发表于: 2006-08-21 13:30 | 只看楼主 短消息 资料
字号: 1楼

瑞星不能运行,反复弹出网页

HijackThis@Qoo的扫描日志 V1.97.7
Scan saved at 18:54:56, on 2006-8-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\Rtvcan.exe
C:\WINDOWS\system\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Kuree\kpupdate.exe
C:\Program Files\Kuree\mpkres.dll
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\SVOHOST.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\bie\LOCALS~1\Temp\Rar$EX00.937\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02C9B9AB-6372-46C5-B356-773FAF3B6B1E} - C:\WINDOWS\fonts\msshapi.dll (file missing)
O2 - BHO: (no name) - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
O2 - BHO: CAISHOW TOOLBAR - {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} - C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll
O2 - BHO:
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll
O2 - BHO: (no name) - {77962960-536E-47EC-9DDB-52651519705F} - C:\WINDOWS\system32\Rundll32.dll
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\WinSC64.dll
O2 - BHO: (no name) - {9C363D55-07D7-433d-A13E-D9C105202F6F} - C:\WINDOWS\system32\drivers\spoolsv.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {AF098F95-7CEA-407A-8552-3846737CC4B2} - C:\WINDOWS\system32\contwin.dll
O2 - BHO: (no name) - {BDBFE1F2-14C7-42D3-ACC7-4C2757F27F55} - C:\WINDOWS\system32\RMOC3360.DLL
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O2 - BHO: (no name) - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\e84oa9b0.dll
O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: ????? - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Rtvcan] C:\WINDOWS\system32\Rtvcan.exe
O4 - HKLM\..\Run: [MSService_v1.0] C:\WINDOWS\system\realsched.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [bgoomain.exe] C:\PROGRA~1\baigoo\bgoomain.exe
O4 - HKLM\..\Run: [svc] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [Desktop] C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
O4 - HKLM\..\Run: [SoundMam] C:\WINDOWS\system32\SVOHOST.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [svc] C:\WINDOWS\svchost.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: tool.exe
O4 - Startup: setup.exe
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\tencent\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\tencent\AddEmotion.htm
O8 - Extra context menu item: 添加到雅虎收藏+ - http://myweb.cn.yahoo.com/post.html?F=D2_A
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\tencent\SendMMS.htm
O8 - Extra context menu item: 用炫彩图铃发送该图片 - C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm
O8 - Extra context menu item: 解霸实时播放 - C:\Program Files\HEROSOFT\Hero3000\MPURLGET.HTM
O8 - Extra context menu item: 雅虎搜索 - res://C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll/203
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll
O11 - Options group: [!CNS]
O17 - HKLM\System\CCS\Services\Tcpip\..\{655416DE-6E6D-41C9-9251-25FDFD541050}: NameServer = 202.102.154.3 202.102.152.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{655416DE-6E6D-41C9-9251-25FDFD541050}: NameServer = 202.102.154.3 202.102.152.3
最后编辑2006-08-21 13:30:55.500000000