HijackThis(zww3008汉化版)V1.99.1保存于 21:50:50, 日期 2006-1-2操作系统： Windows XP SP2 (WinNT 5.01.2600)浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180)当前运行的进程： C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exeC:\WINDOWS\system32\ServeHost.exeC:\Program Files\SearchNet\SearchNet.exeC:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exeC:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exeC:\WINDOWS\TEMP\NYA136.EXEC:\WINDOWS\System32\alg.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\soundman.exeC:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exeC:\Program Files\zcom\zPlatform.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\港湾网络\宽带接入客户端\HammerSupplicant.exeD:\qq\QQ.exeD:\qq\TIMPlatform.exeC:\Program Files\zcom\skin.dllD:\qq\QQ.exeC:\Program Files\Thunder Network\Thunder\Thunder.exeD:\qq\QQ.exeC:\Program Files\HijackThis1991.exeR3 - URLSearchHook: QQ Search Hook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\AddrPlus\IEHelp.dllO2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dllO2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\AddrPlus\IEHelp.dllO2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\qq\QQIEHelper.dllO2 - BHO: Router Layer - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} - C:\WINDOWS\System32\aclayer.dll (file missing)O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Progra~1\Baidu\bar\BaiDuBar.dllO2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dllO3 - IE工具栏增项: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Progra~1\Baidu\bar\BaiDuBar.dllO4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - 启动项HKLM\\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - 启动项HKLM\\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - 启动项HKLM\\Run: [SoundMan] soundman.exeO4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /PreloadO4 - 启动项HKLM\\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindowO4 - 启动项HKLM\\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s

O9 - 浏览器额外的按钮： 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)O9 - 浏览器额外的按钮： 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLLO9 - 浏览器额外的按钮： QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\qq\QQ.EXEO9 - 浏览器额外的“工具”菜单项： 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\qq\QQ.EXEO9 - 浏览器额外的按钮： 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-205?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing)O9 - 浏览器额外的“工具”菜单项： 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-205?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing)O9 - 浏览器额外的按钮： (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\qq\QQIEHelper.dllO9 - 浏览器额外的“工具”菜单项： QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\qq\QQIEHelper.dllO9 - 浏览器额外的按钮： 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)O9 - 浏览器额外的按钮： (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)O9 - 浏览器额外的“工具”菜单项： 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)O9 - 浏览器额外的按钮： (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)O9 - 浏览器额外的“工具”菜单项： 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)O11 - Options group: [!CNS] 网络实名O11 - Options group: [TBH] QQ地址栏搜索插件O14 - IERESET.INF: START_PAGE_URL=http://www.tomatolei.comO16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{D367BB8D-7C87-4AE4-B232-7F62E2235AA3}: NameServer = 210.41.240.33,61.139.2.69O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO23 - NT 服务: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exeO23 - NT 服务: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exeO23 - NT 服务: Remote Log - Unknown owner - C:\WINDOWS\system32\ServeHost.exeO23 - NT 服务: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe