註冊 登錄
用戶名 密碼



發新話題發佈投票
打印

[診治中] Chrome被改主頁(附hijackthis)

Chrome被改主頁(附hijackthis) E-mail 此主題給朋友

[隱藏]
Chrome 被delta-search 改了搜索主頁, 查看工作管理員 有很多不知明東西

[ 本帖最後由 ye12355 於 2013-2-23 06:58 PM 編輯 ]



實用相關搜尋: Spa

TOP

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 下午 09:11:53, on 2013/2/22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NetDragon\91Mobile\91MobileDeviceService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Garena Plus\GarenaMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\conime.exe
C:\Documents and Settings\a\Application Data\TorrentStream\updater\tsupdate.exe
C:\Program Files\Garena Plus\bbtalk\GarenaTalkOverlay.exe
C:\Documents and Settings\a\Application Data\GameDownloader\GdTip\GdTipWnd.exe
C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Documents and Settings\a\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\a\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\a\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\a\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\a\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\a\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\a\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\a\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\a\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\a\My Documents\Downloads\HijackThis.exe

O1 - Hosts: 94.102.51.71 sc.userporn.com
O1 - Hosts: 94.102.51.71 www.userporn.com
O2 - BHO: (no name) - {06433BFE-4946-4E89-823D-CD359C81CD06} - (no file)
O2 - BHO: XlBrowserAddinBho.XlBrowserAddinBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.8.71.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.2.12.3824.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [UUSeeMediaCenter] "C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe"
O4 - HKLM\..\Run: [RaidCall] C:\Program Files\RC語音\\raidcall.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\a\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c



實用相關搜尋: Spa Software Java Microsoft google

TOP

O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSAP.exe
O4 - HKCU\..\Run: [GarenaPlus] "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - HKCU\..\Run: [FlashGet 3] "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize
O4 - HKCU\..\Run: [FlashGetBHO] "C:\Program Files\FlashGet Network\FlashGet 3\mxhelper.exe"
O4 - HKCU\..\Run: [TorrentStream] C:\Documents and Settings\a\Application Data\TorrentStream\engine\tsengine.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: &使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm
O8 - Extra context menu item: &使用迅雷離線下載 - C:\Program Files\Thunder Network\Thunder\BHO\OfflineDownload.htm
O8 - Extra context menu item: &捃濘狟婥善忒儂 - http://static.u.155.com/shoulei/shouleidl.htm
O8 - Extra context menu item: Google 網頁註解... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
O8 - Extra context menu item: 使用快車3下載 - C:\Documents and Settings\a\Application Data\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: 使用快車3下載全部鏈結 - C:\Documents and Settings\a\Application Data\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\OFFICE~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 妏蚚辦陬3狟婥 - C:\Documents and Settings\a\Application Data\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: 妏蚚辦陬3狟婥絞ヶ弝け - C:\Documents and Settings\a\Application Data\FlashGetBHO\GetFlvUrl.htm
O8 - Extra context menu item: 妏蚚辦陬3狟婥垓褡蚙 - C:\Documents and Settings\a\Application Data\FlashGetBHO\GetAllFlvUrl.htm
O8 - Extra context menu item: 妏蚚辦陬3狟婥垓螟晾 - C:\Documents and Settings\a\Application Data\FlashGetBHO\GetAllUrl.htm
O9 - Extra button: 運行迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe (file missing)
O9 - Extra 'Tools' menuitem: 運行迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe (file missing)
O9 - Extra button: 發佈至部落格 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: 使用 Windows Live Writer 發佈至部落格(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {10060452-A92B-4427-8E06-46904B8A3678} (OMG Control) - http://wishrun.me2.com.tw/activex/OMG.cab
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - http://content.systemrequirement ... t_cyri_4.1.71.0.cab
O16 - DPF: {2FD395CB-BD93-4BA9-AA4B-D725754E20D1} (Portalarium Player Web Plugin) - http://test.player.portalarium.c ... rtalariumPlayer.cab
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - http://content.systemrequirement ... ct_cyri_4.5.1.0.cab
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://dl.pplive.com/PluginSetup.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\261095~1.52\{c16c1~1\browse~1.dll
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 91忒儂翑忒督昢 (91MobileDevice) - Unknown owner - C:\Program Files\NetDragon\91Mobile\91MobileDeviceService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing)
O23 - Service: AVG WatchDog (avgwd) - Unknown owner - C:\Program Files\AVG\AVG10\avgwdsvc.exe (file missing)
O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrowserProtect - Unknown owner - C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
O23 - Service: Google 更新服務 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google 更新 服務 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 13628 bytes






