Chrome 启动页面被114篡改的修复
来源:互联网 发布:淘宝客服中心750模板 编辑:程序博客网 时间:2024/05/22 13:49
1 在PC上去除浏览器页面的篡改
我最终用下面的方法搞定:
使用了下面的工具:comboFix
【案】去网上下载一个版本,然后,直接运行就好了,要有点耐心,不要随意关闭窗口,直到生成了报告文件。
程序会找到非法插件的原始位置,然后,删除了这个文件。
楼主可以试试看ComboFix(pixnet.net 的页面)關閉所有防毒軟件(包括Windows Defender),下載ComboFix至桌面 ,執行 ComboFix 掃毒。掃瞄時不要執行其他程式或點擊 ComboFix視窗。(ComboFix掃毒約10 -20分鐘,唔使裝"修復主控台程式") 完成掃瞄後,ComboFix 報告會自動彈出。
报告如下:
ComboFix 16-09-28.01 - Administrator 6/10/15 周六 11:38:58.1.4 - x64
Microsoft Windows 7 旗舰版 6.1.7601.1.936.86.2052.18.3792.1752 [GMT 8:00]
执行位置: d:\documents\Downloads\ComboFix.exe
* 成功创造新还原点
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\tmp
D:\360Downloads
.
.
((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
.
.
((((((((((((((((((((((((( 2016-09-15 至 2016-10-15 的新的档案 )))))))))))))))))))))))))))))))
.
.
2016-10-15 03:37 . 2016-10-15 03:37 16712----a-w-c:\windows\system32\drivers\PROCEXP113.SYS
2016-10-15 03:15 . 2016-10-15 03:15 --------d-----w-c:\programdata\Huorong
2016-10-15 02:04 . 2016-10-15 02:04 --------d-----w-c:\programdata\CleanAndroid
2016-10-15 01:48 . 2016-09-30 02:53 488480----a-w-c:\windows\system32\baiducn.ime
2016-10-15 01:48 . 2016-09-30 02:53 420896----a-w-c:\windows\SysWow64\baiducn.ime
2016-10-15 01:48 . 2016-10-15 01:48 --------d-----w-c:\program files\Common Files\Baidu
2016-10-15 01:19 . 2016-10-15 01:19 130608----a-w-c:\windows\system32\drivers\TsQBDrv.sys
2016-10-15 01:19 . 2016-10-15 01:19 --------d-----w-c:\program files\Tencent
2016-10-15 01:06 . 2016-10-15 01:01 48632----a-w-c:\windows\system32\drivers\AntiRkX64.sys
2016-10-15 01:05 . 2016-10-15 01:05 --------d-----w-C:\QMDownload
2016-10-15 01:01 . 2016-10-15 01:01 52728----a-w-c:\windows\system32\drivers\TSSKX64.sys
2016-10-15 01:01 . 2016-10-15 01:01 --------d-----w-c:\program files\Common Files\Tencent
2016-10-15 01:01 . 2016-10-15 03:44 --------d-----w-c:\programdata\TXQMPC
2016-10-15 01:01 . 2016-10-15 01:01 97880----a-w-c:\windows\system32\drivers\TAOAccelerator64.sys
2016-10-15 01:01 . 2016-10-15 01:01 145400----a-w-c:\windows\system32\drivers\TAOKernel64.sys
2016-10-15 01:01 . 2016-10-15 01:01 96248----a-w-c:\windows\system32\drivers\TFsFltX64.sys
2016-10-15 00:30 . 2016-10-15 03:05 --------d-----w-c:\program files (x86)\Google
2016-10-14 06:16 . 2016-10-14 06:16 269952----a-w-c:\windows\system32\dtrampo.dll
2016-10-14 06:16 . 2016-10-14 06:16 45504----a-w-c:\windows\system32\drivers\hrwfpdrv.sys
2016-10-14 06:16 . 2016-10-14 06:16 235136----a-w-c:\windows\SysWow64\dtrampo.dll
2016-10-14 06:16 . 2016-10-14 06:16 35776----a-w-c:\windows\system32\drivers\hrfwdrv.sys
2016-10-14 06:16 . 2016-10-14 06:16 331712----a-w-c:\windows\system32\drivers\sysdiag.sys
2016-10-05 13:43 . 2016-10-05 13:49 --------d-----w-c:\programdata\kingsoft
2016-10-05 13:42 . 2016-10-05 13:42 --------d-----w-c:\users\Public\Thunder Network
2016-10-05 13:34 . 2015-12-10 04:45 152344----a-w-c:\windows\SysWow64\drivers\bbrowserhlp.dll
2016-10-05 13:34 . 2015-12-10 04:45 152344----a-w-c:\windows\system32\drivers\bbrowserhlp.dll
2016-10-05 13:34 . 2015-11-25 06:23 155640----a-w-c:\windows\system32\drivers\bbrowserboost.sys
2016-10-05 13:28 . 2016-10-15 02:06 --------d-----w-c:\program files (x86)\360
2016-10-05 13:28 . 2014-02-26 03:31 78168----a-w-c:\windows\system32\drivers\360AvFlt.sys
2016-10-05 13:28 . 2016-10-05 13:28 --------d-----w-c:\program files\360
2016-10-05 13:28 . 2016-10-05 13:28 --------d-----w-c:\programdata\Thunder Network
2016-10-05 13:28 . 2016-10-05 13:28 --------d-----w-c:\program files (x86)\Thunder Network
2016-10-05 13:28 . 2014-09-30 07:08 41800----a-w-c:\windows\system32\bd64_x64.dll
2016-10-05 13:28 . 2014-09-30 07:08 39056----a-w-c:\windows\system32\bd64_x86.dll
2016-10-05 13:28 . 2014-09-30 07:08 168776----a-w-c:\windows\system32\drivers\bd0004.sys
2016-10-05 13:28 . 2014-09-30 07:08 145736----a-w-c:\windows\system32\drivers\BDArKit.sys
2016-10-05 13:28 . 2014-09-30 07:08 104264----a-w-c:\windows\system32\drivers\bd0001.sys
2016-10-05 13:28 . 2016-10-15 02:19 --------d-----w-c:\users\Administrator
2016-10-05 13:25 . 2016-10-05 13:25 848230----a-w-c:\windows\unins000.exe
2016-10-05 13:25 . 2016-10-15 02:42 796352----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2016-10-05 13:25 . 2016-10-15 02:42 142528----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-10-05 13:25 . 2016-10-15 02:42 --------d-----w-c:\windows\system32\Macromed
