查看完整版本 : 首頁被綁 懷疑中木馬 附HIJACKTHIS

fungyws 2013-5-24 03:18 PM

首頁被綁 懷疑中木馬 附HIJACKTHIS

上網經常無啦啦上唔到同慢
之前有DL開D GAME 玩係大陸網懷疑中木馬同埋首頁被綁
唔該哂 幫幫忙:smile_38: :smile_38: :smile_38:

附HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:17:41, on 24/5/2013
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\360\360Safe\safemon\360tray.exe
C:\Program Files\360\360SafeBox\safeboxtray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\360\360Safe\SoftMgr\SoftManagerLite.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.2.6.3428.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: QvodGameExtend - {94C3E4BB-A261-4A83-B437-EA6F7A28CA68} - C:\Program Files\Kuaiwan\QvodGameExtend.dll
O2 - BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files\QvodPlayer\QvodExtend\5.0.83.0\QvodExtend.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360\360Safe\safemon\safemon.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: FF13BF20-A18A-F7E2-9817-30F5B1594621 Class - {FF13BF20-A18A-F7E2-9817-30F5B1594621} - C:\Program Files\QvodPlayer\AddIn\{FF13BF20-A18A-F7E2-9817-30F5B1594621}\QvodAddr.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [360Safetray] "C:\Program Files\360\360Safe\safemon\360Tray.exe" /start
O8 - Extra context menu item: Foxy 下載 - res://C:\Users\u\Desktop\Foxy 1.9.9 繁體中文免安裝版\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Users\u\Desktop\Foxy 1.9.9 繁體中文免安裝版\Foxy.exe/search.htm
O8 - Extra context menu item: 下載 - res://C:\Program Files\Monsh\9kupe.exe/download.htm
O8 - Extra context menu item: 傳送至 OneNote(&N) - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: 添加网址到360安全桌面 - C:\Program Files\360\360Desktop\Bin\addapp.html
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: [url=http://*.alipay.com/]http://*.alipay.com[/url]
O15 - Trusted Zone: [url=http://*.alisoft.com/]http://*.alisoft.com[/url]
O15 - Trusted Zone: [url=http://*.taobao.com/]http://*.taobao.com[/url]
O15 - ESC Trusted Zone: [url=http://*.update.microsoft.com/]http://*.update.microsoft.com[/url]
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KuGou\KGMusic\KUGOO3~1.OCX
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KuGou\KGMusic\KUGOO3~1.OCX
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - [url=http://www.bitcomet.com/]www.BitComet.com[/url] - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (file missing)
O23 - Service: Google 更新服務 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google 更新 服務 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Kuaikuai Streaming and Virtualization Service (KSVSSVC) - Kingsoft - C:\Program Files\Common Files\KuaiKuai\ksvs\ksvssvc.exe
O23 - Service: Kuaikuai Runtime Update Service (KSVSUPD) - Kingsoft - C:\Program Files\Common Files\KuaiKuai\ksvs\ksvsupd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
O23 - Service: 主?防御 (ZhuDongFangYu) - 360.cn - C:\Program Files\360\360Safe\deepscan\zhudongfangyu.exe
--
End of file - 7234 bytes

[[i] 本帖最後由 fungyws 於 2013-7-1 04:53 PM 編輯 [/i]]

anlth2010 2013-5-26 11:36 PM

[u][color=red]Step 1 : 下載及安裝 Malwarebytes' Anti-Malware[/color][/u]

[list][*]下載 [color=blue]Malwarebytes' Anti-Malware
[/color][url=http://www.malwarebytes.org/mbam-download.php]http://www.malwarebytes.org/mbam-download.php[/url][*]儲存 [color=red]mbam-setup.exe[/color] 至桌面[*]執行 [color=red]mbam-setup.exe[/color] 開始進行安裝,安裝時請選擇 [color=darkgreen]English[/color] 作為安裝語言[*]按 [color=darkgreen]Next[/color],勾選 [color=darkgreen]I accept the agreement[/color] 後再按 [color=darkgreen]Next[/color][*]然後全部都按 [color=darkgreen]Next[/color],不需要更改任何設定[*]按 [color=darkgreen]Install[/color] 後等候安裝[*]按 [color=darkgreen]Finish[/color] 完成安裝,並進行更新[/list]
[u][color=red]Step 2 : 使用 Malwarebytes' Anti-Malware[/color][/u]

[list][*]勾選 [color=darkgreen]Perform full scan[/color],然後按 [color=darkgreen]Scan[/color][*]再按 [color=darkgreen]Scan[/color],進行掃瞄[*]等待掃瞄完成,按 [color=darkgreen]Show Results[/color],再按 [color=darkgreen]Remove Selected[/color] 進行清理[*]完成清理後會彈出掃描紀錄,請儲存掃描紀錄至桌面[*]關閉 [color=blue]Malwarebytes' Anti-Malware[/color][/list]
[u][color=red]Step 3 : 簡述情況及貼上報告[/color][/u]

