今天终于下载了大名鼎鼎的HijackThis ,但由于个人的电脑知识实在有限,扫描的结果自己没有能力全读懂
劳烦达人帮忙分析一下,我想对于其他的朋友也会有很大帮助的。
预先感谢各位乐于帮忙的达人,小妹在这先谢过大家了。
Logfile of HijackThis v1.99.1
Scan saved at 04:55, on 06-6-29
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
E:\KASPERSKY ANTI-VIRUS PERSONAL PRO\KAVSVC.EXE
C:\WINDOWS\EXPLORER.EXE
E:\KASPERSKY ANTI-VIRUS PERSONAL PRO\KLSWD.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\CNXDSLTB.EXE
E:\KASPERSKY ANTI-VIRUS PERSONAL PRO\KAV.EXE
C:\WINDOWS\SYSTEM\W98EJECT.EXE
D:\KASPERSKY LAB\KASPERSKY ANTI-HACKER\KAVPF.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
D:\应用软件\FIREWALL\PFW.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\软件\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\WINDOWS\SYSTEM\CnxDslTb.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [KAVPersonal50] "E:\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [kavsvc] "E:\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"
O4 - Startup: w98Eject.lnk = C:\WINDOWS\System\w98eject.exe
O4 - Startup: Kaspersky Anti-Hacker.lnk = D:\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: 用比特精灵下载(&B) - D:\应用软件\BITSPIRIT\bsurl.htm
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM\ITSS.DLL
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM\ITSS.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM\INETCOMM.DLL
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM\MSDXM.OCX
搞不清楚怎么有这么多018项的东西,是不是浏览器有什么问题了呢?
下面还有一个对于启动项的日志,请看一下有没有问题。
StartupList report, 06-6-29, 16:47:03
StartupList version: 1.52.2
Started from : D:\软件\HIJACKTHIS\HIJACKTHIS.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
E:\KASPERSKY ANTI-VIRUS PERSONAL PRO\KAVSVC.EXE
C:\WINDOWS\EXPLORER.EXE
E:\KASPERSKY ANTI-VIRUS PERSONAL PRO\KLSWD.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\CNXDSLTB.EXE
E:\KASPERSKY ANTI-VIRUS PERSONAL PRO\KAV.EXE
C:\WINDOWS\SYSTEM\W98EJECT.EXE
D:\KASPERSKY LAB\KASPERSKY ANTI-HACKER\KAVPF.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
D:\应用软件\FIREWALL\PFW.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\软件\HIJACKTHIS\HIJACKTHIS.EXE
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\启动]
w98Eject.lnk = C:\WINDOWS\System\w98eject.exe
Kaspersky Anti-Hacker.lnk = D:\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
internat.exe = internat.exe
ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
CnxDslTaskBar = C:\WINDOWS\SYSTEM\CnxDslTb.exe
EnsoniqMixer = starter.exe
KAVPersonal50 = "E:\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
kavsvc = "E:\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}
[PerUser_LinkBar_URLs] *
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
C:\WINDOWS\WININIT.INI listing:
(Created 29/6/2006, 16:20:16)
[rename]
NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE
--------------------------------------------------
C:\WINDOWS\WININIT.BAK listing:
(Created 29/6/2006, 16:7:30)
[rename]
NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE
NUL=C:\WINDOWS\TEMP\_iu14D2N.tmp
--------------------------------------------------
C:\AUTOEXEC.BAT listing:
d:\TRENDP~1\PCSCAN.EXE C:\ C:\WINDOWS\COMMAND\ /NS /WIN95
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.
vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.
js: not hidden
.jse: not hidden
--------------------------------------------------
Enumerating Task Scheduler jobs:
启用 Application Start.job
--------------------------------------------------
Enumerating Download Program Files:
[Shockwave Flash
Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/p ... s/flash/swflash.cab
[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/do ... 338C922/wmv9VCM.CAB
--------------------------------------------------
Enumerating Winsock LSP files:
Protocol #1: D:\ \STEGANOS INTERNET ANONYM PRO 6\sselsp.dll
Protocol #2: D:\ \STEGANOS INTERNET ANONYM PRO 6\sselsp.dll
Protocol #3: D:\ \STEGANOS INTERNET ANONYM PRO 6\sselsp.dll
Protocol #10: D:\ \STEGANOS INTERNET ANONYM PRO 6\sselsp.dll
--------------------------------------------------
Enumerating ShellService
ObjectDelayLoad items:
WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
--------------------------------------------------
End of report, 6,570 bytes
Report generated in 0.217 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