2016-10-05 13:25 . 2016-10-15 02:42 --------d-----w-c:\windows\SysWow64\Macromed
2016-10-05 13:23 . 2015-05-26 12:57 29591040----a-w-c:\windows\system32\igdrcl64.dll
2016-10-05 13:21 . 2010-05-26 03:41 248672----a-w-c:\windows\SysWow64\d3dx11_43.dll
2016-09-29 13:54 . 2009-09-16 14:26 331816----a-r-c:\windows\system32\drivers\mv64xx.sys
2016-09-29 06:47 . 2016-10-15 01:25 --------d-----w-c:\programdata\Tencent
2016-09-29 06:42 . 2016-10-15 01:59 --------d-----w-c:\programdata\PPLive
2016-09-29 06:42 . 2016-10-15 01:59 --------d-----w-c:\programdata\Baidu
2016-09-29 06:41 . 2016-10-15 02:28 --------d-----w-c:\program files (x86)\Common Files\Tencent
2016-09-29 06:41 . 2010-11-21 03:24 346112----a-w-c:\windows\SysWow64\bcdedit.exe
2016-09-29 06:41 . 2016-09-29 06:41 --------d-----w-C:\dosh
2016-09-29 06:41 . 2016-09-29 06:41 499712----a-w-c:\windows\SysWow64\msvcp71.dll
2016-09-29 06:41 . 2016-09-29 06:41 348160----a-w-c:\windows\SysWow64\msvcr71.dll
2016-09-29 06:40 . 2016-09-29 06:40 --------d-----w-c:\program files\WinRAR
2016-09-29 06:38 . 2016-10-15 03:06 --------d-sh--w-c:\windows\Installer
2016-09-29 06:38 . 2016-10-05 13:22 --------d-s---w-c:\program files (x86)\Office2007
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-09-02 15:16 . 2016-09-29 03:54 44032----a-w-c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904}]
2014-05-30 10:05 140344----a-w-c:\program files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{DE05CF4A-7B0A-4775-B5E5-396244938679}]
2013-11-14 07:34 1857992----a-w-c:\program files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon"="c:\windows\System32\ctfmon.exe" [2009-07-14 8704]
"Lantern"="c:\users\Administrator\AppData\Roaming\Lantern\lantern.exe" [2016-09-22 13031200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QQPCTray"="c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCTRAY.EXE" [2016-10-15 362304]
"BaiduPinyin"="c:\program files (x86)\Baidu\BaiduPinyin\4.2.3181.0\baidupinyin.exe" [2016-09-30 1539104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ BAIDUCN.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0010804]
Ime File REG_SZ freeime.ime
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP]
@="service"
.
R2 bbrowserboost;bbrowserboost;c:\windows\system32\drivers\bbrowserboost.sys;c:\windows\SYSNATIVE\drivers\bbrowserboost.sys [x]
R2 QQRepairFixSVC;QQRepairFixSVC;c:\program files (x86)\Tencent\QQPCMGR\QQRepairFixSVC;c:\program files (x86)\Tencent\QQPCMGR\QQRepairFixSVC [x]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys;c:\windows\SYSNATIVE\drivers\ahcix64s.sys [x]
R3 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
R3 AntiRkX64;AntiRkX64;c:\windows\system32\Drivers\AntiRKX64.sys;c:\windows\SYSNATIVE\Drivers\AntiRKX64.sys [x]
R3 asahci64;asahci64;c:\windows\system32\drivers\asahci64.sys;c:\windows\SYSNATIVE\drivers\asahci64.sys [x]
R3 BaiduPinyinCore;BaiduPinyinCore;c:\windows\SysWOW64\IME\BaiduPY\BaiduPinyinCore.exe;c:\windows\SysWOW64\IME\BaiduPY\BaiduPinyinCore.exe [x]
R3 BaiduUpdater;Baidu Updater;c:\program files (x86)\Baidu\BaiduUpdate\bdupdate.exe;c:\program files (x86)\Baidu\BaiduUpdate\bdupdate.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FTT3s;FTT3s;c:\windows\system32\drivers\FTT3s.sys;c:\windows\SYSNATIVE\drivers\FTT3s.sys [x]
R3 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
R3 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys;c:\windows\SYSNATIVE\drivers\mv61xx.sys [x]
R3 mv64xx;mv64xx;c:\windows\system32\drivers\mv64xx.sys;c:\windows\SYSNATIVE\drivers\mv64xx.sys [x]
R3 mv91cons;mv91cons;c:\windows\system32\drivers\mv91cons.sys;c:\windows\SYSNATIVE\drivers\mv91cons.sys [x]
R3 mvs94xx;mvs94xx;c:\windows\system32\drivers\mvs94xx.sys;c:\windows\SYSNATIVE\drivers\mvs94xx.sys [x]
R3 mvSata;mvSata;c:\windows\system32\drivers\mvsata.sys;c:\windows\SYSNATIVE\drivers\mvsata.sys [x]
R3 PNPMEM;Microsoft Memory Module Driver;c:\windows\system32\DRIVERS\pnpmem.sys;c:\windows\SYSNATIVE\DRIVERS\pnpmem.sys [x]
R3 rccfg;AMD-RAID Config Device;c:\windows\system32\drivers\rccfg.sys;c:\windows\SYSNATIVE\drivers\rccfg.sys [x]
