首页 手机软件 手机游戏 单机游戏 资讯文章 专题下载 游戏合集 文章合集 php下载 php教程 电脑软件
+ -
当前位置:首页 → 问答吧 → 求救,电脑好慢,好似中哂毒(有HijackThis)

求救,电脑好慢,好似中哂毒(有HijackThis)

时间:2014-02-01

来源:互联网

谢谢你们

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50:39, on 27/12/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Java\jre7\bin\jqs.exe
J:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
J:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
J:\WINDOWS\system32\svchost.exe
J:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
J:\WINDOWS\Explorer.EXE
J:\WINDOWS\system32\WatchData\Watchdata CCB OCL CSP v3.2\WDKeyMonitorCCB.exe
J:\Program Files\881903\IETOOLBAR\hkmgr.exe
J:\WINDOWS\system32\ctfmon.exe
J:\WINDOWS\system32\wscntfy.exe
J:\WINDOWS\system32\wuauclt.exe
J:\WINDOWS\system32\taskmgr.exe
J:\Program Files\Google\Chrome\Application\chrome.exe
J:\Program Files\Google\Chrome\Application\chrome.exe
J:\Program Files\Google\Chrome\Application\chrome.exe
J:\Program Files\Google\Chrome\Application\chrome.exe
J:\Program Files\Google\Chrome\Application\chrome.exe
J:\Program Files\Google\Chrome\Application\chrome.exe
J:\Program Files\Microsoft Office\Office14\WINWORD.EXE
J:\Program Files\Google\Chrome\Application\chrome.exe
J:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: VideoUrlSniffer - {00000ADA-7E0D-47C1-986C-F017D09C4304} - J:\Documents and Settings\All Users.WINDOWS\Application Data\Thunder Network\XMP4\Addins\VideoUrlSniffer.2.2.0.138.(705).dll
O2 - BHO: ShowHKToolbar Class - {06433BFE-4946-4E89-823D-CD359C81CD06} - J:\Program Files\881903\IETOOLBAR\hktbar.dll
O2 - BHO: IE2EMBHO Class - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - J:\Program Files\easyMule\modules\IE2EM.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - J:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - J:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - J:\Program Files\881903\IETOOLBAR\hktbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - J:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - J:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - J:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - J:\Documents and Settings\ken.KEN-F3BF796C133\Application Data\FlashGetBHO\FlashGetBHO.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - J:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - J:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - J:\Program Files\Inventec\Dreye\DreyeMT\DreyeIEBar.dll
O3 - Toolbar: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - J:\Program Files\881903\IETOOLBAR\hktbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - J:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HKToolbarManager] "J:\Program Files\881903\IETOOLBAR\hkmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] J:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] J:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] J:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] J:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] J:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &使用BitComet下载本页视讯 - res://J:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download by easyMule - J:\Program Files\easyMule\IE2EM.htm
O8 - Extra context menu item: 使用BitComet下载全部连结 - res://J:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下载连结(&B) - res://J:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {14c1d00e-0b92-4379-880b-444fa2d740dd} - J:\Documents and Settings\All Users.WINDOWS\Application Data\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra 'Tools' menuitem: ??迅雷看看播放器 - {14c1d00e-0b92-4379-880b-444fa2d740dd} - J:\Documents and Settings\All Users.WINDOWS\Application Data\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra button: 迅雷看看播放器 - {24c1d00e-0b92-4379-880b-444fa2d740dd} - J:\Documents and Settings\All Users.WINDOWS\Application Data\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - J:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - J:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - J:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: j:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - J:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: HDZB Comm Service For V2.0 (HZ_CommSrv) - ?大智??子系?有限公司 - J:\WINDOWS\system32\HZ_CommSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - J:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - J:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - J:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - J:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - J:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - J:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: WatchData ccb V3.2 (WDMonitorCCB) - Beijing WatchData System Co., Ltd. - J:\WINDOWS\system32\WatchData\Watchdata CCB OCL CSP v3.2\WDKeyMonitorCCB.exe

--
End of file - 8045 bytes

[ 本帖最后由 ekaro 於 2013-12-30 07:57 PM 编辑 ]

作者: ekaro   发布时间: 2014-02-01

1.执行Hijackthis > Do a system scan only > 勾选下列项目 > 按Fix Checked (fix checked时关闭所有browsers/程式) > 按"是"。
引用:J:\Program Files\881903\IETOOLBAR\hkmgr.exe
O2 - BHO: VideoUrlSniffer - {00000ADA-7E0D-47C1-986C-F017D09C4304} - J:\Documents and Settings\All Users.WINDOWS\Application Data\Thunder Network\XMP4\Addins\VideoUrlSniffer.2.2.0.138.(705).dll
O2 - BHO: ShowHKToolbar Class - {06433BFE-4946-4E89-823D-CD359C81CD06} - J:\Program Files\881903\IETOOLBAR\hktbar.dll
O2 - BHO: IE2EMBHO Class - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - J:\Program Files\easyMule\modules\IE2EM.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - J:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - J:\Program Files\881903\IETOOLBAR\hktbar.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - J:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - J:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - J:\Documents and Settings\ken.KEN-F3BF796C133\Application Data\FlashGetBHO\FlashGetBHO.dll
O3 - Toolbar: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - J:\Program Files\881903\IETOOLBAR\hktbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - J:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HKToolbarManager] "J:\Program Files\881903\IETOOLBAR\hkmgr.exe"
O8 - Extra context menu item: &使用BitComet下载本页视讯 - res://J:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: 使用BitComet下载全部连结 - res://J:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下载连结(&B) - res://J:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {14c1d00e-0b92-4379-880b-444fa2d740dd} - J:\Documents and Settings\All Users.WINDOWS\Application Data\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra 'Tools' menuitem: ??迅雷看看播放器 - {14c1d00e-0b92-4379-880b-444fa2d740dd} - J:\Documents and Settings\All Users.WINDOWS\Application Data\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra button: 迅雷看看播放器 - {24c1d00e-0b92-4379-880b-444fa2d740dd} - J:\Documents and Settings\All Users.WINDOWS\Application Data\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - J:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
2.下载/执行 OTM做删除。
http://oldtimer.geekstogo.com/OTM.exe
copy & paste 以下项目於Paste Instructions for Items to be Moved的框格内。
按MoveIt > OK > 重启电脑。
引用::files
J:\Documents and Settings\All Users.WINDOWS\Application Data\Thunder Network\XMP4\Addins\VideoUrlSniffer.2.2.0.138.(705).dll
J:\Program Files\881903\IETOOLBAR\hktbar.dll
J:\Program Files\easyMule\modules\IE2EM.dll
J:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
J:\Program Files\881903\IETOOLBAR\hktbar.dll
J:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
J:\Program Files\881903\IETOOLBAR\hkmgr.exe
J:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
3. 下载/执行Junkware Removal Tool扫毒。
http://thisisudax.org/downloads/JRT.exe
执行扫毒前请关闭所有浏览器同程式
(JRT会自动删除附於浏览器的恶意程式/档案/登录档)

4. 关闭所有防毒软件(包括Windows Defender),下载ComboFix至桌面 ,执行ComboFix扫毒。
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
扫瞄时不要执行其他程式或点击 ComboFix视窗。
(ComboFix扫毒约10 -20分钟,唔使装"修复主控台程式") 完成扫瞄后,ComboFix 报告会自动弹出。

请贴上以下报告:
a. JRT扫毒报告。
b. ComboFix扫毒报告。
c. 新1份Hijackthis扫瞄报告。

作者: GoodestEngilsh   发布时间: 2014-02-01

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by ken on 28/12/2013 Sat at 14:05:09.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\asbarbroker.bdbroker
