查看完整版本 : 電腦中病毒[附HijackThis]

sam1414hk 2014-12-15 01:49 AM

電腦中病毒[附HijackThis]

所有*.Msc都已經停止運作


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 上午 1:43:43, on 15/12/2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Garena Plus\ggdllhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
D:\Program Files\Glary Utilities 5\Integrator.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Garena Plus\GarenaMessenger.exe
C:\Users\kin\AppData\Local\Akamai\netsession_win.exe
C:\Users\kin\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files\Garena Plus\bbtalk\BBtalk.exe
C:\Windows\system32\taskhost.exe
D:\Program Files\The KMPlayer\KMPlayer.exe
D:\Program Files\Steam\Steam.exe
D:\Program Files\Steam\bin\steamwebhelper.exe
D:\Program Files\Steam\bin\steamwebhelper.exe
C:\Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe
C:\Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Thunder Network\Thunder\Program\Thunder.exe
D:\Program Files\Thunder Network\Thunder\Program\HostProcess.exe
c:\program files\common files\thunder network\tp\ver1\1.1.2.234_1111\thunderplatform.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [GarenaPlus] "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - HKCU\..\Run: [AlcoholAutomount] "d:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\kin\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [GUDelayStartup] "D:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: LOLRecorder.lnk = D:\Program Files\LOLReplay\LOLRecorder.exe
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {00001001-973D-4058-9548-8DB3F551417D} (NaverStarter1 Class) - [url]http://download.netmarble.net/web/nmstarter/Naver/NaverStarter2.cab[/url]
O16 - DPF: {CE873186-B120-4034-9569-043119A3972A} (GPSetupCtrl Class) - [url]http://cabdown.playnetwork.co.kr/playnetwork/NGSetup/1075/NaverGameSetup.cab[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google更新 服務 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google更新 服務 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Origin Client Service - Electronic Arts - D:\Program Files\Origin\OriginClientService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe

--
End of file - 8357 bytes

[[i] 本帖最後由 sam1414hk 於 2014-12-15 01:51 AM 編輯 [/i]]

andrew412345 2014-12-15 10:31 AM

以你份 HijackThis LOG 睇黎. 你並無中毒.
有需要可以提供埋 SREng Report.
但情況不似中毒.
見到你無法安裝 Service Pack 1 (SP1) for Windows 7 or Windows Server 2008 R2.
可能你系統Config / Settings有誤.
又或者遺失系統 DLL

sam1414hk 2014-12-15 03:32 PM

唔知道點解會有咁多問號出現-.-

[url=https://www.sendspace.com/file/kkux28]https://www.sendspace.com/file/kkux28[/url]
頁: [1]
查看完整版本: 電腦中病毒[附HijackThis]