Logfile of HijackThis v1.99.1
Scan saved at 16:22:19, on 2007-1-10
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
獥桴浴??橺摩??祱挮浯椯慭敧???硥e錀??????鍐???
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\Explorer.EXE
C:\WINNT\TEMP\RG1BAB.EXE
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINNT\system32\IdnMail.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Tencent\QQLive\MiniQQLive.exe
C:\WINNT\Download\svhost32.exe
C:\WINNT\system32\internat.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Zt2\SVCH0ST.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Wl2\lexplore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rx2\iexp1ore.exe
C:\WINNT\system32\MDM.EXE
C:\WINNT\system32\Rundll32.exe
C:\WINNT\msnmsgr.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\cmd.exe
C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE
C:\WINNT\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\cmd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.233\HijackThis.exe

O2 - BHO: IEMonitor Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} -

C:\Program Files\DeskAdTop\deskipn.dll
O2 - BHO: MyLoader Class - {09BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38} -

C:\Documents and Settings\All Users\Application

Data\Microsoft\Office\SYSTEMDATA\ggvg4geMni_2002.dll
O2 - BHO: (no name) - {35980F6E-A137-4E50-953D-813BB8556899} - (no

file)
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} -

C:\Documents and Settings\All Users\Application

Data\Microsoft\PCTools\pctools.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} -

C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} -

C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} -

C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: browser Class - {C86488AF-13D5-4FEF-9DDF-9FB88698CFC1} -

C:\Documents and Settings\All Users\Application

Data\Microsoft\Office\USERDATA\FCnq8oNlwG_2002.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} -

C:\WINNT\DOWNLO~1\CONFLICT.1\cnshook.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) -

{8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} -

C:\PROGRA~1\baidu\bar\baidubar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [win32 Autostart service] wdfmgr.exe
O4 - HKLM\..\Run: [Kernel] C:\WINNT\bboy.exe
O4 - HKLM\..\Run: [Folder Service] qjinfo.exe
O4 - HKLM\..\Run: [Windows netinfo Loader] netinfo.exe
O4 - HKLM\..\Run: [internet] C:\WINNT\system32\internet.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] uninst_quicktime.exe
O4 - HKLM\..\Run: [MS-4011 Memory Patch]

E:\syblp\BLP\TOOLS\RavSasser.exe -Patch
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend

Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [IdnMail] C:\WINNT\system32\IdnMail.exe
O4 - HKLM\..\Run: [SKYNET Personal FireWall]

C:\PROGRA~1\SKYNET\FIREWALL\PFW.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe

C:\WINNT\DOWNLO~1\CONFLICT.1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINNT\system32\Rundll32.exe

NMGameX.dll,LiveProcess /aa
O4 - HKLM\..\Run: [helper.dll] C:\WINNT\system32\rundll32.exe

C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [miniqqlive] "C:\Program

Files\Tencent\QQLive\MiniQQLive.exe"
O4 - HKLM\..\Run: [wl] C:\WINNT\Download\svhost32.exe
O4 - HKLM\..\Run: [r] C:\WINNT\down\rundll32.exe
O4 - HKLM\..\Run: [xy] C:\WINNT\Download\svhost32.exe
O4 - HKLM\..\Run: [mhs2] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhs2.exe
O4 - HKLM\..\Run: [wlzs2] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\8.exe
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [rxzs] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rxzs.exe
O4 - HKLM\..\Run: [Desktop] C:\WINNT\system32\rundll32.exe "C:\Program

Files\DeskAdTop\Run.dll" ,Rundll
O4 - HKLM\..\Run: [run1132] C:\WINNT\SMSS.EXE
O4 - HKLM\..\Run: [cmdbcs] C:\WINNT\SVCHOST.EXE
O4 - HKLM\..\Run: [wsvbs] C:\WINNT\Rundll32.exe
O4 - HKLM\..\RunServices: [win32 Autostart service] wdfmgr.exe
O4 - HKLM\..\RunServices: [Windows netinfo Loader] netinfo.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update]

uninst_quicktime.exe
O4 - HKLM\..\RunOnce: [CnsHook.dll] regsvr32 /s

C:\WINNT\DOWNLO~1\CONFLICT.1\CnsHook.dll
O4 - HKLM\..\RunOnce: [CnsMinEx.dll] regsvr32.exe /s
O4 - HKLM\..\RunOnce:

[3721C:\WINNT\DOWNLO~1\CONFLICT.1\cnshook.dll188791] regsvr32 /s

C:\WINNT\DOWNLO~1\CONFLICT.1\cnshook.dll
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [Windows netinfo Loader] netinfo.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] uninst_quicktime.exe
O4 - HKCU\..\Run: [Vagaa] "C:\Vagaa\Vagaa_2.6.4.1.exe" -tray
O4 - HKCU\..\Run: [myZt2]

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Zt2\SVCH0ST.EXE
O4 - HKCU\..\Run: [myWl2]

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Wl2\lexplore.exe
O4 - HKCU\..\Run: [myRx2]

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rx2\iexp1ore.exe
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: eBay易趣--全球商品一网打尽.lnk = C:\Program

Files\EbayShop\EbayShop.exe

O8 - Extra context menu item: &V使用Vagaa哇嘎下载 -

C:\Vagaa\Data\vg.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program

Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program

Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program

Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program

Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 访问通用网址 - C:\Program

Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: 中文域名 - {35980F6E-A137-4E50-953D-813BB8556899} -

