2007-03-22,23:26:18

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><E:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <!ewido><"E:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized>  [Anti-Malware Development a.s.]
    <360Safetray><E:\Program Files\360safe\safemon\360tray.exe>  [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><E:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <pbya><E:\PROGRA~1\oaxs\pbya.dll>  [N/A]
    <><E:\PROGRA~1\NLS~1>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[DefWatch / DefWatch]
  <E:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard]
  <E:\Program Files\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.>
[fgcbrqf / fgcbrqf]
  <E:\WINDOWS\System32\svchost.exe -k netsvcs-->E:\PROGRA~1\COMMON~1\lgcbeqf\lgcbeqf.dll>< >
[Human Interface Device Access / HidServ]
  <E:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT]
  <"E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPodService / iPodService]
  <E:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[Navoct / Navoct]
  <E:\WINDOWS\System32\svchost.exe -k netsvcs-->E:\Program Files\iesnap\navoct.dll>< >
[Symantec AntiVirus Client / Norton AntiVirus Server]
  <E:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>
[Std rdav Service / rdav]
  <E:\WINDOWS\system32\rundll32.exe E:\PROGRA~1\jvvn\wifx.dll,Service -s><Microsoft Corporation>
[SOUNDMAN / SOUNDMAN]
  <E:\WINDOWS\SOUNDMAN><N/A>
[WebPrint / WebPrint]
  <e:\windows\system32\webprint.exe><N/A>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[ESS Allegro Audio Driver (WDM) / allegro]
  <system32\drivers\es198x.sys><ESS Technology, Inc.>
[AntiyNF / AntiyNF]
  <system32\drivers\AntiyNF.sys><N/A>
[ati2mtaa / ati2mtaa]
  <system32\DRIVERS\ati2mtaa.sys><ATI Technologies Inc.>
[Debug Message / DbgMsg]
  <\??\E:\WINDOWS\System32\Drivers\DbgMsg.sys><N/A>
[ewido anti-spyware 4.0 driver / ewido anti-spyware 4.0 driver]
  <\??\E:\Program Files\ewido anti-spyware 4.0\guard.sys><N/A>
[D-Link DFE-530TX PCI Fast Ethernet Adapter Driver / FETNDIS]
  <system32\DRIVERS\dlkfet5b.sys><D-Link>
[GEARAspiWDM / GEARAspiWDM]
  <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[MosIrUsb.sys / MosIrUsb]
  <system32\DRIVERS\MosIrUsb.sys><>
[NAVAP / NAVAP]
  <\??\E:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys><Symantec Corporation>
[NAVAPEL / NAVAPEL]
  <\??\E:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS><Symantec Corporation>
[NAVENG / NAVENG]
  <\??\E:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070321.018\NAVENG.sys><Symantec Corporation>
[NAVEX15 / NAVEX15]
  <\??\E:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070321.018\NAVEX15.sys><Symantec Corporation>
[npkcrypt / npkcrypt]
  <\??\F:\绿色QQ\腾讯QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Gravis GamePort device driver / ntgrip]
  <system32\drivers\ntgrip.sys><Kensington Technology Group>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><Macrovision Europe Ltd>
[SmartAVS / SmartAVS]
  <\??\E:\WINDOWS\system32\drivers\SmartAVS.sys><All-In-Smart [CWJ]>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[Samsung Mobile USB Device 1.0 driver (WDM) / ss_bus]
  <system32\DRIVERS\ss_bus.sys><MCCI>
[SAMSUNG Mobile USB Modem 1.0 Filter / ss_mdfl]
  <system32\DRIVERS\ss_mdfl.sys><MCCI>
[SAMSUNG Mobile USB Modem 1.0 Drivers / ss_mdm]
  <system32\DRIVERS\ss_mdm.sys><MCCI>
[SymEvent / SymEvent]
  <\??\E:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[TrojanFindDriverNT / TrojanFindDriverNT]
  <\??\E:\WINDOWS\system32\NtDriver.sys><N/A>
[vhhj / vhhjb]
  <System32\DRIVERS\vhhjb.sys><N/A>

浏览器加载项
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\Program Files\360safe\safemon\safemon.dll, >
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <E:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[QuickTime Object]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <E:\Program Files\Ringz Studio\Storm Codec\QTSystem\QTPlugin.ocx, Apple Computer, Inc.>
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <E:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <E:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <E:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <E:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <E:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <E:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <E:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <E:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <E:\WINDOWS\system32\Mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Messenger Object]
  {B69003B3-C55E-4B48-836C-BC5946FC3B28} <E:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\Program Files\360safe\safemon\safemon.dll, >
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <E:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <E:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <E:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <E:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <E:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <E:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>

