看下日掷  好奇怪东西    023最后一个  hacker.exe (好像被黑了_)
还有  Hosts  很奇怪啊    不过进程内没报毒
  现在我没修复  = 你们的回复
Logfile of HijackThis v1.99.1
Scan saved at 10:37:10, on 2007-2-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\WINDOWS\system32\conime.exe
D:\装机人员工具\扫描专杀软件\ha_hijackthis_1991\HijackThis.exe
F:\安全\木马杀客\mmsk.exe

O1 - Hosts: 125.91.97.132 www.waigua8.com
O1 - Hosts: 125.91.97.132 www.6657.com
O1 - Hosts: 125.91.97.132 www.game172.com
O1 - Hosts: 125.91.97.132 waigua8.com
O1 - Hosts: 125.91.97.132 6657.com
O1 - Hosts: 125.91.97.132 game172.com
O1 - Hosts: 125.91.97.132 dx6.waigua8.com
O1 - Hosts: 125.91.97.132 dx5.waigua8.com
O1 - Hosts: 125.91.97.132 dx4.waigua8.com
O1 - Hosts: 125.91.97.132 dx3.waigua8.com
O1 - Hosts: 125.91.97.132 dx2.waigua8.com
O1 - Hosts: 125.91.97.132 dx1.waigua8.com
O2 - BHO: QQCycloneHelper - {00000000-12C9-4305-82F9-43058F20E8D2} - C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301+
O4 - HKLM\..\Run: [kav] "F:\安全\kav6.0_Chs\avp.exe"
O4 - HKLM\..\Run: [GlassRun] C:\WINDOWS\Vista\startmenu\glassrun.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\Vista\vip\VistaDrv\vsdrv.exe
O4 - HKLM\..\Run: [77439B6E8B9E768128226F7D85E5B686] E:\我的文件\soft\挂QQ\TenyQQ.exe
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\KakaToolBar\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用超级旋风下载 - C:\Program Files\Tencent\QQDownload\geturl.htm
O8 - Extra context menu item: &使用迅雷下载 - E:\我的文件\soft\下载工具\Thunder\Program\geturl.htm
O9 - Extra button: Web反病毒保护 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\安全\kav6.0_Chs\scieplugin.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170767421312
O16 - DPF: {74447F9C-5691-4A9A-8BE4-564092E40B03} (VnetAnprIns Class) - http://plugin.vnet.cn/VnetPluginIns.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B24BF55-436B-440A-B8B3-84AE8F35B82D}: NameServer = 60.191.134.204 60.191.134.197
O17 - HKLM\System\CS2\Services\Tcpip\..\{5B24BF55-436B-440A-B8B3-84AE8F35B82D}: NameServer = 60.191.134.204 60.191.134.197
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - F:\音乐方面\KuGoo3\InExtend\KuGoo3DownXControl.ocx
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O23 - Service: 卡巴斯基反病毒软件6.0 (AVP) - Kaspersky Lab - F:\安全\kav6.0_Chs\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: PeanuthullCore - 广东网域 - C:\Program Files\PeanutHull3\PhCore.exe
O23 - Service: PeanuthullCore - hacker- C:\windows\hacker.exe
[N/A]

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <DWQueuedReporting><"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE USB PC Camera 301+>  [N/A]
    <kav><"F:\安全\kav6.0_Chs\avp.exe">  [Kaspersky Lab]
    <GlassRun><C:\WINDOWS\Vista\startmenu\glassrun.exe>  [N/A]
    <Vistadrv><C:\WINDOWS\Vista\vip\VistaDrv\vsdrv.exe>  [N/A]
    <77439B6E8B9E768128226F7D85E5B686><E:\我的文件\soft\挂QQ\TenyQQ.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\KakaToolBar\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[卡巴斯基反病毒软件6.0 / AVP]
  <F:\安全\kav6.0_Chs\avp.exe -r><Kaspersky Lab>
[B302EC43 / B302EC43]
  <C:\WINDOWS\system32\B302EC43.EXE -service><N/A>
[FLEXnet Licensing Service / FLEXnet Licensing Service]
  <"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Windows Installer / MSIServer]
  <C:\WINDOWS\system32\msiexec.exe /V><Microsoft Corporation>
[Microsoft Office Diagnostics Service / odserv]
  <"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"><N/A>
[Office Source Engine / ose]
  <"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"><N/A>
[PeanuthullCore / PeanuthullCore]
  <C:\Program Files\PeanutHull3\PhCore.exe -service><广东网域>
[WINS / WINS]
  <C:\WINDOWS\Hacker.exe><N/A>