C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: 中文域名 -

{35980F6E-A137-4E50-953D-813BB8556899} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Yahoo 3.5G电邮 -

{507F9113-CD77-4866-BA92-0E86DA3D0B97} -

http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file

missing)
O9 - Extra button: 名品折扣 - {59BC54A2-56B3-44a0-93E5-432D58746E26} -

http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid

=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/p

ro.php?allyesPara=816 (file missing)
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} -

C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 -

{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} -

C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} -

http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file

missing)
O9 - Extra button: 雅虎WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338}

- http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -

C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -

{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} -

C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ -

{c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program

Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} -

C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 -

{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program

Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file

missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} -

http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file

missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 -

{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} -

http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file

missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} -

http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file

missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 -

{FD00D911-7529-4084-9946-A29F1BDF4FE5} -

http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file

missing)
O11 - Options group: [!CNS]  中文上网
O11 - Options group: [CDNCLIENT]  中文上网
O15 - Trusted IP range: 134.105.64.164
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater

Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {7BD7A34E-F3EE-44B1-95A7-E04C2B7FB90C} (IDFlowViewX Control)

-

http://zjob.zjtelecom.cn/csscfg.nsf/AttachFile/IDFlowView/$FILE/IDFlowV

iew.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime

Environment 1.4.2) - http://www.ctuonline.com.cn/www/tools/jvm.exe
O16 - DPF: {977AEDDD-6591-49D6-8EA3-C0DF2440EE23}

(AddressDialogActiveForm Control) -

http://zjomh.zjtelecom.cn/csscfg.nsf/AttachFile/GeneralMailAddressDialo

g/$FILE/AddressDialogActiveFormProj.ocx
O16 - DPF: {AB70C611-DE79-4DB5-B637-CCA50876E4D8}

(passport.FileObjectCtrl) -

http://zjob.zjtelecom.cn/csscfg.nsf/AttachFile/passport/$FILE/passport.

CAB
O16 - DPF: {B2E71C7D-BDEC-458F-A0B9-83AD483BBBA2} (AdslTest Control) -

http://134.105.64.164:18001/ccatstep/ocx/client/PAdslTest.inf
O16 - DPF: {DC7094C6-8F61-42ED-AECE-63F5EEF647C5} (UpdateC2 Control) -

http://www.uusee.com/player/updateC2.cab
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy

Class) - http://im.qq.com/vqqsdl061107.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{ECDD58C4-8578-4653-B9BB-5CB341CF8086

}: NameServer = 134.96.32.27,218.74.122.74
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} -

C:\PROGRA~1\KuGoo3\InExtend\KUGOO3~1.OCX
O20 - AppInit_DLLs: 235780M.BMP
O23 - Service: 32275 - Unknown owner -

\\134.105.233.139\Admin$\eraseme_85687.exe (file missing)
O23 - Service: 33457 - Unknown owner -

\\134.105.233.139\Admin$\eraseme_36042.exe (file missing)
O23 - Service: 44473 - Unknown owner -

\\134.105.233.139\Admin$\eraseme_38446.exe (file missing)
O23 - Service: 45321 - Unknown owner -

\\134.105.233.139\Admin$\eraseme_08620.exe (file missing)
O23 - Service: 54780 - Unknown owner -

\\134.105.233.139\Admin$\eraseme_87617.exe (file missing)
O23 - Service: 67704 - Unknown owner -

\\134.105.233.139\Admin$\eraseme_60732.exe (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec

Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -

VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: eblikcw - Unknown owner -

\\134.105.231.19\E$\fnesvc32.exe" -service (file missing)
O23 - Service: System Local Kernel Service (kernel) - Unknown owner -

C:\Documents and Settings\All Users\Application

Data\Microsoft\Office\SYSTEM\SAqibk6bli.exe (file missing)
O23 - Service: lvelno - Unknown owner -

\\134.105.231.19\E$\znksvc32.exe" -service (file missing)
O23 - Service: OfficeScanNT 实时扫描 (ntrtscan) - Trend Micro Inc. -

C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT 个人防火墙 (OfcPfwSvc) - Trend Micro Inc. -

C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner -

F:\Oracle\Ora81\BIN\ONRSD.EXE (file missing)
O23 - Service: OracleOraHome81ManagementServer - Unknown owner -

F:\Oracle\Ora81\bin\OMSNTsrv.exe (file missing)
O23 - Service: PSEXESVC - Sysinternals - C:\WINNT\System32\PSEXESVC.EXE
O23 - Service: Smart Card Helper (SCardDrv) - Unknown owner -

C:\WINNT\system32\scardsvr32.exe (file missing)
O23 - Service: Server Advance (ServerAC) - Unknown owner -

C:\WINNT\system32\Security.exe (file missing)
O23 - Service: OfficeScanNT 侦听程序 (tmlisten) - Trend Micro Inc. -

C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: User Mode Driver-Manager - Unknown owner -

C:\WINNT\wdfmgrr.exe (file missing)
O23 - Service: Windows Management NetWork Service Extensions - Unknown

owner - NetManager.exe (file missing)
O23 - Service: Windows Messenger - Unknown owner - C:\WINNT\msnmsgr.exe

请下载SREng2（最新版） ，使用“智能扫描”，按下“扫描”按钮进行扫描，
扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。

下载地址
http://www.kztechs.com/sreng/download.html