发表于: 2007-03-12 23:51 | 只看楼主 短消息 资料
字号: 1楼

用HB_Hijackthis扫描的日志,请帮忙分析

Logfile of HijackThis v1.99.1
Scan saved at 23:25:13, on 2007-3-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\KAV2007\KWatch.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\KAV2007\KAVStart.exe
C:\WINDOWS\system32\ctfmon.exe
C:\KAV2007\KPFW32.EXE
C:\KAV2007\KMailMon.EXE
J:\dzh\internet\hypwise.exe
C:\KAV2007\KPfwSvc.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
J:\QQ\QQ.exe
J:\QQ\TIMPlatform.exe
J:\Maxthon\Maxthon.exe
J:\dzh\internet\hypmain.exe
J:\千千静听\TTPlayer.exe
C:\Documents and Settings\kong\桌面\ha_hijackthis_1991\HijackThis.exe

O1 - Hosts: 127.0.0.2 localhost
O2 - BHO: ThunderBHO - {08A312BA-5409-49FC-9347-54BB7D069AC6} - E:\迅雷下载\ComDlls\XunLeiBHO_006.dll
O2 - BHO: KAVAntiFishing - {55302805-482E-470E-8A57-6795A1487F90} - C:\KAV2007\KAVAFish.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [KavStart] "C:\KAV2007\KAVStart.exe" -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KavPFW] "C:\KAV2007\KPFW32.EXE"
O8 - Extra context menu item:  ←设置内容 - C:\Program Files\BBS帖子精灵\html\SetContent.htm
O8 - Extra context menu item:  ←设置标题 - C:\Program Files\BBS帖子精灵\html\SetTitle.htm
O8 - Extra context menu item:  →提取图片 - C:\Program Files\BBS帖子精灵\html\GetPic.htm
O8 - Extra context menu item:  →提取链接 - C:\Program Files\BBS帖子精灵\html\GetHref.htm
O8 - Extra context menu item:  →获取内容 - C:\Program Files\BBS帖子精灵\html\GetContent.htm
O8 - Extra context menu item:  →获取标题 - C:\Program Files\BBS帖子精灵\html\GetTitle.htm
O8 - Extra context menu item:  ∈提取全部图片 - C:\Program Files\BBS帖子精灵\html\GetAllPic.htm
O8 - Extra context menu item:  ∈获取Flash列表 - C:\Program Files\BBS帖子精灵\html\ListFlash.htm
O8 - Extra context menu item:  ⊙快速回复 - C:\Program Files\BBS帖子精灵\html\QuickNote.htm
O8 - Extra context menu item: &V使用Vagaa哇嘎下载 - J:\Vagaa\Data\vg.htm
O8 - Extra context menu item: &使用迅雷下载 - E:\迅雷下载\Program\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\迅雷下载\Program\getallurl.htm
O8 - Extra context menu item: Google 搜索(&G) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - J:\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 加入POCO网摘(&K) - http://my.poco.cn/fav/rightClick.php
O8 - Extra context menu item: 反向链接 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 我的POCO网摘(&O) - http://my.poco.cn/fav/open_myfav.php
O8 - Extra context menu item: 添加到QQ自定义面板 - J:\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - J:\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - J:\QQ\SendMMS.htm
O8 - Extra context menu item: 类似网页 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: 缓存的网页快照 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: 翻译英文字词(&T) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: 金山毒霸反钓鱼... - C:\KAV2007\KAF\ShowSet.htm
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - E:\迅雷下载\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - E:\迅雷下载\Thunder.exe
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - J:\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - J:\QQ\QQ.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\espi11.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espi11.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espi11.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espi11.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espi11.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {52FF336D-A05D-4A14-A3A1-7B6B4B427F88} (UploadControl Control) - http://blog.163.com/bin/UploadControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7805041F-66B8-4459-B605-9E99C7691F35}: NameServer = 218.57.200.3,202.102.128.68
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - J:\KuGoo\InExtend\KuGoo3DownXControl.ocx
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - J:\iPod\bin\iPodService.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\KAV2007\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\KAV2007\KWatch.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
最后编辑2007-03-12 23:51:04.360000000