==================================
驱动程序
[EagleNT / EagleNT]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[usb Card Device / ft2kEnum]
  <system32\DRIVERS\ic2kenum.sys><OEM Corporation>
[USB Chip Holder Service / GDBaseSmc]
  <system32\DRIVERS\Chip_smc.sys><OEM>
[GOOD05 / GOOD05]
  <\??\C:\WINDOWS\system32\jsq1gnw.sys><N/A>
[HP CD Writer Plus Controller Driver / HPUATA]
  <system32\DRIVERS\HPUATA.sys><SCM Microsystems Inc.>
[kl1 / kl1]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[npkcrypt / npkcrypt]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[oreans32 / oreans32]
  <\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>
[PortTalk / PortTalk]
  <System32\Drivers\getsd.sys><Beyond Logic http://www.beyondlogic.org>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SmartCard Reader Device  / Reader_Device]
  <system32\DRIVERS\usbic2k.sys><OEM>
[RsAntiSpyware / RsAntiSpyware]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[SkyProcs / SkyProcs]
  <\??\F:\安全\FireWall\SkyProcs.sys><N/A>
[SVKP / SVKP]
  <\??\C:\WINDOWS\system32\SVKP.sys><N/A>
[TCP/IP Protocol Driver / Tcpip]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>

==================================
正在运行的进程
[PID: 404][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 472][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 496][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 540][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 552][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 764][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 828][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 928][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1028][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 1264][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ltnwardl.dll]  [N/A, 1, 0, 0, 2]
    [C:\WINDOWS\Vista\Rtback\ContextBG.dll]  [Grigri, 1, 0, 0, 1]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\qdshm.dll]  [, 1, 0, 101, 20]
    [F:\安全\kav6.0_Chs\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 1376][C:\WINDOWS\VM_STI.EXE]  [VM., 4.2.610.4]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\VM31bPrp.Ax]  [VM, 4.2.815.31]
[PID: 1432][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1640][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[PID: 2008][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3608][C:\Program Files\Tencent\QQ\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [C:\Program Files\Tencent\QQ\CoralAssist.DLL]  [Coral Team, 5.0.0 build 20060829]
    [C:\Program Files\Tencent\QQ\CoralQQ.DLL]  [Coral Team, 5.0 Build 20070111]
    [C:\Program Files\Tencent\QQ\kql.dll]  [Coral Team, 5.0.0 build 20070111]
    [C:\Program Files\Tencent\QQ\ipsearcher.dll]  [N/A, 1.0.0.4]
    [C:\Program Files\Tencent\QQ\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\BasicCtrlDll.dll]  [Tencent, 6, 0, 200, 320]
    [C:\Program Files\Tencent\QQ\NoDisturbFilter.cqx]  [Coral Team, 1.0]
    [C:\Program Files\Tencent\QQ\ConfigHotkey.cqx]  [Coral Team, 1.0]
    [C:\Program Files\Tencent\QQ\QQAPI.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [C:\Program Files\Tencent\QQ\AutoReconnect.cqx]  [Coral Team, 1.0.0]
    [C:\Program Files\Tencent\QQ\LoginCtrl.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [C:\Program Files\Tencent\QQ\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [C:\Program Files\Tencent\QQ\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQMainFrame.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\CQQApplication.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\NewSkin.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\HostingMgr.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\CameraDll.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\MailSummary.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\CoralHotkey.cqx]  [Coral Team, 1.0]
    [C:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQAllInOne.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\GroupLive.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQSpace.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [C:\Program Files\Tencent\QQ\QQAvatar.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\QRingMng.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\QQSettingCtrl.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQSysMsgMng.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQPlugin.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [C:\Program Files\Tencent\QQ\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQCustomFace.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\QQPet.dll]  [, 1, 0, 0, 1]
