 202.109.114.149 www.zfvod.com
O1 - Hosts: 202.109.114.149 zfvod.com
O1 - Hosts: 202.109.114.149 media.netandtv.com
O1 - Hosts: 202.109.114.149 p2p.55660.com
O1 - Hosts: 202.109.114.149 media.netandtv.com
O1 - Hosts: 202.109.114.149 www.sol.sohu.com
O1 - Hosts: 202.109.114.149 www.sexhu.cn
O1 - Hosts: 202.109.114.149 sexhu.cn
O1 - Hosts: 202.109.114.149 www.blogchina.com
O1 - Hosts: 202.109.114.149 5blogchina.com
O1 - Hosts: 202.109.114.149 www.5806.net
O1 - Hosts: 202.109.114.149 zhao999.com
O1 - Hosts: 202.109.114.149 www.zhao999.com
O1 - Hosts: 202.109.114.149 movie.xmfdc.net
O1 - Hosts: 202.109.114.149 www.movie110.com
O1 - Hosts: 202.109.114.149 movie110.com
O1 - Hosts: 202.109.114.149 www.yesky.com
O1 - Hosts: 202.109.114.149 yesky.com
O1 - Hosts: 202.109.114.149 www.178ya.com
O1 - Hosts: 202.109.114.149 178ya.com
O1 - Hosts: 202.109.114.149 www.3668.cn
O1 - Hosts: 202.109.114.149 3668.cn
O1 - Hosts: 202.109.114.149 www.hao45.com
O1 - Hosts: 202.109.114.149 hao45.com
O1 - Hosts: 202.109.114.149 www.5sese.com
O1 - Hosts: 202.109.114.149 5sese.com
O1 - Hosts: 202.109.114.149 woyy.51.net
O1 - Hosts: 202.109.114.149 3668.cn
O1 - Hosts: 202.109.114.149 www.3668.cn
O1 - Hosts: 202.109.114.149 tu68.com
O1 - Hosts: 202.109.114.149 www.tu68.com
O1 - Hosts: 202.109.114.149 avxiu.com
O1 - Hosts: 202.109.114.149 www.avxiu.com
O1 - Hosts: 202.109.114.149 18dy.net
O1 - Hosts: 202.109.114.149 www.18dy.net
O1 - Hosts: 202.109.114.149 avxiu.com
O1 - Hosts: 202.109.114.149 www.avxiu.com
O1 - Hosts: 202.109.114.149 hk.18dy.com
O1 - Hosts: 202.109.114.149 dianying.gghggh.com
O1 - Hosts: 202.109.114.149 lady3.****net
O1 - Hosts: 202.109.114.149 kan56.zj.com
O1 - Hosts: 202.109.114.149 88848.net
O1 - Hosts: 202.109.114.149 www.88848.net
O1 - Hosts: 202.109.114.149 xonline.org
O1 - Hosts: 202.109.114.149 www.xonline.org
O1 - Hosts: 202.109.114.149 dy.nuoy.com
O1 - Hosts: 202.109.114.149 www.korea-av.com
O1 - Hosts: 202.109.114.149 korea-av.com
O1 - Hosts: 202.109.114.149 movie.bucuo.org
O1 - Hosts: 202.109.114.149 mv888.com
O1 - Hosts: 202.109.114.149 www.mv888.com
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v8.dll
O2 - BHO: (no name) - {0005A87D-D626-4B3A-84F9-1D9571695F55}? - (no file)
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\gebyy.dll (file missing)
O2 - BHO: CCIT Memory Manager - {2CE7166E-8BBA-4E76-BA7E-02AB3C573011} - C:\WINDOWS\DOWNLO~1\cytdcli.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162}? - (no file)
O2 - BHO: (no name) - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84}? - (no file)
O2 - BHO: (no name) - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838}? - (no file)
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932}? - (no file)
O2 - BHO: IEHlprObj Class - {C5E5DB7E-46B1-47E6-8447-2E517F269925} - f:\Program Files\Xplus\GETIE.dll (file missing)
O3 - IE工具栏增项: (no name) - {1D8E8710-88F8-4d6e-AD7C-1437937E82A9}? - (no file)
O3 - IE工具栏增项: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\KakaTool.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [internat.exe] internat.exe
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [Thunder] "E:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s
O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\RunServices: [Windows IP Security Service] ipsecs.exe
O4 - 启动项HKLM\\RunServices: [MicroedSoft Toolbar] Smoked.exe
O4 - 启动项HKLM\\RunServices: [ms ownage] winPE.exe
O4 - 启动项HKLM\\RunServices: [Windows ASN Services] wde.exe
O4 - 启动项HKLM\\RunServices: [Windows Automatical Updater] dcz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: iexplorer.exe
O4 - User Startup: iexplorer.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - e:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - e:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - E:\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - E:\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191}? - C:\WINDOWS\System32\shdocvw.dll
O9 - 浏览器额外的“工具”菜单项: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191}? - C:\WINDOWS\System32\shdocvw.dll
O9 - 浏览器额外的按钮: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - 浏览器额外的“工具”菜单项: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - “受信任的站点”中添加项: http://ny.contentmatch.net (HKLM)
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://movie.sun116.com/plugin/PowerPlr.ocx
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {F381FC65-D92D-4410-B865-E4E9713994E8} (Cytd Encipherment Memory) - http://61.55.138.4/sso/ccitpay.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{67FD08E8-C970-4365-AA47-A25D0857BEEE}: NameServer = 210.52.207.2,211.98.4.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1C619CD-62BB-4605-A230-876E5585ADB8}: NameServer = 202.96.69.38 202.96.64.68
O20 - Winlogon Notify: gebyy - gebyy.dll (file missing)
O23 - NT 服务: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: MasterBoot Switch Key (draeco.sytes.net) - Unknown owner - C:\WINDOWS\System32\popkill.exe" -netsvcs (file missing)
O23 - NT 服务: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe