查看完整版本 : 好多software都開唔到(附Hijackthis)

samfufu 2013-5-11 03:36 PM

好多software都開唔到(附Hijackthis)

一開就彈"xxx已經停止運作"
thanks
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:32:15, on 11/5/2013

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v10.0 (10.00.9200.16537)

Boot mode: NormalRunning processes

D:\PPS.tv\PPStream\PPSProtect.exe

D:\PPS.tv\PPStream\PPSKernel.exe

C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

C:\ProgramData\Search Protection\SearchProtection.exe

C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

O2 - BHO: XlBrowserAddinBho.XlBrowserAddinBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files (x86)\Thunder
Network\Thunder\BHO\XlBrowserAddin1.0.7.70.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: 1924A188-E186-67A0-12BF-431D851E775D Class - {1924A188-E186-67A0-12BF-431D851E775D} - C:\Program Files (x86)\Baidu\{1924A188-E186-67A0-12BF-431D851E775D}\AddressBar.dll (file missing)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Baidu Toolbar BHO - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Program Files (x86)\Baidu\Toolbar\BaiduBarX.dll (file missing)

O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.2.7.3496.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: continuetosuave - {D864E2A6-1661-C269-4005-247746746892} - C:\ProgramData\continuetosuave\5186dbcfdea50.dll (file missing)

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: Search-NeeWTab - {FDC2DAED-BC72-8D44-ACE7-7B90C6115531} - C:\ProgramData\Search-NeeWTab\5186dc21248fe.dll (file missing)

O3 - Toolbar: 啃僅馱撿戲 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files (x86)\Baidu\Toolbar\BaiduBarX.dll (file missing)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

O4 - HKLM\..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat

O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

O4 - HKCU\..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (User 'Default user')

O8 - Extra context menu item: &妏蚚&捃濘燭盄狟婥 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm

O8 - Extra context menu item: &妏蚚&捃濘狟婥 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm

O8 - Extra context menu item: &妏蚚&捃濘狟婥�窒蟈諉 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\GetAllUrl.htm

O8 - Extra context menu item: Foxy ?? - res://C:\Program Files (x86)\Foxy\Foxy.exe/download.htm

O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files (x86)\Foxy\Foxy.exe/download.htm

O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files (x86)\Foxy\Foxy.exe/search.htm

O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm

O8 - Extra context menu item: 傳送至 OneNote(&N) - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: 妏蚚捃濘儕潠唳狟婥 - C:\Program Files (x86)\Thunder Network\MiniThunder\BHO\minixlgeturl.htm

O8 - Extra context menu item: 妏蚚捃濘儕潠唳狟婥�窒蟈諉 - C:\Program Files (x86)\Thunder Network\MiniThunder\BHO\minixlgetAllurl.htm

O8 - Extra context menu item: 發送圖像至藍牙裝置(B)... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: 發送頁面至藍牙裝置(B)... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: 傳送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: 傳送至 OneNote(&N) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote 連結筆記(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote 連結筆記(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\easyredirect.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\easyredirect.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\easyredirect.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\easyredirect.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\easyredirect.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O13 - Gopher Prefix:

O15 - Trusted Zone: http://*.gogobox.com.tw (HKLM)

O15 - ESC Trusted Zone: http://*.update.microsoft.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url=http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]http://fpdownload2.macromedia.co ... s/flash/swflash.cab[/url]

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\windows\syswow64\nvinit.dll c:\progra~2\contin~1\sprote~1.dll c:\progra~2\websea~1\sprote~1.dll

[[i] 本帖最後由 samfufu 於 2013-5-11 03:48 PM 編輯 [/i]]

samfufu 2013-5-11 03:37 PM

回覆 1# 的帖子

O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12030 bytes

anlth2010 2013-5-13 11:28 PM

[u][color=red]Step 1 : 下載及安裝 Malwarebytes' Anti-Malware[/color][/u]

[list][*]下載 [color=blue]Malwarebytes' Anti-Malware
[/color][url=http://www.malwarebytes.org/mbam-download.php]http://www.malwarebytes.org/mbam-download.php[/url][*]儲存 [color=red]mbam-setup.exe[/color] 至桌面[*]執行 [color=red]mbam-setup.exe[/color] 開始進行安裝,安裝時請選擇 [color=darkgreen]English[/color] 作為安裝語言[*]按 [color=darkgreen]Next[/color],勾選 [color=darkgreen]I accept the agreement[/color] 後再按 [color=darkgreen]Next[/color][*]然後全部都按 [color=darkgreen]Next[/color],不需要更改任何設定[*]按 [color=darkgreen]Install[/color] 後等候安裝[*]按 [color=darkgreen]Finish[/color] 完成安裝,並進行更新[/list]
[u][color=red]Step 2 : 使用 Malwarebytes' Anti-Malware[/color][/u]