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\asbarbroker.bdbroker.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowseractivex
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowseractivex.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\defaulttabbho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\default tab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\defaulttab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\defaulttab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\default tab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\driverscanner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{24588FA4-10F1-41D7-B19D-6E22361E47FA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{51076670-E60B-4079-A52A-7CB63EFD53B2}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\pip"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "J:\Documents and Settings\ken.KEN-F3BF796C133\Application Data\baidu"
Successfully deleted: [Folder] "J:\Documents and Settings\ken.KEN-F3BF796C133\Application Data\defaulttab"
Successfully deleted: [Folder] "J:\Documents and Settings\ken.KEN-F3BF796C133\Application Data\opencandy"



~~~ FireFox

Successfully deleted: [File] J:\Documents and Settings\ken.KEN-F3BF796C133\Application Data\mozilla\firefox\profiles\joywlhqn.default\extensions\[email protected]
Successfully deleted: [File] J:\Documents and Settings\ken.KEN-F3BF796C133\Application Data\mozilla\firefox\profiles\joywlhqn.default\searchplugins\search-here.xml
Successfully deleted: [Folder] J:\Documents and Settings\ken.KEN-F3BF796C133\Application Data\mozilla\firefox\profiles\joywlhqn.default\extensions\staged
Successfully deleted the following from J:\Documents and Settings\ken.KEN-F3BF796C133\Application Data\mozilla\firefox\profiles\joywlhqn.default\prefs.js

user_pref("extensions.defaulttab.installdate", 1345731653);
user_pref("extensions.defaulttab.lastUsed", 1373023678);





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/12/2013 Sat at 14:09:06.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

作者: ekaro   发布时间: 2014-02-01

ComboFix 13-12-26.01 - ken 2/2013 Sat 14:25:12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.950.852.1028.18.3295.2453 [GMT 8:00]
执行位置: j:\documents and settings\ken.KEN-F3BF796C133\桌面\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
j:\documents and settings\All Users.WINDOWS\Application Data\115
j:\documents and settings\All Users.WINDOWS\Application Data\115\UpLoads\115CloudBackup.ini
j:\documents and settings\All Users.WINDOWS\Application Data\115\UpLoads\Data\HisData.db
j:\documents and settings\All Users.WINDOWS\Application Data\115\UpLoads\resume.ini
j:\documents and settings\All Users.WINDOWS\Application Data\115\UpLoads\Syscfg.ini
j:\documents and settings\All Users.WINDOWS\Application Data\115\UpLoads\transfer.ini
j:\documents and settings\All Users.WINDOWS\Application Data\TEMP
j:\documents and settings\All Users.WINDOWS\Application Data\TEMP\{E3739848-5329-48E3-8D28-5BBD6E8BE384}\PostBuild.exe
j:\documents and settings\ken.KEN-F3BF796C133\Application Data\360SE
j:\documents and settings\ken.KEN-F3BF796C133\Application Data\360SE\data\360sefav.db
j:\documents and settings\ken.KEN-F3BF796C133\Application Data\360SE\v3update\updatecfg.ini
j:\documents and settings\ken.KEN-F3BF796C133\Application Data\360SE\v3update\v3download\sesvc.exe
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp10.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp11.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp12.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp13.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp137.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp14.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp14A.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp15.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp16.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp17.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp18.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp19.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp1A.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp1B.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp1C.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp1D.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp1E.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp1F.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp20.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp21.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp22.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp224.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp23.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp24.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp25.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp26.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp27.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp28.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp29.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp2A.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp2B.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp2C.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp2D.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp2E.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp2F.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp3.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp30.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp31.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp32.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp33.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp34.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp35.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp36.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp37.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp38.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp39.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp3A.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp3B.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp4.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp5.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp6.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp7.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp77.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp78.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp7C.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp8.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmp9.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmpA.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmpB.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmpB1.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmpC.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmpD.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmpD3.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmpD6.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmpE.tmp
j:\documents and settings\ken.KEN-F3BF796C133\Local Settings\Temporary Internet Files\tmpF.tmp

作者: ekaro   发布时间: 2014-02-02

j:\favoritevideo\InvisibleFolder
j:\favoritevideo\InvisibleFolder\20120202101934_yinyueyazhou120202zhuzt.jpg
j:\favoritevideo\InvisibleFolder\20120816144904_admasten120816zhuhc.swf
j:\favoritevideo\InvisibleFolder\20120827155611_mabao120827zhuhc.swf
j:\favoritevideo\InvisibleFolder\20121130185625_olay121201zhuztnw.swf
j:\favoritevideo\InvisibleFolder\20121203111101_yingchao121203zhujiaobiao.swf
j:\favoritevideo\InvisibleFolder\20121203111708_yingchao121203zhuzt.swf
j:\favoritevideo\InvisibleFolder\20121203112035_yingchao121203biaotilanguanggao.swf
j:\favoritevideo\InvisibleFolder\20130115103259_dajiewang130115zhuzt.swf
j:\favoritevideo\InvisibleFolder\20130118174847_xieruilin130118zhufuceng.swf
j:\favoritevideo\InvisibleFolder\20130204170538_stongyisucai130204zhuhc.swf
j:\favoritevideo\InvisibleFolder\20130204171241_qtongyisucai130204zhuhc.swf
j:\favoritevideo\InvisibleFolder\20130207141617_qtongyisucai130207zhuzt.swf
