打印

[求助] 一開機彈廣告,無法移除(附hijackthis)

一開機彈廣告,無法移除(附hijackthis) E-mail 此主題給朋友

[隱藏]
一開機進入windows平台,畫面右下角彈出一個廣告(手錶廣告 / 遊戲廣告/ 衣服廣告) , 數分鐘後,廣告 由 右下角 轉移到 左上角...
已嘗試用SUPER Anti Free Edition & 木馬移除程式,掃完都仲有...
請問如何解決...感激不盡...
以下乃 hijackthis 報告

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:22, on 2/5/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17096)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Intel\igfxsvrc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BeatTrojanSecuritySuite2010\BeatTrojanWall2010\BeatTrojanWall.exe
C:\Program Files\BeatTrojanSecuritySuite2010\BeatTrojan2010\BeatTrojanMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\FlashGet Network\FlashGet 3\mxhelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\user\Application Data\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MajiToolbar - {DF76A633-1E37-4A16-A943-0938402FFA8B} - C:\Program Files\MyMaji\MajiToolbar\MajiToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Java developer Script Browse] C:\WINDOWS\jusched.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QQMusic] "C:\Program Files\Tencent\QQMusic\QQMusic.exe" /background
O4 - HKLM\..\Run: [qqlive] "C:\Program Files\Tencent\QQLive\QQLive.exe" -system_startup
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE PLEOMAX PWC-3800
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BeatTrojanWall] C:\Program Files\BeatTrojanSecuritySuite2010\BeatTrojanWall2010\BeatTrojanWall.exe
O4 - HKLM\..\Run: [BeatTrojan] C:\Program Files\BeatTrojanSecuritySuite2010\BeatTrojan2010\BeatTrojanMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [foxy] "C:\Program Files\Foxy\Foxy.exe" -tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe
O4 - HKCU\..\Run: [Windows Update] C:\Program Files\Common Files\System\svchost32.exe
O4 - HKCU\..\Run: [FlashGet 3] "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize
O4 - HKCU\..\Run: [FlashGetBHO] "C:\Program Files\FlashGet Network\FlashGet 3\mxhelper.exe"
O4 - HKCU\..\Run: [QQ2009] "C:\Program Files\Tencent\QQ\Bin\QQ.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: Google 網頁註解... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O8 - Extra context menu item: 使用快車3下載 - C:\Documents and Settings\user\Application Data\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: 使用快車3下載全部鏈結 - C:\Documents and Settings\user\Application Data\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\Bin\AddEmotion.htm
O8 - Extra context menu item: 設為 Messenger Live 頭像 - \SetMSNDP.htm



實用相關搜尋: Spa Java 遊戲 廣告 Microsoft google 衣服

TOP

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\beattrojansecuritysuite2010\beattrojanwall2010\beatwall.dll
O10 - Unknown file in Winsock LSP: c:\program files\beattrojansecuritysuite2010\beattrojanwall2010\beatwall.dll
O10 - Unknown file in Winsock LSP: c:\program files\beattrojansecuritysuite2010\beattrojanwall2010\beatwall.dll
O15 - Trusted Zone: http://*.pps.tv
O15 - Trusted Zone: http://*.ppstream.com
O15 - Trusted Zone: http://*.webscache.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O15 - ESC Trusted Zone: http://*.pps.tv
O15 - ESC Trusted Zone: http://*.ppstream.com
O15 - ESC Trusted Zone: http://*.webscache.com
O16 - DPF: i.Game MJImpressYHK - http://202.43.223.148/client/MJc/com/igame/MJImpressYHK.cab
O16 - DPF: {134607FB-69C2-44ED-8EEC-3D67B5E6CEFE} (RunupGameActX Control) - http://fgcpatch.funmily.com/fgc/RunupGameActX.ocx
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://download.tenebril.com/pub ... lSpywareScanner.ocx
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) - https://img.alipay.com/download/2121/aliedit.cab
O16 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} (DataStore Class) - http://txn01.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {9BA878B8-5AF3-43E6-8DB1-E7849E4C6A4B} (koaliisvsctrl Class) - https://ebank.sdb.com.cn/perbank/ecert/koalii_svs_acx.CAB
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://gcetsw.>>><<</plugin/h263ctrl.cab
O16 - DPF: {CB2E4748-5B57-492E-8155-A8A29B0DCB0A} (PowerPasswordX Control) - https://ebank.sdb.com.cn/perbank/ecert/PowerEnter.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2840D9DF-2F70-4B0F-89B0-0170D2D812FF}: NameServer = 218.102.60.110 218.102.62.71
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Google 更新服務 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google 更新 服務 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Wignx Web Cache Services (igfxcSvrup) - Unknown owner - C:\Program Files\Common Files\Intel\igfxsvrc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: 木馬清除大師設定性服務 - Lofocus(洛克思)安全實驗室 - C:\Program Files\BeatTrojanSecuritySuite2010\BeatTrojan2010\BeatTrojanSvc.exe

