Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 10:56:05, on 2011/2/21
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
C:\Windows\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Desktop\HiJackThis.exe

R3 - URLSearchHook: (no name) - {90d46c30-9f25-4104-aea9-35c3f84477ff} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.1.5.2152.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: VMN Toolbar - {078fed71-52f2-4a49-a0ab-6453e2ca72ba} - C:\Program Files\vmndtx\vmndx.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll
O3 - Toolbar: (no name) - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - (no file)
O3 - Toolbar: (no name) - {90d46c30-9f25-4104-aea9-35c3f84477ff} - (no file)
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [IME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
O4 - HKLM\..\Run: [BCSSync] ; "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Standby] ; "c:\Program Files\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: 使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: 使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm
O8 - Extra context menu item: 透過Mipony下載 - file://C:\Program Files\MiPony\Browser\IEContext.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\thunder network\thunder\bho\dllxlspi0.0.0.56.dll
O10 - Unknown file in Winsock LSP: c:\program files\thunder network\thunder\bho\dllxlspi0.0.0.56.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.pps.tv
O15 - Trusted Zone: http://*.ppstream.com
O15 - Trusted Zone: http://*.webscache.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O15 - ESC Trusted Zone: http://*.pps.tv
O15 - ESC Trusted Zone: http://*.ppstream.com
O15 - ESC Trusted Zone: http://*.webscache.com
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - https://a248.e.akamai.net/f/248/1477...ex-2.2.5.7.cab
O16 - DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} (P00RecImageCtrl Class) - http://ccd.xcam.com.tw/push03.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://metronavi.trtc.com.tw/help/mgaxctrl.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vjage.com/download/vjocx.cab
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://dl.pplive.com/PluginSetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7599B824-3E45-45C1-B557-E5C605495FE2}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{7599B824-3E45-45C1-B557-E5C605495FE2}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{7599B824-3E45-45C1-B557-E5C605495FE2}: NameServer = 8.8.8.8,8.8.4.4
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Google 更新服務 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (Updatesrv) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
O23 - Service: XLDoctor Services - ShenZhen Xunlei Networking Technologies,LTD - C:\Program Files\Thunder Network\Thunder\Program\DctSer.exe

--
End of file - 7709 bytes

首先，請自行google瞭解svchost.exe在windows中的作用，不要總是毫無知識的胡亂猜疑

我只說正題，看這個程序的參數 svchost -k localxxxx
意思就是此程序正在啟動某個服務，但是後邊的內容因為我看不到，所以暫時無法幫助你

所以，請把所有 svchost -k xxxxx後邊的內容全部寫下來，讓我看一下是什麼服務在下載

愁死人了 我讓你把 svchost 後邊的參數 完整的寫下來 :on_61::on_61::on_61::on_61::on_61::on_61:

1.windows媒體中心
2.網絡發現功能

C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Desktop\HiJackThis.exe

HiJackThis.exe

這是那個 logo 檔的生成工具 ...

svchost.exe 病毒，從 Windows 2000 開始就一種病毒會使用 svchost.exe 這個名字，
但好像不會取原檔，而是好像藏在某處

svchost.exe 原本就是 Windows 的一種背景服務程式，他的執行，不是代表 svchost.exe

而是以 svchost.exe 去執行一些其的的程式或是服務的軟體功能。

不然就要關閉一些軟體服務看看了，如某些開機即刻常駐執行的軟體 ...

那網路上有一種說法是，因為 Windows 本身有安全性的後洞，造成中毒或 CPU 使用過高
可以透過 Windows 更新來解決問題看看。

控制面板\所有控制面板項\網絡和共享中心\高級共享設置
把共享什麼的全部選為關閉

控制面板\所有控制面板項\程序和功能
打開或者關閉windows功能\媒體功能全部取消選擇

既然你使用pplive和迅雷，相信你能看懂的。。。。。。。:on_45:

解決了

好像是防毒軟體的問題

剛剛在測試的時候換成了Avast後

就沒有偵測到在下載東西了...

謝謝wlk3773208大跟getter大的幫忙:on_28: