查看完整版本: ie被綁架(附hijackthis,sendspace,360)

咩咩雞 2010-3-21 09:57 PM

ie被綁架(附hijackthis,sendspace,360)

ie首頁變左:[url=http://www.8t8.net/cp.html]http://www.8t8.net/cp.html[/url]
工具列多左"百度搜索"

hijackthis result:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:13, on 21/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\GridService\peer.exe
C:\Program Files\FlashGet 3\mxhelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\conime.exe
C:\vLan\vLan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\mspaint.exe
C:\Documents and Settings\YipFamily\桌面\CPU工具\Core Temp.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\源晞辦厒啃僅刲坰\FangBian.exe
C:\Documents and Settings\YipFamily\桌面\Windows清理助手V3.0單檔執行(綠色版)\Windows清理助手V3.0.exe
C:\RECYCLER\Windows清理助手\ArSwp3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\YipFamily\Application Data\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: 360假屋檄 - {B69F34DD-F0F9-42DC-9EDD-957187DA688D}asd - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NiwradSoft Welcome] C:\WINDOWS\NiwradSoft Shell Pack\Tools\NS Welcome.exe
O4 - HKLM\..\Run: [Grid Service] "C:\Program Files\GridService\peer.exe" -n Grid
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [FlashGetBHO] "C:\Program Files\FlashGet 3\mxhelper.exe"
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: 妏蚚辦陬3狟婥 - C:\Documents and Settings\YipFamily\Application Data\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: 妏蚚辦陬3狟婥垓螟晾 - C:\Documents and Settings\YipFamily\Application Data\FlashGetBHO\GetAllUrl.htm
O9 - Extra button: 發佈至部落格 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: 使用 Windows Live Writer 發佈至部落格(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: [url=http://software.kuaiche.com]http://software.kuaiche.com[/url]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [url=http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab]http://messenger.zone.msn.com/bi ... Client.cab56907.cab[/url]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [url=http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url]
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [url=http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab]http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBA7EA56-9035-4348-BFBE-BC0D80198F8E}: NameServer = 218.102.62.71 205.252.144.126
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6262 bytes
求救 唔該哂-

[[i] 本帖最後由 咩咩雞 於 2010-3-26 04:22 PM 編輯 [/i]]

咩咩雞 2010-3-22 06:46 PM

推- 隔左日開電腦後工具列冇左"百度搜索" 但ie仲係大陸網

anlth2010 2010-3-22 08:39 PM

[u][color=red]Step 1 : 開啟 HijackThis 修復項目[/color][/u]

[list][*]開啟 [color=blue]HijackThis[/color],按一下 [color=darkgreen]Do a system scan only[/color][*]在左方的小格,勾選以下項目:
[quote]
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\YipFamily\Application Data\FlashGetBHO\FlashGetBHO3.dll
[/quote][*]接一下 [color=darkgreen]Fix checked[/color],然後再按[color=darkgreen]是[/color][*]關閉 [color=blue]HijackThis[/color][/list]
[u][color=red]Step 2 : 下載及執行 ComboFix[/color][/u]

[list][*]請先關閉所有防毒軟件,然後下載 [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]ComboFix[/url] 至桌面[*]執行 [color=blue]ComboFix[/color],[color=blue]ComboFix[/color] 會彈出視窗,按[color=darkgreen]確定[/color],再按[color=darkgreen]是[/color][*][color=blue]ComboFix[/color] 會進行掃瞄,期間切勿執行其他程式或點擊 [color=blue]ComboFix[/color] 視窗[*]完成掃瞄後,[color=blue]ComboFix[/color] 可能會重新啟動電腦,其後 [color=blue]ComboFix[/color] 報告會自動彈出[*]該報告會自動儲存於 [color=red]C:\ComboFix.txt[/color][/list]
[u][color=red]Step 3 : 簡述情況及貼上報告[/color][/u]

[list][*]請簡述一下閣下電腦的狀況[*]請上傳下列報告至 [url=http://www.sendspace.com/]Sendspace[/url]:[/list]
[list=1][*][color=blue]HijackThis[/color][*][color=blue]ComboFix[/color][/list]

咩咩雞 2010-3-24 09:35 PM

已上載至sendspace
[url]http://www.sendspace.com/file/x1s3z9[/url]

anlth2010 2010-3-24 09:43 PM

[u][color=red]Step 1 : 下載及安裝 360 安全衛士[/color][/u]

[list][*]下載及安裝 [color=blue]360 安全衛士[/color][*]使用 [color=blue]360 安全衛士[/color] 掃瞄電腦[*]掃瞄完畢後,請謹記儲存掃瞄報告[*][color=blue]360 安全衛士[/color] 使用教學:[url=http://computer.discuss.com.hk/viewthread.php?tid=944141]http://computer.discuss.com.hk/viewthread.php?tid=944141[/url][/list]
[u][color=red]Step 2 : 下載及執行 ComboFix[/color][/u]

[list][*]請先關閉所有防毒軟件,然後下載 [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]ComboFix[/url] 至桌面[*]執行 [color=blue]ComboFix[/color],[color=blue]ComboFix[/color] 會彈出視窗,按[color=darkgreen]確定[/color],再按[color=darkgreen]是[/color][*][color=blue]ComboFix[/color] 會進行掃瞄,期間切勿執行其他程式或點擊 [color=blue]ComboFix[/color] 視窗[*]完成掃瞄後,[color=blue]ComboFix[/color] 可能會重新啟動電腦,其後 [color=blue]ComboFix[/color] 報告會自動彈出[*]該報告會自動儲存於 [color=red]C:\ComboFix.txt[/color][/list]
[u][color=red]Step 3 : 簡述情況及貼上報告[/color][/u]

[list][*]請簡述一下閣下電腦的狀況[*]請上傳下列報告至 [url=http://www.sendspace.com/]Sendspace[/url]:[/list]
[list=1][*][color=blue]HijackThis[/color][*][color=#0000ff]360 安全衛士[/color][*][color=blue]ComboFix[/color][/list]

咩咩雞 2010-3-24 11:23 PM

360安全衛士掃瞄報告:
[url]http://www.sendspace.com/file/sjxgbc[/url]
Combofix掃瞄報告:
[url]http://www.sendspace.com/file/fott7v[/url]

anlth2010 2010-3-25 10:43 PM

現在情況如何?

咩咩雞 2010-3-26 04:22 PM

ie首頁冇比綁定了 thx
頁: [1]
查看完整版本: ie被綁架(附hijackthis,sendspace,360)