==================================
正在运行的进程
[PID: 388][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 444][\??\E:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 468][\??\E:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [e:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [E:\WINDOWS\SOUNKey.DLL]  [N/A, N/A]
[PID: 512][E:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 524][E:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 668][E:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 736][E:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 772][E:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [e:\progra~1\common~1\lgcbeqf\lgcbeqf.dll]  [ , 2, 8, 0, 1]
    [e:\program files\iesnap\navoct.dll]  [ , 1, 0, 1, 1]
    [e:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [E:\WINDOWS\SOUNKey.DLL]  [N/A, N/A]
    [e:\progra~1\ljxiej\ljxiej.dll]  [ , 5, 8, 0, 1]
[PID: 820][E:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 844][E:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1168][E:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [e:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [E:\WINDOWS\SOUNKey.DLL]  [N/A, N/A]
    [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
[PID: 1196][E:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1312][E:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe]  [Symantec Corporation, 8.1.0.821]
[PID: 1396][E:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe]  [Symantec Corporation, 8.1.0.821]
    [E:\WINDOWS\system32\CBA.DLL]  [Intel? Corporation, 6.12.0.105 E]
    [E:\WINDOWS\system32\MsgSys.dll]  [Intel? Corporation, 6.12.0.105 E]
    [E:\WINDOWS\system32\NTS.dll]  [Intel? Corporation, 6.12.0.105 E]
    [E:\WINDOWS\system32\PDS.DLL]  [Intel? Corporation, 6.12.0.105 E]
    [E:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll]  [Symantec Corporation, 8.1.0.821]
    [E:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  [Symantec/Peter Norton Group, 1, 0, 0, 1]
    [E:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll]  [Symantec Corporation, 8.1.0.821]
    [E:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL]  [Symantec Corp., 4.2.0.7]
    [E:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070321.018\NAVEX32a.DLL]  [Symantec Corporation, 20071.1.1.10]
    [E:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070321.018\NAVENG32.DLL]  [Symantec Corporation, 20071.1.1.10]
    [E:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL]  [Symantec Corporation, 9.1.0.26]
    [e:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [E:\WINDOWS\SOUNKey.DLL]  [N/A, N/A]
    [E:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NotesExt.dll]  [Symantec Corporation, 8.1.0.821]
    [E:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vpmsece.dll]  [Symantec Corporation, 8.1.0.821]
    [E:\PROGRA~1\COMMON~1\SYMANT~1\SSC\Scandlgs.dll]  [Symantec Corporation, 8.1.0.821]
[PID: 1824][E:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 240][e:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
[PID: 892][E:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 184][E:\Program Files\ewido anti-spyware 4.0\ewido.exe]  [Anti-Malware Development a.s., 4, 0, 0, 201]
    [E:\Program Files\ewido anti-spyware 4.0\engine.dll]  [Anti-Malware Development a.s., 4, 0, 0, 172]
    [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [E:\WINDOWS\SOUNKey.DLL]  [N/A, N/A]
    [e:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
[PID: 192][E:\Program Files\360safe\safemon\360tray.exe]  [奇虎网, 3, 2, 0, 1001]
    [E:\WINDOWS\SOUNKey.DLL]  [N/A, N/A]
    [e:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [E:\Program Files\360safe\safemon\SafeKrnl.dll]  [奇虎网, 3, 2, 0, 1001]
    [E:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 3, 2, 0, 1001]
[PID: 2020][E:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [E:\WINDOWS\SOUNKey.DLL]  [N/A, N/A]
    [e:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
[PID: 300][E:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 620][F:\各种工具\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [E:\WINDOWS\SOUNKey.DLL]  [N/A, N/A]
    [e:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["E:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================

最近上网老是不定时弹出广告,杀之不尽,搞得焦头烂额

头疼

重新启动电脑，自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。）


运行(双击)SRENG2，点“启动项目，服务，点“驱动程序”
勾选“隐藏已认证的微软项目”选中病毒服务
vhhj
TrojanFindDriverNT
选择“删除服务”
点“设置”选择“否”


运行(双击)SRENG2，点“启动项目，服务，点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
fgcbrqf
Navoct
Std rdav Service
，选择“删除服务”
点“设置”选择“否”



关闭所有浏览窗口以及一些不必要的程序
运行SREng2,使用“启动项目”－－注册表－－选中以下的项删除
<pbya><E:\PROGRA~1\oaxs\pbya.dll> [N/A]
<><E:\PROGRA~1\NLS~1> [N/A]


显示隐藏文件
删除：
E:\WINDOWS\System32\DRIVERS\vhhjb.sys
E:\WINDOWS\system32\NtDriver.sys
E:\PROGRA~1\COMMON~1\lgcbeqf\删除文件夹
E:\Program Files\iesnap\navoct.dll
E:\PROGRA~1\jvvn\wifx.dll
E:\WINDOWS\SOUNKey.DLL

问题已经解决,实在太感谢了哦,可能电脑里还有别的病毒,麻烦你再帮我看下Hijack日志,谢谢...

Logfile of HijackThis v1.99.1
Scan saved at 21:05:20, on 2007-3-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
E:\Program Files\ewido anti-spyware 4.0\guard.exe
E:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
E:\WINDOWS\system32\wdfmgr.exe
E:\WINDOWS\System32\alg.exe
E:\Program Files\ewido anti-spyware 4.0\ewido.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
e:\progra~1\ljxiej\ljxrsxu.dat
F:\各种工具\HijackThis.exe

O2 - BHO: NavigatMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - E:\Program Files\360safe\safemon\safemon.dll
O4 - HKLM\..\Run: [!ewido] "E:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [360Safetray] ; E:\Program Files\360safe\safemon\360tray.exe
O4 - HKCU\..\Run: [ctfmon.exe] ; E:\WINDOWS\system32\ctfmon.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1009/aliedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B30F7E44-3B6C-4C8A-9CFF-9A37675767DE}: NameServer = 202.96.128.143
O21 - SSODL: SysTray - {12311512-2C1D-44b2-A044-872AD2AD5A61} - E:\PROGRA~1\NLS~1
O23 - Service: DefWatch - Symantec Corporation - E:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - E:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: WebPrint - Unknown owner - e:\windows\system32\webprint.exe (file missing)