j:\favoritevideo\InvisibleFolder\20130207144237_stongyisucai130204zhuzt.swf
j:\favoritevideo\InvisibleFolder\20130220225127_VIKIhaiwaikehuduanzt130220.jpg
j:\favoritevideo\InvisibleFolder\20130227175221_jilief1130227zhufuceng.swf
j:\favoritevideo\InvisibleFolder\20130227175256_jilief1130227zhuzt.swf
j:\favoritevideo\InvisibleFolder\20130227181637_jilief1130227jiaobiao.swf
j:\favoritevideo\InvisibleFolder\20130228180351_olay130228zhuztprox.swf
j:\favoritevideo\InvisibleFolder\20130228182324_olay130228zhuztwr.swf
j:\favoritevideo\InvisibleFolder\20130228184603_olay130228zhuztaq.swf
j:\favoritevideo\InvisibleFolder\20130301100805_olay130228zhuztflora.swf
j:\favoritevideo\InvisibleFolder\20130305155615_xuanxianchuanqi130305zhuhc1.swf
j:\favoritevideo\InvisibleFolder\20130305155637_xuanxianchuanqi130305zhuhc2.swf
j:\favoritevideo\InvisibleFolder\20130305155732_xuanxianchuanqi130305qipao1.swf
j:\favoritevideo\InvisibleFolder\20130305155748_xuanxianchuanqi130305qipao2.swf
j:\favoritevideo\InvisibleFolder\20130306164407_zhongguoyidong130306zhufuceng.swf
j:\favoritevideo\InvisibleFolder\20130306164423_zhongguoyidong130306zhuzt.swf
j:\favoritevideo\InvisibleFolder\20130306170424_37wan130306zhuztB.swf
j:\favoritevideo\InvisibleFolder\20130308104805_jinweimaipian130308zhufuceng.swf
j:\favoritevideo\InvisibleFolder\20130308114653_tongyisucaiP130308zhuhuanchong15s.swf
j:\favoritevideo\InvisibleFolder\20130308114737_tongyisucaiP130308zhuzt.swf
j:\favoritevideo\InvisibleFolder\20130308135100_xingzhoukan130308zhuhc.swf
j:\favoritevideo\InvisibleFolder\20130308140950_guomei130308zhuqipao.swf
j:\favoritevideo\InvisibleFolder\20130311155622_pptvlogo.jpg
j:\favoritevideo\InvisibleFolder\20130311163734_vastongyix130311zhu15s.swf
j:\favoritevideo\InvisibleFolder\20130312161503_37wan130312zhuztA.swf
j:\favoritevideo\InvisibleFolder\20130312164512_shagnwei130312zhuhc.swf
j:\favoritevideo\InvisibleFolder\20130312190511_taiwanadidas130312kehuduanzt.swf
j:\favoritevideo\InvisibleFolder\20130313095240_baidu130313zhuzt.swf
j:\favoritevideo\InvisibleFolder\20130313112409_guomei130313zhufuceng.swf
j:\favoritevideo\InvisibleFolder\20130313163445_mabao130313zhuzt.swf
j:\favoritevideo\InvisibleFolder\20130314164911_ford130314zhuzt.swf
j:\favoritevideo\InvisibleFolder\20130314172631_400300niubeisite130314zhuzt.swf
j:\favoritevideo\InvisibleFolder\20130314172941_50560fuceng130314zhufc.swf
j:\favoritevideo\InvisibleFolder\20130315163812_400300thebeachboys130315zhuzt.swf
j:\favoritevideo\InvisibleFolder\20130315164746_guomei130315zhuzt.swf
j:\favoritevideo\InvisibleFolder\20130315171916_mingxing130315zhuzt.swf
j:\favoritevideo\InvisibleFolder\20130316220409_jiulongchao.swf
j:\favoritevideo\InvisibleFolder\20130318101543_kuba130318zhuzt.swf
j:\favoritevideo\InvisibleFolder\20130320110723_300250jianxia130320qipao.swf
j:\favoritevideo\InvisibleFolder\20130320110830_400300jianxia130320zhuzt.swf
j:\favoritevideo\InvisibleFolder\20130320153513_shenjiangsanguo130320zhuhc1.swf
j:\favoritevideo\InvisibleFolder\20130320153536_shenjiangsanguo130320zhuhc2.swf
j:\favoritevideo\InvisibleFolder\20130320153638_shenjiangsanguo130320qipao1.swf
j:\favoritevideo\InvisibleFolder\20130320153706_shenjiangsanguo130320qipao2.swf
j:\favoritevideo\InvisibleFolder\20130320160347_jiangshen130320zhuhc1.swf
j:\favoritevideo\InvisibleFolder\20130320160409_jiangshen130320zhuhc2.swf
j:\favoritevideo\InvisibleFolder\20130320160429_jiangshen130320zhuhc3.swf
j:\favoritevideo\InvisibleFolder\20130320160547_jiangshen130320qipao1.swf
j:\favoritevideo\InvisibleFolder\20130320160600_jiangshen130320qipao2.swf
j:\favoritevideo\InvisibleFolder\20130320160615_jiangshen130320qipao3.swf
j:\favoritevideo\InvisibleFolder\20130321101733_400300volvo130321zhuzt.swf
j:\favoritevideo\InvisibleFolder\20130321112320_baidu130321zhuhc.swf
j:\favoritevideo\InvisibleFolder\20130321114910_37wan130321jiaobiao.swf
j:\favoritevideo\InvisibleFolder\20130321171344_guomei130321zhuzt.swf
j:\favoritevideo\InvisibleFolder\20130321175026_wangyiwuhun130321zhuzt.swf
j:\favoritevideo\InvisibleFolder\20130322102903_bingwang130322zhuhc.swf
j:\favoritevideo\InvisibleFolder\20130322102952_bingwang130322zhuqipao.swf
j:\favoritevideo\InvisibleFolder\20130322103035_bingwang130322zhuzt.swf
j:\favoritevideo\InvisibleFolder\20130322110014_xuanyuanchuanqi130322zhuhc.swf
j:\favoritevideo\InvisibleFolder\20130322110116_xuanyuanchuanqi130322zhuzt.swf
j:\favoritevideo\InvisibleFolder\20130322110742_lining130322zhuzt.swf
j:\favoritevideo\InvisibleFolder\20130322143008_xuanyuanbian130322zhuhc1.swf
j:\favoritevideo\InvisibleFolder\20130322143024_xuanyuanbian130322zhuhc2.swf
j:\favoritevideo\InvisibleFolder\20130322143038_xuanyuanbian130322zhuhc3.swf
j:\favoritevideo\InvisibleFolder\20130322143144_xuanyuanbian130322qipao1.swf
j:\favoritevideo\InvisibleFolder\20130322143200_xuanyuanbian130322qipao2.swf
j:\favoritevideo\InvisibleFolder\20130322143214_xuanyuanbian130322qipao3.swf
j:\favoritevideo\InvisibleFolder\20130322144253_doupoqiankun130322zhuhc1.swf
j:\favoritevideo\InvisibleFolder\20130322144314_doupoqiankun130322zhuhc2.swf
j:\favoritevideo\InvisibleFolder\20130322144334_doupoqiankun130322zhuhc3.swf
j:\favoritevideo\InvisibleFolder\20130322144454_doupoqiankun130322qipao1.swf
j:\favoritevideo\InvisibleFolder\20130322144511_doupoqiankun130322qipao2.swf
j:\favoritevideo\InvisibleFolder\20130322144528_doupoqiankun130322qipao3.swf
j:\favoritevideo\InvisibleFolder\20130322145032_longjiang130322zhuhc1.swf
j:\favoritevideo\InvisibleFolder\20130322145140_longjiang130322qipao1.swf
j:\favoritevideo\InvisibleFolder\20130322145154_longjiang130322qipao2.swf
j:\favoritevideo\InvisibleFolder\20130322151153_baidu130322zhuhc.swf
j:\favoritevideo\InvisibleFolder\20130322162010_hanghaijia130322zhuhc1.swf
j:\favoritevideo\InvisibleFolder\20130322162040_hanghaijia130322zhuhc2.swf
j:\favoritevideo\InvisibleFolder\20130322162217_hanghaijia130322qipao1.swf
j:\favoritevideo\InvisibleFolder\20130322162233_hanghaijia130322qipao2.swf
j:\favoritevideo\InvisibleFolder\20130322162251_hanghaijia130322qipao3.swf
j:\favoritevideo\InvisibleFolder\20130322162709_tianxingjian130322zhuhc1.swf
j:\favoritevideo\InvisibleFolder\20130322162734_tianxingjian130322zhuhc2.swf
j:\favoritevideo\InvisibleFolder\20130322162828_tianxingjian130322qipao1.swf
j:\favoritevideo\InvisibleFolder\20130322162851_tianxingjian130322qipao2.swf
j:\favoritevideo\InvisibleFolder\20130322163740_xingzhoukan130322zhuhc.swf
j:\favoritevideo\InvisibleFolder\20130322165712_ttongyi130322zhuhc.swf
j:\favoritevideo\InvisibleFolder\20130322165731_ttongyi130322zhuzt.swf
j:\favoritevideo\InvisibleFolder\20130322170201_rtongyi130322zhuhc.swf
j:\favoritevideo\InvisibleFolder\20130322170313_rtongyi130322zhuzt.swf
j:\favoritevideo\InvisibleFolder\20130322170859_kuba130322zhuzt.swf
j:\favoritevideo\InvisibleFolder\20130322170950_ftongyi130322zhuhc.swf
j:\favoritevideo\InvisibleFolder\20130322173102_37wan130322zhuqipao23hao.swf
j:\favoritevideo\InvisibleFolder\20130322175210_37wan130322zhuztB25hao.swf
j:\favoritevideo\InvisibleFolder\20130322175237_37wan130322zhuztA25hao.swf
j:\favoritevideo\InvisibleFolder\externtab(3.2.1.1).zip
j:\favoritevideo\InvisibleFolder\logclient.dll
j:\favoritevideo\InvisibleFolder\peer.dll.tpp
j:\favoritevideo\InvisibleFolder\pplss2.swf
j:\favoritevideo\InvisibleFolder\pprepair.dll
j:\favoritevideo\InvisibleFolder\pptv_jiangshen_13204.exe
j:\favoritevideo\InvisibleFolder\pptv_xuanxianchuanqi_130130.exe
j:\favoritevideo\InvisibleFolder\pptvsetup_3.3.2.0077_s.exe
j:\favoritevideo\InvisibleFolder\Thumbs.db
j:\favoritevideo\InvisibleFolder\tipsbubble.dll
j:\favoritevideo\InvisibleFolder\tipsclient.dll
j:\favoritevideo\InvisibleFolder\tipsdone.dll
j:\favoritevideo\InvisibleFolder\tipsstatistic.dll
j:\program files\Internet Explorer\SET6D.tmp
j:\program files\Internet Explorer\SET72.tmp
j:\windows\~GLC0000.TMP
j:\windows\~GLC0001.TMP
j:\windows\~GLC0002.TMP
j:\windows\~GLC0003.TMP
j:\windows\~GLH0000.TMP
j:\windows\~GLH0001.TMP
j:\windows\~GLH0002.TMP
j:\windows\~GLH0003.TMP
j:\windows\~GLH0004.TMP
j:\windows\~GLH0005.TMP
j:\windows\~GLH0006.TMP
j:\windows\~GLH0007.TMP
j:\windows\msmqinst.log
j:\windows\system32\TZLog.log
.

