瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 125wa浏览器劫持怎么杀?求助
freshliu - 2010-10-1 12:04:00
日志文件 Trend Micro HijackThis v 2.0.2
日志保存时间: 11:51:19,2010-10-1
操作系统: Windows XP SP3 (WinNT 5.01.2600)
IE版本: Internet Explorer v6.00 SP3 (6.00.2900.5512)
启动模式: 正常
正在运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\360safe\deepscan\zhudongfangyu.exe
d:\kingsoft\KSM\ksmsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WinRAR\svchost.eye
C:\WINDOWS\system32\ctfmon.exe
D:\360safe\safemon\360tray.exe
D:\360\360sd\360sd.exe
D:\360safe\360LEA~1.EXE
d:\360\360sd\360rp.exe
C:\WINDOWS\system32\Macromadendt\orvybe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.188\HIJACK~1.EXE
O2 - BHO: PIPI Link Helper - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - E:\pipi\JfCheck.dll
O2 - BHO: 卡卡上网安全助手 - {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - C:\WINDOWS\system32\UrlFilter.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - D:\360safe\safemon\safemon.dll
O2 - BHO: 中国工商银行BHO - {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll
O4 - HKLM\..\Run: [360Safetray] "D:\360safe\safemon\360tray.exe" /start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [360sd] "D:\360\360sd\360sd.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: 皮皮.lnk = E:\pipi\jfCacheMgr.exe
O4 - Global User Startup: 皮皮.lnk = E:\pipi\jfCacheMgr.exe
O15 - Trusted Zone: http://list1.111222.cn
O15 - Trusted Zone: http://*.boc.cn
O15 - Trusted Zone: http://kan.pps.tv
O15 - Trusted Zone: http://list1.pps.tv
O15 - Trusted Zone: http://tvguide.pps.tv
O15 - Trusted Zone: http://vodguide.pps.tv
O15 - Trusted Zone: http://list1.ppstream.com
O15 - Trusted Zone: http://notice.ppstream.com
O15 - Trusted Zone: http://xml1.ppstream.com
O15 - Trusted Zone: http://xml2.ppstream.com
O15 - Trusted Zone: http://xml3.ppstream.com
O15 - Trusted Zone: http://list1.ppstream.net
O15 - Trusted Zone: http://list1.ppstv.com
O15 - Trusted Zone: http://list1.ppstv.net
O15 - ESC Trusted Zone: http://list1.111222.cn
O15 - ESC Trusted Zone: http://kan.pps.tv
O15 - ESC Trusted Zone: http://list1.pps.tv
O15 - ESC Trusted Zone: http://tvguide.pps.tv
O15 - ESC Trusted Zone: http://vodguide.pps.tv
O15 - ESC Trusted Zone: http://list1.ppstream.com
O15 - ESC Trusted Zone: http://notice.ppstream.com
O15 - ESC Trusted Zone: http://xml1.ppstream.com
O15 - ESC Trusted Zone: http://xml2.ppstream.com
O15 - ESC Trusted Zone: http://xml3.ppstream.com
O15 - ESC Trusted Zone: http://list1.ppstream.net
O15 - ESC Trusted Zone: http://list1.ppstv.com
O15 - ESC Trusted Zone: http://list1.ppstv.net
O16 - DPF: {3AA9CF07-DF20-48FF-98BE-DED276E40146} (GDGetTokenInfo Class) - https://b2c.icbc.com.cn/icbc/GDReadPub.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) - https://download.alipay.com/aliedit/aliedit/2302/aliedit.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://b2c.icbc.com.cn/icbc/newperbank/AXSafeControls.cab
O16 - DPF: {7CCE07A5-A590-4554-B5C3-082840D7012E} (GDGetVer Class) - https://b2c.icbc.com.cn/icbc/icbc_gdgetdv.dll
O16 - DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} (InfoSecICBCNetSign Class) - https://b2c.icbc.com.cn/icbc/ICBC_NetSign.dll
O16 - DPF: {F2AF4FB7-CC87-49C9-B147-E1BAAC82BCDD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/newperbank/icbcinput.cab
O23 - NT 服务:  360安全卫士管理 (3600) - Unknown owner - C:\WINDOWS\system32\uiay.exe(文件不存在)
O23 - NT 服务:  360 杀毒实时防护服务 (360rp) - 360.cn - d:\360\360sd\360rp.exe
O23 - NT 服务:  FireFox Driver (FireFox) - Unknown owner - C:\WINDOWS\system32\firefox.exe(文件不存在)
O23 - NT 服务:  Google 更新服务 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - NT 服务:  Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - NT 服务:  ICBC Daemon Service - Unknown owner - C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe
O23 - NT 服务:  Kingsoft Rescue Service - Unknown owner - d:\kingsoft\KSM\ksmsvc.exe
O23 - NT 服务:  Microsoft Software Make System Shadow Copy Provider Services (Msmsscps) - Unknown owner - C:\WINDOWS\system32\Macromadendt\orvybe.exe
O23 - NT 服务:  nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe(文件不存在)
O23 - NT 服务:  NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务:  PIPIStartSvr - PIPI - e:\pipi\PIPIStartSvr.exe
O23 - NT 服务:  主动防御 (ZhuDongFangYu) - 360.cn - D:\360safe\deepscan\zhudongfangyu.exe
--
文件结束 - 5889 字节

用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; VB_pornaztar; Foxy/2; hotvideobar_1_1_2717726132172_273_36; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30618; InfoPath.2)
五花草甸 - 2010-10-1 12:06:00
尝试使用瑞星卡卡上网安全助手清理一下流氓软件。
freshliu - 2010-10-1 12:09:00
试了,没用
五花草甸 - 2010-10-1 12:10:00
使用sreng扫描日志附上来看一下。
1
查看完整版本: 125wa浏览器劫持怎么杀?求助