www.cnpt.com        www.66169.com          www.channel.e78.com            www.m.yeeyoo.com        www.u.5ku.com          www.yeeyoo.com          还有我扫描的日志：HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 17:03:58, on 2006-4-25
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
C:\Program Files\白猫清理工\MsWinb.exe
D:\KAV6\KWatchUI.EXE
C:\kav6\kavpfw.exe
C:\Program Files\白猫清理工\MsWinb.exe
D:\KAV6\MailMon.EXE
D:\PROGRA~1\EFFICI~1\ENTERN~1.5\app\pppoeservice.exe
D:\WINDOWS\System32\rundll32.exe
D:\KAV6\KAVPlus.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\YUEGAN~1\LOCALS~1\Temp\Rar$EX00.072\HijackThis.exe

R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
O2 - BHO: (no name) - Script - (no file)
O2 - BHO: IEHttpCOM Utility - {1C1105D5-AEC0-4255-AF0C-1DA95EEAF8BD} - D:\WINDOWS\System32\HttpCOM\HUDC1016.dll
O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\PROGRA~1\
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - D:\WINDOWS\SYSTEM32\stdup.dll
O2 - BHO: (no name) - {77962960-536E-47EC-9DDB-52651519705F} - D:\WINDOWS\System32\cpap.dll
O2 - BHO: (no name) - {A297EEAE-A541-496B-B2AE-554AD0153B72} - D:\WINDOWS\System32\win32help01.dll (file missing)
O2 - BHO: (no name) - {A3803141-3CF5-4D66-B7EA-8D2674FE152C} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: ????? - {A9BE2902-C447-420A-BB7F-A5DE921E6138} - D:\KAV6\KAIEPlus.DLL
O4 - HKLM\..\Run: [PHIME2002ASync] rem D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] rem D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MsWinb] C:\Program Files\
O4 - HKLM\..\Run: [Kulansyn] D:\KAV6\Kulansyn.EXE
O4 - HKLM\..\Run: [KAVRun] D:\KAV6\KAVRun.EXE
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [iDuba Personal FireWall] C:\kav6\kavpfw.exe
O4 - HKCU\..\Run: [MsWinb] C:\Program Files\
O4 - HKCU\..\Run: [iDuba Personal FireWall] C:\kav6\kavpfw.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: debug.txt
O4 - Startup: Antitroj.ini
O4 - Startup: vl.dat
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: QQ (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {52DF16E3-6C4F-4B22-8BAF-09263E463B48} - http://zs.kingsoft.com/KOSInit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{850C78B7-3588-426E-BE17-B63162C54CA0}: NameServer = 221.12.1.228 221.12.33.228

请高手帮忙看看！

又跳出来一个：www.test.baihe.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{850C78B7-3588-426E-BE17-B63162C54CA0}: NameServer = 221.12.1.228 221.12.33.228
它是不是被劫持的？

又又跳出来一个:www.991860.com