电脑成日自己装野
时间:2014-03-06
来源:互联网
电脑成日自己装野
del完又自己冇耐又再装番
thx
del完又自己冇耐又再装番
thx
作者: 773 发布时间: 2014-03-06
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 0:28:19, on 19/1/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
FIREFOX: 26.0 (zh-TW)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\DWeather\dwthsvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Ku6_Booster\Ku6_Booster.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\SddSUpdate\SddSUpdate.exe
C:\Program Files\呏湮厍厘\呏湮狟婥\liveupdsrv.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\GridService\peer.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Documents and Settings\iStar\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\AthServer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PPStream\PPSProtect.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\All Users\Application Data\AAShell\NetCheck.exe
C:\DOCUME~1\iStar\LOCALS~1\Temp\c_fm_cqt_1.exe
C:\DOCUME~1\iStar\LOCALS~1\Temp\c_gcld_cqt_1.exe
C:\Documents and Settings\iStar\桌面\HijackThis.exe
Scan saved at 0:28:19, on 19/1/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
FIREFOX: 26.0 (zh-TW)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\DWeather\dwthsvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Ku6_Booster\Ku6_Booster.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\SddSUpdate\SddSUpdate.exe
C:\Program Files\呏湮厍厘\呏湮狟婥\liveupdsrv.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\GridService\peer.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Documents and Settings\iStar\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\AthServer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PPStream\PPSProtect.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\All Users\Application Data\AAShell\NetCheck.exe
C:\DOCUME~1\iStar\LOCALS~1\Temp\c_fm_cqt_1.exe
C:\DOCUME~1\iStar\LOCALS~1\Temp\c_gcld_cqt_1.exe
C:\Documents and Settings\iStar\桌面\HijackThis.exe
作者: 773 发布时间: 2014-03-06
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: ST-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (file missing)
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O1 - Hosts: 94.102.51.71 sc.userporn.com
O1 - Hosts: 94.102.51.71 www.userporn.com
O2 - BHO: VideoUrlSniffer - {00000ADA-7E0D-47C1-986C-F017D09C4304} - C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Addins\VideoUrlSniffer.2.2.0.138.(600).dll
O2 - BHO: ShowHKToolbar Class - {06433BFE-4946-4E89-823D-CD359C81CD06} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (file missing)
O2 - BHO: IE2EMBHO Class - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - C:\Documents and Settings\iStar\My Documents\Downloads\easyMule\easyMule\modules\IE2EM.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\iStar\桌面\新资料夹\PRO\BitComet_0.82\tools\BitCometBHO.dll (file missing)
O2 - BHO: ST-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (file missing)
O2 - BHO: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.9.16.4670.dll
O2 - BHO: Windows Live 登入小帮手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Xunlei BHO Platform - {DE05CF4A-7B0A-4775-B5E5-396244938679} - C:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: PPStream Video Acc Helper - {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} - C:\Program Files\PPStream\plugins\IEHelper.dll
O3 - Toolbar: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (file missing)
O3 - Toolbar: ST-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (file missing)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Grid Service] "C:\Program Files\GridService\peer.exe" -n Grid
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\9.0"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcld] C:\Program Files\602game\gcld\gcld.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSKernel.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\iStar\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKUS\S-1-5-19\..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSKernel.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSKernel.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &使用BitComet下载本页视频 - res://C:\Documents and Settings\iStar\桌面\新资料夹\PRO\BitComet_0.82\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm
O8 - Extra context menu item: &使用迅雷离线下载 - C:\Program Files\Thunder Network\Thunder\BHO\OfflineDownload.htm
