查看完整版本 : 上網中毒 可能中tracking cookie毒

user9413 2014-11-19 10:35 PM

上網中毒 可能中tracking cookie毒

求助.. 一上網就load一大輪野先去到個網...左下角係咁出現唔同既網...掃完毒都係咁
付上hijackthis 唔該版主:smile_13:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 下午 10:34:44, on 2014/11/19
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16750)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Garena Plus\ggdllhost.exe
C:\Program Files (x86)\360AP\360AP.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\360AP\360AP.exe
C:\Program Files (x86)\360AP\360AP.exe
C:\Program Files (x86)\Garena Plus\bbtalk\BBtalk.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [GarenaPlus] "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-454378169-3405015496-2060536119-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-454378169-3405015496-2060536119-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: &使用BitComet下載 - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &使用BitComet下載全部連結 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 傳送至 OneNote(&N) - res://E:\Jason\OFFICE~1\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://E:\Jason\OFFICE~1\Office15\EXCEL.EXE/3000
O9 - Extra button: 傳送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: 傳送至 OneNote(&N) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync 按一下撥打 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync 按一下撥打 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote 連結筆記(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote 連結筆記(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - [url]http://download.eset.com/special/eos/OnlineScanner.cab[/url]
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - [url]www.BitComet.com[/url] - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9237 bytes

[[i] 本帖最後由 user9413 於 2014-11-19 10:40 PM 編輯 [/i]]

sandywky52 2014-11-20 02:20 PM

你係咪之前裝過某D軟件?

user9413 2014-11-20 09:14 PM

[quote]原帖由 [i]sandywky52[/i] 於 2014-11-20 02:20 PM 發表 [url=http://computer.discuss.com.hk/redirect.php?goto=findpost&pid=402892282&ptid=24045572][img]http://computer.discuss.com.hk/images/common/back.gif[/img][/url]
你係咪之前裝過某D軟件? [/quote]

可能係...:smile_42: 之後我即刻產左d似毒既野 都係咁

sandywky52 2014-11-20 09:15 PM

[quote]原帖由 [i]user9413[/i] 於 2014-11-20 09:14 PM 發表 [url=http://computer.discuss.com.hk/redirect.php?goto=findpost&pid=402914954&ptid=24045572][img]http://computer.discuss.com.hk/images/common/back.gif[/img][/url]


可能係...:smile_42: 之後我即刻產左d似毒既野 都係咁 [/quote]
你裝果個係咩軟件?

user9413 2014-11-20 11:19 PM

[quote]原帖由 [i]sandywky52[/i] 於 2014-11-20 09:15 PM 發表 [url=http://computer.discuss.com.hk/redirect.php?goto=findpost&pid=402915003&ptid=24045572][img]http://computer.discuss.com.hk/images/common/back.gif[/img][/url]

你裝果個係咩軟件? [/quote]

好似係gosave..好似仲有其他,我太快產哂唔記得:smile_27:

sandywky52 2014-11-20 11:40 PM

你有無系統還原。



[url=http://www.discuss.com.hk/iphone][img=100,23]http://i.discuss.com.hk/d/images/r10/iphoneD.jpg[/img][/url]

user9413 2014-11-21 10:34 AM

[quote]原帖由 [i]sandywky52[/i] 於 2014-11-20 11:40 PM 發表 [url=http://computer.discuss.com.hk/redirect.php?goto=findpost&pid=402924304&ptid=24045572][img]http://computer.discuss.com.hk/images/common/back.gif[/img][/url]
你有無系統還原。



[img]http://i.discuss.com.hk/d/images/r10/iphoneD.jpg[/img] [/quote]
岩岩還原左一星期前,上網速度快左,但左下角仍然有一堆不明網站係度: 連接xxxx.xxxxx.xxxx

sandywky52 2014-11-21 11:40 AM

[quote]原帖由 [i]user9413[/i] 於 2014-11-21 10:34 AM 發表 [url=http://www.discuss.com.hk/redirect.php?goto=findpost&pid=402944595&ptid=24045572][img]http://www.discuss.com.hk/images/common/back.gif[/img][/url]

岩岩還原左一星期前,上網速度快左,但左下角仍然有一堆不明網站係度: 連接xxxx.xxxxx.xxxx [/quote]
你試下上網後在IE刪晒D cookie setting之類。



[url=http://www.discuss.com.hk/iphone][img=100,23]http://i.discuss.com.hk/d/images/r10/iphoneD.jpg[/img][/url]

user9413 2014-11-22 12:30 AM

[quote]原帖由 [i]sandywky52[/i] 於 2014-11-21 11:40 AM 發表 [url=http://computer.discuss.com.hk/redirect.php?goto=findpost&pid=402948843&ptid=24045572][img]http://computer.discuss.com.hk/images/common/back.gif[/img][/url]

你試下上網後在IE刪晒D cookie setting之類。



[img]http://i.discuss.com.hk/d/images/r10/iphoneD.jpg[/img] [/quote]
無咩分別:smile_13:

sandywky52 2014-11-22 01:49 AM

你試下下載ccleaner去清理呢個程式。清理得更仔細!



[url=http://www.discuss.com.hk/iphone][img=100,23]http://i.discuss.com.hk/d/images/r10/iphoneD.jpg[/img][/url]

andrew412345 2014-12-12 04:13 PM

你份 LOG 唔見有可疑程序, 但我都係未清楚理解你發生乜事

[quote]原帖由 user9413 於 2014-11-21 10:34 AM 發表

岩岩還原左一星期前,上網速度快左,但左下角仍然有一堆不明網站係度: 連接xxxx.xxxxx.xxxx [/quote]

左下角即係乜野?
連接既係乜野網?
有冇詳細D既資料可以提供完先問人.

一 : CAP張圖黎
二 : 詳細表達左下角定義 (乜野程式左下角, 定 windows 左下角), 你用緊乜 browser, 左下角出現既係乜野訊息, 一字不漏打哂出黎, 人地先幫到你.
頁: [1]
查看完整版本: 上網中毒 可能中tracking cookie毒