求助 - 中了木馬病毒殺不掉

[aaa5178]

中了木馬病毒，隔離刪除重開機後，又出現啦!!



還有這個廣告病毒 taskmgr.exe




試過安全模式掃毒了...求解阿

----------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 下午 07:52:51, on 2014/7/27
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Garena Plus\ggdllhost.exe
C:\Users\MM\Desktop\iTools\iToolsDaemon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
D:\捃濘\Program\ThunderMobilePlatform.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\i Tunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\Garena Plus\GarenaMessenger.exe
C:\Users\MM\AppData\Local\Temp\RarSFX3\taskmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\MM\AppData\Local\Temp\RarSFX5\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\system32\wuauclt.exe
E:\HijackThis.exe

O1 - Hosts: 173.212.255.178 embedded.garena.com
O1 - Hosts: 173.212.255.178 embedded.garenanow.com
O1 - Hosts: 12.129.206.133 zhTW.patch.battle.net
O2 - BHO: XlBrowserAddinBho.XlBrowserAddinBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - D:\捃濘\BHO\XlBrowserAddin1.0.8.71.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Users\MM\Desktop\BitComet_1.34\tools\bitcometbho.dll
O2 - BHO: Search App by Ask BHO - {41564952-412D-5350-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-SP\Passport.dll" (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\捃濘\BHO\XunleiBHO7.2.13.3882.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Search App by Ask - {41564952-412D-5350-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-SP\Passport.dll" (file missing)
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\i Tunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [FObay] C:\Program Files\FObay\惟瑞畦溫.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [GarenaPlus] "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - HKCU\..\Run: [taskmgr] C:\Users\MM\AppData\Local\Temp\RarSFX3\taskmgr.exe
O4 - HKCU\..\Run: [iexplore] C:\Users\MM\AppData\Local\Temp\RarSFX5\iexplore.exe
O4 - HKCU\..\Run: [wins] "C:\Users\MM\AppData\Local\Temp\RarSFX3\taskmgr.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &使用BitComet下載 - res://C:\Users\MM\Desktop\BitComet_1.34\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &使用BitComet下載全部連結 - res://C:\Users\MM\Desktop\BitComet_1.34\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Foxy Download - res://C:\Users\MM\AppData\Local\Temp\RarSFX3\taskmgr.exe/download.htm
O8 - Extra context menu item: Foxy search - res://C:\Users\MM\AppData\Local\Temp\RarSFX3\taskmgr.exe/search.htm
O8 - Extra context menu item: 透過Mipony下載 - file://C:\Users\MM\Downloads\白馬下載器\App\MiPony\Browser\IEContext.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Users\MM\Desktop\BitComet_1.34\tools\bitcometbho.dll/206 (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.taobao.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - http://support.dell.com/systemprofil...SystemLite.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2A59126-720D-46C9-94B1-BCB7AEAEFD0C}: NameServer = 139.175.1.1 8.8.8.8
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NO-IP DUC v4 (NoIPDUCService4) - Unknown owner - C:\Program Files\No-IP\ducservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6996 bytes