HijackThis_815汉化版扫描日志 V1.99.1
保存于      12:28:07, 日期 2006-7-21
操作系统：  Windows XP SP1 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
E:\瑞星殺毒\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\瑞星殺毒\Rising\Rav\Ravmond.exe
e:\防火墙\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
E:\瑞星殺毒\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Rundll32.exe
e:\防火墙\rising\rfw\RfwMain.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
E:\瑞星殺毒\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\rundll32.exe
E:\瑞星殺毒\Rising\Rav\Ravmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\LetsCool\LetsCool.exe
D:\Program Files\QQ\QQ.exe
C:\WINDOWS\System32\conime.exe
D:\Program Files\QQ\TIMPlatform.exe
D:\Program Files\TT\TTraveler.exe
D:\Program Files\迅雷5\Program\Thunder5.exe
C:\Program Files\SearchNet\SearchNet.exe
E:\HijackThis1991zww.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\jcdhi.exe
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - (no file)
O2 - BHO: (no name) - {16A770A0-0E87-4278-B748-2460D64A8386} - (no file)
O2 - BHO: FltSetUp Class - {1D49D58D-5C84-4B50-8359-D9809BEB2B32} - C:\Program Files\Internet Explorer\Connection Wizard\icwnet.dll
O2 - BHO: IE Address Browser Helper - {2A0176FE-008B-4706-90F5-BBA532A49731} - C:\Program Files\SearchNet\SNHpr.dll
O2 - BHO: (no name) - {2D99E8F4-56B7-457B-9A92-61B5D247D263} - (no file)
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
O2 - BHO: CAISHOW TOOLBAR - {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} - (no file)
O2 - BHO: IE Browser Helper - {3CE496D1-1746-41CD-9489-3C0B93DF10E2} - C:\WINDOWS\Downlo~1\bkp.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\QQ\QQIEHelper.dll
O2 - BHO: 网络加速 - {5673A7C0-95CC-4646-BB07-3BD71234CEF9} - (no file)
O2 - BHO: (no name) - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - (no file)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: (no name) - {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\WINDOWS\System32\ssup.dll
O2 - BHO: MSHlper Class - {721E6521-4CAD-4A8D-A7F1-4E230B31EF19} - C:\WINDOWS\System32\MSHLP.DLL
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - D:\Program Files\超级兔子\MagicSet\haokanbar.dll
O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\迅雷5\ComDlls\XunLeiBHO_002.dll
O2 - BHO: IEHlprObj Class - {999ADFA2-8AD1-47ff-97FC-69FB847458F4} - C:\Progra~1\NetMeeting\nmview.dll
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - (no file)
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Flash 8 ocx  - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINDOWS\System32\flash8.dll
O2 - BHO: (no name) - {BE442802-3911-46E0-B227-076B15A4EAD3} - (no file)
O2 - BHO: iehelper - {C1DE9E98-839F-4055-AEDF-781852C25895} - C:\WINDOWS\system32\aperferer.dll
O2 - BHO: Webacc - {CAC068F3-A608-406B-8581-458788A67694} - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O2 - BHO: Subconscious Intruder - {E2218499-2FD4-4EED-A94A-7F0B9C6E300E} - (no file)
O2 - BHO: Yahoo Bar - {F60FAB6F-115D-4797-9ED1-89793B930876} - C:\WINDOWS\ODBINT.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - IE工具栏增项: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - D:\Program Files\超级兔子\MagicSet\haokanbar.dll
O3 - IE工具栏增项: BitComet工具栏 - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - D:\Program Files\BT\BitComet\BitCometBar\BitCometBar0.6.dll
O3 - IE工具栏增项: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - 启动项HKLM\\Run: [YLive.exe] ; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [yassistse] ; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run: [CnsMin] ; Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - 启动项HKLM\\Run: [RavTask] ; "E:\瑞星殺毒\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [helper.dll] ; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - 启动项HKLM\\Run: [Thunder] ; "D:\Program Files\迅雷5\Thunder.exe" /s
O4 - 启动项HKLM\\Run: [Mysee Alert] ; "C:\Program Files\GAOV\Mysee Alert\Mysee Alert.exe" -notray
O4 - 启动项HKLM\\Run: [stup.exe] ; C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - 启动项HKLM\\Run: [l3iryq6s] ; RunDll32 "C:\WINDOWS\Downlo~1\l3iryq6s.dll",Run
O4 - 启动项HKLM\\Run: [Easy-PrintToolBox] ; C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - 启动项HKLM\\Run: [RfwMain] ; "E:\防火墙\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [spoolsv] ; C:\WINDOWS\System32\spoolsv\spoolsv.exe -printer
O4 - 启动项HKLM\\Run: [ekja99] ; RunDll32 "C:\WINDOWS\Downlo~1\ekja99.dll",Run
O4 - 启动项HKLM\\Run: [SearchNet_Up] "C:\Program Files\SearchNet\ServeUp.exe"
O4 - 启动项HKLM\\Run: [CdnCtr] ;
O4 - HKCU\..\Run: [ctfmon.exe] ; C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LetsCool] ; C:\Program Files\LetsCool\LetsCool.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] ; D:\Program Files\超级兔子\MagicSet\SRIECLI.EXE /LOAD

