疑似中毒/ 木马
时间:2014-03-25
来源:互联网
呢排经常发现电脑无啦啦自动装D大陆程式,系完全冇问过/弹过任何野出黎,只系突然发觉桌面多左D野
之前试过自己用360同malwarebytes清过都搞唔掂, 求助
呀仲有之前中过msupdate.exe呢只野, 应该比我搞掂左了但都讲声你知,THX
岩岩又发现新野,有个成日唔同名既.exe系taskmgr度出现,佢既描述系"TODO:文件说明"
烦死我....
[ 本帖最后由 hoho0304 於 2014-1-9 08:56 PM 编辑 ]
之前试过自己用360同malwarebytes清过都搞唔掂, 求助
呀仲有之前中过msupdate.exe呢只野, 应该比我搞掂左了但都讲声你知,THX
岩岩又发现新野,有个成日唔同名既.exe系taskmgr度出现,佢既描述系"TODO:文件说明"
烦死我....[ 本帖最后由 hoho0304 於 2014-1-9 08:56 PM 编辑 ]
作者: hoho0304 发布时间: 2014-03-25
hijackthis log:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 20:07:47, on 9/1/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
CHROME: 31.0.1650.63
FIREFOX: 23.0.1 (zh-TW)
Boot mode: Normal
Running processes:
E:\Windows\system32\taskhost.exe
E:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
E:\Windows\system32\Dwm.exe
E:\Windows\system32\taskeng.exe
E:\Windows\Explorer.EXE
E:\Windows\system32\rundll32.exe
E:\Windows\System32\rundll32.exe
E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\DAEMON Tools Lite\DTLite.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\Pando Networks\Media Booster\PMB.exe
E:\Program Files\Windows Sidebar\sidebar.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Users\ho\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
E:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
E:\Windows\system32\wuauclt.exe
E:\Program Files\Common Files\Java\Java Update\jucheck.exe
E:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Windows\system32\SearchFilterHost.exe
E:\Users\ho\Desktop\HijackThis.exe
E:\Windows\system32\taskmgr.exe
O2 - BHO: IE2EMBHO Class - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - E:\Program Files\easyMule\modules\IE2EM.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.9.9.4578.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: DDB23FA1-953D-998C-D811-16E0820C09E2 Class - {DDB23FA1-953D-998C-D811-16E0820C09E2} - E:\Program Files\Thunder Network\Thunder\BBInside\{DDB23FA1-953D-998C-D811-16E0820C09E2}\AddressBar.dll
O2 - BHO: Xunlei BHO Platform - {DE05CF4A-7B0A-4775-B5E5-396244938679} - E:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\IEPlatform.dll
O4 - HKLM\..\Run: [ArcSoft Connection Service] E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [APSDaemon] "E:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "E:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Pando Media Booster] E:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Google Update] "E:\Users\ho\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] E:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [GarenaPlus] "E:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - HKCU\..\Run: [LOLReplay Recorder] "E:\Program Files\LOLReplay\LOLRecorder.exe" -minimize
O4 - HKCU\..\Run: [ISUSPM Startup] E:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Octoshape Streaming Services] "E:\Users\ho\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "E:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = E:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: &使用迅雷下载 - E:\Program Files\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm
O8 - Extra context menu item: &使用迅雷离线下载 - E:\Program Files\Thunder Network\Thunder\BHO\OfflineDownload.htm
O8 - Extra context menu item: Foxy 下载 - res://E:\Users\ho\Desktop\FOXY1.9.9\FOXY1.9.9\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜寻 - res://E:\Users\ho\Desktop\FOXY1.9.9\FOXY1.9.9\Foxy.exe/search.htm
O8 - Extra context menu item: 使用迅雷下载全部连结 - E:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 使用电驴下载 - E:\Program Files\easyMule\IE2EM.htm
O8 - Extra context menu item: 汇出至 Microsoft Excel(&X) - res://E:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: e:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {A93FB56D-2F76-4DD7-8E38-9B1EB38C88A5} (SecureSession Class) - http://warranty.samsungmcs.com/plugIn/SecuiSECIE.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.co ... s/flash/swflash.cab
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://download.pplive.com/config/pplite/pluginsetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6402C5B0-DDF9-4C3B-914A-F3ED9D423020}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - E:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - E:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour 服务 (Bonjour Service) - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google更新 服务 (gupdate) (gupdate) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google更新 服务 (gupdatem) (gupdatem) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Bitdefender Antivirus Free Edition (gzserv) - Bitdefender - E:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod 服务 (iPod Service) - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PnkBstrA - Unknown owner - E:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - E:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - E:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 9271 bytes
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 20:07:47, on 9/1/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
CHROME: 31.0.1650.63
FIREFOX: 23.0.1 (zh-TW)
Boot mode: Normal
Running processes:
E:\Windows\system32\taskhost.exe
E:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
E:\Windows\system32\Dwm.exe
E:\Windows\system32\taskeng.exe
E:\Windows\Explorer.EXE
E:\Windows\system32\rundll32.exe
E:\Windows\System32\rundll32.exe
E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\DAEMON Tools Lite\DTLite.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\Pando Networks\Media Booster\PMB.exe
