瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » hijackthis kan kan you wu wen ti
xiaohuang1 - 2011-4-4 16:16:00
日志文件 Trend Micro HijackThis v 2.0.2
日志保存时间: 16:09:22,2011/4/4
操作系统: Windows Vista SP1 (WinNT 6.00.1905)
IE版本: Unable to get Internet Explorer version!
启动模式: 带网络支持的安全模式
正在运行的进程:
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\hp\AppData\Roaming\360se\bin\360se.exe
C:\Users\hp\AppData\Roaming\360se\bin\Extensions\SafeCentral\urlproc.exe
C:\Users\hp\AppData\Roaming\360se\bin\360se.exe
C:\Users\hp\AppData\Roaming\360se\extensions\ExtDoctor\360Doctor.exe
C:\Users\hp\AppData\Roaming\360SE\extensions\ExtWebmail\360seNotify.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\hp\Desktop\HijackThis.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: IE2EMBHO Class - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - d:\Program Files\easyMule\modules\IE2EM.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\SSPlus\SAddr.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QQ工具栏 - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll
O2 - BHO: (未命名) - {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\PROGRA~1\TENCENT\SSPlus\SSup.dll
O2 - BHO: TSWebMon - {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} - C:\Program Files\Tencent\QQDoctor\TSWebMon.dat
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (未命名) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (没有文件)
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.1.4.2104.dll
O2 - BHO: QvodGameExtend - {94C3E4BB-A261-4A83-B437-EA6F7A28CA68} - C:\Program Files\Kuaiwan\QvodGameExtend.dll
O2 - BHO: 卡卡上网安全助手 - {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - C:\Windows\system32\UrlFilter.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - IE 工具栏: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - IE 工具栏: QQ工具栏 - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll
O4 - HKLM\..\Run: [kxesc] "C:\Program Files\Common Files\Kingsoft\kiscommon\kxetray.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - 额外的按钮: 浩方电竞平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - G:\platform 5.0\gameclient.exe(文件不存在)
O9 - 额外的按钮: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - 额外的按钮: HP 智能选择 - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - 选项组: [TBH] 腾讯中文搜搜
O13 - Gopher Prefix:
O15 - Trusted Zone: http://cache.tv.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivecaption.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivehabit.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivesearch.qq.com (HKLM)
O15 - Trusted Zone: http://video_1.qq.com (HKLM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {01D4C318-44D5-4AB8-894F-5F95341E4459} (PowerPasswordXPSBC Control) - https://pbank.psbc.com/pweb/ocx/psbc/PowerEnterPSBC.CAB
O16 - DPF: {1975B11A-F0CF-4AB2-A65A-F7768E0B0718} (SecPad Control) - https://www.yintongcard.com/yintong/site/js/SecPad.CAB
O16 - DPF: {74C78CE5-913F-416B-8628-6F2350902D68} (PasswordBox Control) - https://pay.chblt.com/PasswordBox.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - NT 服务:  Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f85b771c\aestsrv.exe
O23 - NT 服务:  Contrl Center of Storm Media (ccosm) - Unknown owner - d:\Program Files\StormII\stormliv.exe
O23 - NT 服务:  Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - NT 服务:  hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - NT 服务:  HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - NT 服务:  InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - NT 服务:  Kingsoft Security App Service (kxesapp) - Kingsoft Corporation - C:\Program Files\Common Files\Kingsoft\kiscommon\kxesapp.exe
O23 - NT 服务:  Kingsoft Core Service (kxescore) - Kingsoft Corporation - C:\Program Files\Common Files\Kingsoft\kiscommon\kxescore.exe
O23 - NT 服务:  Kingsoft Antivirus Update Service (KxEUpSrv) - Kingsoft Corporation - C:\Program Files\Common Files\Kingsoft\kiscommon\upsvc.exe
O23 - NT 服务:  LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - NT 服务:  nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe(文件不存在)
O23 - NT 服务:  NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - NT 服务:  Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - NT 服务:  Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - NT 服务:  Rsd Service (RsMgrSvc) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\RSD\RsMgrSvc.exe
O23 - NT 服务:  Rav Service (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\RAV\RavMonD.exe
O23 - NT 服务:  RFW Service (RsRFWMon) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\RFW\RavMonD.exe
O23 - NT 服务:  FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\Windows\system32\sfrem02.exe
O23 - NT 服务:  Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f85b771c\STacSV.exe
--
文件结束 - 6690 字节

用户系统信息:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30618; InfoPath.2; .NET4.0C)
networkedition - 2011-4-6 10:06:00
请详细描述电脑中毒症状。
1
查看完整版本: hijackthis kan kan you wu wen ti