‹‹ 上一主題 | 下一主題 ››
發新話題
打印

木馬, 全部捷徑都被破壞[附hijack this]

fanatic

二星fun會員

Rank: 3Rank: 3
1# 發表於 2009-1-27 16:38  只看該作者

木馬, 全部捷徑都被破壞[附hijack this]

年三十晚開始中招, 好多唔同的症狀:
彈出不明來歷的視窗
瀏覽器首頁被綁架
我的最愛出現不明來歷的連結
CPU使用程度經常在100%
開唔到task manager
應該破壞左 .lnk .scf的連結, 所以桌面所有icon都開唔到, 所有icon都變晒做default無指定開啟程式的icon, 而且例如word檔就咁double click開唔到, 要係root directory搵word開左個program先開到個檔.


用過f-secure online scan, scan完之後開始刪檔 IE就出現錯誤強行關閉. 用埋micro trend都係一樣, scan完刪檔就自行關閉.

亦有用adware係安全mode下掃, 全部掃到的都清除左. 但係開番正常windows再掃就有好多清除唔到.

麻煩各位幫我睇睇咩事

TOP

fanatic

二星fun會員

Rank: 3Rank: 3
2# 發表於 2009-1-27 17:32  只看該作者
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 04:00:22, on 2009/1/27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\IRReceive\IRReceive.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

TOP

fanatic

二星fun會員

Rank: 3Rank: 3
3# 發表於 2009-1-27 17:39  只看該作者
O1 - Hosts: 60.173.10.253 www.sznews.com
O1 - Hosts: 60.173.10.253 www.baidu.com
O1 - Hosts: 60.173.10.253 www.idoer.org
O1 - Hosts: 60.173.10.253 baidu.com
O1 - Hosts: 60.173.10.253 www.lhgz.com.cn
O1 - Hosts: 60.173.10.253 qq123.d189.5kweb.cn
O1 - Hosts: 60.173.10.253 www.taxexpert.com.cn
O1 - Hosts: 60.173.10.253 web.szds.gov.cn
O1 - Hosts: 60.173.10.253 www.szgs.gov.cn
O1 - Hosts: 60.173.10.253 www.szds.gov.cn
O1 - Hosts: 60.173.10.253 www.qz315.cn
O1 - Hosts: 60.173.10.253 www.315safe.com
O1 - Hosts: 60.173.10.253 www.315.gov.cn
O1 - Hosts: 60.173.10.253 www.315wm.com
O1 - Hosts: 60.173.10.253 www.ca315.com.cn
O1 - Hosts: 60.173.10.253 www.315ts.net
O1 - Hosts: 60.173.10.253 szgz.gov.cn
O1 - Hosts: 60.173.10.253 www.szgz.gov.cn
O1 - Hosts: 60.173.10.253 wenwen.soso.com
O1 - Hosts: 60.173.10.253 qbar.qq.com
O1 - Hosts: 60.173.10.253 imsafe.qq.com
O1 - Hosts: 60.173.10.253 service.qq.com
O1 - Hosts: 60.173.10.253 qq.com
O1 - Hosts: 60.173.10.253 www.qq.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09EB15FA-17D8-4D60-8598-3F549A848DF2} - C:\PROGRA~1\INTERN~1\PLUGINS\b54321.bho
O2 - BHO: (no name) - {0AF9DF69-E866-4FEC-AE8D-A89B3F44AC02} - C:\Program Files\Internet Explorer\RxPleroBt.Rxf
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6A8D34D7-08D7-421F-AFF6-956A0BD6F0BF} - C:\Program Files\Internet Explorer\PowerNeNt.Onz
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {CAB2E13E-848E-4DA0-A97D-53245C25449A} - C:\Program Files\Internet Explorer\UzzzKtzNt.Ozg
O2 - BHO: (no name) - {CBD9FCD6-0F8C-4596-9B3F-2F6974FFE672} - C:\Program Files\Internet Explorer\RsenRz.R91
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [IRReceive] "C:\Program Files\IRReceive\IRReceive.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe
O4 - HKLM\..\Policies\Explorer\Run: [qq] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\343370
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - Extra context menu item: &U妏蚚馨譙儂狟婥甜彶紲 - C:\Program Files\NamiRobot\Data\du.html
O8 - Extra context menu item: 使用 BitComet 下載全部影片(&V) - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: 使用 BitComet 下載全部連結(&A) - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用 BitComet 下載連結(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: 發佈至部落格 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: 使用 Windows Live Writer 發佈至部落格(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O14 - IERESET.INF: START_PAGE_URL=tw.yahoo.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/contr ... kPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.co ... /activex/hcImpl.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_g ... popcaploader_v6.cab
O20 - AppInit_DLLs: npbdiign.dll,ioofcnol.dll,ijhacchp.dll,fomkjklb.dll,kingcelf.dll,kjcnihod.dll,lmgkifpn.dll,ebaknhih.dll,dhmdiilb.dll,jkfdpdkc.dll,anolonii.dll,nfhnkkdj.dll,ckagblpl.dll,eepgcpbm.dll,kidiipkk.dll,mfmcicpa.dll
O21 - SSODL: F46C687F - {F46C687F-0B22-40E8-A84E-0BD4B9A68249} - (no file)
O21 - SSODL: 028FFECE - {028FFECE-5979-4F34-A5E3-7FBE587F0ABF} - (no file)
O21 - SSODL: F311903F - {F311903F-DD9B-466F-AB6F-9F292563B5C9} - (no file)
O21 - SSODL: A5A34612 - {A5A34612-8B2B-4141-9481-D42F47582C5B} - (no file)
O21 - SSODL: 38B409AA - {38B409AA-939A-4F9B-8A21-632743620474} - (no file)
O21 - SSODL: F7F1AC5B - {F7F1AC5B-C67E-4444-B92F-9BCEE1EBF0A5} - (no file)
O21 - SSODL: A56783DD - {A56783DD-F2D4-47C5-9566-78528CFD338A} - (no file)
O21 - SSODL: 042852EA - {042852EA-46AA-4BF8-904B-B84440F0132C} - (no file)
O21 - SSODL: 6FE8AB94 - {6FE8AB94-894A-4ADE-A76E-FE405CFD531E} - (no file)
O21 - SSODL: 193311A1 - {193311A1-9DD0-4DEA-B368-C142D6E9D937} - (no file)
O21 - SSODL: 05A4B9D9 - {05A4B9D9-7632-4BF0-8DEF-77EF5CA3E066} - (no file)
O21 - SSODL: C8368AA1 - {C8368AA1-4308-418B-B1C6-20E16E81C8FC} - (no file)
O21 - SSODL: E8388316 - {E8388316-153A-4310-AF0E-BD88F37874AA} - (no file)
O21 - SSODL: CEC5A543 - {CEC5A543-54C7-4A13-B733-CE0329FB9719} - (no file)
O21 - SSODL: B821A44D - {B821A44D-16B2-40E2-9B00-5BBD7426C5AA} - (no file)
O21 - SSODL: 20B7BE99 - {20B7BE99-B765-4143-B28F-7B05795E37AF} - (no file)
O21 - SSODL: 6956518B - {6956518B-C494-44B1-8E71-D3E80C3D510A} - (no file)
O21 - SSODL: 4F579D4E - {4F579D4E-008D-4EC3-97EB-FF3E45CD1A93} - (no file)
O21 - SSODL: D8B3117A - {D8B3117A-1AB4-49EA-91FE-171737F9C107} - (no file)
O21 - SSODL: 32564541 - {32564541-2905-4732-96B5-230308C8AF9E} - (no file)
O21 - SSODL: 7421A77E - {7421A77E-FE8A-4512-A11B-54D34EBA8568} - (no file)
O21 - SSODL: 5B1C3DCE - {5B1C3DCE-977A-4864-9633-72A012491D39} - (no file)
O21 - SSODL: 05013B75 - {05013B75-29A9-464A-B3A0-54A5BB8E297E} - (no file)
O21 - SSODL: C8B94C06 - {C8B94C06-09D6-4DDF-B31A-81B6725F7DA7} - (no file)
O21 - SSODL: 48E297B2 - {48E297B2-A5EF-477E-BCF6-F9E620992C65} - (no file)
O21 - SSODL: 0C87763D - {0C87763D-FE7D-4CBF-88AC-17F8C5385E76} - (no file)
O21 - SSODL: 79BD2207 - {79BD2207-50B2-4242-AD57-ABCBC1494C2E} - C:\WINDOWS\system32\npbdiign.dll
O21 - SSODL: FF04478F - {FF04478F-E842-4CE7-8583-B802B395860D} - (no file)
O21 - SSODL: 1FB81D23 - {1FB81D23-C89A-40A2-9788-4008F1BAFBCF} - (no file)
O21 - SSODL: 1BD2D38C - {1BD2D38C-B818-4591-97A5-55B24C13D205} - (no file)
O21 - SSODL: 0E957DCC - {0E957DCC-C945-49E8-81DE-15FF0C3CD9F5} - (no file)
O21 - SSODL: 6EC7C2E6 - {6EC7C2E6-DB0D-4262-9879-3B32C1B769EB} - (no file)
O21 - SSODL: CACDF8D9 - {CACDF8D9-2C4C-40F0-8036-0640BA10EF0C} - (no file)
O21 - SSODL: AC5AE035 - {AC5AE035-2626-416C-B586-412CEA47320E} - (no file)
O21 - SSODL: 18E26383 - {18E26383-16CF-41EF-A945-6F52185563E3} - (no file)

