HijackThis_815汉化版扫描日志 V1.99.1
保存于      20:38:09, 日期 2006-8-19
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\KAV2006\KAVStart.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\KAV2006\KPFW32.EXE
D:\KAV2006\KMailMon.EXE
C:\WINDOWS\System32\svchost.exe
D:\KAV2006\KPfwSvc.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UpdateService.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\QQ\QQ.exe
D:\Program Files\QQ\TIMPlatform.exe
D:\新建文件夹\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: Shockwave Flash Object - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - C:\WINDOWS\system32\smflash.ocx
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4700.dll (file missing)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\迅雷\迅雷\ComDlls\XunLeiBHO_002.dll (file missing)
O4 - 启动项HKLM\\Run: [KavStart] "D:\KAV2006\KAVStart.exe" -startup
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KavPFW] "D:\KAV2006\KPFW32.EXE"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\迅雷\迅雷\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\迅雷\迅雷\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\迅雷\迅雷\Thunder.exe (file missing)
O9 - 浏览器额外的“工具”菜单项: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\迅雷\迅雷\Thunder.exe (file missing)
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\secur.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\secur.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BE8BEF2-D6B6-4A03-ADB3-A1FE0674BAC6}: NameServer = 202.102.192.68 202.102.199.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{A149991E-0C12-4B45-9D19-01CB3F7707F7}: NameServer = 202.102.192.68,202.102.199.68
O23 - NT 服务: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - D:\KAV2006\KPfwSvc.EXE
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: UpdateService - Unknown owner - C:\WINDOWS\system32\UpdateService.exe

:\KAV2006\KAVStart.exe   
Unknown  running process. (KAVStart.exe)

  This is a unknown process.

  C:\Program Files\Common Files\Real\Update_OB\realsched.exe   
Safe.  running process. (realsched.exe)
Checks for updates for RealPlayer
 

  C:\WINDOWS\system32\ctfmon.exe   
Safe.  This entry was classified from our visitors as good.
  Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
  D:\KAV2006\KPFW32.EXE   
Unknown  running process. (KPFW32.EXE)

  This is a unknown process.

  D:\KAV2006\KMailMon.EXE   
Unknown  running process. (KMailMon.EXE)

  This is a unknown process.

  C:\WINDOWS\System32\svchost.exe   
Safe.  running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.
 

  D:\KAV2006\KPfwSvc.EXE   
Unknown  running process. (KPfwSvc.EXE)

  This is a unknown process.

  C:\WINDOWS\system32\nvsvc32.exe   
Safe.  This entry was classified from our visitors as good.
  Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
  C:\WINDOWS\System32\svchost.exe   
Safe.  running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.
 

  C:\WINDOWS\system32\UpdateService.exe   
Unknown  running process. (UpdateService.exe)

  This is a unknown process.

  C:\WINDOWS\System32\svchost.exe   
Safe.  running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.
 

  D:\Program Files\QQ\QQ.exe   
Unknown  running process. (QQ.exe)

  This is a unknown process.

  D:\Program Files\QQ\TIMPlatform.exe   
Unknown  running process. (TIMPlatform.exe)

  This is a unknown process.

  D:\新建文件夹\HijackThis1991汉化୭ 6;\HijackThis1991zww.exe   
Unknown  running process. (HijackThis1991zww.exe)

  This is a unknown process.

  R3 - 默认的URLSearchHook丢失。用HijackThis& #20462;复   
Possibly nasty  Should be fixed if you do not know the application or if no application is mentioned.
  Should be fixed if you do not know this application.
  O2 - BHO: Shockwave Flash Object - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - C:\WINDOWS\system32\smflash.ocx   
Unknown  Entries found in this registry zone are potentially nasty. This application ([14A21378-5BB1-4BC4-95D5-5D3F51527F6F] - Result: ) has been checked. Hit rate: 0,00%
  Unknown application.
  O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4700.dll (file missing)   
Unnecessarily  Entries found in this registry zone are potentially nasty. This application ([16B770A0-0E87-4278-B748-2460D64A8386] - Result: ) has been checked. Hit rate: 0,00%
  Unknown application.
Unnecessary (deactivated) entry that can be fixed.
  O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\迅雷\迅雷\ComDlls\XunLeiBHO_002.dll (file missing)   
Unnecessarily  Entries found in this registry zone are potentially nasty. This application ([889D2FEB-5411-4565-8998-1DD2C5261283] - Result: 889D2FEB-5411-4565-8998-1DD2C5261283) has been checked. Hit rate: 100,00%
 
