当前位置：首页 → 问答吧 → 中左毒,请高手赐教

中左毒,请高手赐教

时间：2014-01-21

来源：互联网

上网时，有时一click就弹广告window，去到英文网页，部份英文字转色及底下间左双直线，只mouse去到又弹广告，试左好多扫毒都未能清除，点算好?

作者: lch99 发布时间: 2014-01-21

广告网址？

作者: GoodestEngilsh 发布时间: 2014-01-21

是

作者: lch99 发布时间: 2014-01-21

下载Hijackthis至桌面 > 按 Install > 按[ Accept] > 按 [Do a system scan and save a logfile ] > 完成扫瞄系统，hijackthis会弹出报告。然后复制+贴上在这里

http://www.hijackthis.de/downloads/HJTInstall.exe

作者: GoodestEngilsh 发布时间: 2014-01-21

下载Hijackthis至桌面 > 按 Install > 按[ Accept] > 按 [Do a system scan and save a logfile ] > 完成扫瞄系统，hijackthis会弹出报告。然后复制+贴上在这里

http://url.cn/MpPMyk ...

作者: GoodestEngilsh 发布时间: 2014-01-21

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:07:09, on 30/11/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Documents and Settings\frankiechung\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\KiesAirMessage.exe
C:\Program Files\AliWangWang\aliim.exe
C:\Program Files\alipay\SafeTransaction\Alipaybsm.exe
C:\Documents and Settings\frankiechung\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\AliWangWang\7.21.18C\miser\AliimSafe.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\AliWangWang\7.21.18C\AliIMSrv.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

[ 本帖最后由 lch99 於 2013-11-30 12:09 AM 编辑 ]

作者: lch99 发布时间: 2014-01-21

O4 - HKLM\..\Run: [dbuninst] C:\Program Files\BitComet\dbuninst.exe
O4 - HKLM\..\Run: [xuInfoTool] C:\Program Files\Ahead\Nero Toolkit\xuInfoTool.exe
O4 - HKLM\..\Run: [hbAcroRd32] C:\Program Files\Adobe\Acrobat 4.0\Reader\hbAcroRd32.exe
O4 - HKLM\..\Run: [riavgui] C:\Program Files\AVG\AVG8\riavgui.exe
O4 - HKLM\..\Run: [qdMSOICONS.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\qdMSOICONS.EXE
O4 - HKLM\..\Run: [lOneMessageCenter] C:\Program Files\Common Files\Real\Update_OB\lOneMessageCenter.exe
O4 - HKLM\..\Run: [qjDW20.EXE] C:\Program Files\Common Files\Microsoft Shared\DW\qjDW20.EXE
O4 - HKLM\..\Run: [gjCoverDes] C:\Program Files\Ahead\CoverDesigner\gjCoverDes.exe
O4 - HKLM\..\Run: [undTrax] C:\Program Files\Ahead\Nero SoundTrax\undTrax.exe
O4 - HKLM\..\Run: [rxmsmsgs] C:\Program Files\Messenger\rxmsmsgs.exe
O4 - HKLM\..\Run: [ixMSOHELP.EXE] C:\Program Files\Microsoft Office\Office10\1028\ixMSOHELP.EXE
O4 - HKLM\..\Run: [wbSCANPST.EXE] C:\Program Files\Common Files\System\Mapi\1028\wbSCANPST.EXE
O4 - HKLM\..\Run: [kpinetwiz] C:\Program Files\Internet Explorer\Connection Wizard\kpinetwiz.exe
O4 - HKLM\..\Run: [ninstuusee] C:\Program Files\uusee\ninstuusee.exe
O4 - HKLM\..\Run: [qfmsmsgsin] C:\Program Files\Messenger\qfmsmsgsin.exe
O4 - HKLM\..\Run: [hwFRONTPG.EXE] C:\Program Files\Microsoft Office\Office10\hwFRONTPG.EXE
O4 - HKLM\..\Run: [tNetInstaller] C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\tNetInstaller.exe
O4 - HKLM\..\Run: [jiavgfrw] C:\Program Files\AVG\AVG8\jiavgfrw.exe
O4 - HKLM\..\Run: [tuMSTORE.EXE] C:\Program Files\Microsoft Office\Office10\tuMSTORE.EXE
O4 - HKLM\..\Run: [rtavgdumpx] C:\Program Files\AVG\AVG8\rtavgdumpx.exe
O4 - HKLM\..\Run: [geGRAPH.EXE] C:\Program Files\Microsoft Office\Office10\geGRAPH.EXE
O4 - HKLM\..\Run: [vymsmsgsin] C:\Program Files\Messenger\vymsmsgsin.exe
O4 - HKLM\..\Run: [nkRar] C:\Program Files\WinRAR\nkRar.exe
O4 - HKLM\..\Run: [lvSetup] C:\Program Files\InstallShield Installation Information\{E0AD4033-D89B-11D7-97C2-00055D0CA761}\lvSetup.exe
O4 - HKLM\..\Run: [fcicwconn1] C:\Program Files\Internet Explorer\Connection Wizard\fcicwconn1.exe
O4 - HKLM\..\Run: [sfRar] C:\Program Files\WinRAR\sfRar.exe
O4 - HKLM\..\Run: [iverGenius] C:\Program Files\Driver-Soft\DriverGenius\iverGenius.exe
O4 - HKLM\..\Run: [ujmsinfo32] C:\Program Files\Common Files\Microsoft Shared\MSInfo\ujmsinfo32.exe
O4 - HKLM\..\Run: [beavgscanx] C:\Program Files\AVG\AVG8\beavgscanx.exe
O4 - HKLM\..\Run: [etup-cvr] C:\Documents and Settings\frankiechung\Local Settings\Temp\etup-cvr.exe
O4 - HKLM\..\Run: [xzupgrdhlp] C:\Program Files\Common Files\Real\Update_OB\xzupgrdhlp.exe
O4 - HKLM\..\Run: [xjdvdrgn] C:\Program Files\CyberLink\PowerDVD\xjdvdrgn.exe
O4 - HKLM\..\Run: [heck_cmd] C:\Program Files\Common Files\uusee\heck_cmd.exe
O4 - HKLM\..\Run: [akavgnsx] C:\Program Files\AVG\AVG8\akavgnsx.exe
O4 - HKLM\..\Run: [jaVTIDB.EXE] C:\Program Files\Microsoft Office\Office10\jaVTIDB.EXE
O4 - HKLM\..\Run: [xhmencoder] C:\Program Files\MpcStar\Codecs\Real\xhmencoder.exe
O4 - HKLM\..\Run: [fwicwconn2] C:\Program Files\Internet Explorer\Connection Wizard\fwicwconn2.exe
O4 - HKLM\..\Run: [ss-plugins] C:\Program Files\uusee\ss-plugins.exe
O4 - HKLM\..\Run: [mqdw] C:\Program Files\MSN\MSNCoreFiles\mqdw.exe
O4 - HKLM\..\Run: [zjCNFNOT32.EXE] C:\Program Files\Common Files\System\Mapi\1028\zjCNFNOT32.EXE
O4 - HKLM\..\Run: [epMCDLC.EXE] C:\Program Files\Microsoft Office\Office10\epMCDLC.EXE
O4 - HKLM\..\Run: [sdavgscanx] C:\Program Files\AVG\AVG8\sdavgscanx.exe
O4 - HKLM\..\Run: [fjRTLCPL] C:\Program Files\Realtek AC97\fjRTLCPL.exe
O4 - HKLM\..\Run: [exinst] C:\Documents and Settings\frankiechung\Application Data\exinst.exe
O4 - HKLM\..\Run: [orMSO7FTP.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\orMSO7FTP.EXE
O4 - HKLM\..\Run: [oqKillGom] C:\Program Files\GRETECH\GomPlayer\oqKillGom.exe
O4 - HKLM\..\Run: [lkDW.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\lkDW.EXE
O4 - HKLM\..\Run: [dimsimn] C:\Program Files\Outlook Express\dimsimn.exe
O4 - HKLM\..\Run: [pvsetup] C:\Program Files\InstallShield Installation Information\{C6F74245-2B77-40F4-AADA-D2BAE56CB113}\pvsetup.exe
O4 - HKLM\..\Run: [xhuninst] C:\Program Files\MpcStar\xhuninst.exe
O4 - HKLM\..\Run: [stemInfo] C:\Program Files\Driver-Soft\DriverGenius\stemInfo.exe
O4 - HKLM\..\Run: [pgCGuard] C:\Program Files\Microsoft\Search Enhancement Pack\Choice Guard\pgCGuard.exe
O4 - HKLM\..\Run: [bbavgrsx] C:\Program Files\AVG\AVG8\bbavgrsx.exe
O4 - HKLM\..\Run: [alSetup] C:\Program Files\InstallShield Installation Information\{B97CF5C3-0487-11D8-A36E-0050BAE317E1}\alSetup.exe
O4 - HKLM\..\Run: [lrWinRAR] C:\Program Files\WinRAR\lrWinRAR.exe
O4 - HKLM\..\Run: [eroStartSmart] C:\Program Files\Ahead\Nero StartSmart\eroStartSmart.exe
O4 - HKLM\..\Run: [thNeroCmd] C:\Program Files\Ahead\Nero\thNeroCmd.exe
O4 - HKLM\..\Run: [pbavgemc] C:\Program Files\AVG\AVG8\pbavgemc.exe
O4 - HKLM\..\Run: [snCFGWIZ.EXE] C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\bin\snCFGWIZ.EXE
O4 - HKLM\..\Run: [ylisignup] C:\Program Files\Internet Explorer\Connection Wizard\ylisignup.exe
O4 - HKLM\..\Run: [obMSIMPORT.EXE] C:\Program Files\Microsoft Office\Office10\obMSIMPORT.EXE
O4 - HKLM\..\Run: [yqMSTORE.EXE] C:\Program Files\Microsoft Office\Office10\yqMSTORE.EXE
O4 - HKLM\..\Run: [xzavgsrmax] C:\Program Files\AVG\AVG8\xzavgsrmax.exe
O4 - HKLM\..\Run: [giproxy] C:\Program Files\AVG\AVG8\giproxy.exe
O4 - HKLM\..\Run: [ovfixfp] C:\Program Files\AVG\AVG8\ovfixfp.exe
O4 - HKLM\..\Run: [ivqttask] C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\ivqttask.exe
O4 - HKLM\..\Run: [saMSTORE.EXE] C:\Program Files\Microsoft Office\Office10\saMSTORE.EXE
O4 - HKLM\..\Run: [mnavgsrmax] C:\Program Files\AVG\AVG8\mnavgsrmax.exe
O4 - HKLM\..\Run: [vqsetup] C:\Program Files\Common Files\Ahead\Uninstall\vqsetup.exe
O4 - HKLM\..\Run: [zqavgemc] C:\Program Files\AVG\AVG8\zqavgemc.exe
O4 - HKLM\..\Run: [oyiedw] C:\Program Files\Internet Explorer\oyiedw.exe
O4 - HKLM\..\Run: [ellRegister] C:\Program Files\GRETECH\GomPlayer\ellRegister.exe
O4 - HKLM\..\Run: [sbIKernel] C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\sbIKernel.exe
O4 - HKLM\..\Run: [bvRtParser] C:\Program Files\GRETECH\GomPlayer\bvRtParser.exe
O4 - HKLM\..\Run: [ystemInfo] C:\Program Files\Driver-Soft\DriverGenius\ystemInfo.exe
O4 - HKLM\..\Run: [xpMSO7FTPA.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\xpMSO7FTPA.EXE
O4 - HKLM\..\Run: [noLanguage] C:\Program Files\CyberLink\PowerDVD\Language\noLanguage.exe
O4 - HKLM\..\Run: [pbBackItUp] C:\Program Files\Ahead\Nero BackItUp\pbBackItUp.exe
O4 - HKLM\..\Run: [mvdvdrgn] C:\Program Files\CyberLink\PowerDVD\mvdvdrgn.exe

作者: lch99 发布时间: 2014-01-21

O4 - HKLM\..\Run: [fhRar] C:\Program Files\WinRAR\fhRar.exe
O4 - HKLM\..\Run: [ndWinRAR] C:\Program Files\WinRAR\ndWinRAR.exe
O4 - HKLM\..\Run: [wlavgdumpx] C:\Program Files\AVG\AVG8\wlavgdumpx.exe
O4 - HKLM\..\Run: [cjVTIPRES.EXE] C:\Program Files\Microsoft Office\Office10\cjVTIPRES.EXE
O4 - HKLM\..\Run: [ybMSACCESS.EXE] C:\Program Files\Microsoft Office\Office10\ybMSACCESS.EXE
O4 - HKLM\..\Run: [uninst] C:\Program Files\Common Files\Real\Update_OB\uninst.exe
O4 - HKLM\..\Run: [jpmoviemk] C:\Program Files\Movie Maker\jpmoviemk.exe
O4 - HKLM\..\Run: [chvideoinstall] C:\Program Files\CyberLink\Shared Files\chvideoinstall.exe
O4 - HKLM\..\Run: [Version] C:\Program Files\CyberLink\CDS\Version.exe
O4 - HKLM\..\Run: [bvinetwiz] C:\Program Files\Internet Explorer\Connection Wizard\bvinetwiz.exe
O4 - HKLM\..\Run: [ymPOWERPNT.EXE] C:\Program Files\Microsoft Office\Office10\ymPOWERPNT.EXE
O4 - HKLM\..\Run: [pdavgdumpx] C:\Program Files\AVG\AVG8\pdavgdumpx.exe
O4 - HKLM\..\Run: [DSVersion] C:\Program Files\CyberLink\CDS\DSVersion.exe
O4 - HKLM\..\Run: [fuuninst] C:\Program Files\Common Files\uusee\fuuninst.exe
O4 - HKLM\..\Run: [tsVTIDISC.EXE] C:\Program Files\Microsoft Office\Office10\tsVTIDISC.EXE
O4 - HKLM\..\Run: [eroMediaPlayer] C:\Program Files\Ahead\NeroMediaPlayer\eroMediaPlayer.exe
O4 - HKLM\..\Run: [ixMSO7FTP.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\ixMSO7FTP.EXE
O4 - HKLM\..\Run: [svfixfp] C:\Program Files\AVG\AVG8\svfixfp.exe
O4 - HKLM\..\Run: [ngunins000] C:\Program Files\Driver-Soft\DriverGenius\ngunins000.exe
O4 - HKLM\..\Run: [yxNBR] C:\Program Files\Ahead\Nero BackItUp\yxNBR.exe
O4 - HKLM\..\Run: [fkSetup] C:\Program Files\InstallShield Installation Information\{857A0A2A-3066-45D2-ACFC-5EE226EEA9D0}\fkSetup.exe
O4 - HKLM\..\Run: [tfCPLUtl64] C:\Program Files\Realtek AC97\tfCPLUtl64.exe
O4 - HKLM\..\Run: [zqNRESTORE.EXE] C:\Program Files\Ahead\Nero\zqNRESTORE.EXE
O4 - HKLM\..\Run: [rymsmsgsin] C:\Program Files\Messenger\rymsmsgsin.exe
O4 - HKLM\..\Run: [hjInfoTool] C:\Program Files\Ahead\Nero Toolkit\hjInfoTool.exe
O4 - HKLM\..\Run: [iiInfoTool] C:\Program Files\Ahead\Nero Toolkit\iiInfoTool.exe
O4 - HKLM\..\Run: [rjProducer] C:\Program Files\CyberLink\PowerProducer\rjProducer.exe
O4 - HKLM\..\Run: [yxMCDLC.EXE] C:\Program Files\Microsoft Office\Office10\yxMCDLC.EXE
O4 - HKLM\..\Run: [ddinst] C:\Documents and Settings\frankiechung\Application Data\ddinst.exe
O4 - HKLM\..\Run: [gnwab] C:\Program Files\Outlook Express\gnwab.exe
O4 - HKLM\..\Run: [uzMSACCESS.EXE] C:\Program Files\Microsoft Office\Office10\uzMSACCESS.EXE
O4 - HKLM\..\Run: [auncher] C:\Documents and Settings\frankiechung\Application Data\GRETECH\GomPlayer\auncher.exe
O4 - HKLM\..\Run: [dzavgchk0] C:\Program Files\AVG\AVG8\dzavgchk.exe0
O4 - HKLM\..\Run: [oStartSmart] C:\Program Files\Ahead\Nero StartSmart\oStartSmart.exe
O4 - HKLM\..\Run: [hasrt2smi] C:\Program Files\GRETECH\GomPlayer\hasrt2smi.exe
O4 - HKLM\..\Run: [nnavgfrw] C:\Program Files\AVG\AVG8\nnavgfrw.exe
O4 - HKLM\..\Run: [vxMSO7FTP.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\vxMSO7FTP.EXE
O4 - HKLM\..\Run: [s-plugins] C:\Program Files\uusee\s-plugins.exe
O4 - HKLM\..\Run: [bqmsmsgs] C:\Program Files\Messenger\bqmsmsgs.exe
O4 - HKLM\..\Run: [laLanguage] C:\Program Files\CyberLink\PowerDVD\Language\laLanguage.exe
O4 - HKLM\..\Run: [sjUNNero] C:\Program Files\Ahead\Nero\Uninstall\sjUNNero.exe
O4 - HKLM\..\Run: [ybCMIRMDRV.EXE] C:\Program Files\C-Media 3D Audio\Driver\Win\ybCMIRMDRV.EXE
O4 - HKLM\..\Run: [tjChCfg] C:\Program Files\Realtek AC97\tjChCfg.exe
O4 - HKLM\..\Run: [vpavgfrw] C:\Program Files\AVG\AVG8\vpavgfrw.exe
O4 - HKLM\..\Run: [roStartSmart] C:\Program Files\Ahead\Nero StartSmart\roStartSmart.exe
O4 - HKLM\..\Run: [faavgwdsvc] C:\Program Files\AVG\AVG8\faavgwdsvc.exe
O4 - HKLM\..\Run: [kiUNWISE.EXE] C:\Program Files\TVAnts\kiUNWISE.EXE
O4 - HKLM\..\Run: [mbmsmsgs] C:\Program Files\Messenger\mbmsmsgs.exe
O4 - HKLM\..\Run: [gyMSOHTMED.EXE] C:\Program Files\Microsoft Office\Office10\gyMSOHTMED.EXE
O4 - HKLM\..\Run: [tricwconn2] C:\Program Files\Internet Explorer\Connection Wizard\tricwconn2.exe
O4 - HKLM\..\Run: [aaavgupd] C:\Program Files\AVG\AVG8\aaavgupd.exe
O4 - HKLM\..\Run: [prwb32] C:\Program Files\NetMeeting\prwb32.exe
O4 - HKLM\..\Run: [ukSCANOST.EXE] C:\Program Files\Common Files\System\Mapi\1028\ukSCANOST.EXE
O4 - HKLM\..\Run: [cqWinRAR] C:\Program Files\WinRAR\cqWinRAR.exe
O4 - HKLM\..\Run: [ddalcrmv64] C:\Program Files\Realtek AC97\ddalcrmv64.exe
O4 - HKLM\..\Run: [nhcb32] C:\Program Files\NetMeeting\nhcb32.exe
O4 - HKLM\..\Run: [xiavgfrw] C:\Program Files\AVG\AVG8\xiavgfrw.exe
O4 - HKLM\..\Run: [mcGOM] C:\Program Files\GRETECH\GomPlayer\mcGOM.exe
O4 - HKLM\..\Run: [otNetInstaller] C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\otNetInstaller.exe
O4 - HKLM\..\Run: [hkmsimn] C:\Program Files\Outlook Express\hkmsimn.exe
O4 - HKLM\..\Run: [tmGOM] C:\Program Files\GRETECH\GomPlayer\tmGOM.exe
O4 - HKLM\..\Run: [yyUNWISE.EXE] C:\Program Files\TVAnts\yyUNWISE.EXE

