HijackThis_zww汉化版扫描日志 V1.99.1
保存于      12:35:05, 日期 2006-10-15
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Tenyqq\TenyQQ.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\FlashGet\FlashGet.exe
E:\Program Files\MemTurbo\MemTurbo.exe
E:\Program Files\ewido anti-spyware 4.0\guard.exe
E:\进程扫描\HijackThis1991汉化版\HijackThis1991zww.exe

O2 - BHO: IEobj Class - {0E12BCA7-5B47-4E28-ADD5-36C09DFDDBAD} - C:\WINDOWS\system32\iemm.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files\FlashGet\jccatch.dll
O3 - IE工具栏增项: CyberArticle Express - {769A6A36-ED24-4376-BC7C-80225BF35698} - e:\Program Files\CyberArticle\CAExp.dll
O4 - 启动项HKLM\\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - 启动项HKLM\\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - 启动项HKLM\\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - 启动项HKLM\\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - 启动项HKLM\\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MemTurbo.lnk = E:\Program Files\MemTurbo\MemTurbo.exe
O4 - Startup: TenyQQ.lnk = E:\Program Files\Tenyqq\TenyQQ.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 完整网页 - C:\Documents and Settings\清水聖人\Application Data\CyberArticle\Script\Save_2148390.htm
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\Program Files\HFGameOPT\GameClient.exe
O9 - 浏览器额外的按钮: Browser Adjustment - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147636217031
O17 - HKLM\System\CCS\Services\Tcpip\..\{A004EBA0-C14F-4628-AB6E-C9567965B09B}: NameServer = 202.102.128.68,202.102.152.3
O23 - NT 服务: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - NT 服务: McAfee Framework 服务 (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - NT 服务: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - NT 服务: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - NT 服务: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
O23 - NT 服务: System Untes Service    - Unknown owner - C:\WINDOWS\system32\untes.com




我没开网页~我的防火墙经常出现这个连接~
IEXPLORE.EXE    TCP    local:172.28.68.21    4882    lengzhan.vicp.net    88    允许应用程序活动 - iexplore.exe    出站     12:34:45    03 sec(s)    0 Bytes    0 Bytes    0 bps    ---


还有这3条觉得很可疑~
O2 - BHO: IEobj Class - {0E12BCA7-5B47-4E28-ADD5-36C09DFDDBAD} - C:\WINDOWS\system32\iemm.dll

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O23 - NT 服务: System Untes Service    - Unknown owner - C:\WINDOWS\system32\untes.com

O4 - 启动项HKLM\\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

这个如果你也不知道的话,建议修复

O23 - NT 服务: System Untes Service - Unknown owner - C:\WINDOWS\system32\untes.com
运行 regedit 展开
hklm  system currentcontrolset services
删除System Untes Service
并搜索注册表 untes.com删除全部
重启后删除C:\WINDOWS\system32\untes.com

安全模式下修复
O2 - BHO: IEobj Class - {0E12BCA7-5B47-4E28-ADD5-36C09DFDDBAD} - C:\WINDOWS\system32\iemm.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O23 - NT 服务: System Untes Service - Unknown owner - C:\WINDOWS\system32\untes.com

删除
C:\WINDOWS\system32\untes.com

好的 我试试~~