Logfile of HijackThis v1.99.1
Scan saved at 16:41:17, on 2008-9-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\360safe\safemon\360tray.exe
C:\WINDOWS\system32\BHDCRegC.exe
C:\WINDOWS\system32\hhukcert.exe
C:\Program Files\360Safebox\safeboxTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\PPStream\PPStream.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Ringz Studio\Storm Codec\stormliv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\QQ2008\QQ.exe
D:\QQ2008\TXPlatform.exe
F:\新建文件夹\HijackThis.exe
R3 - URLSearchHook: SrchHook Class - {F08555B0-9CC3-11D2-AA8E-000000000000} - (no file)
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: QQToolbar - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: IEHlprObj Class - {AA9742E6-AB51-48a8-831C-C1EB757C3E61} - C:\WINDOWS\system32\qyliehelper.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360safe\safemon\safemon.dll
O3 - Toolbar: QQToolbar - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll
O4 - HKLM\..\Run: [switch] c:\windows\system32\壁纸自动换.exe
O4 - HKLM\..\Run: [360Safetray] C:\Program Files\360safe\safemon\360tray.exe /start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BHDCRegC] C:\WINDOWS\system32\BHDCRegC.exe
O4 - HKLM\..\Run: [hhukcert] C:\WINDOWS\system32\hhukcert.exe
O4 - HKLM\..\Run: [360Safebox] "C:\Program Files\360Safebox\safeboxTray.exe" /r
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe
O4 - Startup: PPS.lnk = C:\Program Files\PPStream\PPStream.exe
O4 - Startup: QQ游戏启动加速程序.lnk = C:\Program Files\Tencent\QQGAME\Accel.exe
O4 - Startup: 腾讯QQ.lnk = ?
O8 - Extra context menu item: 使用迅雷下载 - D:\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - D:\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - D:\QQ2008\AddEmotion.htm
O8 - Extra context menu item: 添加到反广告条 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: 添加到网络硬盘 - C:\Program Files\Tencent\AddToNetDisk.htm
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\Thunder\Thunder.exe
O9 - Extra button: Web 反病毒统计 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O15 - Trusted Zone:
http://www.icbc.com.cnO16 - DPF: {0EB487C8-E9AC-43A6-8C4C-083999B0622F} (InfosecCertInstall Class) -
https://mybank.icbc.com.cn/icbc/perbank/certInStall.dllO16 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} (iTrusPTA Class) -
https://img.alipay.com/download/1101/aliedit.cabO16 - DPF: {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} (PhotoDraw Class) -
http://imgcache.qq.com/qzone/client/photo/pages/QQPhotoDrawSetup.exeO16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) -
https://img.alipay.com/download/2121/aliedit.cabO16 - DPF: {5CB840B5-A94E-4AD9-B785-4866E3B04476} (InfoSecNetSign Class) -
https://mybank.icbc.com.cn/icbc/ICBCNetSignG.dllO16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) -
https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cabO16 - DPF: {9C3C2C08-C494-4F52-AE94-85156A447D43} -
http://photos.i.cn.yahoo.com/yphotoseasy.cabO16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) -
http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dllO16 - DPF: {B219E31C-E110-4638-AF01-7BDD5ACA552C} (ICBCQPKCom_HH Class) -
https://b2c.icbc.com.cn/icbc/ICBCQPK_HH.cabO16 - DPF: {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} (ScreenCapture Class) -
http://m22.mail.qq.com/zh_CN/activex/TencentMailActiveX.cabO16 - DPF: {E4BFF825-2E50-4BCC-8497-6EFDFB6C9B3D} (AxUSBKey Class) -
https://mybank.icbc.com.cn/icbc/newperbank/USBKEY.cabO16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (PasswordEditCtrl Class) -
https://www.tenpay.com/download/qqedit.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{FD10DBE0-924A-40E2-9B49-4274EF1E89AB}: NameServer = 202.100.96.68 222.75.152.129
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: 卡巴斯基互联网安全套装 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - C:\Program Files\Ringz Studio\Storm Codec\stormliv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Stormser - 暴风网际 - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