作者: lch99 发布时间: 2014-01-21

O4 - HKLM\..\Run: [ipavgfrw] C:\Program Files\AVG\AVG8\ipavgfrw.exe
O4 - HKLM\..\Run: [cvfixcfg] C:\Program Files\AVG\AVG8\cvfixcfg.exe
O4 - HKLM\..\Run: [vkalcrmv] C:\Program Files\Realtek AC97\vkalcrmv.exe
O4 - HKLM\..\Run: [thMSO7FTPS.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\thMSO7FTPS.EXE
O4 - HKLM\..\Run: [oMediaPlayer] C:\Program Files\Ahead\NeroMediaPlayer\oMediaPlayer.exe
O4 - HKLM\..\Run: [zhSCANPST.EXE] C:\Program Files\Common Files\System\Mapi\1028\zhSCANPST.EXE
O4 - HKLM\..\Run: [vravgcsrvx] C:\Program Files\AVG\AVG8\vravgcsrvx.exe
O4 - HKLM\..\Run: [pnDXEnum] C:\Program Files\Ahead\Nero Wave Editor\pnDXEnum.exe
O4 - HKLM\..\Run: [amSmWizard] C:\Program Files\C-Media 3D Audio\Driver\Win\amSmWizard.exe
O4 - HKLM\..\Run: [iwmoviemk] C:\Program Files\Movie Maker\iwmoviemk.exe
O4 - HKLM\..\Run: [vaVTIFORM.EXE] C:\Program Files\Microsoft Office\Office10\vaVTIFORM.EXE
O4 - HKLM\..\Run: [jcMSTORE.EXE] C:\Program Files\Microsoft Office\Office10\jcMSTORE.EXE
O4 - HKLM\..\Run: [khPDVDServ] C:\Program Files\CyberLink\PowerDVD\khPDVDServ.exe
O4 - HKLM\..\Run: [zjML3XEC16.EXE] C:\Program Files\Common Files\System\Mapi\1028\zjML3XEC16.EXE
O4 - HKLM\..\Run: [wdPROFLWIZ.EXE] C:\Program Files\Microsoft Office\Office10\wdPROFLWIZ.EXE
O4 - HKLM\..\Run: [sksrt2smi] C:\Program Files\GRETECH\GomPlayer\sksrt2smi.exe
O4 - HKLM\..\Run: [edsetup50] C:\Program Files\Outlook Express\edsetup50.exe
O4 - HKLM\..\Run: [iqavgrsx] C:\Program Files\AVG\AVG8\iqavgrsx.exe
O4 - HKLM\..\Run: [Launcher] C:\Program Files\GRETECH\GomPlayer\Launcher.exe
O4 - HKLM\..\Run: [oxML3XEC16.EXE] C:\Program Files\Common Files\System\Mapi\1028\oxML3XEC16.EXE
O4 - HKLM\..\Run: [USeePlayer] C:\Program Files\uusee\USeePlayer.exe
O4 - HKLM\..\Run: [omMSOHELP.EXE] C:\Program Files\Microsoft Office\Office10\1028\omMSOHELP.EXE
O4 - HKLM\..\Run: [vgsrmax] C:\Program Files\AVG\AVG8\vgsrmax.exe
O4 - HKLM\..\Run: [brWMPBurn] C:\Program Files\Ahead\WMPBurn\brWMPBurn.exe
O4 - HKLM\..\Run: [quMCDLC.EXE] C:\Program Files\Microsoft Office\Office10\quMCDLC.EXE
O4 - HKLM\..\Run: [wfavgscanx] C:\Program Files\AVG\AVG8\wfavgscanx.exe
O4 - HKLM\..\Run: [mnOUTLOOK.EXE] C:\Program Files\Microsoft Office\Office10\mnOUTLOOK.EXE
O4 - HKLM\..\Run: [fbavgui] C:\Program Files\AVG\AVG8\fbavgui.exe
O4 - HKLM\..\Run: [jcCDSpeed] C:\Program Files\Ahead\Nero Toolkit\jcCDSpeed.exe
O4 - HKLM\..\Run: [eqOWSADM.EXE] C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\bin\eqOWSADM.EXE
O4 - HKLM\..\Run: [piMSOHELP.EXE] C:\Program Files\Microsoft Office\Office10\1028\piMSOHELP.EXE
O4 - HKLM\..\Run: [VGToolbarInstall] C:\Program Files\AVG\AVG8\VGToolbarInstall.exe
O4 - HKLM\..\Run: [rkMSOHTMED.EXE] C:\Program Files\Microsoft Office\Office10\rkMSOHTMED.EXE
O4 - HKLM\..\Run: [jkSetup] C:\Program Files\C-Media 3D Audio\Driver\Win\jkSetup.exe
O4 - HKLM\..\Run: [ldddtester] C:\Program Files\CyberLink\PowerDVD\ldddtester.exe
O4 - HKLM\..\Run: [ichvideoinstall] C:\Program Files\CyberLink\Shared Files\ichvideoinstall.exe
O4 - HKLM\..\Run: [yuSetup] C:\Program Files\InstallShield Installation Information\{E0AD4033-D89B-11D7-97C2-00055D0CA761}\yuSetup.exe
O4 - HKLM\..\Run: [dydvdrgn] C:\Program Files\CyberLink\PowerDVD\dydvdrgn.exe
O4 - HKLM\..\Run: [nernxproc] C:\Program Files\Common Files\Real\Update_OB\nernxproc.exe
O4 - HKLM\..\Run: [bqBitComet] C:\Program Files\BitComet\bqBitComet.exe
O4 - HKLM\..\Run: [ogMCDLC.EXE] C:\Program Files\Microsoft Office\Office10\ogMCDLC.EXE
O4 - HKLM\..\Run: [auwab] C:\Program Files\Outlook Express\auwab.exe
O4 - HKLM\..\Run: [fwuninst] C:\Program Files\Common Files\uusee\fwuninst.exe
O4 - HKLM\..\Run: [ejavgscanx] C:\Program Files\AVG\AVG8\ejavgscanx.exe
O4 - HKLM\..\Run: [cqiexplore] C:\Program Files\Internet Explorer\cqiexplore.exe
O4 - HKLM\..\Run: [nwavgupd] C:\Documents and Settings\All Users\Application Data\avg8\update\backup\nwavgupd.exe
O4 - HKLM\..\Run: [zqcopymar] C:\Program Files\MSN\MSNCoreFiles\zqcopymar.exe
O4 - HKLM\..\Run: [gaFPCOUNT.EXE] C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\isapi\gaFPCOUNT.EXE
O4 - HKLM\..\Run: [kesetup] C:\Program Files\Common Files\Ahead\Uninstall\kesetup.exe
O4 - HKLM\..\Run: [osGOM] C:\Program Files\GRETECH\GomPlayer\osGOM.exe
O4 - HKLM\..\Run: [ninstall] C:\Program Files\WinRAR\ninstall.exe
O4 - HKLM\..\Run: [ebVTIPRES.EXE] C:\Program Files\Microsoft Office\Office10\ebVTIPRES.EXE
O4 - HKLM\..\Run: [aqFRONTPG.EXE] C:\Program Files\Microsoft Office\Office10\aqFRONTPG.EXE
O4 - HKLM\..\Run: [mfuninst] C:\Program Files\Common Files\uusee\mfuninst.exe
O4 - HKLM\..\Run: [dhVTIDISC.EXE] C:\Program Files\Microsoft Office\Office10\dhVTIDISC.EXE
O4 - HKLM\..\Run: [umVTIDB.EXE] C:\Program Files\Microsoft Office\Office10\umVTIDB.EXE
O4 - HKLM\..\Run: [kxrnxproc] C:\Program Files\Common Files\Real\Update_OB\kxrnxproc.exe
O4 - HKLM\..\Run: [lsched] C:\Program Files\Common Files\Real\Update_OB\lsched.exe
O4 - HKLM\..\Run: [jmLanguage] C:\Program Files\CyberLink\PowerDVD\Language\jmLanguage.exe
O4 - HKLM\..\Run: [zxcltest] C:\Program Files\CyberLink\PowerDVD\zxcltest.exe
O4 - HKLM\..\Run: [fsOFFPRV10.EXE] C:\Program Files\Common Files\Microsoft Shared\MSInfo\fsOFFPRV10.EXE
O4 - HKLM\..\Run: [tkKillGom] C:\Program Files\GRETECH\GomPlayer\tkKillGom.exe
O4 - HKLM\..\Run: [chAdmStp] C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\chAdmStp.exe
O4 - HKLM\..\Run: [nvBitComet] C:\Program Files\BitComet\nvBitComet.exe
O4 - HKLM\..\Run: [uvSetup] C:\Program Files\InstallShield Installation Information\{857A0A2A-3066-45D2-ACFC-5EE226EEA9D0}\uvSetup.exe
O4 - HKLM\..\Run: [geSetup] C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\geSetup.exe
O4 - HKLM\..\Run: [myMSOHELP.EXE] C:\Program Files\Microsoft Office\Office10\1028\myMSOHELP.EXE
O4 - HKLM\..\Run: [ogSetup] C:\Program Files\C-Media 3D Audio\Driver\Win\ogSetup.exe
O4 - HKLM\..\Run: [oogleToolbarInstaller] C:\Program Files\Common Files\Real\GToolbar\oogleToolbarInstaller.exe
O4 - HKLM\..\Run: [pvMSTORE.EXE] C:\Program Files\Microsoft Office\Office10\pvMSTORE.EXE
O4 - HKLM\..\Run: [dfGOM] C:\Program Files\GRETECH\GomPlayer\dfGOM.exe
O4 - HKLM\..\Run: [woMSOICONS.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\woMSOICONS.EXE
O4 - HKLM\..\Run: [khnero] C:\Program Files\Ahead\Nero\khnero.exe
O4 - HKLM\..\Run: [veSpeed] C:\Program Files\Ahead\Nero Toolkit\veSpeed.exe
O4 - HKLM\..\Run: [vzavgcfgex] C:\Program Files\AVG\AVG8\vzavgcfgex.exe
O4 - HKLM\..\Run: [gpsetup50] C:\Program Files\Outlook Express\gpsetup50.exe
O4 - HKLM\..\Run: [jfavgscanx] C:\Program Files\AVG\AVG8\jfavgscanx.exe
O4 - HKLM\..\Run: [ichvideouninstall] C:\Program Files\CyberLink\Shared Files\ichvideouninstall.exe
O4 - HKLM\..\Run: [arExtLoader] C:\Program Files\WinRAR\arExtLoader.exe
O4 - HKLM\..\Run: [tmMSO7FTPA.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\tmMSO7FTPA.EXE
O4 - HKLM\..\Run: [wufixfp] C:\Program Files\AVG\AVG8\wufixfp.exe
O4 - HKLM\..\Run: [rxunins000] C:\Program Files\Driver-Soft\DriverGenius\rxunins000.exe
O4 - HKLM\..\Run: [esBitComet] C:\Program Files\BitComet\esBitComet.exe
O4 - HKLM\..\Run: [hzavgdumpx] C:\Program Files\AVG\AVG8\hzavgdumpx.exe
O4 - HKLM\..\Run: [yeuninst] C:\Program Files\BitComet\yeuninst.exe
O4 - HKLM\..\Run: [qaMSO7FTPS.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\qaMSO7FTPS.EXE
O4 - HKLM\..\Run: [nzVTIDB.EXE] C:\Program Files\Microsoft Office\Office10\nzVTIDB.EXE
O4 - HKLM\..\Run: [pgKillGom] C:\Program Files\GRETECH\GomPlayer\pgKillGom.exe
O4 - HKLM\..\Run: [rlsetup] C:\Program Files\InstallShield Installation Information\{C6F74245-2B77-40F4-AADA-D2BAE56CB113}\rlsetup.exe
O4 - HKLM\..\Run: [ciWMPBurn] C:\Program Files\Ahead\WMPBurn\ciWMPBurn.exe

作者: lch99 发布时间: 2014-01-21

O4 - HKLM\..\Run: [uvavgfrw] C:\Program Files\AVG\AVG8\uvavgfrw.exe
O4 - HKLM\..\Run: [rjCDSpeed] C:\Program Files\Ahead\Nero Toolkit\rjCDSpeed.exe
O4 - HKLM\..\Run: [ideoSnapshot] C:\Program Files\BitComet\tools\ideoSnapshot.exe
O4 - HKLM\..\Run: [cqIMEPADSV.EXE] C:\Program Files\Common Files\Microsoft Shared\IME\Shared\cqIMEPADSV.EXE
O4 - HKLM\..\Run: [UUpgrade] C:\Program Files\Common Files\uusee\UUpgrade.exe
O4 - HKLM\..\Run: [vmsetup] C:\Program Files\Common Files\Ahead\Uninstall\vmsetup.exe
O4 - HKLM\..\Run: [oolbarBroker] C:\Program Files\AVG\AVG8\Toolbar\oolbarBroker.exe
O4 - HKLM\..\Run: [cdiexplore] C:\Program Files\Internet Explorer\cdiexplore.exe
O4 - HKLM\..\Run: [lcMSOHTMED.EXE] C:\Program Files\Microsoft Office\Office10\lcMSOHTMED.EXE
O4 - HKLM\..\Run: [ogTCPTEST.EXE] C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\bin\ogTCPTEST.EXE
O4 - HKLM\..\Run: [hfuninst] C:\Program Files\Common Files\uusee\hfuninst.exe
O4 - HKLM\..\Run: [ifmsimn] C:\Program Files\Outlook Express\ifmsimn.exe
O4 - HKLM\..\Run: [bkbbOSA.EXE] C:\Program Files\Microsoft Office\Office10\bkbbOSA.EXE
O4 - HKLM\..\Run: [rcPROFLWIZ.EXE] C:\Program Files\Microsoft Office\Office10\rcPROFLWIZ.EXE
O4 - HKLM\..\Run: [sinero] C:\Program Files\Ahead\Nero\sinero.exe
O4 - HKLM\..\Run: [uqOUTLOOK.EXE] C:\Program Files\Microsoft Office\Office10\uqOUTLOOK.EXE
O4 - HKLM\..\Run: [1puninst] C:\Program Files\Common Files\Real\Update_OB\1puninst.exe
O4 - HKLM\..\Run: [hjavgwdsvc] C:\Program Files\AVG\AVG8\hjavgwdsvc.exe
O4 - HKLM\..\Run: [fiNRESTORE.EXE] C:\Program Files\Ahead\Nero\fiNRESTORE.EXE
O4 - HKLM\..\Run: [btIMEPADSV.EXE] C:\Program Files\Common Files\Microsoft Shared\IME\Shared\btIMEPADSV.EXE
O4 - HKLM\..\Run: [ravgchk0] C:\Program Files\AVG\AVG8\ravgchk.exe0
O4 - HKLM\..\Run: [xhSoundMan] C:\Program Files\Realtek AC97\xhSoundMan.exe
O4 - HKLM\..\Run: [biPowerDVD] C:\Program Files\CyberLink\PowerDVD\biPowerDVD.exe
O4 - HKLM\..\Run: [idVTIFORM.EXE] C:\Program Files\Microsoft Office\Office10\idVTIFORM.EXE
O4 - HKLM\..\Run: [ayMSO7FTP.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\ayMSO7FTP.EXE
O4 - HKLM\..\Run: [hAdmStp] C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\hAdmStp.exe
O4 - HKLM\..\Run: [riverGenius] C:\Program Files\Driver-Soft\DriverGenius\riverGenius.exe

作者: lch99 发布时间: 2014-01-21

O4 - HKLM\..\Run: [gnDW.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\gnDW.EXE
O4 - HKLM\..\Run: [cpSCANOST.EXE] C:\Program Files\Common Files\System\Mapi\1028\cpSCANOST.EXE
O4 - HKLM\..\Run: [ifCNFNOT32.EXE] C:\Program Files\Common Files\System\Mapi\1028\ifCNFNOT32.EXE
O4 - HKLM\..\Run: [zpSetup] C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\zpSetup.exe
O4 - HKLM\..\Run: [alinetwiz] C:\Program Files\Internet Explorer\Connection Wizard\alinetwiz.exe
O4 - HKLM\..\Run: [instuusee] C:\Program Files\uusee\instuusee.exe
O4 - HKLM\..\Run: [hvCLDMA] C:\Program Files\CyberLink\PowerProducer\hvCLDMA.exe
O4 - HKLM\..\Run: [ck_cmd] C:\Program Files\Common Files\uusee\ck_cmd.exe
O4 - HKLM\..\Run: [anNRESTORE.EXE] C:\Program Files\Ahead\Nero\anNRESTORE.EXE
O4 - HKLM\..\Run: [ypInfoTool] C:\Program Files\Ahead\Nero Toolkit\ypInfoTool.exe
O4 - HKLM\..\Run: [mtMSACCESS.EXE] C:\Program Files\Microsoft Office\Office10\mtMSACCESS.EXE
O4 - HKLM\..\Run: [vfDWTRIG20.EXE] C:\Program Files\Common Files\Microsoft Shared\DW\vfDWTRIG20.EXE
O4 - HKLM\..\Run: [bpwabmig] C:\Program Files\Outlook Express\bpwabmig.exe
O4 - HKLM\..\Run: [mjwb32] C:\Program Files\NetMeeting\mjwb32.exe
O4 - HKLM\..\Run: [kaCDSpeed] C:\Program Files\Ahead\Nero Toolkit\kaCDSpeed.exe
O4 - HKLM\..\Run: [uvOWSRMADM.EXE] C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\bin\uvOWSRMADM.EXE
O4 - HKLM\..\Run: [azavgwdsvc] C:\Program Files\AVG\AVG8\azavgwdsvc.exe
O4 - HKLM\..\Run: [kqWaveEdit] C:\Program Files\Ahead\Nero Wave Editor\kqWaveEdit.exe
O4 - HKLM\..\Run: [svavgupd] C:\Documents and Settings\All Users\Application Data\avg8\update\backup\svavgupd.exe
O4 - HKLM\..\Run: [wkIDriver] C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\wkIDriver.exe
O4 - HKLM\..\Run: [qrsetup] C:\Program Files\Common Files\Ahead\Uninstall\qrsetup.exe
O4 - HKLM\..\Run: [mnavgtray] C:\Program Files\AVG\AVG8\mnavgtray.exe
O4 - HKLM\..\Run: [dprnxproc] C:\Program Files\Common Files\Real\Update_OB\dprnxproc.exe
O4 - HKLM\..\Run: [coinetwiz] C:\Program Files\Internet Explorer\Connection Wizard\coinetwiz.exe
O4 - HKLM\..\Run: [poSCANOST.EXE] C:\Program Files\Common Files\System\Mapi\1028\poSCANOST.EXE
O4 - HKLM\..\Run: [klbbOSA.EXE] C:\Program Files\Microsoft Office\Office10\klbbOSA.EXE
O4 - HKLM\..\Run: [iwAcroRd32] C:\Program Files\Adobe\Acrobat 4.0\Reader\iwAcroRd32.exe
O4 - HKLM\..\Run: [goalcrmv] C:\Program Files\Realtek AC97\goalcrmv.exe

作者: lch99 发布时间: 2014-01-21

O4 - HKLM\..\Run: [evavgchk] C:\Program Files\AVG\AVG8\evavgchk.exe
O4 - HKLM\..\Run: [ealsched] C:\Program Files\Common Files\Real\Update_OB\ealsched.exe
O4 - HKLM\..\Run: [fiBackItUp] C:\Program Files\Ahead\Nero BackItUp\fiBackItUp.exe
O4 - HKLM\..\Run: [kfavgfrw] C:\Program Files\AVG\AVG8\kfavgfrw.exe
O4 - HKLM\..\Run: [huMSIMPORT.EXE] C:\Program Files\Microsoft Office\Office10\huMSIMPORT.EXE
O4 - HKLM\..\Run: [jnTvants] C:\Program Files\TVAnts\jnTvants.exe
O4 - HKLM\..\Run: [nnSetup] C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\nnSetup.exe
O4 - HKLM\..\Run: [jiPowerDVD] C:\Program Files\CyberLink\PowerDVD\jiPowerDVD.exe
O4 - HKLM\..\Run: [tjavgscanx] C:\Program Files\AVG\AVG8\tjavgscanx.exe
O4 - HKLM\..\Run: [mjOSA.EXE] C:\Program Files\Microsoft Office\Office10\mjOSA.EXE
O4 - HKLM\..\Run: [koBitComet] C:\Program Files\BitComet\koBitComet.exe
O4 - HKLM\..\Run: [SeePlayer] C:\Program Files\uusee\SeePlayer.exe
O4 - HKLM\..\Run: [zxuninst] C:\Program Files\BitComet\zxuninst.exe
O4 - HKLM\..\Run: [nisetup] C:\Program Files\InstallShield Installation Information\{C6F74245-2B77-40F4-AADA-D2BAE56CB113}\nisetup.exe
O4 - HKLM\..\Run: [hvideouninstall] C:\Program Files\CyberLink\Shared Files\hvideouninstall.exe
O4 - HKLM\..\Run: [eeDXEnum] C:\Program Files\Ahead\Nero Wave Editor\eeDXEnum.exe
O4 - HKLM\..\Run: [fcRar] C:\Program Files\WinRAR\fcRar.exe
O4 - HKLM\..\Run: [ryisignup] C:\Program Files\Internet Explorer\Connection Wizard\ryisignup.exe
O4 - HKLM\..\Run: [zvavgemc] C:\Program Files\AVG\AVG8\zvavgemc.exe
O4 - HKLM\..\Run: [riveragent_67] C:\Documents and Settings\frankiechung\Local Settings\Application Data\TouchStoneSoftware\riveragent_67.exe
O4 - HKLM\..\Run: [dhWAVTOASF.EXE] C:\Program Files\Microsoft Office\Office10\dhWAVTOASF.EXE
O4 - HKLM\..\Run: [iveragent_67] C:\Documents and Settings\frankiechung\Local Settings\Application Data\TouchStoneSoftware\iveragent_67.exe
O4 - HKLM\..\Run: [jqMSOHELP.EXE] C:\Program Files\Microsoft Office\Office10\1028\jqMSOHELP.EXE
O4 - HKLM\..\Run: [bvfixfp] C:\Program Files\AVG\AVG8\bvfixfp.exe
O4 - HKLM\..\Run: [kkuninst] C:\Program Files\MpcStar\kkuninst.exe
O4 - HKLM\..\Run: [sfIDriver2] C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\sfIDriver2.exe
O4 - HKLM\..\Run: [onFINDER.EXE] C:\Program Files\Microsoft Office\Office10\onFINDER.EXE
O4 - HKLM\..\Run: [nstall] C:\Program Files\WinRAR\nstall.exe
O4 - HKLM\..\Run: [qjML3XEC16.EXE] C:\Program Files\Common Files\System\Mapi\1028\qjML3XEC16.EXE
O4 - HKLM\..\Run: [rwWINWORD.EXE] C:\Program Files\Microsoft Office\Office10\rwWINWORD.EXE
O4 - HKLM\..\Run: [cfsrt2smi] C:\Program Files\GRETECH\GomPlayer\cfsrt2smi.exe
O4 - HKLM\..\Run: [lqicwconn2] C:\Program Files\Internet Explorer\Connection Wizard\lqicwconn2.exe
O4 - HKLM\..\Run: [zvuninst] C:\Program Files\BitComet\zvuninst.exe
O4 - HKLM\..\Run: [mrNBJ] C:\Program Files\Ahead\Nero BackItUp\mrNBJ.exe
O4 - HKLM\..\Run: [vsFINDER.EXE] C:\Program Files\Microsoft Office\Office10\vsFINDER.EXE
O4 - HKLM\..\Run: [rvMSO7FTP.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\rvMSO7FTP.EXE
O4 - HKLM\..\Run: [thFINDER.EXE] C:\Program Files\Microsoft Office\Office10\thFINDER.EXE
O4 - HKLM\..\Run: [gticwconn1] C:\Program Files\Internet Explorer\Connection Wizard\gticwconn1.exe
O4 - HKLM\..\Run: [pluninst] C:\Program Files\Common Files\uusee\pluninst.exe
O4 - HKLM\..\Run: [eodw] C:\Program Files\MSN\MSNCoreFiles\eodw.exe

作者: lch99 发布时间: 2014-01-21

O4 - HKLM\..\Run: [obUnRAR] C:\Program Files\WinRAR\obUnRAR.exe
O4 - HKLM\..\Run: [ueMSOHELP.EXE] C:\Program Files\Microsoft Office\Office10\1028\ueMSOHELP.EXE
O4 - HKLM\..\Run: [gsavgui] C:\Program Files\AVG\AVG8\gsavgui.exe
O4 - HKLM\..\Run: [xfSetup] C:\Program Files\InstallShield Installation Information\{B97CF5C3-0487-11D8-A36E-0050BAE317E1}\xfSetup.exe
O4 - HKLM\..\Run: [hbRTLCPL] C:\Program Files\Realtek AC97\hbRTLCPL.exe
O4 - HKLM\..\Run: [puninst] C:\Program Files\Common Files\Real\Update_OB\puninst.exe
O4 - HKLM\..\Run: [rnLanguage] C:\Program Files\CyberLink\PowerDVD\Language\rnLanguage.exe
O4 - HKLM\..\Run: [itSoundMan] C:\Program Files\Realtek AC97\itSoundMan.exe
O4 - HKLM\..\Run: [RStateCheck] C:\Program Files\CyberLink\PowerProducer\OLRSubmission\RStateCheck.exe
O4 - HKLM\..\Run: [cxSmWizard] C:\Program Files\C-Media 3D Audio\Driver\Win\cxSmWizard.exe
O4 - HKLM\..\Run: [keavgrsx] C:\Program Files\AVG\AVG8\keavgrsx.exe
O4 - HKLM\..\Run: [bbdw] C:\Program Files\MSN\MSNCoreFiles\bbdw.exe
O4 - HKLM\..\Run: [teUPNP] C:\Program Files\BitComet\tools\teUPNP.exe
O4 - HKLM\..\Run: [kqSCANOST.EXE] C:\Program Files\Common Files\System\Mapi\1028\kqSCANOST.EXE
O4 - HKLM\..\Run: [wjMSACNV30.EXE] C:\Program Files\Microsoft Office\Office10\wjMSACNV30.EXE
O4 - HKLM\..\Run: [pfMSOHELP.EXE] C:\Program Files\Microsoft Office\Office10\1028\pfMSOHELP.EXE
O4 - HKLM\..\Run: [cninst] C:\Documents and Settings\frankiechung\Application Data\cninst.exe

O4 - HKLM\..\Run: [nqFRONTPG.EXE] C:\Program Files\Microsoft Office\Office10\nqFRONTPG.EXE
O4 - HKLM\..\Run: [lminetwiz] C:\Program Files\Internet Explorer\Connection Wizard\lminetwiz.exe
O4 - HKLM\..\Run: [GToolbarInstall] C:\Program Files\AVG\AVG8\GToolbarInstall.exe
O4 - HKLM\..\Run: [penero] C:\Program Files\Ahead\Nero\penero.exe
O4 - HKLM\..\Run: [eyGOM] C:\Program Files\GRETECH\GomPlayer\eyGOM.exe
O4 - HKLM\..\Run: [uiIMEPADSV.EXE] C:\Program Files\Common Files\Microsoft Shared\IME\Shared\uiIMEPADSV.EXE
O4 - HKLM\..\Run: [rdavgupd] C:\Program Files\AVG\AVG8\rdavgupd.exe
O4 - HKLM\..\Run: [dsLanguage] C:\Program Files\CyberLink\PowerDVD\Language\dsLanguage.exe
O4 - HKLM\..\Run: [suVTIPRES.EXE] C:\Program Files\Microsoft Office\Office10\suVTIPRES.EXE
O4 - HKLM\..\Run: [ioMSOHTMED.EXE] C:\Program Files\Microsoft Office\Office10\ioMSOHTMED.EXE
O4 - HKLM\..\Run: [tbCNFNOT32.EXE] C:\Program Files\Common Files\System\Mapi\1028\tbCNFNOT32.EXE

