418197 Posted May 11, 2011 Report Share Posted May 11, 2011 I use uTorrent 2.1 version, every time I open the program would crash after a few minutesLogfile of Trend Micro HijackThis v2.0.4Scan saved at 上午 06:43:17, on 2011/5/12Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v9.00 (9.00.8112.16421)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\$NetRover\NetRover.exeC:\Users\iingg\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\iingg\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\iingg\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\iingg\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\iingg\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\iingg\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\notepad.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: IE2EMBHO Class - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - C:\Program Files\easyMule\modules\IE2EM.dllO2 - BHO: MediaMonitor.XlMediaMonitorBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - d:\Program Files\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.0.18.dllO2 - BHO: SohuBHO - {452ADB5B-00BE-469D-A65F-3046146B2ED5} - C:\Program Files\滄緒荌秞\SoHuAutoDetector.dll (file missing)O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - d:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.1.7.2244.dllO2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\iingg\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dllO2 - BHO: DownloadAssistant.XlDownloadAssistantBhoObject - {B0E2F470-0B07-48f0-B3B1-5749505FAE9B} - d:\Program Files\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.0.18.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO4 - HKLM\..\Run: [NetRover] C:\$NetRover\NetRover.vbsO4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -sO4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O8 - Extra context menu item: 使用迅雷下載 - d:\Program Files\Thunder Network\Thunder\BHO\geturl.htmO8 - Extra context menu item: 使用迅雷下載全部鏈接 - d:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htmO8 - Extra context menu item: 使用電驢下載 - C:\Program Files\easyMule\IE2EM.htmO8 - Extra context menu item: 妏蚚UUSee樓厒畦溫 - d:\Program Files\uusee\geturltoplay.htmO8 - Extra context menu item: 妏蚚UUSee狟婥 - d:\Program Files\uusee\geturltodown.htmO8 - Extra context menu item: 妏蚚辦陬3狟婥 - C:\Users\iingg\AppData\Roaming\FlashGetBHO\GetUrl.htmO8 - Extra context menu item: 妏蚚辦陬3狟婥窒蟈諉 - C:\Users\iingg\AppData\Roaming\FlashGetBHO\GetAllUrl.htmO9 - Extra button: (no name) - AutorunsDisabled - (no file)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO10 - Unknown file in Winsock LSP: c:\$netrover\nrfiltera.dllO10 - Unknown file in Winsock LSP: c:\$netrover\nrfiltera.dllO10 - Unknown file in Winsock LSP: c:\$netrover\nrfiltera.dllO10 - Unknown file in Winsock LSP: c:\$netrover\nrfiltera.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: http://*.alipay.comO15 - Trusted Zone: http://*.alisoft.comO15 - Trusted Zone: http://*.moneydj.comO15 - Trusted Zone: http://*.optionnet.com.twO15 - Trusted Zone: http://*.yuanta.com.twO15 - Trusted Zone: http://*.yuantafunds.com.twO15 - Trusted Zone: http://*.yuantafutures.com.twO15 - Trusted Zone: http://software.kuaiche.comO15 - Trusted Zone: http://*.taobao.comO15 - ESC Trusted Zone: http://*.update.microsoft.comO16 - DPF: {0EB487C8-E9AC-43A6-8C4C-083999B0622F} (InfosecCertInstall Class) - https://mybank.icbc.com.cn/icbc/newperbank/certInStall.dllO16 - DPF: {7AEA10C5-B38F-4D72-A8F0-ED2D43D2A59E} (ICBCOCX Public Key Check) - https://mybank.icbc.com.cn/icbc/ICBCPKCheck.cabO16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/newperbank/AxSafeControls.cabO16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.com/download/SOPCORE.CABO16 - DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} (InfoSecICBCNetSign Class) - https://mybank.icbc.com.cn/icbc/ICBC_NetSign.dllO16 - DPF: {C0F4471E-DF4F-4D02-9D2D-CF33B0724A1C} (TRUSTATMPOST Control) - https://webatm.post.gov.tw/postatm/TRUSTATMPOST5.cabO16 - DPF: {C7EC0B9B-074B-40FE-BF29-B135FB4F57D7} (Icbc_gemplus2006dv Control) - https://mybank.icbc.com.cn/icbc/icbc_gemplus2006dv.dllO16 - DPF: {D1A7CAB4-B1BF-402D-A64E-143191B5792B} - http://web.ikala.tv/online/iKala.CABO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO16 - DPF: {FCD02891-CC31-4F92-87E9-3A0653C8066E} - http://basic.dhs.hinet.net/basic/DHS_OBJ/ObjSource/FullSetup_1_1_5.