发表于: 2006-09-20 20:25 | 只看楼主 短消息 资料
字号: 1楼

【求助】帮忙看一下日志,谢谢!

Logfile of HijackThis v1.99.1
Scan saved at 20:15:15, on 2006-9-20
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\resetservice.exe
C:\WINDOWS\SoftUpdate.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\5Sy.exe
C:\WINDOWS\WINLOGON.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Logo1_.exe
C:\Documents and Settings\degal\桌面\新建文件夹\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe 1
F3 - REG:win.ini: load=C:\WINDOWS\rundl132.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5001.dll (file missing)
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - D:\杀毒软件\MagicSet\haokanbar.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\cnshook.dll
O3 - Toolbar: 宏网超级搜霸 - {2E7D3330-EB94-4518-B0FE-E05379A5C1DA} - C:\PROGRA~1\234567\ZGHWBAR.dll
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - D:\杀毒软件\MagicSet\haokanbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [ccenter] C:\Program Files\rising\Rav\CCenter.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SKYNET Personal FireWall] D:\PROGRA~1\SKYNET\FIREWALL\pfw.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [intranet] C:\WINDOWS\System32\intranet.exe
O4 - HKLM\..\Run: [Realplayer.exe] C:\WINDOWS\System32\Realplayer.exe
O4 - HKLM\..\Run: [Hupoo] "C:\WINDOWS\System32\Hupoo.exe "
O4 - HKLM\..\Run: [zt] C:\WINDOWS\Intel\rundll32.exe
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "D:\杀毒软件\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [Tray] C:\WINDOWS\command\rundll32.exe
O4 - HKLM\..\Run: [fzg] C:\WINDOWS\Config\svhost32.exe
O4 - HKLM\..\Run: [ryy] C:\WINDOWS\rundl132.exe
O4 - HKLM\..\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - HKLM\..\RunServices: [ccenter] C:\Program Files\rising\Rav\CCenter.exe
O4 - HKLM\..\RunServices: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Realplayer.exe] C:\WINDOWS\System32\Realplayer.exe
O4 - HKCU\..\Run: [update82] C:\Program Files\Common Files\update\update.exe
O4 - HKCU\..\Run: [RealUpdate] C:\Program Files\Common Files\update\update.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] D:\杀毒软件\MagicSet\SRIECLI.EXE /LOAD
O4 - Startup: adidas widget.lnk = ?
O4 - Global Startup: IE-Bar.lnk = C:\Program Files\Common Files\IE-Bar\iebar.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: mscore.lnk = C:\WINDOWS\system32\rundll32.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 名品折扣 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: 雅虎WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\srvdll.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\srvdll.dll
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75E483AE-6A77-44E9-8D41-6E66C1946F24}: NameServer = 218.85.157.99 202.101.107.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA3B2E71-BE4A-4EAD-B19E-67DEDB962627}: NameServer = 202.101.107.55
O20 - Winlogon Notify: MicroQC - C:\WINDOWS\SYSTEM32\jsdll.dll
O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\WINDOWS\webwork\webwork.dll (file missing)
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\e44d8a10.dll
O23 - Service: Windows DDOSServer (DDOSServer) - Unknown owner - C:\WINDOWS\System32\systemm.exe (file missing)
O23 - Service: Remote Computer View - Unknown owner - C:\WINDOWS\Lsass.exe
O23 - Service: Reset 5 - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Unknown owner - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\杀毒软件\Rising\Rav\CCenter.exe
O23 - Service: Smarytcer RSVPE (RSVPE) - Unknown owner - C:\Program Files\smartycer.exe
O23 - Service: Update Service For Windows (SoftUpdate) - Unknown owner - C:\WINDOWS\SoftUpdate.exe

最后编辑2006-09-20 20:25:54.357000000