作者: lch99 发布时间: 2014-01-21

O4 - HKLM\..\Run: [mlsetup] C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\mlsetup.exe
O4 - HKLM\..\Run: [temInfo] C:\Program Files\Driver-Soft\DriverGenius\temInfo.exe
O4 - HKLM\..\Run: [hoMSTORE.EXE] C:\Program Files\Microsoft Office\Office10\hoMSTORE.EXE
O4 - HKLM\..\Run: [shMSACNV30.EXE] C:\Program Files\Microsoft Office\Office10\shMSACNV30.EXE
O4 - HKLM\..\Run: [nmSmWizard] C:\Program Files\C-Media 3D Audio\Driver\Win\nmSmWizard.exe
O4 - HKLM\..\Run: [vsUNWISE.EXE] C:\Program Files\TVAnts\vsUNWISE.EXE
O4 - HKLM\..\Run: [doOUTLOOK.EXE] C:\Program Files\Microsoft Office\Office10\doOUTLOOK.EXE
O4 - HKLM\..\Run: [gimpcstar] C:\Program Files\MpcStar\gimpcstar.exe
O4 - HKLM\..\Run: [jgavgrsx] C:\Program Files\AVG\AVG8\jgavgrsx.exe
O4 - HKLM\..\Run: [jjNRESTORE.EXE] C:\Program Files\Ahead\Nero\jjNRESTORE.EXE
O4 - HKLM\..\Run: [jdCDSpeed] C:\Program Files\Ahead\Nero Toolkit\jdCDSpeed.exe
O4 - HKLM\..\Run: [heunins000] C:\Program Files\Driver-Soft\DriverGenius\heunins000.exe
O4 - HKLM\..\Run: [xmuninst] C:\Program Files\BitComet\xmuninst.exe
O4 - HKLM\..\Run: [loSCANPST.EXE] C:\Program Files\Common Files\System\Mapi\1028\loSCANPST.EXE
O4 - HKLM\..\Run: [seCLDMA] C:\Program Files\CyberLink\PowerProducer\seCLDMA.exe
O4 - HKLM\..\Run: [muavgdumpx] C:\Program Files\AVG\AVG8\muavgdumpx.exe
O4 - HKLM\..\Run: [pgrade] C:\Program Files\Common Files\uusee\pgrade.exe
O4 - HKLM\..\Run: [viUToolbar] C:\Program Files\MyMaji\MajiToolbar\viUToolbar.exe
O4 - HKLM\..\Run: [bqOFFPRV10.EXE] C:\Program Files\Common Files\Microsoft Shared\MSInfo\bqOFFPRV10.EXE
O4 - HKLM\..\Run: [xzrnxproc] C:\Program Files\Common Files\Real\Update_OB\xzrnxproc.exe
O4 - HKLM\..\Run: [eePlayer] C:\Program Files\uusee\eePlayer.exe
O4 - HKLM\..\Run: [hvideoinstall] C:\Program Files\CyberLink\Shared Files\hvideoinstall.exe
O4 - HKLM\..\Run: [jkavgdumpx] C:\Program Files\AVG\AVG8\jkavgdumpx.exe
O4 - HKLM\..\Run: [mhML3XEC16.EXE] C:\Program Files\Common Files\System\Mapi\1028\mhML3XEC16.EXE
O4 - HKLM\..\Run: [iqdw] C:\Program Files\MSN\MSNCoreFiles\iqdw.exe
O4 - HKLM\..\Run: [awavgcfgex] C:\Program Files\AVG\AVG8\awavgcfgex.exe
O4 - HKLM\..\Run: [cricwrmind] C:\Program Files\Internet Explorer\Connection Wizard\cricwrmind.exe
O4 - HKLM\..\Run: [aaBitComet] C:\Program Files\BitComet\aaBitComet.exe
O4 - HKLM\..\Run: [fpavgnsx] C:\Program Files\AVG\AVG8\fpavgnsx.exe
O4 - HKLM\..\Run: [xwupgrdhlp] C:\Program Files\Common Files\Real\Update_OB\xwupgrdhlp.exe
O4 - HKLM\..\Run: [tjalcrmv] C:\Program Files\Realtek AC97\tjalcrmv.exe
O4 - HKLM\..\Run: [ydSetup] C:\Program Files\InstallShield Installation Information\{E0AD4033-D89B-11D7-97C2-00055D0CA761}\ydSetup.exe
O4 - HKLM\..\Run: [hgalcrmv64] C:\Program Files\Realtek AC97\hgalcrmv64.exe
O4 - HKLM\..\Run: [snFRONTPG.EXE] C:\Program Files\Microsoft Office\Office10\snFRONTPG.EXE
O4 - HKLM\..\Run: [cimsmsgsin] C:\Program Files\Messenger\cimsmsgsin.exe
O4 - HKLM\..\Run: [jumsmsgs] C:\Program Files\Messenger\jumsmsgs.exe
O4 - HKLM\..\Run: [sravgupd] C:\Documents and Settings\All Users\Application Data\avg8\update\backup\sravgupd.exe
O4 - HKLM\..\Run: [msdw] C:\Program Files\MSN\MSNCoreFiles\msdw.exe
O4 - HKLM\..\Run: [wkLanguage] C:\Program Files\CyberLink\PowerDVD\Language\wkLanguage.exe
O4 - HKLM\..\Run: [riverTweak] C:\Program Files\Driver-Soft\DriverGenius\riverTweak.exe
O4 - HKLM\..\Run: [tuavgwdsvc] C:\Program Files\AVG\AVG8\tuavgwdsvc.exe
O4 - HKLM\..\Run: [chvideouninstall] C:\Program Files\CyberLink\Shared Files\chvideouninstall.exe
O4 - HKLM\..\Run: [rchAdmStp] C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\rchAdmStp.exe
O4 - HKLM\..\Run: [bnIDriver] C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\bnIDriver.exe
O4 - HKLM\..\Run: [qySoundMan] C:\Program Files\Realtek AC97\qySoundMan.exe
O4 - HKLM\..\Run: [rxmoviemk] C:\Program Files\Movie Maker\rxmoviemk.exe
O4 - HKLM\..\Run: [olbarBroker] C:\Program Files\AVG\AVG8\Toolbar\olbarBroker.exe
O4 - HKLM\..\Run: [lqcb32] C:\Program Files\NetMeeting\lqcb32.exe
O4 - HKLM\..\Run: [mdMSO7FTP.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\mdMSO7FTP.EXE
O4 - HKLM\..\Run: [vgchk0] C:\Program Files\AVG\AVG8\vgchk.exe0
O4 - HKLM\..\Run: [cnisignup] C:\Program Files\Internet Explorer\Connection Wizard\cnisignup.exe

作者: lch99 发布时间: 2014-01-21

O4 - HKLM\..\Run: [jtCLDMA] C:\Program Files\CyberLink\PowerProducer\jtCLDMA.exe
O4 - HKLM\..\Run: [nubbOSA.EXE] C:\Program Files\Microsoft Office\Office10\nubbOSA.EXE
O4 - HKLM\..\Run: [fuwabmig] C:\Program Files\Outlook Express\fuwabmig.exe
O4 - HKLM\..\Run: [riveSpeed] C:\Program Files\Ahead\Nero Toolkit\riveSpeed.exe
O4 - HKLM\..\Run: [tzsetup] C:\Program Files\InstallShield Installation Information\{C6F74245-2B77-40F4-AADA-D2BAE56CB113}\tzsetup.exe
O4 - HKLM\..\Run: [zlavgupd] C:\Program Files\AVG\AVG8\zlavgupd.exe
O4 - HKLM\..\Run: [utsetup] C:\Program Files\Common Files\Ahead\Uninstall\utsetup.exe
O4 - HKLM\..\Run: [eck_cmd] C:\Program Files\Common Files\uusee\eck_cmd.exe
O4 - HKLM\..\Run: [qcalcrmv] C:\Program Files\Realtek AC97\qcalcrmv.exe
O4 - HKLM\..\Run: [lbnero] C:\Program Files\Ahead\Nero\lbnero.exe
O4 - HKLM\..\Run: [xqinst] C:\Documents and Settings\frankiechung\Application Data\xqinst.exe
O4 - HKLM\..\Run: [euAcroRd32] C:\Program Files\Adobe\Acrobat 4.0\Reader\euAcroRd32.exe
O4 - HKLM\..\Run: [vqOWSRMADM.EXE] C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\bin\vqOWSRMADM.EXE
O4 - HKLM\..\Run: [Submission] C:\Program Files\CyberLink\PowerProducer\OLRSubmission\Submission.exe
O4 - HKLM\..\Run: [rExtLoader] C:\Program Files\WinRAR\rExtLoader.exe
O4 - HKLM\..\Run: [lesrt2smi] C:\Program Files\GRETECH\GomPlayer\lesrt2smi.exe
O4 - HKLM\..\Run: [niFPCOUNT.EXE] C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\isapi\niFPCOUNT.EXE
O4 - HKLM\..\Run: [cfUPNP] C:\Program Files\BitComet\tools\cfUPNP.exe
O4 - HKLM\..\Run: [snAcroRd32] C:\Program Files\Adobe\Acrobat 4.0\Reader\snAcroRd32.exe
O4 - HKLM\..\Run: [duUNWISE.EXE] C:\Program Files\TVAnts\duUNWISE.EXE
O4 - HKLM\..\Run: [etdvdrgn] C:\Program Files\CyberLink\PowerDVD\etdvdrgn.exe
O4 - HKLM\..\Run: [yvMSTORDB.EXE] C:\Program Files\Microsoft Office\Office10\yvMSTORDB.EXE
O4 - HKLM\..\Run: [NetInstaller] C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\NetInstaller.exe
O4 - HKLM\..\Run: [alOneMessageCenter] C:\Program Files\Common Files\Real\Update_OB\alOneMessageCenter.exe
O4 - HKLM\..\Run: [yenero] C:\Program Files\Ahead\Nero\yenero.exe
O4 - HKLM\..\Run: [btunins000] C:\Program Files\Driver-Soft\DriverGenius\btunins000.exe
O4 - HKLM\..\Run: [bziexplore] C:\Program Files\Internet Explorer\bziexplore.exe
O4 - HKLM\..\Run: [swwb32] C:\Program Files\NetMeeting\swwb32.exe
O4 - HKLM\..\Run: [tpisignup] C:\Program Files\Internet Explorer\Connection Wizard\tpisignup.exe
O4 - HKLM\..\Run: [pbqttask] C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\pbqttask.exe
O4 - HKLM\..\Run: [jmavgemc] C:\Program Files\AVG\AVG8\jmavgemc.exe
O4 - HKLM\..\Run: [ecwab] C:\Program Files\Outlook Express\ecwab.exe
O4 - HKLM\..\Run: [bhavgdumpx] C:\Program Files\AVG\AVG8\bhavgdumpx.exe
O4 - HKLM\..\Run: [mainst] C:\Documents and Settings\frankiechung\Application Data\mainst.exe
O4 - HKLM\..\Run: [nrRtParser] C:\Program Files\GRETECH\GomPlayer\nrRtParser.exe
O4 - HKLM\..\Run: [wcDW20.EXE] C:\Program Files\Common Files\Microsoft Shared\DW\wcDW20.EXE
O4 - HKLM\..\Run: [wzicwconn1] C:\Program Files\Internet Explorer\Connection Wizard\wzicwconn1.exe
O4 - HKLM\..\Run: [rcDW20.EXE] C:\Program Files\Common Files\Microsoft Shared\DW\rcDW20.EXE
O4 - HKLM\..\Run: [xfavgfrw] C:\Program Files\AVG\AVG8\xfavgfrw.exe
O4 - HKLM\..\Run: [eyinst] C:\Documents and Settings\frankiechung\Application Data\eyinst.exe
O4 - HKLM\..\Run: [zaCGuard] C:\Program Files\Microsoft\Search Enhancement Pack\Choice Guard\zaCGuard.exe
O4 - HKLM\..\Run: [fwVTIFORM.EXE] C:\Program Files\Microsoft Office\Office10\fwVTIFORM.EXE
O4 - HKLM\..\Run: [jmnero] C:\Program Files\Ahead\Nero\jmnero.exe
O4 - HKLM\..\Run: [eoSnapshot] C:\Program Files\BitComet\tools\eoSnapshot.exe
O4 - HKLM\..\Run: [bdMSTORE.EXE] C:\Program Files\Microsoft Office\Office10\bdMSTORE.EXE
O4 - HKLM\..\Run: [gomsinfo32] C:\Program Files\Common Files\Microsoft Shared\MSInfo\gomsinfo32.exe
O4 - HKLM\..\Run: [iaavgchk] C:\Program Files\AVG\AVG8\iaavgchk.exe
O4 - HKLM\..\Run: [kaMSTORDB.EXE] C:\Program Files\Microsoft Office\Office10\kaMSTORDB.EXE
O4 - HKLM\..\Run: [pyIDriver2] C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\pyIDriver2.exe
O4 - HKLM\..\Run: [fhMSOHTMED.EXE] C:\Program Files\Microsoft Office\Office10\fhMSOHTMED.EXE
O4 - HKLM\..\Run: [poavgupd] C:\Program Files\AVG\AVG8\poavgupd.exe
O4 - HKLM\..\Run: [yeCoverDes] C:\Program Files\Ahead\CoverDesigner\yeCoverDes.exe
O4 - HKLM\..\Run: [cuCNFNOT32.EXE] C:\Program Files\Common Files\System\Mapi\1028\cuCNFNOT32.EXE
O4 - HKLM\..\Run: [mbalcrmv] C:\Program Files\Realtek AC97\mbalcrmv.exe
O4 - HKLM\..\Run: [riCDSpeed] C:\Program Files\Ahead\Nero Toolkit\riCDSpeed.exe
O4 - HKLM\..\Run: [rbavgwdsvc] C:\Program Files\AVG\AVG8\rbavgwdsvc.exe
O4 - HKLM\..\Run: [mmIDriver2] C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\mmIDriver2.exe
O4 - HKLM\..\Run: [oowabmig] C:\Program Files\Outlook Express\oowabmig.exe
O4 - HKLM\..\Run: [ass-plugins] C:\Program Files\uusee\ass-plugins.exe
O4 - HKLM\..\Run: [oqalcrmv64] C:\Program Files\Realtek AC97\oqalcrmv64.exe
O4 - HKLM\..\Run: [laNRESTORE.EXE] C:\Program Files\Ahead\Nero\laNRESTORE.EXE
O4 - HKLM\..\Run: [snBitComet] C:\Program Files\BitComet\snBitComet.exe
O4 - HKLM\..\Run: [klCPLUtl64] C:\Program Files\Realtek AC97\klCPLUtl64.exe
O4 - HKLM\..\Run: [uifixfp] C:\Program Files\AVG\AVG8\uifixfp.exe
O4 - HKLM\..\Run: [xbMSTORDB.EXE] C:\Program Files\Microsoft Office\Office10\xbMSTORDB.EXE
O4 - HKLM\..\Run: [kfSetup] C:\Program Files\C-Media 3D Audio\Driver\Win\kfSetup.exe
O4 - HKLM\..\Run: [iproxy] C:\Program Files\AVG\AVG8\iproxy.exe
O4 - HKLM\..\Run: [duTvants] C:\Program Files\TVAnts\duTvants.exe
O4 - HKLM\..\Run: [LRSubmission] C:\Program Files\CyberLink\PowerProducer\OLRSubmission\LRSubmission.exe

作者: lch99 发布时间: 2014-01-21

O4 - HKLM\..\Run: [uzSmWizard] C:\Program Files\C-Media 3D Audio\Driver\Win\uzSmWizard.exe
O4 - HKLM\..\Run: [ntGomWiz] C:\Program Files\GRETECH\GomPlayer\ntGomWiz.exe
O4 - HKLM\..\Run: [ejavgnsx] C:\Program Files\AVG\AVG8\ejavgnsx.exe
O4 - HKLM\..\Run: [lzanupdate] C:\Program Files\MSN\MSNCoreFiles\lzanupdate.exe
O4 - HKLM\..\Run: [zdWMPBurn] C:\Program Files\Ahead\WMPBurn\zdWMPBurn.exe
O4 - HKLM\..\Run: [lsrnxproc] C:\Program Files\Common Files\Real\Update_OB\lsrnxproc.exe
O4 - HKLM\..\Run: [fjcopymar] C:\Program Files\MSN\MSNCoreFiles\fjcopymar.exe
O4 - HKLM\..\Run: [whmsn6] C:\Program Files\MSN\MSNCoreFiles\whmsn6.exe
O4 - HKLM\..\Run: [USeeMediaCenter] C:\Program Files\Common Files\uusee\USeeMediaCenter.exe
O4 - HKLM\..\Run: [zmCDSpeed] C:\Program Files\Ahead\Nero Toolkit\zmCDSpeed.exe
O4 - HKLM\..\Run: [onEXCEL.EXE] C:\Program Files\Microsoft Office\Office10\onEXCEL.EXE
O4 - HKLM\..\Run: [ekiedw] C:\Program Files\Internet Explorer\ekiedw.exe
O4 - HKLM\..\Run: [nqCoverDes] C:\Program Files\Ahead\CoverDesigner\nqCoverDes.exe
O4 - HKLM\..\Run: [cmGomWiz] C:\Program Files\GRETECH\GomPlayer\cmGomWiz.exe
O4 - HKLM\..\Run: [rfCNFNOT32.EXE] C:\Program Files\Common Files\System\Mapi\1028\rfCNFNOT32.EXE
O4 - HKLM\..\Run: [jnCMIRMDRV.EXE] C:\Program Files\C-Media 3D Audio\Driver\Win\jnCMIRMDRV.EXE
O4 - HKLM\..\Run: [tuOSA.EXE] C:\Program Files\Microsoft Office\Office10\tuOSA.EXE
O4 - HKLM\..\Run: [czMSACNV30.EXE] C:\Program Files\Microsoft Office\Office10\czMSACNV30.EXE
O4 - HKLM\..\Run: [enSetup] C:\Program Files\InstallShield Installation Information\{B97CF5C3-0487-11D8-A36E-0050BAE317E1}\enSetup.exe
O4 - HKLM\..\Run: [olBitComet] C:\Program Files\BitComet\olBitComet.exe
O4 - HKLM\..\Run: [ojCFGWIZ.EXE] C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\bin\ojCFGWIZ.EXE
O4 - HKLM\..\Run: [okavgfrw] C:\Program Files\AVG\AVG8\okavgfrw.exe
O4 - HKLM\..\Run: [vgiproxy] C:\Program Files\AVG\AVG8\vgiproxy.exe
O4 - HKLM\..\Run: [gcNeroCmd] C:\Program Files\Ahead\Nero\gcNeroCmd.exe
O4 - HKLM\..\Run: [myavgchk0] C:\Program Files\AVG\AVG8\myavgchk.exe0
O4 - HKLM\..\Run: [kfSmWizard] C:\Program Files\C-Media 3D Audio\Driver\Win\kfSmWizard.exe
O4 - HKLM\..\Run: [hqupgrdhlp] C:\Program Files\Common Files\Real\Update_OB\hqupgrdhlp.exe
O4 - HKLM\..\Run: [ofdw] C:\Program Files\MSN\MSNCoreFiles\ofdw.exe
O4 - HKLM\..\Run: [jbicwrmind] C:\Program Files\Internet Explorer\Connection Wizard\jbicwrmind.exe
O4 - HKLM\..\Run: [jtuninst] C:\Program Files\Common Files\uusee\jtuninst.exe
O4 - HKLM\..\Run: [chVideo] C:\Program Files\CyberLink\Shared Files\chVideo.exe
O4 - HKLM\..\Run: [fnmoviemk] C:\Program Files\Movie Maker\fnmoviemk.exe
O4 - HKLM\..\Run: [xlcltest] C:\Program Files\CyberLink\PowerDVD\xlcltest.exe
O4 - HKLM\..\Run: [cucb32] C:\Program Files\NetMeeting\cucb32.exe
O4 - HKLM\..\Run: [soMSOHELP.EXE] C:\Program Files\Microsoft Office\Office10\1028\soMSOHELP.EXE
O4 - HKLM\..\Run: [zdUUPlayer] C:\Program Files\Common Files\uusee\zdUUPlayer.exe
O4 - HKLM\..\Run: [dbWMPBurn] C:\Program Files\Ahead\WMPBurn\dbWMPBurn.exe
O4 - HKLM\..\Run: [yaAcroRd32] C:\Program Files\Adobe\Acrobat 4.0\Reader\yaAcroRd32.exe
O4 - HKLM\..\Run: [ooavgchk0] C:\Program Files\AVG\AVG8\ooavgchk.exe0
O4 - HKLM\..\Run: [hnDXEnum] C:\Program Files\Ahead\Nero Wave Editor\hnDXEnum.exe
O4 - HKLM\..\Run: [naDXEnum] C:\Program Files\Ahead\Nero Wave Editor\naDXEnum.exe
O4 - HKLM\..\Run: [ryUUPlayer] C:\Program Files\Common Files\uusee\ryUUPlayer.exe
O4 - HKLM\..\Run: [dhPROFLWIZ.EXE] C:\Program Files\Microsoft Office\Office10\dhPROFLWIZ.EXE
O4 - HKLM\..\Run: [gasetup] C:\Program Files\Common Files\Ahead\Uninstall\gasetup.exe
O4 - HKLM\..\Run: [ehUToolbar] C:\Program Files\MyMaji\MajiToolbar\ehUToolbar.exe
O4 - HKLM\..\Run: [mfPROFLWIZ.EXE] C:\Program Files\Microsoft Office\Office10\mfPROFLWIZ.EXE
O4 - HKLM\..\Run: [llRegister] C:\Program Files\GRETECH\GomPlayer\llRegister.exe
O4 - HKLM\..\Run: [meicwtutor] C:\Program Files\Internet Explorer\Connection Wizard\meicwtutor.exe
O4 - HKLM\..\Run: [qgavgtray] C:\Documents and Settings\All Users\Application Data\avg8\update\backup\qgavgtray.exe
O4 - HKLM\..\Run: [asavgcfgex] C:\Program Files\AVG\AVG8\asavgcfgex.exe
O4 - HKLM\..\Run: [kzupdate] C:\Program Files\MSN\MSNCoreFiles\kzupdate.exe
O4 - HKLM\..\Run: [gpavgtray] C:\Documents and Settings\All Users\Application Data\avg8\update\backup\gpavgtray.exe
O4 - HKLM\..\Run: [hiWaveEdit] C:\Program Files\Ahead\Nero Wave Editor\hiWaveEdit.exe
O4 - HKLM\..\Run: [gvicwconn1] C:\Program Files\Internet Explorer\Connection Wizard\gvicwconn1.exe
O4 - HKLM\..\Run: [dlavgui] C:\Program Files\AVG\AVG8\dlavgui.exe
O4 - HKLM\..\Run: [qwsrt2smi] C:\Program Files\GRETECH\GomPlayer\qwsrt2smi.exe
O4 - HKLM\..\Run: [tcSetup] C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\tcSetup.exe
O4 - HKLM\..\Run: [doMSOHTMED.EXE] C:\Program Files\Microsoft Office\Office10\doMSOHTMED.EXE
O4 - HKLM\..\Run: [suDW.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\suDW.EXE
O4 - HKLM\..\Run: [wnCMIRMDRV.EXE] C:\Program Files\C-Media 3D Audio\Driver\Win\wnCMIRMDRV.EXE
O4 - HKLM\..\Run: [joavgchk0] C:\Program Files\AVG\AVG8\joavgchk.exe0
O4 - HKLM\..\Run: [kouninst] C:\Program Files\Common Files\uusee\kouninst.exe
O4 - HKLM\..\Run: [ktiexplore] C:\Program Files\Internet Explorer\ktiexplore.exe
O4 - HKLM\..\Run: [qhsetup50] C:\Program Files\Outlook Express\qhsetup50.exe
O4 - HKLM\..\Run: [eoCLDMA] C:\Program Files\CyberLink\PowerProducer\eoCLDMA.exe
O4 - HKLM\..\Run: [fjMSACCESS.EXE] C:\Program Files\Microsoft Office\Office10\fjMSACCESS.EXE
O4 - HKLM\..\Run: [avgchk0] C:\Program Files\AVG\AVG8\avgchk.exe0
O4 - HKLM\..\Run: [msavgemc] C:\Program Files\AVG\AVG8\msavgemc.exe
O4 - HKLM\..\Run: [kgFINDER.EXE] C:\Program Files\Microsoft Office\Office10\kgFINDER.EXE
O4 - HKLM\..\Run: [bxavgwdsvc] C:\Program Files\AVG\AVG8\bxavgwdsvc.exe
O4 - HKLM\..\Run: [DriverTweak] C:\Program Files\Driver-Soft\DriverGenius\DriverTweak.exe
O4 - HKLM\..\Run: [zyavgcsrvx] C:\Program Files\AVG\AVG8\zyavgcsrvx.exe
O4 - HKLM\..\Run: [stfixcfg] C:\Program Files\AVG\AVG8\stfixcfg.exe
O4 - HKLM\..\Run: [lyUNNero] C:\Program Files\Ahead\Nero\Uninstall\lyUNNero.exe
O4 - HKLM\..\Run: [bjuninst] C:\Program Files\BitComet\bjuninst.exe
O4 - HKLM\..\Run: [ggddtester] C:\Program Files\CyberLink\PowerDVD\ggddtester.exe

