Logfile of HijackThis v1.99.1
Scan saved at 22:34:57, on 2005-7-17
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\LLJAgent\KXAgentS.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\HTime\HTime.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Temp\realsched.exe
C:\Program Files\Sandai\ThunderMini\ThunderMini.exe
C:\Program Files\wsearch\Search.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\System32\Lasscspp2.exe
C:\PROGRA~1\360so\360Main.exe
C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE
C:\Program Files\DuDu\DDDClient\DuDuAcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DuDu\DDDClient\dudupros.exe
C:\WINDOWS\System32\wuauclt.exe
D:\Downloads\椅天2外挂\风云\yt2fy6.2\ProYT.exe
F:\QQ2005\QQ\QQ.exe
F:\QQ2005\QQ\TIMPlatform.exe
D:\Downloads\椅天2外挂\风云\yt2fy6.2\ProYT.exe
C:\Program Files\Winamp5\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\RUNDLL32.exe
F:\QQ2005\QQ\QQ.exe
F:\QQ2005\QQ\QQMail.exe
D:\系统维护软件\155847200541134207\HijackThis.exe

R3 - URLSearchHook: MyURLSearchHook Class - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - D:\DOWNLO~1\BT下载~1\P4P\ToolBar.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\ThunderBHO.dll
O2 - BHO: CPub Object - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - D:\Downloads\BT下载软件\P4P\SoDAIE.dll
O2 - BHO: 360搜 - {472101C2-1109-43f4-9112-31F33E3F2127} - C:\PROGRA~1\360so\360so.dll
O2 - BHO: DDDMon Class - {6BDE1669-B490-48E3-B668-456314F2D6C3} - C:\Program Files\DuDu\DddClient\dddiemon.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {B3ECCAC9-C7FA-462C-894B-8E9930A70E14} - C:\PROGRA~1\KuGoo\IEHELP~1.DLL
O2 - BHO: DragSearch BHO - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\YiSou\yisoub.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\YiSou\yisou.dll
O3 - Toolbar: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINDOWS\WORLD2\TOOLBAR\hmtoolbar.dll
O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
O3 - Toolbar: 魔兽世界直通车 - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} - D:\DOWNLO~1\BT下载~1\P4P\ToolBar.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HTime] C:\Program Files\HTime\HTime.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [TkBellExe] "d:\Temp\realsched.exe"  -osboot
O4 - HKLM\..\Run: [thunder_mini] C:\Program Files\Sandai\ThunderMini\ThunderMini.exe
O4 - HKLM\..\Run: [MoveSearch] C:\Program Files\wsearch\Search.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [Super Rabbit SRRestore] C:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave
O4 - HKLM\..\Run: [迅雷4] C:\Program Files\Sandai Technologies Inc\Thunder\TDUpdate.exe
O4 - HKLM\..\Run: [360Main.exe] C:\PROGRA~1\360so\360Main.exe
O4 - HKLM\..\Run: [pppcs] Lasscspp2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /load
O4 - HKCU\..\Run: [Super Rabbit Desktop Search] C:\Program Files\Super Rabbit\MagicSet\srsearch.exe
O4 - Global Startup: DuDu加速器.lnk = C:\Program Files\DuDu\DDDClient\DuDuAcc.exe
O4 - Global Startup: 桌面传媒.lnk = ?
O8 - Extra context menu item: &使用DuDu 加速器下载 - res://C:\Program Files\DuDu\DddClient\dddmext.dll/202
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Sandai Technologies Inc\Thunder\getAllurl.htm
O8 - Extra context menu item: &使用迷你迅雷下载 - C:\Program Files\Sandai\ThunderMini\geturl.htm
O8 - Extra context menu item: 使用Kugoo下载 - C:\PROGRA~1\KUGOO\KugooDownX.htm
O8 - Extra context menu item: 使用搜狗直通车下载 - D:\DOWNLO~1\BT下载~1\P4P\dl.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - F:\QQ2005\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - F:\QQ2005\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\QQ2005\QQ\SendMMS.htm
O8 - Extra context menu item: 百度-搜索MP3 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度-搜索图片 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度-搜索新闻 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度-搜索歌词 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度-搜索网页 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度-搜索贴吧 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 百度-词典搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDU_DIC.HTM
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_changcheng_66125 (file missing)
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: 下载管理 - {3DB9F45E-AA74-4373-A466-C18A9F1C500D} - C:\Program Files\DuDu\DddClient\DuDuAcc.exe
O9 - Extra 'Tools' menuitem: 下载管理 - {3DB9F45E-AA74-4373-A466-C18A9F1C500D} - C:\Program Files\DuDu\DddClient\DuDuAcc.exe
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: SoQ - {8F67DCF3-B1DF-4A39-A787-3775784BF737} - http://www.soq.com (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: 乃癟QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://origin-www.ahn.com.cn/aspservice/plugin/myv3.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F4DF7DF-9DA6-41D2-A477-3FEF52B98D4D}: NameServer = 218.77.31.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9ADC6E0-E10F-4F2B-9AEC-5E88DAEE9EAA}: NameServer = 218.77.31.200 220.169.127.170
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F4DF7DF-9DA6-41D2-A477-3FEF52B98D4D}: NameServer = 218.77.31.200
O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\System32\mbprot.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\SoDAHK.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: KXAgent Service (KXAgentService) - SmartDove - C:\Program Files\LLJAgent\KXAgentS.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: P4P Service - Sohu R&D - D:\Downloads\BT下载软件\P4P\p2psvr.exe

还有里面的这条是什么意思啊:HKLM\..\Run: [pppcs] Lasscspp2.exe是不是也是病毒?

我在线等各位高手指教

斑竹在吗?帮帮我撒

灰鸽子没看到，日志我再看看

把那个Lasscspp2.exe传上来看看。

另外卸载网络猪（划词搜索）、DuDu加速器，还有那个什么360搜是个什么玩意？

哦,谢谢,那这条是什么?:HKLM\..\Run: [pppcs] Lasscspp2.exe

【回复“NO2000”的帖子】没见到灰鸽子注册的系统服务项。
但不知道下面这项是什么：
O4 - HKLM\..\Run: [pppcs] Lasscspp2.exe。

怎么传?

好象也是木马,但是每次都杀不掉