求助 - 中了木馬病毒殺不掉

aaa5178 · 2014-07-28, 07:30 PM

等等..FOXY這東西N百年沒在用了，當時手動移除還刪了登錄檔，沒想到還是殘留遺毒

用了各位先進推薦的掃毒軟體，從微軟城堡->小紅傘->大蜘蛛->AdwCleaner
廣告依然在我撥號上網那一刻蹦出來，最後用了PC-TOOLS 廣告才撤底消失。

從掃了LOG，移除了FOXY那兩行
-----------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 下午 07:26:03, on 2014/7/28
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Garena Plus\ggdllhost.exe
C:\Windows\Explorer.EXE
C:\Users\MM\Desktop\iTools\iToolsDaemon.exe
D:\捃濘\Program\ThunderMobilePlatform.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\PC Tools Security\pctsGui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Garena Plus\GarenaMessenger.exe
C:\Program Files\Garena Plus\bbtalk\BBtalk.exe
C:\Users\MM\Desktop\SkypePortable\SkypePortable.exe
C:\Users\MM\Desktop\SkypePortable\App\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
E:\HijackThis.exe
C:\Windows\system32\DllHost.exe

R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - D:\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: XlBrowserAddinBho.XlBrowserAddinBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - D:\捃濘\BHO\XlBrowserAddin1.0.8.71.dll
O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - D:\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Users\MM\Desktop\BitComet_1.34\tools\bitcometbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\捃濘\BHO\XunleiBHO7.2.13.3882.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "D:\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &使用BitComet下載 - res://C:\Users\MM\Desktop\BitComet_1.34\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &使用BitComet下載全部連結 - res://C:\Users\MM\Desktop\BitComet_1.34\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 透過Mipony下載 - file://C:\Users\MM\Downloads\白馬下載器\App\MiPony\Browser\IEContext.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Users\MM\Desktop\BitComet_1.34\tools\bitcometbho.dll/206 (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.taobao.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - http://support.dell.com/systemprofil...SystemLite.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2A59126-720D-46C9-94B1-BCB7AEAEFD0C}: NameServer = 139.175.1.1 8.8.8.8
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - D:\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NO-IP DUC v4 (NoIPDUCService4) - Unknown owner - C:\Program Files\No-IP\ducservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\PC Tools Security\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6189 bytes

2014-07-28, 07:30 PM	#6 (permalink)
aaa5178 註冊會員榮譽勳章勳章總數 UID - 342567 在線等級: 註冊日期: 2010-09-20 文章: 9 精華: 0 現金: 15 金幣資產: 15 金幣	等等..FOXY這東西N百年沒在用了，當時手動移除還刪了登錄檔，沒想到還是殘留遺毒用了各位先進推薦的掃毒軟體，從微軟城堡->小紅傘->大蜘蛛->AdwCleaner 廣告依然在我撥號上網那一刻蹦出來，最後用了PC-TOOLS 廣告才撤底消失。從掃了LOG，移除了FOXY那兩行 ----------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 下午 07:26:03, on 2014/7/28 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17207) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Garena Plus\ggdllhost.exe C:\Windows\Explorer.EXE C:\Users\MM\Desktop\iTools\iToolsDaemon.exe D:\捃濘\Program\ThunderMobilePlatform.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe D:\PC Tools Security\pctsGui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Garena Plus\GarenaMessenger.exe C:\Program Files\Garena Plus\bbtalk\BBtalk.exe C:\Users\MM\Desktop\SkypePortable\SkypePortable.exe C:\Users\MM\Desktop\SkypePortable\App\Skype\Phone\Skype.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe E:\HijackThis.exe C:\Windows\system32\DllHost.exe R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - D:\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: XlBrowserAddinBho.XlBrowserAddinBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - D:\捃濘\BHO\XlBrowserAddin1.0.8.71.dll O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - D:\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Users\MM\Desktop\BitComet_1.34\tools\bitcometbho.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\捃濘\BHO\XunleiBHO7.2.13.3882.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\PC Tools Security\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ISTray] "D:\PC Tools Security\pctsGui.exe" /hideGUI O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &使用BitComet下載 - res://C:\Users\MM\Desktop\BitComet_1.34\BitComet.exe/AddLink.htm O8 - Extra context menu item: &使用BitComet下載全部連結 - res://C:\Users\MM\Desktop\BitComet_1.34\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: 透過Mipony下載 - file://C:\Users\MM\Downloads\白馬下載器\App\MiPony\Browser\IEContext.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Users\MM\Desktop\BitComet_1.34\tools\bitcometbho.dll/206 (file missing) O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://.alipay.com O15 - Trusted Zone: http://.alisoft.com O15 - Trusted Zone: http://.taobao.com O15 - ESC Trusted Zone: http://.update.microsoft.com O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - http://support.dell.com/systemprofil...SystemLite.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E2A59126-720D-46C9-94B1-BCB7AEAEFD0C}: NameServer = 139.175.1.1 8.8.8.8 O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Unknown owner - D:\PC Tools Security\BDT\BDTUpdateService.exe O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NO-IP DUC v4 (NoIPDUCService4) - Unknown owner - C:\Program Files\No-IP\ducservice.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\PC Tools Security\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\PC Tools Security\pctsSvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 6189 bytes

	送花文章: 17, 收花文章: 2 篇, 收花: 2 次

Google 提供的廣告