E:\Program Files\Windows Sidebar\sidebar.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Users\ho\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
E:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
E:\Windows\system32\wuauclt.exe
E:\Program Files\Common Files\Java\Java Update\jucheck.exe
E:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Windows\system32\SearchFilterHost.exe
E:\Users\ho\Desktop\HijackThis.exe
E:\Windows\system32\taskmgr.exe
O2 - BHO: IE2EMBHO Class - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - E:\Program Files\easyMule\modules\IE2EM.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.9.9.4578.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: DDB23FA1-953D-998C-D811-16E0820C09E2 Class - {DDB23FA1-953D-998C-D811-16E0820C09E2} - E:\Program Files\Thunder Network\Thunder\BBInside\{DDB23FA1-953D-998C-D811-16E0820C09E2}\AddressBar.dll
O2 - BHO: Xunlei BHO Platform - {DE05CF4A-7B0A-4775-B5E5-396244938679} - E:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\IEPlatform.dll
O4 - HKLM\..\Run: [ArcSoft Connection Service] E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [APSDaemon] "E:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "E:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Pando Media Booster] E:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Google Update] "E:\Users\ho\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] E:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [GarenaPlus] "E:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - HKCU\..\Run: [LOLReplay Recorder] "E:\Program Files\LOLReplay\LOLRecorder.exe" -minimize
O4 - HKCU\..\Run: [ISUSPM Startup] E:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Octoshape Streaming Services] "E:\Users\ho\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "E:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = E:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: &使用迅雷下载 - E:\Program Files\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm
O8 - Extra context menu item: &使用迅雷离线下载 - E:\Program Files\Thunder Network\Thunder\BHO\OfflineDownload.htm
O8 - Extra context menu item: Foxy 下载 - res://E:\Users\ho\Desktop\FOXY1.9.9\FOXY1.9.9\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜寻 - res://E:\Users\ho\Desktop\FOXY1.9.9\FOXY1.9.9\Foxy.exe/search.htm
O8 - Extra context menu item: 使用迅雷下载全部连结 - E:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 使用电驴下载 - E:\Program Files\easyMule\IE2EM.htm
O8 - Extra context menu item: 汇出至 Microsoft Excel(&X) - res://E:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: e:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {A93FB56D-2F76-4DD7-8E38-9B1EB38C88A5} (SecureSession Class) - http://warranty.samsungmcs.com/plugIn/SecuiSECIE.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.co ... s/flash/swflash.cab
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://download.pplive.com/config/pplite/pluginsetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6402C5B0-DDF9-4C3B-914A-F3ED9D423020}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - E:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - E:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour 服务 (Bonjour Service) - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google更新 服务 (gupdate) (gupdate) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google更新 服务 (gupdatem) (gupdatem) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Bitdefender Antivirus Free Edition (gzserv) - Bitdefender - E:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod 服务 (iPod Service) - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PnkBstrA - Unknown owner - E:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - E:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - E:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 9271 bytes
作者: hoho0304 发布时间: 2014-03-25
malwarebytes log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
资料库版本: v2014.01.08.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
ho :: HO-PC [系统管理员]
8/1/2014 21:27:51
mbam-log-2014-01-08 (21-27-51).txt
扫描类型: 快速扫描
启用扫描选项: 记忆体 | 启动 | 登录档 | 档案系统 | 启发式/额外 | 启发式/Shuriken 引擎 | PUP | PUM
停用扫描选项: P2P
被扫描物件数量: 255790
总共扫描时间: 36 分钟, 25 秒
被检测到记忆体进程数量: 0
(没有检测到有害项目)
被检测到记忆体模组数量: 0
(没有检测到有害项目)
被检测到登录档项目数量: 18
HKCR\CLSID\{B3DAD4E4-112B-AFD4-BA93-3991291F0846} (PUP.Optional.MultiPlug.A) -> 已成功隔离及删除
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B3DAD4E4-112B-AFD4-BA93-3991291F0846} (PUP.Optional.MultiPlug.A) -> 已成功隔离及删除
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B3DAD4E4-112B-AFD4-BA93-3991291F0846} (PUP.Optional.MultiPlug.A) -> 已成功隔离及删除
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B3DAD4E4-112B-AFD4-BA93-3991291F0846} (PUP.Optional.MultiPlug.A) -> 已成功隔离及删除
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B3DAD4E4-112B-AFD4-BA93-3991291F0846} (PUP.Optional.MultiPlug.A) -> 已成功隔离及删除
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Optional.Funshion) -> 已成功隔离及删除
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Optional.Funshion) -> 已成功隔离及删除
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Optional.Funshion) -> 已成功隔离及删除
HKCR\ASBarBroker.BDBroker.1 (PUP.Optional.Funshion) -> 已成功隔离及删除
HKCR\ASBarBroker.BDBroker (PUP.Optional.Funshion) -> 已成功隔离及删除
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Optional.Funshion) -> 已成功隔离及删除
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A7F05EE4-0426-454F-8013-C41E3596E9E9} (Trojan.Cinmus) -> 已成功隔离及删除