O8 - Extra context menu item: &妏蚚蚥粥狟婥窒蝈诿 - C:\Program Files\115\UDown\getAllUrl.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Foxy 下载 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜寻 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 使用BitComet下载全部链接 - res://C:\Documents and Settings\iStar\桌面\新资料夹\PRO\BitComet_0.82\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下载链接(&B) - res://C:\Documents and Settings\iStar\桌面\新资料夹\PRO\BitComet_0.82\BitComet.exe/AddLink.htm
O8 - Extra context menu item: 使用迅雷下载全部连结 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm
O8 - Extra context menu item: 使用电驴下载 - C:\Documents and Settings\iStar\My Documents\Downloads\easyMule\easyMule\IE2EM.htm
O8 - Extra context menu item: 汇出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - 8utorunsdisabled - C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra 'Tools' menuitem: 启动迅雷看看播放器 - 8utorunsdisabled - C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra button: 启动迅雷看看播放器 - 9utorunsdisabled - C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: 脤艘厍珜窒芞 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files\Thunder Network\Thunder\Program\repairimage.htm
O9 - Extra 'Tools' menuitem: 脤艘厍珜窒芞 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files\Thunder Network\Thunder\Program\repairimage.htm
O9 - Extra button: 迅雷看看 - {5D578929-E74E-46A2-A810-4F33D011DC52} - C:\Program Files\Common Files\Thunder Network\Kankan\XLStartKankan.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
R3 - URLSearchHook: ST-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (file missing)
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O1 - Hosts: 94.102.51.71 sc.userporn.com
O1 - Hosts: 94.102.51.71 www.userporn.com
O2 - BHO: VideoUrlSniffer - {00000ADA-7E0D-47C1-986C-F017D09C4304} - C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Addins\VideoUrlSniffer.2.2.0.138.(600).dll
O2 - BHO: ShowHKToolbar Class - {06433BFE-4946-4E89-823D-CD359C81CD06} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (file missing)
O2 - BHO: IE2EMBHO Class - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - C:\Documents and Settings\iStar\My Documents\Downloads\easyMule\easyMule\modules\IE2EM.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\iStar\桌面\新资料夹\PRO\BitComet_0.82\tools\BitCometBHO.dll (file missing)
O2 - BHO: ST-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (file missing)
O2 - BHO: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.9.16.4670.dll
O2 - BHO: Windows Live 登入小帮手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Xunlei BHO Platform - {DE05CF4A-7B0A-4775-B5E5-396244938679} - C:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: PPStream Video Acc Helper - {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} - C:\Program Files\PPStream\plugins\IEHelper.dll
O3 - Toolbar: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (file missing)
O3 - Toolbar: ST-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (file missing)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Grid Service] "C:\Program Files\GridService\peer.exe" -n Grid
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\9.0"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcld] C:\Program Files\602game\gcld\gcld.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSKernel.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\iStar\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKUS\S-1-5-19\..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSKernel.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSKernel.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &使用BitComet下载本页视频 - res://C:\Documents and Settings\iStar\桌面\新资料夹\PRO\BitComet_0.82\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm
O8 - Extra context menu item: &使用迅雷离线下载 - C:\Program Files\Thunder Network\Thunder\BHO\OfflineDownload.htm
O8 - Extra context menu item: &妏蚚蚥粥狟婥窒蝈诿 - C:\Program Files\115\UDown\getAllUrl.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Foxy 下载 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜寻 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 使用BitComet下载全部链接 - res://C:\Documents and Settings\iStar\桌面\新资料夹\PRO\BitComet_0.82\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下载链接(&B) - res://C:\Documents and Settings\iStar\桌面\新资料夹\PRO\BitComet_0.82\BitComet.exe/AddLink.htm
O8 - Extra context menu item: 使用迅雷下载全部连结 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm
O8 - Extra context menu item: 使用电驴下载 - C:\Documents and Settings\iStar\My Documents\Downloads\easyMule\easyMule\IE2EM.htm
O8 - Extra context menu item: 汇出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - 8utorunsdisabled - C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra 'Tools' menuitem: 启动迅雷看看播放器 - 8utorunsdisabled - C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra button: 启动迅雷看看播放器 - 9utorunsdisabled - C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: 脤艘厍珜窒芞 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files\Thunder Network\Thunder\Program\repairimage.htm