作者: ekaro   发布时间: 2014-02-02

.
((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_HZ_COMMSRV
-------\Service_amsint32
-------\Service_HZ_CommSrv
.
.
((((((((((((((((((((((((( 2013-11-28 至 2013-12-28 的新的档案 )))))))))))))))))))))))))))))))
.
.
2013-12-28 06:05 . 2013-12-28 06:05 -------- d-----w- j:\windows\ERUNT
2013-12-28 05:42 . 2013-12-28 05:42 -------- d-----w- J:\_OTM
2013-12-27 12:50 . 2013-12-27 12:50 -------- d-----w- j:\program files\Trend Micro
2013-12-19 13:14 . 2013-12-19 13:14 -------- d-----w- j:\documents and settings\ken.KEN-F3BF796C133\Application Data\360Desktop
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 02:59 . 2012-10-06 13:21 150528 ----a-w- j:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2012-10-06 13:21 591360 ----a-w- j:\windows\system32\rpcrt4.dll
2013-11-06 01:36 . 2010-08-13 10:45 10752 ----a-w- j:\windows\system32\xpsp4res.dll
2013-10-30 02:51 . 2012-10-06 13:22 1878656 ----a-w- j:\windows\system32\win32k.sys
2013-10-29 07:57 . 2012-10-06 13:22 920064 ----a-w- j:\windows\system32\wininet.dll
2013-10-29 07:57 . 2012-10-06 13:21 43520 ----a-w- j:\windows\system32\licmgr10.dll
2013-10-29 07:57 . 2012-10-06 13:21 1469440 ----a-w- j:\windows\system32\inetcpl.cpl
2013-10-29 07:57 . 2012-10-06 13:20 18944 ----a-w- j:\windows\system32\corpol.dll
2013-10-29 00:45 . 2012-10-06 13:21 385024 ----a-w- j:\windows\system32\html.iec
2013-10-23 23:45 . 2012-10-06 13:21 172032 ----a-w- j:\windows\system32\scrrun.dll
2013-10-12 15:56 . 2012-10-06 13:21 276480 ----a-w- j:\windows\system32\oakley.dll
2013-10-09 13:12 . 2012-10-06 13:21 287744 ----a-w- j:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2012-10-06 13:20 595968 ----a-w- j:\windows\system32\crypt32.dll
2008-10-15 07:07 . 2012-10-09 14:33 1620480 ----a-w- j:\program files\KMPSetup.exe
2008-10-15 06:30 . 2012-10-09 14:33 6369792 ----a-w- j:\program files\KMPlayer.exe
2008-09-12 04:53 . 2012-10-09 14:33 1511424 ----a-w- j:\program files\MediaInfo.dll
2008-07-10 07:21 . 2012-10-09 14:33 1949184 ----a-w- j:\program files\KIconLib.dll
2008-07-09 08:06 . 2012-10-09 14:33 675840 ----a-w- j:\program files\ac3filter.ax
2008-07-09 04:41 . 2012-10-09 14:33 5468160 ----a-w- j:\program files\KMPAlbumArt.dll
2008-02-25 06:08 . 2012-10-09 14:33 164352 ----a-w- j:\program files\unrarDLL.dll
2008-02-25 06:07 . 2012-10-09 14:33 368640 ----a-w- j:\program files\RoQSplitter.ax
2008-02-25 06:07 . 2012-10-09 14:33 434176 ----a-w- j:\program files\RealMediaSplitter.ax
2008-02-25 06:07 . 2012-10-09 14:33 1769472 ----a-w- j:\program files\PProcDLL.DLL
2008-02-25 06:07 . 2012-10-09 14:33 770048 ----a-w- j:\program files\Old_QUARTZ.DLL
2008-02-25 06:07 . 2012-10-09 14:33 376832 ----a-w- j:\program files\OggSplitter.ax
2008-02-25 06:07 . 2012-10-09 14:33 339968 ----a-w- j:\program files\NutSplitter.ax
2008-02-25 06:06 . 2012-10-09 14:33 372736 ----a-w- j:\program files\MpegSplitter.ax
2008-02-25 06:06 . 2012-10-09 14:33 430080 ----a-w- j:\program files\Mpeg2DecFilter.ax
2008-02-25 06:06 . 2012-10-09 14:33 901120 ----a-w- j:\program files\MpaDecFilter.ax
2008-02-25 06:06 . 2012-10-09 14:33 348160 ----a-w- j:\program files\MpaSplitter.ax
2008-02-25 06:06 . 2012-10-09 14:33 62464 ----a-w- j:\program files\MMSwitch.ax
2008-02-25 06:06 . 2012-10-09 14:33 507904 ----a-w- j:\program files\MP4Splitter.ax
2008-02-25 06:06 . 2012-10-09 14:33 438272 ----a-w- j:\program files\MatroskaSplitter.ax
2008-02-25 06:05 . 2012-10-09 14:33 892928 ----a-w- j:\program files\iconv.dll
2008-02-25 06:05 . 2012-10-09 14:33 409600 ----a-w- j:\program files\FLVSplitter.ax
2008-02-25 06:04 . 2012-10-09 14:33 352256 ----a-w- j:\program files\DSMSplitter.ax
2008-02-25 06:04 . 2012-10-09 14:33 540672 ----a-w- j:\program files\DiracSplitter.ax
2008-02-25 06:03 . 2012-10-09 14:33 28088 ----a-w- j:\program files\bass_wv.dll
2008-02-25 06:03 . 2012-10-09 14:33 92728 ----a-w- j:\program files\bass.dll
2008-02-25 06:03 . 2012-10-09 14:33 8664 ----a-w- j:\program files\bass_tta.dll
2008-02-25 06:03 . 2012-10-09 14:33 33240 ----a-w- j:\program files\bass_ape.dll
2008-02-25 06:03 . 2012-10-09 14:33 23616 ----a-w- j:\program files\bass_flac.dll
2008-02-25 06:03 . 2012-10-09 14:33 18888 ----a-w- j:\program files\bass_mpc.dll
2008-02-25 06:03 . 2012-10-09 14:33 12784 ----a-w- j:\program files\bass_alac.dll
2008-02-25 06:03 . 2012-10-09 14:33 376832 ----a-w- j:\program files\AviSplitter.ax
2008-02-25 06:03 . 2012-10-09 14:33 311296 ----a-w- j:\program files\audioswitcher.ax
2008-02-25 06:03 . 2012-10-09 14:33 81920 ----a-w- j:\program files\aac_parser.ax
2007-04-27 01:41 . 2012-10-09 14:33 888832 ----a-w- j:\program files\QuickTimeInternetExtras.qtx
2007-04-27 01:41 . 2012-10-09 14:33 458752 ----a-w- j:\program files\QuickTimeEssentials.qtx
2007-04-27 01:41 . 2012-10-09 14:33 315392 ----a-w- j:\program files\QuickTimeMPEG4.qtx
2007-04-27 01:41 . 2012-10-09 14:33 335872 ----a-w- j:\program files\QuickTime3GPP.qtx
2007-04-27 01:41 . 2012-10-09 14:33 13754368 ----a-w- j:\program files\QuickTime.qts
2007-03-30 09:52 . 2012-10-09 14:33 241664 ----a-w- j:\program files\PmpSplitter.ax
2006-10-06 20:40 . 2012-10-09 14:33 552960 ----a-w- j:\program files\raac.dll
2006-10-06 20:35 . 2012-10-09 14:33 77824 ----a-w- j:\program files\atrc.dll
2006-10-06 20:18 . 2012-10-09 14:33 106496 ----a-w- j:\program files\sipr.dll
2006-10-06 20:16 . 2012-10-09 14:33 65536 ----a-w- j:\program files\cook.dll
2006-10-06 20:16 . 2012-10-09 14:33 102400 ----a-w- j:\program files\drv1.dll
2006-10-06 20:16 . 2012-10-09 14:33 49152 ----a-w- j:\program files\rv10.dll
2006-10-06 20:14 . 2012-10-09 14:33 241664 ----a-w- j:\program files\hxltcolor.dll
2006-10-06 20:09 . 2012-10-09 14:33 49152 ----a-w- j:\program files\rv40.dll
2006-10-06 20:09 . 2012-10-09 14:33 266240 ----a-w- j:\program files\drvc.dll
2006-10-06 20:09 . 2012-10-09 14:33 49152 ----a-w- j:\program files\rv30.dll
2006-10-06 20:06 . 2012-10-09 14:33 176128 ----a-w- j:\program files\drv2.dll
2006-10-06 20:06 . 2012-10-09 14:33 57344 ----a-w- j:\program files\rv20.dll