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> 已成功隔离及删除
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} (PUP.Optional.CRXDrop.A) -> 已成功隔离及删除
HKCR\thunder (Trojan.Agent) -> 在电脑重新启动时删除。
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} (PUP.Optional.WebSearchInfo) -> 已成功隔离及删除
HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> 已成功隔离及删除
HKLM\SYSTEM\CurrentControlSet\Services\sina_live_deamon (PUP.ChinAd) -> 已成功隔离及删除
被检测到登录档值数量: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> 数据: -> 已成功隔离及删除
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> 数据: e?犄悫I?p???CLSID -> 已成功隔离及删除
被检测到登录档资料项目数量: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.WebSearchInfo) -> 坏: (http://websearch.searchguru.info ... ;cc=HK&unqvl=43) 好: (http://www.google.com) -> 已成功隔离及修复
被检测到资料夹数量: 4
E:\ProgramData\UUSee (PUP.Optional.ChinAd) -> 已成功隔离及删除
E:\ProgramData\UUSee\Pic (PUP.Optional.ChinAd) -> 已成功隔离及删除
E:\ProgramData\UUSee\update (PUP.Optional.ChinAd) -> 已成功隔离及删除
E:\ProgramData\SearchNewTab (PUP.Optional.SearchNewTab) -> 已成功隔离及删除
被检测到档案数量: 8
E:\Program Files\YoutubeAdblocker\ldu3oy7ub.dll (PUP.Optional.MultiPlug.A) -> 没有采取任何行动
E:\ProgramData\YoutubeAdblocker\fptitqddv4.exe (PUP.Optional.CRXDrop.A) -> 没有采取任何行动
E:\Users\ho\AppData\Local\Temp\KMP_3.2.0.0.exe (PUP.Optional.Softonic.A) -> 已成功隔离及删除
E:\Users\ho\AppData\Local\Temp\setup_qd012.exe (PUP.BundleInstaller.DW) -> 已成功隔离及删除
E:\Users\ho\Local Settings\Temporary Internet Files\Content.IE5\0JY8CM8H\setup_qd012[1].exe (PUP.BundleInstaller.DW) -> 已成功隔离及删除
E:\Users\ho\Local Settings\Temporary Internet Files\Content.IE5\BYJB3AF3\agent2[1].exe (PUP.Optional.MultiPlug.A) -> 已成功隔离及删除
E:\Users\ho\Favorites\杬惘厍 - 杬ㄐ扂炰辣.url (Malware.Trace) -> 已成功隔离及删除
E:\ProgramData\UUSee\data.xml (PUP.Optional.ChinAd) -> 已成功隔离及删除
﹝结束﹞
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
资料库版本: v2014.01.08.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
ho :: HO-PC [系统管理员]
8/1/2014 21:27:51
mbam-log-2014-01-08 (21-27-51).txt
扫描类型: 快速扫描
启用扫描选项: 记忆体 | 启动 | 登录档 | 档案系统 | 启发式/额外 | 启发式/Shuriken 引擎 | PUP | PUM
停用扫描选项: P2P
被扫描物件数量: 255790
总共扫描时间: 36 分钟, 25 秒
被检测到记忆体进程数量: 0
(没有检测到有害项目)
被检测到记忆体模组数量: 0
(没有检测到有害项目)
被检测到登录档项目数量: 18
HKCR\CLSID\{B3DAD4E4-112B-AFD4-BA93-3991291F0846} (PUP.Optional.MultiPlug.A) -> 已成功隔离及删除
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B3DAD4E4-112B-AFD4-BA93-3991291F0846} (PUP.Optional.MultiPlug.A) -> 已成功隔离及删除
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B3DAD4E4-112B-AFD4-BA93-3991291F0846} (PUP.Optional.MultiPlug.A) -> 已成功隔离及删除
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B3DAD4E4-112B-AFD4-BA93-3991291F0846} (PUP.Optional.MultiPlug.A) -> 已成功隔离及删除
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B3DAD4E4-112B-AFD4-BA93-3991291F0846} (PUP.Optional.MultiPlug.A) -> 已成功隔离及删除
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Optional.Funshion) -> 已成功隔离及删除
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Optional.Funshion) -> 已成功隔离及删除
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Optional.Funshion) -> 已成功隔离及删除
HKCR\ASBarBroker.BDBroker.1 (PUP.Optional.Funshion) -> 已成功隔离及删除
HKCR\ASBarBroker.BDBroker (PUP.Optional.Funshion) -> 已成功隔离及删除
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Optional.Funshion) -> 已成功隔离及删除
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A7F05EE4-0426-454F-8013-C41E3596E9E9} (Trojan.Cinmus) -> 已成功隔离及删除
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> 已成功隔离及删除
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} (PUP.Optional.CRXDrop.A) -> 已成功隔离及删除
HKCR\thunder (Trojan.Agent) -> 在电脑重新启动时删除。
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} (PUP.Optional.WebSearchInfo) -> 已成功隔离及删除
HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> 已成功隔离及删除
HKLM\SYSTEM\CurrentControlSet\Services\sina_live_deamon (PUP.ChinAd) -> 已成功隔离及删除
被检测到登录档值数量: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> 数据: -> 已成功隔离及删除
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> 数据: e?犄悫I?p???CLSID -> 已成功隔离及删除
被检测到登录档资料项目数量: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.WebSearchInfo) -> 坏: (http://websearch.searchguru.info ... ;cc=HK&unqvl=43) 好: (http://www.google.com) -> 已成功隔离及修复
被检测到资料夹数量: 4
E:\ProgramData\UUSee (PUP.Optional.ChinAd) -> 已成功隔离及删除
E:\ProgramData\UUSee\Pic (PUP.Optional.ChinAd) -> 已成功隔离及删除
E:\ProgramData\UUSee\update (PUP.Optional.ChinAd) -> 已成功隔离及删除
E:\ProgramData\SearchNewTab (PUP.Optional.SearchNewTab) -> 已成功隔离及删除
被检测到档案数量: 8
E:\Program Files\YoutubeAdblocker\ldu3oy7ub.dll (PUP.Optional.MultiPlug.A) -> 没有采取任何行动
E:\ProgramData\YoutubeAdblocker\fptitqddv4.exe (PUP.Optional.CRXDrop.A) -> 没有采取任何行动
E:\Users\ho\AppData\Local\Temp\KMP_3.2.0.0.exe (PUP.Optional.Softonic.A) -> 已成功隔离及删除
E:\Users\ho\AppData\Local\Temp\setup_qd012.exe (PUP.BundleInstaller.DW) -> 已成功隔离及删除
E:\Users\ho\Local Settings\Temporary Internet Files\Content.IE5\0JY8CM8H\setup_qd012[1].exe (PUP.BundleInstaller.DW) -> 已成功隔离及删除
E:\Users\ho\Local Settings\Temporary Internet Files\Content.IE5\BYJB3AF3\agent2[1].exe (PUP.Optional.MultiPlug.A) -> 已成功隔离及删除
E:\Users\ho\Favorites\杬惘厍 - 杬ㄐ扂炰辣.url (Malware.Trace) -> 已成功隔离及删除
E:\ProgramData\UUSee\data.xml (PUP.Optional.ChinAd) -> 已成功隔离及删除
﹝结束﹞
作者: hoho0304 发布时间: 2014-03-25
malwarebytes log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
资料库版本: v2014.01.08.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
ho :: HO-PC [系统管理员]
8/1/2014 23:26:03
mbam-log-2014-01-08 (23-26-03).txt
扫描类型: 完全扫描 (C:\|D:\|E:\|F:\|)
启用扫描选项: 记忆体 | 启动 | 登录档 | 档案系统 | 启发式/额外 | 启发式/Shuriken 引擎 | PUP | PUM
