HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 17:53:44, on 2006-8-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\NTdHcP.exe
C:\WINDOWS\SMSS.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\ctfmon.exe
D:\hijackthis1.97_qoo\HijackThis.exe

R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O2 - BHO: (no name) - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v5.dll
O2 - BHO: (no name) - {01C2F1E8-5C69-4B5C-B052-26941B6C23A6} - C:\WINDOWS\system32\iequery.dll
O2 - BHO: (no name) - {02C9B9AB-6372-46C5-B356-773FAF3B6B1E} - C:\WINDOWS\fonts\msshapi.dll (file missing)
O2 - BHO: (no name) - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5001.dll (file missing)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O2 - BHO: (no name) - {70AFF2CB-9DA2-499C-8D15-900729FCE83D} - C:\WINDOWS\system32\YHBO.dll
O2 - BHO: (no name) - {721E6521-4CAD-4A8D-A7F1-4E230B31EF19} - C:\WINDOWS\system32\MSHLP.DLL
O2 - BHO: (no name) - {77962960-536E-47EC-9DDB-52651519705F} - C:\WINDOWS\system32\Rundl132.dll
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\WinSC.dll
O2 - BHO: (no name) - {AF098F95-7CEA-407A-8552-3846737CC4B2} - C:\WINDOWS\system32\funcwin.dll
O2 - BHO: DownloadBHO T2BHO - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINDOWS\Downloaded Program Files\barhelp24.0.dll (file missing)
O2 - BHO: (no name) - {CFF6E0CF-02FB-47F5-95A4-DD8610D59284} - C:\WINDOWS\system32\bsnviewer.dll
O2 - BHO: (no name) - {D271A289-57EB-4D0E-9131-A0CD25D4D1F8} - C:\WINDOWS\system32\browsewmzero.dll
O2 - BHO: Subconscious Intruder - {E2218499-2FD4-4EED-A94A-7F0B9C6E300E} - C:\WINDOWS\system32\Inte32.dll
O2 - BHO: (no name) - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\5b2od791.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SOUNDM] winsmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - HKLM\..\Run: [intranet] C:\WINDOWS\system32\intranet.exe
O4 - HKLM\..\Run: [SoundMam] C:\WINDOWS\system32\SVOHOST.exe
O4 - HKLM\..\Run: [zt] C:\Program Files\Intel\svhost32.exe
O4 - HKLM\..\Run: [svchost] C:\DOCUME~1\CHENYA~1.000\LOCALS~1\Temp\RarSFX2\svchost.exe
O4 - HKLM\..\Run: [jiahus] C:\WINDOWS\system32\svchqs.exe
O4 - HKLM\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe
O4 - HKLM\..\Run: [wdfmgr32] C:\WINDOWS\system32\wdfmgr32.exe
O4 - HKLM\..\Run: [TProgram] C:\WINDOWS\SMSS.EXE
O4 - HKLM\..\Run: [NTdhcp] C:\WINDOWS\system32\NTdhcp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\RunOnce: [alsmt.exe] C:\WINDOWS\system32\alsmt.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.ini
O4 - Startup: ntuser.dat.LOG
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.pol
O9 - Extra button: QQ (HKLM)
O9 - Extra button: 5chaa (HKLM)
O9 - Extra 'Tools' menuitem: 5chaa (HKLM)
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://www.ahn.com.cn/aspservice/plugin/myfirewall20.cab
O16 - DPF: {9EB2B422-C9EE-46C4-A471-1E79C7517B1D} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {AB89C9BF-9250-473B-BE49-D34F615CB678} (Chaos Filter) - http://download.mysee.com/Chaos.cab
O16 - DPF: {BA246823-F845-43DB-851A-68DF9F2CFEE5} (SkyVisionIE_HY Control) - http://yihuacc.vicp.net/SkyVision_IE_HY.inf
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy Class) - http://218.85.138.27/vqqsdl1009.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://cache10.itv.mop.com/pCastCtl-1.0.0.88_signed.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domain.sunway
O17 - HKLM\Software\..\Telephony: DomainName = domain.sunway
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F9CDB6B-78F0-48A1-8E33-4A5E9703499A}: NameServer = 192.168.1.111,202.103.229.40
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domain.sunway
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F9CDB6B-78F0-48A1-8E33-4A5E9703499A}: NameServer = 192.168.1.111,202.103.229.40
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domain.sunway
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F9CDB6B-78F0-48A1-8E33-4A5E9703499A}: NameServer = 192.168.1.111,202.103.229.40

兰兰乐乐，你日志发我这里干吗？

主页是被改成www.7939.com

唉。这是公司的公用电脑，谁都可以用。我家电脑就没事。