O9 - Extra 'Tools' menuitem: 脤艘厍珜窒芞 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files\Thunder Network\Thunder\Program\repairimage.htm
O9 - Extra button: 迅雷看看 - {5D578929-E74E-46A2-A810-4F33D011DC52} - C:\Program Files\Common Files\Thunder Network\Kankan\XLStartKankan.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
作者: 773 发布时间: 2014-03-06
O10 - Unknown file in Winsock LSP: c:\program files\common files\thunder network\netmon\speed_viewer1.0.2.32.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\thunder network\netmon\speed_viewer1.0.2.32.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\thunder network\netmon\speed_viewer1.0.2.32.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\thunder network\netmon\net_monitor2.0.2.9.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\thunder network\netmon\net_monitor2.0.2.9.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\thunder network\netmon\net_monitor2.0.2.9.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\thunder network\netmon\net_monitor2.0.2.9.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\thunder network\netmon\speed_viewer1.0.2.32.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1DABF8D5-8430-4985-9B7F-A30E53D709B3} (InstallHelper Class) - http://dl_dir.qq.com/qqtv/MMInstaller.cab
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Peg ... sources/ax/stub.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bi ... Client.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.co ... s/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E758BC30-C8C3-4379-B27B-B50E146460A9} - http://update.tv.sina.com.cn/live/p2p/install_service_v4.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7306CEC3-8510-4FD8-B953-28206EF6A957}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Guang Su Server - Unknown owner - C:\Program Files\gssoft\gswb\2.8.1.0113\Config.exe (file missing)
O23 - Service: Google 更新服务 (gupdate1ca6f81bb080fd4) (gupdate1ca6f81bb080fd4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google 更新 服务 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - wireless - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SddSUpdate - Unknown owner - C:\Program Files\SddSUpdate\SddSUpdate.exe
O23 - Service: 呏湮婓盄赻雄载陔督昢 (SDLiveupSrv) - Unknown owner - C:\Program Files\呏湮厍厘\呏湮狟婥\liveupdsrv.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 17267 bytes
O10 - Unknown file in Winsock LSP: c:\program files\common files\thunder network\netmon\speed_viewer1.0.2.32.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\thunder network\netmon\speed_viewer1.0.2.32.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\thunder network\netmon\net_monitor2.0.2.9.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\thunder network\netmon\net_monitor2.0.2.9.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\thunder network\netmon\net_monitor2.0.2.9.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\thunder network\netmon\net_monitor2.0.2.9.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\thunder network\netmon\speed_viewer1.0.2.32.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1DABF8D5-8430-4985-9B7F-A30E53D709B3} (InstallHelper Class) - http://dl_dir.qq.com/qqtv/MMInstaller.cab
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Peg ... sources/ax/stub.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bi ... Client.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.co ... s/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E758BC30-C8C3-4379-B27B-B50E146460A9} - http://update.tv.sina.com.cn/live/p2p/install_service_v4.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7306CEC3-8510-4FD8-B953-28206EF6A957}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Guang Su Server - Unknown owner - C:\Program Files\gssoft\gswb\2.8.1.0113\Config.exe (file missing)
O23 - Service: Google 更新服务 (gupdate1ca6f81bb080fd4) (gupdate1ca6f81bb080fd4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google 更新 服务 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - wireless - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SddSUpdate - Unknown owner - C:\Program Files\SddSUpdate\SddSUpdate.exe
O23 - Service: 呏湮婓盄赻雄载陔督昢 (SDLiveupSrv) - Unknown owner - C:\Program Files\呏湮厍厘\呏湮狟婥\liveupdsrv.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 17267 bytes
作者: 773 发布时间: 2014-03-06
Hi ~ 请问中毒前有无装过任何软件 ?
