被HAO123绑首页+自动安装奇怪程式(附HIJACKTHIS)
时间:2014-05-18
来源:互联网
被HAO123绑首页+自动安装奇怪程式
奇怪程式例如碗豆荚、搜狐
系统:WINDOW8
希望可以帮下手
THANKS A LOT!
[ 本帖最后由 ^真情守候^ 於 2014-5-15 09:24 PM 编辑 ]
hijackthis.log (15.6 KB)
奇怪程式例如碗豆荚、搜狐
系统:WINDOW8
希望可以帮下手
THANKS A LOT![ 本帖最后由 ^真情守候^ 於 2014-5-15 09:24 PM 编辑 ]
hijackthis.log (15.6 KB)
2014-5-7 09:47 PM, 下载次数: 5
作者: ^真情守候^ 发布时间: 2014-05-18
引用:原帖由 ^真情守候^ 於 2014-5-7 09:47 PM 发表
被HAO123绑首页+自动安装奇怪程式
奇怪程式例如碗豆荚、搜狐
系统:WINDOW8
希望可以帮下手 THANKS A LOT!
系统不单是浏览器被HAO123绑架,重被注入疑似木马程式。被HAO123绑首页+自动安装奇怪程式
奇怪程式例如碗豆荚、搜狐
系统:WINDOW8
希望可以帮下手
THANKS A LOT!
建议先用其他clean电脑更改所有系统重要资料密码。
PS: Windows 8.1已经有[Start Button] ,唔使用Classic Sell改....
[ 本帖最后由 SILVESTERABEND 於 2014-5-8 10:01 AM 编辑 ]
作者: SILVESTERABEND 发布时间: 2014-05-18
开机按F8,入安全模式做Fix checked & OTM 删除。
1. 执行Hijackthis > Do a system scan only > 勾选下列项目 > 按Fix Checked (fix checked时关闭所有browsers/程式) > 按"是"。
copy & paste 以下项目於Paste Instructions for Items to be Moved的框格内。
按MoveIt > OK > 重启电脑。
(JRT会自动删除附於浏览器的恶意程式/档案/登录档)
4. 关闭所有防毒软件(包括Windows Defender),下载ComboFix至桌面 ,执行 ComboFix 扫毒。
扫瞄时不要执行其他程式或点击 ComboFix视窗。
完成扫瞄后,ComboFix 报告会自动弹出。
5. 下载 OTL.exe於桌面。双按OTL.exe > 按Run Scan > 完成后请将OTL扫瞄报告(OTL.txt)贴上。
(OTL扫瞄需时较长,请耐心等候)
请贴上以下报告:
a. JRT扫毒报告。
b. ComboFix扫毒报告。
c. OTL.txt扫瞄报告。
1. 执行Hijackthis > Do a system scan only > 勾选下列项目 > 按Fix Checked (fix checked时关闭所有browsers/程式) > 按"是"。
引用:
O2 - BHO: WandoujiaBHO - {000DA090-57AA-424B-A8F0-621B7C08B8F4} - C:\Program Files (x86)\WandouLabs\wandoujia_bho32.dll
O2 - BHO: 36057B7A-1A26-330F-C748-CFAA7392BB20 Class - {36057B7A-1A26-330F-C748-CFAA7392BB20} - C:\Program Files (x86)\QvodPlayer\AddIn\{36057B7A-1A26-330F-C748-CFAA7392BB20}\QvodAddr.dll (file missing)
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: SohuBHO - {452ADB5B-00BE-469D-A65F-3046146B2ED5} - C:\Program Files (x86)\搜狐影音\SoHuAutoDetector.dll (file missing)
O2 - BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
O2 - BHO: PPStream Video Acc Helper - {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} - C:\Program Files (x86)\PPStream\plugins\IEHelper.dll (file missing)
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [stools tray] "C:\Program Files (x86)\STools\stools.exe" -tray
O4 - HKLM\..\Run: [netapps tray] "c:\program files (x86)\netapps\netapps.exe" -tray
O4 - HKLM\..\Run: [RSDTRAY] "C:\Program Files (x86)\Rising\RSD\popwndexe.exe"
O4 - HKLM\..\Run: [RAGTRAY] "C:\Program Files (x86)\Rising\RAG\TRAY.EXE" -system
O4 - HKLM\..\Run: [runrzc] "C:\Program Files (x86)\Rising\RZC\rzctray.exe" -system
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SohuVA] "C:\Program Files (x86)\搜狐影音\SHPlayer.exe" /auto
O4 - HKLM\..\Run: [bfcloud] "C:\Program Files (x86)\bfcloud\bfcloader.exe" "wins"
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSKernel.exe
O4 - HKCU\..\Run: [meinvyuehui] "C:\Program Files (x86)\meinvyuehui\meinvyuehui.exe" /A
O4 - HKUS\S-1-5-19\..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSKernel.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSKernel.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSKernel.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSKernel.exe (User 'Default user')
