弹出桌面问题 (附HIJACKTHIS LOG)
时间:2013-10-09
来源:互联网
我有个朋友部电脑唔知发生咩事,假设玩FULL SCREEN 游戏,隔10-20秒就会自己弹返出桌面,但只GAME系继续RUN冇熄到
入返只GAME之后隔一阵又会弹返出去。
又或者开左个网页,上面条蓝色BAR隔10-20秒就会变左做浅蓝色,要用MOUSE CLICK 返佢先变返深蓝,但系隔多阵又系咁
无论开任何野都有呢个情况..我想知佢系咪中左毒..有冇得搞??附上HIJACKTHIS LOG,咁多位高人可唔可以帮小弟睇睇,万分感激



http://www.sendspace.com/file/csr0vl
Logfile of Trend Micro HijackThis v2.0.4Scan saved at 21:43:54, on 2013-9-4Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: Normal
Running processes
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\暴风影音\PhoneAssistant\BFAssistantSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDCertM_CCB.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\881903\IETOOLBAR\hkmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TP-LINK\TP-LINK无线客户端应用程序\TWCU.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\QQ\QQProtect\Bin\QQProtect.exe
D:\Program Files\QQ\bin\QQ.exe
D:\Program Files\QQ\bin\TXPlatform.exe
D:\Program Files\QQ\bin\QQExternal.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\桌面\HijackThis.exe
[ 本帖最后由 rickykit 於 2013-9-7 06:51 PM 编辑 ]
入返只GAME之后隔一阵又会弹返出去。
又或者开左个网页,上面条蓝色BAR隔10-20秒就会变左做浅蓝色,要用MOUSE CLICK 返佢先变返深蓝,但系隔多阵又系咁
无论开任何野都有呢个情况..我想知佢系咪中左毒..有冇得搞??附上HIJACKTHIS LOG,咁多位高人可唔可以帮小弟睇睇,万分感激




http://www.sendspace.com/file/csr0vl
Logfile of Trend Micro HijackThis v2.0.4Scan saved at 21:43:54, on 2013-9-4Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: Normal
Running processes
:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\暴风影音\PhoneAssistant\BFAssistantSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDCertM_CCB.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\881903\IETOOLBAR\hkmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TP-LINK\TP-LINK无线客户端应用程序\TWCU.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\QQ\QQProtect\Bin\QQProtect.exe
D:\Program Files\QQ\bin\QQ.exe
D:\Program Files\QQ\bin\TXPlatform.exe
D:\Program Files\QQ\bin\QQExternal.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\桌面\HijackThis.exe
[ 本帖最后由 rickykit 於 2013-9-7 06:51 PM 编辑 ]
作者: rickykit 发布时间: 2013-10-09
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dllO2 - BHO: ShowHKToolbar Class - {06433BFE-4946-4E89-823D-CD359C81CD06} - C:\Program Files\881903\IETOOLBAR\hktbar.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: PIPI Link Helper - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\WINDOWS\system32\JfCheck.dllO2 - BHO: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dllO2 - BHO: Windows Live 登入小帮手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dllO3 - Toolbar: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exeO4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exeO4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [wdcertm_ccb] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDCertM_CCB.exeO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -schedulerO4 - HKLM\..\Run: [HKToolbarManager] "C:\Program Files\881903\IETOOLBAR\hkmgr.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [HKToolbarManager] C:\Program Files\881903\IETOOLBAR\hkmgr.exeO4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [PPS Accelerator] D:\Program Files\PPSKernel.