--
End of file - 11646 bytes



實用相關搜尋: Spa Server Software Java Microsoft google

TOP

Step 1 : 下載及執行 ComboFix

  • 請先關閉所有防毒軟件,然後下載 ComboFix 至桌面
  • 執行 ComboFixComboFix 會彈出視窗,按確定,再按
  • ComboFix 會進行掃瞄,期間切勿執行其他程式或點擊 ComboFix 視窗
  • 完成掃瞄後,ComboFix 可能會重新啟動電腦,其後 ComboFix 報告會自動彈出
  • 該報告會自動儲存於 C:\ComboFix.txt

Step 2 : 簡述情況及貼上報告

  • 請簡述一下閣下電腦的狀況
  • 請上傳下列報告至 Sendspace

  • HijackThis
  • ComboFix






TOP

回覆 3# 的帖子

一開機進入windows平台,發現當 flashget 呢個程式自動開啟時,廣告隨即出現在右下角,數分鐘後,廣告由左下角,轉移至左上角,有時又再回到右下角位置,當關閉 flashget 後,廣告會隨之消失.

1. HijackThis
http://www.sendspace.com/file/u93a0i

2.ComboFix
http://www.sendspace.com/file/z9pmkd



實用相關搜尋: Spa 廣告

TOP

[隱藏]
似乎是 Flashget 的附帶程式。

Step 1 : 下載及安裝 Malwarebytes' Anti-Malware

  • 下載 Malwarebytes' Anti-Malware
    http://www.malwarebytes.org/mbam-download.php
  • 儲存 mbam-setup.exe 至桌面
  • 執行 mbam-setup.exe 開始進行安裝,安裝時請選擇 English 作為安裝語言
  • Next,勾選 I accept the agreement 後再按 Next
  • 然後全部都按 Next,不需要更改任何設定
  • Install 後等候安裝
  • Finish 完成安裝,並進行更新

Step 2 : 使用 Malwarebytes' Anti-Malware

  • 勾選 Perform full scan,然後按 Scan
  • 再按 Scan,進行掃瞄
  • 等待掃瞄完成,按 Show Results,再按 Remove Selected 進行清理
  • 完成清理後會彈出掃描紀錄,請儲存掃描紀錄至桌面
  • 關閉 Malwarebytes' Anti-Malware



實用相關搜尋: Spa MBA

TOP

回覆 5# 的帖子

完成後,掃到D毒,按remove,但重新開機後, flashget附帶的廣告仲未消失,面當關閉flashget後,發現多左個 pps 程式的廣告,2個都出現在畫面右下角.
請問如何解決呢?
謝謝.



實用相關搜尋: Spa 廣告

TOP

引用:
原帖由 200920082007 於 2011-5-4 11:47 AM 發表
完成後,掃到D毒,按remove,但重新開機後, flashget附帶的廣告仲未消失,面當關閉flashget後,發現多左個 pps 程式的廣告,2個都出現在畫面右下角.
請問如何解決呢?
謝謝.
似乎只好移除 Flashget 吧。



實用相關搜尋: Spa 廣告

TOP

伸延閱讀
 提示:支持鍵盤翻頁 ←左 右→ 發新話題發佈投票

重要聲明:本討論區是以即時上載留言的方式運作,香港討論區對所有留言的真實性、完整性及立場等,不負任何法律責任。而一切留言之言論只代表留言者個人意 見,並非本網站之立場,讀者及用戶不應信賴內容,並應自行判斷內容之真實性。於有關情形下,讀者及用戶應尋求專業意見(如涉及醫療、法律或投資等問題)。 由於本討論區受到「即時上載留言」運作方式所規限,故不能完全監察所有留言,若讀者及用戶發現有留言出現問題,請聯絡我們。香港討論區有權刪除任何留言及拒絕任何人士上載留言 (刪除前或不會作事先警告及通知 ), 同時亦有不刪除留言的權利,如有任何爭議,管理員擁有最終的詮釋權 。用戶切勿撰寫粗言穢語、誹謗、渲染色情暴力或人身攻擊的言論,敬請自律。本網站保留一切法律權利。


Copyright©2003- Discuss.com.hk Limited. All Right Reserved.
版權所有,不得轉載。

10.0.1.15