停用扫描选项: P2P
被扫描物件数量: 563741
总共扫描时间: 6 小时, 22 分钟, 27 秒
被检测到记忆体进程数量: 0
(没有检测到有害项目)
被检测到记忆体模组数量: 0
(没有检测到有害项目)
被检测到登录档项目数量: 0
(没有检测到有害项目)
被检测到登录档值数量: 0
(没有检测到有害项目)
被检测到登录档资料项目数量: 0
(没有检测到有害项目)
被检测到资料夹数量: 0
(没有检测到有害项目)
被检测到档案数量: 23
C:\WINDOWS\system32\cmdow.exe (PUP.Tool) -> 没有采取任何行动
E:\ProgramData\YoutubeAdblocker\fptitqddv4.exe (PUP.Optional.CRXDrop.A) -> 没有采取任何行动
E:\Users\ho\Desktop\新增资料夹 (3)\梦幻西餐厅补丁+说明\setup-2007-3-25.exe (PUP.Funshion) -> 没有采取任何行动
E:\Users\ho\Desktop\3DMGAME-Resident.Evil.6.Crack.Only-RELOADED\steam_api.dll (Trojan.VirTool) -> 没有采取任何行动
E:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.221_1111\ThunderFW.exe (Trojan.Downloader) -> 没有采取任何行动
E:\Program Files\YoutubeAdblocker\ldu3oy7ub.dll (PUP.Optional.MultiPlug.A) -> 没有采取任何行动
E:\Program Files\YoutubeAdblocker\ldu3oy7ub.x64.dll (PUP.Optional.MultiPlug.A) -> 没有采取任何行动
E:\Program Files\Sk.Enabler\psupport.dll.211304.gzquar (PUP.Optional.SProtect.A) -> 没有采取任何行动
E:\Program Files\Sk.Enabler\psupport.dll.226604.gzquar (PUP.Optional.SProtect.A) -> 没有采取任何行动
E:\Program Files\Sk.Enabler\psupport.dll.323996.gzquar (PUP.Optional.SProtect.A) -> 没有采取任何行动
E:\Program Files\Sk.Enabler\psupport.dll.325614.gzquar (PUP.Optional.SProtect.A) -> 没有采取任何行动
E:\Program Files\Sk.Enabler\psupport.dll.325616.gzquar (PUP.Optional.SProtect.A) -> 没有采取任何行动
E:\Program Files\Sk.Enabler\psupport.dll.57926.gzquar (PUP.Optional.SProtect.A) -> 没有采取任何行动
E:\Program Files\Sk.Enabler\psupport.dll.62961.gzquar (PUP.Optional.SProtect.A) -> 没有采取任何行动
E:\Program Files\Sk.Enabler\psupport.dll.9490.gzquar (PUP.Optional.SProtect.A) -> 没有采取任何行动
E:\Program Files\Sk.Enabler\qtmp_60594.qz.325025.gzquar (PUP.Optional.SProtect.A) -> 没有采取任何行动
E:\Program Files\Sk.Enabler\qtmp_73198.qz.325024.gzquar (PUP.Optional.SProtect.A) -> 没有采取任何行动
E:\Program Files\Thunder Network\Thunder\tp\ThunderFW.exe (Trojan.Downloader) -> 没有采取任何行动
F:\CloudCache\9B82FF13ABE449C6441F7495D4453151A6E40BB6\0\##PROGRAM_FILES##\Wolfram Research\Mathematica\7.0\Crack\keygen.exe (RiskWare.Tool.CK) -> 没有采取任何行动
E:\Users\ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JY8CM8H\psupport_install[1].exe.5050.gzquar (PUP.Optional.SProtect.A) -> 已成功隔离及删除
E:\Users\ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RU3HMX1T\search_defender_alternate_166[1].exe.105309.gzquar (PUP.Optional.SProtect.A) -> 已成功隔离及删除
F:\FavoriteVideo\InvisibleFolder\pptvsetup_2.6.1.0008_s.exe (Trojan.Agent) -> 已成功隔离及删除
F:\FavoriteVideo\InvisibleFolder\pptvsetup_2.6.3.0007_s2.exe (Trojan.Agent) -> 已成功隔离及删除
﹝结束﹞
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
资料库版本: v2014.01.08.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
ho :: HO-PC [系统管理员]
8/1/2014 23:26:03
mbam-log-2014-01-08 (23-26-03).txt
扫描类型: 完全扫描 (C:\|D:\|E:\|F:\|)
启用扫描选项: 记忆体 | 启动 | 登录档 | 档案系统 | 启发式/额外 | 启发式/Shuriken 引擎 | PUP | PUM
停用扫描选项: P2P
被扫描物件数量: 563741
总共扫描时间: 6 小时, 22 分钟, 27 秒
被检测到记忆体进程数量: 0
(没有检测到有害项目)
被检测到记忆体模组数量: 0
(没有检测到有害项目)
被检测到登录档项目数量: 0
(没有检测到有害项目)
被检测到登录档值数量: 0
(没有检测到有害项目)
被检测到登录档资料项目数量: 0
(没有检测到有害项目)
被检测到资料夹数量: 0
(没有检测到有害项目)
被检测到档案数量: 23
C:\WINDOWS\system32\cmdow.exe (PUP.Tool) -> 没有采取任何行动
E:\ProgramData\YoutubeAdblocker\fptitqddv4.exe (PUP.Optional.CRXDrop.A) -> 没有采取任何行动
E:\Users\ho\Desktop\新增资料夹 (3)\梦幻西餐厅补丁+说明\setup-2007-3-25.exe (PUP.Funshion) -> 没有采取任何行动
E:\Users\ho\Desktop\3DMGAME-Resident.Evil.6.Crack.Only-RELOADED\steam_api.dll (Trojan.VirTool) -> 没有采取任何行动
E:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.221_1111\ThunderFW.exe (Trojan.Downloader) -> 没有采取任何行动
E:\Program Files\YoutubeAdblocker\ldu3oy7ub.dll (PUP.Optional.MultiPlug.A) -> 没有采取任何行动
E:\Program Files\YoutubeAdblocker\ldu3oy7ub.x64.dll (PUP.Optional.MultiPlug.A) -> 没有采取任何行动
E:\Program Files\Sk.Enabler\psupport.dll.211304.gzquar (PUP.Optional.SProtect.A) -> 没有采取任何行动
E:\Program Files\Sk.Enabler\psupport.dll.226604.gzquar (PUP.Optional.SProtect.A) -> 没有采取任何行动
E:\Program Files\Sk.Enabler\psupport.dll.323996.gzquar (PUP.Optional.SProtect.A) -> 没有采取任何行动
E:\Program Files\Sk.Enabler\psupport.dll.325614.gzquar (PUP.Optional.SProtect.A) -> 没有采取任何行动
E:\Program Files\Sk.Enabler\psupport.dll.325616.gzquar (PUP.Optional.SProtect.A) -> 没有采取任何行动
E:\Program Files\Sk.Enabler\psupport.dll.57926.gzquar (PUP.Optional.SProtect.A) -> 没有采取任何行动
E:\Program Files\Sk.Enabler\psupport.dll.62961.gzquar (PUP.Optional.SProtect.A) -> 没有采取任何行动
E:\Program Files\Sk.Enabler\psupport.dll.9490.gzquar (PUP.Optional.SProtect.A) -> 没有采取任何行动
E:\Program Files\Sk.Enabler\qtmp_60594.qz.325025.gzquar (PUP.Optional.SProtect.A) -> 没有采取任何行动
E:\Program Files\Sk.Enabler\qtmp_73198.qz.325024.gzquar (PUP.Optional.SProtect.A) -> 没有采取任何行动
E:\Program Files\Thunder Network\Thunder\tp\ThunderFW.exe (Trojan.Downloader) -> 没有采取任何行动
F:\CloudCache\9B82FF13ABE449C6441F7495D4453151A6E40BB6\0\##PROGRAM_FILES##\Wolfram Research\Mathematica\7.0\Crack\keygen.exe (RiskWare.Tool.CK) -> 没有采取任何行动
E:\Users\ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JY8CM8H\psupport_install[1].exe.5050.gzquar (PUP.Optional.SProtect.A) -> 已成功隔离及删除
E:\Users\ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RU3HMX1T\search_defender_alternate_166[1].exe.105309.gzquar (PUP.Optional.SProtect.A) -> 已成功隔离及删除
F:\FavoriteVideo\InvisibleFolder\pptvsetup_2.6.1.0008_s.exe (Trojan.Agent) -> 已成功隔离及删除
F:\FavoriteVideo\InvisibleFolder\pptvsetup_2.6.3.0007_s2.exe (Trojan.Agent) -> 已成功隔离及删除
﹝结束﹞
作者: hoho0304 发布时间: 2014-03-25
Hijackthis 系喺用MBAM前定后 做?
作者: GoodestEngilsh 发布时间: 2014-03-25
引用:原帖由 GoodestEngilsh 於 2014-1-10 12:47 PM 发表
Hijackthis 系喺用MBAM前定后 做?
后Hijackthis 系喺用MBAM前定后 做?