O4 - Startup: PPS.lnk = C:\Program Files (x86)\PPStream\PPStream.exe
O4 - Startup: wandoujia_helper.lnk = user\AppData\Roaming\Wandoujia2\Applications\2.75.0.6106\wandoujia_helper.exe
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
O9 - Extra 'Tools' menuitem: Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O23 - Service: b83e665e1dd465bcfcf6940a1d760e2e (c87896908d2e3aa6bba641469a654fda) - Unknown owner - C:\Users\user\AppData\Roaming\101cd9b9686406b2a049e7ea27b30a4e\8a9eaf61f98854d09f2b6a74059f35cb.exe
O23 - Service: Rs RZC Serve (Defense) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files (x86)\Rising\RZC\rsDefense.exe
O23 - Service: Data Protect System Service (DPSS) - Unknown owner - C:\WINDOWS\system32\dpskpr.exe
O23 - Service: Network Protect System Service (NPSSvc) - Unknown owner - C:\DGM\DGMUTL.EXE
O23 - Service: SToolSrv - Beijing Skycenter Technology Limited - C:\Program Files (x86)\STools\MSrv.exe
2. 下载/执行 OTM做删除。O2 - BHO: WandoujiaBHO - {000DA090-57AA-424B-A8F0-621B7C08B8F4} - C:\Program Files (x86)\WandouLabs\wandoujia_bho32.dll
O2 - BHO: 36057B7A-1A26-330F-C748-CFAA7392BB20 Class - {36057B7A-1A26-330F-C748-CFAA7392BB20} - C:\Program Files (x86)\QvodPlayer\AddIn\{36057B7A-1A26-330F-C748-CFAA7392BB20}\QvodAddr.dll (file missing)
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: SohuBHO - {452ADB5B-00BE-469D-A65F-3046146B2ED5} - C:\Program Files (x86)\搜狐影音\SoHuAutoDetector.dll (file missing)
O2 - BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
O2 - BHO: PPStream Video Acc Helper - {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} - C:\Program Files (x86)\PPStream\plugins\IEHelper.dll (file missing)
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [stools tray] "C:\Program Files (x86)\STools\stools.exe" -tray
O4 - HKLM\..\Run: [netapps tray] "c:\program files (x86)\netapps\netapps.exe" -tray
O4 - HKLM\..\Run: [RSDTRAY] "C:\Program Files (x86)\Rising\RSD\popwndexe.exe"
O4 - HKLM\..\Run: [RAGTRAY] "C:\Program Files (x86)\Rising\RAG\TRAY.EXE" -system
O4 - HKLM\..\Run: [runrzc] "C:\Program Files (x86)\Rising\RZC\rzctray.exe" -system
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SohuVA] "C:\Program Files (x86)\搜狐影音\SHPlayer.exe" /auto
O4 - HKLM\..\Run: [bfcloud] "C:\Program Files (x86)\bfcloud\bfcloader.exe" "wins"
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSKernel.exe
O4 - HKCU\..\Run: [meinvyuehui] "C:\Program Files (x86)\meinvyuehui\meinvyuehui.exe" /A
O4 - HKUS\S-1-5-19\..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSKernel.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSKernel.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSKernel.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSKernel.exe (User 'Default user')
O4 - Startup: PPS.lnk = C:\Program Files (x86)\PPStream\PPStream.exe
O4 - Startup: wandoujia_helper.lnk = user\AppData\Roaming\Wandoujia2\Applications\2.75.0.6106\wandoujia_helper.exe
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
