HijackThis_zww Chinese version scan log V1.99.1
Saved at 11:01:38, date 2006-9-12
Operating system: Windows XP SP2 (WinNT 5.01.2600)
Browser: Internet Explorer v6.00 SP2 (6.00.2900.2180)
The current running process:
C:\WINDOWS\System32\
C:\WINDOWS\system32\
C:\WINDOWS\system32\
C:\WINDOWS\system32\
C:\WINDOWS\system32\
C:\WINDOWS\System32\
C:\WINDOWS\system32\
C:\WINDOWS\
C:\WINDOWS\system32\
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\
C:\WINDOWS\system32\
C:\Program Files\MSN Messenger\
D:\Program Files\Tencent\qq\
D:\Program Files\Tiantian Toys Online POPO\
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\
D:\Program Files\Tencent\qq\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\Program Files\Internet Explorer\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
C:\WINDOWS\system32\
C:\Program Files\WinRAR\
C:\DOCUME~1\xucx\LOCALS~1\Temp\Rar$EX00.419\
C:\DOCUME~1\xucx\LOCALS~1\Temp\
O4 - Startup item HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\" /Spoil /RemAdvDef /Migration32
O4 - Startup item HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\/SYNC
O4 - Startup item HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\/IMEName
O4 - Startup item HKLM\\Run: [TrackPointSrv]
O4 - Startup item HKLM\\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\"
O4 - Startup item HKLM\\Run: [POPO2004] D:\Program Files\Tiantian Toys Online POPO\
O4 - HKCU\..\Run: [] C:\WINDOWS\system32\
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\" /background
O4 - Startup: Tencent = D:\Program Files\Tencent\qq\
O4 - Global Startup: Microsoft = C:\Program Files\Microsoft Office\Office\
O8 - New items in the IE right-click menu: Upload to QQ network hard drive- - D:\Program Files\Tencent\qq\
O9 - Extra buttons for the browser: Web anti-virus protection - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\
O14 - : START_PAGE_URL=about:blank
O16 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} (iTrusPTA Class) - /download/1007/
O17 - HKLM\System\CCS\Services\Tcpip\..\{C212AC4E-3A7D-40B9-B9BC-5647968415B7}: NameServer = 61.144.56.100
O18 - List the existing protocols: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\" (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\
O23 - NT Services: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\" -r (file missing)