作者: lch99 发布时间: 2014-01-21

O4 - HKLM\..\Run: [alsched] C:\Program Files\Common Files\Real\Update_OB\alsched.exe
O4 - HKLM\..\Run: [jhmsnunin] C:\Program Files\MSN\MSNCoreFiles\Setup\jhmsnunin.exe
O4 - HKLM\..\Run: [iiDW20.EXE] C:\Program Files\Common Files\Microsoft Shared\DW\iiDW20.EXE
O4 - HKLM\..\Run: [oxsetup] C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\oxsetup.exe
O4 - HKLM\..\Run: [RSubmission] C:\Program Files\CyberLink\PowerProducer\OLRSubmission\RSubmission.exe
O4 - HKLM\..\Run: [urCDSpeed] C:\Program Files\Ahead\Nero Toolkit\urCDSpeed.exe
O4 - HKLM\..\Run: [nsRtParser] C:\Program Files\GRETECH\GomPlayer\nsRtParser.exe
O4 - HKLM\..\Run: [qcDW.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\qcDW.EXE
O4 - HKLM\..\Run: [tisapisvr] C:\Program Files\Common Files\Microsoft Shared\Speech\tisapisvr.exe
O4 - HKLM\..\Run: [rashReport] C:\Program Files\MpcStar\rashReport.exe
O4 - HKLM\..\Run: [vaOFFPRV10.EXE] C:\Program Files\Common Files\Microsoft Shared\MSInfo\vaOFFPRV10.EXE
O4 - HKLM\..\Run: [znMSTORE.EXE] C:\Program Files\Microsoft Office\Office10\znMSTORE.EXE
O4 - HKLM\..\Run: [shReport] C:\Program Files\BitComet\shReport.exe
O4 - HKLM\..\Run: [mjWinRAR] C:\Program Files\WinRAR\mjWinRAR.exe
O4 - HKLM\..\Run: [yyTvants] C:\Program Files\TVAnts\yyTvants.exe
O4 - HKLM\..\Run: [igIMEPADSV.EXE] C:\Program Files\Common Files\Microsoft Shared\IME\Shared\igIMEPADSV.EXE
O4 - HKLM\..\Run: [ydKillGom] C:\Program Files\GRETECH\GomPlayer\ydKillGom.exe
O4 - HKLM\..\Run: [diinst] C:\Documents and Settings\frankiechung\Application Data\diinst.exe
O4 - HKLM\..\Run: [skOWSRMADM.EXE] C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\bin\skOWSRMADM.EXE
O4 - HKLM\..\Run: [miicwtutor] C:\Program Files\Internet Explorer\Connection Wizard\miicwtutor.exe
O4 - HKLM\..\Run: [giCGuard] C:\Program Files\Microsoft\Search Enhancement Pack\Choice Guard\giCGuard.exe
O4 - HKLM\..\Run: [fvinetwiz] C:\Program Files\Internet Explorer\Connection Wizard\fvinetwiz.exe
O4 - HKLM\..\Run: [pdateax] C:\Documents and Settings\frankiechung\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\pdateax.exe
O4 - HKLM\..\Run: [pgalcrmv64] C:\Program Files\Realtek AC97\pgalcrmv64.exe
O4 - HKLM\..\Run: [ydTvants] C:\Program Files\TVAnts\ydTvants.exe
O4 - HKLM\..\Run: [tkWMPBurn] C:\Program Files\Ahead\WMPBurn\tkWMPBurn.exe
O4 - HKLM\..\Run: [bxhwinfo] C:\Program Files\Ahead\Nero Toolkit\bxhwinfo.exe
O4 - HKLM\..\Run: [biSoundMan] C:\Program Files\Realtek AC97\biSoundMan.exe
O4 - HKLM\..\Run: [yibbOSA.EXE] C:\Program Files\Microsoft Office\Office10\yibbOSA.EXE
O4 - HKLM\..\Run: [veVTIDB.EXE] C:\Program Files\Microsoft Office\Office10\veVTIDB.EXE
O4 - HKLM\..\Run: [bnavgcmgr] C:\Program Files\AVG\AVG8\bnavgcmgr.exe
O4 - HKLM\..\Run: [puNBR] C:\Program Files\Ahead\Nero BackItUp\puNBR.exe
O4 - HKLM\..\Run: [ltIDriver] C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\ltIDriver.exe
O4 - HKLM\..\Run: [fufixfp] C:\Program Files\AVG\AVG8\fufixfp.exe
O4 - HKLM\..\Run: [rlmsn6] C:\Program Files\MSN\MSNCoreFiles\rlmsn6.exe
O4 - HKLM\..\Run: [ctiedw] C:\Program Files\Internet Explorer\ctiedw.exe
O4 - HKLM\..\Run: [liavgupd] C:\Documents and Settings\All Users\Application Data\avg8\update\backup\liavgupd.exe
O4 - HKLM\..\Run: [cwSetup] C:\Program Files\InstallShield Installation Information\{B97CF5C3-0487-11D8-A36E-0050BAE317E1}\cwSetup.exe
O4 - HKLM\..\Run: [tjWAVTOASF.EXE] C:\Program Files\Microsoft Office\Office10\tjWAVTOASF.EXE
O4 - HKLM\..\Run: [ytmsnunin] C:\Program Files\MSN\MSNCoreFiles\Setup\ytmsnunin.exe
O4 - HKLM\..\Run: [kqGOM] C:\Program Files\GRETECH\GomPlayer\kqGOM.exe
O4 - HKLM\..\Run: [mamoviemk] C:\Program Files\Movie Maker\mamoviemk.exe
O4 - HKLM\..\Run: [mfavgtray] C:\Documents and Settings\All Users\Application Data\avg8\update\backup\mfavgtray.exe
O4 - HKLM\..\Run: [ttVTIDB.EXE] C:\Program Files\Microsoft Office\Office10\ttVTIDB.EXE
O4 - HKLM\..\Run: [snGRAPH.EXE] C:\Program Files\Microsoft Office\Office10\snGRAPH.EXE
O4 - HKLM\..\Run: [whCLDrvChk] C:\Program Files\CyberLink\PowerProducer\whCLDrvChk.exe
O4 - HKLM\..\Run: [simencoder] C:\Program Files\MpcStar\Codecs\Real\simencoder.exe
O4 - HKLM\..\Run: [pjMSOHELP.EXE] C:\Program Files\Microsoft Office\Office10\1028\pjMSOHELP.EXE
O4 - HKLM\..\Run: [qnSetup] C:\Program Files\InstallShield Installation Information\{E0AD4033-D89B-11D7-97C2-00055D0CA761}\qnSetup.exe
O4 - HKLM\..\Run: [LRStateCheck] C:\Program Files\CyberLink\PowerProducer\OLRSubmission\LRStateCheck.exe
O4 - HKLM\..\Run: [lnoemig50] C:\Program Files\Outlook Express\lnoemig50.exe
O4 - HKLM\..\Run: [cjUUPlayer] C:\Program Files\Common Files\uusee\cjUUPlayer.exe
O4 - HKLM\..\Run: [heKillGom] C:\Program Files\GRETECH\GomPlayer\heKillGom.exe
O4 - HKLM\..\Run: [ecmsimn] C:\Program Files\Outlook Express\ecmsimn.exe
O4 - HKLM\..\Run: [iwMSOICONS.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\iwMSOICONS.EXE
O4 - HKLM\..\Run: [szicwconn2] C:\Program Files\Internet Explorer\Connection Wizard\szicwconn2.exe
O4 - HKLM\..\Run: [ocOSA.EXE] C:\Program Files\Microsoft Office\Office10\ocOSA.EXE
O4 - HKLM\..\Run: [ebinst] C:\Documents and Settings\frankiechung\Application Data\ebinst.exe
O4 - HKLM\..\Run: [keMSACNV30.EXE] C:\Program Files\Microsoft Office\Office10\keMSACNV30.EXE
O4 - HKLM\..\Run: [nlsetup] C:\Program Files\InstallShield Installation Information\{C6F74245-2B77-40F4-AADA-D2BAE56CB113}\nlsetup.exe
O4 - HKLM\..\Run: [kuDW20.EXE] C:\Program Files\Common Files\Microsoft Shared\DW\kuDW20.EXE
O4 - HKLM\..\Run: [wjIDriver2] C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\wjIDriver2.exe
O4 - HKLM\..\Run: [nkMSACNV30.EXE] C:\Program Files\Microsoft Office\Office10\nkMSACNV30.EXE
O4 - HKLM\..\Run: [sgSetup] C:\Program Files\InstallShield Installation Information\{B97CF5C3-0487-11D8-A36E-0050BAE317E1}\sgSetup.exe
O4 - HKLM\..\Run: [roTvants] C:\Program Files\TVAnts\roTvants.exe
O4 - HKLM\..\Run: [xjSoundMan] C:\Program Files\Realtek AC97\xjSoundMan.exe
O4 - HKLM\..\Run: [dyMCDLC.EXE] C:\Program Files\Microsoft Office\Office10\dyMCDLC.EXE
O4 - HKLM\..\Run: [nahwinfo] C:\Program Files\Ahead\Nero Toolkit\nahwinfo.exe
O4 - HKLM\..\Run: [jldvdrgn] C:\Program Files\CyberLink\PowerDVD\jldvdrgn.exe
O4 - HKLM\..\Run: [htavgrsx] C:\Program Files\AVG\AVG8\htavgrsx.exe
O4 - HKLM\..\Run: [dqsetup] C:\Program Files\InstallShield Installation Information\{C6F74245-2B77-40F4-AADA-D2BAE56CB113}\dqsetup.exe
O4 - HKLM\..\Run: [bouninst] C:\Program Files\BitComet\bouninst.exe
O4 - HKLM\..\Run: [ntCGuard] C:\Program Files\Microsoft\Search Enhancement Pack\Choice Guard\ntCGuard.exe
O4 - HKLM\..\Run: [hcCoverDes] C:\Program Files\Ahead\CoverDesigner\hcCoverDes.exe
O4 - HKLM\..\Run: [zwCMIRMDRV.EXE] C:\Program Files\C-Media 3D Audio\Driver\Win\zwCMIRMDRV.EXE
O4 - HKLM\..\Run: [fyDXEnum] C:\Program Files\Ahead\Nero Wave Editor\fyDXEnum.exe
O4 - HKLM\..\Run: [ffavgrsx] C:\Program Files\AVG\AVG8\ffavgrsx.exe
O4 - HKLM\..\Run: [ToolbarInstall] C:\Program Files\AVG\AVG8\ToolbarInstall.exe
O4 - HKLM\..\Run: [vtEXCEL.EXE] C:\Program Files\Microsoft Office\Office10\vtEXCEL.EXE
O4 - HKLM\..\Run: [xoOFFPRV10.EXE] C:\Program Files\Common Files\Microsoft Shared\MSInfo\xoOFFPRV10.EXE
O4 - HKLM\..\Run: [eeMediaCenter] C:\Program Files\Common Files\uusee\eeMediaCenter.exe
O4 - HKLM\..\Run: [oecopymar] C:\Program Files\MSN\MSNCoreFiles\oecopymar.exe
O4 - HKLM\..\Run: [dlOSA.EXE] C:\Program Files\Microsoft Office\Office10\dlOSA.EXE
O4 - HKLM\..\Run: [bvicwrmind] C:\Program Files\Internet Explorer\Connection Wizard\bvicwrmind.exe
O4 - HKLM\..\Run: [vhwb32] C:\Program Files\NetMeeting\vhwb32.exe
O4 - HKLM\..\Run: [qiicwtutor] C:\Program Files\Internet Explorer\Connection Wizard\qiicwtutor.exe
O4 - HKLM\..\Run: [jkGRAPH.EXE] C:\Program Files\Microsoft Office\Office10\jkGRAPH.EXE
O4 - HKLM\..\Run: [mwUPNP] C:\Program Files\BitComet\tools\mwUPNP.exe
O4 - HKLM\..\Run: [wiSetup] C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\wiSetup.exe
O4 - HKLM\..\Run: [ompilation] C:\Program Files\Ahead\NeroMediaPlayer\Services\ompilation.exe
O4 - HKLM\..\Run: [wciedw] C:\Program Files\Internet Explorer\wciedw.exe
O4 - HKLM\..\Run: [ExtLoader] C:\Program Files\WinRAR\ExtLoader.exe

作者: lch99 发布时间: 2014-01-21

O4 - HKLM\..\Run: [myavgchk] C:\Program Files\AVG\AVG8\myavgchk.exe
O4 - HKLM\..\Run: [lbGRAPH.EXE] C:\Program Files\Microsoft Office\Office10\lbGRAPH.EXE
O4 - HKLM\..\Run: [mnSetup] C:\Program Files\InstallShield Installation Information\{E0AD4033-D89B-11D7-97C2-00055D0CA761}\mnSetup.exe
O4 - HKLM\..\Run: [wqalcrmv64] C:\Program Files\Realtek AC97\wqalcrmv64.exe
O4 - HKLM\..\Run: [rxavgcfgex] C:\Program Files\AVG\AVG8\rxavgcfgex.exe
O4 - HKLM\..\Run: [uhUUPlayer] C:\Program Files\Common Files\uusee\uhUUPlayer.exe
O4 - HKLM\..\Run: [xcupdate] C:\Program Files\MSN\MSNCoreFiles\xcupdate.exe
O4 - HKLM\..\Run: [nxisignup] C:\Program Files\Internet Explorer\Connection Wizard\nxisignup.exe
O4 - HKLM\..\Run: [feCLDMA] C:\Program Files\CyberLink\PowerProducer\feCLDMA.exe
O4 - HKLM\..\Run: [brWAVTOASF.EXE] C:\Program Files\Microsoft Office\Office10\brWAVTOASF.EXE
O4 - HKLM\..\Run: [sxInfoTool] C:\Program Files\Ahead\Nero Toolkit\sxInfoTool.exe
O4 - HKLM\..\Run: [bdProducer] C:\Program Files\CyberLink\PowerProducer\bdProducer.exe
O4 - HKLM\..\Run: [zcalcrmv64] C:\Program Files\Realtek AC97\zcalcrmv64.exe
O4 - HKLM\..\Run: [lsetup-cvr] C:\Documents and Settings\frankiechung\Local Settings\Temp\lsetup-cvr.exe
O4 - HKLM\..\Run: [rqSmWizard] C:\Program Files\C-Media 3D Audio\Driver\Win\rqSmWizard.exe
O4 - HKLM\..\Run: [hkML3XEC16.EXE] C:\Program Files\Common Files\System\Mapi\1028\hkML3XEC16.EXE
O4 - HKLM\..\Run: [joFRONTPG.EXE] C:\Program Files\Microsoft Office\Office10\joFRONTPG.EXE
O4 - HKLM\..\Run: [rzGOM] C:\Program Files\GRETECH\GomPlayer\rzGOM.exe
O4 - HKLM\..\Run: [tlMSO7FTPS.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\tlMSO7FTPS.EXE
O4 - HKLM\..\Run: [yfavgchk0] C:\Program Files\AVG\AVG8\yfavgchk.exe0
O4 - HKLM\..\Run: [aravgcmgr] C:\Program Files\AVG\AVG8\aravgcmgr.exe
O4 - HKLM\..\Run: [dlCFGWIZ.EXE] C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\bin\dlCFGWIZ.EXE
O4 - HKLM\..\Run: [aoCNFNOT32.EXE] C:\Program Files\Common Files\System\Mapi\1028\aoCNFNOT32.EXE
O4 - HKLM\..\Run: [mcavgtray] C:\Documents and Settings\All Users\Application Data\avg8\update\backup\mcavgtray.exe
O4 - HKLM\..\Run: [rdVTIDB.EXE] C:\Program Files\Microsoft Office\Office10\rdVTIDB.EXE
O4 - HKLM\..\Run: [hkavgtray] C:\Documents and Settings\All Users\Application Data\avg8\update\backup\hkavgtray.exe
O4 - HKLM\..\Run: [jwOFFPRV10.EXE] C:\Program Files\Common Files\Microsoft Shared\MSInfo\jwOFFPRV10.EXE
O4 - HKLM\..\Run: [aiCLDrvChk] C:\Program Files\CyberLink\PowerProducer\aiCLDrvChk.exe
O4 - HKLM\..\Run: [zpmsimn] C:\Program Files\Outlook Express\zpmsimn.exe
O4 - HKLM\..\Run: [ygavgchk] C:\Program Files\AVG\AVG8\ygavgchk.exe
O4 - HKLM\..\Run: [jzIMEPADSV.EXE] C:\Program Files\Common Files\Microsoft Shared\IME\Shared\jzIMEPADSV.EXE
O4 - HKLM\..\Run: [abGRAPH.EXE] C:\Program Files\Microsoft Office\Office10\abGRAPH.EXE
O4 - HKLM\..\Run: [vaMSIMPORT.EXE] C:\Program Files\Microsoft Office\Office10\vaMSIMPORT.EXE
O4 - HKLM\..\Run: [kvconf] C:\Program Files\NetMeeting\kvconf.exe
O4 - HKLM\..\Run: [ichVideo] C:\Program Files\CyberLink\Shared Files\ichVideo.exe
O4 - HKLM\..\Run: [sqMSACCESS.EXE] C:\Program Files\Microsoft Office\Office10\sqMSACCESS.EXE
O4 - HKLM\..\Run: [jnsapisvr] C:\Program Files\Common Files\Microsoft Shared\Speech\jnsapisvr.exe
O4 - HKLM\..\Run: [gtCLDMA] C:\Program Files\CyberLink\PowerDVD\gtCLDMA.exe
O4 - HKLM\..\Run: [weMSTORE.EXE] C:\Program Files\Microsoft Office\Office10\weMSTORE.EXE
O4 - HKLM\..\Run: [fwwb32] C:\Program Files\NetMeeting\fwwb32.exe
O4 - HKLM\..\Run: [xbavgsrmax] C:\Program Files\AVG\AVG8\xbavgsrmax.exe
O4 - HKLM\..\Run: [pbMCDLC.EXE] C:\Program Files\Microsoft Office\Office10\pbMCDLC.EXE
O4 - HKLM\..\Run: [xrVTIDISC.EXE] C:\Program Files\Microsoft Office\Office10\xrVTIDISC.EXE
O4 - HKLM\..\Run: [fxmsinfo32] C:\Program Files\Common Files\Microsoft Shared\MSInfo\fxmsinfo32.exe
O4 - HKLM\..\Run: [lhavgchk0] C:\Program Files\AVG\AVG8\lhavgchk.exe0
O4 - HKLM\..\Run: [tminst] C:\Documents and Settings\frankiechung\Application Data\tminst.exe
O4 - HKLM\..\Run: [htMSTORDB.EXE] C:\Program Files\Microsoft Office\Office10\htMSTORDB.EXE
O4 - HKLM\..\Run: [doavgscanx] C:\Program Files\AVG\AVG8\doavgscanx.exe
O4 - HKLM\..\Run: [idVTIPRES.EXE] C:\Program Files\Microsoft Office\Office10\idVTIPRES.EXE
O4 - HKLM\..\Run: [swavgwdsvc] C:\Program Files\AVG\AVG8\swavgwdsvc.exe
O4 - HKLM\..\Run: [clalcrmv64] C:\Program Files\Realtek AC97\clalcrmv64.exe
O4 - HKLM\..\Run: [nvDW.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\nvDW.EXE
O4 - HKLM\..\Run: [qeWINWORD.EXE] C:\Program Files\Microsoft Office\Office10\qeWINWORD.EXE
O4 - HKLM\..\Run: [vDriverTweak] C:\Program Files\Driver-Soft\DriverGenius\vDriverTweak.exe
O4 - HKLM\..\Run: [qmavgupd] C:\Program Files\AVG\AVG8\qmavgupd.exe
O4 - HKLM\..\Run: [ekUToolbar] C:\Program Files\MyMaji\MajiToolbar\ekUToolbar.exe
O4 - HKLM\..\Run: [emSetup] C:\Program Files\InstallShield Installation Information\{E0AD4033-D89B-11D7-97C2-00055D0CA761}\emSetup.exe
O4 - HKLM\..\Run: [nnFPCOUNT.EXE] C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\isapi\nnFPCOUNT.EXE
O4 - HKLM\..\Run: [jaavgui] C:\Program Files\AVG\AVG8\jaavgui.exe
O4 - HKLM\..\Run: [kgSetup] C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\kgSetup.exe
O4 - HKLM\..\Run: [neCNFNOT32.EXE] C:\Program Files\Common Files\System\Mapi\1028\neCNFNOT32.EXE
O4 - HKLM\..\Run: [myCoverDes] C:\Program Files\Ahead\CoverDesigner\myCoverDes.exe
O4 - HKLM\..\Run: [vuTvants] C:\Program Files\TVAnts\vuTvants.exe
O4 - HKLM\..\Run: [chmsmsgsin] C:\Program Files\Messenger\chmsmsgsin.exe
O4 - HKLM\..\Run: [ndoemig50] C:\Program Files\Outlook Express\ndoemig50.exe
O4 - HKLM\..\Run: [naicwtutor] C:\Program Files\Internet Explorer\Connection Wizard\naicwtutor.exe

作者: lch99 发布时间: 2014-01-21

O4 - HKLM\..\Run: [wdDWTRIG20.EXE] C:\Program Files\Common Files\Microsoft Shared\DW\wdDWTRIG20.EXE
O4 - HKLM\..\Run: [pwsetup] C:\Program Files\Common Files\Ahead\Uninstall\pwsetup.exe
O4 - HKLM\..\Run: [flNRESTORE.EXE] C:\Program Files\Ahead\Nero\flNRESTORE.EXE
O4 - HKLM\..\Run: [jrDW.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\jrDW.EXE
O4 - HKLM\..\Run: [prupgrdhlp] C:\Program Files\Common Files\Real\Update_OB\prupgrdhlp.exe
O4 - HKLM\..\Run: [hpupgrdhlp] C:\Program Files\Common Files\Real\Update_OB\hpupgrdhlp.exe
O4 - HKLM\..\Run: [rzWMPBurn] C:\Program Files\Ahead\WMPBurn\rzWMPBurn.exe
O4 - HKLM\..\Run: [vdmsimn] C:\Program Files\Outlook Express\vdmsimn.exe
O4 - HKLM\..\Run: [SeeMediaCenter] C:\Program Files\Common Files\uusee\SeeMediaCenter.exe
O4 - HKLM\..\Run: [uuSmWizard] C:\Program Files\C-Media 3D Audio\Driver\Win\uuSmWizard.exe
O4 - HKLM\..\Run: [ormsmsgsin] C:\Program Files\Messenger\ormsmsgsin.exe
O4 - HKLM\..\Run: [wcUnRAR] C:\Program Files\WinRAR\wcUnRAR.exe
O4 - HKLM\..\Run: [kcIDriver2] C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\kcIDriver2.exe
O4 - HKLM\..\Run: [qqmsnunin] C:\Program Files\MSN\MSNCoreFiles\Setup\qqmsnunin.exe
O4 - HKLM\..\Run: [myddtester] C:\Program Files\CyberLink\PowerDVD\myddtester.exe
O4 - HKLM\..\Run: [vzMSOHELP.EXE] C:\Program Files\Microsoft Office\Office10\1028\vzMSOHELP.EXE
O4 - HKLM\..\Run: [gqicwconn1] C:\Program Files\Internet Explorer\Connection Wizard\gqicwconn1.exe
O4 - HKLM\..\Run: [usIDriver] C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\usIDriver.exe
O4 - HKLM\..\Run: [akSetup] C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\akSetup.exe
O4 - HKLM\..\Run: [duPDVDServ] C:\Program Files\CyberLink\PowerDVD\duPDVDServ.exe
O4 - HKLM\..\Run: [vvmoviemk] C:\Program Files\Movie Maker\vvmoviemk.exe
O4 - HKLM\..\Run: [wiMSACCESS.EXE] C:\Program Files\Microsoft Office\Office10\wiMSACCESS.EXE
O4 - HKLM\..\Run: [vkIKernel] C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\vkIKernel.exe
O4 - HKLM\..\Run: [dpmsn6] C:\Program Files\MSN\MSNCoreFiles\dpmsn6.exe
O4 - HKLM\..\Run: [gyIKernel] C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\gyIKernel.exe
O4 - HKLM\..\Run: [jdWinRAR] C:\Program Files\WinRAR\jdWinRAR.exe
O4 - HKLM\..\Run: [zdVTIFORM.EXE] C:\Program Files\Microsoft Office\Office10\zdVTIFORM.EXE
O4 - HKLM\..\Run: [fiavgemc] C:\Program Files\AVG\AVG8\fiavgemc.exe
O4 - HKLM\..\Run: [qhicwrmind] C:\Program Files\Internet Explorer\Connection Wizard\qhicwrmind.exe
O4 - HKLM\..\Run: [ufalcrmv64] C:\Program Files\Realtek AC97\ufalcrmv64.exe
O4 - HKLM\..\Run: [vyKillGom] C:\Program Files\GRETECH\GomPlayer\vyKillGom.exe
O4 - HKLM\..\Run: [bnmoviemk] C:\Program Files\Movie Maker\bnmoviemk.exe
O4 - HKLM\..\Run: [blFRONTPG.EXE] C:\Program Files\Microsoft Office\Office10\blFRONTPG.EXE
O4 - HKLM\..\Run: [pzSetup] C:\Program Files\InstallShield Installation Information\{B97CF5C3-0487-11D8-A36E-0050BAE317E1}\pzSetup.exe
O4 - HKLM\..\Run: [nfconf] C:\Program Files\NetMeeting\nfconf.exe
O4 - HKLM\..\Run: [ehavgsrmax] C:\Program Files\AVG\AVG8\ehavgsrmax.exe
O4 - HKLM\..\Run: [izGomWiz] C:\Program Files\GRETECH\GomPlayer\izGomWiz.exe
O4 - HKLM\..\Run: [wmPDVDServ] C:\Program Files\CyberLink\PowerDVD\wmPDVDServ.exe
O4 - HKLM\..\Run: [wuavgupd] C:\Documents and Settings\All Users\Application Data\avg8\update\backup\wuavgupd.exe
O4 - HKLM\..\Run: [jvisignup] C:\Program Files\Internet Explorer\Connection Wizard\jvisignup.exe
O4 - HKLM\..\Run: [ylmsinfo32] C:\Program Files\Common Files\Microsoft Shared\MSInfo\ylmsinfo32.exe
O4 - HKLM\..\Run: [ssWINWORD.EXE] C:\Program Files\Microsoft Office\Office10\ssWINWORD.EXE
O4 - HKLM\..\Run: [dwMCDLC.EXE] C:\Program Files\Microsoft Office\Office10\dwMCDLC.EXE
O4 - HKLM\..\Run: [agMSTORDB.EXE] C:\Program Files\Microsoft Office\Office10\agMSTORDB.EXE
O4 - HKLM\..\Run: [mkCNFNOT32.EXE] C:\Program Files\Common Files\System\Mapi\1028\mkCNFNOT32.EXE
O4 - HKLM\..\Run: [emMSIMPORT.EXE] C:\Program Files\Microsoft Office\Office10\emMSIMPORT.EXE
O4 - HKLM\..\Run: [ywdw] C:\Program Files\MSN\MSNCoreFiles\ywdw.exe
O4 - HKLM\..\Run: [setup-cvr] C:\Documents and Settings\frankiechung\Local Settings\Temp\setup-cvr.exe
O4 - HKLM\..\Run: [vlIDriver2] C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\vlIDriver2.exe
O4 - HKLM\..\Run: [gcUNNero] C:\Program Files\Ahead\Nero\Uninstall\gcUNNero.exe
O4 - HKLM\..\Run: [rvalcrmv] C:\Program Files\Realtek AC97\rvalcrmv.exe
O4 - HKLM\..\Run: [avMSO7FTPA.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\avMSO7FTPA.EXE
O4 - HKLM\..\Run: [zfInfoTool] C:\Program Files\Ahead\Nero Toolkit\zfInfoTool.exe
O4 - HKLM\..\Run: [unWinRAR] C:\Program Files\WinRAR\unWinRAR.exe
O4 - HKLM\..\Run: [phChCfg] C:\Program Files\Realtek AC97\phChCfg.exe
O4 - HKLM\..\Run: [taFPCOUNT.EXE] C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\isapi\taFPCOUNT.EXE
O4 - HKLM\..\Run: [tiuninst] C:\Program Files\MpcStar\tiuninst.exe
O4 - HKLM\..\Run: [jiRar] C:\Program Files\WinRAR\jiRar.exe
O4 - HKLM\..\Run: [qkicwconn1] C:\Program Files\Internet Explorer\Connection Wizard\qkicwconn1.exe
O4 - HKLM\..\Run: [llVTIFORM.EXE] C:\Program Files\Microsoft Office\Office10\llVTIFORM.EXE
O4 - HKLM\..\Run: [umavgwdsvc] C:\Program Files\AVG\AVG8\umavgwdsvc.exe
O4 - HKLM\..\Run: [troemig50] C:\Program Files\Outlook Express\troemig50.exe
O4 - HKLM\..\Run: [yesrt2smi] C:\Program Files\GRETECH\GomPlayer\yesrt2smi.exe
O4 - HKLM\..\Run: [peavgemc] C:\Program Files\AVG\AVG8\peavgemc.exe
O4 - HKLM\..\Run: [qxmencoder] C:\Program Files\MpcStar\Codecs\Real\qxmencoder.exe
O4 - HKLM\..\Run: [rnMSIMPORT.EXE] C:\Program Files\Microsoft Office\Office10\rnMSIMPORT.EXE
O4 - HKLM\..\Run: [gpfixfp] C:\Program Files\AVG\AVG8\gpfixfp.exe
O4 - HKLM\..\Run: [sxsetup50] C:\Program Files\Outlook Express\sxsetup50.exe
O4 - HKLM\..\Run: [airnxproc] C:\Program Files\Common Files\Real\Update_OB\airnxproc.exe
O4 - HKLM\..\Run: [ntUPNP] C:\Program Files\BitComet\tools\ntUPNP.exe
O4 - HKLM\..\Run: [feRar] C:\Program Files\WinRAR\feRar.exe
O4 - HKLM\..\Run: [iusapisvr] C:\Program Files\Common Files\Microsoft Shared\Speech\iusapisvr.exe
O4 - HKLM\..\Run: [hhVTIFORM.EXE] C:\Program Files\Microsoft Office\Office10\hhVTIFORM.EXE
O4 - HKLM\..\Run: [vbUUPlayer] C:\Program Files\Common Files\uusee\vbUUPlayer.exe
O4 - HKLM\..\Run: [zeOFFPRV10.EXE] C:\Program Files\Common Files\Microsoft Shared\MSInfo\zeOFFPRV10.EXE
O4 - HKLM\..\Run: [ooGomWiz] C:\Program Files\GRETECH\GomPlayer\ooGomWiz.exe
O4 - HKLM\..\Run: [oxDW20.EXE] C:\Program Files\Common Files\Microsoft Shared\DW\oxDW20.EXE
O4 - HKLM\..\Run: [weavgtray] C:\Program Files\AVG\AVG8\weavgtray.exe
O4 - HKLM\..\Run: [jgavgscanx] C:\Program Files\AVG\AVG8\jgavgscanx.exe
O4 - HKLM\..\Run: [ehDW20.EXE] C:\Program Files\Common Files\Microsoft Shared\DW\ehDW20.EXE
O4 - HKLM\..\Run: [nhCDSpeed] C:\Program Files\Ahead\Nero Toolkit\nhCDSpeed.exe
O4 - HKLM\..\Run: [esMCDLC.EXE] C:\Program Files\Microsoft Office\Office10\esMCDLC.EXE
O4 - HKLM\..\Run: [aainetwiz] C:\Program Files\Internet Explorer\Connection Wizard\aainetwiz.exe
O4 - HKLM\..\Run: [wccb32] C:\Program Files\NetMeeting\wccb32.exe
O4 - HKLM\..\Run: [hmavgtray] C:\Program Files\AVG\AVG8\hmavgtray.exe
O4 - HKLM\..\Run: [esddtester] C:\Program Files\CyberLink\PowerDVD\esddtester.exe
O4 - HKLM\..\Run: [ogavgrsx] C:\Program Files\AVG\AVG8\ogavgrsx.exe
O4 - HKLM\..\Run: [nrKillGom] C:\Program Files\GRETECH\GomPlayer\nrKillGom.exe
O4 - HKLM\..\Run: [cpOUTLOOK.EXE] C:\Program Files\Microsoft Office\Office10\cpOUTLOOK.EXE
O4 - HKLM\..\Run: [ukmsimn] C:\Program Files\Outlook Express\ukmsimn.exe
O4 - HKLM\..\Run: [uwOWSADM.EXE] C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\bin\uwOWSADM.EXE
O4 - HKLM\..\Run: [xhNeroCmd] C:\Program Files\Ahead\Nero\xhNeroCmd.exe
O4 - HKLM\..\Run: [noCMIRMDRV.EXE] C:\Program Files\C-Media 3D Audio\Driver\Win\noCMIRMDRV.EXE
O4 - HKLM\..\Run: [gnwabmig] C:\Program Files\Outlook Express\gnwabmig.exe
O4 - HKLM\..\Run: [dravgrsx] C:\Program Files\AVG\AVG8\dravgrsx.exe
O4 - HKLM\..\Run: [tzMSTORE.EXE] C:\Program Files\Microsoft Office\Office10\tzMSTORE.EXE
O4 - HKLM\..\Run: [ayVTIDISC.EXE] C:\Program Files\Microsoft Office\Office10\ayVTIDISC.EXE
O4 - HKLM\..\Run: [qmPROFLWIZ.EXE] C:\Program Files\Microsoft Office\Office10\qmPROFLWIZ.EXE
O4 - HKLM\..\Run: [gleToolbarInstaller] C:\Program Files\Common Files\Real\GToolbar\gleToolbarInstaller.exe