作者: hoho0304 发布时间: 2014-03-25
开机按F8,入安全模式做Fix checked & OTM 删除。
1) 执行Hijackthis > Do a system scan only > 勾选下列项目 > 按Fix Checked (fix checked时关闭所有browsers/程式) > 按"是"。
copy & paste 以下项目於Paste Instructions for Items to be Moved的框格内。
按MoveIt > OK > 重启电脑。
1) 执行Hijackthis > Do a system scan only > 勾选下列项目 > 按Fix Checked (fix checked时关闭所有browsers/程式) > 按"是"。
引用:O2 - BHO: IE2EMBHO Class - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - E:\Program Files\easyMule\modules\IE2EM.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.9.9.4578.dll
O2 - BHO: DDB23FA1-953D-998C-D811-16E0820C09E2 Class - {DDB23FA1-953D-998C-D811-16E0820C09E2} - E:\Program Files\Thunder Network\Thunder\BBInside\{DDB23FA1-953D-998C-D811-16E0820C09E2}\AddressBar.dll
O2 - BHO: Xunlei BHO Platform - {DE05CF4A-7B0A-4775-B5E5-396244938679} - E:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\IEPlatform.dll
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] E:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] E:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O8 - Extra context menu item: &使用迅雷下载 - E:\Program Files\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm
O8 - Extra context menu item: &使用迅雷离线下载 - E:\Program Files\Thunder Network\Thunder\BHO\OfflineDownload.htm
O8 - Extra context menu item: Foxy 下载 - res://E:\Users\ho\Desktop\FOXY1.9.9\FOXY1.9.9\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜寻 - res://E:\Users\ho\Desktop\FOXY1.9.9\FOXY1.9.9\Foxy.exe/search.htm
O8 - Extra context menu item: 使用迅雷下载全部连结 - E:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 使用电驴下载 - E:\Program Files\easyMule\IE2EM.htm
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
2) 下载/执行 OTM做删除。O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.9.9.4578.dll
O2 - BHO: DDB23FA1-953D-998C-D811-16E0820C09E2 Class - {DDB23FA1-953D-998C-D811-16E0820C09E2} - E:\Program Files\Thunder Network\Thunder\BBInside\{DDB23FA1-953D-998C-D811-16E0820C09E2}\AddressBar.dll
O2 - BHO: Xunlei BHO Platform - {DE05CF4A-7B0A-4775-B5E5-396244938679} - E:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\IEPlatform.dll
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] E:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] E:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O8 - Extra context menu item: &使用迅雷下载 - E:\Program Files\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm
O8 - Extra context menu item: &使用迅雷离线下载 - E:\Program Files\Thunder Network\Thunder\BHO\OfflineDownload.htm
O8 - Extra context menu item: Foxy 下载 - res://E:\Users\ho\Desktop\FOXY1.9.9\FOXY1.9.9\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜寻 - res://E:\Users\ho\Desktop\FOXY1.9.9\FOXY1.9.9\Foxy.exe/search.htm
O8 - Extra context menu item: 使用迅雷下载全部连结 - E:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 使用电驴下载 - E:\Program Files\easyMule\IE2EM.htm
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
copy & paste 以下项目於Paste Instructions for Items to be Moved的框格内。
按MoveIt > OK > 重启电脑。
引用::files
E:\Program Files\easyMule\modules\IE2EM.dll
E:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.9.9.4578.dll
E:\Program Files\Thunder Network\Thunder\BBInside\{DDB23FA1-953D-998C-D811-16E0820C09E2}\AddressBar.dll
E:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\IEPlatform.dll
E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
E:\Program Files\DAEMON Tools Lite\DTLite.exe
E:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
3) 下载/执行 Junkware Removal Tool 扫毒。执行扫毒前请关闭所有浏览器同程式。(JRT会自动删除附於浏览器的恶意程式/档案/登录档) E:\Program Files\easyMule\modules\IE2EM.dll
E:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.9.9.4578.dll
E:\Program Files\Thunder Network\Thunder\BBInside\{DDB23FA1-953D-998C-D811-16E0820C09E2}\AddressBar.dll
E:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\IEPlatform.dll
E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
E:\Program Files\DAEMON Tools Lite\DTLite.exe
E:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
作者: GoodestEngilsh 发布时间: 2014-03-25
作者: hoho0304 发布时间: 2014-03-25
1. 做AdwCleaner
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
先按下[Search] > 再按下[Delete] > 重启电脑 > 贴报告
2. 安装/执行Malwarebytes
http://www.bleepingcomputer.com/ ... -anti-malware/dl/7/
安装Malwarebytes > 问及是否需升级到Pro版 请拒绝 > 执行完整扫描 > 贴报告
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
先按下[Search] > 再按下[Delete] > 重启电脑 > 贴报告
2. 安装/执行Malwarebytes
http://www.bleepingcomputer.com/ ... -anti-malware/dl/7/
安装Malwarebytes > 问及是否需升级到Pro版 请拒绝 > 执行完整扫描 > 贴报告
作者: GoodestEngilsh 发布时间: 2014-03-25
# AdwCleaner v3.017 - Report created 13/01/2014 at 19:52:56
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : ho - HO-PC
# Running from : E:\Users\ho\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : E:\ProgramData\QuickSet
Folder Deleted : E:\ProgramData\surf and okEep
Folder Deleted : E:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Deleted : E:\Program Files\baidu
Folder Deleted : E:\Program Files\myfree codec
Folder Deleted : E:\Program Files\Sk.Enabler
Folder Deleted : E:\Program Files\Tencent
Folder Deleted : E:\Program Files\YoutubeAdblocker
Folder Deleted : E:\Program Files\Common Files\Tencent
Folder Deleted : E:\Users\ho\AppData\Roaming\SendSpace
Folder Deleted : E:\Users\ho\AppData\Roaming\Mozilla\Firefox\Profiles\1ewn898l.default\Extensions\[email protected]
Folder Deleted : E:\Users\ho\AppData\Roaming\Mozilla\Firefox\Profiles\1ewn898l.default\Extensions\[email protected]
Folder Deleted : E:\Users\ho\AppData\Roaming\Mozilla\Firefox\Profiles\1ewn898l.default\Extensions\[email protected]
Folder Deleted : E:\Users\ho\AppData\Roaming\Mozilla\Firefox\Profiles\1ewn898l.default\Extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_a490ea5f
Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6517DD27-EA6F-4947-9DEA-F9C487BB1020}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6517DD27-EA6F-4947-9DEA-F9C487BB1020}
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\TENCENT
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v23.0.1 (zh-TW)
[ File : E:\Users\ho\AppData\Roaming\Mozilla\Firefox\Profiles\1ewn898l.default\prefs.js ]
-\\ Google Chrome v
[ File : E:\Users\ho\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
*************************
AdwCleaner[R0].txt - [3019 octets] - [13/01/2014 19:41:27]
AdwCleaner[S0].txt - [3026 octets] - [13/01/2014 19:52:56]
########## EOF - E:\AdwCleaner\AdwCleaner[S0].txt - [3086 octets] ##########
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : ho - HO-PC
# Running from : E:\Users\ho\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : E:\ProgramData\QuickSet
Folder Deleted : E:\ProgramData\surf and okEep
Folder Deleted : E:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Deleted : E:\Program Files\baidu
Folder Deleted : E:\Program Files\myfree codec
Folder Deleted : E:\Program Files\Sk.Enabler
Folder Deleted : E:\Program Files\Tencent
Folder Deleted : E:\Program Files\YoutubeAdblocker
Folder Deleted : E:\Program Files\Common Files\Tencent
Folder Deleted : E:\Users\ho\AppData\Roaming\SendSpace
Folder Deleted : E:\Users\ho\AppData\Roaming\Mozilla\Firefox\Profiles\1ewn898l.default\Extensions\[email protected]
Folder Deleted : E:\Users\ho\AppData\Roaming\Mozilla\Firefox\Profiles\1ewn898l.default\Extensions\[email protected]
Folder Deleted : E:\Users\ho\AppData\Roaming\Mozilla\Firefox\Profiles\1ewn898l.default\Extensions\[email protected]
Folder Deleted : E:\Users\ho\AppData\Roaming\Mozilla\Firefox\Profiles\1ewn898l.default\Extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_a490ea5f
Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6517DD27-EA6F-4947-9DEA-F9C487BB1020}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6517DD27-EA6F-4947-9DEA-F9C487BB1020}
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\TENCENT
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v23.0.1 (zh-TW)
[ File : E:\Users\ho\AppData\Roaming\Mozilla\Firefox\Profiles\1ewn898l.default\prefs.js ]
-\\ Google Chrome v
[ File : E:\Users\ho\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
*************************
AdwCleaner[R0].txt - [3019 octets] - [13/01/2014 19:41:27]
AdwCleaner[S0].txt - [3026 octets] - [13/01/2014 19:52:56]
########## EOF - E:\AdwCleaner\AdwCleaner[S0].txt - [3086 octets] ##########
作者: hoho0304 发布时间: 2014-03-25
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
资料库版本: v2014.01.13.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
ho :: HO-PC [系统管理员]
13/1/2014 22:09:10
MBAM-log-2014-01-14 (08-15-19).txt
扫描类型: 完全扫描 (C:\|D:\|E:\|F:\|)
启用扫描选项: 记忆体 | 启动 | 登录档 | 档案系统 | 启发式/额外 | 启发式/Shuriken 引擎 | PUP | PUM
停用扫描选项: P2P
被扫描物件数量: 535113
总共扫描时间: 3 小时, 51 分钟, 22 秒
被检测到记忆体进程数量: 0
(没有检测到有害项目)
被检测到记忆体模组数量: 0
(没有检测到有害项目)
被检测到登录档项目数量: 0
(没有检测到有害项目)
被检测到登录档值数量: 0
(没有检测到有害项目)
被检测到登录档资料项目数量: 0
(没有检测到有害项目)
被检测到资料夹数量: 0
(没有检测到有害项目)
被检测到档案数量: 8
C:\WINDOWS\system32\cmdow.exe (PUP.Tool) -> 没有采取任何行动
E:\Users\ho\Desktop\新增资料夹 (3)\梦幻西餐厅补丁+说明\setup-2007-3-25.exe (PUP.Funshion) -> 没有采取任何行动
E:\Users\ho\Desktop\3DMGAME-Resident.Evil.6.Crack.Only-RELOADED\steam_api.dll (Trojan.VirTool) -> 没有采取任何行动
E:\AdwCleaner\Quarantine\E\Program Files\YoutubeAdblocker\ldu3oy7ub.dll.vir (PUP.Optional.MultiPlug.A) -> 没有采取任何行动
E:\AdwCleaner\Quarantine\E\Program Files\YoutubeAdblocker\ldu3oy7ub.x64.dll.vir (PUP.Optional.MultiPlug.A) -> 没有采取任何行动
E:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.221_1111\ThunderFW.exe (Trojan.Downloader) -> 没有采取任何行动
E:\Program Files\Thunder Network\Thunder\tp\ThunderFW.exe (Trojan.Downloader) -> 没有采取任何行动
F:\CloudCache\9B82FF13ABE449C6441F7495D4453151A6E40BB6\0\##PROGRAM_FILES##\Wolfram Research\Mathematica\7.0\Crack\keygen.exe (RiskWare.Tool.CK) -> 没有采取任何行动
﹝结束﹞
www.malwarebytes.org
资料库版本: v2014.01.13.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
ho :: HO-PC [系统管理员]
13/1/2014 22:09:10
MBAM-log-2014-01-14 (08-15-19).txt
扫描类型: 完全扫描 (C:\|D:\|E:\|F:\|)
启用扫描选项: 记忆体 | 启动 | 登录档 | 档案系统 | 启发式/额外 | 启发式/Shuriken 引擎 | PUP | PUM
停用扫描选项: P2P
被扫描物件数量: 535113
总共扫描时间: 3 小时, 51 分钟, 22 秒
被检测到记忆体进程数量: 0
(没有检测到有害项目)
被检测到记忆体模组数量: 0
(没有检测到有害项目)
被检测到登录档项目数量: 0
(没有检测到有害项目)
被检测到登录档值数量: 0
(没有检测到有害项目)
被检测到登录档资料项目数量: 0
(没有检测到有害项目)
被检测到资料夹数量: 0
(没有检测到有害项目)
被检测到档案数量: 8
C:\WINDOWS\system32\cmdow.exe (PUP.Tool) -> 没有采取任何行动
E:\Users\ho\Desktop\新增资料夹 (3)\梦幻西餐厅补丁+说明\setup-2007-3-25.exe (PUP.Funshion) -> 没有采取任何行动
E:\Users\ho\Desktop\3DMGAME-Resident.Evil.6.Crack.Only-RELOADED\steam_api.dll (Trojan.VirTool) -> 没有采取任何行动
E:\AdwCleaner\Quarantine\E\Program Files\YoutubeAdblocker\ldu3oy7ub.dll.vir (PUP.Optional.MultiPlug.A) -> 没有采取任何行动
E:\AdwCleaner\Quarantine\E\Program Files\YoutubeAdblocker\ldu3oy7ub.x64.dll.vir (PUP.Optional.MultiPlug.A) -> 没有采取任何行动
E:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.221_1111\ThunderFW.exe (Trojan.Downloader) -> 没有采取任何行动
E:\Program Files\Thunder Network\Thunder\tp\ThunderFW.exe (Trojan.Downloader) -> 没有采取任何行动
F:\CloudCache\9B82FF13ABE449C6441F7495D4453151A6E40BB6\0\##PROGRAM_FILES##\Wolfram Research\Mathematica\7.0\Crack\keygen.exe (RiskWare.Tool.CK) -> 没有采取任何行动
﹝结束﹞
作者: hoho0304 发布时间: 2014-03-25
做多次Malwarebytes
记住勾选晒所有搵到嘅毒
记住勾选晒所有搵到嘅毒
作者: GoodestEngilsh 发布时间: 2014-03-25
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
资料库版本: v2014.01.13.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
ho :: HO-PC [系统管理员]
13/1/2014 22:09:10
mbam-log-2014-01-13 (22-09-10).txt
扫描类型: 完全扫描 (C:\|D:\|E:\|F:\|)
启用扫描选项: 记忆体 | 启动 | 登录档 | 档案系统 | 启发式/额外 | 启发式/Shuriken 引擎 | PUP | PUM
停用扫描选项: P2P
被扫描物件数量: 535113
总共扫描时间: 3 小时, 51 分钟, 22 秒
