中左Dunik!rts 唔知点先删得走.. (附hijackthis)

前日full scan都仲未有呢件野
今朝开机LAG LAG地就见到MSE scan到佢隔离左

不过删完又出番黎...求解决啊,宜家真系好惊!!

[ 本帖最后由 cklnick 於 2014-3-4 03:37 AM 编辑 ]

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 19:22:46, on 3/3/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
CHROME: 33.0.1750.117

Boot mode: Normal

Running processes:
D:\Program Files (x86)\Garena Messenger\ggdllhost.exe
D:\Users\Nick\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
D:\Program Files (x86)\RocketDock\RocketDock.exe
D:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
D:\Program Files\Real Player\Update\realsched.exe
D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Program Files (x86)\BUFFALO\SLManagerEasy\Inputps.exe
D:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe
D:\Program Files (x86)\Skype\Phone\Skype.exe
D:\program files (x86)\avira\antivir desktop\avscan.exe
D:\Users\Nick\Desktop\HijackThis.exe

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.9.16.4670.dll
O2 - BHO: Microsoft 帐户登入协助程式 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - D:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Microsoft Web 测试录制器 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\D盘用\visual 2010\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: Xunlei BHO Platform - {DE05CF4A-7B0A-4775-B5E5-396244938679} - D:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
O4 - HKLM\..\Run: [IME14 CHT Uninstall] D:\Program Files (x86)\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE /Uninstall /CHT /Log
O4 - HKLM\..\Run: [HTC Sync Loader] "D:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Real Player\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Octoshape Streaming Services] "D:\Users\Nick\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [GoogleDriveSync] "D:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Google Update] "D:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GarenaPlus] "D:\Program Files (x86)\Garena Messenger\GarenaMessenger.exe" -autolaunch
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 7] "D:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = D:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: HSLaunch.lnk = D:\Nexon\Mabinogi\HSLaunch.exe
O4 - Global Startup: SoftEther VPN Client 管理工具??菜?.lnk
O8 - Extra context menu item: &妏蚚&捃泞烛盄狟婥 - D:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm
O8 - Extra context menu item: &妏蚚&捃泞狟婥 - D:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: &妏蚚&捃泞狟婥窒蝈诿 - D:\Program Files (x86)\Thunder Network\Thunder\BHO\GetAllUrl.htm
O8 - Extra context menu item: 汇出至 Microsoft Excel(&X) - res://D:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O10 - Unknown file in Winsock LSP: d:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: d:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.taobao.com
O15 - Trusted Zone: http://*.alipay.com (HKLM)
O15 - Trusted Zone: http://*.alisoft.com (HKLM)
O15 - Trusted Zone: http://*.taobao.com (HKLM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/Me ... /uno1/GAME_UNO1.cab
O16 - DPF: {708BFDA5-5B56-435B-8227-726021E197E9} - http://hk.beanfun.com/beanfun_block/embeds/BFServiceAdapter.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - http://labo.erinn.biz/cs/mabiweb.2012.04.25.0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/bi ... Client.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.co ... s/flash/swflash.cab
O18 - Protocol: KuGoo - (no CLSID) - (no file)
O18 - Protocol: KuGoo3 - (no CLSID) - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - D:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - (no CLSID) - (no file)
O18 - Filter: video/x-flv - (no CLSID) - (no file)

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - D:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - D:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - D:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Avira 排程管理员 (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apache2.4 - Apache Software Foundation - d:\Apache24\bin\httpd.exe
O23 - Service: bufssvr - BUFFALO INC. - D:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - D:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - D:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google更新 服务 (gupdate) (gupdate) - Unknown owner - D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google更新 服务 (gupdatem) (gupdatem) - Unknown owner - D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro 3.7 Crusader (HitmanPro37Crusader) - Unknown owner - (no file)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - D:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - D:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - D:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - D:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - D:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - D:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftEther VPN Client (SEVPNCLIENT) - SoftEther VPN Project at University of Tsukuba, Japan. - D:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - D:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - D:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - D:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - D:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - D:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - D:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - D:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - D:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - D:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - D:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - D:\Windows\system32\SearchIndexer.exe

--
End of file - 11668 bytes

根据某CHING 3个step做左 2,3 PO多次hijackthis同 2,3

但都系删唔走佢

[ 本帖最后由 cklnick 於 2014-3-4 03:31 AM 编辑 ]