作者: lch99 发布时间: 2014-01-21

O4 - HKLM\..\Run: [hhalcrmv64] C:\Program Files\Realtek AC97\hhalcrmv64.exe
O4 - HKLM\..\Run: [izunins000] C:\Program Files\Driver-Soft\DriverGenius\izunins000.exe
O4 - HKLM\..\Run: [hxPowerDVD] C:\Program Files\CyberLink\PowerDVD\hxPowerDVD.exe
O4 - HKLM\..\Run: [atavgchk0] C:\Program Files\AVG\AVG8\atavgchk.exe0
O4 - HKLM\..\Run: [yfMSO7FTPS.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\yfMSO7FTPS.EXE
O4 - HKLM\..\Run: [roSetup] C:\Program Files\InstallShield Installation Information\{B97CF5C3-0487-11D8-A36E-0050BAE317E1}\roSetup.exe
O4 - HKLM\..\Run: [dbCPLUtl64] C:\Program Files\Realtek AC97\dbCPLUtl64.exe
O4 - HKLM\..\Run: [dhunins000] C:\Program Files\Driver-Soft\DriverGenius\dhunins000.exe
O4 - HKLM\..\Run: [mzsetup] C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\mzsetup.exe
O4 - HKLM\..\Run: [tzPOWERPNT.EXE] C:\Program Files\Microsoft Office\Office10\tzPOWERPNT.EXE
O4 - HKLM\..\Run: [deoSnapshot] C:\Program Files\BitComet\tools\deoSnapshot.exe
O4 - HKLM\..\Run: [rpInfoTool] C:\Program Files\Ahead\Nero Toolkit\rpInfoTool.exe
O4 - HKLM\..\Run: [fpSetup] C:\Program Files\InstallShield Installation Information\{E0AD4033-D89B-11D7-97C2-00055D0CA761}\fpSetup.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [XPRepairPro2007] C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [iPhone PC Suite] C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe
O4 - HKCU\..\Run: [Gbridge] "C:\Program Files\Gbridge LLC\Gbridge\pstartw.exe" "C:\Program Files\Gbridge LLC\Gbridge\Gbridge.exe" -autostart
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\frankiechung\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [aliim] C:\Program Files\AliWangWang\aliim.exe /run:auto
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0913b] C:\Documents and Settings\frankiechung\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 8662f508ae536c845c08103b2afc5d55-06ce4fc639803a2e3563922518183d8e94088cb9 --CMPID 0913b
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &使用BitComet下载 - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &使用BitComet下载全部连结 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Foxy 下载 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜寻 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 汇出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 添加为阿里旺旺表情 - C:\Program Files\AliWangWang\7.21.02C\AddNewEmotion.htm
O8 - Extra context menu item: 转换到现有 PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换为 Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换连结目标到现有 PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换连结目标为 Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换选定的连结到现有 PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 转换选定的连结为 Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 转换选择内容到现有 PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换选择内容为 Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: 发布至部落格 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: 使用 Windows Live Writer 发布至部落格(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.pps.tv
O15 - Trusted Zone: http://*.ppstream.com
O15 - Trusted Zone: http://*.webscache.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O15 - ESC Trusted Zone: http://*.pps.tv
O15 - ESC Trusted Zone: http://*.ppstream.com
O15 - ESC Trusted Zone: http://*.webscache.com
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ ... rces/fslauncher.cab

作者: lch99 发布时间: 2014-01-21

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} (DataStore Class) - http://txn01.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.co ... s/flash/swflash.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - http://www.spvod.com/soft/vjocx-ch-spvod.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://apacremoteaccess.aon.com ... iperSetupClient.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Alipay security service (AlipaySecSvc) - Alipay Inc. - C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bonjour 服务 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google 更新服务 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google 更新服务 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod 服务 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 91689 bytes

作者: lch99 发布时间: 2014-01-21

1. 执行Rkill
下载连结 http://www.bleepingcomputer.com/download/rkill/dl/11/
将档案储存於桌面>双击执行iExplore.exe>完成后会产生log (如果桌面无显示档案另存於桌面)>稍后上传

2. 执行AdwCleaner
下载连结 http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
将档案储存於桌面>双击执行AdwCleaner.exe>按下Scan>扫描完成后按下Clean>重启电脑>完成后会产生log 另存於桌面>稍后上传

3. 执行Junkware Removal Tool
下载连结 goo.gl/Pua07
将档案储存於桌面>双击执行JRT.exe>按下任意键>扫描完成后重启电脑>完成后会产生log (如果桌面无显示档案另存於桌面)>稍后上传

4. 下载及安装Malwarebytes
下载连结 goo.gl/D1RRY
>将档案储存於桌面>双击执行mbam-setup.exe
>选择繁体中文作为安装语言
>按下一步勾选我同意后再按下一步
>然后全部都按下一步，不需要更改任何设定
>按安装后等候安装
>按完成完成安装，并进行更新
>勾选完整扫描，然后按扫描
>等待扫瞄完成，按显示结果，按下右键按检查所有项目
>再按清除已选择的项目进行清理
>完成清理后会弹出扫描纪录，请储存扫描纪录至桌面
>关闭 Malwarebytes' Anti-Malware
>扫描完成后会产生log 另存於桌面>稍后上传

5.做多次Hijackthis

作者: GoodestEngilsh 发布时间: 2014-01-21

其实已试上述方法,始终未能解决问题

作者: lch99 发布时间: 2014-01-21

log呢?贴咗上嚟先

我先至会知道系乜嘢情况

作者: GoodestEngilsh 发布时间: 2014-01-21

Rkill 2.6.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/02/2013 09:49:03 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\FsUsbExService.Exe (PID: 1252) [WD-HEUR]
* C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (PID: 1640) [FI]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 12/02/2013 09:53:17 PM
Execution time: 0 hours(s), 4 minute(s), and 14 seconds(s)

作者: lch99 发布时间: 2014-01-21

# AdwCleaner v3.014 - Report created 02/12/2013 at 21:58:08
# Updated 01/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : frankiechung - FRANKIE
# Running from : C:\Documents and Settings\frankiechung\My Documents\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v8.0 (zh-TW)

[ File : C:\Documents and Settings\frankiechung\Application Data\Mozilla\Firefox\Profiles\18fimw2f.default\prefs.js ]

Line Found : user_pref("extensions.6K5J4_bv.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++)[...]
Line Found : user_pref("extensions.MNdWr.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){wi[...]
Line Found : user_pref("extensions.dXcWyX.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.protocol.indexOf('hxxp')>-1 && window.self==window.top &&[...]

-\\ Google Chrome v

[ File : C:\Documents and Settings\frankiechung\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [9839 octets] - [28/11/2013 00:07:06]
AdwCleaner[R1].txt - [1756 octets] - [28/11/2013 00:21:52]
AdwCleaner[R2].txt - [1876 octets] - [28/11/2013 00:45:36]
AdwCleaner[R3].txt - [1893 octets] - [28/11/2013 15:45:28]
AdwCleaner[R4].txt - [1353 octets] - [28/11/2013 22:17:46]
AdwCleaner[R5].txt - [1813 octets] - [02/12/2013 21:58:08]
AdwCleaner[S1].txt - [1823 octets] - [28/11/2013 00:23:48]
AdwCleaner[S3].txt - [1960 octets] - [28/11/2013 15:50:36]
AdwCleaner[S4].txt - [1414 octets] - [28/11/2013 22:19:02]

########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [2053 octets] ##########

作者: lch99 发布时间: 2014-01-21

# AdwCleaner v3.014 - Report created 02/12/2013 at 22:11:36
# Updated 01/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : frankiechung - FRANKIE
# Running from : C:\Documents and Settings\frankiechung\My Documents\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v8.0 (zh-TW)

[ File : C:\Documents and Settings\frankiechung\Application Data\Mozilla\Firefox\Profiles\18fimw2f.default\prefs.js ]

Line Deleted : user_pref("extensions.6K5J4_bv.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++)[...]
Line Deleted : user_pref("extensions.MNdWr.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){wi[...]
Line Deleted : user_pref("extensions.dXcWyX.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.protocol.indexOf('hxxp')>-1 && window.self==window.top &&[...]

-\\ Google Chrome v

[ File : C:\Documents and Settings\frankiechung\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [9839 octets] - [28/11/2013 00:07:06]
AdwCleaner[R1].txt - [1756 octets] - [28/11/2013 00:21:52]
AdwCleaner[R2].txt - [1876 octets] - [28/11/2013 00:45:36]
AdwCleaner[R3].txt - [1893 octets] - [28/11/2013 15:45:28]
AdwCleaner[R4].txt - [1353 octets] - [28/11/2013 22:17:46]
AdwCleaner[R5].txt - [2133 octets] - [02/12/2013 21:58:08]
AdwCleaner[S1].txt - [1823 octets] - [28/11/2013 00:23:48]
AdwCleaner[S3].txt - [1960 octets] - [28/11/2013 15:50:36]
AdwCleaner[S4].txt - [1414 octets] - [28/11/2013 22:19:02]
AdwCleaner[S5].txt - [2060 octets] - [02/12/2013 22:11:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [2120 octets] ##########

作者: lch99 发布时间: 2014-01-21

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by frankiechung on 02/12/2013 Mon at 22:32:05.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\frankiechung\Application Data\mozilla\firefox\profiles\18fimw2f.default\prefs.js

user_pref("extensions.6K5J4_bv.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)
user_pref("extensions.6K5J4_bv.url", "hxxp://getjpi1.info/sync2/?q=hfZ9ofV9CShEAen0rHnMg708BNmGWj8siGhGheDUojwHrjwGqTa6rjaGpihIC7n0rjrFrTaGrjnGqTkGtNhVCT94tMVKhd9Gqda7pjs9rjkG
user_pref("extensions.MNdWr.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\
user_pref("extensions.dXcWyX.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.protocol.indexOf('hxxp')>-1 && w
Emptied folder: C:\Documents and Settings\frankiechung\Application Data\mozilla\firefox\profiles\18fimw2f.default\minidumps [4 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/12/2013 Mon at 22:45:47.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

作者: lch99 发布时间: 2014-01-21

Malwarebytes呢？以上log搵唔到有可疑程式

作者: GoodestEngilsh 发布时间: 2014-01-21

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

资料库版本： v2013.11.28.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
frankiechung :: FRANKIE [系统管理员]

2/12/2013 22:58:27
mbam-log-2013-12-02 (22-58-27).txt

扫描类型：快速扫描
启用扫描选项：记忆体 | 启动 | 登录档 | 档案系统 | 启发式/额外 | 启发式/Shuriken 引擎 | PUP | PUM
停用扫描选项： P2P
被扫描物件数量： 218546
总共扫描时间： 15 分钟, 58 秒

被检测到记忆体进程数量： 0
（没有检测到有害项目）

被检测到记忆体模组数量： 0
（没有检测到有害项目）

被检测到登录档项目数量： 0
（没有检测到有害项目）

被检测到登录档值数量： 0
（没有检测到有害项目）

被检测到登录档资料项目数量： 0
（没有检测到有害项目）

被检测到资料夹数量： 0
（没有检测到有害项目）

被检测到档案数量： 0
（没有检测到有害项目）

﹝结束﹞

作者: lch99 发布时间: 2014-01-21

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:16:04, on 2/12/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Documents and Settings\frankiechung\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\KiesAirMessage.exe
C:\Program Files\AliWangWang\aliim.exe
C:\Documents and Settings\frankiechung\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AliWangWang\7.21.18C\miser\AliimSafe.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\alipay\SafeTransaction\Alipaybsm.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\TaoBrowser\TaoBrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {06433BFE-4946-4E89-823D-CD359C81CD06} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: (no name) - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: suuRff and keep - {76497C8E-1B91-3CE9-CCD1-ADA7CAB9B963} - C:\Program Files\suuRff and keep\zjY.dll (file missing)
O2 - BHO: Windows Live 登入小帮手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: YoutubeAdblocker - {AF1EC8B4-B696-F20C-957B-BFCFE9F90826} - C:\Program Files\YoutubeAdblocker\R8F2bP.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

作者: lch99 发布时间: 2014-01-21

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zzGBK] E:\setup.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [uaCNFNOT32.EXE] C:\Program Files\Common Files\System\Mapi\1028\uaCNFNOT32.EXE
O4 - HKLM\..\Run: [iiisignup] C:\Program Files\Internet Explorer\Connection Wizard\iiisignup.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [haavgtray] C:\Program Files\AVG\AVG8\haavgtray.exe
O4 - HKLM\..\Run: [pxCLDrvChk] C:\Program Files\CyberLink\PowerProducer\pxCLDrvChk.exe
O4 - HKLM\..\Run: [kcML3XEC16.EXE] C:\Program Files\Common Files\System\Mapi\1028\kcML3XEC16.EXE
O4 - HKLM\..\Run: [xpinetwiz] C:\Program Files\Internet Explorer\Connection Wizard\xpinetwiz.exe
O4 - HKLM\..\Run: [lamsnunin] C:\Program Files\MSN\MSNCoreFiles\Setup\lamsnunin.exe
O4 - HKLM\..\Run: [wficwconn2] C:\Program Files\Internet Explorer\Connection Wizard\wficwconn2.exe
O4 - HKLM\..\Run: [hfSetup] C:\Program Files\InstallShield Installation Information\{857A0A2A-3066-45D2-ACFC-5EE226EEA9D0}\hfSetup.exe
O4 - HKLM\..\Run: [fzWMPBurn] C:\Program Files\Ahead\WMPBurn\fzWMPBurn.exe
O4 - HKLM\..\Run: [uxavgfrw] C:\Program Files\AVG\AVG8\uxavgfrw.exe
O4 - HKLM\..\Run: [ywProducer] C:\Program Files\CyberLink\PowerProducer\ywProducer.exe
O4 - HKLM\..\Run: [lhavgcmgr] C:\Program Files\AVG\AVG8\lhavgcmgr.exe
O4 - HKLM\..\Run: [evavgnsx] C:\Program Files\AVG\AVG8\evavgnsx.exe
O4 - HKLM\..\Run: [noMSO7FTPA.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\noMSO7FTPA.EXE
O4 - HKLM\..\Run: [boMSO7FTPA] C:\Program Files\Common Files\Microsoft Shared\Office10\boMSO7FTPA.EXE
O4 - HKLM\..\Run: [wuunins000] C:\Program Files\Driver-Soft\DriverGenius\wuunins000.exe
O4 - HKLM\..\Run: [tiddtester] C:\Program Files\CyberLink\PowerDVD\tiddtester.exe
O4 - HKLM\..\Run: [ejMSOHTMED.EXE] C:\Program Files\Microsoft Office\Office10\ejMSOHTMED.EXE
O4 - HKLM\..\Run: [vaWMPBurn] C:\Program Files\Ahead\WMPBurn\vaWMPBurn.exe
O4 - HKLM\..\Run: [xomsmsgsin] C:\Program Files\Messenger\xomsmsgsin.exe
O4 - HKLM\..\Run: [vnmsnunin] C:\Program Files\MSN\MSNCoreFiles\Setup\vnmsnunin.exe
O4 - HKLM\..\Run: [pilation] C:\Program Files\Ahead\NeroMediaPlayer\Services\pilation.exe
O4 - HKLM\..\Run: [mvCMIRMDRV.EXE] C:\Program Files\C-Media 3D Audio\Driver\Win\mvCMIRMDRV.EXE
O4 - HKLM\..\Run: [ashReport] C:\Program Files\MpcStar\ashReport.exe
O4 - HKLM\..\Run: [jcPROFLWIZ.EXE] C:\Program Files\Microsoft Office\Office10\jcPROFLWIZ.EXE
O4 - HKLM\..\Run: [wzOUTLOOK.EXE] C:\Program Files\Microsoft Office\Office10\wzOUTLOOK.EXE
O4 - HKLM\..\Run: [syUnRAR] C:\Program Files\WinRAR\syUnRAR.exe
O4 - HKLM\..\Run: [muSetup] C:\Program Files\C-Media 3D Audio\Driver\Win\muSetup.exe
O4 - HKLM\..\Run: [hzGRAPH.EXE] C:\Program Files\Microsoft Office\Office10\hzGRAPH.EXE
O4 - HKLM\..\Run: [updateax] C:\Documents and Settings\frankiechung\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\updateax.exe
O4 - HKLM\..\Run: [rzfixfp] C:\Program Files\AVG\AVG8\rzfixfp.exe
O4 - HKLM\..\Run: [vgInfoTool] C:\Program Files\Ahead\Nero Toolkit\vgInfoTool.exe
O4 - HKLM\..\Run: [xfuninst] C:\Program Files\MpcStar\xfuninst.exe
O4 - HKLM\..\Run: [asCFGWIZ.EXE] C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\bin\asCFGWIZ.EXE
O4 - HKLM\..\Run: [fqsetup] C:\Program Files\AVG\AVG8\fqsetup.exe
O4 - HKLM\..\Run: [dbuninst] C:\Program Files\BitComet\dbuninst.exe
O4 - HKLM\..\Run: [xuInfoTool] C:\Program Files\Ahead\Nero Toolkit\xuInfoTool.exe
O4 - HKLM\..\Run: [hbAcroRd32] C:\Program Files\Adobe\Acrobat 4.0\Reader\hbAcroRd32.exe
O4 - HKLM\..\Run: [riavgui] C:\Program Files\AVG\AVG8\riavgui.exe
O4 - HKLM\..\Run: [qdMSOICONS.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\qdMSOICONS.EXE
O4 - HKLM\..\Run: [lOneMessageCenter] C:\Program Files\Common Files\Real\Update_OB\lOneMessageCenter.exe
O4 - HKLM\..\Run: [qjDW20.EXE] C:\Program Files\Common Files\Microsoft Shared\DW\qjDW20.EXE
O4 - HKLM\..\Run: [gjCoverDes] C:\Program Files\Ahead\CoverDesigner\gjCoverDes.exe
O4 - HKLM\..\Run: [undTrax] C:\Program Files\Ahead\Nero SoundTrax\undTrax.exe
O4 - HKLM\..\Run: [rxmsmsgs] C:\Program Files\Messenger\rxmsmsgs.exe
O4 - HKLM\..\Run: [ixMSOHELP.EXE] C:\Program Files\Microsoft Office\Office10\1028\ixMSOHELP.EXE
O4 - HKLM\..\Run: [wbSCANPST.EXE] C:\Program Files\Common Files\System\Mapi\1028\wbSCANPST.EXE
O4 - HKLM\..\Run: [kpinetwiz] C:\Program Files\Internet Explorer\Connection Wizard\kpinetwiz.exe
O4 - HKLM\..\Run: [ninstuusee] C:\Program Files\uusee\ninstuusee.exe
O4 - HKLM\..\Run: [qfmsmsgsin] C:\Program Files\Messenger\qfmsmsgsin.exe
O4 - HKLM\..\Run: [hwFRONTPG.EXE] C:\Program Files\Microsoft Office\Office10\hwFRONTPG.EXE
O4 - HKLM\..\Run: [tNetInstaller] C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\tNetInstaller.exe
O4 - HKLM\..\Run: [jiavgfrw] C:\Program Files\AVG\AVG8\jiavgfrw.exe
O4 - HKLM\..\Run: [tuMSTORE.EXE] C:\Program Files\Microsoft Office\Office10\tuMSTORE.EXE
O4 - HKLM\..\Run: [rtavgdumpx] C:\Program Files\AVG\AVG8\rtavgdumpx.exe
O4 - HKLM\..\Run: [geGRAPH.EXE] C:\Program Files\Microsoft Office\Office10\geGRAPH.EXE
O4 - HKLM\..\Run: [vymsmsgsin] C:\Program Files\Messenger\vymsmsgsin.exe
O4 - HKLM\..\Run: [nkRar] C:\Program Files\WinRAR\nkRar.exe
O4 - HKLM\..\Run: [lvSetup] C:\Program Files\InstallShield Installation Information\{E0AD4033-D89B-11D7-97C2-00055D0CA761}\lvSetup.exe