2005-06-17 14:25 . 2012-10-09 14:33 155648 ----a-w- j:\program files\ralf.dll
1998-03-08 12:28 . 2012-10-09 14:33 273408 ----a-w- j:\program files\Pncrt.dll

作者: ekaro   发布时间: 2014-02-02

.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AAADesktopTips]
@="{4562B511-62E9-4533-B7B2-56A8BB10B482}"
[HKEY_CLASSES_ROOT\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}]
2013-06-20 03:16 264584 ----a-w- j:\documents and settings\All Users.WINDOWS\Application Data\Thunder Network\KanKan\reghelper\xappex.1.1.1.73.(204).dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XMP"="j:\docume~1\ALLUSE~1.WIN\APPLIC~1\THUNDE~1\XMP4\Core\Program\XMP.exe" [2013-03-07 252296]
"FlashGet 3"="j:\program files\FlashGet Network\FlashGet 3\Flashget3.exe" [2012-12-12 3434752]
"ctfmon.exe"="j:\windows\system32\ctfmon.exe" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="j:\program files\Common Files\Real\Update_OB\realsched.exe" [2012-11-18 185896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="j:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
Ime File REG_SZ DREYEJP.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0210404]
Ime File REG_SZ DREYETC.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0220804]
Ime File REG_SZ DREYESC.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\J:^Documents and Settings^All Users.WINDOWS^「开始」功能表^程式集^启动^cf3cuudjsbparc.bat]
path=j:\documents and settings\All Users.WINDOWS\「开始」功能表\程式集\启动\cf3cuudjsbparc.bat
backup=j:\windows\pss\cf3cuudjsbparc.batCommon Startup
.
[HKLM\~\startupfolder\J:^Documents and Settings^All Users.WINDOWS^「开始」功能表^程式集^启动^McAfee Security Scan Plus.lnk]
path=j:\documents and settings\All Users.WINDOWS\「开始」功能表\程式集\启动\McAfee Security Scan Plus.lnk
backup=j:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\J:^Documents and Settings^ken.KEN-F3BF796C133^「开始」功能表^程式集^启动^OneNote 2010 Screen Clipper and Launcher.lnk]
path=j:\documents and settings\ken.KEN-F3BF796C133\「开始」功能表\程式集\启动\OneNote 2010 Screen Clipper and Launcher.lnk
backup=j:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- j:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-26 23:22 59240 ----a-w- j:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-03-12 05:49 153136 ----a-w- j:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2007-11-05 13:34 741376 ------w- j:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCBCertificate]
2013-05-14 02:16 416120 ----a-w- j:\program files\CCBComponents\DMWZ\CCBCertificate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-10-30 07:05 77824 ------w- j:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 23:42 15360 ----a-w- j:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2005-08-08 06:10 16384 ----a-w- j:\windows\CTHELPER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2005-08-08 06:10 18944 ----a-w- j:\windows\system32\CTXFIHLP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-04-01 09:39 486856 ----a-w- j:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
2011-11-10 06:57 7847936 ----a-w- j:\program files\easyMule\emule.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet 3]
2012-12-12 04:40 3434752 ----a-w- j:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKToolbarManager]
2013-09-11 02:01 835072 ----a-w- j:\program files\881903\IETOOLBAR\hkmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2012-01-24 07:56 181528 ----a-r- j:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2012-01-24 07:56 143128 ----a-r- j:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMDreyePlugin]
2007-02-24 10:10 36864 ----a-w- j:\program files\Inventec\Dreye\DreyeMT\DreyeIMplugin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 12:00 208952 ----a-w- j:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer]
2008-04-13 23:42 208896 ----a-w- j:\windows\inf\unregmp2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 10:53 153136 ----a-w- j:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2013-04-22 02:05 720064 ----a-w- j:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2012-01-24 07:56 169752 ----a-r- j:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-13 23:42 455168 ----a-w- j:\windows\system32\IME\TINTLGNT\tintsetp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-13 23:42 455168 ----a-w- j:\windows\system32\IME\TINTLGNT\tintsetp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 06:28 421888 ----a-w- j:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2011-10-14 10:58 20064872 ----a-w- j:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2013-03-18 09:47 448736 ----a-w- j:\program files\Sony\Sony PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-29 09:11 61440 ----a-w- j:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 06:02 254696 ----a-w- j:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-11-18 13:37 185896 ----a-w- j:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-10 17:00 90112 ------w- j:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBKeyTools.exe]
2013-06-26 08:36 627048 ----a-w- j:\program files\CCBComponents\HDZB\USBKeyTools.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wdcertm_ccb]
2012-09-10 09:22 71200 ----a-r- j:\windows\system32\WatchData\Watchdata CCB OCL CSP v3.2\WDCertM_CCB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XMP]
2013-03-07 07:10 252296 ----a-w- j:\docume~1\ALLUSE~1.WIN\APPLIC~1\THUNDE~1\XMP4\Core\Program\xmp.exe

作者: ekaro   发布时间: 2014-02-02

.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"Microsoft SharePoint Workspace Audit Service"=3 (0x3)
"Intel(R) ME Service"=2 (0x2)
"Intel(R) Capability Licensing Service Interface"=2 (0x2)
"idsvc"=3 (0x3)
"hkmsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"YahooAUService"=2 (0x2)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"NMIndexingService"=3 (0x3)
"gupdatem"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"Sony PC Companion"=3 (0x3)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"ATI Smart"=2 (0x2)
