任务栏里输入法看不见，瑞星也看不见，也不能升级，监控打不开。。。请帮忙分析日志。。。
多谢了。
HijackThis_815汉化版扫描日志 V1.99.1
保存于      22:08:58, 日期 2008-6-12
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msgeg.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\bak\bingdu\shaomiao\HijackThis1991zww.exe
R3 - URLSearchHook: (no name) - ?{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sichost.exe
O2 - BHO: QQCycloneHelper - ?{00000000-12C9-4305-82F9-43058F20E8D2} - (no file)
O2 - BHO: (no name) - ?{0C7C23EF-A848-485B-873C-0ED954731014} - (no file)
O2 - BHO: ThunderBHO - ?{889D2FEB-5411-4565-8998-1DD2C5261283} - (no file)
O2 - BHO: (no name) - ?{9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - ?{AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - ?{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: jkhxaklo.dll - {14698742-2059-3025-9058-954023874141} - C:\WINDOWS\system32\jkhxaklo.dll (file missing)
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll (file missing)
O2 - BHO: nhmxcjkl.dll - {37AC9076-C898-B098-D098-A18319080973} - C:\WINDOWS\system32\nhmxcjkl.dll (file missing)
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: mndhddwd.dll - {4C648541-1025-9650-9057-6541258720C4} - C:\WINDOWS\system32\mndhddwd.dll (file missing)
O2 - BHO: mndsfsrv.dll - {67FD640A-158F-48AC-FD14-1597F14A9776} - C:\WINDOWS\system32\mndsfsrv.dll (file missing)
O2 - BHO: zxmscwin.dll - {6A041F13-A111-12A3-B0CF-F99818AA68A6} - C:\WINDOWS\system32\zxmscwin.dll (file missing)
O2 - BHO: mnmhfsrv.dll - {6C8D1401-A58D-A81C-CD24-A5915C4517C6} - C:\WINDOWS\system32\mnmhfsrv.dll (file missing)
O2 - BHO: ypcqfhlp.dll - {70AF1289-F140-A140-D012-C1458759FC07} - C:\WINDOWS\system32\ypcqfhlp.dll (file missing)
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:\WINDOWS\system32\mnmhgsrv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: yzztimsn.dll - {9490415F-65F8-B5C5-D8BA-9405FB120549} - C:\WINDOWS\system32\yzztimsn.dll (file missing)
O3 - IE工具栏增项: (no name) - ?{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup
O4 - 启动项HKLM\\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [HBmhly] "C:\WINDOWS\system32\HBmhly.exe" -r
O4 - Global Startup: self.bat
O8 - IE右键菜单中的新增项目: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O9 - 浏览器额外的按钮: 浩方对战平台 - ?{0A155D3C-68E2-4215-A47A-E800A446447A} - C:\WINDOWS\system32\shdocvw.dll
O9 - 浏览器额外的按钮: 信息检索 - ?{92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: 知识库 - {06926B30-424E-4f1c-8EE3-543CD96573DC} - http://blank.la/?h (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} (PhotoDraw Class) - http://imgcache.qq.com/qzone/client/photo/pages/QQPhotoDrawSetup.exe
O16 - DPF: {34E23F0A-1F7A-423B-826A-BB780154357D} (SursenReaderX Class) - http://book.du8.com/read/SursenReaderOcx.cab
O16 - DPF: {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} (Tencent Safety Online Base Module) - http://safe.qq.com/cgi-bin/tso/TSOBase.ocx
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (PasswordEditCtrl Class) - https://password.qq.com/download/qqedit2.cab
O18 - 列举现有的协议: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: SysWmWacz.dll,yzztimsn.dll SysDaJcHv.dll,nhmxcjkl.dll,msosmhap00.dll,ytewcxzsw.dll,nicozftp00.dll,msosdohs00.dll,msoscqet00.dll,oooooo.dll,aaaaaa.dll,zzzzzz.dll,ieprot.dll
O21 - SSODL: midimaptl - {4F4F0064-71E0-4f0d-0017-708476C7815F} - C:\WINDOWS\system32\midimaptl.dll (file missing)
O21 - SSODL: midimapwd - {4F4F0064-71E0-4f0d-0018-708476C7815F} - C:\WINDOWS\system32\midimapwd.dll (file missing)
O21 - SSODL: midimapzx - {4F4F0064-71E0-4f0d-0005-708476C7815F} - C:\WINDOWS\system32\midimapzx.dll (file missing)
O23 - NT 服务: IE Security Service (msyaxk) - Unknown owner - C:\WINDOWS\system32\msgeg.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: operion - Unknown owner - C:\WINDOWS\system32\viscvc.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务: windowsupdata - Unknown owner - C:\WINDOWS\system32\tcpip.exe (file missing)
＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; (R1 1.5); .NET CLR 1.1.4322)

请楼主看下版规
http://bbs.ikaka.com/attachment.aspx?attachmentid=399427
用这链接的扫日志，

发现马群，不过不太懂hj日志，郁闷……

我更搞不懂：（最可恨的是切换不了输入法

用SRENG扫描工具扫个日志
下载地址：http://bbs.ikaka.com/attachment.aspx?attachmentid=399427

操作中，，，谢谢

O4 - 启动项HKLM\\Run: [HBmhly] "C:\WINDOWS\system32\HBmhly.exe" -r
O4 - Global Startup: self.bat

O23 - NT 服务: IE Security Service (msyaxk) - Unknown owner - C:\WINDOWS\system32\msgeg.exe
O23 - NT 服务: operion - Unknown owner - C:\WINDOWS\system32\viscvc.exe
O23 - NT 服务: windowsupdata - Unknown owner - C:\WINDOWS\system32\tcpip.exe (file missing)

输入法

http://bbs.ikaka.com/showtopic-8513695.aspx
12楼

这只是其中一小部分，BHO方面有大量木马……

HJ扫描日志不全面，建议用SRENG扫描日志分析……

BHO的小东东，没心情看了！

我裸了半年了，麻木了！

我就看下驱动、服务、启动项！