日志文件 Trend Micro HijackThis v 2.0.2
日志保存时间: 13:53:46,2014/12/1
操作系统: Unknown Windows (WinNT 6.01.3505 SP1)
IE版本: Unable to get Internet Explorer version!
启动模式: 正常
正在运行的进程:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
D:\软件\360安全卫士\360Safe\safemon\360tray.exe
C:\Windows\SysWOW64\D4Svr_ICBC.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
D:\软件\360安全卫士\360Safe\sweeper\360AutoClean.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
D:\软件\yy-5\YY.exe
D:\软件\QQ\QQProtect\Bin\QQProtect.exe
D:\软件\QQ\bin\QQ.exe
D:\软件\QQ\Bin\TXPlatform.exe
C:\Users\Administrator\AppData\Roaming\Tencent\AndroidServer\1.0.0.293\AndroidServer.exe
E:\游戏\英雄联盟\LOLBox\LOLBox.exe
C:\Windows\SysWOW64\rundll32.exe
D:\软件\金太阳\tdxw.exe
C:\Program Files (x86)\SogouInput\7.4.0.4201\SogouCloud.exe
D:\软件\360安全卫士\360Safe\netmon\360KuaiKan.exe
D:\软件\yy-5\7.0.0.4\yyplatform.exe
D:\软件\yy-5\7.0.0.4\yybrowser.exe
C:\Program Files (x86)\SogouInput\Components\SGImeGuard\1.0.0.27\SGImeGuard.exe
C:\Program Files (x86)\BlueStacks\HD-Frontend.exe
C:\Users\Administrator\AppData\Roaming\360se6\Application\360se.exe
C:\Users\Administrator\AppData\Roaming\360se6\Application\360se.exe
C:\Users\Administrator\AppData\Roaming\360se6\Application\360se.exe
C:\Users\Administrator\AppData\Roaming\360se6\Application\360se.exe
C:\Users\Administrator\AppData\Roaming\360Notify\Bin\360seNotify.exe
C:\Users\Administrator\AppData\Roaming\360se6\Application\360se.exe
C:\Users\Administrator\Desktop\hijackthis.exe
C:\Users\ADMINI~1\AppData\Local\Temp\nsfB88.tmp\hijackthis.exe
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 17.171.36.30 gs.apple.com
O2 - BHO: VideoUrlSniffer - {00000ADA-7E0D-47C1-986C-F017D09C4304} - C:\Users\Public\Thunder Network\XMP5\Addins\VideoUrlSniffer.2.3.2.203.(156).dll
O2 - BHO: XlBrowserAddinBho.XlBrowserAddinBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - (没有文件)
O2 - BHO: 360sdbho Class - {0F4BF955-A127-41B7-A998-369904AA2578} - D:\软件\360安全卫士\360sd\360sdbho.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (没有文件)
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - D:\软件\360安全卫士\360Safe\safemon\safemon.dll
O2 - BHO: 中国工商银行BHO - {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll
O2 - BHO: AccountProtect - {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} - C:\Users\Administrator\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll
O2 - BHO: Xunlei BHO Platform - {DE05CF4A-7B0A-4775-B5E5-396244938679} - D:\软件\迅雷\Thunder BHO Platform\np_tdieplat.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [360Safetray] "D:\软件\360安全卫士\360Safe\safemon\360tray.exe" /start
O4 - HKLM\..\Run: [D4Svr_ICBC.exe] D4Svr_ICBC.exe
O4 - HKLM\..\RunServices: [WatchServer] D:\wysoft\exec\watchsvr.exe
O4 - HKCU\..\Run: [360sd] "D:\软件\360安全卫士\360sd\360sdrun.exe"
O4 - HKCU\..\Run: [ctfmon] C:\Windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - 扩展右键菜单项: &使用&迅雷下载 - D:\软件\迅雷\BHO\geturl.htm
O8 - 扩展右键菜单项: &使用&迅雷下载全部链接 - D:\软件\迅雷\BHO\GetAllUrl.htm
O8 - 扩展右键菜单项: &使用&迅雷离线下载 - D:\软件\迅雷\BHO\OfflineDownload.htm
O8 - 扩展右键菜单项: 使用迅雷影音播放 - C:\Users\Public\Thunder Network\XMP5\V5.1.11.3417\Program\XmpIEMenu.htm
O8 - 扩展右键菜单项: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm
O8 - 扩展右键菜单项: 添加当前页到迅雷看看播放器标签 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenuAddStoreTab.htm
O9 - 额外的按钮: (未命名) - {00b1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP5\V5.1.11.3417\Program\XmpIEToolMenu.htm(文件不存在)
O9 - 额外的“工具”菜单项目: 启动迅雷影音 - {00b1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP5\V5.1.11.3417\Program\XmpIEToolMenu.htm(文件不存在)
O9 - 额外的按钮: (未命名) - {01c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - 额外的“工具”菜单项目: 启动迅雷看看播放器 - {01c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - 额外的按钮: 启动迅雷看看播放器 - {02c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
O9 - 额外的按钮: (未命名) - {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - 额外的“工具”菜单项目: 启动迅雷看看播放器 - {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - 额外的按钮: 启动迅雷看看播放器 - {24c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
O9 - 额外的按钮: 迅雷看看 - {5D578929-E74E-46A2-A810-4F33D011DC52} - C:\Program Files (x86)\Common Files\Thunder Network\Kankan\XLStartKankan.exe
O9 - 额外的按钮: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\users\public\funacce\funacce.dll
O10 - Unknown file in Winsock LSP: c:\users\public\funacce\funacce.dll
O10 - Unknown file in Winsock LSP: c:\users\public\funacce\funacce.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelsp.dll
O10 - Unknown file in Winsock LSP: c:\users\public\funacce\funacce.dll
O11 - 选项组: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1DABF8D5-8430-4985-9B7F-A30E53D709B3} (InstallHelper Class) -
http://dl_dir.qq.com/qqtv/MMInstaller.cabO16 - DPF: {1E525898-EE12-4002-9374-82D15147F762} (UpdateInstaller Class) -
http://player.cntv.cn/flashplayer/config/plugins/wCNTVLive212.dllO16 - DPF: {36C9539B-49D2-01C7-9C6D-10DACDFEA59C} (Axcleanctrl Class) -
