Logfile of HijackThis v1.99.1
Scan saved at 下午 01:56:01, on 2006/9/1
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\TEMP\IM5B1C.EXE
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINNT\htqd.exe
C:\WINNT\svchost.exe
C:\WINNT\svchost.exe
C:\WINNT\wt\updater\wcmdmgr.exe
C:\WINNT\system32\downnew.exe
C:\WINNT\system32\windowoutnew.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\mkt13lw\桌面\HijackThis.exe
F3 - REG:win.ini: load=C:\WINNT\system\48cif62.exe
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v13.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINNT\system32\wmpdrm.dll (file missing)
O2 - BHO: (no name) - {295CD217-AD34-4B66-91BA-48D5EFD9CA20} - C:\WINNT\system32\NBBHO.dll
O2 - BHO: i&Bar搜索引擎 - {2E7D3330-EB94-4518-B0FE-E05379A5C1DA} - C:\PROGRA~1\iBar\10002\iBar.dll
O2 - BHO: Ado32 AtlObj - {7E093FD0-5372-4FD5-9C7B-875668B4CDB2} - C:\WINNT\system32\Ado32.dll
O2 - BHO: BrowserHAP Class - {AEF6F648-78D8-4456-BEE7-5ADE23D209FD} - C:\PROGRA~1\HBClient\hapast.dll (file missing)
O2 - BHO: MacroMediapd - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINNT\system32\microapmddt.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Internet Explorer\lib\stdie.dll
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINNT\system32\AlxTB1.dll
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINNT\system32\48cof620.dll
O3 - Toolbar: 收音機(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\\WINNT\\system32\\SHDOCVW.DLL
O3 - Toolbar: 僩眻籵陬 - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} - C:\PROGRA~1\p4p\TB49675.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [OfficeScanNT 監控程式] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PigUpdate] C:\DOCUME~1\mkt12lw\LOCALS~1\Temp\~ex3.tmp
O4 - HKLM\..\Run: [WangWang] "D:\*程序工具\WangWang.EXE"
O4 - HKLM\..\Run: [hbpassport] C:\PROGRA~1\HBClient\hbast.exe
O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDATE\Update.exe
O4 - HKLM\..\Run: [HT] C:\WINNT\htqd.exe
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINNT\system32\WindowsUpdate.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINNT\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [res] C:\WINNT\system32\res.exe
O4 - HKLM\..\Run: [] C:\WINNT\svchost.exe
O4 - HKLM\..\Run: [MicrosoftRedirectionProgram] C:\WINNT\svchost.exe
O4 - HKLM\..\Run: [MicrosoftUpdate] C:\WINNT\system32\downnew.exe
O4 - HKLM\..\Run: [Systems] C:\WINNT\system32\Systems.exe
O4 - HKLM\..\Run: [Power] rundll32.exe C:\DOCUME~1\mkt13lw\alxklt.dll,Start
O4 - HKLM\..\Run: [WindowOutNew] C:\WINNT\system32\windowoutnew.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: 都蚚厙硊 - {36B39F01-7B48-44AD-A165-5849CD8EF562} - C:\WINNT\system32\SHDOCVW.DLL
O9 - Extra button: 上網助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O11 - Options group: [CDNCLIENT] 中文上網
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://vod.wx.js.cn/plugin/PowerPlr.ocx
O16 - DPF: {5932517A-3326-4439-A708-1C98EDB5C549} (Downloader Class) -
file://C:\Documents and Settings\All Users\Application Data\Share Helper\Cast\GGS\d5fdd237b7\js\iMopDl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = liteonauto.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{4579BAA4-7C52-4197-A981-40A6C3A61B23}: NameServer = 192.168.1.1,192.168.1.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = liteonauto.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{4579BAA4-7C52-4197-A981-40A6C3A61B23}: NameServer = 192.168.1.1,192.168.1.2
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = liteonauto.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{4579BAA4-7C52-4197-A981-40A6C3A61B23}: NameServer = 192.168.1.1,192.168.1.2
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINNT\48cdf620.dll
O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: OfficeScanNT 即時掃瞄 (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
