tito ramone
2008-06-27, 08:03
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:07 PM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\QuickTime\qttask .exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Image-Line\FL Studio 7\FL.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\sstqn.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0500EFD0-C948-4D1A-8D27-275550F67131} - (no file)
O2 - BHO: (no name) - {0C8970FF-4AC8-4BB9-BEE1-585E35031AEF} - (no file)
O2 - BHO: (no name) - {0F58A3BC-5DE0-4D26-A39E-9FBF2FAEE5BF} - (no file)
O2 - BHO: (no name) - {1958C89B-298A-48CA-A9F3-5E7DAA3860D3} - (no file)
O2 - BHO: (no name) - {1B2B8908-A8FE-4568-9B79-8EC241E80CA6} - (no file)
O2 - BHO: (no name) - {207782FB-BD62-4E88-A0EB-CC27A8BABCB8} - (no file)
O2 - BHO: (no name) - {261da58c-f4f0-45f4-8ef0-1a4666772b05} - (no file)
O2 - BHO: (no name) - {2CCEFE67-BF8C-4D6E-8F0E-5FC992369731} - (no file)
O2 - BHO: (no name) - {3aa51b9d-3bf0-45f7-b361-81b1e4ee9be7} - (no file)
O2 - BHO: (no name) - {4334AC2E-16C9-4F29-924D-21798A90F602} - (no file)
O2 - BHO: {fe5b2962-b27e-9c9a-0514-b1eb23bb3674} - {4763bb32-be1b-4150-a9c9-e72b2692b5ef} - C:\WINDOWS\system32\nwwqcynr.dll
O2 - BHO: (no name) - {4D1EC8DB-1446-4D97-9769-87B77FA4F7EE} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5E50287E-29CB-4D82-B956-0B4E352D2F4C} - (no file)
O2 - BHO: (no name) - {63A75A96-44D9-441E-A9CF-5F4A447038DD} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {780569B0-81FB-4556-9EF9-1176CBB4E7A0} - (no file)
O2 - BHO: (no name) - {812A66A5-CC0B-4582-83AB-1D213676A8F7} - (no file)
O2 - BHO: (no name) - {838A3FD2-4722-498F-B6D5-47D5D82B1B1E} - (no file)
O2 - BHO: (no name) - {84087286-E912-43AB-9736-B841A7E87586} - (no file)
O2 - BHO: (no name) - {8DEEC461-44D0-43BB-8E67-ADD7FE98DC59} - (no file)
O2 - BHO: (no name) - {90CA421E-CC6D-42DD-92B4-7A4A4E7929E2} - (no file)
O2 - BHO: (no name) - {923AF95A-010B-431C-9184-3B6AB9644179} - (no file)
O2 - BHO: (no name) - {a972cc01-3dfe-442a-9749-fcf20018f716} - (no file)
O2 - BHO: (no name) - {B73FDB15-A742-4C41-B6A1-D33A57F162FD} - (no file)
O2 - BHO: (no name) - {B88B69BE-4798-4A31-8280-E0763DC9A72D} - (no file)
O2 - BHO: (no name) - {BEC6A62D-381E-4219-9238-DE71BA42E23E} - C:\WINDOWS\system32\sstqn.dll (file missing)
O2 - BHO: (no name) - {CBB21A7A-2390-4CC1-B0C3-CCB45B51373A} - (no file)
O2 - BHO: (no name) - {CC9542BD-E36F-4F7C-8785-3A0C3E4A5554} - (no file)
O2 - BHO: (no name) - {D6641CBC-0BF0-4EAD-B3D1-48E3A46979F9} - (no file)
O2 - BHO: (no name) - {D7552901-DA18-4173-88A9-17AC656170CB} - (no file)
O2 - BHO: (no name) - {DDE2EFE9-5E2D-4C78-888B-80D1064BB510} - (no file)
O2 - BHO: (no name) - {EAB4B2C8-8347-4F83-B467-6AD9763C7481} - (no file)
O2 - BHO: (no name) - {F1EDBF36-5582-4301-9497-ED248256607A} - (no file)
O2 - BHO: (no name) - {f2952336-d0dc-4ab7-8ef6-46e06f0960ee} - (no file)
O2 - BHO: (no name) - {FC218173-9C76-4066-A67C-A1E4823B226A} - (no file)
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [981c750e] rundll32.exe "C:\WINDOWS\system32\njffdjah.dll",b
O4 - HKLM\..\Run: [BM9b2f4692] Rundll32.exe "C:\WINDOWS\system32\ogdpawpo.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA1270] command /c del "C:\WINDOWS\system32\sstqn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9094] cmd /c del "C:\WINDOWS\system32\sstqn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9155] command /c del "C:\WINDOWS\system32\adqlhysp.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3277] cmd /c del "C:\WINDOWS\system32\adqlhysp.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE" -quiet
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [A00F198E6ECB.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F198E6ECB.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB7376] command /c del "C:\WINDOWS\system32\sstqn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3365] cmd /c del "C:\WINDOWS\system32\sstqn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5685] command /c del "C:\WINDOWS\system32\adqlhysp.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1107] cmd /c del "C:\WINDOWS\system32\adqlhysp.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180547433890
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/html - {2e409533-63ae-46a1-be88-8140c94a2521} - C:\WINDOWS\system32\iehlpr32.dll
O20 - Winlogon Notify: __c0067C3B - C:\WINDOWS\system32\__c0067C3B.dat
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
