Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:37:36, on 2008-7-6
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\conime.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Handpad\mynewpad.exe
D:\KAV6\KpopMon.EXE
D:\KAV6\KWatchUI.EXE
D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
D:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
D:\WINDOWS\VM_STI.EXE
D:\KAV6\MailMon.EXE
D:\WINDOWS\services.exe
D:\WINDOWS\System32\winds32.exe
D:\KAV6\KAVPlus.EXE
D:\Program Files\D-Link\DSL-200\CnxDslTb.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Documents and Settings\LocalService\svchost.exe
D:\WINDOWS\System32\ctfmon.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Yahoo!\Messenger\ypager.exe
D:\Program Files\Picasa2\PicasaMediaDetector.exe
D:\Program Files\AdVantage\AdVantage.exe
D:\WINDOWS\msvecurity.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\WINDOWS\msssecurity.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\gadmei\TV Plus 3.0\TVR 2.0\ScheduleTV.exe
D:\Documents and Settings\Administrator\「开始」菜单\程序\启动\ctfmon.exe
D:\Program Files\CncimAdsl\CNCIM.exe
D:\WINDOWS\System32\dflgh8jkd2q2.exe
D:\WINDOWS\System32\dflgh8jkd2q6.exe
D:\WINDOWS\System32\dflgh8jkd2q7.exe
D:\WINDOWS\System32\dflgh8jkd2q5.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\drivers\services.exe
O2 - BHO: QuickTalk 2.1 - {A34FA88D-8437-4634-8A60-E913011EF2E5} - D:\DOCUME~1\LOCALS~1\APPLIC~1\sp1\qaccess.dll
O2 - BHO: IE_ADS Helper Object - {F8E2D735-5D21-4B00-B6DE-D82ED0CA8B63} - D:\WINDOWS\System32\yg.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 金山毒霸 - {A9BE2902-C447-420A-BB7F-A5DE921E6138} - D:\KAV6\KAIEPlus.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O4 - HKLM\..\Run: [mynewpad] D:\Program Files\Handpad\mynewpad.exe
O4 - HKLM\..\Run: [KAVRun] D:\KAV6\KAVRun.EXE
O4 - HKLM\..\Run: [Kulansyn] D:\KAV6\Kulansyn.EXE
O4 - HKLM\..\Run: [KpopMon] D:\KAV6\KpopMon.EXE
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe D:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [MS-4011 Memory Patch] D:\Documents and Settings\Administrator\桌面\RavSasser.exe -Patch
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [YLive.exe] D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "D:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [runservices] D:\WINDOWS\services.exe
O4 - HKLM\..\Run: [[system]] D:\WINDOWS\system32\drivers\services.exe
O4 - HKLM\..\Run: [Handpad] D:\WINDOWS\japi.exe
O4 - HKLM\..\Run: [System32] D:\WINDOWS\System32\winds32.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "D:\Program Files\D-Link\DSL-200\CnxDslTb.exe"
O4 - HKLM\..\Run: [winlogon] D:\Documents and Settings\Administrator\svchost.exe
O4 - HKLM\..\Run: [DriveSystem] D:\WINDOWS\System32\maxpaynowti1.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [AdVantage] "D:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [[system]] D:\WINDOWS\system32\drivers\services.exe
O4 - HKCU\..\Run: [msvecurity] D:\WINDOWS\msvecurity.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msssecurity] D:\WINDOWS\msssecurity.exe
O4 - HKCU\..\Run: [winlogon] D:\Documents and Settings\Administrator\svchost.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [fci] D:\WINDOWS\System32\fci.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [winlogon] D:\Documents and Settings\LocalService\svchost.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ctfmon.exe
O4 - Startup: 灵信宽带版.lnk = D:\Program Files\CncimAdsl\CNCIM.exe
O4 - Startup: userinit.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Schedule TV.lnk = D:\Program Files\gadmei\TV Plus 3.0\TVR 2.0\ScheduleTV.exe
O8 - Extra context menu item: Easy-WebPrint打印 - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint添加到打印列表 - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint预览 - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint高速打印 - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Save解霸实时播放 - C:\HEROSOFT\Hero3000\MPURLGET.HTM
O8 - Extra context menu item: 添加到QQ自定义面板 - F:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - F:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 解霸实时播放 - C:\HEROSOFT\Hero3000\MPURLGET.HTM
O8 - Extra context menu item: 雅虎搜索 - res://D:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - Extra button: 解霸 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero3000\MPLAYER.EXE
O9 - Extra 'Tools' menuitem: 超级解霸 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero3000\MPLAYER.EXE
O9 - Extra button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.c...p;btn=yahoomail (file missing)
O9 - Extra button: 名品折扣 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.ally...?allyesPara=816 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.c...amp;btn=yassist (file missing)
O9 - Extra button: 雅虎WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yah....htm?source=Cns (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - f:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - f:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: 金山毒霸网站 - {e1fc9760-7b95-49cd-80b9-8c9e41017b93} - url:http://www.duba.net (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.c...c...&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.c...c...&btn=repair (file missing)
O9 - Extra button: 在线查毒 - {f58d36c3-40be-4418-a786-d8fbe3eb3554} - D:\KAV6\kavie.HTM
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.c...c...s&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.c...c...s&btn=clean (file missing)
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O11 - Options group: [!CNS] 中文上网
O15 - Trusted Zone: http://*.221.208.242.29
O15 - Trusted Zone: http://*.221.208.250.138
O15 - Trusted Zone: http://*.cncmax.cn
O15 - Trusted Zone: http://*.cncmax.hl.cn
O15 - Trusted Zone: http://*.cncmax.tj.cn
O15 - Trusted Zone: http://*.passport.cncmax.cn
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc....afeControls.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy Class) - http://218.85.138.27/vqqsdl1009.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: crypt - D:\WINDOWS\SYSTEM32\crypts.dll
O21 - SSODL: qegbdmwf - {5E193337-7FE4-462D-9C78-AA6DC64A52AB} - D:\WINDOWS\qegbdmwf.dll (file missing)
O21 - SSODL: pntqkflv - {DAABD73A-5B76-4B19-A33C-7C34DD413764} - D:\WINDOWS\pntqkflv.dll (file missing)
O23 - Service: AppMgmt - Unknown owner - D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\0.EXE (file missing)
O23 - Service: AudioSrv - Unknown owner - D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\0.EXE (file missing)
O23 - Service: BITS - Unknown owner - D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\0.EXE (file missing)
O23 - Service: CcEvtSvc - Unknown owner - D:\WINDOWS\System32\CcEvtSvc.exe
O23 - Service: CiSvc - Unknown owner - D:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: ClipSrv - Unknown owner - D:\WINDOWS\system32\clipsrv.exe (file missing)
O23 - Service: FCI - Unknown owner - D:\WINDOWS\System32\fci.exe
O23 - Service: gusvc - Unknown owner - D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\0.EXE (file missing)
O23 - Service: ImapiService - Unknown owner - D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\0.EXE (file missing)
O23 - Service: InCDsrv - Unknown owner - D:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
O23 - Service: InCDsrvR - Unknown owner - D:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
O23 - Service: KAVSvc - Unknown owner - D:\KAV6\KAVSvc.EXE (file missing)
O23 - Service: LPTRDCsrv - Unknown owner - D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\0.EXE (file missing)
O23 - Service: RasMan - Unknown owner - D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\0.EXE (file missing)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - D:\WINDOWS\system32\drivers\services.exe
--
End of file - 11734 bytes