R3 rcraid;rcraid;c:\windows\system32\drivers\rcraid.sys;c:\windows\SYSNATIVE\drivers\rcraid.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 TcHardWare;TcHardWare;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCHW-x64.sys;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCHW-x64.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TSSKX64;TSSKX64;c:\windows\system32\drivers\tsskx64.sys;c:\windows\SYSNATIVE\drivers\tsskx64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 wpscloudsvr;WPS Office Cloud Service;c:\users\Administrator\AppData\Local\kingsoft\WPS Office\wpscloudsvr.exe LocalService;c:\users\Administrator\AppData\Local\kingsoft\WPS Office\wpscloudsvr.exe LocalService [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;英特尔(R) USB 3.0 主机控制器切换驱动程序;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 QMUdisk;tencent QMUdisk;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\QMUdisk64.sys;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\QMUdisk64.sys [x]
S1 softaal;softaal;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\softaal64.sys;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\softaal64.sys [x]
S1 SRepairDrv;SRepairDrv;c:\program files (x86)\Tencent\QQPCMGR\SRepairDrv;c:\program files (x86)\Tencent\QQPCMGR\SRepairDrv [x]
S1 sysdiag;Huorong Network Security Core Kext;c:\windows\system32\DRIVERS\sysdiag.sys;c:\windows\SYSNATIVE\DRIVERS\sysdiag.sys [x]
S1 TAOKernelDriver;Tencent Auto Optimize Platform.;c:\windows\system32\Drivers\TAOKernel64.sys;c:\windows\SYSNATIVE\Drivers\TAOKernel64.sys [x]
S1 TSDefenseBt;TSDefenseBt;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\TSDefenseBT64.sys;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\TSDefenseBT64.sys [x]
S1 TSSysKit;TSSysKit;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\TSSysKit64.sys;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\TSSysKit64.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HipsDaemon;Huorong Network Security Daemon;d:\program files (x86)\Huorong\Sysdiag\bin\HipsDaemon.exe;d:\program files (x86)\Huorong\Sysdiag\bin\HipsDaemon.exe [x]
S2 hrwfpdrv;Huorong Network Security Firewall Core Kext (WFP);c:\windows\system32\DRIVERS\hrwfpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\hrwfpdrv.sys [x]
S2 QQPCRTP;QQPCMgr RTP Service;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCRTP.exe;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCRTP.exe [x]
S2 QQSysMonX64;QQSysMonX64;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQSysMonX64.sys;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQSysMonX64.sys [x]
S2 tsnethlpx64;TsNetHlpX64.sys;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\TsNetHlpX64.sys;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\TsNetHlpX64.sys [x]
S2 TsQBDrv;TsQBDrv;c:\windows\system32\drivers\TsQBDrv.sys;c:\windows\SYSNATIVE\drivers\TsQBDrv.sys [x]
S2 TxQBService;TxQBService;c:\program files\Tencent\QQBrowser\TsService.exe;c:\program files\Tencent\QQBrowser\TsService.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 IntcDAud;英特尔(R) 显示器音频;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;英特尔(R) USB 3.0 集线器驱动程序;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;英特尔(R) USB 3.0 可扩展主机控制器驱动程序;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TAOAccelerator;Tencent TAOAccelerator driver.;c:\windows\system32\Drivers\TAOAccelerator64.sys;c:\windows\SYSNATIVE\Drivers\TAOAccelerator64.sys [x]
S3 TFsFlt;TFsFlt;c:\windows\system32\Drivers\TFsFltX64.sys;c:\windows\SYSNATIVE\Drivers\TFsFltX64.sys [x]
S3 TS888x64;TS888x64;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\TS888x64.sys;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\TS888x64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPSDRV
*NewlyCreated* - TS888X64
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-10-15 03:05 1364072----a-w-c:\program files (x86)\Google\Chrome\Application\54.0.2840.59\Installer\chrmstp.exe
.
‘计划任务’ 文件夹 里的内容
.
2016-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-05 02:42]
.
2016-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-10-15 03:01]
.
2016-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-10-15 03:01]
.
2016-10-15 c:\windows\Tasks\QQBrowser Updater Task(Core).job
- c:\program files\Tencent\QQBrowser\QQBrowser.exe [2016-10-15 01:19]
.
2016-10-15 c:\windows\Tasks\QQBrowser Updater Task.job
- c:\program files\Tencent\QQBrowser\QQBrowser.exe [2016-10-15 01:19]
.
2016-10-15 c:\windows\Tasks\WpsExternal_Administrator_20161005215003.job
- c:\users\Administrator\AppData\Local\Kingsoft\WPS Office\ksolaunch.exe [2016-10-05 13:49]
.
2016-10-15 c:\windows\Tasks\WpsNotifyTask_Administrator.job
- c:\users\Administrator\AppData\Local\Kingsoft\WPS Office\10.1.0.5975\wtoolex\wpsnotify.exe [2016-10-05 13:49]
.
