首页被绑 怀疑中木马 附HIJACKTHIS
时间:2013-05-24
来源:互联网
上网经常无啦啦上唔到同慢
之前有DL开D GAME 玩系大陆网怀疑中木马同埋首页被绑
唔该哂 帮帮忙
附HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:17:41, on 24/5/2013
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\360\360Safe\safemon\360tray.exe
C:\Program Files\360\360SafeBox\safeboxtray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\360\360Safe\SoftMgr\SoftManagerLite.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.2.6.3428.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: QvodGameExtend - {94C3E4BB-A261-4A83-B437-EA6F7A28CA68} - C:\Program Files\Kuaiwan\QvodGameExtend.dll
O2 - BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files\QvodPlayer\QvodExtend\5.0.83.0\QvodExtend.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360\360Safe\safemon\safemon.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: FF13BF20-A18A-F7E2-9817-30F5B1594621 Class - {FF13BF20-A18A-F7E2-9817-30F5B1594621} - C:\Program Files\QvodPlayer\AddIn\{FF13BF20-A18A-F7E2-9817-30F5B1594621}\QvodAddr.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [360Safetray] "C:\Program Files\360\360Safe\safemon\360Tray.exe" /start
O8 - Extra context menu item: Foxy 下载 - res://C:\Users\u\Desktop\Foxy 1.9.9 繁体中文免安装版\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜寻 - res://C:\Users\u\Desktop\Foxy 1.9.9 繁体中文免安装版\Foxy.exe/search.htm
O8 - Extra context menu item: 下载 - res://C:\Program Files\Monsh\9kupe.exe/download.htm
O8 - Extra context menu item: 传送至 OneNote(&N) - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: 汇出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: 添加网址到360安全桌面 - C:\Program Files\360\360Desktop\Bin\addapp.html
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.taobao.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KuGou\KGMusic\KUGOO3~1.OCX
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KuGou\KGMusic\KUGOO3~1.OCX
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: Bonjour 服务 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (file missing)
O23 - Service: Google 更新服务 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google 更新 服务 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Kuaikuai Streaming and Virtualization Service (KSVSSVC) - Kingsoft - C:\Program Files\Common Files\KuaiKuai\ksvs\ksvssvc.exe
O23 - Service: Kuaikuai Runtime Update Service (KSVSUPD) - Kingsoft - C:\Program Files\Common Files\KuaiKuai\ksvs\ksvsupd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
O23 - Service: 主?防御 (ZhuDongFangYu) - 360.cn - C:\Program Files\360\360Safe\deepscan\zhudongfangyu.exe
--
End of file - 7234 bytes
之前有DL开D GAME 玩系大陆网怀疑中木马同埋首页被绑
唔该哂 帮帮忙
附HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:17:41, on 24/5/2013
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\360\360Safe\safemon\360tray.exe
C:\Program Files\360\360SafeBox\safeboxtray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\360\360Safe\SoftMgr\SoftManagerLite.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.2.6.3428.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: QvodGameExtend - {94C3E4BB-A261-4A83-B437-EA6F7A28CA68} - C:\Program Files\Kuaiwan\QvodGameExtend.dll
O2 - BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files\QvodPlayer\QvodExtend\5.0.83.0\QvodExtend.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360\360Safe\safemon\safemon.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: FF13BF20-A18A-F7E2-9817-30F5B1594621 Class - {FF13BF20-A18A-F7E2-9817-30F5B1594621} - C:\Program Files\QvodPlayer\AddIn\{FF13BF20-A18A-F7E2-9817-30F5B1594621}\QvodAddr.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [360Safetray] "C:\Program Files\360\360Safe\safemon\360Tray.exe" /start
