HijackThis_zww汉化版扫描日志 V1.99.1
保存于      13:36:13 上午, 日期 2006-04-07
操作系统：  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器：    Unable to get Internet Explorer version!

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\WINNT\system32\Rundll32.exe
D:\Winamp\Winampa.exe
C:\Program Files\Super Rabbit\MagicSet\DS.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\Internat.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\VnetClient1.6\VnetClient.exe
D:\TT\TTraveler.exe
C:\WINNT\explorer.exe
E:\Program Files\QQ\QQ.exe
E:\Program Files\QQ\TIMPlatform.exe
D:\系统工具\HijackThis1991zww.exe

O2 - BHO: FiltrateWebObj Class - {42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} - (no file)
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\KakaTool.dll
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "G:\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - 启动项HKLM\\Run: [Welcome] ; Welcome.exe /R
O4 - 启动项HKLM\\Run: [MeIEAzddr] Rundll32.exe "C:\WINNT\system32\GrnvAddrN.dll",Boot
O4 - 启动项HKLM\\Run: [WinampAgent] "D:\Winamp\Winampa.exe"
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [Super Rabbit Desktop Set] C:\Program Files\Super Rabbit\MagicSet\DS.EXE /Load
O4 - 启动项HKLM\\Run: [KAVPersonal50] "E:\Program Files\KB\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKCU\..\Run: [Internat.exe] Internat.exe
O4 - HKCU\..\Run: [KuGoo3] ; "G:\Kugoo\KuGoo3\KuGoo.exe"
O4 - HKCU\..\Run: [MsnMsgr] ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] ; C:\WINNT\system32\DrvMon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - 浏览器额外的按钮: 相关站点 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: 相关站点 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的按钮: 百万图库 - {6713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/star (file missing) (HKCU)
O9 - 浏览器额外的“工具”菜单项: 百万图库 - {6713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/star (file missing) (HKCU)
O9 - 浏览器额外的按钮: 铃声图片下载 - {7713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/sms/index.htm (file missing) (HKCU)
O9 - 浏览器额外的“工具”菜单项: 铃声图片下载 - {7713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/sms/index.htm (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136200953866
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solutions/ie/bridge-c9.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {ACFE8232-03C5-4AEC-AF5E-42B806724096} (KSHScan Control) - http://safe.qq.com/scan/KAllScan.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {FB812CBB-A87E-4BA6-BD49-7C984D192EBB} (Cdrawer Object) - http://www.cpd.com.cn/code/bk_htmlview.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9962ABB-1710-4801-A545-EDCDA0C561DB}: NameServer = 202.96.128.166 202.96.128.86
O23 - NT 服务: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: kavsvc - Kaspersky Lab - E:\Program Files\KB\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - NT 服务: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - NT 服务: Updata Server - Unknown owner - C:\WINNT\G_Server1.2.exe (file missing)

O23 - NT 服务: Updata Server - Unknown owner - C:\WINNT\G_Server1.2.exe (file missing)


这个有点可疑

【回复“尐葉”的帖子】
结束如下进程
C:\Program Files\Media Gateway\MediaGateway.exe

修复
O4 - 启动项HKLM\\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - 启动项HKLM\\Run: [Welcome] ; Welcome.exe /R
O4 - 启动项HKLM\\Run: [MeIEAzddr] Rundll32.exe "C:\WINNT\system32\GrnvAddrN.dll",Boot
O23 - NT 服务: Updata Server - Unknown owner - C:\WINNT\G_Server1.2.exe (file missing)

进入注册表
搜索G_Server1.2.exe
删除该文件所在的系统服务文件夹

卸载
C:\Program Files\Media Gateway\

删除
C:\Program Files\Media Gateway\
C:\WINNT\system32\GrnvAddrN.dll

＝＝＝＝＝＝＝＝＝＝＝＝＝

另外查看一下Welcome.exe的路径

O2 - BHO: FiltrateWebObj Class - {42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} - (no file)
修复
O23 - NT 服务: Updata Server - Unknown owner - C:\WINNT\G_Server1.2.exe (file missing)
不错 灰鸽子 参考顶置的贴子

Welcome.exe路径:C:\WINNT

引用:

【尐葉的贴子】Welcome.exe路径:C:\WINNT ...........................

删除之

谢了