作者: lch99 发布时间: 2014-01-21

O4 - HKLM\..\Run: [hkmsimn] C:\Program Files\Outlook Express\hkmsimn.exe
O4 - HKLM\..\Run: [tmGOM] C:\Program Files\GRETECH\GomPlayer\tmGOM.exe
O4 - HKLM\..\Run: [yyUNWISE.EXE] C:\Program Files\TVAnts\yyUNWISE.EXE
O4 - HKLM\..\Run: [ipavgfrw] C:\Program Files\AVG\AVG8\ipavgfrw.exe
O4 - HKLM\..\Run: [cvfixcfg] C:\Program Files\AVG\AVG8\cvfixcfg.exe
O4 - HKLM\..\Run: [vkalcrmv] C:\Program Files\Realtek AC97\vkalcrmv.exe
O4 - HKLM\..\Run: [thMSO7FTPS.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\thMSO7FTPS.EXE
O4 - HKLM\..\Run: [oMediaPlayer] C:\Program Files\Ahead\NeroMediaPlayer\oMediaPlayer.exe
O4 - HKLM\..\Run: [zhSCANPST.EXE] C:\Program Files\Common Files\System\Mapi\1028\zhSCANPST.EXE
O4 - HKLM\..\Run: [vravgcsrvx] C:\Program Files\AVG\AVG8\vravgcsrvx.exe
O4 - HKLM\..\Run: [pnDXEnum] C:\Program Files\Ahead\Nero Wave Editor\pnDXEnum.exe
O4 - HKLM\..\Run: [amSmWizard] C:\Program Files\C-Media 3D Audio\Driver\Win\amSmWizard.exe
O4 - HKLM\..\Run: [iwmoviemk] C:\Program Files\Movie Maker\iwmoviemk.exe
O4 - HKLM\..\Run: [vaVTIFORM.EXE] C:\Program Files\Microsoft Office\Office10\vaVTIFORM.EXE
O4 - HKLM\..\Run: [jcMSTORE.EXE] C:\Program Files\Microsoft Office\Office10\jcMSTORE.EXE
O4 - HKLM\..\Run: [khPDVDServ] C:\Program Files\CyberLink\PowerDVD\khPDVDServ.exe
O4 - HKLM\..\Run: [zjML3XEC16.EXE] C:\Program Files\Common Files\System\Mapi\1028\zjML3XEC16.EXE
O4 - HKLM\..\Run: [wdPROFLWIZ.EXE] C:\Program Files\Microsoft Office\Office10\wdPROFLWIZ.EXE
O4 - HKLM\..\Run: [sksrt2smi] C:\Program Files\GRETECH\GomPlayer\sksrt2smi.exe
O4 - HKLM\..\Run: [edsetup50] C:\Program Files\Outlook Express\edsetup50.exe
O4 - HKLM\..\Run: [iqavgrsx] C:\Program Files\AVG\AVG8\iqavgrsx.exe
O4 - HKLM\..\Run: [Launcher] C:\Program Files\GRETECH\GomPlayer\Launcher.exe
O4 - HKLM\..\Run: [oxML3XEC16.EXE] C:\Program Files\Common Files\System\Mapi\1028\oxML3XEC16.EXE
O4 - HKLM\..\Run: [USeePlayer] C:\Program Files\uusee\USeePlayer.exe
O4 - HKLM\..\Run: [omMSOHELP.EXE] C:\Program Files\Microsoft Office\Office10\1028\omMSOHELP.EXE
O4 - HKLM\..\Run: [vgsrmax] C:\Program Files\AVG\AVG8\vgsrmax.exe
O4 - HKLM\..\Run: [brWMPBurn] C:\Program Files\Ahead\WMPBurn\brWMPBurn.exe
O4 - HKLM\..\Run: [quMCDLC.EXE] C:\Program Files\Microsoft Office\Office10\quMCDLC.EXE
O4 - HKLM\..\Run: [wfavgscanx] C:\Program Files\AVG\AVG8\wfavgscanx.exe
O4 - HKLM\..\Run: [mnOUTLOOK.EXE] C:\Program Files\Microsoft Office\Office10\mnOUTLOOK.EXE
O4 - HKLM\..\Run: [fbavgui] C:\Program Files\AVG\AVG8\fbavgui.exe
O4 - HKLM\..\Run: [jcCDSpeed] C:\Program Files\Ahead\Nero Toolkit\jcCDSpeed.exe
O4 - HKLM\..\Run: [eqOWSADM.EXE] C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\bin\eqOWSADM.EXE
O4 - HKLM\..\Run: [piMSOHELP.EXE] C:\Program Files\Microsoft Office\Office10\1028\piMSOHELP.EXE
O4 - HKLM\..\Run: [VGToolbarInstall] C:\Program Files\AVG\AVG8\VGToolbarInstall.exe
O4 - HKLM\..\Run: [rkMSOHTMED.EXE] C:\Program Files\Microsoft Office\Office10\rkMSOHTMED.EXE
O4 - HKLM\..\Run: [jkSetup] C:\Program Files\C-Media 3D Audio\Driver\Win\jkSetup.exe
O4 - HKLM\..\Run: [ldddtester] C:\Program Files\CyberLink\PowerDVD\ldddtester.exe
O4 - HKLM\..\Run: [ichvideoinstall] C:\Program Files\CyberLink\Shared Files\ichvideoinstall.exe
O4 - HKLM\..\Run: [yuSetup] C:\Program Files\InstallShield Installation Information\{E0AD4033-D89B-11D7-97C2-00055D0CA761}\yuSetup.exe
O4 - HKLM\..\Run: [dydvdrgn] C:\Program Files\CyberLink\PowerDVD\dydvdrgn.exe
O4 - HKLM\..\Run: [nernxproc] C:\Program Files\Common Files\Real\Update_OB\nernxproc.exe
O4 - HKLM\..\Run: [bqBitComet] C:\Program Files\BitComet\bqBitComet.exe
O4 - HKLM\..\Run: [ogMCDLC.EXE] C:\Program Files\Microsoft Office\Office10\ogMCDLC.EXE
O4 - HKLM\..\Run: [auwab] C:\Program Files\Outlook Express\auwab.exe
O4 - HKLM\..\Run: [fwuninst] C:\Program Files\Common Files\uusee\fwuninst.exe
O4 - HKLM\..\Run: [ejavgscanx] C:\Program Files\AVG\AVG8\ejavgscanx.exe
O4 - HKLM\..\Run: [cqiexplore] C:\Program Files\Internet Explorer\cqiexplore.exe
O4 - HKLM\..\Run: [nwavgupd] C:\Documents and Settings\All Users\Application Data\avg8\update\backup\nwavgupd.exe
O4 - HKLM\..\Run: [zqcopymar] C:\Program Files\MSN\MSNCoreFiles\zqcopymar.exe
O4 - HKLM\..\Run: [gaFPCOUNT.EXE] C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\isapi\gaFPCOUNT.EXE
O4 - HKLM\..\Run: [kesetup] C:\Program Files\Common Files\Ahead\Uninstall\kesetup.exe
O4 - HKLM\..\Run: [osGOM] C:\Program Files\GRETECH\GomPlayer\osGOM.exe
O4 - HKLM\..\Run: [ninstall] C:\Program Files\WinRAR\ninstall.exe
O4 - HKLM\..\Run: [ebVTIPRES.EXE] C:\Program Files\Microsoft Office\Office10\ebVTIPRES.EXE
O4 - HKLM\..\Run: [aqFRONTPG.EXE] C:\Program Files\Microsoft Office\Office10\aqFRONTPG.EXE
O4 - HKLM\..\Run: [mfuninst] C:\Program Files\Common Files\uusee\mfuninst.exe
O4 - HKLM\..\Run: [dhVTIDISC.EXE] C:\Program Files\Microsoft Office\Office10\dhVTIDISC.EXE
O4 - HKLM\..\Run: [umVTIDB.EXE] C:\Program Files\Microsoft Office\Office10\umVTIDB.EXE
O4 - HKLM\..\Run: [kxrnxproc] C:\Program Files\Common Files\Real\Update_OB\kxrnxproc.exe
O4 - HKLM\..\Run: [lsched] C:\Program Files\Common Files\Real\Update_OB\lsched.exe
O4 - HKLM\..\Run: [jmLanguage] C:\Program Files\CyberLink\PowerDVD\Language\jmLanguage.exe
O4 - HKLM\..\Run: [zxcltest] C:\Program Files\CyberLink\PowerDVD\zxcltest.exe
O4 - HKLM\..\Run: [fsOFFPRV10.EXE] C:\Program Files\Common Files\Microsoft Shared\MSInfo\fsOFFPRV10.EXE
O4 - HKLM\..\Run: [tkKillGom] C:\Program Files\GRETECH\GomPlayer\tkKillGom.exe
O4 - HKLM\..\Run: [chAdmStp] C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\chAdmStp.exe
O4 - HKLM\..\Run: [nvBitComet] C:\Program Files\BitComet\nvBitComet.exe
O4 - HKLM\..\Run: [uvSetup] C:\Program Files\InstallShield Installation Information\{857A0A2A-3066-45D2-ACFC-5EE226EEA9D0}\uvSetup.exe

作者: lch99 发布时间: 2014-01-21

O4 - HKLM\..\Run: [geSetup] C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\geSetup.exe
O4 - HKLM\..\Run: [myMSOHELP.EXE] C:\Program Files\Microsoft Office\Office10\1028\myMSOHELP.EXE
O4 - HKLM\..\Run: [ogSetup] C:\Program Files\C-Media 3D Audio\Driver\Win\ogSetup.exe
O4 - HKLM\..\Run: [oogleToolbarInstaller] C:\Program Files\Common Files\Real\GToolbar\oogleToolbarInstaller.exe
O4 - HKLM\..\Run: [pvMSTORE.EXE] C:\Program Files\Microsoft Office\Office10\pvMSTORE.EXE
O4 - HKLM\..\Run: [dfGOM] C:\Program Files\GRETECH\GomPlayer\dfGOM.exe
O4 - HKLM\..\Run: [woMSOICONS.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\woMSOICONS.EXE
O4 - HKLM\..\Run: [khnero] C:\Program Files\Ahead\Nero\khnero.exe
O4 - HKLM\..\Run: [veSpeed] C:\Program Files\Ahead\Nero Toolkit\veSpeed.exe
O4 - HKLM\..\Run: [vzavgcfgex] C:\Program Files\AVG\AVG8\vzavgcfgex.exe
O4 - HKLM\..\Run: [gpsetup50] C:\Program Files\Outlook Express\gpsetup50.exe
O4 - HKLM\..\Run: [jfavgscanx] C:\Program Files\AVG\AVG8\jfavgscanx.exe
O4 - HKLM\..\Run: [ichvideouninstall] C:\Program Files\CyberLink\Shared Files\ichvideouninstall.exe
O4 - HKLM\..\Run: [arExtLoader] C:\Program Files\WinRAR\arExtLoader.exe
O4 - HKLM\..\Run: [tmMSO7FTPA.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\tmMSO7FTPA.EXE
O4 - HKLM\..\Run: [wufixfp] C:\Program Files\AVG\AVG8\wufixfp.exe
O4 - HKLM\..\Run: [rxunins000] C:\Program Files\Driver-Soft\DriverGenius\rxunins000.exe
O4 - HKLM\..\Run: [esBitComet] C:\Program Files\BitComet\esBitComet.exe
O4 - HKLM\..\Run: [hzavgdumpx] C:\Program Files\AVG\AVG8\hzavgdumpx.exe
O4 - HKLM\..\Run: [yeuninst] C:\Program Files\BitComet\yeuninst.exe
O4 - HKLM\..\Run: [qaMSO7FTPS.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\qaMSO7FTPS.EXE
O4 - HKLM\..\Run: [nzVTIDB.EXE] C:\Program Files\Microsoft Office\Office10\nzVTIDB.EXE
O4 - HKLM\..\Run: [pgKillGom] C:\Program Files\GRETECH\GomPlayer\pgKillGom.exe
O4 - HKLM\..\Run: [rlsetup] C:\Program Files\InstallShield Installation Information\{C6F74245-2B77-40F4-AADA-D2BAE56CB113}\rlsetup.exe
O4 - HKLM\..\Run: [ciWMPBurn] C:\Program Files\Ahead\WMPBurn\ciWMPBurn.exe
O4 - HKLM\..\Run: [uvavgfrw] C:\Program Files\AVG\AVG8\uvavgfrw.exe
O4 - HKLM\..\Run: [rjCDSpeed] C:\Program Files\Ahead\Nero Toolkit\rjCDSpeed.exe
O4 - HKLM\..\Run: [ideoSnapshot] C:\Program Files\BitComet\tools\ideoSnapshot.exe
O4 - HKLM\..\Run: [cqIMEPADSV.EXE] C:\Program Files\Common Files\Microsoft Shared\IME\Shared\cqIMEPADSV.EXE
O4 - HKLM\..\Run: [UUpgrade] C:\Program Files\Common Files\uusee\UUpgrade.exe
O4 - HKLM\..\Run: [vmsetup] C:\Program Files\Common Files\Ahead\Uninstall\vmsetup.exe
O4 - HKLM\..\Run: [oolbarBroker] C:\Program Files\AVG\AVG8\Toolbar\oolbarBroker.exe
O4 - HKLM\..\Run: [cdiexplore] C:\Program Files\Internet Explorer\cdiexplore.exe
O4 - HKLM\..\Run: [lcMSOHTMED.EXE] C:\Program Files\Microsoft Office\Office10\lcMSOHTMED.EXE
O4 - HKLM\..\Run: [ogTCPTEST.EXE] C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\bin\ogTCPTEST.EXE
O4 - HKLM\..\Run: [hfuninst] C:\Program Files\Common Files\uusee\hfuninst.exe
O4 - HKLM\..\Run: [ifmsimn] C:\Program Files\Outlook Express\ifmsimn.exe
O4 - HKLM\..\Run: [bkbbOSA.EXE] C:\Program Files\Microsoft Office\Office10\bkbbOSA.EXE
O4 - HKLM\..\Run: [rcPROFLWIZ.EXE] C:\Program Files\Microsoft Office\Office10\rcPROFLWIZ.EXE
O4 - HKLM\..\Run: [sinero] C:\Program Files\Ahead\Nero\sinero.exe
O4 - HKLM\..\Run: [uqOUTLOOK.EXE] C:\Program Files\Microsoft Office\Office10\uqOUTLOOK.EXE
O4 - HKLM\..\Run: [1puninst] C:\Program Files\Common Files\Real\Update_OB\1puninst.exe
O4 - HKLM\..\Run: [hjavgwdsvc] C:\Program Files\AVG\AVG8\hjavgwdsvc.exe
O4 - HKLM\..\Run: [fiNRESTORE.EXE] C:\Program Files\Ahead\Nero\fiNRESTORE.EXE
O4 - HKLM\..\Run: [btIMEPADSV.EXE] C:\Program Files\Common Files\Microsoft Shared\IME\Shared\btIMEPADSV.EXE
O4 - HKLM\..\Run: [ravgchk0] C:\Program Files\AVG\AVG8\ravgchk.exe0
O4 - HKLM\..\Run: [xhSoundMan] C:\Program Files\Realtek AC97\xhSoundMan.exe
O4 - HKLM\..\Run: [biPowerDVD] C:\Program Files\CyberLink\PowerDVD\biPowerDVD.exe
O4 - HKLM\..\Run: [idVTIFORM.EXE] C:\Program Files\Microsoft Office\Office10\idVTIFORM.EXE
O4 - HKLM\..\Run: [ayMSO7FTP.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\ayMSO7FTP.EXE
O4 - HKLM\..\Run: [hAdmStp] C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\hAdmStp.exe
O4 - HKLM\..\Run: [riverGenius] C:\Program Files\Driver-Soft\DriverGenius\riverGenius.exe
O4 - HKLM\..\Run: [gnDW.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\gnDW.EXE
O4 - HKLM\..\Run: [cpSCANOST.EXE] C:\Program Files\Common Files\System\Mapi\1028\cpSCANOST.EXE
O4 - HKLM\..\Run: [ifCNFNOT32.EXE] C:\Program Files\Common Files\System\Mapi\1028\ifCNFNOT32.EXE
O4 - HKLM\..\Run: [zpSetup] C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\zpSetup.exe
O4 - HKLM\..\Run: [alinetwiz] C:\Program Files\Internet Explorer\Connection Wizard\alinetwiz.exe
O4 - HKLM\..\Run: [instuusee] C:\Program Files\uusee\instuusee.exe
O4 - HKLM\..\Run: [hvCLDMA] C:\Program Files\CyberLink\PowerProducer\hvCLDMA.exe
O4 - HKLM\..\Run: [ck_cmd] C:\Program Files\Common Files\uusee\ck_cmd.exe
O4 - HKLM\..\Run: [anNRESTORE.EXE] C:\Program Files\Ahead\Nero\anNRESTORE.EXE
O4 - HKLM\..\Run: [ypInfoTool] C:\Program Files\Ahead\Nero Toolkit\ypInfoTool.exe
O4 - HKLM\..\Run: [mtMSACCESS.EXE] C:\Program Files\Microsoft Office\Office10\mtMSACCESS.EXE
O4 - HKLM\..\Run: [vfDWTRIG20.EXE] C:\Program Files\Common Files\Microsoft Shared\DW\vfDWTRIG20.EXE
O4 - HKLM\..\Run: [bpwabmig] C:\Program Files\Outlook Express\bpwabmig.exe
O4 - HKLM\..\Run: [mjwb32] C:\Program Files\NetMeeting\mjwb32.exe
O4 - HKLM\..\Run: [kaCDSpeed] C:\Program Files\Ahead\Nero Toolkit\kaCDSpeed.exe
O4 - HKLM\..\Run: [uvOWSRMADM.EXE] C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\bin\uvOWSRMADM.EXE
O4 - HKLM\..\Run: [azavgwdsvc] C:\Program Files\AVG\AVG8\azavgwdsvc.exe
O4 - HKLM\..\Run: [kqWaveEdit] C:\Program Files\Ahead\Nero Wave Editor\kqWaveEdit.exe
O4 - HKLM\..\Run: [svavgupd] C:\Documents and Settings\All Users\Application Data\avg8\update\backup\svavgupd.exe
O4 - HKLM\..\Run: [wkIDriver] C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\wkIDriver.exe
O4 - HKLM\..\Run: [qrsetup] C:\Program Files\Common Files\Ahead\Uninstall\qrsetup.exe
O4 - HKLM\..\Run: [mnavgtray] C:\Program Files\AVG\AVG8\mnavgtray.exe
O4 - HKLM\..\Run: [dprnxproc] C:\Program Files\Common Files\Real\Update_OB\dprnxproc.exe
O4 - HKLM\..\Run: [coinetwiz] C:\Program Files\Internet Explorer\Connection Wizard\coinetwiz.exe
O4 - HKLM\..\Run: [poSCANOST.EXE] C:\Program Files\Common Files\System\Mapi\1028\poSCANOST.EXE
O4 - HKLM\..\Run: [klbbOSA.EXE] C:\Program Files\Microsoft Office\Office10\klbbOSA.EXE
O4 - HKLM\..\Run: [iwAcroRd32] C:\Program Files\Adobe\Acrobat 4.0\Reader\iwAcroRd32.exe
O4 - HKLM\..\Run: [goalcrmv] C:\Program Files\Realtek AC97\goalcrmv.exe
O4 - HKLM\..\Run: [evavgchk] C:\Program Files\AVG\AVG8\evavgchk.exe
O4 - HKLM\..\Run: [ealsched] C:\Program Files\Common Files\Real\Update_OB\ealsched.exe
O4 - HKLM\..\Run: [fiBackItUp] C:\Program Files\Ahead\Nero BackItUp\fiBackItUp.exe
O4 - HKLM\..\Run: [kfavgfrw] C:\Program Files\AVG\AVG8\kfavgfrw.exe
O4 - HKLM\..\Run: [huMSIMPORT.EXE] C:\Program Files\Microsoft Office\Office10\huMSIMPORT.EXE
O4 - HKLM\..\Run: [jnTvants] C:\Program Files\TVAnts\jnTvants.exe
O4 - HKLM\..\Run: [nnSetup] C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\nnSetup.exe

