发表于: 2005-12-11 22:24 | 显示全部 短消息 资料
字号: 1楼

【求助】hijackthis扫描日志,麻烦帮我看看!谢谢

HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 22:20:00, on 2005-12-11
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lenovo\幸福一键通\Kbdriver.exe
C:\Program Files\Lenovo\幸福一键通\FlyShuttle.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM_STI.EXE
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\Program Files\Common Files\UPDATE\Update.exe
C:\Program Files\wsearch\Search.exe
D:\Program Files\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3W1.EXE
D:\Program Files\Rising\Rav\RavTask.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\ad\ciel.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Pcast\PodcastbarMini\PodcastBarMini.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\P4P\p2psvr.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Tencent\qq\TIMPlatform.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Thunder Network\Thunder\Thunder.exe
D:\Program Files\Tencent\qq\QQ.exe
D:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
D:\Program Files\Rising\Rav\Rav.exe
C:\Documents and Settings\lenovo\My Documents\hijackthis1.97_qoo\HijackThis.exe

O2 - BHO: (no name) - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32

\xunleibho_v8.dll
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program

Files\P4P\sodaie.dll
O2 - BHO: (no name) - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1

\assist\yphtb.dll
O2 - BHO: (no name) - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1

\CNNIC\Cdn\cdniehlp.dll
O2 - BHO: (no name) - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1

\assist\yangling.dll
O2 - BHO: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1

\assist\yasbar.dll
O2 - BHO: (no name) - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1

\assist\YDRAGS~1.DLL
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1

\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\PROGRA~1\KuGoo3

\KUGOO3~1.OCX
O2 - BHO: (no name) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON

Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ????? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1

\assist\yasbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program

Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef

/Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Lskbdrv] C:\Program Files\Lenovo\
O4 - HKLM\..\Run: [LenSoft] C:\Program Files\Lenovo\
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" 

-osboot
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [KuGoo3] D:\Program Files\KuGoo3\KuGoo.exe
O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDATE\Update.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia PC Suite 6

\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [EPSON ME 1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3W1.EXE /P10