O9 - Extra 'Tools' menuitem: Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O23 - Service: b83e665e1dd465bcfcf6940a1d760e2e (c87896908d2e3aa6bba641469a654fda) - Unknown owner - C:\Users\user\AppData\Roaming\101cd9b9686406b2a049e7ea27b30a4e\8a9eaf61f98854d09f2b6a74059f35cb.exe
O23 - Service: Rs RZC Serve (Defense) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files (x86)\Rising\RZC\rsDefense.exe
O23 - Service: Data Protect System Service (DPSS) - Unknown owner - C:\WINDOWS\system32\dpskpr.exe
O23 - Service: Network Protect System Service (NPSSvc) - Unknown owner - C:\DGM\DGMUTL.EXE
O23 - Service: SToolSrv - Beijing Skycenter Technology Limited - C:\Program Files (x86)\STools\MSrv.exe
copy & paste 以下项目於Paste Instructions for Items to be Moved的框格内。
按MoveIt > OK > 重启电脑。
引用:
:files
C:\Users\user\AppData\Roaming\101cd9b9686406b2a049e7ea27b30a4e\8a9eaf61f98854d09f2b6a74059f35cb.exe
C:\Program Files (x86)\meinvyuehui\meinvyuehui.exe
C:\Users\user\AppData\Roaming\Wandoujia2\Applications\2.75.0.6106\wandoujia_helper.exe
C:\Program Files (x86)\STools\STools.exe
C:\Program Files (x86)\netapps\netapps.exe
C:\PROGRAM FILES (X86)\RISING\RAG\TRAY.EXE
C:\Program Files (x86)\bfcloud\bfcloud.exe
C:\Program Files (x86)\Rising\RZC\rzctray.exe
C:\Program Files (x86)\WandouLabs\wandoujia_bho32.dll
C:\Program Files\Classic Shell\ClassicExplorer32.dll
C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Rising\RSD\popwndexe.exe
C:\Program Files (x86)\Rising\RAG\TRAY.EXE
C:\Program Files (x86)\Rising\RZC\rzctray.exe
C:\Program Files (x86)\PPStream\PPSKernel.exe
C:\WINDOWS\system32\dpskpr.exe
C:\DGM\DGMUTL.EXE
3. 下载/执行Junkware Removal Tool扫毒。执行扫毒前请关闭所有浏览器同程式。:files
C:\Users\user\AppData\Roaming\101cd9b9686406b2a049e7ea27b30a4e\8a9eaf61f98854d09f2b6a74059f35cb.exe
C:\Program Files (x86)\meinvyuehui\meinvyuehui.exe
C:\Users\user\AppData\Roaming\Wandoujia2\Applications\2.75.0.6106\wandoujia_helper.exe
C:\Program Files (x86)\STools\STools.exe
C:\Program Files (x86)\netapps\netapps.exe
C:\PROGRAM FILES (X86)\RISING\RAG\TRAY.EXE
C:\Program Files (x86)\bfcloud\bfcloud.exe
C:\Program Files (x86)\Rising\RZC\rzctray.exe
C:\Program Files (x86)\WandouLabs\wandoujia_bho32.dll
C:\Program Files\Classic Shell\ClassicExplorer32.dll
C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Rising\RSD\popwndexe.exe
C:\Program Files (x86)\Rising\RAG\TRAY.EXE
C:\Program Files (x86)\Rising\RZC\rzctray.exe
C:\Program Files (x86)\PPStream\PPSKernel.exe
C:\WINDOWS\system32\dpskpr.exe
C:\DGM\DGMUTL.EXE
(JRT会自动删除附於浏览器的恶意程式/档案/登录档)
4. 关闭所有防毒软件(包括Windows Defender),下载ComboFix至桌面 ,执行 ComboFix 扫毒。
扫瞄时不要执行其他程式或点击 ComboFix视窗。
完成扫瞄后,ComboFix 报告会自动弹出。
5. 下载 OTL.exe於桌面。双按OTL.exe > 按Run Scan > 完成后请将OTL扫瞄报告(OTL.txt)贴上。
(OTL扫瞄需时较长,请耐心等候)
请贴上以下报告:
a. JRT扫毒报告。
b. ComboFix扫毒报告。
c. OTL.txt扫瞄报告。
作者: SILVESTERABEND 发布时间: 2014-05-18
引用:原帖由 SILVESTERABEND 於 2014-5-8 10:30 AM 发表
开机按F8,入安全模式做Fix checked & OTM 删除。
1. 执行Hijackthis > Do a system scan only > 勾选下列项目 > 按Fix Checked (fix checked时关闭所有browsers/程式) > 按"是"。
2. 下载/执行 OTM做删除。
cop ...
