HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 20:26:31, on 2006-5-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
D:\Program Files\Rav\CCenter.exe
C:\WINDOWS1\System32\svchost.exe
D:\Program Files\Rav\Ravmond.exe
C:\WINDOWS1\Explorer.EXE
d:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS1\system32\spoolsv.exe
D:\Program Files\Rav\RavStub.exe
d:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS1\system32\svchost.exe
D:\Program Files\Rav\RavTask.exe
D:\Program Files\Rav\Ravmon.exe
C:\WINDOWS1\VM_STI.EXE
C:\WINDOWS1\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yayad\AdPop.Exe
D:\Program Files\REAL\RealPlay.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\王子\桌面\HijackThis.exe

O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS1\system32\xunleibho_v14.dll
O2 - BHO: Ad Engine - {077FD0C3-1291-4104-A356-41E36B252682} - C:\Program Files\Yayad\AdCore.dll
O2 - BHO: (no name) - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS1\system32\NaviHelper.dll
O3 - Toolbar: ????? - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS1\system32\kakatool.dll
O3 - Toolbar: ????? - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\Program Files\Kingsoft\FastAIT 2006\IEBand.dll
O4 - HKLM\..\Run: [RavTask] "D:\Program Files\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS1\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS1\system32\ctfmon.exe
O4 - HKLM\..\RunOnce: [RavStub] "D:\Program Files\Rav\ravstub.exe" /RUNONCE
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\XUNLEI\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\XUNLEI\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\qq\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\qq\SendMMS.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://www.ppstream.com/bin/powerplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28B3FF58-92B4-4759-97D8-B67036014688}: NameServer = 202.103.96.112,202.103.96.68

HijackThis版本太老，日志不全
在http://forum.ikaka.com/topic.asp?board=28&artid=6979213第1楼附件中重新下载HijackThis再扫一次。