被检测到记忆体进程数量: 0
(没有检测到有害项目)
被检测到记忆体模组数量: 0
(没有检测到有害项目)
被检测到登录档项目数量: 0
(没有检测到有害项目)
被检测到登录档值数量: 0
(没有检测到有害项目)
被检测到登录档资料项目数量: 0
(没有检测到有害项目)
被检测到资料夹数量: 0
(没有检测到有害项目)
被检测到档案数量: 8
C:\WINDOWS\system32\cmdow.exe (PUP.Tool) -> 已成功隔离及删除
E:\Users\ho\Desktop\新增资料夹 (3)\梦幻西餐厅补丁+说明\setup-2007-3-25.exe (PUP.Funshion) -> 已成功隔离及删除
E:\Users\ho\Desktop\3DMGAME-Resident.Evil.6.Crack.Only-RELOADED\steam_api.dll (Trojan.VirTool) -> 已成功隔离及删除
E:\AdwCleaner\Quarantine\E\Program Files\YoutubeAdblocker\ldu3oy7ub.dll.vir (PUP.Optional.MultiPlug.A) -> 已成功隔离及删除
E:\AdwCleaner\Quarantine\E\Program Files\YoutubeAdblocker\ldu3oy7ub.x64.dll.vir (PUP.Optional.MultiPlug.A) -> 已成功隔离及删除
E:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.221_1111\ThunderFW.exe (Trojan.Downloader) -> 已成功隔离及删除
E:\Program Files\Thunder Network\Thunder\tp\ThunderFW.exe (Trojan.Downloader) -> 已成功隔离及删除
F:\CloudCache\9B82FF13ABE449C6441F7495D4453151A6E40BB6\0\##PROGRAM_FILES##\Wolfram Research\Mathematica\7.0\Crack\keygen.exe (RiskWare.Tool.CK) -> 已成功隔离及删除
﹝结束﹞
上面果个系我今朝出门前贴上黎.而家清,已经TICK哂所有毒,THX
www.malwarebytes.org
资料库版本: v2014.01.13.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
ho :: HO-PC [系统管理员]
13/1/2014 22:09:10
mbam-log-2014-01-13 (22-09-10).txt
扫描类型: 完全扫描 (C:\|D:\|E:\|F:\|)
启用扫描选项: 记忆体 | 启动 | 登录档 | 档案系统 | 启发式/额外 | 启发式/Shuriken 引擎 | PUP | PUM
停用扫描选项: P2P
被扫描物件数量: 535113
总共扫描时间: 3 小时, 51 分钟, 22 秒
被检测到记忆体进程数量: 0
(没有检测到有害项目)
被检测到记忆体模组数量: 0
(没有检测到有害项目)
被检测到登录档项目数量: 0
(没有检测到有害项目)
被检测到登录档值数量: 0
(没有检测到有害项目)
被检测到登录档资料项目数量: 0
(没有检测到有害项目)
被检测到资料夹数量: 0
(没有检测到有害项目)
被检测到档案数量: 8
C:\WINDOWS\system32\cmdow.exe (PUP.Tool) -> 已成功隔离及删除
E:\Users\ho\Desktop\新增资料夹 (3)\梦幻西餐厅补丁+说明\setup-2007-3-25.exe (PUP.Funshion) -> 已成功隔离及删除
E:\Users\ho\Desktop\3DMGAME-Resident.Evil.6.Crack.Only-RELOADED\steam_api.dll (Trojan.VirTool) -> 已成功隔离及删除
E:\AdwCleaner\Quarantine\E\Program Files\YoutubeAdblocker\ldu3oy7ub.dll.vir (PUP.Optional.MultiPlug.A) -> 已成功隔离及删除
E:\AdwCleaner\Quarantine\E\Program Files\YoutubeAdblocker\ldu3oy7ub.x64.dll.vir (PUP.Optional.MultiPlug.A) -> 已成功隔离及删除
E:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.221_1111\ThunderFW.exe (Trojan.Downloader) -> 已成功隔离及删除
E:\Program Files\Thunder Network\Thunder\tp\ThunderFW.exe (Trojan.Downloader) -> 已成功隔离及删除
F:\CloudCache\9B82FF13ABE449C6441F7495D4453151A6E40BB6\0\##PROGRAM_FILES##\Wolfram Research\Mathematica\7.0\Crack\keygen.exe (RiskWare.Tool.CK) -> 已成功隔离及删除
﹝结束﹞
上面果个系我今朝出门前贴上黎.而家清,已经TICK哂所有毒,THX
作者: hoho0304 发布时间: 2014-03-25
下载/执行 RogueKiller
等候初次扫描完成>按下[扫描]>按下[删除]>上载log
[ 本帖最后由 GoodestEngilsh 於 2014-1-15 11:28 AM 编辑 ]
等候初次扫描完成>按下[扫描]>按下[删除]>上载log
[ 本帖最后由 GoodestEngilsh 於 2014-1-15 11:28 AM 编辑 ]
作者: GoodestEngilsh 发布时间: 2014-03-25
RogueKiller V8.8.0 [Dec 27 2013] tigzy 设计制作
电子邮件 : tigzyRK<at>gmail<dot>com
意见反应 : http://www.adlice.com/forum/
网站 : http://www.adlice.com/softwares/roguekiller/
部落格 : http://www.adlice.com
作业系统 : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
开始在 : 标准模式
使用�?� : ho [系统�?�理员权限]
模式 : Remove -- 日期 : 01/14/2014 22:56:51
| ARK || FAK || MBR |
¤¤¤ 损坏的处理程序 : 1 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- E:\Users\ho\AppData\Roaming\snsi\snsi.dll [x] -> 已卸载
[SUSP PATH][DLL] explorer.exe -- E:\Users\ho\AppData\Local\Temp\appcom.dll [x] -> 已卸载
[SUSP PATH][DLL] explorer.exe -- E:\Program Files\Common Files\desktop\desktopiconX861.dll [x] -> 已卸载
¤¤¤ 系统登录项�? : 6 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> 已删除
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> 已删除
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> 已取代 (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> 已取代 (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> 已取代 (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> 已取代 (0)
¤¤¤ 计划任务 : 0 ¤¤¤
¤¤¤ 启动的项�? : 0 ¤¤¤
¤¤¤ Web�?�览器 : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ 特�?�档案/资料夹: ¤¤¤
¤¤¤ 驱动程式 : [未载入 0xc0000033] ¤¤¤
¤¤¤ 外部 Hives: ¤¤¤
-> C:\windows\system32\config\SYSTEM | DRVINFO [Drv - C:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> C:\windows\system32\config\SOFTWARE | DRVINFO [Drv - C:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> C:\windows\system32\config\SECURITY | DRVINFO [Drv - C:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> C:\windows\system32\config\SAM | DRVINFO [Drv - C:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> C:\windows\system32\config\DEFAULT | DRVINFO [Drv - C:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> C:\Documents and Settings\Administrator\NTUSER.DAT | DRVINFO [Drv - C:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> C:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - C:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> C:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - C:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> C:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - C:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
¤¤¤ 感染 : ¤¤¤
¤¤¤ HOSTS 档: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR 检查: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3202ABYS-01B7A0 ATA Device +++++
--- User ---
[MBR] 71d98208a5c0d0e66a2b91871c2e69e1
[BSP] e1fe727782e6ad54dee0ffbb8103ee55 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD1600AAJS-75M0A0 ATA Device +++++
--- User ---
[MBR] f11fd5b1415641647e95b63f11c4ba96
[BSP] 807ec2b8aa156d919b78fae2098165a2 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 152484 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) Hitachi HCS721616PLA380 ATA Device +++++
--- User ---
[MBR] 4be7063593d46886bc8a87dcc4b59a80
[BSP] f4882a4ea38ce93f94160a68a21272f7 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 300222720 | Size: 10472 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 146585 Mo
User = LL1 ... OK!
