打印

[已解決] 也是Chrome中毒(首頁出現websearch)

也是Chrome中毒(首頁出現websearch) E-mail 此主題給朋友

[隱藏]
您好,我也是Chrome一打開,首頁就出現websearch.good-results的網頁。

附上HijackThis掃瞄資料,請大大幫忙,不勝感激!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 下午 02:58:46, on 2013/2/14

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16464)

Boot mode: Normal


Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe

C:\Program Files\ATKOSD2\ATKOSD2.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ASUS\ATK Media\DMedia.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Windows Savevid Toolbar\Datamngr\datamngrUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Tencent\QQ\Bin\QQ.exe

D:\PPS.tv\PPStream\PPSAP.exe

C:\Users\USER\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Tencent\QQ\Bin\QQExternal.exe

C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\prevhost.exe

C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\USER\Desktop\HiJackThis\HijackThis.exe

C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Going32\Utils\going8.exe

C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe


O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI0498~1\ToolBar\searchqudtx.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: UrlHelper Class - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~1\WI0498~1\Datamngr\IEBHO.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI0498~1\ToolBar\searchqudtx.dll



[ 本帖最後由 oe75 於 2013-2-18 01:38 AM 編輯 ]



實用相關搜尋: Spa Software Java Microsoft google

TOP

回覆 1# 的帖子

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI0498~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [QQ2009] "C:\Program Files\Tencent\QQ\Bin\QQ.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSAP.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSAP.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSAP.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSAP.exe (User 'Default user')
O8 - Extra context menu item: &U妏蚚譙冾謹堬〨梐 - C:\Program Files\NamiRobot\Data\du.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google 網頁註解... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files\Savevid\redirect.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.taobao.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) - https://download.alipay.com/aliedit/aliedit/2401/aliedit.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://download.tvants.com/pub/t ... in32/cab/tvants.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.cn/download/SOPCORE.CAB
O16 - DPF: {BDEACC50-F56D-4D60-860F-CF6ED1766D65} (FTNUpload Class) - http://m415.mail.qq.com/zh_CN/ac ... 0.25226817549424934
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\Windows\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~1\wi0498~1\datamngr\datamngr.dll c:\progra~1\wi0498~1\datamngr\iebho.dll
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\Windows\system32\afasrv32.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google 更新服務 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google 更新 服務 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe

--
End of file - 12046 bytes



實用相關搜尋: Spa Software Java Sony Microsoft google

TOP

Step 1 : 下載及安裝 Malwarebytes' Anti-Malware

  • 下載 Malwarebytes' Anti-Malware
    http://www.malwarebytes.org/mbam-download.php
  • 儲存 mbam-setup.exe 至桌面
  • 執行 mbam-setup.exe 開始進行安裝,安裝時請選擇 English 作為安裝語言
  • Next,勾選 I accept the agreement 後再按 Next
  • 然後全部都按 Next,不需要更改任何設定
  • Install 後等候安裝
  • Finish 完成安裝,並進行更新

Step 2 : 使用 Malwarebytes' Anti-Malware

  • 勾選 Perform full scan,然後按 Scan
  • 再按 Scan,進行掃瞄
  • 等待掃瞄完成,按 Show Results,再按 Remove Selected 進行清理
  • 完成清理後會彈出掃描紀錄,請儲存掃描紀錄至桌面
  • 關閉 Malwarebytes' Anti-Malware

Step 3 : 簡述情況及貼上報告

  • 請簡述一下閣下電腦的狀況
  • 請上傳下列報告至 Sendspace

  • HijackThis
  • Malwarebytes' Anti-Malware






TOP

回覆 3# 的帖子

掃完重開機後,一打開Chrome,那個websearch.good-results的網頁不見了,但是再重開了三、四次Chrome之後,竟然首頁又出現websearch了,很奇怪!煩請幫忙再看下,多謝大大~~

兩個掃瞄結果:
http://www.sendspace.com/filegroup/ZFkf8%2B2LkPX%2BSyQYEeGbBA

[ 本帖最後由 oe75 於 2013-2-15 06:43 AM 編輯 ]



實用相關搜尋: Spa

TOP

[隱藏]
Step 1 : 下載及執行 SREng

  • 下載 SREng 至桌面,並解壓縮檔案
  • 執行 SREng,並按一下智慧掃瞄
  • 按一下掃瞄SREng 會進行掃瞄,請耐心等待
  • 保存報告,並儲存它

Step 2 : 簡述情況及貼上報告

  • 請簡述一下閣下電腦的狀況
  • 請上傳下列報告至 Sendspace

  • HijackThis
  • SREng



實用相關搜尋: Spa 電腦

TOP

回覆 5# 的帖子

很謝謝您的幫忙。我和zay138一樣,在更改chrome設定中的"起始分頁"設定後,問題就解決了。


實用相關搜尋: Spa

TOP

伸延閱讀
 提示:支持鍵盤翻頁 ←左 右→ 發新話題發佈投票

重要聲明:本討論區是以即時上載留言的方式運作,香港討論區對所有留言的真實性、完整性及立場等,不負任何法律責任。而一切留言之言論只代表留言者個人意 見,並非本網站之立場,讀者及用戶不應信賴內容,並應自行判斷內容之真實性。於有關情形下,讀者及用戶應尋求專業意見(如涉及醫療、法律或投資等問題)。 由於本討論區受到「即時上載留言」運作方式所規限,故不能完全監察所有留言,若讀者及用戶發現有留言出現問題,請聯絡我們。香港討論區有權刪除任何留言及拒絕任何人士上載留言 (刪除前或不會作事先警告及通知 ), 同時亦有不刪除留言的權利,如有任何爭議,管理員擁有最終的詮釋權 。用戶切勿撰寫粗言穢語、誹謗、渲染色情暴力或人身攻擊的言論,敬請自律。本網站保留一切法律權利。


Copyright©2003- Discuss.com.hk Limited. All Right Reserved.
版權所有,不得轉載。

10.0.1.7