2016-10-15 c:\windows\Tasks\WpsUpdateTask_Administrator.job
- c:\users\Administrator\AppData\Local\Kingsoft\WPS Office\10.1.0.5975\wtoolex\wpsupdate.exe [2016-09-09 16:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}]
2014-01-17 09:10 628680----a-w-c:\program files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.18.4724.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}]
2016-10-15 01:01 446144----a-w-c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\TSWebMon64.dat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\.QMDeskTopGCIcon]
@="{B7667919-3765-4815-A66D-98A09BE662D6}"
[HKEY_CLASSES_ROOT\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}]
2016-10-15 01:01 471744----a-w-c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\QMGCShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\QBOverlayIcon]
@="{96959DE7-C855-42BD-8382-2AAABF2A8F52}"
[HKEY_CLASSES_ROOT\CLSID\{96959DE7-C855-42BD-8382-2AAABF2A8F52}]
2016-10-15 02:20 205664----a-w-c:\users\Administrator\AppData\Local\Tencent\QQBrowser\User Data\QBShellIcon\shicqio77435.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sysdiag"="d:\program files (x86)\Huorong\Sysdiag\bin\HipsTray.exe" [2016-10-14 1360512]
.
------- 而外的扫描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.689la.com/
IE: 使用迅雷下载 - c:\program files (x86)\Thunder Network\Thunder\BHO\geturl.htm
IE: 使用迅雷下载全部链接 - c:\program files (x86)\Thunder Network\Thunder\BHO\getallurl.htm
TCP: DhcpNameServer = 121.32.228.21 192.168.1.1
TCP: Interfaces\{80F46764-B633-4E32-BA0E-25B88EBA06F7}: NameServer = 218.30.118.6,192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{DFACD043-FBC1-46AB-8C97-00570E0A690C} - c:\windows\shell64.dll
.
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" QQPCTray"="\"c:\\Program Files (x86)\\Tencent\\QQPCMgr\\12.0.18061.220\\QQPCTRAY.EXE\" /regrun /qqrepair"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QQRepair2442]
"ImagePath"="\"c:\program files (x86)\Tencent\QQPCMGR\QQRepair2442\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QQRepairFixSVC]
"ImagePath"="\"c:\program files (x86)\Tencent\QQPCMGR\QQRepairFixSVC\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SRepairDrv]
"ImagePath"="\??\c:\program files (x86)\Tencent\QQPCMGR\SRepairDrv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3123787243-2067808005-2493570559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="360ChromeURL"
.
[HKEY_USERS\S-1-5-21-3123787243-2067808005-2493570559-500_Classes\Software\Tencent\QQBrowser\file\htm\UserChoice]
@Denied: (2) (Administrator)
"ProgId"="QQBrowser.File"
"Hash"="MRqnJxyt1mo="
.
[HKEY_USERS\S-1-5-21-3123787243-2067808005-2493570559-500_Classes\Software\Tencent\QQBrowser\file\html\UserChoice]
@Denied: (2) (Administrator)
"ProgId"="QQBrowser.File"
"Hash"="pvfU5pRLIDU="
.
[HKEY_USERS\S-1-5-21-3123787243-2067808005-2493570559-500_Classes\Software\Tencent\QQBrowser\file\shtml\UserChoice]
@Denied: (2) (Administrator)
"ProgId"="QQBrowser.File"
"Hash"="evcNM68HiKk="
.
[HKEY_USERS\S-1-5-21-3123787243-2067808005-2493570559-500_Classes\Software\Tencent\QQBrowser\file\xht\UserChoice]
@Denied: (2) (Administrator)
"ProgId"="QQBrowser.File"
"Hash"="3zpRgqkXzls="
.
[HKEY_USERS\S-1-5-21-3123787243-2067808005-2493570559-500_Classes\Software\Tencent\QQBrowser\file\xhtml\UserChoice]
@Denied: (2) (Administrator)
"ProgId"="QQBrowser.File"
"Hash"="neEWU+3HcOo="
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\銐婼) *C*A*B* *噀鯪\command]
@="expand -r \"%1\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\O(uQ*Q*q_髼璬>e\command]
@="\"c:\\Program Files (x86)\\Tencent\\QQPlayer\\QQPlayer.exe\" /disk \"%1\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DVD\shell\O(uQ*Q*q_髼璬>e\command]
@="\"c:\\Program Files (x86)\\Tencent\\QQPlayer\\QQPlayer.exe\" /disk \"%1\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.23"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ 其他运行进程 ------------------------
.
c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\plugins\QMNetMon\QQPCNetFlow.exe
c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCRealTimeSpeedup.exe
c:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\baidu\BaiduPinyin\4.2.3181.0\BDIMEDataReport.exe
.
**************************************************************************
.
完成时间: 2016-10-15 11:47:49 - 电脑已重新启动
ComboFix-quarantined-files.txt 2016-10-15 03:47
.
Pre-Run: 8 个目录 103,757,479,936 可用字节
Post-Run: 13 个目录 103,592,697,856 可用字节
.
- - End Of File - - E35D508341AF11A69C2B36DD61DE1487
作者:居然有人
链接:https://www.zhihu.com/question/21876153/answer/23683564
来源:知乎
著作权归作者所有,转载请联系作者获得授权。
Microsoft Windows 7 旗舰版 6.1.7601.1.936.86.2052.18.3792.1752 [GMT 8:00]
执行位置: d:\documents\Downloads\ComboFix.exe
* 成功创造新还原点
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\tmp
D:\360Downloads
.
.
((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
.
.
((((((((((((((((((((((((( 2016-09-15 至 2016-10-15 的新的档案 )))))))))))))))))))))))))))))))
.