作者: lch99 发布时间: 2014-01-21

O4 - HKLM\..\Run: [jiPowerDVD] C:\Program Files\CyberLink\PowerDVD\jiPowerDVD.exe
O4 - HKLM\..\Run: [tjavgscanx] C:\Program Files\AVG\AVG8\tjavgscanx.exe
O4 - HKLM\..\Run: [mjOSA.EXE] C:\Program Files\Microsoft Office\Office10\mjOSA.EXE
O4 - HKLM\..\Run: [koBitComet] C:\Program Files\BitComet\koBitComet.exe
O4 - HKLM\..\Run: [SeePlayer] C:\Program Files\uusee\SeePlayer.exe
O4 - HKLM\..\Run: [zxuninst] C:\Program Files\BitComet\zxuninst.exe
O4 - HKLM\..\Run: [nisetup] C:\Program Files\InstallShield Installation Information\{C6F74245-2B77-40F4-AADA-D2BAE56CB113}\nisetup.exe
O4 - HKLM\..\Run: [hvideouninstall] C:\Program Files\CyberLink\Shared Files\hvideouninstall.exe
O4 - HKLM\..\Run: [eeDXEnum] C:\Program Files\Ahead\Nero Wave Editor\eeDXEnum.exe
O4 - HKLM\..\Run: [fcRar] C:\Program Files\WinRAR\fcRar.exe
O4 - HKLM\..\Run: [ryisignup] C:\Program Files\Internet Explorer\Connection Wizard\ryisignup.exe
O4 - HKLM\..\Run: [zvavgemc] C:\Program Files\AVG\AVG8\zvavgemc.exe
O4 - HKLM\..\Run: [riveragent_67] C:\Documents and Settings\frankiechung\Local Settings\Application Data\TouchStoneSoftware\riveragent_67.exe
O4 - HKLM\..\Run: [dhWAVTOASF.EXE] C:\Program Files\Microsoft Office\Office10\dhWAVTOASF.EXE
O4 - HKLM\..\Run: [iveragent_67] C:\Documents and Settings\frankiechung\Local Settings\Application Data\TouchStoneSoftware\iveragent_67.exe
O4 - HKLM\..\Run: [jqMSOHELP.EXE] C:\Program Files\Microsoft Office\Office10\1028\jqMSOHELP.EXE
O4 - HKLM\..\Run: [bvfixfp] C:\Program Files\AVG\AVG8\bvfixfp.exe
O4 - HKLM\..\Run: [kkuninst] C:\Program Files\MpcStar\kkuninst.exe
O4 - HKLM\..\Run: [sfIDriver2] C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\sfIDriver2.exe
O4 - HKLM\..\Run: [onFINDER.EXE] C:\Program Files\Microsoft Office\Office10\onFINDER.EXE
O4 - HKLM\..\Run: [nstall] C:\Program Files\WinRAR\nstall.exe
O4 - HKLM\..\Run: [qjML3XEC16.EXE] C:\Program Files\Common Files\System\Mapi\1028\qjML3XEC16.EXE
O4 - HKLM\..\Run: [rwWINWORD.EXE] C:\Program Files\Microsoft Office\Office10\rwWINWORD.EXE
O4 - HKLM\..\Run: [cfsrt2smi] C:\Program Files\GRETECH\GomPlayer\cfsrt2smi.exe
O4 - HKLM\..\Run: [lqicwconn2] C:\Program Files\Internet Explorer\Connection Wizard\lqicwconn2.exe
O4 - HKLM\..\Run: [zvuninst] C:\Program Files\BitComet\zvuninst.exe
O4 - HKLM\..\Run: [mrNBJ] C:\Program Files\Ahead\Nero BackItUp\mrNBJ.exe
O4 - HKLM\..\Run: [vsFINDER.EXE] C:\Program Files\Microsoft Office\Office10\vsFINDER.EXE
O4 - HKLM\..\Run: [rvMSO7FTP.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\rvMSO7FTP.EXE
O4 - HKLM\..\Run: [thFINDER.EXE] C:\Program Files\Microsoft Office\Office10\thFINDER.EXE
O4 - HKLM\..\Run: [gticwconn1] C:\Program Files\Internet Explorer\Connection Wizard\gticwconn1.exe
O4 - HKLM\..\Run: [pluninst] C:\Program Files\Common Files\uusee\pluninst.exe
O4 - HKLM\..\Run: [eodw] C:\Program Files\MSN\MSNCoreFiles\eodw.exe
O4 - HKLM\..\Run: [obUnRAR] C:\Program Files\WinRAR\obUnRAR.exe
O4 - HKLM\..\Run: [ueMSOHELP.EXE] C:\Program Files\Microsoft Office\Office10\1028\ueMSOHELP.EXE
O4 - HKLM\..\Run: [gsavgui] C:\Program Files\AVG\AVG8\gsavgui.exe
O4 - HKLM\..\Run: [xfSetup] C:\Program Files\InstallShield Installation Information\{B97CF5C3-0487-11D8-A36E-0050BAE317E1}\xfSetup.exe
O4 - HKLM\..\Run: [hbRTLCPL] C:\Program Files\Realtek AC97\hbRTLCPL.exe
O4 - HKLM\..\Run: [puninst] C:\Program Files\Common Files\Real\Update_OB\puninst.exe
O4 - HKLM\..\Run: [rnLanguage] C:\Program Files\CyberLink\PowerDVD\Language\rnLanguage.exe
O4 - HKLM\..\Run: [itSoundMan] C:\Program Files\Realtek AC97\itSoundMan.exe
O4 - HKLM\..\Run: [RStateCheck] C:\Program Files\CyberLink\PowerProducer\OLRSubmission\RStateCheck.exe
O4 - HKLM\..\Run: [cxSmWizard] C:\Program Files\C-Media 3D Audio\Driver\Win\cxSmWizard.exe
O4 - HKLM\..\Run: [keavgrsx] C:\Program Files\AVG\AVG8\keavgrsx.exe
O4 - HKLM\..\Run: [bbdw] C:\Program Files\MSN\MSNCoreFiles\bbdw.exe
O4 - HKLM\..\Run: [teUPNP] C:\Program Files\BitComet\tools\teUPNP.exe
O4 - HKLM\..\Run: [kqSCANOST.EXE] C:\Program Files\Common Files\System\Mapi\1028\kqSCANOST.EXE
O4 - HKLM\..\Run: [wjMSACNV30.EXE] C:\Program Files\Microsoft Office\Office10\wjMSACNV30.EXE
O4 - HKLM\..\Run: [pfMSOHELP.EXE] C:\Program Files\Microsoft Office\Office10\1028\pfMSOHELP.EXE
O4 - HKLM\..\Run: [cninst] C:\Documents and Settings\frankiechung\Application Data\cninst.exe
O4 - HKLM\..\Run: [nqFRONTPG.EXE] C:\Program Files\Microsoft Office\Office10\nqFRONTPG.EXE
O4 - HKLM\..\Run: [lminetwiz] C:\Program Files\Internet Explorer\Connection Wizard\lminetwiz.exe
O4 - HKLM\..\Run: [GToolbarInstall] C:\Program Files\AVG\AVG8\GToolbarInstall.exe
O4 - HKLM\..\Run: [penero] C:\Program Files\Ahead\Nero\penero.exe
O4 - HKLM\..\Run: [eyGOM] C:\Program Files\GRETECH\GomPlayer\eyGOM.exe
O4 - HKLM\..\Run: [uiIMEPADSV.EXE] C:\Program Files\Common Files\Microsoft Shared\IME\Shared\uiIMEPADSV.EXE
O4 - HKLM\..\Run: [rdavgupd] C:\Program Files\AVG\AVG8\rdavgupd.exe
O4 - HKLM\..\Run: [dsLanguage] C:\Program Files\CyberLink\PowerDVD\Language\dsLanguage.exe
O4 - HKLM\..\Run: [suVTIPRES.EXE] C:\Program Files\Microsoft Office\Office10\suVTIPRES.EXE
O4 - HKLM\..\Run: [ioMSOHTMED.EXE] C:\Program Files\Microsoft Office\Office10\ioMSOHTMED.EXE
O4 - HKLM\..\Run: [tbCNFNOT32.EXE] C:\Program Files\Common Files\System\Mapi\1028\tbCNFNOT32.EXE
O4 - HKLM\..\Run: [mlsetup] C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\mlsetup.exe
O4 - HKLM\..\Run: [temInfo] C:\Program Files\Driver-Soft\DriverGenius\temInfo.exe
O4 - HKLM\..\Run: [hoMSTORE.EXE] C:\Program Files\Microsoft Office\Office10\hoMSTORE.EXE
O4 - HKLM\..\Run: [shMSACNV30.EXE] C:\Program Files\Microsoft Office\Office10\shMSACNV30.EXE
O4 - HKLM\..\Run: [nmSmWizard] C:\Program Files\C-Media 3D Audio\Driver\Win\nmSmWizard.exe
O4 - HKLM\..\Run: [vsUNWISE.EXE] C:\Program Files\TVAnts\vsUNWISE.EXE
O4 - HKLM\..\Run: [doOUTLOOK.EXE] C:\Program Files\Microsoft Office\Office10\doOUTLOOK.EXE
O4 - HKLM\..\Run: [gimpcstar] C:\Program Files\MpcStar\gimpcstar.exe
O4 - HKLM\..\Run: [jgavgrsx] C:\Program Files\AVG\AVG8\jgavgrsx.exe
O4 - HKLM\..\Run: [jjNRESTORE.EXE] C:\Program Files\Ahead\Nero\jjNRESTORE.EXE
O4 - HKLM\..\Run: [jdCDSpeed] C:\Program Files\Ahead\Nero Toolkit\jdCDSpeed.exe
O4 - HKLM\..\Run: [heunins000] C:\Program Files\Driver-Soft\DriverGenius\heunins000.exe
O4 - HKLM\..\Run: [xmuninst] C:\Program Files\BitComet\xmuninst.exe
O4 - HKLM\..\Run: [loSCANPST.EXE] C:\Program Files\Common Files\System\Mapi\1028\loSCANPST.EXE
O4 - HKLM\..\Run: [seCLDMA] C:\Program Files\CyberLink\PowerProducer\seCLDMA.exe
O4 - HKLM\..\Run: [muavgdumpx] C:\Program Files\AVG\AVG8\muavgdumpx.exe
O4 - HKLM\..\Run: [pgrade] C:\Program Files\Common Files\uusee\pgrade.exe
O4 - HKLM\..\Run: [viUToolbar] C:\Program Files\MyMaji\MajiToolbar\viUToolbar.exe
O4 - HKLM\..\Run: [bqOFFPRV10.EXE] C:\Program Files\Common Files\Microsoft Shared\MSInfo\bqOFFPRV10.EXE
O4 - HKLM\..\Run: [xzrnxproc] C:\Program Files\Common Files\Real\Update_OB\xzrnxproc.exe
O4 - HKLM\..\Run: [eePlayer] C:\Program Files\uusee\eePlayer.exe
O4 - HKLM\..\Run: [hvideoinstall] C:\Program Files\CyberLink\Shared Files\hvideoinstall.exe
O4 - HKLM\..\Run: [jkavgdumpx] C:\Program Files\AVG\AVG8\jkavgdumpx.exe
O4 - HKLM\..\Run: [mhML3XEC16.EXE] C:\Program Files\Common Files\System\Mapi\1028\mhML3XEC16.EXE
O4 - HKLM\..\Run: [iqdw] C:\Program Files\MSN\MSNCoreFiles\iqdw.exe
O4 - HKLM\..\Run: [awavgcfgex] C:\Program Files\AVG\AVG8\awavgcfgex.exe
O4 - HKLM\..\Run: [cricwrmind] C:\Program Files\Internet Explorer\Connection Wizard\cricwrmind.exe
O4 - HKLM\..\Run: [aaBitComet] C:\Program Files\BitComet\aaBitComet.exe
O4 - HKLM\..\Run: [fpavgnsx] C:\Program Files\AVG\AVG8\fpavgnsx.exe
O4 - HKLM\..\Run: [xwupgrdhlp] C:\Program Files\Common Files\Real\Update_OB\xwupgrdhlp.exe
O4 - HKLM\..\Run: [tjalcrmv] C:\Program Files\Realtek AC97\tjalcrmv.exe
O4 - HKLM\..\Run: [ydSetup] C:\Program Files\InstallShield Installation Information\{E0AD4033-D89B-11D7-97C2-00055D0CA761}\ydSetup.exe

作者: lch99 发布时间: 2014-01-21

O4 - HKLM\..\Run: [hgalcrmv64] C:\Program Files\Realtek AC97\hgalcrmv64.exe
O4 - HKLM\..\Run: [snFRONTPG.EXE] C:\Program Files\Microsoft Office\Office10\snFRONTPG.EXE
O4 - HKLM\..\Run: [cimsmsgsin] C:\Program Files\Messenger\cimsmsgsin.exe
O4 - HKLM\..\Run: [jumsmsgs] C:\Program Files\Messenger\jumsmsgs.exe
O4 - HKLM\..\Run: [sravgupd] C:\Documents and Settings\All Users\Application Data\avg8\update\backup\sravgupd.exe
O4 - HKLM\..\Run: [msdw] C:\Program Files\MSN\MSNCoreFiles\msdw.exe
O4 - HKLM\..\Run: [wkLanguage] C:\Program Files\CyberLink\PowerDVD\Language\wkLanguage.exe
O4 - HKLM\..\Run: [riverTweak] C:\Program Files\Driver-Soft\DriverGenius\riverTweak.exe
O4 - HKLM\..\Run: [tuavgwdsvc] C:\Program Files\AVG\AVG8\tuavgwdsvc.exe
O4 - HKLM\..\Run: [chvideouninstall] C:\Program Files\CyberLink\Shared Files\chvideouninstall.exe
O4 - HKLM\..\Run: [rchAdmStp] C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\rchAdmStp.exe
O4 - HKLM\..\Run: [bnIDriver] C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\bnIDriver.exe
O4 - HKLM\..\Run: [qySoundMan] C:\Program Files\Realtek AC97\qySoundMan.exe
O4 - HKLM\..\Run: [rxmoviemk] C:\Program Files\Movie Maker\rxmoviemk.exe
O4 - HKLM\..\Run: [olbarBroker] C:\Program Files\AVG\AVG8\Toolbar\olbarBroker.exe
O4 - HKLM\..\Run: [lqcb32] C:\Program Files\NetMeeting\lqcb32.exe
O4 - HKLM\..\Run: [mdMSO7FTP.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\mdMSO7FTP.EXE
O4 - HKLM\..\Run: [vgchk0] C:\Program Files\AVG\AVG8\vgchk.exe0
O4 - HKLM\..\Run: [cnisignup] C:\Program Files\Internet Explorer\Connection Wizard\cnisignup.exe
O4 - HKLM\..\Run: [jtCLDMA] C:\Program Files\CyberLink\PowerProducer\jtCLDMA.exe
O4 - HKLM\..\Run: [nubbOSA.EXE] C:\Program Files\Microsoft Office\Office10\nubbOSA.EXE
O4 - HKLM\..\Run: [fuwabmig] C:\Program Files\Outlook Express\fuwabmig.exe
O4 - HKLM\..\Run: [riveSpeed] C:\Program Files\Ahead\Nero Toolkit\riveSpeed.exe
O4 - HKLM\..\Run: [tzsetup] C:\Program Files\InstallShield Installation Information\{C6F74245-2B77-40F4-AADA-D2BAE56CB113}\tzsetup.exe
O4 - HKLM\..\Run: [zlavgupd] C:\Program Files\AVG\AVG8\zlavgupd.exe
O4 - HKLM\..\Run: [utsetup] C:\Program Files\Common Files\Ahead\Uninstall\utsetup.exe
O4 - HKLM\..\Run: [eck_cmd] C:\Program Files\Common Files\uusee\eck_cmd.exe
O4 - HKLM\..\Run: [qcalcrmv] C:\Program Files\Realtek AC97\qcalcrmv.exe
O4 - HKLM\..\Run: [lbnero] C:\Program Files\Ahead\Nero\lbnero.exe
O4 - HKLM\..\Run: [xqinst] C:\Documents and Settings\frankiechung\Application Data\xqinst.exe
O4 - HKLM\..\Run: [euAcroRd32] C:\Program Files\Adobe\Acrobat 4.0\Reader\euAcroRd32.exe
O4 - HKLM\..\Run: [vqOWSRMADM.EXE] C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\bin\vqOWSRMADM.EXE
O4 - HKLM\..\Run: [Submission] C:\Program Files\CyberLink\PowerProducer\OLRSubmission\Submission.exe
O4 - HKLM\..\Run: [rExtLoader] C:\Program Files\WinRAR\rExtLoader.exe
O4 - HKLM\..\Run: [lesrt2smi] C:\Program Files\GRETECH\GomPlayer\lesrt2smi.exe
O4 - HKLM\..\Run: [niFPCOUNT.EXE] C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\isapi\niFPCOUNT.EXE
O4 - HKLM\..\Run: [cfUPNP] C:\Program Files\BitComet\tools\cfUPNP.exe
O4 - HKLM\..\Run: [snAcroRd32] C:\Program Files\Adobe\Acrobat 4.0\Reader\snAcroRd32.exe
O4 - HKLM\..\Run: [duUNWISE.EXE] C:\Program Files\TVAnts\duUNWISE.EXE
O4 - HKLM\..\Run: [etdvdrgn] C:\Program Files\CyberLink\PowerDVD\etdvdrgn.exe
O4 - HKLM\..\Run: [yvMSTORDB.EXE] C:\Program Files\Microsoft Office\Office10\yvMSTORDB.EXE
O4 - HKLM\..\Run: [NetInstaller] C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\NetInstaller.exe
O4 - HKLM\..\Run: [alOneMessageCenter] C:\Program Files\Common Files\Real\Update_OB\alOneMessageCenter.exe
O4 - HKLM\..\Run: [yenero] C:\Program Files\Ahead\Nero\yenero.exe
O4 - HKLM\..\Run: [btunins000] C:\Program Files\Driver-Soft\DriverGenius\btunins000.exe
O4 - HKLM\..\Run: [bziexplore] C:\Program Files\Internet Explorer\bziexplore.exe
O4 - HKLM\..\Run: [swwb32] C:\Program Files\NetMeeting\swwb32.exe
O4 - HKLM\..\Run: [tpisignup] C:\Program Files\Internet Explorer\Connection Wizard\tpisignup.exe
O4 - HKLM\..\Run: [pbqttask] C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\pbqttask.exe
O4 - HKLM\..\Run: [jmavgemc] C:\Program Files\AVG\AVG8\jmavgemc.exe
O4 - HKLM\..\Run: [ecwab] C:\Program Files\Outlook Express\ecwab.exe
O4 - HKLM\..\Run: [bhavgdumpx] C:\Program Files\AVG\AVG8\bhavgdumpx.exe
O4 - HKLM\..\Run: [mainst] C:\Documents and Settings\frankiechung\Application Data\mainst.exe
O4 - HKLM\..\Run: [nrRtParser] C:\Program Files\GRETECH\GomPlayer\nrRtParser.exe
O4 - HKLM\..\Run: [wcDW20.EXE] C:\Program Files\Common Files\Microsoft Shared\DW\wcDW20.EXE
O4 - HKLM\..\Run: [wzicwconn1] C:\Program Files\Internet Explorer\Connection Wizard\wzicwconn1.exe
O4 - HKLM\..\Run: [rcDW20.EXE] C:\Program Files\Common Files\Microsoft Shared\DW\rcDW20.EXE
O4 - HKLM\..\Run: [xfavgfrw] C:\Program Files\AVG\AVG8\xfavgfrw.exe
O4 - HKLM\..\Run: [eyinst] C:\Documents and Settings\frankiechung\Application Data\eyinst.exe
O4 - HKLM\..\Run: [zaCGuard] C:\Program Files\Microsoft\Search Enhancement Pack\Choice Guard\zaCGuard.exe
O4 - HKLM\..\Run: [fwVTIFORM.EXE] C:\Program Files\Microsoft Office\Office10\fwVTIFORM.EXE
O4 - HKLM\..\Run: [jmnero] C:\Program Files\Ahead\Nero\jmnero.exe
O4 - HKLM\..\Run: [eoSnapshot] C:\Program Files\BitComet\tools\eoSnapshot.exe
O4 - HKLM\..\Run: [bdMSTORE.EXE] C:\Program Files\Microsoft Office\Office10\bdMSTORE.EXE
O4 - HKLM\..\Run: [gomsinfo32] C:\Program Files\Common Files\Microsoft Shared\MSInfo\gomsinfo32.exe
O4 - HKLM\..\Run: [iaavgchk] C:\Program Files\AVG\AVG8\iaavgchk.exe
O4 - HKLM\..\Run: [kaMSTORDB.EXE] C:\Program Files\Microsoft Office\Office10\kaMSTORDB.EXE
O4 - HKLM\..\Run: [pyIDriver2] C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\pyIDriver2.exe
O4 - HKLM\..\Run: [fhMSOHTMED.EXE] C:\Program Files\Microsoft Office\Office10\fhMSOHTMED.EXE
O4 - HKLM\..\Run: [poavgupd] C:\Program Files\AVG\AVG8\poavgupd.exe
O4 - HKLM\..\Run: [yeCoverDes] C:\Program Files\Ahead\CoverDesigner\yeCoverDes.exe
O4 - HKLM\..\Run: [cuCNFNOT32.EXE] C:\Program Files\Common Files\System\Mapi\1028\cuCNFNOT32.EXE
O4 - HKLM\..\Run: [mbalcrmv] C:\Program Files\Realtek AC97\mbalcrmv.exe
O4 - HKLM\..\Run: [riCDSpeed] C:\Program Files\Ahead\Nero Toolkit\riCDSpeed.exe
O4 - HKLM\..\Run: [rbavgwdsvc] C:\Program Files\AVG\AVG8\rbavgwdsvc.exe
O4 - HKLM\..\Run: [mmIDriver2] C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\mmIDriver2.exe
O4 - HKLM\..\Run: [oowabmig] C:\Program Files\Outlook Express\oowabmig.exe
O4 - HKLM\..\Run: [ass-plugins] C:\Program Files\uusee\ass-plugins.exe
O4 - HKLM\..\Run: [oqalcrmv64] C:\Program Files\Realtek AC97\oqalcrmv64.exe
O4 - HKLM\..\Run: [laNRESTORE.EXE] C:\Program Files\Ahead\Nero\laNRESTORE.EXE
O4 - HKLM\..\Run: [snBitComet] C:\Program Files\BitComet\snBitComet.exe
O4 - HKLM\..\Run: [klCPLUtl64] C:\Program Files\Realtek AC97\klCPLUtl64.exe
O4 - HKLM\..\Run: [uifixfp] C:\Program Files\AVG\AVG8\uifixfp.exe
O4 - HKLM\..\Run: [xbMSTORDB.EXE] C:\Program Files\Microsoft Office\Office10\xbMSTORDB.EXE
O4 - HKLM\..\Run: [kfSetup] C:\Program Files\C-Media 3D Audio\Driver\Win\kfSetup.exe
O4 - HKLM\..\Run: [iproxy] C:\Program Files\AVG\AVG8\iproxy.exe
O4 - HKLM\..\Run: [duTvants] C:\Program Files\TVAnts\duTvants.exe
O4 - HKLM\..\Run: [LRSubmission] C:\Program Files\CyberLink\PowerProducer\OLRSubmission\LRSubmission.exe
O4 - HKLM\..\Run: [uzSmWizard] C:\Program Files\C-Media 3D Audio\Driver\Win\uzSmWizard.exe
O4 - HKLM\..\Run: [ntGomWiz] C:\Program Files\GRETECH\GomPlayer\ntGomWiz.exe
O4 - HKLM\..\Run: [ejavgnsx] C:\Program Files\AVG\AVG8\ejavgnsx.exe
O4 - HKLM\..\Run: [lzanupdate] C:\Program Files\MSN\MSNCoreFiles\lzanupdate.exe
O4 - HKLM\..\Run: [zdWMPBurn] C:\Program Files\Ahead\WMPBurn\zdWMPBurn.exe
O4 - HKLM\..\Run: [lsrnxproc] C:\Program Files\Common Files\Real\Update_OB\lsrnxproc.exe
O4 - HKLM\..\Run: [fjcopymar] C:\Program Files\MSN\MSNCoreFiles\fjcopymar.exe
O4 - HKLM\..\Run: [whmsn6] C:\Program Files\MSN\MSNCoreFiles\whmsn6.exe
O4 - HKLM\..\Run: [USeeMediaCenter] C:\Program Files\Common Files\uusee\USeeMediaCenter.exe
O4 - HKLM\..\Run: [zmCDSpeed] C:\Program Files\Ahead\Nero Toolkit\zmCDSpeed.exe
O4 - HKLM\..\Run: [onEXCEL.EXE] C:\Program Files\Microsoft Office\Office10\onEXCEL.EXE
O4 - HKLM\..\Run: [ekiedw] C:\Program Files\Internet Explorer\ekiedw.exe
O4 - HKLM\..\Run: [nqCoverDes] C:\Program Files\Ahead\CoverDesigner\nqCoverDes.exe
O4 - HKLM\..\Run: [cmGomWiz] C:\Program Files\GRETECH\GomPlayer\cmGomWiz.exe
O4 - HKLM\..\Run: [rfCNFNOT32.EXE] C:\Program Files\Common Files\System\Mapi\1028\rfCNFNOT32.EXE
O4 - HKLM\..\Run: [jnCMIRMDRV.EXE] C:\Program Files\C-Media 3D Audio\Driver\Win\jnCMIRMDRV.EXE
O4 - HKLM\..\Run: [tuOSA.EXE] C:\Program Files\Microsoft Office\Office10\tuOSA.EXE
O4 - HKLM\..\Run: [czMSACNV30.EXE] C:\Program Files\Microsoft Office\Office10\czMSACNV30.EXE
O4 - HKLM\..\Run: [enSetup] C:\Program Files\InstallShield Installation Information\{B97CF5C3-0487-11D8-A36E-0050BAE317E1}\enSetup.exe

