瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 请高手看HijackThis的报告,是否有恶意网址修改了我的ie设置?
ghzjoy - 2017-2-27 22:01:00
请高手看HijackThis的报告,是否有恶意网址修改了我的ie设置?




日志文件 Trend Micro HijackThis v 2.0.2
日志保存时间: 1:50:30,2017-2-26
操作系统: Windows XP SP3 (WinNT 5.01.2600)
IE版本: Internet Explorer v8.00 (8.00.6001.18702)
启动模式: 正常


正在运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\360\360Safe\deepscan\zhudongfangyu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\tp4mon.exe
C:\Program Files\HengShuiBank\certd2ka_HSBANK.exe
C:\Program Files\CCBComponents\DMWZ\CCBCertificate.exe
C:\Program Files\CCBComponents\HDZB\USBKeyTools.exe
C:\WINDOWS\system32\D4Svr_CCB.exe
C:\Program Files\360\360Safe\safemon\360Tray.exe
C:\Program Files\CMBC\EBankingAssistant\USBKey\CMBCu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CCBComponents\HDZB\CCB_HDZB_2G_DeviceService.exe
C:\WINDOWS\system32\HZ_CommSrv.exe
C:\WINDOWS\system32\D4Ser_CCB.exe
C:\WINDOWS\system32\D4MON_CCB.exe
C:\Program Files\Common Files\Tencent\QQProtect\Bin\QQProtect.exe
C:\WINDOWS\system32\WatchData\Watchdata CCB OCL CSP v3.2\WDKeyMonitorCCB.exe
C:\Program Files\SogouExplorer\SogouExplorer.exe
C:\Program Files\SogouExplorer\SogouExplorer.exe
C:\Program Files\SogouExplorer\SogouExplorer.exe
C:\Program Files\SogouExplorer\SogouExplorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\TM\Bin\TXPlatform.exe
C:\Program Files\SogouExplorer\SogouExplorer.exe
C:\Program Files\SogouInput\8.2.0.9257\SogouCloud.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EXa0.580\hijackthis.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse82.tmp\hijackthis.exe
C:\Program Files\SogouInput\8.2.0.9257\SGTool.exe


O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360\360Safe\safemon\safemon.dll
O2 - BHO: AccountProtect - {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} - C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\QQAntiPhishing\AccountProtect.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Shuttle2000auto] C:\Program Files\HengShuiBank\certd2ka_HSBANK.exe
O4 - HKLM\..\Run: [CCBCertificate] C:\Program Files\CCBComponents\DMWZ\CCBCertificate.exe
O4 - HKLM\..\Run: [USBKeyTools.exe] C:\Program Files\CCBComponents\HDZB\USBKeyTools.exe
O4 - HKLM\..\Run: [D4Svr_CCB.exe] D4Svr_CCB.exe
O4 - HKLM\..\Run: [360Safetray] "C:\Program Files\360\360Safe\safemon\360tray.exe" /start
O4 - HKLM\..\Run: [CMBC CSP V1.0] "C:\Program Files\CMBC\EBankingAssistant\USBKey\CMBCu.exe" |a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - 扩展右键菜单项: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O15 - Trusted Zone: http://*.ccb.com
O15 - Trusted Zone: http://*.ccb.com
O15 - Trusted Zone: http://www.cfca.com.cn
O15 - Trusted Zone: http://*.cfca.com.cn
O15 - Trusted Zone: http://www.cmbc.com.cn
O15 - Trusted Zone: http://*.cmbc.com.cn
O15 - Trusted IP range: http://210.74.41.37
O15 - Trusted IP range: http://210.74.42.8
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {3DB59753-AAC5-4BF1-8984-D31CD04EA864} (PowerPasswordXCCFCCB Control) - https://ebank.ccfccb.cn:8443/pweb/ocx/ccfccb/PowerEnter.CAB
O16 - DPF: {F3E92562-1B4D-4BFA-B2D4-E9BCABE3B5CE} (iesignCCFCCB Control) - https://ebank.ccfccb.cn:8443/pweb/ocx/ccfccb/iesign.ocx
O16 - DPF: {F58DE8AE-DB8D-4BF0-AE31-31E524A4D2BB} (SafeUtilCCFCCB Control) - https://ebank.ccfccb.cn:8443/pweb/setup/iProtectCCFCCB.ocx
O23 - NT 服务:  HDZB Comm Service For CCB 2G MASS (HDZB_DeviceService_For_CCB_2G) - Unknown owner - C:\Program Files\CCBComponents\HDZB\CCB_HDZB_2G_DeviceService.exe
O23 - NT 服务:  HDZB Comm Service For V2.0 (HZ_CommSrv) - 华大智宝电子系统有限公司 - C:\WINDOWS\system32\HZ_CommSrv.exe
O23 - NT 服务:  ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - NT 服务:  OnKey Service CCB - Tendyron Corporation - C:\WINDOWS\system32\D4Ser_CCB.exe
O23 - NT 服务:  QPCore Service (QPCore) - Tencent - C:\Program Files\Common Files\Tencent\QQProtect\Bin\QQProtect.exe
O23 - NT 服务:  搜狗拼音输入法基础服务 (SogouSvc) - Sogou.com Inc. - C:\Program Files\SogouInput\8.2.0.9257\SogouSvc.exe
O23 - NT 服务:  Watchdata ccb V3.2 (WDMonitorCCB) -  Beijing WatchData System Co., Ltd. - C:\WINDOWS\system32\WatchData\Watchdata CCB OCL CSP v3.2\WDKeyMonitorCCB.exe
O23 - NT 服务:  主动防御 (ZhuDongFangYu) - 360.cn - C:\Program Files\360\360Safe\deepscan\zhudongfangyu.exe


--
文件结束 - 5615 字节
天月来了 - 2017-3-1 9:10:00
你问是否有
那你运行IE浏览器的时候,你看你有没有被改啊?
1
查看完整版本: 请高手看HijackThis的报告,是否有恶意网址修改了我的ie设置?