.
2016-10-15 03:37 . 2016-10-15 03:37 16712----a-w-c:\windows\system32\drivers\PROCEXP113.SYS
2016-10-15 03:15 . 2016-10-15 03:15 --------d-----w-c:\programdata\Huorong
2016-10-15 02:04 . 2016-10-15 02:04 --------d-----w-c:\programdata\CleanAndroid
2016-10-15 01:48 . 2016-09-30 02:53 488480----a-w-c:\windows\system32\baiducn.ime
2016-10-15 01:48 . 2016-09-30 02:53 420896----a-w-c:\windows\SysWow64\baiducn.ime
2016-10-15 01:48 . 2016-10-15 01:48 --------d-----w-c:\program files\Common Files\Baidu
2016-10-15 01:19 . 2016-10-15 01:19 130608----a-w-c:\windows\system32\drivers\TsQBDrv.sys
2016-10-15 01:19 . 2016-10-15 01:19 --------d-----w-c:\program files\Tencent
2016-10-15 01:06 . 2016-10-15 01:01 48632----a-w-c:\windows\system32\drivers\AntiRkX64.sys
2016-10-15 01:05 . 2016-10-15 01:05 --------d-----w-C:\QMDownload
2016-10-15 01:01 . 2016-10-15 01:01 52728----a-w-c:\windows\system32\drivers\TSSKX64.sys
2016-10-15 01:01 . 2016-10-15 01:01 --------d-----w-c:\program files\Common Files\Tencent
2016-10-15 01:01 . 2016-10-15 03:44 --------d-----w-c:\programdata\TXQMPC
2016-10-15 01:01 . 2016-10-15 01:01 97880----a-w-c:\windows\system32\drivers\TAOAccelerator64.sys
2016-10-15 01:01 . 2016-10-15 01:01 145400----a-w-c:\windows\system32\drivers\TAOKernel64.sys
2016-10-15 01:01 . 2016-10-15 01:01 96248----a-w-c:\windows\system32\drivers\TFsFltX64.sys
2016-10-15 00:30 . 2016-10-15 03:05 --------d-----w-c:\program files (x86)\Google
2016-10-14 06:16 . 2016-10-14 06:16 269952----a-w-c:\windows\system32\dtrampo.dll
2016-10-14 06:16 . 2016-10-14 06:16 45504----a-w-c:\windows\system32\drivers\hrwfpdrv.sys
2016-10-14 06:16 . 2016-10-14 06:16 235136----a-w-c:\windows\SysWow64\dtrampo.dll
2016-10-14 06:16 . 2016-10-14 06:16 35776----a-w-c:\windows\system32\drivers\hrfwdrv.sys
2016-10-14 06:16 . 2016-10-14 06:16 331712----a-w-c:\windows\system32\drivers\sysdiag.sys
2016-10-05 13:43 . 2016-10-05 13:49 --------d-----w-c:\programdata\kingsoft
2016-10-05 13:42 . 2016-10-05 13:42 --------d-----w-c:\users\Public\Thunder Network
2016-10-05 13:34 . 2015-12-10 04:45 152344----a-w-c:\windows\SysWow64\drivers\bbrowserhlp.dll
2016-10-05 13:34 . 2015-12-10 04:45 152344----a-w-c:\windows\system32\drivers\bbrowserhlp.dll
2016-10-05 13:34 . 2015-11-25 06:23 155640----a-w-c:\windows\system32\drivers\bbrowserboost.sys
2016-10-05 13:28 . 2016-10-15 02:06 --------d-----w-c:\program files (x86)\360
2016-10-05 13:28 . 2014-02-26 03:31 78168----a-w-c:\windows\system32\drivers\360AvFlt.sys
2016-10-05 13:28 . 2016-10-05 13:28 --------d-----w-c:\program files\360
2016-10-05 13:28 . 2016-10-05 13:28 --------d-----w-c:\programdata\Thunder Network
2016-10-05 13:28 . 2016-10-05 13:28 --------d-----w-c:\program files (x86)\Thunder Network
2016-10-05 13:28 . 2014-09-30 07:08 41800----a-w-c:\windows\system32\bd64_x64.dll
2016-10-05 13:28 . 2014-09-30 07:08 39056----a-w-c:\windows\system32\bd64_x86.dll
2016-10-05 13:28 . 2014-09-30 07:08 168776----a-w-c:\windows\system32\drivers\bd0004.sys
2016-10-05 13:28 . 2014-09-30 07:08 145736----a-w-c:\windows\system32\drivers\BDArKit.sys
2016-10-05 13:28 . 2014-09-30 07:08 104264----a-w-c:\windows\system32\drivers\bd0001.sys
2016-10-05 13:28 . 2016-10-15 02:19 --------d-----w-c:\users\Administrator
2016-10-05 13:25 . 2016-10-05 13:25 848230----a-w-c:\windows\unins000.exe
2016-10-05 13:25 . 2016-10-15 02:42 796352----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2016-10-05 13:25 . 2016-10-15 02:42 142528----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-10-05 13:25 . 2016-10-15 02:42 --------d-----w-c:\windows\system32\Macromed
2016-10-05 13:25 . 2016-10-15 02:42 --------d-----w-c:\windows\SysWow64\Macromed
2016-10-05 13:23 . 2015-05-26 12:57 29591040----a-w-c:\windows\system32\igdrcl64.dll
2016-10-05 13:21 . 2010-05-26 03:41 248672----a-w-c:\windows\SysWow64\d3dx11_43.dll
2016-09-29 13:54 . 2009-09-16 14:26 331816----a-r-c:\windows\system32\drivers\mv64xx.sys
2016-09-29 06:47 . 2016-10-15 01:25 --------d-----w-c:\programdata\Tencent
2016-09-29 06:42 . 2016-10-15 01:59 --------d-----w-c:\programdata\PPLive
2016-09-29 06:42 . 2016-10-15 01:59 --------d-----w-c:\programdata\Baidu
2016-09-29 06:41 . 2016-10-15 02:28 --------d-----w-c:\program files (x86)\Common Files\Tencent
2016-09-29 06:41 . 2010-11-21 03:24 346112----a-w-c:\windows\SysWow64\bcdedit.exe
2016-09-29 06:41 . 2016-09-29 06:41 --------d-----w-C:\dosh
2016-09-29 06:41 . 2016-09-29 06:41 499712----a-w-c:\windows\SysWow64\msvcp71.dll
2016-09-29 06:41 . 2016-09-29 06:41 348160----a-w-c:\windows\SysWow64\msvcr71.dll