    [F:\安全\kav6.0_Chs\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [F:\安全\kav6.0_Chs\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [F:\安全\kav6.0_Chs\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [F:\安全\kav6.0_Chs\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [F:\安全\kav6.0_Chs\prkernel.ppl]  [Kaspersky Lab, 6.0.0.299]
    [f:\安全\kav6.0_chs\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [f:\安全\kav6.0_chs\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [f:\安全\kav6.0_chs\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [f:\安全\kav6.0_chs\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [f:\安全\kav6.0_chs\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\WINABCX.IME]  [PKUETI, 5.22.216]
    [C:\Program Files\Tencent\QQ\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [C:\Program Files\Tencent\QQ\BQQApplication.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [C:\Program Files\Tencent\QQ\GroupConnection.dll]  [Tencent, 0, 3, 3, 5]
    [C:\Program Files\Tencent\QQ\CommercesMng.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 271]
    [C:\Program Files\Tencent\QQ\QQSceneMng.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\QQ\QQPhoneHelper.dll]  [腾讯科技（深圳）有限公司, 2, 1, 5, 50]
    [C:\Program Files\Tencent\QQ\videodevice.dll]  [Tencent, 1, 6, 0, 1]
    [C:\Program Files\Tencent\QQ\inplus.dll]  [Tencent, 1, 6, 0, 0]
    [C:\WINDOWS\system32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
[PID: 2320][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 684][F:\安全\木马杀客\mmsk.exe]  [N/A, N/A]
    [F:\安全\木马杀客\krnln.fnr]  [, 1, 0, 0, 1]
    [F:\安全\木马杀客\iext.fne]  [, 1, 0, 0, 1]
    [F:\安全\木马杀客\HtmlView.fne]  [, 1, 0, 0, 1]
    [F:\安全\木马杀客\TrayIcon.fne]  [, 1, 0, 0, 1]
    [F:\安全\木马杀客\iext2.fne]  [, 1, 0, 0, 1]
    [F:\安全\木马杀客\HYExtLib.fne]  [N/A, N/A]
    [F:\安全\kav6.0_Chs\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [F:\安全\kav6.0_Chs\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [F:\安全\kav6.0_Chs\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [F:\安全\木马杀客\xplib.fne]  [N/A, N/A]
    [F:\安全\木马杀客\shell.fne]  [N/A, N/A]
    [F:\安全\木马杀客\EThread.fne]  [N/A, N/A]
    [F:\安全\木马杀客\dp1.fne]  [N/A, N/A]
    [F:\安全\木马杀客\eAPI.fne]  [, 1, 0, 0, 1]
[PID: 3076][C:\WINDOWS\system32\NOTEPAD.EXE]  [N/A, 1, 1, 0, 8]
[PID: 3324][C:\Program Files\Tencent\TT\TTraveler.exe]  [腾讯公司, 3.2.200.275]
    [C:\Program Files\Tencent\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll]  [腾讯公司, 1, 1, 0, 5]
    [C:\Program Files\Tencent\TT\Plugins\TWeather\TWeather.dll]  [, 1, 0, 0, 3]
    [F:\安全\kav6.0_Chs\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [F:\安全\kav6.0_Chs\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Tencent\TT\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 4]
    [F:\安全\kav6.0_Chs\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\WINABCX.IME]  [PKUETI, 5.22.216]
[PID: 4012][D:\装机人员工具\扫描专杀软件\sreng2\SREng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [D:\装机人员工具\扫描专杀软件\sreng2\SREng2\SREng\Plugins\SRECXTMG.SRE]  [Smallfrogs Studio, 1, 5, 0, 55]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
HOSTS 文件
127.0.0.1      localhost
125.91.97.132      www.waigua8.com
125.91.97.132      www.6657.com
125.91.97.132      www.game172.com
125.91.97.132      waigua8.com
125.91.97.132      6657.com
125.91.97.132      game172.com
125.91.97.132      dx6.waigua8.com
125.91.97.132      dx5.waigua8.com
125.91.97.132      dx4.waigua8.com
125.91.97.132      dx3.waigua8.com
125.91.97.132      dx2.waigua8.com
125.91.97.132      dx1.waigua8.com

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

关闭服务
[WINS / WINS]
<C:\WINDOWS\Hacker.exe><N/A>
B302EC43 / B302EC43]
<C:\WINDOWS\system32\B302EC43.EXE -service><N/A>
修复HOST表
125.91.97.132 www.waigua8.com
125.91.97.132 www.6657.com
125.91.97.132 www.game172.com
125.91.97.132 waigua8.com
125.91.97.132 6657.com
125.91.97.132 game172.com
125.91.97.132 dx6.waigua8.com
125.91.97.132 dx5.waigua8.com
125.91.97.132 dx4.waigua8.com
125.91.97.132 dx3.waigua8.com
125.91.97.132 dx2.waigua8.com
125.91.97.132 dx1.waigua8.com

怎么关闭啊..

那东西是系统正常的,不用去关

引用:

【姑苏残月的贴子】那东西是系统正常的,不用去关 ………………

真的我怎么觉得老不正常的

哪个是正常的啊