Unnecessary (deactivated) entry that can be fixed.
  O4 - 启动项HKLM\\Run: [KavStart] "D:\KAV2006\KAVStart.exe" -startup   
Unknown 
Hit rate: 0,00 % (result)
  Unknown application.

O23 - NT 服务: UpdateService - Unknown owner - C:\WINDOWS\system32\UpdateService.exe
灰鸽子

HKCU\..\Run: [KavPFW] "D:\KAV2006\KPFW32.EXE"   
Unknown 
Hit rate: 0,00 % (result)
  Unknown application.
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present   
Safe.  This entry was classified from our visitors as good.
  Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
  O8 - IE右键菜单中的新增项௤ 6;: &使用迅雷下载 - D:\迅雷\迅雷\Program\GetUrl.htm   
Possibly nasty  Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed.
  To be fixed if the entry '&使用迅雷下载 ' is unknown.
  O8 - IE右键菜单中的新增项௤ 6;: &使用迅雷下载全部链接 ; - D:\迅雷\迅雷\Program\GetAllUrl.htm   
Possibly nasty  Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed.
  To be fixed if the entry '&使用迅雷下载全部链接 ' is unknown.
  O8 - IE右键菜单中的新增项௤ 6;: 上传到QQ网络硬盘 - D:\Program Files\QQ\AddToNetDisk.htm   
Possibly nasty  Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed.
  To be fixed if the entry '上传到QQ网络硬盘 ' is unknown.
  O8 - IE右键菜单中的新增项௤ 6;: 添加到QQ自定义面板 - D:\Program Files\QQ\AddPanel.htm   
Possibly nasty  Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed.
  To be fixed if the entry '添加到QQ自定义面板 ' is unknown.
  O8 - IE右键菜单中的新增项௤ 6;: 添加到QQ表情 - D:\Program Files\QQ\AddEmotion.htm   
Possibly nasty  Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed.
  To be fixed if the entry '添加到QQ表情 ' is unknown.
  O8 - IE右键菜单中的新增项௤ 6;: 用QQ彩信发送该图片 - D:\Program Files\QQ\SendMMS.htm   
Possibly nasty  Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed.
  To be fixed if the entry '用QQ彩信发送该图片 ' is unknown.
  O9 - 浏览器额外的按钮: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\迅雷\迅雷\Thunder.exe (file missing)   
Unnecessarily  Unknown buttons or entries in the 'Extras'-menu should be fixed.
  To be fixed if the entry '启动迅雷 ' is unknown.
Unnecessary (deactivated) entry that can be fixed.
  O9 - 浏览器额外的“工具”菜ࡕ 3;项: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\迅雷\迅雷\Thunder.exe (file missing)   
Unnecessarily  Unknown buttons or entries in the 'Extras'-menu should be fixed.
  To be fixed if the entry '启动迅雷 ' is unknown.
Unnecessary (deactivated) entry that can be fixed.
  O10 - 未知的文件在 Winsock LSP: c:\windows\system32\secur.dll   
Nasty  This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
  Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org.
  O10 - 未知的文件在 Winsock LSP: c:\windows\system32\secur.dll   
Nasty  This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
  Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org.
  O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com   
Safe.  This entry should be fixed if this address does not belong to your PC-manufacturer or your 'Internet-Service-Provider (ISP)'.
   