[list][*]請簡述一下閣下電腦的狀況[*]請上傳下列報告至 [url=http://www.sendspace.com/]Sendspace[/url]:[/list]
[list=1][*][color=blue]HijackThis[/color][*][color=blue]Malwarebytes' Anti-Malware[/color][/list]

fungyws 2013-5-27 03:09 PM

[u][color=#003080][url=http://www.sendspace.com/file/au06c6]http://www.sendspace.com/file/au06c6[/url]
[/color][/u][u][color=#003080][url=http://www.sendspace.com/file/nqn66m]http://www.sendspace.com/file/nqn66m[/url]


1)  開機時候好慢,出左桌面次之後要等2-3分鐘先可以完全郁動
2) 有時上網會要LOAD好耐先到首頁,或者 好耐都係空白頁LOAD唔到任何網
   要重新開機先可以正常上網
3) 首頁長期被  [url=http://123.sogou.com/co/index.php?11228-1464]http://123.sogou.com/co/index.php?11228-1464[/url] 呢種大陸網綁架
4)上網成日開1-2個網都好易輕[/color][/u]
[color=#003080][u]防毒我裝左2個360安全卫士同avast! Pro Antivirus  唔知會唔會撞?
5)[/u][u]
[/u][u]用用下電腦[/u]視窗會係咁閃
[u]之後要成個網關閉再開過先無事[/u]

[u]唔該哂C兄:loveliness: :loveliness: :loveliness:

[/u][/color]

[[i] 本帖最後由 fungyws 於 2013-5-27 03:14 PM 編輯 [/i]]

anlth2010 2013-5-29 05:45 PM

[u][color=red]Step 1 : 下載及執行 SREng[/color][/u]

[list][*]下載 [url=http://www.kztechs.com/sreng/download.html]SREng[/url] 至桌面,並解壓縮檔案[*]執行 [color=blue]SREng[/color],並按一下[color=darkgreen]智慧掃瞄[/color][*]按一下[color=darkgreen]掃瞄[/color],[color=blue]SREng[/color] 會進行掃瞄,請耐心等待[*]按[color=darkgreen]保存報告[/color],並儲存它[/list]
[u][color=red]Step 2 : 簡述情況及貼上報告[/color][/u]

[list][*]請簡述一下閣下電腦的狀況[*]請上傳下列報告至 [url=http://www.sendspace.com/]Sendspace[/url]:[/list]
[list=1][*][color=blue]HijackThis[/color][*][color=blue]SREng[/color][/list]

fungyws 2013-6-4 02:32 PM

1)電腦同一時間開4個網頁好易輕網
要關閉哂d網重新開過

2)LOAD唔哂成個網頁  其他地方空白左 或者 LOAD 唔到網頁某d野
好似[url=http://computer.discuss.com.hk/index.php][b]香港討論區[/b][/url]  LOAD 唔到  快速回覆主題以下既地方(一時時有呢個情況)

3)有時上上下網會突然話網頁繁忙需要關閉
按確定後  網頁自動變無法顯示

  之後一直重新再開網頁情況會一樣
  一直都入唔到某D網

[[i] 本帖最後由 fungyws 於 2013-6-4 02:50 PM 編輯 [/i]]

fungyws 2013-6-4 02:35 PM

SREng 報告
[url]http://www.sendspace.com/file/resnpw[/url]

anlth2010 2013-6-5 12:41 AM

紀錄顯示正常。

首頁被綁架的情況還在嗎?

fungyws 2013-6-5 01:00 AM

回覆 #7: 首頁被綁 懷疑中木馬 附HIJACKTHIS

綁架用衛視360 Del左惡意程式
上網仍然上上下彈左個視窗
1)"無法開啟網際網路網站www.xxxx.com
操作已中止"之后無法顯示網頁

2)這個視窗目前忙碌中丶關閉此視窗可能造成一些問題。

你還要離開嗎?
確定後又係無法示網頁

去番上一頁又可以有番個網頁但唔夠一陣又彈呢句野

經常上上下網去唔到某網頁
一係就load唔到個網得上半部分甘
好困擾

用緊翻板win7
一入電䐉有話我用翻板
唔知有無關係



[url=http://www.discuss.com.hk/iphone][img=100,23]http://i.discuss.com.hk/d/images/r10/iphoneD.jpg[/img][/url]

anlth2010 2013-6-7 12:20 AM

[quote]原帖由 [i]fungyws[/i] 於 2013-6-5 01:00 AM 發表 [url=http://computer.discuss.com.hk/redirect.php?goto=findpost&pid=363659165&ptid=21953638][img]http://computer.discuss.com.hk/images/common/back.gif[/img][/url]
用緊翻板win7
一入電䐉有話我用翻板
唔知有無關係[/quote]應該無關係。

請貼上新的 HijackThis 紀錄。

fungyws 2013-6-8 10:05 PM

新的 HijackThis 紀錄:loveliness: :loveliness:
[url]http://www.sendspace.com/file/w3hwkv[/url]

anlth2010 2013-6-10 02:20 AM

[u][color=red]Step 1 : 開啟 HijackThis 修復項目[/color][/u]

