Logfile of HijackThis v1.99.1
Scan saved at 19:11:25 上午, on 2006-10-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinLock Professional 4.1\winlock.exe
C:\WINDOWS\system32\NSP.exe
C:\WINDOWS\system32\XSBMON.EXE
\xy01\控制$\Esfast1.41.exe
C:\WINDOWS\system32\mainpro.exe
C:\WINDOWS\system32\AnnexPro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\conime.exe
E:\网络游戏\QQ\QQ.exe
E:\网络游戏\QQ\TIMPlatform.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Synces.dat
C:\Program Files\Thunder\Program\Thunder5.exe
C:\WINDOWS\explorer.exe
D:\TDdownload\hijackthis\HijackThis.exe

O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\Program Files\Thunder\xunleibho_v13.dll (file missing)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll
O4 - HKLM\..\Run: [SyncShell] C:\WINDOWS\SyncShell.exe \\xy01\控制$\Esfast1.41.exe
O4 - HKLM\..\Run: [0wl] C:\Program Files\WinLock Professional 4.1\winlock.exe
O4 - HKLM\..\Run: [NSP] C:\WINDOWS\system32\NSP.exe
O4 - HKLM\..\Run: [XSB] C:\WINDOWS\system32\XSBMON.EXE
O4 - HKLM\..\Run: [MicroAvd] C:\WINDOWS\system32\mainpro.exe
O4 - HKLM\..\Run: [Pubwin] C:\Program Files\Hintsoft\Pubclt\Pubwin.exe
O4 - HKLM\..\Run: [RunD1l] C:\WINDOWS\system32\RunD1l.exe
O4 - HKLM\..\Run: [CnkJWXFBC] C:\WINDOWS\system32\mainpro.exe
O4 - HKLM\..\RunServices: [Pubwin] C:\Program Files\Hintsoft\Pubclt\Pubwin.exe -o
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\网络游戏\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\网络游戏\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\网络游戏\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\网络游戏\QQ\SendMMS.htm
O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder\Thunder.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\ieimgsnd.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ieimgsnd.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1106897910625
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8DBEC0D-3A1F-4CE3-9B24-2544D42A14D0}: NameServer = 218.56.57.58,202.102.152.3
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

---------QQ:9966936，手机：13188811944
+++++++++我朋友开的网吧，系统是他们找人做的。
#########但是，运行速度很慢，请问这样的系统应该怎样改进？
=========目前效力的公司：http://www.hypercut.com.cn
*********山东数控切割机，济宁正翔机械装备制造有限公司，0537-2987589/2987889/

O4 - HKLM\..\Run: [RunD1l] C:\WINDOWS\system32\RunD1l.exe

这个东西很可疑，注意看，是RunD1l.exe ，而不是RunDll.exe

中间不是字母l，而是个数字1。