Logfile of HijackThis v1.99.1
Scan saved at 10:50:13, on 2007-1-3
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\System32\ctfmon.exe
D:\杀毒工具\hijackthis\HijackThis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,rundll32.exe C:\WINDOWS\System32\winsys16_061231.dll start
O1 - Hosts: 202.109.114.142 survey88.allyes.com
O1 - Hosts: 202.109.114.142 adtaobao.allyes.com
O1 - Hosts: 202.109.114.142 code.qihoo.com
O1 - Hosts: 202.109.114.142 union.mop.com
O1 - Hosts: 202.109.114.142 js.kkunion.com
O1 - Hosts: 202.109.114.142 v.kkunion.com
O1 - Hosts: 202.109.114.142 v.21cn.com
O1 - Hosts: 202.109.114.142 iplusms.allyes.com
O1 - Hosts: 202.109.114.142 mms.t2t2.com
O1 - Hosts: 202.109.114.142 ivr.dobig.net
O1 - Hosts: 202.109.114.142 www.u8u.com
O1 - Hosts: 202.109.114.142 u.u8u.com
O1 - Hosts: 202.109.114.142 img.zhangxiu.com
O1 - Hosts: 202.109.114.142 tl.linktone.com
O1 - Hosts: 202.109.114.142 channel.e78.com
O1 - Hosts: 202.109.114.142 u.7town.com
O1 - Hosts: 202.109.114.142 union.95ol.com.cn
O1 - Hosts: 202.109.114.142 mms1.95ol.com.cn
O1 - Hosts: 202.109.114.142 mfs.95ol.com.cn
O1 - Hosts: 202.109.114.142 tl.a8.com
O1 - Hosts: 202.109.114.142 ad01.a8.com
O1 - Hosts: 202.109.114.142 u2.caiku.com
O1 - Hosts: 202.109.114.14
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IEMonitor Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\WINDOWS\System32\IESHEL~1.DLL
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush0.dll
O2 - BHO: xhly - {2D369182-BBD0-4843-BE25-48ADEDAD321B} - C:\PROGRA~1\COMMON~1\dquh\huyl.dll
O2 - BHO: QKYAVLWNQFJ - {55DE9BE9-EE2A-46C8-A2AB-520A1242F4BB} - C:\WINDOWS\system32\XGOCEDVXS.DLL
O2 - BHO: 实用搜索 - {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} - C:\Program Files\superutilbar\superutilbar.dll
O2 - BHO: MCBMQ - {7D7D00B6-7C00-4890-A66A-8CD4B71D6DDC} - C:\WINDOWS\system32\TDBEPOTORN.DLL
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{39888~1\Bar888.dll
O2 - BHO: (no name) - {D3341007-C77C-4F1C-B2A5-D94D5BE55F7E} - C:\WINDOWS\system32\qxcjuoyrmrupasn.dll
O2 - BHO: IEHlprObj Class - {DE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\POPNTS.DLL
O2 - BHO: (no name) - {E5A7A15F-213F-4FCF-8DE7-D388F9FB09EB} - C:\WINDOWS\System32\cnwin.dll (file missing)
O2 - BHO: cnwin Class - {EC497BD8-460F-44F0-B2A4-8C2B2198035B} - C:\WINDOWS\System32\cnwin.dll (file missing)
O2 - BHO: (no name) - {F770522B-198D-4134-9D74-D30F41B3BA44} - C:\WINDOWS\system32\joddbqtfiurrg.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{39888~1\Bar888.dll
O3 - Toolbar: 实用搜索工具条2.0 - {03465FF5-00AE-411a-9C34-960ED566EC03} - C:\Program Files\superutilbar\superutilbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SysExplr] C:\Herosoft\HeroV8\SYSEXPLR.EXE
O4 - HKLM\..\Run: [IEBarUp] RunDll32 "C:\WINDOWS\System32\IeBar1.dll",Run
O4 - HKLM\..\Run: [C:\DOCUME~1\ABC\LOCALS~1\Temp\sna.exe] C:\DOCUME~1\ABC\LOCALS~1\Temp\sna.exe
O4 - HKLM\..\Run: [System] C:\Program Files\Common Files\System\Updaterun.exe
O4 - HKLM\..\Run: [osuiti4r] rundll32.exe C:\WINDOWS\12r3kl0mb5.dll _start@16
O4 - HKLM\..\Run: [Desktop] "C:\WINDOWS\System32\rundll32.exe" "C:\WINDOWS\System32\NTService32.dll",Run
O4 - HKLM\..\RunOnce: [splai] %systemroot%\system32\Rundll32.exe %systemroot%\system32\splai.dll,DllUnregisterServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [updatereal] C:\WINDOWS\realupdate.exe other
O4 - HKCU\..\Run: [winsamps] C:\WINDOWS\winamps.exe
O8 - Extra context menu item: 豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: 词霸 - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\Program Files\Kingsoft\Powerword 2003\XDictExB.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\Program Files\Kingsoft\Powerword 2003\XDictExB.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ScCardLogn - C:\WINDOWS\ScNotify.dll
O23 - Service: 73755CB0 - Unknown owner - C:\WINDOWS\System32\73755CB0.EXE (file missing)
O23 - Service: C920434C - Unknown owner - C:\WINDOWS\System32\C920434C.EXE (file missing)
O23 - Service: CMServerToXPM (CMServerToXP) - Unknown owner - C:\Windows\system32\EDEXLZEEEIMO.EXE
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000049 (file missing)
O23 - Service: Remote Procedure Call System(11RPCS) (RpcS11) - Unknown owner - C:\WINDOWS\System32\Rpcs11.exe (file missing)
O23 - Service: Windows NT Service32 - Unknown owner - C:\WINDOWS\System32\rundll32.exe" "C:\WINDOWS\System32\NTService32.dll",Start (file missing)