User = LL2 ... OK!
�?�成 : << RKreport[0]_D_01142014_225651.txt >>
RKreport[0]_S_01142014_225506.txt
电子邮件 : tigzyRK<at>gmail<dot>com
意见反应 : http://www.adlice.com/forum/
网站 : http://www.adlice.com/softwares/roguekiller/
部落格 : http://www.adlice.com
作业系统 : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
开始在 : 标准模式
使用�?� : ho [系统�?�理员权限]
模式 : Remove -- 日期 : 01/14/2014 22:56:51
| ARK || FAK || MBR |
¤¤¤ 损坏的处理程序 : 1 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- E:\Users\ho\AppData\Roaming\snsi\snsi.dll [x] -> 已卸载
[SUSP PATH][DLL] explorer.exe -- E:\Users\ho\AppData\Local\Temp\appcom.dll [x] -> 已卸载
[SUSP PATH][DLL] explorer.exe -- E:\Program Files\Common Files\desktop\desktopiconX861.dll [x] -> 已卸载
¤¤¤ 系统登录项�? : 6 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> 已删除
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> 已删除
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> 已取代 (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> 已取代 (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> 已取代 (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> 已取代 (0)
¤¤¤ 计划任务 : 0 ¤¤¤
¤¤¤ 启动的项�? : 0 ¤¤¤
¤¤¤ Web�?�览器 : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ 特�?�档案/资料夹: ¤¤¤
¤¤¤ 驱动程式 : [未载入 0xc0000033] ¤¤¤
¤¤¤ 外部 Hives: ¤¤¤
-> C:\windows\system32\config\SYSTEM | DRVINFO [Drv - C:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> C:\windows\system32\config\SOFTWARE | DRVINFO [Drv - C:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> C:\windows\system32\config\SECURITY | DRVINFO [Drv - C:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> C:\windows\system32\config\SAM | DRVINFO [Drv - C:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> C:\windows\system32\config\DEFAULT | DRVINFO [Drv - C:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> C:\Documents and Settings\Administrator\NTUSER.DAT | DRVINFO [Drv - C:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> C:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - C:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> C:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - C:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> C:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - C:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
¤¤¤ 感染 : ¤¤¤
¤¤¤ HOSTS 档: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR 检查: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3202ABYS-01B7A0 ATA Device +++++
--- User ---
[MBR] 71d98208a5c0d0e66a2b91871c2e69e1
[BSP] e1fe727782e6ad54dee0ffbb8103ee55 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD1600AAJS-75M0A0 ATA Device +++++
--- User ---
[MBR] f11fd5b1415641647e95b63f11c4ba96
[BSP] 807ec2b8aa156d919b78fae2098165a2 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 152484 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) Hitachi HCS721616PLA380 ATA Device +++++
--- User ---
[MBR] 4be7063593d46886bc8a87dcc4b59a80
[BSP] f4882a4ea38ce93f94160a68a21272f7 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 300222720 | Size: 10472 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 146585 Mo
User = LL1 ... OK!
User = LL2 ... OK!
�?�成 : << RKreport[0]_D_01142014_225651.txt >>
RKreport[0]_S_01142014_225506.txt
作者: hoho0304 发布时间: 2014-03-25
请观察系统仲有冇问题。 Thx~
作者: GoodestEngilsh 发布时间: 2014-03-25
唔该哂! 暂时所见毒/广告就好似冇左, 但个explorer.exe就有时话发生问题需要重新启动
作者: hoho0304 发布时间: 2014-03-25
好似多数都系呢个野引起:
描述
失败的应用程式路径: E:\Windows\explorer.exe
问题签章
问题事件名称: APPCRASH
应用程式名称: Explorer.EXE
应用程式版本: 6.1.7601.17567
应用程式时间戳记: 4d6727a7
错误模组名称: dbghelp.dll
错误模组版本: 6.1.7601.17514
错误模组时间戳记: 4ce7b7bc
例外状况代码: c0000005
例外状况位移: 0004b50a
作业系统版本: 6.1.7601.2.1.0.256.1
地区设定识别码: 3076
其他资讯 1: 3bd9
其他资讯 2: 3bd9e53dd5aea32510d1b84e5eef5753
其他资讯 3: b849
其他资讯 4: b849c3869fee094cc4d3c3eaa454a77f
描述
失败的应用程式路径: E:\Windows\explorer.exe
问题签章
问题事件名称: APPCRASH
应用程式名称: Explorer.EXE
应用程式版本: 6.1.7601.17567
应用程式时间戳记: 4d6727a7
错误模组名称: dbghelp.dll
错误模组版本: 6.1.7601.17514
错误模组时间戳记: 4ce7b7bc
例外状况代码: c0000005
例外状况位移: 0004b50a
作业系统版本: 6.1.7601.2.1.0.256.1
地区设定识别码: 3076
其他资讯 1: 3bd9
其他资讯 2: 3bd9e53dd5aea32510d1b84e5eef5753
其他资讯 3: b849
其他资讯 4: b849c3869fee094cc4d3c3eaa454a77f
作者: hoho0304 发布时间: 2014-03-25
师兄可以帮手睇埋佢吗 作者: hoho0304 发布时间: 2014-03-25
唔系几清楚...............
建议直接去Microsoft论坛搵帮手
建议直接去Microsoft论坛搵帮手
作者: GoodestEngilsh 发布时间: 2014-03-25
相关阅读 更多
热门阅读
-
office 2019专业增强版最新2021版激活秘钥/序列号/激活码推荐 附激活工具
阅读:74
-
如何安装mysql8.0
阅读:31
-
Word快速设置标题样式步骤详解
阅读:28
-
20+道必知必会的Vue面试题(附答案解析)
阅读:37
-
HTML如何制作表单
阅读:22
-
百词斩可以改天数吗?当然可以,4个步骤轻松修改天数!
阅读:31
-
ET文件格式和XLS格式文件之间如何转化?
阅读:24
-
react和vue的区别及优缺点是什么
阅读:121
-
支付宝人脸识别如何关闭?
阅读:21
-
腾讯微云怎么修改照片或视频备份路径?
阅读:28
