打开IE 利用率100%
Logfile of HijackThis v1.99.1
Scan saved at 上午 08:47:54, on 2006/5/11
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Common Files\SAND\client.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\TEMP\MO737F.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\iexplore.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\Rundll32.exe
D:\Program Files\IDMan.exe
C:\Program Files\Microsoft Office\Office\1028\msoffice.exe
C:\WINNT\system32\mdm.exe
D:\Program Files\Tencent\TT\TTraveler.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\mfg09lw\LOCALS~1\Temp\Rar$EX00.235\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\IDMIECC.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8}? - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}? - (no file)
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627}? - (no file)
O2 - BHO: (no name) - {2E7D3330-EB94-4518-B0FE-E05379A5C1DA}? - (no file)
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB}? - (no file)
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410}? - (no file)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162}? - (no file)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B}? - (no file)
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~2.DLL
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191}? - (no file)
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINNT\SYSTEM32\stdup.dll
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838}? - (no file)
O2 - BHO: (no name) - {95F2C82E-F0CE-4842-B565-2274EACC5FB9}? - (no file)
O2 - BHO: (no name) - {AEF6F648-78D8-4456-BEE7-5ADE23D209FD}? - (no file)
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000}? - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4}? - (no file)
O3 - Toolbar: 收音機(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {2E7D3330-EB94-4518-B0FE-E05379A5C1DA}? - (no file)
O3 - Toolbar: (no name) - {15ADF205-4C54-4cfe-AC88-1EA0BA6D06A0}? - (no file)
O3 - Toolbar: 縐縐奻厙假翑忒 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\kakatool.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [OfficeScan WinNT 監控程式] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINNT\system32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - HKLM\..\Run: [電子流氓兔] E:\休息時間\陸鼎記flash\新資料夾\賤兔程式.exe
O4 - HKLM\..\Run: [hbpassport] C:\PROGRA~1\HBClient\hbast.exe
O4 - HKLM\..\Run: [OfficeScan WinNT 菏北?Α] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Microsoft] C:\WINNT\system32\iexplore.exe
O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDAT\Update.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] D:\Program Files\IDMan.exe /onboot
O4 - HKCU\..\Run: [MyAssist] D:\Program Files\Pixwares\MyAssist\myassist.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item:  >> 粗陓楷冞 << - res://C:\PROGRA~1\MMSASS~1\MMSASS~2.DLL/mms.htm
O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\IEExt.htm
O8 - Extra context menu item: 新增到QQ自定義面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 新增到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ MMS傳送該圖片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 手機短信 - {00000000-0000-0001-0001-596BAEDD1289}? - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: 都蚚厙硊 - {36B39F01-7B48-44AD-A165-5849CD8EF562}? - C:\WINNT\system32\SHDOCVW.DLL
O9 - Extra button: Yahoo 1G電郵 - {507F9113-CD77-4866-BA92-0E86DA3D0B97}? - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 尋寶樂趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26}? - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上網助手 - {5D73EE86-05F1-49ed-B850-E423120EC338}? - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~2.DLL
O9 - Extra 'Tools' menuitem: MMSAssist馱撿沭扢离 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~2.DLL
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191}? - C:\PROGRA~1\MMSASS~1\MMSASS~2.DLL
O9 - Extra 'Tools' menuitem: MMSAssist馱撿沭扢离 - {6671A433-5C3D-463d-A7CF-5587F9B7E191}? - C:\PROGRA~1\MMSASS~1\MMSASS~2.DLL
O9 - Extra button: Joyo - {8DE0FCD4-5EB5-11D3-AD25-00002100131B}? - C:\WINNT\system32\IEPlugin.dll
O9 - Extra button: ZDNet - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8}? - C:\WINNT\system32\IEPlugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b}? - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 騰訊QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b}? - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ嚃粗馱撿沭扢离 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}? - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}? - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修復瀏覽器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}? - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5}? - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上網記錄 - {FD00D911-7529-4084-9946-A29F1BDF4FE5}? - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra button: 啃勀芞踱 - {6713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/star (file missing) (HKCU)
O9 - Extra button: 鍊汒芞狟婥 - {7713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/sms/index.htm (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\idmmbc.dll
O11 - Options group: [!CNS]  網絡實名
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (毞狟刲坰) - http://iebar.t2t2.com/iebar.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = liteonauto.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{66E1CABB-CE32-4B3D-AC4D-B0A5B7E17D27}: NameServer = 192.168.1.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = liteonauto.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{66E1CABB-CE32-4B3D-AC4D-B0A5B7E17D27}: NameServer = 192.168.1.2
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = liteonauto.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{66E1CABB-CE32-4B3D-AC4D-B0A5B7E17D27}: NameServer = 192.168.1.2
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~2.DLL
O23 - Service: Indexing Service (cisvc) - Unknown owner - C:\WINNT\System32\cisvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: OfficeScanNT 即時掃瞄 (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINNT\System32\locator.exe
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINNT\System32\rsvp.exe
O23 - Service: Network IPSEC Connections (SOCEESe) - Analog Devices, Inc. - (no file)
O23 - Service: OfficeScanNT 監聽程式 (tmlisten) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Universal Disk Manager - Unknown owner - C:\Program Files\Common Files\SAND\client.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINNT\System32\ups.exe