谁会看HIJACKTHIS导出日志，我怕自己被远控和中灰鸽子。_CF穿越火线

ZxID：23367844

等级: 列兵

举报只看楼主使用道具楼主发表于: 2013-02-19 0

日志文件 Trend Micro HijackThis v 2.0.2
日志保存时间: 18:49:55,2013-2-19 星期二
操作系统: Windows XP SP3 (WinNT 5.01.2600)
IE版本: Internet Explorer v8.00 (8.00.6001.18702)
启动模式: 正常

正在运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\360\360safe\deepscan\ZhuDongFangYu.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\kingsoft\KSM\ksmsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\360\360safe\safemon\360Tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe
C:\Program Files\360\360sd\360sd.exe
C:\Program Files\360\360safe\SoftMgr\SoftManagerLite.exe
C:\Program Files\360\360sd\360rp.exe
D:\Program Files\SogouExplorer\SogouExplorer.exe
D:\Program Files\SogouExplorer\SogouExplorer.exe
C:\Program Files\Tencent\QQ\QQProtect\Bin\QQProtect.exe
D:\Program Files\SogouExplorer\SogouExplorer.exe
C:\Program Files\Tencent\QQ\bin\QQ.exe
C:\Program Files\Tencent\QQ\bin\TXPlatform.exe
D:\Program Files\SogouExplorer\SogouExplorer.exe
D:\Program Files\SogouExplorer\SogouExplorer.exe
C:\Program Files\360\360safe\360Safe.exe
C:\Program Files\360\360safe\deepscan\DSMain.exe
D:\Program Files\SogouExplorer\SogouExplorer.exe
D:\Program Files\SogouExplorer\SogouExplorer.exe
D:\Program Files\SogouExplorer\SogouExplorer.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\360zip$Temp\360$0\HijackThis.exe

O2 - BHO: QQCycloneHelper - {00000000-12C9-4305-82F9-43058F20E8D2} - C:\PROGRA~1\Tencent\QQDOWN~1\QQIEHelper02.dll
O2 - BHO: VideoUrlSniffer - {00000ADA-7E0D-47C1-986C-F017D09C4304} - C:\Program Files\Common Files\Thunder Network\KanKan\VideoUrlSniffer.2.0.1.99.(228).dll
O2 - BHO: XlBrowserAddinBho.XlBrowserAddinBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - F:\Program Files\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.7.70.dll
O2 - BHO: BOC ProcessProtect Class - {776B71E2-B4CC-4C94-BC7C-09103AA690B6} - C:\WINDOWS\system32\ProcessProtection.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - F:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.2.8.3574.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360\360safe\safemon\safemon.dll
O2 - BHO: 中国工商银行BHO - {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ICBCEBankAssist] "C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\RunEBank.exe"
O4 - HKLM\..\Run: [360Safetray] "C:\Program Files\360\360safe\safemon\360Tray.exe" /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [360sd] "C:\Program Files\360\360sd\360sd.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - 额外的按钮: (未命名) - {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - 额外的“工具”菜单项目: 启动迅雷看看播放器 - {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - 额外的按钮: 迅雷看看播放器 - {24c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
O9 - 额外的按钮: 迅雷看看 - {5D578929-E74E-46A2-A810-4F33D011DC52} - C:\Program Files\Common Files\Thunder Network\Kankan\XLStartKankan.exe
O9 - 额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/
O15 - Trusted Zone: http://*.bankofchina.com
O15 - Trusted Zone: http://*.boc.cn
O15 - Trusted Zone: http://*.cga.com.cn
O15 - Trusted Zone: http://*.pps.tv
O15 - Trusted Zone: http://*.ppstream.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O15 - ESC Trusted Zone: http://*.pps.tv
O15 - ESC Trusted Zone: http://*.ppstream.com
O15 - ESC Trusted Zone: http://*.webscache.com
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (QQPasswordCtrl Class) - https://www.tenpay.com/download/tenpaycert_xp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{84510BCF-516F-40BF-9976-899DB2E2FC39}: NameServer = 202.102.213.68 61.132.163.68
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O23 - NT 服务:   360电脑技师服务 (360js) - 360.cn - C:\Program Files\360\360jishi\360js.exe
O23 - NT 服务:   360 杀毒实时防护加载服务 (360rp) - 360.cn - C:\Program Files\360\360sd\360rps.exe
O23 - NT 服务:   Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - NT 服务:   Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务:   Google 更新服务 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - NT 服务:   Google 更新服务 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - NT 服务:   ICBC Daemon Service - Unknown owner - C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe
O23 - NT 服务:   Kingsoft Rescue Service - Unknown owner - D:\Program Files\kingsoft\KSM\ksmsvc.exe
O23 - NT 服务:   主动防御 (ZhuDongFangYu) - 360.cn - C:\Program Files\360\360safe\deepscan\ZhuDongFangYu.exe

--
文件结束 - 7157 字节