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{D18D2418-884F-4295-94E7-9F717E636725}: NameServer = 8.8.8.8O17 - HKLM\System\CS1\Services\Tcpip\..\{D18D2418-884F-4295-94E7-9F717E636725}: NameServer = 8.8.8.8O17 - HKLM\System\CS2\Services\Tcpip\..\{D18D2418-884F-4295-94E7-9F717E636725}: NameServer = 8.8.8.8O18 - Protocol: KuGoo - (no CLSID) - (no file)O18 - Protocol: KuGoo3 - (no CLSID) - (no file)O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exeO23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: MacType Service (MacType) - FlyingSnow - C:\Program Files\MacType\MacTray.exe--End of file - 6302 bytesProcess PID CPU Private Bytes Working Set Description Company NameSystem Idle Process 0 77.61 0 K 24 K System 4 0.32 48 K 300 K Interrupts n/a 0.97 0 K 0 K Hardware Interrupts and DPCs smss.exe 240 264 K 796 K Windows 工作階段管理員 Microsoft Corporationcsrss.exe 380 0.01 1,472 K 6,836 K 用戶端伺服器執行階段處理程序 Microsoft Corporationcsrss.exe 440 0.27 1,900 K 31,372 K 用戶端伺服器執行階段處理程序 Microsoft Corporationwininit.exe 448 1,608 K 4,880 K Windows 啟動應用程式 Microsoft Corporation services.exe 544 0.20 6,864 K 9,852 K 服務及控制站應用程式 Microsoft Corporation svchost.exe 664 0.01 3,340 K 7,676 K Windows Services 的主機處理程序 Microsoft Corporation WmiPrvSE.exe 2696 3,484 K 7,756 K WMI Provider Host Microsoft Corporation WmiPrvSE.exe 2176 2,392 K 5,632 K WMI Provider Host Microsoft Corporation svchost.exe 748 0.19 4,432 K 5,676 K Windows Services 的主機處理程序 Microsoft Corporation svchost.exe 844 0.02 12,848 K 12,848 K Windows Services 的主機處理程序 Microsoft Corporation audiodg.exe 980 16,516 K 15,892 K Windows Audio Device Graph Isolation Microsoft Corporation svchost.exe 876 3,724 K 9,532 K Windows Services 的主機處理程序 Microsoft Corporation dwm.exe 1748 0.91 24,892 K 23,596 K 桌面視窗管理員 Microsoft Corporation svchost.exe 900 0.02 18,768 K 27,488 K Windows Services 的主機處理程序 Microsoft Corporation svchost.exe 1052 0.98 6,128 K 12,444 K Windows Services 的主機處理程序 Microsoft Corporation svchost.exe 1156 0.02 11,388 K 11,812 K Windows Services 的主機處理程序 Microsoft Corporation spoolsv.exe 1316 6,832 K 10,560 K 多工緩衝處理器子系統應用程式 Microsoft Corporation svchost.exe 1364 0.64 5,444 K 25,404 K Windows Services 的主機處理程序 Microsoft Corporation svchost.exe 1400 1.09 11,056 K 14,036 K Windows Services 的主機處理程序 Microsoft Corporation MacTray.exe 1524 0.03 4,804 K 7,724 K MacType FlyingSnow taskhost.exe 1672 < 0.01 6,952 K 8,604 K Windows 工作的主機處理程序 Microsoft Corporation svchost.exe 1932 1,272 K 4,444 K Windows Services 的主機處理程序 Microsoft Corporation svchost.exe 1996 2,912 K 4,056 K Windows Services 的主機處理程序 Microsoft Corporation svchost.exe 1908 3,636 K 4,908 K Windows Services 的主機處理程序 Microsoft Corporation DkService.exe 3288 4.58 13,104 K 9,872 K Diskeeper Service Diskeeper Corporation wmpnetwk.exe 3400 0.01 9,752 K 4,256 K Windows Media Player 網路共用服務 Microsoft Corporation TrustedInstaller.exe 1220 2,124 K 6,776 K Windows 模組安裝程式 Microsoft Corporation msiexec.exe 3980 2,976 K 10,120 K WindowsR installer Microsoft Corporation lsass.exe 552 0.81 2,976 K 7,784 K Local Security Authority Process Microsoft Corporation lsm.exe 560 < 0.01 1,264 K 3,084 K 本機工作階段管理員服務 Microsoft Corporationwinlogon.exe 488 2,324 K 6,168 K Windows 登入應用程式 Microsoft Corporationexplorer.exe 1780 0.23 35,680 K 55,064 K Windows 檔案總管 Microsoft Corporation RtHDVCpl.exe 2116 7,916 K 8,972 K 瑞昱高傳真音效 Realtek Semiconductor sidebar.exe 2132 1.13 31,952 K 74,108 K Windows 桌面小工具 Microsoft Corporation chrome.exe 3072 0.01 61,296 K 88,444 K Google Chrome Google Inc. chrome.exe 3244 < 0.01 9,028 K 18,080 K Google Chrome Google Inc. chrome.exe 2444 0.01 12,088 K 23,144 K Google Chrome Google Inc. chrome.exe 3156 9,276 K 18,664 K Google Chrome Google Inc. chrome.exe 3276 37,032 K 46,148 K Google Chrome Google Inc. chrome.exe 2624 0.04 44,100 K 57,988 K Google Chrome Google Inc. chrome.exe 3544 0.01 21,568 K 33,664 K Google Chrome Google Inc.NetRover.exe 2188 0.21 10,048 K 22,592 K procexp.exe 260 9.70 21,468 K 37,900 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com Link to comment Share on other sites More sharing options...
DreadWingKnight Posted May 11, 2011 Report Share Posted May 11, 2011 What is that netrover thing? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.