ComboFix 唔SUPPORT WINDOWS 8.1 开机按F8,入安全模式做Fix checked & OTM 删除。
1. 执行Hijackthis > Do a system scan only > 勾选下列项目 > 按Fix Checked (fix checked时关闭所有browsers/程式) > 按"是"。
2. 下载/执行 OTM做删除。
cop ...
JRT.txt (1.52 KB)
2014-5-8 10:15 PM, 下载次数: 2
OTL.Txt (283.47 KB)
2014-5-8 10:15 PM, 下载次数: 4
作者: ^真情守候^ 发布时间: 2014-05-18
1. 双按OTL.exe > 将下列档案copy & paste 到Custom Scans/Fixes框架内 > 按左上角[Run Fix];执行fix前要关闭浏览器。
成功fixed (删除)会有通知(Fix complete! Click OK to open the fix log.) >按OK > 重启电脑。
请将OTL fix log贴上。
(执行AdwCleaner关闭所有浏览器/程式)
3. 下载/安装Malwarebytes Anti-Malware Free 扫毒。更新后做[Threat Scan]扫瞄,扫到毒按Select all > 再按Remove Selected做删除。
请贴上以下报告:
a. AdwCleaner删毒报告。
b. MBAM扫毒报告。
c. 新1份OTL.txt扫瞄报告。
PS:请依次序做上述扫瞄。
成功fixed (删除)会有通知(Fix complete! Click OK to open the fix log.) >按OK > 重启电脑。
请将OTL fix log贴上。
引用:
:OTL
SRV - [2014/04/30 19:54:08 | 000,122,456 | ---- | M] (Tianjin Phecda Ads Media Co.,Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\lunar\lunar.dll -- (lunarsvc)
SRV - [2014/04/21 13:08:46 | 000,122,416 | ---- | M] (Legendsoft China (Beijing) Technology Limited) [Auto | Stopped] -- c:\Program Files (x86)\netapps\nasvc.dll -- (NetAppsSrv)
SRV - [2014/04/18 12:37:18 | 000,122,416 | ---- | M] (Tianjing Tianji Advertising Media Co.,Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\kbox\kbox.dll -- (KBoxSvc)
SRV - [2014/01/22 13:28:06 | 000,048,672 | ---- | M] (Beijing Skycenter Technology Limited) [Disabled | Stopped] -- C:\Program Files (x86)\STools\MSrv.exe -- (SToolSrv)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hao.rising.cn//
FF - HKLM\Software\MozillaPlugins\@funshion.com/npFunshion: C:\Users\user\funshion\funshiontools\npFunshion.dll File not found
FF - HKLM\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0: C:\Program Files (x86)\AliWangWang\7.21.19C\npwangwang.dll File not found
FF - HKLM\Software\MozillaPlugins\@iqiyi.com/npclient: C:\Program Files (x86)\PPStream\npclient.dll File not found
FF - HKLM\Software\MozillaPlugins\@pps.tv/npWebPlayer: C:\Program Files (x86)\PPStream\npWebPlayer.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx: C:\Program Files (x86)\Tencent\Qzone\Ver_250.357\npQQPhotoDrawEx.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.36\Bin\npSSOAxCtrlForPTLogin.dll File not found
FF - HKLM\Software\MozillaPlugins\@rising.com.cn/nprising: File not found
FF - HKLM\Software\MozillaPlugins\@sohu.com/npifox: C:\Program Files (x86)\搜狐影音\npifox.dll ()
FF - HKLM\Software\MozillaPlugins\@wandoujia.com: C:\Program Files (x86)\WandouLabs\npWandoujiaHelper.dll (wandoujia.com)
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll File not found
FF - HKCU\Software\MozillaPlugins\@rising.com.cn/nprising: File not found
CHR - plugin: Error reading preferences file
CHR - Extension: Google \u96fb\u5b50\u9322\u5305 = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [netapps tray] "c:\program files (x86)\netapps\netapps.exe" -tray File not foun
O4 - HKCU..\Run: [AdobeBridge] File not found
