HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 17:25:49, on 2007-3-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system\SVCH0ST.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
C:\WINDOWS\system\REM0REG.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\system32\MSRundll.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Maxthon\Maxthon.exe
c:\PROGRA~1\iesnap\navplay.exe
C:\WINDOWS\Logo1_.exe
C:\WINDOWS\system32\conime.exe
C:\Documents and Settings\Administrator\桌面\新建文件夹\HijackThis.exe

R3 - URLSearchHook: ContextSearch Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - C:\PROGRA~1\yok\toolbar.dll
O1 - Hosts: 222.191.251.67 www.jayy.org
O1 - Hosts: 222.191.251.67 sou4.m369m.com
O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - E:\
O2 - BHO: Ad Engine - {077FD0C3-1291-4104-A356-41E36B252682} - C:\Program Files\Yayad\AdCore.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\My Documents\jccatch.dll (file missing)
O2 - BHO: (no name) - {41BE3A3D-6E4B-43F4-AAEB-5B4E95971968} - C:\WINDOWS\system32\kaftlxuu.dll
O2 - BHO: (no name) - {4CB7ADE3-8D0F-036A-3EC5-E3455D07DF11} - C:\WINDOWS\system32\vibjaysy.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\QQ\QQIEHelper.dll
O2 - BHO: (no name) - {634539A8-7FA8-45E2-8DC3-253AF98548A1} - C:\WINDOWS\system\MFS0FT.DLL
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O2 - BHO: (no name) - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\PROGRA~1\yok\toolbar.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\
O2 - BHO: (no name) - {ED863792-FADB-4D21-8B20-409DA940B7A2} - C:\WINDOWS\system\PDFAid.dll
O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\My Documents\getflash.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [rjnkifl] C:\WINDOWS\system32\rjnkifl.exe
O4 - HKLM\..\Run: [yok.exe] C:\Program Files\yok\yok.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用迅雷下载 - E:\
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\
O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\vision\vision.dll/mms.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: QQ (HKLM)
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153501688372
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6B977DD-3168-49F6-8B77-8F69161728E9}: NameServer = 202.96.104.17 202.96.104.15

中威金了,先用专杀杀下再扫SRENG日志上来吧