TOP

Step 1 : 開啟 HijackThis 修復項目

  • 開啟 HijackThis,按一下 Do a system scan only
  • 在左方的小格,勾選以下項目:
    引用:
    O20 - AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\261095~1.52\{c16c1~1\browse~1.dll
  • 接一下 Fix checked,然後再按
  • 關閉 HijackThis

Step 2 : 重新啟動電腦

  • 重新啟動電腦
  • 請進入安全模式

Step 3 : 刪除檔案

  • 下載 OTM 至桌面,並執行 OTM
  • 複製下列文字,並貼上於 Paste Instructions for Items to be Moved 之框格內:
    引用:
    :files
    c:\docume~1\alluse~1\applic~1\browse~1\261095~1.52\{c16c1~1\browse~1.dll
  • 按一下 MoveIt!,再按 OK,並重新啟動電腦

Step 4 : 簡述情況及貼上報告

  • 請簡述一下閣下電腦的狀況
  • 請上傳下列報告至 Sendspace

  • HijackThis


[ 本帖最後由 anlth2010 於 2013-2-23 12:00 AM 編輯 ]



實用相關搜尋: Spa Canon 電腦

TOP

[隱藏]
主頁已經變番做google,但電腦有好多唔知咩黎既野,例如BrowserProtect

[ 本帖最後由 ye12355 於 2013-2-23 06:40 PM 編輯 ]



實用相關搜尋: Spa google 電腦

TOP

TOP

Step 1 : 下載及安裝 Malwarebytes' Anti-Malware

  • 下載 Malwarebytes' Anti-Malware
    http://www.malwarebytes.org/mbam-download.php
  • 儲存 mbam-setup.exe 至桌面
  • 執行 mbam-setup.exe 開始進行安裝,安裝時請選擇 English 作為安裝語言
  • Next,勾選 I accept the agreement 後再按 Next
  • 然後全部都按 Next,不需要更改任何設定
  • Install 後等候安裝
  • Finish 完成安裝,並進行更新

Step 2 : 使用 Malwarebytes' Anti-Malware

  • 勾選 Perform full scan,然後按 Scan
  • 再按 Scan,進行掃瞄
  • 等待掃瞄完成,按 Show Results,再按 Remove Selected 進行清理
  • 完成清理後會彈出掃描紀錄,請儲存掃描紀錄至桌面
  • 關閉 Malwarebytes' Anti-Malware

Step 3 : 簡述情況及貼上報告

  • 請簡述一下閣下電腦的狀況
  • 請上傳下列報告至 Sendspace

  • HijackThis
  • Malwarebytes' Anti-Malware



實用相關搜尋: Spa MBA 電腦

TOP

掃瞄完後,我係Malwarebytes' Anti-Malware既quarantine 度禁左delete all係咪姐係刪晒??





TOP

引用:
原帖由 ye12355 於 2013-2-24 04:23 AM 發表
掃瞄完後,我係Malwarebytes' Anti-Malware既quarantine 度禁左delete all係咪姐係刪晒??
是。



實用相關搜尋: Spa

TOP

我唔記得左ye12355 個密碼,所以開過個新.
http://www.sendspace.com/file/bszq4m  

Malwarebytes報告,用完 Malwarebytes 刪毒後. 開機後就咁得個桌面.load 開始果條工作列同d檔案都 load好耐先出.
我想del埋browserprotection 可以幫我??



實用相關搜尋: Spa 密碼

TOP

請貼上新的 HijackThis 紀錄。


實用相關搜尋: Spa

TOP

TOP

請重新安裝 Chrome,看看能否解決。






TOP

伸延閱讀
 提示:支持鍵盤翻頁 ←左 右→ 發新話題發佈投票

重要聲明:本討論區是以即時上載留言的方式運作,香港討論區對所有留言的真實性、完整性及立場等,不負任何法律責任。而一切留言之言論只代表留言者個人意 見,並非本網站之立場,讀者及用戶不應信賴內容,並應自行判斷內容之真實性。於有關情形下,讀者及用戶應尋求專業意見(如涉及醫療、法律或投資等問題)。 由於本討論區受到「即時上載留言」運作方式所規限,故不能完全監察所有留言,若讀者及用戶發現有留言出現問題,請聯絡我們。香港討論區有權刪除任何留言及拒絕任何人士上載留言 (刪除前或不會作事先警告及通知 ), 同時亦有不刪除留言的權利,如有任何爭議,管理員擁有最終的詮釋權 。用戶切勿撰寫粗言穢語、誹謗、渲染色情暴力或人身攻擊的言論,敬請自律。本網站保留一切法律權利。


Copyright©2003- Discuss.com.hk Limited. All Right Reserved.
版權所有,不得轉載。

10.0.1.5