Logfile of HijackThis v1.99.1
Scan saved at 8:11:48, on 2006-7-14
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\KAV2006\KWatch.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\KAV2006\KPfwSvc.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
C:\WINNT\System32\RUNDLL32.exe
C:\Program Files\baigoo\bgoomain.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
c:\u8soft\gdp\web\bin\taskservice.exe
C:\WINNT\system32\U8SMSSrv.exe
C:\WINNT\System32\serverNT.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\AlertService.exe
C:\WINNT\System32\RUNDLL32.exe
C:\WINNT\Explorer.exe
D:\杨乐\VDeskTop.exe
C:\KAV2006\KAVStart.exe
C:\PROGRA~1\baigoo\bgoomain.exe
F:\Winamp\winampa.exe
C:\Program Files\Microsoft\svhost32.exe
C:\Program Files\exploreb.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINNT\system32\UfSvrMgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\KAV2006\KMailMon.EXE
E:\QQ\QQ.exe
F:\Winamp\winamp.exe
C:\Documents and Settings\jy2001\V_Desktop0\“QQ病毒”专杀.EXE
E:\QQ\11108207\MyRecvFiles\“QQ尾巴”专杀工具.EXE
F:\Thunder\Program\Thunder5.exe
C:\Documents and Settings\jy2001\V_Desktop0\HijackThis.exe
R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: SgUrlSearHook Class - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - C:\WINNT\System32\socul.dll
O2 - BHO: WebThunder Browser Helper - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_010.dll
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll
O2 - BHO: ChajianHelper Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\WINNT\System32\SYSREA~1.DLL
O2 - BHO: Kmedia - {42D25F15-CF07-4A72-B191-DB0792BF310C} - C:\WINNT\System32\Kmedia.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\QQ\QQIEHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} - C:\Program Files\baigoo\BGooBHO.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - F:\Thunder\ComDlls\XunLeiBHO_001.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: LruSfzpr Class - {D1F53D8E-EDA7-D4D6-DD9D-A0795060D344} - C:\WINNT\DOWNLO~1\aoxrcsse.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Search Bar - {0A8CE102-FA03-4612-9BEE-7FE5452F4CB1} - C:\WINNT\system32\srchbar.dll
O3 - Toolbar: 搜狗工具条 - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} - C:\Program Files\P4P\ToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vDesktop] D:\杨乐\VDeskTop.exe
O4 - HKLM\..\Run: [KavStart] "C:\KAV2006\KAVStart.exe" -startup
O4 - HKLM\..\Run: [Thunder] F:\Thunder\Thunder.exe /s
O4 - HKLM\..\Run: [bgoomain.exe] C:\PROGRA~1\baigoo\bgoomain.exe
O4 - HKLM\..\Run: [WebThunder] C:\Program Files\Thunder Network\WebThunder\WebThunder.exe
O4 - HKLM\..\Run: [WinampAgent] F:\Winamp\winampa.exe
O4 - HKLM\..\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - HKLM\..\Run: [exploreb.exe] C:\Program Files\exploreb.exe
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [!!QQKav] F:\qqkav.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\Ctfmon.exe
O4 - Startup: 腾讯QQ珊瑚虫版.lnk = E:\QQ\CoralQQ.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: AutoCAD 启动加速器.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: U8管理服务.lnk = C:\WINNT\system32\UfSvrMgr.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: iMop.lnk = C:\Program Files\Mop\iMop\imopstart.exe
O8 - Extra context menu item: &使用迅雷下载 - F:\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - F:\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: Google 搜索(&G) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\唐铖\新建文件夹\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用Web迅雷下载 - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 - Extra context menu item: 使用影音传送带下载 - F:\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - F:\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 使用搜狗直通车下载 - C:\Program Files\P4P\dl.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\唐铖\新建文件夹\FLASHGET\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\唐铖\新建文件夹\FLASHGET\jc_all.htm
O8 - Extra context menu item: 反向链接 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: 发送图片到手机 - C:\Program Files\P4P\cx.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\唐铖\新建文件夹\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\唐铖\新建文件夹\qq\AddEmotion.htm
O8 - Extra context menu item: 添加到“我的订阅” - C:\Program Files\P4P\rss.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\唐铖\新建文件夹\qq\SendMMS.htm
O8 - Extra context menu item: 类似网页 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: 缓存的网页快照 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: 翻译英文字词(&T) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: Infofo 工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Infofo 工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: 我的订阅 - {8755CE6E-0BF7-4441-8751-FB728941B0B4} - C:\Program Files\P4P\rss.dll
O9 - Extra button: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\唐铖\新建文件夹\qq\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\唐铖\新建文件夹\qq\QQ.EXE (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\唐铖\新建文~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\唐铖\新建文~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\QQ\QQIEHelper.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cdnns.dll
O11 - Options group: [CDNCLIENT] 中文上网
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {1FFFA3E9-A615-41FA-972D-7DB61F23AE90} (KLeakScan Control) - http://safe.qq.com/scan/KAllScan.CAB
O16 - DPF: {5932517A-3326-4439-A708-1C98EDB5C549} (Downloader Class) -
file://C:\Documents and Settings\All Users\Application Data\Share Helper\Cast\GGS\d872e8118c\js\iMopDl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FB89015-48D0-4484-B962-5635D71749FD}: NameServer = 192.168.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{5FB89015-48D0-4484-B962-5635D71749FD}: NameServer = 211.95.129.161
O17 - HKLM\System\CS2\Services\Tcpip\..\{5FB89015-48D0-4484-B962-5635D71749FD}: NameServer = 192.168.0.138
O17 - HKLM\System\CS3\Services\Tcpip\..\{5FB89015-48D0-4484-B962-5635D71749FD}: NameServer = 192.168.0.138
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GrayPigeonServer - Unknown owner - C:\WINNT\W_Server.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\KAV2006\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\KAV2006\KWatch.EXE
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
O23 - Service: Plug and Plays - Unknown owner - C:\WINNT\rver18.exe
O23 - Service: 合并报表队列服务 (TaskService) - - c:\u8soft\gdp\web\bin\taskservice.exe
O23 - Service: UFSoft SMS Platform (U8SmsSrv) - Unknown owner - C:\WINNT\system32\U8SMSSrv.exe
O23 - Service: 用友U8预警调度服务 (UFALERTSERVICE) - Unknown owner - C:\WINNT\System32\AlertService.exe
O23 - Service: U8管理软件 (UFNet) - Unknown owner - C:\WINNT\System32\serverNT.exe
O23 - Service: VIPTray - Unknown owner - C:\WINNT\System32\VIPTray.exe (file missing)
O23 - Service: Yast User Switching Compatibil - Unknown owner - C:\WINNT\MSN.exe