作者: lch99 发布时间: 2014-01-21

O4 - HKLM\..\Run: [olBitComet] C:\Program Files\BitComet\olBitComet.exe
O4 - HKLM\..\Run: [ojCFGWIZ.EXE] C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\bin\ojCFGWIZ.EXE
O4 - HKLM\..\Run: [okavgfrw] C:\Program Files\AVG\AVG8\okavgfrw.exe
O4 - HKLM\..\Run: [vgiproxy] C:\Program Files\AVG\AVG8\vgiproxy.exe
O4 - HKLM\..\Run: [gcNeroCmd] C:\Program Files\Ahead\Nero\gcNeroCmd.exe
O4 - HKLM\..\Run: [myavgchk0] C:\Program Files\AVG\AVG8\myavgchk.exe0
O4 - HKLM\..\Run: [kfSmWizard] C:\Program Files\C-Media 3D Audio\Driver\Win\kfSmWizard.exe
O4 - HKLM\..\Run: [hqupgrdhlp] C:\Program Files\Common Files\Real\Update_OB\hqupgrdhlp.exe
O4 - HKLM\..\Run: [ofdw] C:\Program Files\MSN\MSNCoreFiles\ofdw.exe
O4 - HKLM\..\Run: [jbicwrmind] C:\Program Files\Internet Explorer\Connection Wizard\jbicwrmind.exe
O4 - HKLM\..\Run: [jtuninst] C:\Program Files\Common Files\uusee\jtuninst.exe
O4 - HKLM\..\Run: [chVideo] C:\Program Files\CyberLink\Shared Files\chVideo.exe
O4 - HKLM\..\Run: [fnmoviemk] C:\Program Files\Movie Maker\fnmoviemk.exe
O4 - HKLM\..\Run: [xlcltest] C:\Program Files\CyberLink\PowerDVD\xlcltest.exe
O4 - HKLM\..\Run: [cucb32] C:\Program Files\NetMeeting\cucb32.exe
O4 - HKLM\..\Run: [soMSOHELP.EXE] C:\Program Files\Microsoft Office\Office10\1028\soMSOHELP.EXE
O4 - HKLM\..\Run: [zdUUPlayer] C:\Program Files\Common Files\uusee\zdUUPlayer.exe
O4 - HKLM\..\Run: [dbWMPBurn] C:\Program Files\Ahead\WMPBurn\dbWMPBurn.exe
O4 - HKLM\..\Run: [yaAcroRd32] C:\Program Files\Adobe\Acrobat 4.0\Reader\yaAcroRd32.exe
O4 - HKLM\..\Run: [ooavgchk0] C:\Program Files\AVG\AVG8\ooavgchk.exe0
O4 - HKLM\..\Run: [hnDXEnum] C:\Program Files\Ahead\Nero Wave Editor\hnDXEnum.exe
O4 - HKLM\..\Run: [naDXEnum] C:\Program Files\Ahead\Nero Wave Editor\naDXEnum.exe
O4 - HKLM\..\Run: [ryUUPlayer] C:\Program Files\Common Files\uusee\ryUUPlayer.exe
O4 - HKLM\..\Run: [dhPROFLWIZ.EXE] C:\Program Files\Microsoft Office\Office10\dhPROFLWIZ.EXE
O4 - HKLM\..\Run: [gasetup] C:\Program Files\Common Files\Ahead\Uninstall\gasetup.exe
O4 - HKLM\..\Run: [ehUToolbar] C:\Program Files\MyMaji\MajiToolbar\ehUToolbar.exe
O4 - HKLM\..\Run: [mfPROFLWIZ.EXE] C:\Program Files\Microsoft Office\Office10\mfPROFLWIZ.EXE
O4 - HKLM\..\Run: [llRegister] C:\Program Files\GRETECH\GomPlayer\llRegister.exe
O4 - HKLM\..\Run: [meicwtutor] C:\Program Files\Internet Explorer\Connection Wizard\meicwtutor.exe
O4 - HKLM\..\Run: [qgavgtray] C:\Documents and Settings\All Users\Application Data\avg8\update\backup\qgavgtray.exe
O4 - HKLM\..\Run: [asavgcfgex] C:\Program Files\AVG\AVG8\asavgcfgex.exe
O4 - HKLM\..\Run: [kzupdate] C:\Program Files\MSN\MSNCoreFiles\kzupdate.exe
O4 - HKLM\..\Run: [gpavgtray] C:\Documents and Settings\All Users\Application Data\avg8\update\backup\gpavgtray.exe
O4 - HKLM\..\Run: [hiWaveEdit] C:\Program Files\Ahead\Nero Wave Editor\hiWaveEdit.exe
O4 - HKLM\..\Run: [gvicwconn1] C:\Program Files\Internet Explorer\Connection Wizard\gvicwconn1.exe
O4 - HKLM\..\Run: [dlavgui] C:\Program Files\AVG\AVG8\dlavgui.exe
O4 - HKLM\..\Run: [qwsrt2smi] C:\Program Files\GRETECH\GomPlayer\qwsrt2smi.exe
O4 - HKLM\..\Run: [tcSetup] C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\tcSetup.exe
O4 - HKLM\..\Run: [doMSOHTMED.EXE] C:\Program Files\Microsoft Office\Office10\doMSOHTMED.EXE
O4 - HKLM\..\Run: [suDW.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\suDW.EXE
O4 - HKLM\..\Run: [wnCMIRMDRV.EXE] C:\Program Files\C-Media 3D Audio\Driver\Win\wnCMIRMDRV.EXE
O4 - HKLM\..\Run: [joavgchk0] C:\Program Files\AVG\AVG8\joavgchk.exe0
O4 - HKLM\..\Run: [kouninst] C:\Program Files\Common Files\uusee\kouninst.exe
O4 - HKLM\..\Run: [ktiexplore] C:\Program Files\Internet Explorer\ktiexplore.exe
O4 - HKLM\..\Run: [qhsetup50] C:\Program Files\Outlook Express\qhsetup50.exe
O4 - HKLM\..\Run: [eoCLDMA] C:\Program Files\CyberLink\PowerProducer\eoCLDMA.exe
O4 - HKLM\..\Run: [fjMSACCESS.EXE] C:\Program Files\Microsoft Office\Office10\fjMSACCESS.EXE
O4 - HKLM\..\Run: [avgchk0] C:\Program Files\AVG\AVG8\avgchk.exe0
O4 - HKLM\..\Run: [msavgemc] C:\Program Files\AVG\AVG8\msavgemc.exe
O4 - HKLM\..\Run: [kgFINDER.EXE] C:\Program Files\Microsoft Office\Office10\kgFINDER.EXE
O4 - HKLM\..\Run: [bxavgwdsvc] C:\Program Files\AVG\AVG8\bxavgwdsvc.exe
O4 - HKLM\..\Run: [DriverTweak] C:\Program Files\Driver-Soft\DriverGenius\DriverTweak.exe
O4 - HKLM\..\Run: [zyavgcsrvx] C:\Program Files\AVG\AVG8\zyavgcsrvx.exe
O4 - HKLM\..\Run: [stfixcfg] C:\Program Files\AVG\AVG8\stfixcfg.exe
O4 - HKLM\..\Run: [lyUNNero] C:\Program Files\Ahead\Nero\Uninstall\lyUNNero.exe
O4 - HKLM\..\Run: [bjuninst] C:\Program Files\BitComet\bjuninst.exe
O4 - HKLM\..\Run: [ggddtester] C:\Program Files\CyberLink\PowerDVD\ggddtester.exe
O4 - HKLM\..\Run: [alsched] C:\Program Files\Common Files\Real\Update_OB\alsched.exe
O4 - HKLM\..\Run: [jhmsnunin] C:\Program Files\MSN\MSNCoreFiles\Setup\jhmsnunin.exe
O4 - HKLM\..\Run: [iiDW20.EXE] C:\Program Files\Common Files\Microsoft Shared\DW\iiDW20.EXE
O4 - HKLM\..\Run: [oxsetup] C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\oxsetup.exe
O4 - HKLM\..\Run: [RSubmission] C:\Program Files\CyberLink\PowerProducer\OLRSubmission\RSubmission.exe
O4 - HKLM\..\Run: [urCDSpeed] C:\Program Files\Ahead\Nero Toolkit\urCDSpeed.exe
O4 - HKLM\..\Run: [nsRtParser] C:\Program Files\GRETECH\GomPlayer\nsRtParser.exe
O4 - HKLM\..\Run: [qcDW.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\qcDW.EXE
O4 - HKLM\..\Run: [tisapisvr] C:\Program Files\Common Files\Microsoft Shared\Speech\tisapisvr.exe
O4 - HKLM\..\Run: [rashReport] C:\Program Files\MpcStar\rashReport.exe
O4 - HKLM\..\Run: [vaOFFPRV10.EXE] C:\Program Files\Common Files\Microsoft Shared\MSInfo\vaOFFPRV10.EXE
O4 - HKLM\..\Run: [znMSTORE.EXE] C:\Program Files\Microsoft Office\Office10\znMSTORE.EXE
O4 - HKLM\..\Run: [shReport] C:\Program Files\BitComet\shReport.exe
O4 - HKLM\..\Run: [mjWinRAR] C:\Program Files\WinRAR\mjWinRAR.exe
O4 - HKLM\..\Run: [yyTvants] C:\Program Files\TVAnts\yyTvants.exe
O4 - HKLM\..\Run: [igIMEPADSV.EXE] C:\Program Files\Common Files\Microsoft Shared\IME\Shared\igIMEPADSV.EXE
O4 - HKLM\..\Run: [ydKillGom] C:\Program Files\GRETECH\GomPlayer\ydKillGom.exe
O4 - HKLM\..\Run: [diinst] C:\Documents and Settings\frankiechung\Application Data\diinst.exe
O4 - HKLM\..\Run: [skOWSRMADM.EXE] C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\bin\skOWSRMADM.EXE
O4 - HKLM\..\Run: [miicwtutor] C:\Program Files\Internet Explorer\Connection Wizard\miicwtutor.exe
O4 - HKLM\..\Run: [giCGuard] C:\Program Files\Microsoft\Search Enhancement Pack\Choice Guard\giCGuard.exe
O4 - HKLM\..\Run: [fvinetwiz] C:\Program Files\Internet Explorer\Connection Wizard\fvinetwiz.exe
O4 - HKLM\..\Run: [pdateax] C:\Documents and Settings\frankiechung\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\pdateax.exe
O4 - HKLM\..\Run: [pgalcrmv64] C:\Program Files\Realtek AC97\pgalcrmv64.exe
O4 - HKLM\..\Run: [ydTvants] C:\Program Files\TVAnts\ydTvants.exe
O4 - HKLM\..\Run: [tkWMPBurn] C:\Program Files\Ahead\WMPBurn\tkWMPBurn.exe
O4 - HKLM\..\Run: [bxhwinfo] C:\Program Files\Ahead\Nero Toolkit\bxhwinfo.exe
O4 - HKLM\..\Run: [biSoundMan] C:\Program Files\Realtek AC97\biSoundMan.exe
O4 - HKLM\..\Run: [yibbOSA.EXE] C:\Program Files\Microsoft Office\Office10\yibbOSA.EXE
O4 - HKLM\..\Run: [veVTIDB.EXE] C:\Program Files\Microsoft Office\Office10\veVTIDB.EXE
O4 - HKLM\..\Run: [bnavgcmgr] C:\Program Files\AVG\AVG8\bnavgcmgr.exe
O4 - HKLM\..\Run: [puNBR] C:\Program Files\Ahead\Nero BackItUp\puNBR.exe
O4 - HKLM\..\Run: [ltIDriver] C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\ltIDriver.exe
O4 - HKLM\..\Run: [fufixfp] C:\Program Files\AVG\AVG8\fufixfp.exe
O4 - HKLM\..\Run: [rlmsn6] C:\Program Files\MSN\MSNCoreFiles\rlmsn6.exe
O4 - HKLM\..\Run: [ctiedw] C:\Program Files\Internet Explorer\ctiedw.exe
O4 - HKLM\..\Run: [liavgupd] C:\Documents and Settings\All Users\Application Data\avg8\update\backup\liavgupd.exe
O4 - HKLM\..\Run: [cwSetup] C:\Program Files\InstallShield Installation Information\{B97CF5C3-0487-11D8-A36E-0050BAE317E1}\cwSetup.exe

作者: lch99 发布时间: 2014-01-21

O4 - HKLM\..\Run: [tjWAVTOASF.EXE] C:\Program Files\Microsoft Office\Office10\tjWAVTOASF.EXE
O4 - HKLM\..\Run: [ytmsnunin] C:\Program Files\MSN\MSNCoreFiles\Setup\ytmsnunin.exe
O4 - HKLM\..\Run: [kqGOM] C:\Program Files\GRETECH\GomPlayer\kqGOM.exe
O4 - HKLM\..\Run: [mamoviemk] C:\Program Files\Movie Maker\mamoviemk.exe
O4 - HKLM\..\Run: [mfavgtray] C:\Documents and Settings\All Users\Application Data\avg8\update\backup\mfavgtray.exe
O4 - HKLM\..\Run: [ttVTIDB.EXE] C:\Program Files\Microsoft Office\Office10\ttVTIDB.EXE
O4 - HKLM\..\Run: [snGRAPH.EXE] C:\Program Files\Microsoft Office\Office10\snGRAPH.EXE
O4 - HKLM\..\Run: [whCLDrvChk] C:\Program Files\CyberLink\PowerProducer\whCLDrvChk.exe
O4 - HKLM\..\Run: [simencoder] C:\Program Files\MpcStar\Codecs\Real\simencoder.exe
O4 - HKLM\..\Run: [pjMSOHELP.EXE] C:\Program Files\Microsoft Office\Office10\1028\pjMSOHELP.EXE
O4 - HKLM\..\Run: [qnSetup] C:\Program Files\InstallShield Installation Information\{E0AD4033-D89B-11D7-97C2-00055D0CA761}\qnSetup.exe
O4 - HKLM\..\Run: [LRStateCheck] C:\Program Files\CyberLink\PowerProducer\OLRSubmission\LRStateCheck.exe
O4 - HKLM\..\Run: [lnoemig50] C:\Program Files\Outlook Express\lnoemig50.exe
O4 - HKLM\..\Run: [cjUUPlayer] C:\Program Files\Common Files\uusee\cjUUPlayer.exe
O4 - HKLM\..\Run: [heKillGom] C:\Program Files\GRETECH\GomPlayer\heKillGom.exe
O4 - HKLM\..\Run: [ecmsimn] C:\Program Files\Outlook Express\ecmsimn.exe
O4 - HKLM\..\Run: [iwMSOICONS.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\iwMSOICONS.EXE
O4 - HKLM\..\Run: [szicwconn2] C:\Program Files\Internet Explorer\Connection Wizard\szicwconn2.exe
O4 - HKLM\..\Run: [ocOSA.EXE] C:\Program Files\Microsoft Office\Office10\ocOSA.EXE
O4 - HKLM\..\Run: [ebinst] C:\Documents and Settings\frankiechung\Application Data\ebinst.exe
O4 - HKLM\..\Run: [keMSACNV30.EXE] C:\Program Files\Microsoft Office\Office10\keMSACNV30.EXE
O4 - HKLM\..\Run: [nlsetup] C:\Program Files\InstallShield Installation Information\{C6F74245-2B77-40F4-AADA-D2BAE56CB113}\nlsetup.exe
O4 - HKLM\..\Run: [kuDW20.EXE] C:\Program Files\Common Files\Microsoft Shared\DW\kuDW20.EXE
O4 - HKLM\..\Run: [wjIDriver2] C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\wjIDriver2.exe
O4 - HKLM\..\Run: [nkMSACNV30.EXE] C:\Program Files\Microsoft Office\Office10\nkMSACNV30.EXE
O4 - HKLM\..\Run: [sgSetup] C:\Program Files\InstallShield Installation Information\{B97CF5C3-0487-11D8-A36E-0050BAE317E1}\sgSetup.exe
O4 - HKLM\..\Run: [roTvants] C:\Program Files\TVAnts\roTvants.exe
O4 - HKLM\..\Run: [xjSoundMan] C:\Program Files\Realtek AC97\xjSoundMan.exe
O4 - HKLM\..\Run: [dyMCDLC.EXE] C:\Program Files\Microsoft Office\Office10\dyMCDLC.EXE
O4 - HKLM\..\Run: [nahwinfo] C:\Program Files\Ahead\Nero Toolkit\nahwinfo.exe
O4 - HKLM\..\Run: [jldvdrgn] C:\Program Files\CyberLink\PowerDVD\jldvdrgn.exe
O4 - HKLM\..\Run: [htavgrsx] C:\Program Files\AVG\AVG8\htavgrsx.exe
O4 - HKLM\..\Run: [dqsetup] C:\Program Files\InstallShield Installation Information\{C6F74245-2B77-40F4-AADA-D2BAE56CB113}\dqsetup.exe
O4 - HKLM\..\Run: [bouninst] C:\Program Files\BitComet\bouninst.exe
O4 - HKLM\..\Run: [ntCGuard] C:\Program Files\Microsoft\Search Enhancement Pack\Choice Guard\ntCGuard.exe
O4 - HKLM\..\Run: [hcCoverDes] C:\Program Files\Ahead\CoverDesigner\hcCoverDes.exe
O4 - HKLM\..\Run: [zwCMIRMDRV.EXE] C:\Program Files\C-Media 3D Audio\Driver\Win\zwCMIRMDRV.EXE
O4 - HKLM\..\Run: [fyDXEnum] C:\Program Files\Ahead\Nero Wave Editor\fyDXEnum.exe
O4 - HKLM\..\Run: [ffavgrsx] C:\Program Files\AVG\AVG8\ffavgrsx.exe
O4 - HKLM\..\Run: [ToolbarInstall] C:\Program Files\AVG\AVG8\ToolbarInstall.exe
O4 - HKLM\..\Run: [vtEXCEL.EXE] C:\Program Files\Microsoft Office\Office10\vtEXCEL.EXE
O4 - HKLM\..\Run: [xoOFFPRV10.EXE] C:\Program Files\Common Files\Microsoft Shared\MSInfo\xoOFFPRV10.EXE
O4 - HKLM\..\Run: [eeMediaCenter] C:\Program Files\Common Files\uusee\eeMediaCenter.exe
O4 - HKLM\..\Run: [oecopymar] C:\Program Files\MSN\MSNCoreFiles\oecopymar.exe
O4 - HKLM\..\Run: [dlOSA.EXE] C:\Program Files\Microsoft Office\Office10\dlOSA.EXE
O4 - HKLM\..\Run: [bvicwrmind] C:\Program Files\Internet Explorer\Connection Wizard\bvicwrmind.exe
O4 - HKLM\..\Run: [vhwb32] C:\Program Files\NetMeeting\vhwb32.exe
O4 - HKLM\..\Run: [qiicwtutor] C:\Program Files\Internet Explorer\Connection Wizard\qiicwtutor.exe
O4 - HKLM\..\Run: [jkGRAPH.EXE] C:\Program Files\Microsoft Office\Office10\jkGRAPH.EXE
O4 - HKLM\..\Run: [mwUPNP] C:\Program Files\BitComet\tools\mwUPNP.exe
O4 - HKLM\..\Run: [wiSetup] C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\wiSetup.exe
O4 - HKLM\..\Run: [ompilation] C:\Program Files\Ahead\NeroMediaPlayer\Services\ompilation.exe
O4 - HKLM\..\Run: [wciedw] C:\Program Files\Internet Explorer\wciedw.exe
O4 - HKLM\..\Run: [ExtLoader] C:\Program Files\WinRAR\ExtLoader.exe
O4 - HKLM\..\Run: [myavgchk] C:\Program Files\AVG\AVG8\myavgchk.exe
O4 - HKLM\..\Run: [lbGRAPH.EXE] C:\Program Files\Microsoft Office\Office10\lbGRAPH.EXE
O4 - HKLM\..\Run: [mnSetup] C:\Program Files\InstallShield Installation Information\{E0AD4033-D89B-11D7-97C2-00055D0CA761}\mnSetup.exe

作者: lch99 发布时间: 2014-01-21

O4 - HKLM\..\Run: [wqalcrmv64] C:\Program Files\Realtek AC97\wqalcrmv64.exe
O4 - HKLM\..\Run: [rxavgcfgex] C:\Program Files\AVG\AVG8\rxavgcfgex.exe
O4 - HKLM\..\Run: [uhUUPlayer] C:\Program Files\Common Files\uusee\uhUUPlayer.exe
O4 - HKLM\..\Run: [xcupdate] C:\Program Files\MSN\MSNCoreFiles\xcupdate.exe
O4 - HKLM\..\Run: [nxisignup] C:\Program Files\Internet Explorer\Connection Wizard\nxisignup.exe
O4 - HKLM\..\Run: [feCLDMA] C:\Program Files\CyberLink\PowerProducer\feCLDMA.exe
O4 - HKLM\..\Run: [brWAVTOASF.EXE] C:\Program Files\Microsoft Office\Office10\brWAVTOASF.EXE
O4 - HKLM\..\Run: [sxInfoTool] C:\Program Files\Ahead\Nero Toolkit\sxInfoTool.exe
O4 - HKLM\..\Run: [bdProducer] C:\Program Files\CyberLink\PowerProducer\bdProducer.exe
O4 - HKLM\..\Run: [zcalcrmv64] C:\Program Files\Realtek AC97\zcalcrmv64.exe
O4 - HKLM\..\Run: [lsetup-cvr] C:\Documents and Settings\frankiechung\Local Settings\Temp\lsetup-cvr.exe
O4 - HKLM\..\Run: [rqSmWizard] C:\Program Files\C-Media 3D Audio\Driver\Win\rqSmWizard.exe
O4 - HKLM\..\Run: [hkML3XEC16.EXE] C:\Program Files\Common Files\System\Mapi\1028\hkML3XEC16.EXE
O4 - HKLM\..\Run: [joFRONTPG.EXE] C:\Program Files\Microsoft Office\Office10\joFRONTPG.EXE
O4 - HKLM\..\Run: [rzGOM] C:\Program Files\GRETECH\GomPlayer\rzGOM.exe
O4 - HKLM\..\Run: [tlMSO7FTPS.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\tlMSO7FTPS.EXE
O4 - HKLM\..\Run: [yfavgchk0] C:\Program Files\AVG\AVG8\yfavgchk.exe0
O4 - HKLM\..\Run: [aravgcmgr] C:\Program Files\AVG\AVG8\aravgcmgr.exe
O4 - HKLM\..\Run: [dlCFGWIZ.EXE] C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\bin\dlCFGWIZ.EXE
O4 - HKLM\..\Run: [aoCNFNOT32.EXE] C:\Program Files\Common Files\System\Mapi\1028\aoCNFNOT32.EXE
O4 - HKLM\..\Run: [mcavgtray] C:\Documents and Settings\All Users\Application Data\avg8\update\backup\mcavgtray.exe
O4 - HKLM\..\Run: [rdVTIDB.EXE] C:\Program Files\Microsoft Office\Office10\rdVTIDB.EXE
O4 - HKLM\..\Run: [hkavgtray] C:\Documents and Settings\All Users\Application Data\avg8\update\backup\hkavgtray.exe
O4 - HKLM\..\Run: [jwOFFPRV10.EXE] C:\Program Files\Common Files\Microsoft Shared\MSInfo\jwOFFPRV10.EXE
O4 - HKLM\..\Run: [aiCLDrvChk] C:\Program Files\CyberLink\PowerProducer\aiCLDrvChk.exe
O4 - HKLM\..\Run: [zpmsimn] C:\Program Files\Outlook Express\zpmsimn.exe
O4 - HKLM\..\Run: [ygavgchk] C:\Program Files\AVG\AVG8\ygavgchk.exe
O4 - HKLM\..\Run: [jzIMEPADSV.EXE] C:\Program Files\Common Files\Microsoft Shared\IME\Shared\jzIMEPADSV.EXE
O4 - HKLM\..\Run: [abGRAPH.EXE] C:\Program Files\Microsoft Office\Office10\abGRAPH.EXE
O4 - HKLM\..\Run: [vaMSIMPORT.EXE] C:\Program Files\Microsoft Office\Office10\vaMSIMPORT.EXE
O4 - HKLM\..\Run: [kvconf] C:\Program Files\NetMeeting\kvconf.exe
O4 - HKLM\..\Run: [ichVideo] C:\Program Files\CyberLink\Shared Files\ichVideo.exe
O4 - HKLM\..\Run: [sqMSACCESS.EXE] C:\Program Files\Microsoft Office\Office10\sqMSACCESS.EXE
O4 - HKLM\..\Run: [jnsapisvr] C:\Program Files\Common Files\Microsoft Shared\Speech\jnsapisvr.exe
O4 - HKLM\..\Run: [gtCLDMA] C:\Program Files\CyberLink\PowerDVD\gtCLDMA.exe
O4 - HKLM\..\Run: [weMSTORE.EXE] C:\Program Files\Microsoft Office\Office10\weMSTORE.EXE
O4 - HKLM\..\Run: [fwwb32] C:\Program Files\NetMeeting\fwwb32.exe
O4 - HKLM\..\Run: [xbavgsrmax] C:\Program Files\AVG\AVG8\xbavgsrmax.exe
O4 - HKLM\..\Run: [pbMCDLC.EXE] C:\Program Files\Microsoft Office\Office10\pbMCDLC.EXE
O4 - HKLM\..\Run: [xrVTIDISC.EXE] C:\Program Files\Microsoft Office\Office10\xrVTIDISC.EXE
O4 - HKLM\..\Run: [fxmsinfo32] C:\Program Files\Common Files\Microsoft Shared\MSInfo\fxmsinfo32.exe
O4 - HKLM\..\Run: [lhavgchk0] C:\Program Files\AVG\AVG8\lhavgchk.exe0
O4 - HKLM\..\Run: [tminst] C:\Documents and Settings\frankiechung\Application Data\tminst.exe
O4 - HKLM\..\Run: [htMSTORDB.EXE] C:\Program Files\Microsoft Office\Office10\htMSTORDB.EXE
O4 - HKLM\..\Run: [doavgscanx] C:\Program Files\AVG\AVG8\doavgscanx.exe
O4 - HKLM\..\Run: [idVTIPRES.EXE] C:\Program Files\Microsoft Office\Office10\idVTIPRES.EXE
O4 - HKLM\..\Run: [swavgwdsvc] C:\Program Files\AVG\AVG8\swavgwdsvc.exe
O4 - HKLM\..\Run: [clalcrmv64] C:\Program Files\Realtek AC97\clalcrmv64.exe
O4 - HKLM\..\Run: [nvDW.EXE] C:\Program Files\Common Files\Microsoft Shared\Office10\nvDW.EXE
O4 - HKLM\..\Run: [qeWINWORD.EXE] C:\Program Files\Microsoft Office\Office10\qeWINWORD.EXE
O4 - HKLM\..\Run: [vDriverTweak] C:\Program Files\Driver-Soft\DriverGenius\vDriverTweak.exe
O4 - HKLM\..\Run: [qmavgupd] C:\Program Files\AVG\AVG8\qmavgupd.exe
O4 - HKLM\..\Run: [ekUToolbar] C:\Program Files\MyMaji\MajiToolbar\ekUToolbar.exe
O4 - HKLM\..\Run: [emSetup] C:\Program Files\InstallShield Installation Information\{E0AD4033-D89B-11D7-97C2-00055D0CA761}\emSetup.exe
O4 - HKLM\..\Run: [dbCPLUtl64] C:\Program Files\Realtek AC97\dbCPLUtl64.exe
O4 - HKLM\..\Run: [dhunins000] C:\Program Files\Driver-Soft\DriverGenius\dhunins000.exe
O4 - HKLM\..\Run: [mzsetup] C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\mzsetup.exe
O4 - HKLM\..\Run: [tzPOWERPNT.EXE] C:\Program Files\Microsoft Office\Office10\tzPOWERPNT.EXE
O4 - HKLM\..\Run: [deoSnapshot] C:\Program Files\BitComet\tools\deoSnapshot.exe
O4 - HKLM\..\Run: [rpInfoTool] C:\Program Files\Ahead\Nero Toolkit\rpInfoTool.exe
O4 - HKLM\..\Run: [fpSetup] C:\Program Files\InstallShield Installation Information\{E0AD4033-D89B-11D7-97C2-00055D0CA761}\fpSetup.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [XPRepairPro2007] C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [iPhone PC Suite] C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe
O4 - HKCU\..\Run: [Gbridge] "C:\Program Files\Gbridge LLC\Gbridge\pstartw.exe" "C:\Program Files\Gbridge LLC\Gbridge\Gbridge.exe" -autostart

作者: lch99 发布时间: 2014-01-21

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\frankiechung\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [aliim] C:\Program Files\AliWangWang\aliim.exe /run:auto
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0913b] C:\Documents and Settings\frankiechung\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 8662f508ae536c845c08103b2afc5d55-06ce4fc639803a2e3563922518183d8e94088cb9 --CMPID 0913b
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &使用BitComet下载 - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &使用BitComet下载全部连结 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Foxy 下载 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜寻 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 汇出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 添加为阿里旺旺表情 - C:\Program Files\AliWangWang\7.21.02C\AddNewEmotion.htm
O8 - Extra context menu item: 转换到现有 PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换为 Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换连结目标到现有 PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换连结目标为 Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换选定的连结到现有 PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 转换选定的连结为 Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 转换选择内容到现有 PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换选择内容为 Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: 发布至部落格 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: 使用 Windows Live Writer 发布至部落格(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.pps.tv
O15 - Trusted Zone: http://*.ppstream.com
O15 - Trusted Zone: http://*.webscache.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O15 - ESC Trusted Zone: http://*.pps.tv
O15 - ESC Trusted Zone: http://*.ppstream.com
O15 - ESC Trusted Zone: http://*.webscache.com
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ ... rces/fslauncher.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} (DataStore Class) - http://txn01.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.co ... s/flash/swflash.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - http://www.spvod.com/soft/vjocx-ch-spvod.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://apacremoteaccess.aon.com ... iperSetupClient.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Alipay security service (AlipaySecSvc) - Alipay Inc. - C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bonjour 服务 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google 更新服务 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google 更新服务 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod 服务 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 91787 bytes

作者: lch99 发布时间: 2014-01-21

仲有冇广告出现?
如果有可唔可以截图上来睇睇

作者: GoodestEngilsh 发布时间: 2014-01-21

中左毒,请高手赐教

热门阅读

热门下载