Logfile of HijackThis v1.99.1
Scan saved at 14:48:54, on 2006-10-14
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\BHDCRegC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\WINDOWS\system32\dllhost.exe
E:\cdy\工具软件\ha_hijackthis_1991\HijackThis.exe
O1 - Hosts: 125.91.1.20 localhost
O1 - Hosts: 125.91.1.20 www.7322.com
O1 - Hosts: 125.91.1.20 www.5566.net
O1 - Hosts: 125.91.1.20 www.v111.com
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 125.91.1.20 www.hao123.com
O1 - Hosts: 125.91.1.20 hao123.com
O1 - Hosts: 125.91.1.20 www.265,com
O1 - Hosts: 125.91.1.20 265.com
O1 - Hosts: 125.91.1.20 www.9991.com
O1 - Hosts: 125.91.1.20 9991.com
O1 - Hosts: 125.91.1.20 www.v111.com
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 61.162.230.31 www.7939.com
O1 - Hosts: 61.162.230.31 7939.com
O1 - Hosts: 61.162.230.31 59.34.148.98
O1 - Hosts: 61.162.230.31
about:blank
O1 - Hosts: 61.141.31.11 down.virussky.com
O1 - Hosts: 61.141.31.11 60.191.60.108
O1 - Hosts: 61.141.31.11 219.153.20.209
O1 - Hosts: 61.141.31.11 forum.ikaka.com
O1 - Hosts: 61.141.31.11 bbs.360safe.com
O1 - Hosts: 61.141.31.11 www.360safe.com
O1 - Hosts: 61.141.31.11 www.piaoxue.com
O1 - Hosts: 61.141.31.11 61.129.58.12
O1 - Hosts: 61.141.31.11 forum.jiangmin.com
O1 - Hosts: 61.141.31.11 luosoft.com
O1 - Hosts: 125.91.1.20 post.baidu.com
O1 - Hosts: 61.141.31.11 60.191.60.107
O1 - Hosts: 61.141.31.11 219.139.58.97
O1 - Hosts: 61.141.31.11 59.34.148.81
O1 - Hosts: 125.91.1.20 60.191.60.114
O1 - Hosts: 125.91.1.20 www.ycdy.com
O1 - Hosts: 61.141.31.11 cn.zs.yahoo.com
O1 - Hosts: 61.141.31.11 www.znmq.com
O1 - Hosts: 61.141.31.11 cn.zs.yahoo.com
O1 - Hosts: 61.141.31.11 www.btbbt.com
O1 - Hosts: 61.141.31.11 bbs.btbbt.com
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHGET\jccatch.dll (file missing)
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O2 - BHO: 珊瑚虫超级搜索 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\PROGRA~1\yok\toolbar.dll (file missing)
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [BHDCRegC] C:\WINDOWS\system32\BHDCRegC.exe
O4 - HKLM\..\Run: [yok.exe] C:\PROGRA~1\yok\yok.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.icbc.com.cn
O16 - DPF: {098A3F72-3110-4004-B954-2F9DC44934B4} (AddSHCARoot Control) - http://www.tianyayuyinwang.com/BDC_Root_CA.cab
O16 - DPF: {0EB487C8-E9AC-43A6-8C4C-083999B0622F} (InfosecCertInstall Class) - https://mybank.icbc.com.cn/icbc/perbank/certInStall.dll
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl
Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160046330671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160047883546
O16 - DPF: {7253A666-8D4A-11D7-A4DC-00E04C504779} (BDC Control) - http://www.tianyayuyinwang.com/BDC.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {A927C078-E82F-471B-83F5-3D1504F7D01B} - http://info.askyaya.com/estAlive.cab
O16 - DPF: {B753331A-9543-41D2-83B2-492E5ADB7911} (cardctl Class) - https://mybank.icbc.com.cn/icbc/perbank/iccarddll.cab
O16 - DPF: {DA215190-98B2-47DE-AE24-DA95481DFFBA} (AxUSBKey Class) - https://mybank.icbc.com.cn/icbc/perbank/AxUSBKey.CAB
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl-1.0.0.90-signed.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96A7A258-5A58-471F-A144-22FDDDECAE4A}: NameServer = 218.85.157.99 202.101.107.98
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: 卡巴斯基互联网安全套装 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