中左毒几耐 ? 你嘅Hijackthis我会稍后睇。
中左毒几耐 ? 你嘅Hijackthis我会稍后睇。
作者: GoodestEngilsh 发布时间: 2014-03-06
其实都应该至少2,3个月
不过之前唔系自己安装野
系firefox有时冇啦啦之后弹左个page去d大陆网(例如:天猫)
个d page自己平时冇上开
最近依个依2个星期问题冇左,但就开始自己安装野
(game又有,咩播放器又有)
有时一晚装两三次
但nod扫过几次都冇发现问题
Btw我都怀疑过系百度云问题,因为开始自己安装野个时间同我装百度云
个时间接近,但del完问题都冇好转
可能有d长,thz
不过之前唔系自己安装野
系firefox有时冇啦啦之后弹左个page去d大陆网(例如:天猫)
个d page自己平时冇上开
最近依个依2个星期问题冇左,但就开始自己安装野
(game又有,咩播放器又有)
有时一晚装两三次
但nod扫过几次都冇发现问题
Btw我都怀疑过系百度云问题,因为开始自己安装野个时间同我装百度云
个时间接近,但del完问题都冇好转
可能有d长,thz
作者: 773 发布时间: 2014-03-06
重新开机 黑Mon后按F8,入安全模式做Fix checked & OTM 删除。
* 先下载好OTM
1. 执行Hijackthis > Do a system scan only > 勾选下列项目 > 按Fix Checked (fix checked时关闭所有browsers/程式) > 按"是"。
http://oldtimer.geekstogo.com/OTM.exe
copy & paste 以下项目於Paste Instructions for Items to be Moved的框格内。
按MoveIt > OK > 重启电脑。
https://www.virustotal.com/
完成后 请贴上连结
下载连结 http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
*执行扫毒前请关闭所有浏览器同程式
>先按[Scan] > 后按[Delete]
>重启电脑 > 有log弹出
>上传log
* 先下载好OTM
1. 执行Hijackthis > Do a system scan only > 勾选下列项目 > 按Fix Checked (fix checked时关闭所有browsers/程式) > 按"是"。
引用:R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: ST-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (file missing)
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O1 - Hosts: 94.102.51.71 sc.userporn.com
O1 - Hosts: 94.102.51.71 www.userporn.com
O2 - BHO: VideoUrlSniffer - {00000ADA-7E0D-47C1-986C-F017D09C4304} - C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Addins\VideoUrlSniffer.2.2.0.138.(600).dll
O2 - BHO: ShowHKToolbar Class - {06433BFE-4946-4E89-823D-CD359C81CD06} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (file missing)
O2 - BHO: IE2EMBHO Class - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - C:\Documents and Settings\iStar\My Documents\Downloads\easyMule\easyMule\modules\IE2EM.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\iStar\桌面\新资料夹\PRO\BitComet_0. 82\tools\BitCometBHO.dll (file missing)
O2 - BHO: ST-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (file missing)
O2 - BHO: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.9.16.4670.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: PPStream Video Acc Helper - {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} - C:\Program Files\PPStream\plugins\IEHelper.dll
O3 - Toolbar: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (file missing)
O3 - Toolbar: ST-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (file missing)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Grid Service] "C:\Program Files\GridService\peer.exe" -n Grid
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [gcld] C:\Program Files\602game\gcld\gcld.exe
O8 - Extra context menu item: &使用BitComet下载本页视频 - res://C:\Documents and Settings\iStar\桌面\新资料夹\PRO\BitComet_0.82\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm
O8 - Extra context menu item: &使用迅雷离线下载 - C:\Program Files\Thunder Network\Thunder\BHO\OfflineDownload.htm
O8 - Extra context menu item: &妏蚚蚥粥狟婥窒蝈诿 - C:\Program Files\115\UDown\getAllUrl.htm
O8 - Extra context menu item: Foxy 下载 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜寻 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 使用BitComet下载全部链接 - res://C:\Documents and Settings\iStar\桌面\新资料夹\PRO\BitComet_0.82\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下载链接(&B) - res://C:\Documents and Settings\iStar\桌面\新资料夹\PRO\BitComet_0.82\BitComet.exe/AddLink.htm
O8 - Extra context menu item: 使用迅雷下载全部连结 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm
O8 - Extra context menu item: 使用电驴下载 - C:\Documents and Settings\iStar\My Documents\Downloads\easyMule\easyMule\IE2EM.htm