O8:64bit: - Extra context menu item: 收藏到搜狐影音 - Reg Error: Value error. File not found
O8 - Extra context menu item: 收藏到搜狐影音 - Reg Error: Value error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2D77096-3C72-453E-94E8-C038A19B7BCA}: DhcpNameServer = 218.102.23.77 218.102.62.71
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
========== Files - Unicode (All) ==========
[2014/05/07 00:52:48 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\光速?件) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\光速软件
[2014/05/07 00:36:36 | 000,001,908 | ---- | M] ()(C:\Users\user\Desktop\搜狐影音游?大?.lnk) -- C:\Users\user\Desktop\搜狐影音游戏大厅.lnk
[2014/05/07 00:36:36 | 000,001,908 | ---- | C] ()(C:\Users\user\Desktop\搜狐影音游?大?.lnk) -- C:\Users\user\Desktop\搜狐影音游戏大厅.lnk
[2014/05/05 11:58:27 | 000,001,316 | ---- | M] ()(C:\Users\user\Desktop\豌豆?.lnk) -- C:\Users\user\Desktop\豌豆荚.lnk
[2014/05/05 11:58:27 | 000,001,316 | ---- | C] ()(C:\Users\user\Desktop\豌豆?.lnk) -- C:\Users\user\Desktop\豌豆荚.lnk
[2014/05/05 11:58:25 | 000,001,158 | ---- | M] ()(C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\豌豆?.lnk) -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\豌豆荚.lnk
[2014/05/05 11:58:25 | 000,001,158 | ---- | C] ()(C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\豌豆?.lnk) -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\豌豆荚.lnk
[2014/05/05 11:58:18 | 000,000,000 | ---D | C](C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\豌豆?) -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\豌豆荚
[2013/12/03 00:22:58 | 000,000,000 | ---D | M](C:\Program Files (x86)\音?混音剪?大?) -- C:\Program Files (x86)\音频混音剪辑大师
[2013/12/03 00:22:58 | 000,000,000 | ---D | M](C:\Program Files (x86)\音?混音剪?大?) -- C:\Program Files (x86)\音频混音剪辑大师
[2013/11/23 14:10:17 | 000,001,333 | ---- | M] ()(C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\?行.lnk) -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\风行.lnk
[2013/11/23 14:10:17 | 000,001,333 | ---- | C] ()(C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\?行.lnk) -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\风行.lnk
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?奇???) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\爱奇艺视频
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?行) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\风行
(C:\Program Files (x86)\音?混音剪?大?) -- C:\Program Files (x86)\音频混音剪辑大师
========== Alternate Data Streams ==========
@Alternate Data Stream - 220 bytes -> C:\Users\user\SkyDrive:ms-properties
@Alternate Data Stream - 220 bytes -> C:\Users\user\SkyDrive (2).old:ms-properties
@Alternate Data Stream - 162 bytes -> C:\Users\user\SkyDrive (3).old:ms-properties
:Files
C:\Program Files (x86)\lunar
c:\Program Files (x86)\netapps
C:\Program Files (x86)\kbox
C:\Program Files (x86)\STools
C:\Users\user\AppData\Roaming\WDJConnEngine
C:\Users\user\AppData\Local\bfcloud
C:\Users\user\AppData\Roaming\101cd9b9686406b2a049e7ea27b30a4e
C:\WINDOWS\SysNative\gswb.ime