2016-09-29 06:40 . 2016-09-29 06:40 --------d-----w-c:\program files\WinRAR
2016-09-29 06:38 . 2016-10-15 03:06 --------d-sh--w-c:\windows\Installer
2016-09-29 06:38 . 2016-10-05 13:22 --------d-s---w-c:\program files (x86)\Office2007
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-09-02 15:16 . 2016-09-29 03:54 44032----a-w-c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904}]
2014-05-30 10:05 140344----a-w-c:\program files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{DE05CF4A-7B0A-4775-B5E5-396244938679}]
2013-11-14 07:34 1857992----a-w-c:\program files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon"="c:\windows\System32\ctfmon.exe" [2009-07-14 8704]
"Lantern"="c:\users\Administrator\AppData\Roaming\Lantern\lantern.exe" [2016-09-22 13031200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QQPCTray"="c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCTRAY.EXE" [2016-10-15 362304]
"BaiduPinyin"="c:\program files (x86)\Baidu\BaiduPinyin\4.2.3181.0\baidupinyin.exe" [2016-09-30 1539104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ BAIDUCN.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0010804]
Ime File REG_SZ freeime.ime
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP]
@="service"
.
R2 bbrowserboost;bbrowserboost;c:\windows\system32\drivers\bbrowserboost.sys;c:\windows\SYSNATIVE\drivers\bbrowserboost.sys [x]
R2 QQRepairFixSVC;QQRepairFixSVC;c:\program files (x86)\Tencent\QQPCMGR\QQRepairFixSVC;c:\program files (x86)\Tencent\QQPCMGR\QQRepairFixSVC [x]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys;c:\windows\SYSNATIVE\drivers\ahcix64s.sys [x]
R3 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
R3 AntiRkX64;AntiRkX64;c:\windows\system32\Drivers\AntiRKX64.sys;c:\windows\SYSNATIVE\Drivers\AntiRKX64.sys [x]
R3 asahci64;asahci64;c:\windows\system32\drivers\asahci64.sys;c:\windows\SYSNATIVE\drivers\asahci64.sys [x]
R3 BaiduPinyinCore;BaiduPinyinCore;c:\windows\SysWOW64\IME\BaiduPY\BaiduPinyinCore.exe;c:\windows\SysWOW64\IME\BaiduPY\BaiduPinyinCore.exe [x]
R3 BaiduUpdater;Baidu Updater;c:\program files (x86)\Baidu\BaiduUpdate\bdupdate.exe;c:\program files (x86)\Baidu\BaiduUpdate\bdupdate.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FTT3s;FTT3s;c:\windows\system32\drivers\FTT3s.sys;c:\windows\SYSNATIVE\drivers\FTT3s.sys [x]
R3 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
R3 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys;c:\windows\SYSNATIVE\drivers\mv61xx.sys [x]
R3 mv64xx;mv64xx;c:\windows\system32\drivers\mv64xx.sys;c:\windows\SYSNATIVE\drivers\mv64xx.sys [x]
R3 mv91cons;mv91cons;c:\windows\system32\drivers\mv91cons.sys;c:\windows\SYSNATIVE\drivers\mv91cons.sys [x]
R3 mvs94xx;mvs94xx;c:\windows\system32\drivers\mvs94xx.sys;c:\windows\SYSNATIVE\drivers\mvs94xx.sys [x]
R3 mvSata;mvSata;c:\windows\system32\drivers\mvsata.sys;c:\windows\SYSNATIVE\drivers\mvsata.sys [x]
R3 PNPMEM;Microsoft Memory Module Driver;c:\windows\system32\DRIVERS\pnpmem.sys;c:\windows\SYSNATIVE\DRIVERS\pnpmem.sys [x]
R3 rccfg;AMD-RAID Config Device;c:\windows\system32\drivers\rccfg.sys;c:\windows\SYSNATIVE\drivers\rccfg.sys [x]
R3 rcraid;rcraid;c:\windows\system32\drivers\rcraid.sys;c:\windows\SYSNATIVE\drivers\rcraid.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 TcHardWare;TcHardWare;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCHW-x64.sys;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCHW-x64.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TSSKX64;TSSKX64;c:\windows\system32\drivers\tsskx64.sys;c:\windows\SYSNATIVE\drivers\tsskx64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 wpscloudsvr;WPS Office Cloud Service;c:\users\Administrator\AppData\Local\kingsoft\WPS Office\wpscloudsvr.exe LocalService;c:\users\Administrator\AppData\Local\kingsoft\WPS Office\wpscloudsvr.exe LocalService [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;英特尔(R) USB 3.0 主机控制器切换驱动程序;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 QMUdisk;tencent QMUdisk;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\QMUdisk64.sys;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\QMUdisk64.sys [x]
S1 softaal;softaal;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\softaal64.sys;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\softaal64.sys [x]
S1 SRepairDrv;SRepairDrv;c:\program files (x86)\Tencent\QQPCMGR\SRepairDrv;c:\program files (x86)\Tencent\QQPCMGR\SRepairDrv [x]
S1 sysdiag;Huorong Network Security Core Kext;c:\windows\system32\DRIVERS\sysdiag.sys;c:\windows\SYSNATIVE\DRIVERS\sysdiag.sys [x]
