http://www.d766.com/veer.php?entry=993&mac=000D878B0B92一上网就是这个网站再按了主页还是空白页他说什么不知名文档日志：HijackThis_815汉化版扫描日志 V1.99.1
保存于      12:50:30, 日期 2007-1-28
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Unable to get Internet Explorer version!

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ulead Systems\Ulead Video@Home 2.0\monitor.exe
D:\Program Files\Rising\AntiSpyware\runiep.exe
D:\PROGRA~1\M&WXMI~1\CertRegX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\slserv.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Program Files\Tencent\TT\TTraveler.exe
D:\Program Files\Tencent\TT\TCPlus.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\taskmgr.exe
D:\HijackThis1991zww.exe

R3 - URLSearchHook: 搜索栏 - {A1A77F56-C12B-45AF-997E-C1D8505E2E68} - C:\Program Files\搜索栏\eqiso.dll (file missing)
O2 - BHO: QQCycloneHelper - {00000000-12C9-4305-82F9-43058F20E8D2} - F:\QQDownload\QQIEHelper01.dll
O2 - BHO: nvqj - {4E1D0921-037B-4991-AED3-C0BF2798251A} - C:\PROGRA~1\wews\xiaw.dll (file missing)
O2 - BHO: XBTP07757 - {5F915F24-69C2-4ef0-BF74-8A69E4D28E0B}? - (no file)
O3 - IE工具栏增项: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\PROGRA~1\Kingsoft\FASTAI~1\IEBand.dll
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O3 - IE工具栏增项: 搜索栏 - {A1A77F56-C12B-45AF-997E-C1D8505E2E68} - C:\Program Files\搜索栏\eqiso.dll (file missing)
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - 启动项HKLM\\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - 启动项HKLM\\Run: [Ulead Video@Home Scheduling Wizard] C:\Program Files\Ulead Systems\Ulead Video@Home 2.0\monitor.exe
O4 - 启动项HKLM\\Run: [runeip] D:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - 启动项HKLM\\Run: [ekeyman_csp_user] D:\PROGRA~1\M&WXMI~1\CertRegX.exe
O4 - 启动项HKLM\\Run: [KVMON] "C:\Program Files\JiangMin\AntiVirus\KVMonXP.kxp"
O4 - 启动项HKLM\\Run: [kav] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - 启动项HKLM\\RunOnce: [KKDelay] d:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 新浪UC.lnk = D:\Program Files\sina\UC\uc.exe
O8 - IE右键菜单中的新增项目: &使用超级旋风下载 - F:\QQDownload\geturl.htm
O8 - IE右键菜单中的新增项目: &使用超级旋风下载全部链接 - F:\QQDownload\getAllurl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O8 - IE右键菜单中的新增项目: 豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
O9 - 浏览器额外的按钮: Web反病毒保护 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - 浏览器额外的按钮: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - 浏览器额外的“工具”菜单项: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: 词霸 - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\POWERW~1\XDictExB.dll
O9 - 浏览器额外的按钮: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\POWERW~1\IEPlugin.dll
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} (Tencent Safety Online Base Module) - http://safe.qq.com/cgi-bin/tso/TSOBase.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{B52E5BE2-78B1-4066-94ED-D2FDC2F990C8}: NameServer = 210.52.207.2
O18 - 列举现有的协议: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\POWERW~1\XDictExB.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: Auto_Updatas Service - Unknown owner - C:\WINDOWS\Auto_Updatas.exe (file missing)
O23 - NT 服务: 卡巴斯基反病毒6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - NT 服务: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

【回复“horrrrsi”的帖子】日志：系统检测：    Windows XP SP2 (WinNT 5.01.2600)
系统检测：    Unable to get Internet Explorer version!
* 使用默认选项             
==================================================

当前运行的进程：         

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ulead Systems\Ulead Video@Home 2.0\monitor.exe
D:\Program Files\Rising\AntiSpyware\runiep.exe
D:\PROGRA~1\M&WXMI~1\CertRegX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\slserv.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Program Files\Tencent\TT\TTraveler.exe
D:\Program Files\Tencent\TT\TCPlus.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\HijackThis1991zww.exe