C:\WINDOWS\SysWow64\gswb.ime
C:\Users\user\AppData\Roaming\gssoft
C:\Program Files (x86)\Common Files\gssoft
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\堁伤袤醱
C:\Program Files (x86)\gssoft
C:\Program Files (x86)\bfcloud
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\艺踬埮颇
C:\Program Files (x86)\meinvyuehui
C:\Users\user\AppData\Roaming\Wandoujia2
C:\Users\user\Documents\搜狐影音
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狐影音
C:\Program Files (x86)\搜狐影音
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hao123厍硊绛瑶.lnk
C:\Users\user\AppData\Roaming\hao123
C:\Users\user\AppData\Roaming\Funshion
C:\WINDOWS\tasks\PPSProtect.job
C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\堁伤袤醱.lnk
C:\Users\Public\Desktop\堁伤袤醱.lnk
C:\Users\Public\Desktop\艺踬埮颇.lnk
C:\Users\user\Desktop\搜狐影音.lnk
C:\Users\Public\Desktop\Hao123厍硊绛瑶.lnk
C:\WINDOWS\SysWow64\vpatch.dll
C:\WINDOWS\SysWow64\.000
C:\Users\user\funshion.ini
ipconfig /flushdns /c
:Commands
[PURITY]
[EMPTYTEMP]
[reboot]
2. 下载/执行 AdwCleaner (Xplode) 扫毒。(按[Clean] 扫毒/删除):OTL
SRV - [2014/04/30 19:54:08 | 000,122,456 | ---- | M] (Tianjin Phecda Ads Media Co.,Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\lunar\lunar.dll -- (lunarsvc)
SRV - [2014/04/21 13:08:46 | 000,122,416 | ---- | M] (Legendsoft China (Beijing) Technology Limited) [Auto | Stopped] -- c:\Program Files (x86)\netapps\nasvc.dll -- (NetAppsSrv)
SRV - [2014/04/18 12:37:18 | 000,122,416 | ---- | M] (Tianjing Tianji Advertising Media Co.,Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\kbox\kbox.dll -- (KBoxSvc)
SRV - [2014/01/22 13:28:06 | 000,048,672 | ---- | M] (Beijing Skycenter Technology Limited) [Disabled | Stopped] -- C:\Program Files (x86)\STools\MSrv.exe -- (SToolSrv)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hao.rising.cn//
FF - HKLM\Software\MozillaPlugins\@funshion.com/npFunshion: C:\Users\user\funshion\funshiontools\npFunshion.dll File not found
FF - HKLM\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0: C:\Program Files (x86)\AliWangWang\7.21.19C\npwangwang.dll File not found
FF - HKLM\Software\MozillaPlugins\@iqiyi.com/npclient: C:\Program Files (x86)\PPStream\npclient.dll File not found
FF - HKLM\Software\MozillaPlugins\@pps.tv/npWebPlayer: C:\Program Files (x86)\PPStream\npWebPlayer.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx: C:\Program Files (x86)\Tencent\Qzone\Ver_250.357\npQQPhotoDrawEx.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.36\Bin\npSSOAxCtrlForPTLogin.dll File not found
FF - HKLM\Software\MozillaPlugins\@rising.com.cn/nprising: File not found
FF - HKLM\Software\MozillaPlugins\@sohu.com/npifox: C:\Program Files (x86)\搜狐影音\npifox.dll ()
FF - HKLM\Software\MozillaPlugins\@wandoujia.com: C:\Program Files (x86)\WandouLabs\npWandoujiaHelper.dll (wandoujia.com)
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll File not found
FF - HKCU\Software\MozillaPlugins\@rising.com.cn/nprising: File not found
CHR - plugin: Error reading preferences file
