瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 我的hijackthis的报告。高手指点下怎么杀吧?用它直接清理不行呢。

1   1  /  1  页   跳转

我的hijackthis的报告。高手指点下怎么杀吧?用它直接清理不行呢。

收藏
daidongly
头像
初生襁褓狮
  • 帖子:2
  • 注册: 2006-11-28
  • 来自:
发表于: 2006-11-28 19:36 | 显示全部 短消息 资料
字号: 1楼

我的hijackthis的报告。高手指点下怎么杀吧?用它直接清理不行呢。

Logfile of HijackThis v1.99.1
Scan saved at 18:59:50, on 2006-11-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\ibmpmsvc.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\spoolsv.exe
D:\Program Files\IBM\Application Developer\IBM Agent Controller\bin\RAServer.exe
C:\windows\system32\cisrv.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\Explorer.EXE
c:\windows\pmsgr.exe
C:\windows\system32\netdde.exe
C:\windows\system32\SysUtil.exe
C:\windows\system32\Svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\windows\system32\rundll32.exe
C:\windows\VM_STI.EXE
C:\Program Files\ipwins\ipwins.exe
C:\winla\winla.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\system32\ctfmon.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\15OSA.EXE
c:\windows\system32\wbem\lsass.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\conime.exe
J:\ha_hijackthis_1991\HijackThis.exe

R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
R3 - URLSearchHook: Miorosoft Office - {AFF70970-F13A-4BBA-8C03-7D720FABC442} - C:\Program Files\Miorosoft Office\Miorosoft Office.dll
O1 - Hosts: 222.88.90.22 www.4199.com
O1 - Hosts: 222.88.90.22 4199.com
O1 - Hosts: 222.88.90.22 www.9505.com
O1 - Hosts: 222.88.90.22 9505.com
O1 - Hosts: 222.88.90.22 7939.com
O1 - Hosts: 222.88.90.22 www.7939.com
O1 - Hosts: 222.88.90.22 www.3448.com
O1 - Hosts: .72g.com
O1 - Hosts: 203.171.236.215 www.muchina.com
O1 - Hosts: 203.171.236.215 xyq.163.com
O1 - Hosts: 203.171.236.215 xy2.163.com
O1 - Hosts: 203.171.236.215 www.the9.com
O1 - Hosts: 203.171.236.215 www.5173.com
O1 - Hosts: 203.171.236.215 www.tkgame.com
O1 - Hosts: 59.34.197.239 www.baidu.com
O1 - Hosts: 59.34.197.239 baidu.com
O1 - Hosts: 59.34.197.239 www.sohu.com
O1 - Hosts: 59.34.197.239 sohu.com
O1 - Hosts: 59.34.197.239 www.sina.com
O1 - Hosts: 59.34.197.239 sina.com
O1 - Hosts: 59.34.197.239 www.sina.com.cn
O1 - Hosts: 59.34.197.239 sina.com.cn
O1 - Hosts: 59.34.197.239 www.163.com
O1 - Hosts: 59.34.197.239 163.com
O1 - Hosts: 59.34.197.239 www.google.com
O1 - Hosts: 59.34.197.239 google.com
O1 - Hosts: 59.34.197.239 www.qq.com
O1 - Hosts: 59.34.197.239 qq.com
O1 - Hosts: 59.34.197.239 www.hao123.com
O1 - Hosts: 59.34.197.239 hao123.com
O1 - Hosts: 59.34.197.239 ttlttt.com
O1 - Hosts: 59.34.197.239 www.ddspn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: 中文搜搜 - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: conimehlp Class - {72031E10-51CB-40DB-BD9F-C24E69FFA7B3} - C:\windows\system32\msxw32.dll
O2 - BHO: ntsvr Class - {79B8A2B5-CCAB-40CD-B939-A18B916FAD95} - C:\windows\system32\ntsvr.dll
O2 - BHO: XBTP02864 - {84F8D1C1-E909-4dd2-86BF-5D5AAF77FF4C} - C:\PROGRA~1\MIOROS~1\MIOROS~1.DLL
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C70233E-0891-2052-0303-040401090056}\888.dll
O3 - Toolbar: Miorosoft Office - {AFF70970-F13A-4BBA-8C03-7D720FABC442} - C:\Program Files\Miorosoft Office\Miorosoft Office.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\windows\system32\kakatool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\windows\VM_STI.EXE ZSMC USB PC Camera
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [winla] c:\winla\winla.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKLM\..\Run: [pxnhwy] C:\windows\system32\gxtahp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Startup: 腾讯QQ.lnk = D:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: WNSO.lnk = C:\Program Files\Common Files\RGGZS\WNSO.exe
O8 - Extra context menu item: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 转换为 Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换为现有 PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换选定的链接为 Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 转换选定的链接为现有 PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 转换选项为 Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换选项为现有 PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换链接目标为 Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换链接目标为现有 PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O11 - Options group: [TBH] 中文搜搜
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{29E0075A-0836-424A-A82E-3FD64826B3A8}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: logast - logast.dll (file missing)
O20 - Winlogon Notify: rpcc - C:\windows\system32\rpcc.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll
O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\windows\webwork\webwork.dll
O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EASYPH~1\Apache\apache.exe" --ntservice (file missing)
O23 - Service: IBM Agent Controller - Unknown owner - D:\Program Files\IBM\Application Developer\IBM Agent Controller\bin\RAServer.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\windows\system32\ibmpmsvc.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe
O23 - Service: Network DDK - Unknown owner - C:\windows\system32\SysUtil.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

最后编辑2006-11-28 20:31:58
分享到:
gototop
 
daidongly
头像
初生襁褓狮
  • 帖子:2
  • 注册: 2006-11-28
  • 来自:
发表于: 2006-11-28 19:37 | 显示全部 短消息 资料
字号: 2楼

急~呵呵。自己顶下~
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT