HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 2:13:07, on 2006-1-22
Platform: Unknown Windows (WinNT 5.02.3790

SP1)
MSIE: Internet Explorer v6.00 SP1

(6.00.3790.1830)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\Program Files\rising\Rav\Ravmond.exe
C:\Program Files\rising\Rav\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI

Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\capp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\rising\Rav\RavTask.exe
C:\Program Files\rising\Rav\Ravmon.exe
C:\Program Files\ATI

Technologies\ATI.ACE\CLI.exe
D:\pc\UC2005\uc.exe
D:\zy\MyIE402B0525GB[1]\MyIE.exe
C:\Program Files\Internet

Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.6

56\HijackThis.exe

O2 - BHO: (no name) -

{33BBE430-0E42-4f12-B075-8D21ACB10DCB} -

C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll

(file missing)
O2 - BHO: (no name) -

{35980F6E-A137-4E50-953D-813BB8556899} -

C:\WINDOWS\system32\CdnIEHlp.dll
O2 - BHO: QQIEHelper -

{54EBD53A-9BC1-480B-966A-843A333CA162} -

D:\pc2\QQIEHelper.dll
O2 - BHO: YDragSearch -

{62EED7C6-9F02-42f9-B634-98E2899E147B} -

C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.D

LL (file missing)
O2 - BHO: Google Web Accelerator Helper -

{69A87B7D-DE56-4136-9655-716BA50C19C7} -

C:\Program Files\Google\Web

Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) -

{A5366673-E8CA-11D3-9CD9-0090271D075B} -

C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: IE -

{D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no

file)
O2 - BHO: (no name) -

{F5824EFB-728A-4726-A5A5-85A68B20EDC3} -

C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - Toolbar: Google Web Accelerator -

{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} -

C:\Program Files\Google\Web

Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: FlashGet Bar -

{E0E899AB-F487-11D5-8D29-0050BA6940E3} -

C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) -

{F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no

file)
O3 - Toolbar: ????? -

{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} -

C:\WINDOWS\system32\KakaTool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1]

"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil

/RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

/SYNC
O4 - HKLM\..\Run: [PHIME2002A]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

/IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program

Files\ATI Technologies\ATI.ACE\cli.exe"

runtime
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [MSSER]

C:\WINDOWS\system32\appmgmt\msser.exe
O4 - HKLM\..\Run: [CApp]

C:\WINDOWS\system32\capp.exe
O4 - HKLM\..\Run: [IMSCMIG40W]

C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMS

CMIG.EXE /SetPreload /Log
O4 - HKLM\..\Run: [StormCodec_Helper]

"C:\Program Files\Ringz Studio\Storm

Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [MiniPcast] C:\Program

Files\pcast\PodcastbarMini\start.exe
O4 - HKLM\..\Run: [BigDogPath]

C:\WINDOWS\VM_STI.EXE 10moons USB PC Camera

(ZC0301PL)
O4 - HKLM\..\Run: [RavTask] "C:\Program

Files\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [CnsMHlp.exe]

C:\WINDOWS\Downloaded Program

files\CnsMHlp.exe
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: ntuser.pol
O4 - Startup: Sti_Trace.log
O4 - Startup: wiadebug.log
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O4 - Global Startup: ntuser.pol
O8 - Extra context menu item: 上传到QQ网络硬

盘 - D:\pc2\AddToNetDisk.htm
O8 - Extra context menu item: 使用Kugoo下载 -

D:\Program Files\KuGoo\KugooDownX.htm
O8 - Extra context menu item: 使用网际快车下

载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下

载全部链接 - C:\Program

Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到

Microsoft Excel(&x) -

res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE

/3000
O8 - Extra context menu item: 收藏此页到ViVi

- http://vivi.sina.com.cn/collect/click.php?

agent=ddt
O8 - Extra context menu item: 新浪搜索 -

http://cha.sina.com.cn/ddt.html
O8 - Extra context menu item: 添加到QQ自定义

面板 - D:\pc2\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 -

D:\pc2\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该

图片 - D:\pc2\SendMMS.htm
O8 - Extra context menu item: 访问通用网址 -

C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: QQ (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O10 - Unknown file in Winsock LSP:

c:\windows\system32\cdnns.dll
O11 - Options group: [!CNS] 
O11 - Options group: [CDNCLIENT] 
O16 - DPF:

{3D8F74EE-8692-4F8F-B8D2-7522E732519E}

(WebActivater Control) -

http://game.qq.com/QQGame2.cab
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/

V5Controls/en/x86/client/wuweb_site.cab?10815

00223828
O16 - DPF:

{73E4740C-08EB-4133-896B-8D0A7C9EE3CD}

(AxInputControl Class) -

https://mybank.icbc.com.cn/icbc/perbank/AXSaf

eControls.cab
O16 - DPF:

{9F1C11AA-197B-4942-BA54-47A8489BB47F} -

http://v4.windowsupdate.microsoft.com/CAB/x86

/unicode/iuctl.CAB?38473.8998032407
O16 - DPF:

{D27CDB6E-AE6D-11CF-96B8-444553540000}

(Shockwave Flash Object) -

http://download.macromedia.com/pub/shockwave/

cabs/flash/swflash.cab
O16 - DPF:

{FEE1002D-90A5-4A5D-AABE-01803FFBCF7A}

(pCastPanel Class) -

http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0

.76_20051110.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{E7A96086-3

F84-43CE-8198-84D985B74D82}: NameServer =

202.96.209.5

C:\WINDOWS\system32\capp.exe 

O4 - HKLM\..\Run: [CApp]
C:\WINDOWS\system32\capp.exe

以下解决办法是网上找的：
capp.exe是一只不为人知的，极具恶性的木马，它会悄然入驻你的电脑，令你的电脑运行受阻，经常你象死机了一样。

在开机时，木马克星会报告说发现木马，文件名为c:\\windows\\system32\\capp.exe找到此文件后想删除此文件，然而系统但不让删，并且此木马在注册表和注册为自启动，在注册表中又不能将其删除。如果你不幸中了此木马的话，就请接着往下看吧。

要想删除此木马有这样几种方法：

1、升级瑞星杀毒软件到最新版本和最新病毒库。

2、升级木马克星到最新病毒库。

3、这种方法就是所采用的方法：

在cmos中设置计算机为光盘启动，然后用一张启动光盘启动计算机，将计算机启动到DOS状态，再执行以下命令序列：

c:
cd\\windows\\system32
del capp.exe
将光盘取出，重新启动计算机即可。

只有这一个病毒吗?是什么病毒呀?叫什么名字?又没有中灰鸽子呀?又没有盗我密码的病毒?