O8 - Extra context menu item: Foxy 下载 - res://C:\Users\u\Desktop\Foxy 1.9.9 繁体中文免安装版\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜寻 - res://C:\Users\u\Desktop\Foxy 1.9.9 繁体中文免安装版\Foxy.exe/search.htm
O8 - Extra context menu item: 下载 - res://C:\Program Files\Monsh\9kupe.exe/download.htm
O8 - Extra context menu item: 传送至 OneNote(&N) - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: 汇出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: 添加网址到360安全桌面 - C:\Program Files\360\360Desktop\Bin\addapp.html
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.taobao.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KuGou\KGMusic\KUGOO3~1.OCX
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KuGou\KGMusic\KUGOO3~1.OCX
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: Bonjour 服务 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (file missing)
O23 - Service: Google 更新服务 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google 更新 服务 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Kuaikuai Streaming and Virtualization Service (KSVSSVC) - Kingsoft - C:\Program Files\Common Files\KuaiKuai\ksvs\ksvssvc.exe
O23 - Service: Kuaikuai Runtime Update Service (KSVSUPD) - Kingsoft - C:\Program Files\Common Files\KuaiKuai\ksvs\ksvsupd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
O23 - Service: 主?防御 (ZhuDongFangYu) - 360.cn - C:\Program Files\360\360Safe\deepscan\zhudongfangyu.exe
--
End of file - 7234 bytes
作者: fungyws 发布时间: 2013-05-24
Step 1 : 下载及安装 Malwarebytes' Anti-Malware
Step 2 : 使用 Malwarebytes' Anti-Malware
Step 3 : 简述情况及贴上报告
- 下载 Malwarebytes' Anti-Malware
http://www.malwarebytes.org/mbam-download.php - 储存 mbam-setup.exe 至桌面
- 执行 mbam-setup.exe 开始进行安装,安装时请选择 English 作为安装语言
- 按 Next,勾选 I accept the agreement 后再按 Next
- 然后全部都按 Next,不需要更改任何设定
- 按 Install 后等候安装
- 按 Finish 完成安装,并进行更新
Step 2 : 使用 Malwarebytes' Anti-Malware
- 勾选 Perform full scan,然后按 Scan
- 再按 Scan,进行扫瞄
- 等待扫瞄完成,按 Show Results,再按 Remove Selected 进行清理
- 完成清理后会弹出扫描纪录,请储存扫描纪录至桌面
- 关闭 Malwarebytes' Anti-Malware
Step 3 : 简述情况及贴上报告
- 请简述一下阁下电脑的状况
- 请上传下列报告至 Sendspace:
- HijackThis
- Malwarebytes' Anti-Malware
作者: anlth2010 发布时间: 2013-05-26
http://www.sendspace.com/file/au06c6
http://www.sendspace.com/file/nqn66m
1) 开机时候好慢,出左桌面次之后要等2-3分钟先可以完全郁动
2) 有时上网会要LOAD好耐先到首页,或者 好耐都系空白页LOAD唔到任何网
要重新开机先可以正常上网
3) 首页长期被 http://123.sogou.com/co/index.php?11228-1464 呢种大陆网绑架
4)上网成日开1-2个网都好易轻
防毒我装左2个360安全卫士同avast! Pro Antivirus 唔知会唔会撞?
5)
用用下电脑视窗会系咁闪
之后要成个网关闭再开过先无事
唔该哂C兄
[ 本帖最后由 fungyws 於 2013-5-27 03:14 PM 编辑 ]
http://www.sendspace.com/file/nqn66m
1) 开机时候好慢,出左桌面次之后要等2-3分钟先可以完全郁动
2) 有时上网会要LOAD好耐先到首页,或者 好耐都系空白页LOAD唔到任何网
要重新开机先可以正常上网
3) 首页长期被 http://123.sogou.com/co/index.php?11228-1464 呢种大陆网绑架
4)上网成日开1-2个网都好易轻
防毒我装左2个360安全卫士同avast! Pro Antivirus 唔知会唔会撞?
5)
用用下电脑视窗会系咁闪
之后要成个网关闭再开过先无事
唔该哂C兄
[ 本帖最后由 fungyws 於 2013-5-27 03:14 PM 编辑 ]
作者: fungyws 发布时间: 2013-05-27
相关阅读 更多
热门阅读
-
office 2019专业增强版最新2021版激活秘钥/序列号/激活码推荐 附激活工具
阅读:74
-
如何安装mysql8.0
阅读:31
-
Word快速设置标题样式步骤详解
阅读:28
-
20+道必知必会的Vue面试题(附答案解析)
阅读:37
-
HTML如何制作表单
阅读:22
-
百词斩可以改天数吗?当然可以,4个步骤轻松修改天数!
阅读:31
-
ET文件格式和XLS格式文件之间如何转化?
阅读:24
-
react和vue的区别及优缺点是什么
阅读:121
-
支付宝人脸识别如何关闭?
阅读:21
-
腾讯微云怎么修改照片或视频备份路径?
阅读:28
