289803508
新手上路
积分 2
发帖 2
注册 2011-3-20
|
#1 被www.csdiv.com和www.bidoke.com绑架攻击了,求解!
请教高手,如何去除这些流氓?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:25:08, on 2011/3/19
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\360Safebox\safeboxtray.exe
C:\Windows\System32\D4Svr_ICBC.exe
C:\Program Files\360\360Safe\safemon\360tray.exe
C:\Users\Administrator.PC-20100818ZXXO\AppData\Roaming\360se\bin\360se.exe
C:\Users\Administrator.PC-20100818ZXXO\AppData\Roaming\360se\extensions\ExtWebmail\360seNotify.exe
C:\Users\Administrator.PC-20100818ZXXO\AppData\Roaming\360se\bin\Extensions\SafeCentral\urlproc.exe
C:\Users\Administrator.PC-20100818ZXXO\AppData\Roaming\360se\bin\360se.exe
C:\Program Files\Kingsoft\WPS Office Personal\office6\et.exe
C:\Users\Administrator.PC-20100818ZXXO\AppData\Roaming\360se\bin\360se.exe
C:\Program Files\Kingsoft\WPS Office Personal\office6\wps.exe
C:\Users\Administrator.PC-20100818ZXXO\AppData\Roaming\360se\bin\360se.exe
C:\Users\Administrator.PC-20100818ZXXO\AppData\Roaming\360se\bin\360se.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Users\Administrator.PC-20100818ZXXO\AppData\Roaming\360se\bin\360se.exe
C:\Users\Administrator.PC-20100818ZXXO\AppData\Roaming\360se\bin\360se.exe
C:\Users\Administrator.PC-20100818ZXXO\AppData\Roaming\360se\bin\360se.exe
C:\Windows\notepad.exe
C:\Program Files\SogouInput\5.1.1.4954\SogouCloud.exe
C:\Users\Administrator.PC-20100818ZXXO\AppData\Roaming\360se\bin\360se.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
O2 - BHO: MediaMonitor.XlMediaMonitorBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files\Thunder Network\Thunder\BHO\MediaMonitor1.0.0.11.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.1.6.2194.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O4 - HKLM\..\Run: [D4Svr_ICBC.exe] C:\Windows\system32\D4Svr_ICBC.exe
O4 - HKLM\..\Run: [360Safetray] "C:\Program Files\360\360Safe\safemon\360Tray.exe" /start
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: 51彩虹.lnk = C:\Program Files\CaiHong\caihong.exe
O8 - Extra context menu item: pba上传到淘江湖相册 - C:\Program Files\AliWangWang\AddToAlbum.htm
O8 - Extra context menu item: 使用迅雷下载bedook - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm
O8 - Extra context menu item: 分享到芳草集淘江湖 - C:\Program Files\AliWangWang\ShareToTJH.htm
O8 - Extra context menu item: 添加为阿里旺旺表情 - C:\Program Files\AliWangWang\AddNewEmotion.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\Bin\AddEmotion.htm
O8 - Extra context menu item: 添加到彩虹表情 - C:\Program Files\CaiHong\EmotionAdder.htm
O9 - Extra button: 浩方电竞平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\Holdfast\platform 5.0\gameclient.exe
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.securitycenter.alipay.com
O15 - Trusted Zone: http://*.taobao.com
O15 - Trusted Zone: http://*.alipay.com (HKLM)
O15 - Trusted Zone: http://*.alisoft.com (HKLM)
O15 - Trusted Zone: http://*.taobao.com (HKLM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {060CA154-DF25-4F03-98AA-FBCDE9D27382} (TDRDV Class) - https://mybank.icbc.com.cn/icbc/ICBC_TDRDV.cab
O16 - DPF: {0EB487C8-E9AC-43A6-8C4C-083999B0622F} (InfosecCertInstall Class) - https://mybank.icbc.com.cn/icbc/newperbank/certInStall.dll
O16 - DPF: {36C9539B-49D2-01C7-9C6D-10DACDFEA59C} (Axcleanctrl Class) - https://mybank.icbc.com.cn/icbc/newperbank/icbcclean.cab
O16 - DPF: {3AA9CF07-DF20-48FF-98BE-DED276E40146} (GDGetTokenInfo Class) - https://mybank.icbc.com.cn/icbc/GDReadPub.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) - https://img.alipay.com/download/2121/aliedit.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://b2c.icbc.com.cn/icbc/newperbank/AXSafeControls.cab
O16 - DPF: {746E471A-B6E4-44E3-8F3C-2A09B3A030B4} (Token Class) - https://mybank.icbc.com.cn/icbc/icbc_tdrusbkey.cab
O16 - DPF: {7CCE07A5-A590-4554-B5C3-082840D7012E} (GDGetVer Class) - https://mybank.icbc.com.cn/icbc/icbc_gdgetdv.dll
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://b2c.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
O16 - DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} (InfoSecICBCNetSign Class) - https://mybank.icbc.com.cn/icbc/ICBC_NetSign.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.co ... s/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E4BFF825-2E50-4BCC-8497-6EFDFB6C9B3D} (AxUSBKey Class) - https://mybank.icbc.com.cn/icbc/newperbank/USBKEY.cab
O18 - Protocol: KuGoo - (no CLSID) - (no file)
O18 - Protocol: KuGoo3 - (no CLSID) - (no file)
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apache2.2 - Apache Software Foundation - D:\dede\DedeAMPZ\Program\Apache\bin\httpd.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: MySql - Unknown owner - D:\dede\DedeAMPZ\Program\MySQL5\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PCSService_Unicom - Unknown owner - C:\Program Files\联通无线上网卡\PCSService_Unicom.exe
O23 - Service: Tencent Software Update Service (TSUSVC) - Tencent - C:\Program Files\Tencent\QQSoftMgr\1.0.375.203\TencentUpdateSvc.exe
O23 - Service: XLDoctor Services - 深圳市迅雷网络技术有限公司 - C:\Program Files\Thunder Network\Thunder\Program\DctSer.exe
O23 - Service: 主动防御 (ZhuDongFangYu) - 360.cn - C:\Program Files\360\360Safe\deepscan\zhudongfangyu.exe
--
End of file - 7787 bytes
| |
※ ※ ※ 本文纯属【289803508】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
 |
|