S1 TAOKernelDriver;Tencent Auto Optimize Platform.;c:\windows\system32\Drivers\TAOKernel64.sys;c:\windows\SYSNATIVE\Drivers\TAOKernel64.sys [x]
S1 TSDefenseBt;TSDefenseBt;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\TSDefenseBT64.sys;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\TSDefenseBT64.sys [x]
S1 TSSysKit;TSSysKit;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\TSSysKit64.sys;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\TSSysKit64.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HipsDaemon;Huorong Network Security Daemon;d:\program files (x86)\Huorong\Sysdiag\bin\HipsDaemon.exe;d:\program files (x86)\Huorong\Sysdiag\bin\HipsDaemon.exe [x]
S2 hrwfpdrv;Huorong Network Security Firewall Core Kext (WFP);c:\windows\system32\DRIVERS\hrwfpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\hrwfpdrv.sys [x]
S2 QQPCRTP;QQPCMgr RTP Service;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCRTP.exe;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCRTP.exe [x]
S2 QQSysMonX64;QQSysMonX64;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQSysMonX64.sys;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQSysMonX64.sys [x]
S2 tsnethlpx64;TsNetHlpX64.sys;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\TsNetHlpX64.sys;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\TsNetHlpX64.sys [x]
S2 TsQBDrv;TsQBDrv;c:\windows\system32\drivers\TsQBDrv.sys;c:\windows\SYSNATIVE\drivers\TsQBDrv.sys [x]
S2 TxQBService;TxQBService;c:\program files\Tencent\QQBrowser\TsService.exe;c:\program files\Tencent\QQBrowser\TsService.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 IntcDAud;英特尔(R) 显示器音频;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;英特尔(R) USB 3.0 集线器驱动程序;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;英特尔(R) USB 3.0 可扩展主机控制器驱动程序;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TAOAccelerator;Tencent TAOAccelerator driver.;c:\windows\system32\Drivers\TAOAccelerator64.sys;c:\windows\SYSNATIVE\Drivers\TAOAccelerator64.sys [x]
S3 TFsFlt;TFsFlt;c:\windows\system32\Drivers\TFsFltX64.sys;c:\windows\SYSNATIVE\Drivers\TFsFltX64.sys [x]
S3 TS888x64;TS888x64;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\TS888x64.sys;c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\TS888x64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPSDRV
*NewlyCreated* - TS888X64
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-10-15 03:05 1364072----a-w-c:\program files (x86)\Google\Chrome\Application\54.0.2840.59\Installer\chrmstp.exe
.
‘计划任务’ 文件夹 里的内容
.
2016-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-05 02:42]
.
2016-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-10-15 03:01]
.
2016-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-10-15 03:01]
.
2016-10-15 c:\windows\Tasks\QQBrowser Updater Task(Core).job
- c:\program files\Tencent\QQBrowser\QQBrowser.exe [2016-10-15 01:19]
.
2016-10-15 c:\windows\Tasks\QQBrowser Updater Task.job
- c:\program files\Tencent\QQBrowser\QQBrowser.exe [2016-10-15 01:19]
.
2016-10-15 c:\windows\Tasks\WpsExternal_Administrator_20161005215003.job
- c:\users\Administrator\AppData\Local\Kingsoft\WPS Office\ksolaunch.exe [2016-10-05 13:49]
.
2016-10-15 c:\windows\Tasks\WpsNotifyTask_Administrator.job
- c:\users\Administrator\AppData\Local\Kingsoft\WPS Office\10.1.0.5975\wtoolex\wpsnotify.exe [2016-10-05 13:49]
.
2016-10-15 c:\windows\Tasks\WpsUpdateTask_Administrator.job
- c:\users\Administrator\AppData\Local\Kingsoft\WPS Office\10.1.0.5975\wtoolex\wpsupdate.exe [2016-09-09 16:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}]
2014-01-17 09:10 628680----a-w-c:\program files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.18.4724.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}]
2016-10-15 01:01 446144----a-w-c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\TSWebMon64.dat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\.QMDeskTopGCIcon]
@="{B7667919-3765-4815-A66D-98A09BE662D6}"
[HKEY_CLASSES_ROOT\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}]
2016-10-15 01:01 471744----a-w-c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\QMGCShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\QBOverlayIcon]
@="{96959DE7-C855-42BD-8382-2AAABF2A8F52}"
[HKEY_CLASSES_ROOT\CLSID\{96959DE7-C855-42BD-8382-2AAABF2A8F52}]
2016-10-15 02:20 205664----a-w-c:\users\Administrator\AppData\Local\Tencent\QQBrowser\User Data\QBShellIcon\shicqio77435.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sysdiag"="d:\program files (x86)\Huorong\Sysdiag\bin\HipsTray.exe" [2016-10-14 1360512]
.