--------------------------------------------------

文件夹中的启动项                 

Shell folders Startup:
[C:\Documents and Settings\Admin\「开始」菜单\程序\启动]
新浪UC.lnk = D:\Program Files\sina\UC\uc.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
MSPY2002 = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
SoundMan = SOUNDMAN.EXE
IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
IMSCMig = C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
Ulead Video@Home Scheduling Wizard = C:\Program Files\Ulead Systems\Ulead Video@Home 2.0\monitor.exe
runeip = D:\Program Files\Rising\AntiSpyware\runiep.exe
ekeyman_csp_user = D:\PROGRA~1\M&WXMI~1\CertRegX.exe
(Default) =
KVMON = "C:\Program Files\JiangMin\AntiVirus\KVMonXP.kxp"
kav = "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
Welcome =

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

KKDelay = d:\Program Files\Rising\AntiSpyware\RunOnce.exe

--------------------------------------------------

注册表中的启动项:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

文件打开方式关联 for    .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(黙认) =  C:\WINDOWS\notepad.exe %1

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=* 未找到INI相关项目值 *       
run=* 未找到INI相关项目值 *       

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *           
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *           
HKLM\..\Windows\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *           
HKLM\..\Windows\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *           
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *           
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *           
HKCU\..\Windows\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *         
HKCU\..\Windows\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *         
HKCU\..\Windows NT\CurrentVersion\Windows: load=* 未找到相关注册表键值 *           
HKCU\..\Windows NT\CurrentVersion\Windows: run=* 未找到相关注册表键值 *           
HKLM\..\Windows NT\CurrentVersion\Windows: load=* 未找到相关注册表键值 *           
HKLM\..\Windows NT\CurrentVersion\Windows: run=* 未找到相关注册表键值 *           
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=* 未找到相关注册表键值 *||||||||||||

--------------------------------------------------

外壳扩展和屏幕保护程序的键值  从            C:\WINDOWS\SYSTEM.INI:

Shell=* 未找到INI相关项目值 *       
SCRNSAVE.EXE=* 未找到INI相关项目值 *       
drivers=* 未找到INI相关项目值 *       

外壳扩展和屏幕保护程序的键值  从  注册表             

Shell=Explorer.exe
SCRNSAVE.EXE=* 未找到相关注册表键值 *           
drivers=* 未找到相关注册表键值 *           

Policies Shell key:

HKCU\..\Policies: Shell=* 未找到相关注册表键值 *           
HKLM\..\Policies: Shell=* 未找到相关注册表键值 *           

--------------------------------------------------


列举IE浏览器辅助对象(BHO模块):               

QQCycloneHelper - F:\QQDownload\QQIEHelper01.dll - {00000000-12C9-4305-82F9-43058F20E8D2}
nvqj - C:\PROGRA~1\wews\xiaw.dll (file missing) - {4E1D0921-037B-4991-AED3-C0BF2798251A}
XBTP07757 - (no file) - {5F915F24-69C2-4ef0-BF74-8A69E4D28E0B}?

--------------------------------------------------

列举“计划任务”服务:                   

SuperCleaner.job

--------------------------------------------------

列举下载的程序文件：                       

[Edit Class]
InProcServer32 = C:\WINDOWS\system32\CMBEdit.dll
CODEBASE = https://www.sz1.cmbchina.com/download/CMBEdit.cab

[AxSubmitControl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL
CODEBASE = https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab

[Tencent Safety Online Base Module]
InProcServer32 = C:\WINDOWS\DOWNLO~1\TSOBase.ocx
CODEBASE = http://safe.qq.com/cgi-bin/tso/TSOBase.ocx

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

列举 ShellServiceObjectDelayLoad 项目：           

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
报告完毕，共 6,863 字节         
报告生成用时：0.110秒     

Command line options:
  /verbose  - to add additional info on each section
  /complete - to include empty sections and unsuspicious data
  /full    - to include several rarely-important sections
  /force9x  - to include Win9x-only startups even if running on WinNT
  /forcent  - to include WinNT-only startups even if running on Win9x
  /forceall - to include all Win9x and WinNT startups, regardless of platform
  /history  - to list version history only