"AlipaySecSvc"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"aspnet_state"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"j:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"j:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"j:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"j:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"j:\\Documents and Settings\\ken.KEN-F3BF796C133\\My Documents\\all set up2\\flashget_1641_1.exe"=
"j:\\Documents and Settings\\ken.KEN-F3BF796C133\\My Documents\\all set up2\\inst.exe"=
"j:\\Program Files\\Thunder Network\\Xmp\\Program\\XLLiveUD.exe"=
"j:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Thunder Network\\XMP4\\Core\\Program\\XLLiveUD.exe"=
"j:\\Program Files\\Thunder Network\\Xmp\\Program\\XLBugReport.exe"=
"j:\\Program Files\\Common Files\\Thunder Network\\Kankan\\XLBugReport.exe"=
"j:\\Program Files\\Common Files\\Thunder Network\\TP\\Ver1\\1.1.2.193_1111\\XLBugReport.exe"=
"j:\\Program Files\\Common Files\\Thunder Network\\TP\\Ver1\\1.1.2.193_1111\\ThunderLiveUD.exe"=
"j:\\Program Files\\Thunder Network\\Xmp\\TP\\ThunderPlatform.exe"=
"j:\\Program Files\\Common Files\\Thunder Network\\TP\\Ver1\\1.1.2.193_1111\\ThunderPlatform.exe"=
"j:\\Program Files\\Common Files\\Thunder Network\\Kankan\\ThunderServiceLite.exe"=
"j:\\Program Files\\Common Files\\Thunder Network\\Kankan\\KanKanLive.exe"=
"j:\\Program Files\\Thunder Network\\Xmp\\Program\\XMP.exe"=
"j:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12593:TCP"= 12593:TCP:*isabled:BitComet 12593 TCP
"12593:UDP"= 12593:UDP:*isabled:BitComet 12593 UDP
.
R0 sptd;sptd;j:\windows\system32\drivers\sptd.sys [7/10/2012 10:44 717296]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;j:\program files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [17/11/2012 20:54 161560]
R2 UNS;Intel(R) Management and Security Application User Notification Service;j:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [17/11/2012 20:54 363800]
R2 WDMonitorCCB;WatchData ccb V3.2;j:\windows\system32\WatchData\Watchdata CCB OCL CSP v3.2\WDKeyMonitorCCB.exe [30/8/2013 11:16 62816]
R3 MEI;Intel(R) Management Engine Interface ;j:\windows\system32\drivers\HECI.sys [17/11/2012 20:53 46080]
R3 usbUDisc;usbUDisc;j:\windows\system32\drivers\USBDrv.sys [25/11/2012 15:19 66560]
S3 Ambfilt;Ambfilt;j:\windows\system32\drivers\Ambfilt.sys [17/11/2012 20:42 1691480]
S3 HaozipVirtualCDBus;HaoZip Virtual Bus Driver;j:\windows\system32\drivers\HaoZipVirtualCDBus.sys [24/7/2012 10:55 115288]
S3 PciConciCon;\??\g:\pcicon.sys --> g:\PciCon.sys [?]
S4 AlipaySecSvc;Alipay security service;j:\program files\alipay\alieditplus\AlipaySecSvc.exe [26/3/2013 10:47 319840]
S4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;j:\program files\Intel\iCLS Client\HeciServer.exe [2/2/2012 22:25 458464]
S4 Intel(R) ME Service;Intel(R) ME Service;j:\program files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [17/11/2012 20:55 121344]
S4 Sony PC Companion;Sony PC Companion;j:\program files\Sony\Sony PC Companion\PCCService.exe [23/3/2013 10:56 155824]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
XLServicePlatform REG_MULTI_SZ XLServicePlatform
DoctorService REG_MULTI_SZ XLDoctor Service
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-18 15:05 1210320 ----a-w- j:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-07 20:32 128512 ----a-w- j:\windows\system32\advpack.dll

作者: ekaro   发布时间: 2014-02-02

.
‘计划任务’ 文件夹 里的内容
.
2013-12-28 j:\windows\Tasks\Adobe Flash Player Updater.job
- j:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 12:32]
.
2013-12-28 j:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- j:\program files\Google\Update\GoogleUpdate.exe [2012-10-08 13:07]
.
2013-12-28 j:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- j:\program files\Google\Update\GoogleUpdate.exe [2012-10-08 13:07]
.
2013-12-28 j:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- j:\program files\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 05:41]
.
2013-10-14 j:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- j:\program files\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 05:41]
.
2013-12-27 j:\windows\Tasks\ReclaimerUpdateFiles_ken.job
- j:\documents and settings\ken.KEN-F3BF796C133\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-12-18 14:48]
.
2013-12-27 j:\windows\Tasks\ReclaimerUpdateXML_ken.job
- j:\documents and settings\ken.KEN-F3BF796C133\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-12-18 14:48]
.
2013-12-28 j:\windows\Tasks\RNUpgradeHelperLogonPrompt_ken.job
- j:\documents and settings\ken.KEN-F3BF796C133\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-12-18 14:48]
.
2013-12-27 j:\windows\Tasks\User_Feed_Synchronization-{EAD68172-933B-4883-B3DB-D05AFDF31443}.job
- j:\windows\system32\msfeedssync.exe [2009-03-07 20:31]
.
2013-12-28 j:\windows\Tasks\WGASetup.job
- j:\windows\system32\KB905474\wgasetup.exe [2012-12-28 14:18]
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://hk.yahoo.com/
mStart Page = hxxp://www.google.com
uSearchAssistant =
IE: Download by easyMule - j:\program files\easyMule\IE2EM.htm
Trusted Zone: ccb.cn\b2b
Trusted Zone: ccb.com\*
Trusted Zone: ccb.com\www
Trusted Zone: ccb.com.cn\*
Trusted Zone: ccb.com.cn\ca2
Trusted Zone: ccb.com.cn\ca3
Trusted Zone: ccb.com.cn\ibsbjstar
Trusted Zone: ccb.com.cn\mybank
TCP: DhcpNameServer = 203.185.0.37 203.185.0.36 203.185.0.34
FF - ProfilePath - j:\documents and settings\ken.KEN-F3BF796C133\Application Data\Mozilla\Firefox\Profiles\joywlhqn.default\
FF - prefs.js: browser.startup.homepage - hxxp://hk.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-115com - j:\program files\115\115com\115com.exe
MSConfigStartUp-aliim - j:\documents and settings\ken.KEN-F3BF796C133\桌面\aliim.exe
MSConfigStartUp-Malwarebytes' Anti-Malware - j:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
MSConfigStartUp-MaxUSBProc - j:\program files\Max Spyware Detector\MaxUSBProc.exe
MSConfigStartUp-PPAP - j:\program files\Common Files\PPLiveNetwork\PPAP.exe
MSConfigStartUp-SearchSettings - j:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-28 14:41
Windows 5.1.2600 Service Pack 3 NTFS
.
