HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 15:19:53, on 2006-2-16
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
d:\PROGRA~1\MICROS~2\MSSQL\binn\sqlservr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\msdtc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Rundll32.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINNT\svchost.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\和悦网络电话\HeyyoClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\Thunder Network\Thunder\Thunder.exe
C:\WINNT\system32\dllhost.exe
C:\WINNT\system32\dllhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~e5d141.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~e5d141.tmp
E:\设计部工作日志\工程1.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Tencent\QQ\QQMail.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\conime.exe
C:\WINNT\system32\ping.exe
D:\一些工具\scanner\scanner\scanner.exe
F:\软件\系统扫描\HijackThis.exe

O1 - Hosts: 202.85.22.10 bbs.100free.net
O1 - Hosts: 202.85.22.10 100free.net
O1 - Hosts: 202.85.22.10 www.100free.net
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v13.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\downlo~1\CnsHook.dll
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: ????? - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\kakatool.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [rfw] C:\Program Files\rising\Rfw\Rfw.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [DAEMON Tools-2052] "C:\Program Files\D-Tools\daemon.exe"  -lang 2052
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s
O4 - HKLM\..\Run: [SYSWIN] C:\WINNT\svchost.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: sd.asp
O4 - Startup: F.COM
O4 - Startup: 100!.TXT
O4 - Global Startup: ntuser.pol
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O11 - Options group: [!CNS] 
O16 - DPF: {08D91289-1761-4006-8294-FDE48B9F29BD} - http://www.wave12.com/product/wsReport.ocx
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {C5D0DFF5-6D39-4F98-88CD-12E8430A6300} (clienttime.client) - http://www.time.ac.cn/times/client.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19D74775-1413-496B-BCC3-B15B2BD4E37E}: NameServer = 211.90.8.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{39D12313-9EB3-4047-ABC3-C3E051B19F6A}: NameServer = 211.90.8.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{584D3374-F098-4B0F-A319-77B673B28385}: NameServer = 211.90.8.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{19D74775-1413-496B-BCC3-B15B2BD4E37E}: NameServer = 211.90.8.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{19D74775-1413-496B-BCC3-B15B2BD4E37E}: NameServer = 211.90.8.129
O17 - HKLM\System\CS3\Services\Tcpip\..\{19D74775-1413-496B-BCC3-B15B2BD4E37E}: NameServer = 211.90.8.129

http://forum.ikaka.com/topic.asp?board=28&artid=6979213
下载HIJACKTHIS
重新导出日志