CHR - Extension: Google \u96fb\u5b50\u9322\u5305 = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [netapps tray] "c:\program files (x86)\netapps\netapps.exe" -tray File not foun
O4 - HKCU..\Run: [AdobeBridge] File not found
O8:64bit: - Extra context menu item: 收藏到搜狐影音 - Reg Error: Value error. File not found
O8 - Extra context menu item: 收藏到搜狐影音 - Reg Error: Value error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2D77096-3C72-453E-94E8-C038A19B7BCA}: DhcpNameServer = 218.102.23.77 218.102.62.71
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
========== Files - Unicode (All) ==========
[2014/05/07 00:52:48 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\光速?件) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\光速软件
[2014/05/07 00:36:36 | 000,001,908 | ---- | M] ()(C:\Users\user\Desktop\搜狐影音游?大?.lnk) -- C:\Users\user\Desktop\搜狐影音游戏大厅.lnk
[2014/05/07 00:36:36 | 000,001,908 | ---- | C] ()(C:\Users\user\Desktop\搜狐影音游?大?.lnk) -- C:\Users\user\Desktop\搜狐影音游戏大厅.lnk
[2014/05/05 11:58:27 | 000,001,316 | ---- | M] ()(C:\Users\user\Desktop\豌豆?.lnk) -- C:\Users\user\Desktop\豌豆荚.lnk
[2014/05/05 11:58:27 | 000,001,316 | ---- | C] ()(C:\Users\user\Desktop\豌豆?.lnk) -- C:\Users\user\Desktop\豌豆荚.lnk
[2014/05/05 11:58:25 | 000,001,158 | ---- | M] ()(C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\豌豆?.lnk) -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\豌豆荚.lnk
[2014/05/05 11:58:25 | 000,001,158 | ---- | C] ()(C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\豌豆?.lnk) -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\豌豆荚.lnk
[2014/05/05 11:58:18 | 000,000,000 | ---D | C](C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\豌豆?) -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\豌豆荚
[2013/12/03 00:22:58 | 000,000,000 | ---D | M](C:\Program Files (x86)\音?混音剪?大?) -- C:\Program Files (x86)\音频混音剪辑大师
[2013/12/03 00:22:58 | 000,000,000 | ---D | M](C:\Program Files (x86)\音?混音剪?大?) -- C:\Program Files (x86)\音频混音剪辑大师
[2013/11/23 14:10:17 | 000,001,333 | ---- | M] ()(C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\?行.lnk) -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\风行.lnk
[2013/11/23 14:10:17 | 000,001,333 | ---- | C] ()(C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\?行.lnk) -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\风行.lnk
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?奇???) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\爱奇艺视频
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?行) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\风行
(C:\Program Files (x86)\音?混音剪?大?) -- C:\Program Files (x86)\音频混音剪辑大师
========== Alternate Data Streams ==========
@Alternate Data Stream - 220 bytes -> C:\Users\user\SkyDrive:ms-properties
@Alternate Data Stream - 220 bytes -> C:\Users\user\SkyDrive (2).old:ms-properties
@Alternate Data Stream - 162 bytes -> C:\Users\user\SkyDrive (3).old:ms-properties
:Files
C:\Program Files (x86)\lunar