https://b2c.icbc.com.cn/icbc/newperbank/icbcclean.cabO16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) -
https://b2c.icbc.com.cn/icbc/newperbank/AxSafeControls.cabO16 - DPF: {93E730CA-32AA-4C56-B5FB-65932E954CFE} (IEKeyControl Class) -
https://mybank.icbc.com.cn/icbc/ ... _IE_FULL_SCREEN.CABO16 - DPF: {AE67A038-DDB9-4450-B3FF-69998882C774} (XLSafeEditWrap Class) -
http://pay.xunlei.com/activex/ie/XLSafeEdit.cabO16 - DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} (InfoSecICBCNetSign Class) -
https://b2c.icbc.com.cn/icbc/ICBC_NetSign.dllO16 - DPF: {B219E31C-E110-4638-AF01-7BDD5ACA552C} (ICBCQPKCom_HH Class) -
https://mybank.icbc.com.cn/icbc/ICBCQPK_HH.cabO16 - DPF: {BC878AFA-767A-47D8-B61E-AD96F210833A} (AxEnvSet Class) -
https://mybank.icbc.com.cn/icbc/newperbank/icbcEnvCtrl.cabO16 - DPF: {DA1B7A94-28C8-4CDE-82B8-D5773AE27780} (icbc_bhdc1vdvCom Class) -
https://mybank.icbc.com.cn/icbc/icbc_bhdc1vdv.cabO23 - NT 服务: 360rp - 360.cn - D:\软件\360安全卫士\360sd\360rps.exe
O23 - NT 服务: 91手机助手服务 (91MobileDevice) - Unknown owner - D:\软件\91手机助手\91MobileDeviceService.exe
O23 - NT 服务: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - NT 服务: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe(文件不存在)
O23 - NT 服务: Alipay security service (AlipaySecSvc) - Alipay Inc. - C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe
O23 - NT 服务: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - NT 服务: Baidu Updater (BaiduUpdater) - Unknown owner - C:\Program Files (x86)\Baidu\BaiduUpdate\bdupdate.exe(文件不存在)
O23 - NT 服务: BDMiniDlUpdate - Unknown owner - C:\Users\Administrator\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.6\BDMiniDlUpdate_138.exe(文件不存在)
O23 - NT 服务: Bonjour 服务 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - NT 服务: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - NT 服务: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - NT 服务: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - NT 服务: Microsoft Device Health Machine Service (DeviceHealth) - Unknown owner - C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe
O23 - NT 服务: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe(文件不存在)
O23 - NT 服务: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe(文件不存在)
O23 - NT 服务: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - NT 服务: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - NT 服务: ICBC Daemon Service - Unknown owner - C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN64\IcbcDaemon_64.exe
O23 - NT 服务: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - NT 服务: iPod 服务 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - NT 服务: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - NT 服务: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe(文件不存在)
O23 - NT 服务: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - NT 服务: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe(文件不存在)
O23 - NT 服务: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe(文件不存在)
O23 - NT 服务: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe(文件不存在)
O23 - NT 服务: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - NT 服务: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - NT 服务: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe(文件不存在)
O23 - NT 服务: OnKey Service _ICBC - Tendyron Corporation - C:\Windows\SysWOW64\D4Ser_ICBC.exe
O23 - NT 服务: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe(文件不存在)
O23 - NT 服务: Tenpay Certificate Service (QQCertificateService) - Tencent - C:\Program Files (x86)\Common Files\Tencent\Paycenter\TenpayServer.exe
O23 - NT 服务: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe(文件不存在)
O23 - NT 服务: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe(文件不存在)
O23 - NT 服务: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe(文件不存在)
O23 - NT 服务: SogouUpdate - Sogou.com Inc. - C:\Program Files (x86)\SogouInput\7.4.0.4201\SogouUpdate.exe
O23 - NT 服务: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe(文件不存在)
O23 - NT 服务: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe(文件不存在)
O23 - NT 服务: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - NT 服务: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - NT 服务: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe(文件不存在)
O23 - NT 服务: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - NT 服务: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe(文件不存在)
O23 - NT 服务: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe(文件不存在)
O23 - NT 服务: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe(文件不存在)
O23 - NT 服务: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe(文件不存在)
O23 - NT 服务: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe(文件不存在)
O23 - NT 服务: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe(文件不存在)
O23 - NT 服务: Tencent WxBox Update Service (WxBoxUpdate) - Tencent - C:\Program Files (x86)\Tencent\WxBox\Update\WxBoxUpdate.exe
O23 - NT 服务: 主动防御 (ZhuDongFangYu) - 360.cn - D:\软件\360安全卫士\360Safe\deepscan\zhudongfangyu.exe
--
文件结束 - 14447 字节
用户系统信息:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36