------- 而外的扫描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.689la.com/
IE: 使用迅雷下载 - c:\program files (x86)\Thunder Network\Thunder\BHO\geturl.htm
IE: 使用迅雷下载全部链接 - c:\program files (x86)\Thunder Network\Thunder\BHO\getallurl.htm
TCP: DhcpNameServer = 121.32.228.21 192.168.1.1
TCP: Interfaces\{80F46764-B633-4E32-BA0E-25B88EBA06F7}: NameServer = 218.30.118.6,192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{DFACD043-FBC1-46AB-8C97-00570E0A690C} - c:\windows\shell64.dll
.
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" QQPCTray"="\"c:\\Program Files (x86)\\Tencent\\QQPCMgr\\12.0.18061.220\\QQPCTRAY.EXE\" /regrun /qqrepair"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QQRepair2442]
"ImagePath"="\"c:\program files (x86)\Tencent\QQPCMGR\QQRepair2442\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QQRepairFixSVC]
"ImagePath"="\"c:\program files (x86)\Tencent\QQPCMGR\QQRepairFixSVC\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SRepairDrv]
"ImagePath"="\??\c:\program files (x86)\Tencent\QQPCMGR\SRepairDrv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3123787243-2067808005-2493570559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="360ChromeURL"
.
[HKEY_USERS\S-1-5-21-3123787243-2067808005-2493570559-500_Classes\Software\Tencent\QQBrowser\file\htm\UserChoice]
@Denied: (2) (Administrator)
"ProgId"="QQBrowser.File"
"Hash"="MRqnJxyt1mo="
.
[HKEY_USERS\S-1-5-21-3123787243-2067808005-2493570559-500_Classes\Software\Tencent\QQBrowser\file\html\UserChoice]
@Denied: (2) (Administrator)
"ProgId"="QQBrowser.File"
"Hash"="pvfU5pRLIDU="
.
[HKEY_USERS\S-1-5-21-3123787243-2067808005-2493570559-500_Classes\Software\Tencent\QQBrowser\file\shtml\UserChoice]
@Denied: (2) (Administrator)
"ProgId"="QQBrowser.File"
"Hash"="evcNM68HiKk="
.
[HKEY_USERS\S-1-5-21-3123787243-2067808005-2493570559-500_Classes\Software\Tencent\QQBrowser\file\xht\UserChoice]
@Denied: (2) (Administrator)
"ProgId"="QQBrowser.File"
"Hash"="3zpRgqkXzls="
.
[HKEY_USERS\S-1-5-21-3123787243-2067808005-2493570559-500_Classes\Software\Tencent\QQBrowser\file\xhtml\UserChoice]
@Denied: (2) (Administrator)
"ProgId"="QQBrowser.File"
"Hash"="neEWU+3HcOo="
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\銐婼) *C*A*B* *噀鯪\command]
@="expand -r \"%1\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\O(uQ*Q*q_髼璬>e\command]
@="\"c:\\Program Files (x86)\\Tencent\\QQPlayer\\QQPlayer.exe\" /disk \"%1\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DVD\shell\O(uQ*Q*q_髼璬>e\command]
@="\"c:\\Program Files (x86)\\Tencent\\QQPlayer\\QQPlayer.exe\" /disk \"%1\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.23"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ 其他运行进程 ------------------------
.
c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\plugins\QMNetMon\QQPCNetFlow.exe
c:\program files (x86)\Tencent\QQPCMgr\12.0.18061.220\QQPCRealTimeSpeedup.exe
c:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\baidu\BaiduPinyin\4.2.3181.0\BDIMEDataReport.exe
.
**************************************************************************
.
完成时间: 2016-10-15 11:47:49 - 电脑已重新启动
ComboFix-quarantined-files.txt 2016-10-15 03:47
.
Pre-Run: 8 个目录 103,757,479,936 可用字节
Post-Run: 13 个目录 103,592,697,856 可用字节
.
- - End Of File - - E35D508341AF11A69C2B36DD61DE1487
作者:居然有人
链接:https://www.zhihu.com/question/21876153/answer/23683564
来源:知乎
著作权归作者所有,转载请联系作者获得授权。
2 在Android的设备上
需要清楚之前的所有用户数据即可
------------------------------------------------------------------------
https://www.zhihu.com/question/21876153
0 0
- Chrome 启动页面被114篡改的修复
- 关于Google Chrome启动时启动页面被毒霸篡改的解决办法
- chrome主页被垃圾软件篡改为hao123后最小白的修复方法
- 浏览器主页被篡改修复
- 记一次修复被篡改的IE首页
- 【浅析win7下IE8主页被篡改的修复过程】
- IE和谷歌浏览器主页被篡改的修复
- 火狐主页被篡改后的修复办法
- Google Chrome 被Hao123.com 首页篡改的 解决办法
- linux服务器java环境被篡改修复
- 工具栏浏览器主页被篡改修复方法
- IE主页被篡改后修复
- chrome浏览器主页被篡改如何解决
- Chrome 浏览器主页被 hao123 篡改解决办法
- chrome被hao123劫持,篡改主页
- chrome 浏览器主页被 360 篡改解决办法
- chrome主页被篡改毒霸网址大全
- 浏览器启动页被篡改
- Android性能优化之Listview(ViewHolder重用机制)
- Android 源码系列之<十>从源码的角度深入理解AccessibilityService,打造自己的APP小外挂(上)
- 第七周 项目5-计数的模式匹配
- 排序算法——归并排序
- maven国内镜像 阿里云
- Chrome 启动页面被114篡改的修复
- 求割点割边——hihoCoder 1183
- 网页爬虫--scrapy入门
- oj2
- MyEclipse常用配置
- Java基础知识总结(1)
- 爬虫入门(实用向)
- 网页爬虫--scrapy进阶
- HDU:1148 Rock-Paper-Scissors Tournament
