ogfile of HijackThis v1.99.1
Scan saved at 0:14:45, on 2007-4-8
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wodsttorks.exe
C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE
C:\Program Files\JiangMin\AntiVirus\KVWSC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\JiangMin\AntiVirus\kvsrvxp.exe
C:\WINDOWS\system32\ctfmon.exe
G:\melody\┌Q─Q┐\新建文件夹\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\CS\LOCALS~1\Temp\Rar$EX01.766\HijackThis.exe
C:\DOCUME~1\CS\LOCALS~1\Temp\Rar$EX10.891\HijackThis.exe
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush.dll (file missing)
O2 - BHO: 实用搜索 - {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} - C:\Program Files\superutilbar\superutilbar.dll
O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - C:\Program Files\JiangMin\AntiVirus\KVshell.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\BaiduBar.dll
O3 - Toolbar: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - C:\Program Files\JiangMin\AntiVirus\KVshell.dll
O3 - Toolbar: 实用搜索工具条2.0 - {03465FF5-00AE-411a-9C34-960ED566EC03} - C:\Program Files\superutilbar\superutilbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] ; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Super Rabbit SRRestore] ; C:\PROGRA~1\SUPERR~1\MAGICSET\SRRest.exe /autosave
O4 - HKLM\..\Run: [RemoteControl] ; "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMSCMig] ; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [High Definition Audio 属性页快捷方式] ; HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] ; SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ; ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ; ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] ; nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] ; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StormCodec_Helper] ; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [KVMON] "C:\Program Files\JiangMin\AntiVirus\KVMonXP.kxp"
O4 - HKLM\..\Run: [qcsszjcz] c:\chenhu2\chenqxms.exe
O4 - HKLM\..\Run: [Jiangmin KVFW] C:\Program Files\JiangMin\KVFW\KvfwMcl.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [System] C:\Program Files\Common Files\System\Updaterun.exe
O4 - HKLM\..\Run: [load] C:\WINDOWS\uninstall\rundl132.exe
O4 - HKLM\..\RunOnce: [wodsttorks] C:\WINDOWS\wodsttorks.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [dg] C:\DOCUME~1\CS\LOCALS~1\Temp\c0nime.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 上传到QQ网络硬盘 - G:\melody\┌Q─Q┐\新建文件夹\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - G:\melody\┌Q─Q┐\新建文件夹\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - G:\melody\┌Q─Q┐\新建文件夹\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - G:\melody\┌Q─Q┐\新建文件夹\SendMMS.htm
O8 - Extra context menu item: 百度-搜索MP3 - res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度-搜索图片 - res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度-搜索新闻 - res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度-搜索歌词 - res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度-搜索网页 - res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度-搜索贴吧 - res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 百度-词典搜索 - res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDU_DIC.HTM
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: 财富通 - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\Program Files\财富通\fcai.dll (HKCU)
O16 - DPF: {30348281-949B-4E9F-8A99-44EC423EB66D} (MoxtvUploadX Control) - http://u131.mofile.com/cn/upload/MoxtvFX.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BB352DC-47A3-46DD-8CD9-694F5B31D093}: NameServer = 202.103.224.68,202.103.225.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{93BBF798-838A-44B9-A007-3C82DF810BDF}: NameServer = 202.103.224.68,202.103.225.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BB352DC-47A3-46DD-8CD9-694F5B31D093}: NameServer = 202.103.224.68,202.103.225.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{0BB352DC-47A3-46DD-8CD9-694F5B31D093}: NameServer = 202.103.224.68,202.103.225.68
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - G:\music\KUGOO\KuGoo3\InExtend\KuGoo3DownXControl.ocx
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: KVSrvXP - Jiangmin Co., Ltd. - C:\Program Files\JiangMin\AntiVirus\kvsrvxp.exe
O23 - Service: KVWSC - Jiangmin Co.,Ltd - C:\Program Files\JiangMin\AntiVirus\KVWSC.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