[list][*]開啟 [color=blue]HijackThis[/color],按一下 [color=darkgreen]Do a system scan only[/color][*]在左方的小格,勾選以下項目:
[quote]
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.2.6.3428.dll

O2 - BHO: QvodGameExtend - {94C3E4BB-A261-4A83-B437-EA6F7A28CA68} - C:\Program Files\Kuaiwan\QvodGameExtend.dll

O2 - BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files\QvodPlayer\QvodExtend\5.0.86.0\QvodExtend.dll

O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll

O8 - Extra context menu item: 下載 - res://C:\Program Files\Monsh\9kupe.exe/download.htm

O20 - AppInit_DLLs: c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll

O23 - Service: BrowserDefendert - Unknown owner - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e 8}\BrowserDefender.exe
[/quote][*]接一下 [color=darkgreen]Fix checked[/color],然後再按[color=darkgreen]是[/color][*]關閉 [color=blue]HijackThis[/color][/list]
[u][color=red]Step 2 : 重新啟動電腦[/color][/u]

[list][*]重新啟動電腦[*]請進入[color=blue]安全模式[/color][/list]
[u][color=red]Step 3 : 刪除檔案[/color][/u]

[list][*]下載 [url=http://oldtimer.geekstogo.com/OTM.exe]OTM[/url] 至桌面,並執行 [color=blue]OTM[/color][*]複製下列文字,並貼上於 [color=darkgreen]Paste Instructions for Items to be Moved[/color] 之框格內:
[quote]
:files
C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.2.6.3428.dll
C:\Program Files\Kuaiwan\QvodGameExtend.dll
C:\Program Files\QvodPlayer\QvodExtend\5.0.86.0\QvodExtend.dll
C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll
C:\Program Files\Monsh\9kupe.exe/download.htm
C:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e 8}\BrowserDefender.exe
[/quote][*]按一下 [color=darkgreen]MoveIt![/color],再按 [color=darkgreen]OK[/color],並重新啟動電腦[/list]
[u][color=red]Step 4 : 下載及執行 SystemLook[/color][/u]

[list][*]下載 [url=http://jpshortstuff.247fixes.com/SystemLook.exe][color=#000000]SystemLook[/color][/url] 至桌面,並執行 [color=blue]SystemLook[/color][*]於視窗內貼上以下內容,然後按 [color=darkgreen]Look[/color]
[quote]
:regfind
c16c1ccb-7046-4e5c-a2f3-533ad2fec8e
[/quote][*]然後會彈出 [color=blue]SystemLook[/color] 報告,把它儲存[/list]
[u][color=red]Step 5 : 簡述情況及貼上報告[/color][/u]

[list][*]請簡述一下閣下電腦的狀況[*]請上傳下列報告至 [url=http://www.sendspace.com/]Sendspace[/url]:[/list]
[list=1][*][color=blue]HijackThis[/color][*][color=blue]SystemLook[/color][/list]

fungyws 2013-6-13 11:44 PM

HijackThis
[url]http://www.sendspace.com/file/9hre0s[/url]

SystemLook

[url]http://www.sendspace.com/file/5axe3u[/url]

電腦的狀況
大致正常
防毒我裝左2個360安全卫士同avast! Pro Antivirus  
唔知足唔足夠呢?

THX~~C兄:smile_38: :smile_38: :smile_38:

anlth2010 2013-6-15 12:41 PM

[u][color=red]Step 1 : 刪除檔案[/color][/u]

[list][*]下載 [url=http://oldtimer.geekstogo.com/OTM.exe]OTM[/url] 至桌面,並執行 [color=blue]OTM[/color][*]複製下列文字,並貼上於 [color=darkgreen]Paste Instructions for Items to be Moved[/color] 之框格內:
[quote]
:reg
[-HKEY_CURRENT_USER\Software\9e888cb73ded44]
[-HKEY_LOCAL_MACHINE\SOFTWARE\9e888cb73ded44]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrowserDefendert]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BrowserDefendert]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BrowserDefendert]
[-HKEY_USERS\S-1-5-21-1318351036-1299462724-173025348-1000\Software\9e888cb73ded44]

:files
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe
[/quote][*]按一下 [color=darkgreen]MoveIt![/color],再按 [color=darkgreen]OK[/color],並重新啟動電腦[/list]
[u][color=red]Step 2 : 簡述情況及貼上報告[/color][/u]

[list][*]請簡述一下閣下電腦的狀況[/list]

fungyws 2013-6-22 12:01 AM

報告
[url]http://www.sendspace.com/file/annupi[/url]

電腦的狀況
大致正常
:loveliness: :loveliness:

anlth2010 2013-6-26 01:07 AM

如果沒有問題,請將標題的「[color=blue]求助[/color]」轉為「[color=blue]已解決[/color]」。
頁: [1]
查看完整版本: 首頁被綁 懷疑中木馬 附HIJACKTHIS