HijackThis_815汉化版扫描日志 V1.99.1
保存于      17:48:34, 日期 2005-12-16
操作系统：  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         

F2 - REG:system.ini: UserInit=C:\WINNT\System32\userinit.exe
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v3.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CAP Class - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINNT\system32\dtap.dll
O2 - BHO: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - E:\下略载毓工ぞ具運\影耙音舸传送痛带鳿\Net Transport\NTIEHelper.dll (file missing)
O2 - BHO: (no name) - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O2 - BHO: bho Class - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - IE工具栏增项: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - IE工具栏增项: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [xysecond] C:\bxy_vrv\vrvmon.exe
O4 - 启动项HKLM\\Run: [KAVPersonal50] "E:\杀毒软件\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - 启动项HKLM\\Run: [LoadQM] ; loadqm.exe
O4 - 启动项HKLM\\Run: [Super Rabbit SRRestore] E:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [MsnMsgr] ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Super Rabbit IEPro] E:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [update8] C:\WINNT\aupdate.exe
O4 - Startup: F10·加加.lnk = C:\Program Files\JJOL\IME\f10.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - IE右键菜单中的新增项目: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - IE右键菜单中的新增项目: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - IE右键菜单中的新增项目: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - IE右键菜单中的新增项目: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - IE右键菜单中的新增项目: Download all by Net Transport - E:\下载工具\影音传~1\NETTRA~1\NTAddList.html
O8 - IE右键菜单中的新增项目: Download by Net Transport - E:\下载工具\影音传~1\NETTRA~1\NTAddLink.html
O8 - IE右键菜单中的新增项目: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - IE右键菜单中的新增项目: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - E:\QQ1\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用 Instant Source 查看(&I) - E:\网页制作\网页代码实时查看Instant Source\context.html
O8 - IE右键菜单中的新增项目: 使用影音传送带下载 - E:\下载工具\影音传~1\NETTRA~1\NTAddLink.html
O8 - IE右键菜单中的新增项目: 使用影音传送带下载全部链接 - E:\下载工具\影音传~1\NETTRA~1\NTAddList.html
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - E:\xiazai\tupian\FLASHGET\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - E:\xiazai\tupian\FLASHGET\jc_all.htm
O8 - IE右键菜单中的新增项目: 图片→八哥网摘 - c:\Program Files\英语八哥\八哥网摘\getpict.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - E:\QQ1\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\QQ1\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - E:\QQ1\SendMMS.htm
O8 - IE右键菜单中的新增项目: 网页→八哥网摘 - c:\Program Files\英语八哥\八哥网摘\geturl.htm
O8 - IE右键菜单中的新增项目: 选定→八哥网摘 - c:\Program Files\英语八哥\八哥网摘\getsel.htm
O9 - 浏览器额外的按钮: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_changcheng_66125 (file missing)
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - 浏览器额外的按钮: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - 浏览器额外的按钮: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: 视频聊天 - {6924091F-CD97-41E1-B1D4-D9079409D413} - http://www.liantang.net (file missing)
O9 - 浏览器额外的“工具”菜单项: 视频聊天 - {6924091F-CD97-41E1-B1D4-D9079409D413} - http://www.liantang.net (file missing)
O9 - 浏览器额外的按钮: Instant Source - {8BD5271D-69C9-4467-882D-5139952D7754} - E:\网页制作\网页代码实时查看Instant Source\isrc.dll (file missing)
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\网页制作\FRONTP~1\OFFICE11\REFIEBAR.DLL (file missing)
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\QQ1\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\QQ1\QQ.EXE
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132141660536
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://61.129.90.99:1995/talk.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab
O23 - NT 服务: C-DillaCdaC11BA - Macrovision - C:\WINNT\System32\drivers\CDAC11BA.EXE
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: kavsvc - Kaspersky Lab - E:\杀毒软件\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - NT 服务: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - NT 服务: Remote Control Service (SoulService) - Unknown owner - sserver.exe (file missing)
O23 - NT 服务: sundll32 - Unknown owner - C:\WINNT\sundll32.bat

卡巴斯基说C:\winnt\system32\5xf.dll感染了rootkit.win32.vanti.e病毒
删除不掉 重启还有
这个怎么办啊

HKLM\SOFTWARE\Classes\?*2005-7-10 12:370 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Applications\2005-3-23 21:580 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Applications\2005-4-4 15:360 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Applications\2005-4-12 9:440 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Applications\2005-3-23 10:550 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Applications\2005-3-31 12:390 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\AutoCAD.Drawing.16\shell\2005-3-11 12:030 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\AutoCADDrawingStandardsFile\shell\2005-3-11 12:030 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\AutoCADTemplate\shell\2005-3-11 12:030 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\exefile\shell\2005-3-11 12:030 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\exefile\shell\2005-12-1 9:280 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Folder\shell\2005-12-1 9:280 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Assemblies\E:|2005-11-16 12:180 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Windows2000+IIS2005-4-4 12:450 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\WinZip\shell\2005-3-11 12:030 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\x
*2005-4-17 11:200 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\2005-3-23 9:570 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\2005-3-23 9:570 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\2005-3-23 9:570 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\2005-4-4 12:560 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\2005-4-4 12:490 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\2005-4-7 9:290 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\2005-4-4 12:470 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\2005-3-19 15:110 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\2005-4-1 17:090 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\2005-3-19 15:110 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\2005-3-11 10:260 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Accessdiver V4.120 2005-11-17 23:240 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\apihookdll 2005-12-12 10:010 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CutePage 2.0 2005-11-16 22:260 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\C2005-3-31 10:560 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PDF2005-12-7 16:490 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SocksCap V2.35 2005-3-25 14:130 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\2005-8-9 11:010 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\2005-11-28 10:320 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\2005-12-7 16:500 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\2005-12-7 16:500 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\2005-11-9 10:340 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\2005-3-28 18:270 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\2005-12-7 16:500 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\2005-3-11 10:590 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\2005-7-12 20:180 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\2005-6-14 18:590 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\2005-11-3 9:050 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\2005-11-3 9:060 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\2005-12-7 16:510 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\2005-4-4 16:230 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\2005-11-8 13:130 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\2005-7-13 8:350 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\2005-12-7 16:500 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\2005-11-3 9:060 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\2005-12-7 16:500 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Syncmgr\AutoSync\ZLB-ZL_\LAN 2005-8-11 15:100 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Syncmgr\AutoSync\ZLB-ZL_Administrator\LAN 2005-3-11 10:330 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Unimodem\DeviceSpecific\2005-11-19 17:100 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Accessdiver V4.120 2005-11-17 19:050 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\apihookdll 2005-12-1 10:050 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CutePage 2.0 2005-11-15 21:230 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\C2005-3-29 15:040 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PDF2005-4-4 12:550 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SocksCap V2.35 2005-3-24 9:340 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2005-4-12 9:270 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2005-4-4 17:070 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2005-3-19 16:000 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2005-3-19 17:480 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2005-7-19 10:320 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2005-3-11 10:420 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2005-11-27 17:370 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2005-6-12 14:410 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2005-3-23 9:570 bytesKey name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentV

保存日志完了 怎么说进程退出 完了自动把RootkitRevealer关了
有没有中文版的 这个也看不明白

日志存不了 一存就出错关闭了