c:\Program Files (x86)\netapps
C:\Program Files (x86)\kbox
C:\Program Files (x86)\STools
C:\Users\user\AppData\Roaming\WDJConnEngine
C:\Users\user\AppData\Local\bfcloud
C:\Users\user\AppData\Roaming\101cd9b9686406b2a049e7ea27b30a4e
C:\WINDOWS\SysNative\gswb.ime
C:\WINDOWS\SysWow64\gswb.ime
C:\Users\user\AppData\Roaming\gssoft
C:\Program Files (x86)\Common Files\gssoft
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\堁伤袤醱
C:\Program Files (x86)\gssoft
C:\Program Files (x86)\bfcloud
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\艺踬埮颇
C:\Program Files (x86)\meinvyuehui
C:\Users\user\AppData\Roaming\Wandoujia2
C:\Users\user\Documents\搜狐影音
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狐影音
C:\Program Files (x86)\搜狐影音
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hao123厍硊绛瑶.lnk
C:\Users\user\AppData\Roaming\hao123
C:\Users\user\AppData\Roaming\Funshion
C:\WINDOWS\tasks\PPSProtect.job
C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\堁伤袤醱.lnk
C:\Users\Public\Desktop\堁伤袤醱.lnk
C:\Users\Public\Desktop\艺踬埮颇.lnk
C:\Users\user\Desktop\搜狐影音.lnk
C:\Users\Public\Desktop\Hao123厍硊绛瑶.lnk
C:\WINDOWS\SysWow64\vpatch.dll
C:\WINDOWS\SysWow64\.000
C:\Users\user\funshion.ini
ipconfig /flushdns /c
:Commands
[PURITY]
[EMPTYTEMP]
[reboot]
(执行AdwCleaner关闭所有浏览器/程式)
3. 下载/安装Malwarebytes Anti-Malware Free 扫毒。更新后做[Threat Scan]扫瞄,扫到毒按Select all > 再按Remove Selected做删除。
请贴上以下报告:
a. AdwCleaner删毒报告。
b. MBAM扫毒报告。
c. 新1份OTL.txt扫瞄报告。
PS:请依次序做上述扫瞄。
作者: SILVESTERABEND 发布时间: 2014-05-18
引用:原帖由 SILVESTERABEND 於 2014-5-9 10:18 AM 发表
1. 双按OTL.exe > 将下列档案copy & paste 到Custom Scans/Fixes框架内 > 按左上角[Run Fix];执行fix前要关闭浏览器。
成功fixed (删除)会有通知(Fix complete! Click OK to open the fix log.) >按OK > 重启电脑。 ...
1. 双按OTL.exe > 将下列档案copy & paste 到Custom Scans/Fixes框架内 > 按左上角[Run Fix];执行fix前要关闭浏览器。
成功fixed (删除)会有通知(Fix complete! Click OK to open the fix log.) >按OK > 重启电脑。 ...
05092014_230006.log (76.89 KB)
2014-5-10 01:10 AM, 下载次数: 2
AdwCleaner[S1].txt (955 Bytes)
2014-5-10 01:10 AM, 下载次数: 2
MBAM.txt (4.68 KB)
2014-5-10 01:10 AM, 下载次数: 2
作者: ^真情守候^ 发布时间: 2014-05-18
重有冇被hao123绑架? 自动安装程式?
作者: SILVESTERABEND 发布时间: 2014-05-18
引用:原帖由 SILVESTERABEND 於 2014-5-10 01:43 PM 发表
重有冇被hao123绑架? 自动安装程式?
首页回复正常 无自动安装程式喇 感谢!!!!重有冇被hao123绑架? 自动安装程式?
BTW Windows 8.1已经有[Start Button] ,唔使用Classic Sell改.... <--系点解?
作者: ^真情守候^ 发布时间: 2014-05-18
引用:原帖由 ^真情守候^ 於 2014-5-10 09:31 PM 发表
首页回复正常 无自动安装程式喇 感谢!!!!
You're welcome.首页回复正常 无自动安装程式喇 感谢!!!!
1. 如果系统运作回复正常,请跟#8帖移除Hijackthis/ComboFix等等的扫瞄软件。
http://computer.uwants.com/viewthread.php?tid=12999541&extra=page%3D1
2. 请用CCleaner Free删除temp files/登录档,用Windows预载defrag功能,做番1次磁碟重组(defrag)。
3. 请将[病毒移除]主题改为[已解决]。Tks.
作者: SILVESTERABEND 发布时间: 2014-05-18
相关阅读 更多
热门阅读
-
office 2019专业增强版最新2021版激活秘钥/序列号/激活码推荐 附激活工具
阅读:74
-
如何安装mysql8.0
阅读:31
-
Word快速设置标题样式步骤详解
阅读:28
-
20+道必知必会的Vue面试题(附答案解析)
阅读:37
-
HTML如何制作表单
阅读:22
-
百词斩可以改天数吗?当然可以,4个步骤轻松修改天数!
阅读:31
-
ET文件格式和XLS格式文件之间如何转化?
阅读:24
-
react和vue的区别及优缺点是什么
阅读:121
-
支付宝人脸识别如何关闭?
阅读:21
-
腾讯微云怎么修改照片或视频备份路径?
阅读:28