O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\Program Files\迅雷5\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\Program Files\迅雷5\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: Easy-WebPrint打印 - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - IE右键菜单中的新增项目: Easy-WebPrint添加到打印列表 - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - IE右键菜单中的新增项目: Easy-WebPrint预览 - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - IE右键菜单中的新增项目: Easy-WebPrint高速打印 - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - IE右键菜单中的新增项目: Google 搜索(&G) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - D:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 反向链接 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 添加到雅虎订阅(&Y) - res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\QQ\SendMMS.htm
O8 - IE右键菜单中的新增项目: 类似网页 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - IE右键菜单中的新增项目: 缓存的网页快照 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - IE右键菜单中的新增项目: 翻译英文字词(&T) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\浩.方\浩方对战平台\GameClient.exe
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - 浏览器额外的按钮: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\QQ\QQIEHelper.dll
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS]  网络实名
O11 - Options group: [TBH] 搜搜地址栏搜索
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{10173D5A-B982-4C74-9990-3716D1538216}: NameServer = 202.96.128.86 202.96.128.166
O23 - NT 服务: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: Remote Log - Beijing zhongsou online software - C:\WINDOWS\System32\ServeHost.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - e:\防火墙\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - E:\瑞星殺毒\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\瑞星殺毒\Rising\Rav\Ravmond.exe
O23 - NT 服务: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

如何才能彻底将其清除.

用超级兔子卸掉
修复(no file)和(file missing)

(file missing)结尾的勾上 修复..

修复
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\jcdhi.exe
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - (no file)
O2 - BHO: (no name) - {16A770A0-0E87-4278-B748-2460D64A8386} - (no file)
O2 - BHO: FltSetUp Class - {1D49D58D-5C84-4B50-8359-D9809BEB2B32} - C:\Program Files\Internet Explorer\Connection Wizard\icwnet.dll
O2 - BHO: (no name) - {2D99E8F4-56B7-457B-9A92-61B5D247D263} - (no file)
O2 - BHO: CAISHOW TOOLBAR - {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} - (no file)
O2 - BHO: IE Browser Helper - {3CE496D1-1746-41CD-9489-3C0B93DF10E2} - C:\WINDOWS\Downlo~1\bkp.dll
O2 - BHO: 网络加速 - {5673A7C0-95CC-4646-BB07-3BD71234CEF9} - (no file)
O2 - BHO: (no name) - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - (no file)
O2 - BHO: (no name) - {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\WINDOWS\System32\ssup.dll
O2 - BHO: MSHlper Class - {721E6521-4CAD-4A8D-A7F1-4E230B31EF19} - C:\WINDOWS\System32\MSHLP.DLL
O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} - (no file)
O2 - BHO: IEHlprObj Class - {999ADFA2-8AD1-47ff-97FC-69FB847458F4} - C:\Progra~1\NetMeeting\nmview.dll
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Flash 8 ocx - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINDOWS\System32\flash8.dll
O2 - BHO: (no name) - {BE442802-3911-46E0-B227-076B15A4EAD3} - (no file)
O2 - BHO: iehelper - {C1DE9E98-839F-4055-AEDF-781852C25895} - C:\WINDOWS\system32\aperferer.dll
O2 - BHO: Webacc - {CAC068F3-A608-406B-8581-458788A67694} - (no file)
O2 - BHO: Subconscious Intruder - {E2218499-2FD4-4EED-A94A-7F0B9C6E300E} - (no file)
O2 - BHO: Yahoo Bar - {F60FAB6F-115D-4797-9ED1-89793B930876} - C:\WINDOWS\ODBINT.dll
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - 启动项HKLM\\Run: [l3iryq6s] ; RunDll32 "C:\WINDOWS\Downlo~1\l3iryq6s.dll",Run
O4 - 启动项HKLM\\Run: [ekja99] ; RunDll32 "C:\WINDOWS\Downlo~1\ekja99.dll",Run
O4 - 启动项HKLM\\Run: [ekja99] ; RunDll32 "C:\WINDOWS\Downlo~1\ekja99.dll",Run
O4 - 启动项HKLM\\Run: [CdnCtr] ;

删除
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\jcdhi.exe
C:\Program Files\Internet Explorer\Connection Wizard\icwnet.dll
C:\WINDOWS\Downlo~1\bkp.dll
C:\WINDOWS\System32\ssup.dll
C:\WINDOWS\System32\MSHLP.DLL
C:\Progra~1\NetMeeting
C:\WINDOWS\System32\flash8.dll
C:\WINDOWS\system32\aperferer.dll
C:\WINDOWS\ODBINT.dll
C:\WINDOWS\Downlo~1\l3iryq6s.dll
C:\WINDOWS\Downlo~1\ekja99.dll


O4 - 启动项HKLM\\Run: [spoolsv] ; C:\WINDOWS\System32\spoolsv\spoolsv.exe -printer
参考：http://forum.ikaka.com/topic.asp?board=28&artid=7948848

用超级兔子清理王卸载流氓软件...(安全模式...)

楼主按楼上说的修复后，重启。
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。