Logfile of HijackThis v1.97.2
Scan saved at 5:46:26, on 2005-8-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\msnsmgs.exe
C:\Program Files\Common Files\GoldenSoft\ChannelRg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\iscsiexe.exe
C:\Program Files\Fantasy\nzLandskcli\nzlancli.exe
F:\HijackThis.exe
C:\WINDOWS\system32\regsvr32.exe

R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [Windows Messenger] msnsmgs.exe
O4 - HKLM\..\RunServices: [Windows Messenger] msnsmgs.exe
O4 - HKCU\..\Run: [Windows Messenger] msnsmgs.exe
O4 - HKCU\..\RunServices: [Windows Messenger] msnsmgs.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: ntuser.pol
O4 - Startup: ysb.exe
O4 - Startup: ysb2.exe
O4 - Startup: top2.exe
O4 - Startup: lc2.exe
O4 - Startup: top.exe
O4 - Startup: lc.exe
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll

R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O4 - HKLM\..\Run: [Windows Messenger] msnsmgs.exe
O4 - HKLM\..\RunServices: [Windows Messenger] msnsmgs.exe
O4 - HKCU\..\Run: [Windows Messenger] msnsmgs.exe
O4 - HKCU\..\RunServices: [Windows Messenger] msnsmgs.exe
O4 - Startup: ysb2.exe
O4 - Startup: top2.exe
O4 - Startup: lc2.exe
如果使用了系统还原，请先关闭。
请关闭所有浏览器窗口和文件夹窗口, 在安全摸试下修复上面几项)（如果你清楚某项是安全的，可以不处理）