扫描被隐藏的进程 ...
.
扫描被隐藏的启动组 ...
.
扫描被隐藏的文件 ...
.
扫描完成
被隐藏的档案: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\b?v*gaR]
"Order"=hex:08,00,00,00,02,00,00,00,66,01,00,00,01,00,00,00,04,00,00,00,4e,00,
00,00,00,00,00,00,40,00,36,00,83,00,00,00,4c,41,a6,69,20,00,7e,76,a6,5e,2e,\
.
[HKEY_USERS\S-1-5-21-1957994488-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\TecmoKoei\ NW莤1*2*]
"Order"=hex:08,00,00,00,02,00,00,00,42,03,00,00,01,00,00,00,06,00,00,00,8c,00,
00,00,00,00,00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,36,\
.
[HKEY_USERS\S-1-5-21-1957994488-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\-NW?-??L?E*?w??瓠€?[hQD}譸]
"Order"=hex:08,00,00,00,02,00,00,00,ca,01,00,00,01,00,00,00,04,00,00,00,70,00,
00,00,00,00,00,00,62,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,50,00,35,\
.
[HKEY_USERS\S-1-5-21-1957994488-1425521274-725345543-1003_Classes\.*?????卉6e?v糇?u?e譸]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="AliFileCheck.File"
.
[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*CQ譸\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"
.
[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*CQ譸\CurVer]
@="BDATuner.元件.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@j:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="j:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\-NW?-??L?E*?w??瓠€?[hQD}譸?[?z_]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,
00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"Changed"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\-NW?-??L?E*?w??瓠€?[hQD}譸?[?z_]
"DisplayName"="中国建设银行E路护航网银安全组件 1.0.4.3"
"UninstallString"="j:\\Program Files\\CCBComponents\\uninst.exe"
"DisplayIcon"="j:\\Program Files\\CCBComponents\\uninst.exe"
"DisplayVersion"="1.0.4.3"
"URLInfoAbout"="http://www.ccb.com"
"Publisher"="China Construction Bank"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\'Yf?N2m *?L?瓠€??]
"DisplayName"="大明五洲 建行网银盾"
"DisplayIcon"="j:\\Program Files\\CCBComponents\\DMWZ\\uninst.exe"
"DisplayVersion"="2.1.4.2"
"URLInfoAbout"="http://www.bdtech.com.cn"
"Publisher"="Beijing Daming Wuzhou science and technology Co.,Ltd"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001

作者: ekaro   发布时间: 2014-02-02

.
--------------------- 运行进程下的动态链接库 ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
j:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2184)
j:\windows\system32\WININET.dll
j:\documents and settings\All Users.WINDOWS\Application Data\Thunder Network\KanKan\reghelper\xappex.1.1.1.73.(204).dll
j:\documents and settings\All Users.WINDOWS\Application Data\Thunder Network\KanKan\Pusher\xappdrv.1.0.0.73.dll
j:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
j:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
j:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
j:\program files\Common Files\Ahead\Lib\MFC71U.DLL
j:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
j:\windows\system32\ieframe.dll
j:\windows\system32\webcheck.dll
j:\windows\system32\WPDShServiceObj.dll
j:\windows\system32\PortableDeviceTypes.dll
j:\windows\system32\PortableDeviceApi.dll
.
------------------------ 其他运行进程 ------------------------
.
j:\windows\System32\SCardSvr.exe
j:\program files\Java\jre7\bin\jqs.exe
j:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
j:\windows\system32\wscntfy.exe
j:\windows\system32\conime.exe
.
**************************************************************************
.
完成时间: 2013-12-28 14:47:01 - 电脑已重新启动
ComboFix-quarantined-files.txt 2013-12-28 06:46
.
Pre-Run: 508,875,485,184 位元组可用
Post-Run: 509,421,711,360 位元组可用
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CHT.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - ABC8C672D2D124680372569DD4FFCD32
8F558EB6672622401DA993E1E865C861

作者: ekaro   发布时间: 2014-02-02

哗!好长呀,而家到HijackThis

作者: ekaro   发布时间: 2014-02-02

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:17:57, on 28/12/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:\
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Java\jre7\bin\jqs.exe
J:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
J:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
J:\WINDOWS\system32\svchost.exe
J:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
J:\WINDOWS\system32\WatchData\Watchdata CCB OCL CSP v3.2\WDKeyMonitorCCB.exe
J:\WINDOWS\system32\wscntfy.exe
J:\WINDOWS\system32\conime.exe
J:\Program Files\Common Files\Real\Update_OB\realsched.exe
J:\WINDOWS\system32\ctfmon.exe
J:\WINDOWS\explorer.exe
J:\WINDOWS\system32\notepad.exe
J:\Program Files\Google\Chrome\Application\chrome.exe
J:\Program Files\Google\Chrome\Application\chrome.exe
J:\Program Files\Google\Chrome\Application\chrome.exe
J:\Program Files\Google\Chrome\Application\chrome.exe
J:\Program Files\Google\Chrome\Application\chrome.exe
J:\Program Files\Google\Chrome\Application\chrome.exe
J:\Program Files\Google\Chrome\Application\chrome.exe
J:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - J:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - J:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - J:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - J:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - J:\Program Files\Inventec\Dreye\DreyeMT\DreyeIEBar.dll
O4 - HKLM\..\Run: [TkBellExe] "J:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [XMP] "J:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\THUNDE~1\XMP4\Core\Program\XMP.exe" /embedding /sstartfrom Startup101
O4 - HKCU\..\Run: [FlashGet 3] "J:\Program Files\FlashGet Network\FlashGet 3\Flashget3.exe" -minimize