O9 - Extra button: (no name) - 8utorunsdisabled - C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra 'Tools' menuitem: 启动迅雷看看播放器 - 8utorunsdisabled - C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra button: 启动迅雷看看播放器 - 9utorunsdisabled - C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: 脤艘厍珜窒芞 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files\Thunder Network\Thunder\Program\repairimage.htm
O9 - Extra button: 迅雷看看 - {5D578929-E74E-46A2-A810-4F33D011DC52} - C:\Program Files\Common Files\Thunder Network\Kankan\XLStartKankan.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
2. 下载/执行 OTM做删除。R3 - URLSearchHook: ST-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (file missing)
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O1 - Hosts: 94.102.51.71 sc.userporn.com
O1 - Hosts: 94.102.51.71 www.userporn.com
O2 - BHO: VideoUrlSniffer - {00000ADA-7E0D-47C1-986C-F017D09C4304} - C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Addins\VideoUrlSniffer.2.2.0.138.(600).dll
O2 - BHO: ShowHKToolbar Class - {06433BFE-4946-4E89-823D-CD359C81CD06} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (file missing)
O2 - BHO: IE2EMBHO Class - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - C:\Documents and Settings\iStar\My Documents\Downloads\easyMule\easyMule\modules\IE2EM.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\iStar\桌面\新资料夹\PRO\BitComet_0. 82\tools\BitCometBHO.dll (file missing)
O2 - BHO: ST-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (file missing)
O2 - BHO: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.9.16.4670.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: PPStream Video Acc Helper - {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} - C:\Program Files\PPStream\plugins\IEHelper.dll
O3 - Toolbar: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (file missing)
O3 - Toolbar: ST-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (file missing)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Grid Service] "C:\Program Files\GridService\peer.exe" -n Grid
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [gcld] C:\Program Files\602game\gcld\gcld.exe
O8 - Extra context menu item: &使用BitComet下载本页视频 - res://C:\Documents and Settings\iStar\桌面\新资料夹\PRO\BitComet_0.82\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm
O8 - Extra context menu item: &使用迅雷离线下载 - C:\Program Files\Thunder Network\Thunder\BHO\OfflineDownload.htm
O8 - Extra context menu item: &妏蚚蚥粥狟婥窒蝈诿 - C:\Program Files\115\UDown\getAllUrl.htm
O8 - Extra context menu item: Foxy 下载 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜寻 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 使用BitComet下载全部链接 - res://C:\Documents and Settings\iStar\桌面\新资料夹\PRO\BitComet_0.82\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下载链接(&B) - res://C:\Documents and Settings\iStar\桌面\新资料夹\PRO\BitComet_0.82\BitComet.exe/AddLink.htm
O8 - Extra context menu item: 使用迅雷下载全部连结 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm
O8 - Extra context menu item: 使用电驴下载 - C:\Documents and Settings\iStar\My Documents\Downloads\easyMule\easyMule\IE2EM.htm
O9 - Extra button: (no name) - 8utorunsdisabled - C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra 'Tools' menuitem: 启动迅雷看看播放器 - 8utorunsdisabled - C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra button: 启动迅雷看看播放器 - 9utorunsdisabled - C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: 脤艘厍珜窒芞 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files\Thunder Network\Thunder\Program\repairimage.htm
O9 - Extra button: 迅雷看看 - {5D578929-E74E-46A2-A810-4F33D011DC52} - C:\Program Files\Common Files\Thunder Network\Kankan\XLStartKankan.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
http://oldtimer.geekstogo.com/OTM.exe
copy & paste 以下项目於Paste Instructions for Items to be Moved的框格内。