  O17 - HKLM\System\CCS\Services\Tcpip\..\{3BE8BEF2-D6B6-4A03-ADB3-A1FE0674BAC6}: NameServer = 202.102.192.68 202.102.199.68   
Possibly nasty  If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too.
  Do you know the IP or Domain '202.102.192.68 202.102.199.68'? If not, fix this entry.
  O17 - HKLM\System\CCS\Services\Tcpip\..\{A149991E-0C12-4B45-9D19-01CB3F7707F7}: NameServer = 202.102.192.68,202.102.199.68   
Possibly nasty  If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too.
  Do you know the IP or Domain '202.102.192.68,202.102.199.68'? If not, fix this entry.
  O23 - NT 服务: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - D:\KAV2006\KPfwSvc.EXE   
Unknown  These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
  Unknown service. (KPfwSvc.EXE)
  O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe   
Safe.  These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
  This service (nvsvc32.exe) was identified as a good one.
  O23 - NT 服务: UpdateService - Unknown owner - C:\WINDOWS\system32\UpdateService.exe   

我都不知道该怎么办，我看到的全发上来了，大虾门帮帮忙啦，谢谢....

引用:

【建能的贴子】O23 - NT 服务: UpdateService - Unknown owner - C:\WINDOWS\system32\UpdateService.exe 灰鸽子 ………………

是什么？？？我该咋办？？？

开始→运行→输入services.msc，打开“服务”→查找 UpdateService →双击→启动类型→禁止→停止→应用→确定。禁止UpdateService 这个服务

下载超级兔子。
http://www.pctutu.com/srmsdown.asp
安装好后，打开“超级兔子优化王”“专业卸载,卸载所有提示的垃圾软件，卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载。


请到http://forum.ikaka.com/topic.asp?board=67&artid=5188931，下载，LSPFix.exe，WinsockXPFix这两个软件
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows

运行LSPFix.exe
删除
secur.dll
附说明一份
LSPFix.exe这个软件主要用来辅助修复HijackThis扫描发现的O10项。
使用时，请关闭所有IE界面和文件夹界面后运行LSPFix，运行后，把要修复的那一个O10项从左边转到右边，点“Finish”即可。（不过这之前，需要在“I know what I`m doing”前面打勾。）
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
删除
C:\WINDOWS\system32\UpdateService.exe
c:\windows\system32\secur.dll

修复后重启，如果无法上网，请运行WinsockXPFix，让它修复一下。
回到正常模式，请再扫日志粘上来。

HijackThis_815汉化版扫描日志 V1.99.1
保存于      0:26:01, 日期 2006-8-20
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\KAV2006\KAVStart.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\KAV2006\KPFW32.EXE
C:\WINDOWS\System32\svchost.exe
D:\KAV2006\KPfwSvc.EXE
D:\KAV2006\KMailMon.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\wuauclt.exe
D:\新建文件夹\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: Shockwave Flash Object - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - C:\WINDOWS\system32\smflash.ocx
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4700.dll (file missing)
O4 - 启动项HKLM\\Run: [KavStart] "D:\KAV2006\KAVStart.exe" -startup
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KavPFW] "D:\KAV2006\KPFW32.EXE"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\迅雷\迅雷\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\迅雷\迅雷\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\迅雷\迅雷\Thunder.exe (file missing)
O9 - 浏览器额外的“工具”菜单项: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\迅雷\迅雷\Thunder.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BE8BEF2-D6B6-4A03-ADB3-A1FE0674BAC6}: NameServer = 202.102.192.68 202.102.199.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{A149991E-0C12-4B45-9D19-01CB3F7707F7}: NameServer = 202.102.192.68,202.102.199.68
O23 - NT 服务: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - D:\KAV2006\KPfwSvc.EXE
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

按你的说法操作后，日志如上...谢谢....接下来怎么办？？？

直接修复
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
下载超级兔子。
http://www.pctutu.com/srmsdown.asp
安装好后，打开“超级兔子清理王”“专业卸载,卸载所有提示的垃圾软件，卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载。
卸载完后，重启。
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。