|
查看: 847|回复: 0
|
HijackThis
[复制链接]
|
|
|
Logfile of HijackThis v1.97.7
Scan saved at 8:58:06 PM, on 6/8/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\System32\NAVSCAN64.exe
C:\WINDOWS\System32\dnymex.exe
C:\Program Files\Lycos\IEagent\Loader.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\waumgrd.exe
C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\ajbhpvk.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\comxp\Desktop\HIJACKTHIS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.windowenhancer.com ... ;look=sbar1_srchbtn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.windowenhancer.com ... stmpl1&sstring=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://chinese.cari.com.my/myforum/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.windowenhancer.com ... stmpl1&sstring=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.windowenhancer.com ... ;look=sbar1_srchbtn
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.windowenhancer.com ... stmpl1&sstring=
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\Lycos\IEagent\CSIE.DLL
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: (no name) - {9056A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - c:\sysfwb\3423642884\iefwbar.dll (file missing)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem218.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [Microsoft Update] ajbhpvk.exe
O4 - HKLM\..\Run: [NAVSCAN64.EXE /s] NAVSCAN64.exe
O4 - HKLM\..\Run: [emrvzepaies] C:\WINDOWS\System32\dnymex.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\Lycos\IEagent\Loader.exe
O4 - HKLM\..\Run: [SearchEnhancement] "C:\Program Files\scbar\v9\scbar.exe" /H
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Guard] waumgrd.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\RunServices: [Microsoft Update] ajbhpvk.exe
O4 - HKLM\..\RunServices: [NAVSCAN64.EXE /s] NAVSCAN64.exe
O4 - HKLM\..\RunServices: [Windows Guard] waumgrd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NAVSCAN64.EXE /s] NAVSCAN64.exe
O4 - HKCU\..\Run: [Microsoft Update] ajbhpvk.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows Guard] waumgrd.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: ICQ 4.0 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: PowerWord (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {92F02779-6D88-4958-8AD3-83C12A16ADC7} - file://C:\WINDOWS\system32\SearchBar\zpprf1sh.exe
O16 - DPF: {92F02779-6D88-4958-8AD3-83C12D86ADC7} - file://C:\WINDOWS\system32\SearchBar\popblocker.exe
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download. ... te/autocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/p ... s/flash/swflash.cab
O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSEWC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{70CA995C-E692-41F3-B4B5-21624327CC3B}: NameServer = 202.188.0.133 202.188.1.5 |
|
|
|
|
|
|
|
|
|
| |
 本周最热论坛帖子
|
发表于 8-6-2004 09:11 PM
变色卡
千斤顶
2366 
59