按MoveIt > OK > 重启电脑。
引用::files
C:\Program Files\DWeather\dwthsvc.exe
C:\Program Files\Ku6_Booster\Ku6_Booster.exe
C:\Program Files\SddSUpdate\SddSUpdate.exe
C:\Program Files\呏湮厍厘\呏湮狟婥\liveupdsrv.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\PPStream\PPSProtect.exe
C:\DOCUME~1\iStar\LOCALS~1\Temp\c_fm_cqt_1.exe
C:\DOCUME~1\iStar\LOCALS~1\Temp\c_gcld_cqt_1.exe
C:\Program Files\Ask.com\GenericAskToolbar.dll
C:\Program Files\Softonic-Eng7\prxtbSof0.dll (file missing)
C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Addins\VideoUrlSniffer.2.2.0.138.(600).dll
C:\Program Files\881903\IETOOLBAR\hktbar.dll (file missing)
C:\Documents and Settings\iStar\My Documents\Downloads\easyMule\easyMule\modules\IE2EM.dll
C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
C:\Documents and Settings\iStar\桌面\新资料夹\PRO\BitComet_0. 82\tools\BitCometBHO.dll (file missing)
C:\Program Files\Softonic-Eng7\prxtbSof0.dll (file missing)
C:\Program Files\881903\IETOOLBAR\hktbar.dll (file missing)
C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.9.16.4670.dll
C:\Program Files\Ask.com\GenericAskToolbar.dll
C:\Program Files\PPStream\plugins\IEHelper.dll
C:\Program Files\881903\IETOOLBAR\hktbar.dll (file missing)
C:\Program Files\Softonic-Eng7\prxtbSof0.dll (file missing)
C:\Program Files\Ask.com\GenericAskToolbar.dll
C:\Program Files\GridService\peer.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\602game\gcld\gcld.exe
C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
3. 将以下档案上传到Virustotal作分析C:\Program Files\DWeather\dwthsvc.exe
C:\Program Files\Ku6_Booster\Ku6_Booster.exe
C:\Program Files\SddSUpdate\SddSUpdate.exe
C:\Program Files\呏湮厍厘\呏湮狟婥\liveupdsrv.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\PPStream\PPSProtect.exe
C:\DOCUME~1\iStar\LOCALS~1\Temp\c_fm_cqt_1.exe
C:\DOCUME~1\iStar\LOCALS~1\Temp\c_gcld_cqt_1.exe
C:\Program Files\Ask.com\GenericAskToolbar.dll
C:\Program Files\Softonic-Eng7\prxtbSof0.dll (file missing)
C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Addins\VideoUrlSniffer.2.2.0.138.(600).dll
C:\Program Files\881903\IETOOLBAR\hktbar.dll (file missing)
C:\Documents and Settings\iStar\My Documents\Downloads\easyMule\easyMule\modules\IE2EM.dll
C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
C:\Documents and Settings\iStar\桌面\新资料夹\PRO\BitComet_0. 82\tools\BitCometBHO.dll (file missing)
C:\Program Files\Softonic-Eng7\prxtbSof0.dll (file missing)
C:\Program Files\881903\IETOOLBAR\hktbar.dll (file missing)
C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.9.16.4670.dll
C:\Program Files\Ask.com\GenericAskToolbar.dll
C:\Program Files\PPStream\plugins\IEHelper.dll
C:\Program Files\881903\IETOOLBAR\hktbar.dll (file missing)
C:\Program Files\Softonic-Eng7\prxtbSof0.dll (file missing)
C:\Program Files\Ask.com\GenericAskToolbar.dll
C:\Program Files\GridService\peer.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\602game\gcld\gcld.exe
C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
https://www.virustotal.com/
完成后 请贴上连结
引用:C:\Documents and Settings\All Users\Application Data\AAShell\NetCheck.exe
4. 下载/执行 AdwCleaner 扫毒下载连结 http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
*执行扫毒前请关闭所有浏览器同程式
>先按[Scan] > 后按[Delete]
>重启电脑 > 有log弹出
>上传log
作者: GoodestEngilsh 发布时间: 2014-03-06
3. 将以下档案上传到Virustotal作分析
https://www.virustotal.com/
完成后 请贴上连结
https://www.virustotal.com/zh-tw/file/e3a377a438e4b6828e50ceb5488edfe1281c909eb2e73fad83b077f9bd2a8292/analysis/1390304866/
https://www.virustotal.com/
完成后 请贴上连结
https://www.virustotal.com/zh-tw/file/e3a377a438e4b6828e50ceb5488edfe1281c909eb2e73fad83b077f9bd2a8292/analysis/1390304866/
作者: 773 发布时间: 2014-03-06
作者: 773 发布时间: 2014-03-06
本身有无装防毒软件?