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] J:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] J:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download by easyMule - J:\Program Files\easyMule\IE2EM.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - J:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - J:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: j:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - J:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - J:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - J:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - J:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - J:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - J:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - J:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: WatchData ccb V3.2 (WDMonitorCCB) - Beijing WatchData System Co., Ltd. - J:\WINDOWS\system32\WatchData\Watchdata CCB OCL CSP v3.2\WDKeyMonitorCCB.exe

--
End of file - 5415 bytes

作者: ekaro   发布时间: 2014-02-02

谢谢你

作者: ekaro   发布时间: 2014-02-02

1. 执行AdwCleaner
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
将档案储存於桌面>双击执行AdwCleaner.exe>按下Scan>扫描完成后 按下Clean>重启电脑>完成后会产生log 另存於桌面>稍后上传

2. 下载及安装Malwarebytes
下载连结 goo.gl/D1RRY
>将档案储存於桌面
>双击执行mbam-setup.exe
>选择繁体中文作为安装语言
>按 下一步 勾选 我同意 后再按 下一步
>然后全部都按 下一步,不需要更改任何设定
>按 安装 后等候安装
>按 完成 完成安装,并进行更新
>勾选 完整扫描,然后按 扫描
>等待扫瞄完成,按 显示结果,按下右键 按检查所有项目
>再按 清除已选择的项目 进行清理
>完成清理后会弹出扫描纪录,请储存扫描纪录至桌面
>关闭 Malwarebytes' Anti-Malware
>扫描完成后 会产生log 另存於桌面>稍后上传

3. 在开始栏位输入「msconfig」
>开启「系统设定」
>按下「启动」栏位
>截图并贴上来

4. 截图并贴上 工作管理员的处理程序

作者: GoodestEngilsh   发布时间: 2014-02-02

# AdwCleaner v3.016 - Report created 28/12/2013 at 22:34:46
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : ken - KEN-F3BF796C133
# Running from : J:\Documents and Settings\ken.KEN-F3BF796C133\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : J:\Program Files\Uniblue\DriverScanner

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Uniblue

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v23.0.1 (zh-TW)

-\\ Google Chrome v31.0.1650.63

*************************

AdwCleaner[R0].txt - [1434 octets] - [28/12/2013 22:34:02]
AdwCleaner[S0].txt - [1324 octets] - [28/12/2013 22:34:46]

########## EOF - J:\AdwCleaner\AdwCleaner[S0].txt - [1384 octets] ##########

作者: ekaro   发布时间: 2014-02-02

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

资料库版本: v2013.12.28.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ken :: KEN-F3BF796C133 [系统管理员]

28/12/2013 22:53:21
mbam-log-2013-12-28 (22-53-21).txt

扫描类型: 完全扫描 (J:\|)
启用扫描选项: 记忆体 | 启动 | 登录档 | 档案系统 | 启发式/额外 | 启发式/Shuriken 引擎 | PUP | PUM
停用扫描选项: P2P
被扫描物件数量: 607742
总共扫描时间: 3 小时, 8 分钟, 45 秒

被检测到记忆体进程数量: 0
(没有检测到有害项目)

被检测到记忆体模组数量: 0
(没有检测到有害项目)

被检测到登录档项目数量: 5
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> 已成功隔离及删除
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> 已成功隔离及删除
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> 已成功隔离及删除
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> 已成功隔离及删除
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> 已成功隔离及删除

被检测到登录档值数量: 0
(没有检测到有害项目)

被检测到登录档资料项目数量: 0
(没有检测到有害项目)

被检测到资料夹数量: 0
(没有检测到有害项目)

被检测到档案数量: 11
J:\Documents and Settings\ken.KEN-F3BF796C133\Local Settings\Application Data\Google\Chrome\User Data\Default\File System\000\t\00\00000000 (PUP.Optional.Installrex) -> 已成功隔离及删除
J:\Documents and Settings\ken.KEN-F3BF796C133\My Documents\all set up2\FreemakeVideoConverter_4.0.1.1.exe (PUP.Optional.OpenCandy) -> 已成功隔离及删除
J:\Documents and Settings\ken.KEN-F3BF796C133\My Documents\all set up2\YTDSetup.exe (PUP.Optional.Spigot.A) -> 已成功隔离及删除
J:\Program Files\Common Files\Thunder Network\Kankan\ThunderFW.exe (Trojan.Downloader) -> 已成功隔离及删除
J:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.193_1111\ThunderFW.exe (Trojan.Downloader) -> 已成功隔离及删除
J:\Program Files\Thunder Network\Xmp\TP\ThunderFW.exe (Trojan.Downloader) -> 已成功隔离及删除
J:\System Volume Information\_restore{293690C3-7F09-4AE4-92F6-6D6FA82E12F7}\RP282\A0113404.dll (PUP.Optional.DefaultTab) -> 已成功隔离及删除
J:\System Volume Information\_restore{293690C3-7F09-4AE4-92F6-6D6FA82E12F7}\RP282\A0113401.exe (PUP.Optional.DefaultTab) -> 已成功隔离及删除
J:\System Volume Information\_restore{293690C3-7F09-4AE4-92F6-6D6FA82E12F7}\RP282\A0113402.exe (PUP.Optional.DefaultTab) -> 已成功隔离及删除
J:\System Volume Information\_restore{293690C3-7F09-4AE4-92F6-6D6FA82E12F7}\RP282\A0113405.dll (PUP.Optional.DefaultTab) -> 已成功隔离及删除
J:\System Volume Information\_restore{293690C3-7F09-4AE4-92F6-6D6FA82E12F7}\RP282\A0113407.exe (PUP.Optional.DefaultTab.A) -> 已成功隔离及删除

作者: ekaro   发布时间: 2014-02-02

1. 卸载Malwarebytes

2. 用CCleaner清理垃圾
下载连结 https://www.piriform.com/ccleaner/download
清完Windows 清应用程式
清埋登录档

3. 报告情况
>电脑有冇快咗?
>装咩防毒?

作者: GoodestEngilsh   发布时间: 2014-02-02

谢谢你,电脑快咗正常番,
我冇装防毒,因为试用过几只,每只都搞到电脑好慢,开个word都要帮我检查,唔知 GoodestEnglish 兄有冇推介呢?谢谢你

作者: ekaro   发布时间: 2014-02-02

Bitdefender Free
- cloud tech 免更新
- 俾钱版世界第一
- 唔使set嘢 想set都无得set
- 自动背景执行

http://www.bitdefender.com/solutions/free.html

作者: GoodestEngilsh   发布时间: 2014-02-02

多谢你,已安装 Bitdefender 冇乜慢到

作者: ekaro   发布时间: 2014-02-02

You're welcome

1)请将主题改为[已解决]

2)移除各种工具
Hijackthis , Malwarebytes , CCLeaner: 控制台卸载
OTM , JRT , AdwCleaner: 直接右键删除
Combofix : http://www.combofix.org/how-to-uninstall-remove-combofix.php

建议保留Malwarebytes定期做快速扫描,CCleaner清垃圾

3) *如果你想用BD做full scan,开我的电脑,对住个硬碟 Right-Click 就搵到

4) 建议安装浏览器外挂 - Adblock Plus嚟过滤广告
adblockplus.org

5) 记住定期备份电脑重要资料

6) 有问题欢迎再问

作者: GoodestEngilsh   发布时间: 2014-02-02

可能耐冇上嚟,点样将主题改为[已解决]?

作者: ekaro   发布时间: 2014-02-02

系你主题个post到 嘅右下角 你会发现[编缉] click入去就搵到

作者: GoodestEngilsh   发布时间: 2014-02-02

Thanks

作者: ekaro   发布时间: 2014-02-02

啊 同埋 BD Free要注册先可以继续用下去的
您可以系个主界面都搵到

作者: GoodestEngilsh   发布时间: 2014-02-02

谢谢 Goodest english, 我试下注册先,注唔到再问你

作者: ekaro   发布时间: 2014-02-02

pls delete

[ 本帖最后由 wongnganyuk 於 2014-1-10 10:30 PM 编辑 ]

作者: wongnganyuk   发布时间: 2014-02-02

pls delete

[ 本帖最后由 wongnganyuk 於 2014-1-10 10:30 PM 编辑 ]

作者: wongnganyuk   发布时间: 2014-02-02

相关阅读 更多

热门阅读

热门下载

更多
关于本站 免责申明 联系我们

Copyright 2006-2020 php爱好者(phpfans.net) All Rights Reserved.备案号:湘ICP备2023016114号-2

本站为非盈利性网站,不接受任何广告。本站所有资源均由网友上传,如有侵权,请发邮件至 [email protected] phpfans.net