[list][*]勾選 [color=darkgreen]Perform full scan[/color],然後按 [color=darkgreen]Scan[/color][*]再按 [color=darkgreen]Scan[/color],進行掃瞄[*]等待掃瞄完成,按 [color=darkgreen]Show Results[/color],再按 [color=darkgreen]Remove Selected[/color] 進行清理[*]完成清理後會彈出掃描紀錄,請儲存掃描紀錄至桌面[*]關閉 [color=blue]Malwarebytes' Anti-Malware[/color][/list]
[u][color=red]Step 3 : 下載及執行 ComboFix[/color][/u]

[list][*]請先關閉所有防毒軟件,然後下載 [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]ComboFix[/url] 至桌面[*]執行 [color=blue]ComboFix[/color],[color=blue]ComboFix[/color] 會彈出視窗,按[color=darkgreen]確定[/color],再按[color=darkgreen]是[/color][*][color=blue]ComboFix[/color] 會進行掃瞄,期間切勿執行其他程式或點擊 [color=blue]ComboFix[/color] 視窗[*]完成掃瞄後,[color=blue]ComboFix[/color] 可能會重新啟動電腦,其後 [color=blue]ComboFix[/color] 報告會自動彈出[*]該報告會自動儲存於 [color=red]C:\ComboFix.txt[/color][/list]
[u][color=red]Step 4 : 簡述情況及貼上報告[/color][/u]

[list][*]請簡述一下閣下電腦的狀況[*]請上傳下列報告至 [url=http://www.sendspace.com/]Sendspace[/url]:[/list]
[list=1][*][color=blue]HijackThis[/color][*][color=blue]Malwarebytes' Anti-Malware[/color][*][color=#0000ff]ComboFix[/color][/list]

samfufu 2013-5-14 04:18 AM

[quote]原帖由 [i]anlth2010[/i] 於 2013-5-13 11:28 PM 發表 [url=http://computer.discuss.com.hk/redirect.php?goto=findpost&pid=361419359&ptid=21890612][img]http://computer.discuss.com.hk/images/common/back.gif[/img][/url]
Step 1 : 下載及安裝 Malwarebytes' Anti-Malware

下載 Malwarebytes' Anti-Malware
[url=http://www.malwarebytes.org/mbam-download.php]http://www.malwarebytes.org/mbam-download.php[/url]儲存 mbam-setup.exe 至桌面執行 mbam-setup.exe 開始進行安裝,安裝 ... [/quote]  
一開始係好多software都開唔到,例如pps, online game(但唔係全部,有d得有d唔得,唔得果d係一開佢未開始update就已經要我關左佢), funshion(類似pps既software), skype, game(又係一開就唔得, 但係又係一dd,唔係全部都唔得),跟住佢地就會彈左個window出黎話"xxx已經停止運作,由於發生問題,導致程式停止正常運作,window將關閉程式,有解決方案可用時將通知你"


跟住我就跟住果3個steps做,開頭2個steps都冇問題,跟住去到ComboFix check完之後佢自動重開電腦,所有程式都開唔到,我唯有再重開,跟住d程式可以開返,不過就上唔到網,我睇過我部機係有連線,我一開網頁佢就話存取唔到,我記得係error: 137 xxxxxxx, 跟住我冇辦法之下我復原返去未做果幾個steps之前既電腦狀態先上返網,不過果d records仲係到,我upload左上sendspace



[url=http://www.sendspace.com/filegroup/PtWpj7Susf1ipwCgLbjObLkpe34DoWZZ]LINK[/url]

萬分感謝

[[i] 本帖最後由 samfufu 於 2013-5-14 04:54 AM 使用[url=http://www.discuss.com.hk/iphone][img=100,23]http://i.discuss.com.hk/d/images/r10/iphoneD.jpg [/img][/url] 編輯 [/i]]

anlth2010 2013-5-19 12:40 AM

[u][color=red]Step 1 : 刪除檔案[/color][/u]

[list][*]下載 [url=http://oldtimer.geekstogo.com/OTM.exe]OTM[/url] 至桌面,並執行 [color=blue]OTM[/color][*]複製下列文字,並貼上於 [color=darkgreen]Paste Instructions for Items to be Moved[/color] 之框格內:
[quote]
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SearchProtection"=-
[/quote][*]按一下 [color=darkgreen]MoveIt![/color],再按 [color=darkgreen]OK[/color],並重新啟動電腦[/list]
[u][color=red]Step 2 : 簡述情況[/color][/u]

[list][*]請簡述一下閣下電腦的狀況[/list]
頁: [1]
查看完整版本: 好多software都開唔到(附Hijackthis)