作者: j32338 发布时间: 2014-03-06
1. 重设winsock
键盘Windows键+R > 输入「cmd」> 按enter > 输入「netsh winsock reset」(无括号) > 重新开机
2. 下载/执行Junkware Removal Tool扫毒。执行扫毒前请关闭所有浏览器同程式。(JRT会自动删除附於浏览器的恶意程式/档案/登录档)
请上传报告。
3.下载及安装Malwarebytes
下载连结 goo.gl/D1RRY
>将档案储存於桌面
>双击执行mbam-setup.exe
>选择繁体中文作为安装语言
>按 下一步 勾选 我同意 后再按 下一步
>然后全部都按 下一步,不需要更改任何设定
>按 安装 后等候安装*冇需升级到Pro版 >按 完成 完成安装,并进行更新
>勾选 完整扫描,然后按 扫描
>等待扫瞄完成,按 显示结果,按下右键 按检查所有项目
>再按 清除已选择的项目 进行清理
>完成清理后会弹出扫描纪录,请储存扫描纪录至桌面
>关闭 Malwarebytes' Anti-Malware
>扫描完成后 会产生log 另存於桌面>稍后上传
键盘Windows键+R > 输入「cmd」> 按enter > 输入「netsh winsock reset」(无括号) > 重新开机
2. 下载/执行Junkware Removal Tool扫毒。执行扫毒前请关闭所有浏览器同程式。(JRT会自动删除附於浏览器的恶意程式/档案/登录档)
请上传报告。
3.下载及安装Malwarebytes
下载连结 goo.gl/D1RRY
>将档案储存於桌面
>双击执行mbam-setup.exe
>选择繁体中文作为安装语言
>按 下一步 勾选 我同意 后再按 下一步
>然后全部都按 下一步,不需要更改任何设定
>按 安装 后等候安装*冇需升级到Pro版 >按 完成 完成安装,并进行更新
>勾选 完整扫描,然后按 扫描
>等待扫瞄完成,按 显示结果,按下右键 按检查所有项目
>再按 清除已选择的项目 进行清理
>完成清理后会弹出扫描纪录,请储存扫描纪录至桌面
>关闭 Malwarebytes' Anti-Malware
>扫描完成后 会产生log 另存於桌面>稍后上传
作者: GoodestEngilsh 发布时间: 2014-03-06
引用:原帖由 j32338 於 2014-1-22 05:03 PM 发表 本身有无装防毒软件?
Nod32 作者: 773 发布时间: 2014-03-06
2. http://www.sendspace.com/file/0b3gaj
3.http://www.sendspace.com/file/9e9yf6
[ 本帖最后由 773 於 2014-1-24 06:26 PM 编辑 ]
3.http://www.sendspace.com/file/9e9yf6
[ 本帖最后由 773 於 2014-1-24 06:26 PM 编辑 ]
作者: 773 发布时间: 2014-03-06
相关阅读 更多
热门阅读
-
office 2019专业增强版最新2021版激活秘钥/序列号/激活码推荐 附激活工具
阅读:74
-
如何安装mysql8.0
阅读:31
-
Word快速设置标题样式步骤详解
阅读:28
-
20+道必知必会的Vue面试题(附答案解析)
阅读:37
-
HTML如何制作表单
阅读:22
-
百词斩可以改天数吗?当然可以,4个步骤轻松修改天数!
阅读:31
-
ET文件格式和XLS格式文件之间如何转化?
阅读:24
-
react和vue的区别及优缺点是什么
阅读:121
-
支付宝人脸识别如何关闭?
阅读:21
-
腾讯微云怎么修改照片或视频备份路径?
阅读:28