"EPSON ME 1" /O6 "USB001" /M "ME 1"
O4 - HKLM\..\Run: [ad] C:\Program Files\ad\ciel.exe
O4 - HKLM\..\Run: [mscfs] RUNDLL32 C:\WINDOWS\System32\msibm\cfsys.dll,cfs
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [KuGoo3] "D:\Program Files\KuGoo3\KuGoo.exe"
O4 - HKCU\..\Run: [PcSync] D:\Program Files\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: NTUSER.DAT
O4 - Startup: dbgDatFile176
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: dbgDatFile177
O4 - Startup: dbgDatFile178
O4 - Startup: dbgDatFile179
O4 - Startup: dbgDatFile180
O4 - Startup: dbisam.lck
O4 - Startup: nn.bmp
O4 - Startup: dbgDatFile181
O4 - Startup: dbgDatFile182
O4 - Startup: dbgDatFile138
O4 - Startup: dbgDatFile139
O4 - Startup: dbgDatFile140
O4 - Startup: dbgDatFile141
O4 - Startup: dbgDatFile142
O4 - Startup: dbgDatFile143
O4 - Startup: dbgDatFile144
O4 - Startup: dbgDatFile145
O4 - Startup: dbgDatFile146
O4 - Startup: dbgDatFile147
O4 - Startup: dbgDatFile148
O4 - Startup: dbgDatFile149
O4 - Startup: dbgDatFile150
O4 - Startup: dbgDatFile151
O4 - Startup: dbgDatFile152
O4 - Startup: dbgDatFile153
O4 - Startup: dbgDatFile154
O4 - Startup: dbgDatFile155
O4 - Startup: dbgDatFile156
O4 - Startup: dbgDatFile157
O4 - Startup: dbgDatFile158
O4 - Startup: dbgDatFile159
O4 - Startup: dbgDatFile160
O4 - Startup: dbgDatFile161
O4 - Startup: dbgDatFile162
O4 - Startup: dbgDatFile163
O4 - Startup: dbgDatFile164
O4 - Startup: dbgDatFile165
O4 - Startup: dbgDatFile166
O4 - Startup: dbgDatFile167
O4 - Startup: dbgDatFile168
O4 - Startup: dbgDatFile169
O4 - Startup: dbgDatFile170
O4 - Startup: dbgDatFile171
O4 - Startup: dbgDatFile172
O4 - Startup: dbgDatFile173
O4 - Startup: dbgDatFile174
O4 - Startup: dbgDatFile175
O4 - Startup: dbgDatFile183
O4 - Startup: dbgDatFile184
O4 - Startup: dbgDatFile185
O4 - Startup: dbgDatFile186
O4 - Startup: dbgDatFile187
O4 - Startup: dbgDatFile188
O4 - Startup: dbgDatFile189
O4 - Startup: dbgDatFile190
O4 - Startup: dbgDatFile191
O4 - Startup: dbgDatFile192
O4 - Startup: dbgDatFile193
O4 - Startup: dbgDatFile194
O4 - Startup: dbgDatFile195
O4 - Startup: dbgDatFile196
O4 - Startup: dbgDatFile197
O4 - Startup: dbgDatFile198
O4 - Startup: dbgDatFile199
O4 - Startup: dbgDatFile200
O4 - Startup: dbgDatFile201
O4 - Startup: dbgDatFile202
O4 - Startup: dbgDatFile203
O4 - Startup: dbgDatFile204
O4 - Startup: dbgDatFile205
O4 - Startup: dbgDatFile206
O4 - Startup: dbgDatFile207
O4 - Startup: dbgDatFile208
O4 - Startup: dbgDatFile209
O4 - Startup: dbgDatFile210
O4 - Startup: dbgDatFile211
O4 - Startup: dbgDatFile212
O4 - Startup: dbgDatFile213
O4 - Startup: dbgDatFile214
O4 - Startup: dbgDatFile215
O4 - Startup: dbgDatFile216
O4 - Startup: dbgDatFile217
O4 - Startup: dbgDatFile218
O4 - Startup: dbgDatFile219
O4 - Startup: dbgDatFile220
O4 - Startup: dbgDatFile221
O4 - Startup: dbgDatFile222
O4 - Startup: dbgDatFile223
O4 - Startup: dbgDatFile224
O4 - Startup: dbgDatFile225
O4 - Startup: dbgDatFile226
O4 - Startup: dbgDatFile227
O4 - Startup: dbgDatFile228
O4 - Startup: dbgDatFile229
O4 - Startup: dbgDatFile230
O4 - Startup: dbgDatFile231
O4 - Startup: dbgDatFile232
O4 - Startup: dbgDatFile233
O4 - Startup: dbgDatFile234
O4 - Startup: dbgDatFile235
O4 - Startup: dbgDatFile236
O4 - Startup: dbgDatFile237
O4 - Startup: dbgDatFile238
O4 - Startup: dbgDatFile240
O4 - Startup: dbgDatFile241
O4 - Startup: dbgDatFile242
O4 - Startup: dbgDatFile243
O4 - Startup: dbgDatFile244
O4 - Startup: dbgDatFile245
O4 - Startup: dbgDatFile246
O4 - Startup: dbgDatFile247
O4 - Startup: dbgDatFile248
O4 - Startup: dbgDatFile249
O4 - Startup: dbgDatFile250
O4 - Startup: dbgDatFile251
O4 - Startup: dbgDatFile252
O4 - Startup: dbgDatFile253
O4 - Startup: dbgDatFile254
O4 - Startup: dbgDatFile255
O4 - Startup: dbgDatFile256
O4 - Startup: dbgDatFile257
O4 - Startup: dbgDatFile258
O4 - Startup: dbgDatFile259
O4 - Startup: dbgDatFile260
O4 - Startup: 桌面.lnk
O8 - Extra context menu item: &使用迅雷下载 - d:\Program Files\Thunder

Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - d:\Program Files\Thunder

Network\Thunder\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program

Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - D:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 使用搜狗直通车下载 - C:\Program Files\P4P\dl.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program

Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [!CNS] 
O11 - Options group: [CDNCLIENT] 
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -

http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-

94901338C922/wmv9VCM.CAB
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} -

http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-

AF2E4D98ED0C/wmv9dmo.cab
O16 - DPF: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} (pcastup Class) -

http://ps.itv.mop.com/dn/files/vodupdate_1.0.0.8_20051009.cab
O16 - DPF: {AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} (QQPlayer Control) -

http://219.133.62.236/QQPlayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) -

http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.76_20051110.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{59F1DA8A-853C-424E-AF15-85AA7323065D}: NameServer =

61.139.2.69 202.97.7.17

最后编辑2005-12-11 22:51:04