史萊姆論壇 - 查看單個文章

猜謎人 · 2015-07-09, 10:19 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 下午 10:18:32, on 2015/7/9
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Users\EdwardNygma\AppData\Roaming\Letv\AfterPlay\AfterPlayMonitor.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\EdwardNygma\program files\Portable_Banshee_Screamer_Alarm_2.55\Portable Banshee Screamer Alarm\alarm.exe
C:\Windows\System32\osk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\EdwardNygma\program files\Q-Dir\Q-Dir.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\EdwardNygma\program files\KMPlayer v2.9.4.1434 Pre 3\KMPlayer.exe
C:\Program Files\Thunder Network\Xmp\Program\XMP.exe
C:\Users\Public\Thunder Network\XMP4\Core\Program\XLUEOPS.exe
C:\Users\Public\Thunder Network\XMP4\Core\Program\XLUEOPS.exe
C:\Users\Public\Thunder Network\XMP4\Core\Program\XLUEOPS.exe
C:\Users\Public\Thunder Network\XMP4\Core\Program\XLUEOPS.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
C:\Windows\system32\NOTEPAD.EXE
Z:\HijackThis.exe

O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Xunlei BHO Platform - {DE05CF4A-7B0A-4775-B5E5-396244938679} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKCU\..\Run: [AfterPlayMonitor] C:\Users\EdwardNygma\AppData\Roaming\Letv\AfterPlay\AfterPlayMonitor.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [XMP] "C:\Users\Public\THUNDE~1\XMP4\Core\Program\XMP.exe" /embedding /sstartfrom Startup101
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_1F725CEB24A98EE5F55BEE3B2D848966] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Banshee Screamer Alarm.lnk = EdwardNygma\program files\Portable_Banshee_Screamer_Alarm_2.55\Portable Banshee Screamer Alarm\alarm.exe
O8 - Extra context menu item: &使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: &使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm
O8 - Extra context menu item: &使用迅雷離線下載 - C:\Program Files\Thunder Network\Thunder\BHO\OfflineDownload.htm
O8 - Extra context menu item: CyberArticle：儲存目前網頁 - C:\Program Files\WizBrother\CyberArticle\script\SaveAll.htm
O8 - Extra context menu item: CyberArticle：儲存選取部分 - C:\Program Files\WizBrother\CyberArticle\script\SaveSel.htm
O8 - Extra context menu item: CyberArticle：選擇儲存項目 - C:\Program Files\WizBrother\CyberArticle\script\SaveAuto.htm
O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: CyberArticle：儲存目前網頁 - {51F5BD71-6A8B-4fec-BE1F-5F6B70F7D87E} - C:\Program Files\WizBrother\CyberArticle\script\SaveAll.htm (HKCU)
O9 - Extra button: CyberArticle：儲存選取部分 - {E781A42F-2CE8-4643-9D23-280386E09222} - C:\Program Files\WizBrother\CyberArticle\script\SaveSel.htm (HKCU)
O9 - Extra button: CyberArticle 瀏覽器列 - {E7A8BE72-810D-4845-AFC0-EC115FAC2B43} - C:\PROGRA~1\WIZBRO~1\CYBERA~1\CYBERA~4.DLL (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\Windows\system32\afasrv32.exe (file missing)
O23 - Service: BDHY Service (bddlsvc) - Unknown owner - C:\Users\EdwardNygma\AppData\Roaming\baidu\BaiduRJDownloader\1.5.0.89\bddlsvc.exe
O23 - Service: Google更新服務 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google更新服務 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Bitdefender Antivirus Free Edition (gzserv) - Bitdefender - C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe

--
End of file - 6004 bytes

2015-07-09, 10:19 PM	#11 (permalink)
猜謎人榮譽會員榮譽勳章勳章總數23 UID - 14438 在線等級: 註冊日期: 2002-12-19 住址: 虎爛宮解籤詩處文章: 18702 精華: 2 現金: 10109 金幣資產: 2886912 金幣	Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 下午 10:18:32, on 2015/7/9 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Users\EdwardNygma\AppData\Roaming\Letv\AfterPlay\AfterPlayMonitor.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\EdwardNygma\program files\Portable_Banshee_Screamer_Alarm_2.55\Portable Banshee Screamer Alarm\alarm.exe C:\Windows\System32\osk.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\EdwardNygma\program files\Q-Dir\Q-Dir.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Users\EdwardNygma\program files\KMPlayer v2.9.4.1434 Pre 3\KMPlayer.exe C:\Program Files\Thunder Network\Xmp\Program\XMP.exe C:\Users\Public\Thunder Network\XMP4\Core\Program\XLUEOPS.exe C:\Users\Public\Thunder Network\XMP4\Core\Program\XLUEOPS.exe C:\Users\Public\Thunder Network\XMP4\Core\Program\XLUEOPS.exe C:\Users\Public\Thunder Network\XMP4\Core\Program\XLUEOPS.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe C:\Windows\system32\NOTEPAD.EXE Z:\HijackThis.exe O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Xunlei BHO Platform - {DE05CF4A-7B0A-4775-B5E5-396244938679} - (no file) O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" O4 - HKCU\..\Run: [AfterPlayMonitor] C:\Users\EdwardNygma\AppData\Roaming\Letv\AfterPlay\AfterPlayMonitor.exe O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [XMP] "C:\Users\Public\THUNDE~1\XMP4\Core\Program\XMP.exe" /embedding /sstartfrom Startup101 O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_1F725CEB24A98EE5F55BEE3B2D848966] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Banshee Screamer Alarm.lnk = EdwardNygma\program files\Portable_Banshee_Screamer_Alarm_2.55\Portable Banshee Screamer Alarm\alarm.exe O8 - Extra context menu item: &使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm O8 - Extra context menu item: &使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm O8 - Extra context menu item: &使用迅雷離線下載 - C:\Program Files\Thunder Network\Thunder\BHO\OfflineDownload.htm O8 - Extra context menu item: CyberArticle：儲存目前網頁 - C:\Program Files\WizBrother\CyberArticle\script\SaveAll.htm O8 - Extra context menu item: CyberArticle：儲存選取部分 - C:\Program Files\WizBrother\CyberArticle\script\SaveSel.htm O8 - Extra context menu item: CyberArticle：選擇儲存項目 - C:\Program Files\WizBrother\CyberArticle\script\SaveAuto.htm O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: CyberArticle：儲存目前網頁 - {51F5BD71-6A8B-4fec-BE1F-5F6B70F7D87E} - C:\Program Files\WizBrother\CyberArticle\script\SaveAll.htm (HKCU) O9 - Extra button: CyberArticle：儲存選取部分 - {E781A42F-2CE8-4643-9D23-280386E09222} - C:\Program Files\WizBrother\CyberArticle\script\SaveSel.htm (HKCU) O9 - Extra button: CyberArticle 瀏覽器列 - {E7A8BE72-810D-4845-AFC0-EC115FAC2B43} - C:\PROGRA~1\WIZBRO~1\CYBERA~1\CYBERA~4.DLL (HKCU) O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O15 - ESC Trusted Zone: http://*.update.microsoft.com O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\Windows\system32\afasrv32.exe (file missing) O23 - Service: BDHY Service (bddlsvc) - Unknown owner - C:\Users\EdwardNygma\AppData\Roaming\baidu\BaiduRJDownloader\1.5.0.89\bddlsvc.exe O23 - Service: Google更新服務 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google更新服務 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Bitdefender Antivirus Free Edition (gzserv) - Bitdefender - C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe -- End of file - 6004 bytes
	__________________
	送花文章: 1110, 收花文章: 16299 篇, 收花: 83322 次