--
End of file - 11731 bytes
Scan saved at 10:01:07 PM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\QuickTime\qttask .exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Image-Line\FL Studio 7\FL.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\sstqn.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0500EFD0-C948-4D1A-8D27-275550F67131} - (no file)
O2 - BHO: (no name) - {0C8970FF-4AC8-4BB9-BEE1-585E35031AEF} - (no file)
O2 - BHO: (no name) - {0F58A3BC-5DE0-4D26-A39E-9FBF2FAEE5BF} - (no file)
O2 - BHO: (no name) - {1958C89B-298A-48CA-A9F3-5E7DAA3860D3} - (no file)
O2 - BHO: (no name) - {1B2B8908-A8FE-4568-9B79-8EC241E80CA6} - (no file)
O2 - BHO: (no name) - {207782FB-BD62-4E88-A0EB-CC27A8BABCB8} - (no file)
O2 - BHO: (no name) - {261da58c-f4f0-45f4-8ef0-1a4666772b05} - (no file)
O2 - BHO: (no name) - {2CCEFE67-BF8C-4D6E-8F0E-5FC992369731} - (no file)
O2 - BHO: (no name) - {3aa51b9d-3bf0-45f7-b361-81b1e4ee9be7} - (no file)
O2 - BHO: (no name) - {4334AC2E-16C9-4F29-924D-21798A90F602} - (no file)
O2 - BHO: {fe5b2962-b27e-9c9a-0514-b1eb23bb3674} - {4763bb32-be1b-4150-a9c9-e72b2692b5ef} - C:\WINDOWS\system32\nwwqcynr.dll
O2 - BHO: (no name) - {4D1EC8DB-1446-4D97-9769-87B77FA4F7EE} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5E50287E-29CB-4D82-B956-0B4E352D2F4C} - (no file)
O2 - BHO: (no name) - {63A75A96-44D9-441E-A9CF-5F4A447038DD} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {780569B0-81FB-4556-9EF9-1176CBB4E7A0} - (no file)
O2 - BHO: (no name) - {812A66A5-CC0B-4582-83AB-1D213676A8F7} - (no file)
O2 - BHO: (no name) - {838A3FD2-4722-498F-B6D5-47D5D82B1B1E} - (no file)
O2 - BHO: (no name) - {84087286-E912-43AB-9736-B841A7E87586} - (no file)
O2 - BHO: (no name) - {8DEEC461-44D0-43BB-8E67-ADD7FE98DC59} - (no file)
O2 - BHO: (no name) - {90CA421E-CC6D-42DD-92B4-7A4A4E7929E2} - (no file)
O2 - BHO: (no name) - {923AF95A-010B-431C-9184-3B6AB9644179} - (no file)
O2 - BHO: (no name) - {a972cc01-3dfe-442a-9749-fcf20018f716} - (no file)
O2 - BHO: (no name) - {B73FDB15-A742-4C41-B6A1-D33A57F162FD} - (no file)
O2 - BHO: (no name) - {B88B69BE-4798-4A31-8280-E0763DC9A72D} - (no file)
O2 - BHO: (no name) - {BEC6A62D-381E-4219-9238-DE71BA42E23E} - C:\WINDOWS\system32\sstqn.dll (file missing)
O2 - BHO: (no name) - {CBB21A7A-2390-4CC1-B0C3-CCB45B51373A} - (no file)
O2 - BHO: (no name) - {CC9542BD-E36F-4F7C-8785-3A0C3E4A5554} - (no file)
O2 - BHO: (no name) - {D6641CBC-0BF0-4EAD-B3D1-48E3A46979F9} - (no file)
O2 - BHO: (no name) - {D7552901-DA18-4173-88A9-17AC656170CB} - (no file)
O2 - BHO: (no name) - {DDE2EFE9-5E2D-4C78-888B-80D1064BB510} - (no file)
O2 - BHO: (no name) - {EAB4B2C8-8347-4F83-B467-6AD9763C7481} - (no file)
O2 - BHO: (no name) - {F1EDBF36-5582-4301-9497-ED248256607A} - (no file)
O2 - BHO: (no name) - {f2952336-d0dc-4ab7-8ef6-46e06f0960ee} - (no file)
O2 - BHO: (no name) - {FC218173-9C76-4066-A67C-A1E4823B226A} - (no file)
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [981c750e] rundll32.exe "C:\WINDOWS\system32\njffdjah.dll",b
O4 - HKLM\..\Run: [BM9b2f4692] Rundll32.exe "C:\WINDOWS\system32\ogdpawpo.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA1270] command /c del "C:\WINDOWS\system32\sstqn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9094] cmd /c del "C:\WINDOWS\system32\sstqn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9155] command /c del "C:\WINDOWS\system32\adqlhysp.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3277] cmd /c del "C:\WINDOWS\system32\adqlhysp.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE" -quiet
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [A00F198E6ECB.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F198E6ECB.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB7376] command /c del "C:\WINDOWS\system32\sstqn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3365] cmd /c del "C:\WINDOWS\system32\sstqn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5685] command /c del "C:\WINDOWS\system32\adqlhysp.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1107] cmd /c del "C:\WINDOWS\system32\adqlhysp.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180547433890
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/html - {2e409533-63ae-46a1-be88-8140c94a2521} - C:\WINDOWS\system32\iehlpr32.dll
O20 - Winlogon Notify: __c0067C3B - C:\WINDOWS\system32\__c0067C3B.dat
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
--
End of file - 11731 bytes