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')O4 - S-1-5-19 Startup: PPS.lnk = D:\Program Files\PPStream.exe (User 'LOCAL SERVICE')O4 - S-1-5-18 Startup: PPS.lnk = D:\Program Files\PPStream.exe (User 'SYSTEM')O4 - .DEFAULT Startup: PPS.lnk = D:\Program Files\PPStream.exe (User 'Default user')O4 - .DEFAULT User Startup: PPS.lnk = D:\Program Files\PPStream.exe (User 'Default user')O4 - Startup: ADSL.lnk = ?O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exeO4 - Global Startup: TP-LINK无线客户端应用程序.lnk = ?O8 - Extra context menu item: Foxy 下载 - res://D:\Program Files\Foxy\Foxy.exe/download.htmO8 - Extra context menu item: Foxy 搜索 - res://D:\Program Files\Foxy\Foxy.exe/search.htmO8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder\Program\geturl.htmO8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder\Program\getallurl.htmO8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: 添加为阿里旺旺表情 - C:\Program Files\AliWangWang\7.20.23C\AddNewEmotion.htmO9 - Extra button: 浩方电竞平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - F:\Holdfast\platform 5.9.2\gameclient.exeO9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - ESC Trusted Zone: http://*.update.microsoft.comO16 - DPF: {05F5F404-7C24-4B39-B5CC-340CEDEB9C0D} (PhotoDrawEx Class) - http://ctc.qzs.qq.com/qzone/client/photo/pages/QQPhotoDrawEx.cabO16 - DPF: {5157896D-FCA4-40C8-BFCF-34CD3BAEE25A} (AxGdbEdit Class) - https://ebanks.cgbchina.com.cn/perbank/cab/CgbEditx86.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - O16 - DPF: {E1BF5B1E-F590-4ED3-AFDC-CAC88FA91BF2} (AntiVirus Control) - http://60.190.219.108:8080/AntiVirus/AntiVirus.cabO16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/ ... ontrol/MSNPUpld.cabO18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KuGou\KUGOU2~1\KUGOO3~1.OCXO18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KuGou\KUGOU2~1\KUGOO3~1.OCXO22 - SharedTaskScheduler: Browseui 预加载程序 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: 组件类别缓存程序 - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Alipay security service (AlipaySecSvc) - Alipay Inc. - C:\Program Files\alipay\alieditplus\AlipaySecSvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: BFAssistantSvc - 北京暴风科技股份有限公司 - E:\暴风影音\PhoneAssistant\BFAssistantSvc.exeO23 - Service: Bonjour 督昢 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: Google 更新服务 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google 更新服务 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod 督昢 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: WatchData ccb V3.2 (WDMonitorCCB) - Beijing WatchData System Co., Ltd. - C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe--End of file - 9720 bytes
[ 本帖最后由 rickykit 於 2013-9-4 10:02 PM 编辑 ]
O23 - Service: WatchData ccb V3.2 (WDMonitorCCB) - Beijing WatchData System Co., Ltd. - C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe--End of file - 9720 bytes
[ 本帖最后由 rickykit 於 2013-9-4 10:02 PM 编辑 ]
作者: rickykit 发布时间: 2013-10-09
删除:
[ 本帖最后由 GoodestEngilsh 於 2013-9-11 03:22 PM 编辑 ]
引用:C:\Program Files\881903\IETOOLBAR\hkmgr.exe
O2 - BHO: ShowHKToolbar Class - {06433BFE-4946-4E89-823D-CD359C81CD06} - C:\Program Files\881903\IETOOLBAR\hktbar.dll
O4 - HKLM\..\Run: [HKToolbarManager] "C:\Program Files\881903\IETOOLBAR\hkmgr.exe"
再用malwarebytes执行快速扫描并将log贴在这里O2 - BHO: ShowHKToolbar Class - {06433BFE-4946-4E89-823D-CD359C81CD06} - C:\Program Files\881903\IETOOLBAR\hktbar.dll
O4 - HKLM\..\Run: [HKToolbarManager] "C:\Program Files\881903\IETOOLBAR\hkmgr.exe"
[ 本帖最后由 GoodestEngilsh 於 2013-9-11 03:22 PM 编辑 ]
作者: GoodestEngilsh 发布时间: 2013-10-09
相关阅读 更多
热门阅读
-
office 2019专业增强版最新2021版激活秘钥/序列号/激活码推荐 附激活工具
阅读:74
-
如何安装mysql8.0
阅读:31
-
Word快速设置标题样式步骤详解
阅读:28
-
20+道必知必会的Vue面试题(附答案解析)
阅读:37
-
HTML如何制作表单
阅读:22
-
百词斩可以改天数吗?当然可以,4个步骤轻松修改天数!
阅读:31
-
ET文件格式和XLS格式文件之间如何转化?
阅读:24
-
react和vue的区别及优缺点是什么
阅读:121
-
支付宝人脸识别如何关闭?
阅读:21
-
腾讯微云怎么修改照片或视频备份路径?
阅读:28