TOP

fanatic

二星fun會員

Rank: 3Rank: 3
4# 發表於 2009-1-27 17:41  只看該作者
O21 - SSODL: 288FC785 - {288FC785-B27F-4604-A7C1-04EDBEA95364} - C:\WINDOWS\system32\ioofcnol.dll
O21 - SSODL: 231ACC19 - {231ACC19-1D8D-4BB7-A4F9-AEAE7B067641} - C:\WINDOWS\system32\ijhacchp.dll
O21 - SSODL: A7858722 - {A7858722-C8B6-47A3-A9F4-570FF79BF3BA} - C:\WINDOWS\system32\anolonii.dll
O21 - SSODL: 34FD9D4C - {34FD9D4C-CD79-44DC-B983-A9C40FF835F6} - C:\WINDOWS\system32\jkfdpdkc.dll
O21 - SSODL: D16D225B - {D16D225B-BDA9-4A53-A89D-48362E8EBDDC} - C:\WINDOWS\system32\dhmdiilb.dll
O21 - SSODL: EBA47121 - {EBA47121-2DC1-4940-95BA-7B9971B634AF} - C:\WINDOWS\system32\ebaknhih.dll
O21 - SSODL: 56042F97 - {56042F97-7B03-4074-8EFC-0AC85DC457AF} - C:\WINDOWS\system32\lmgkifpn.dll
O21 - SSODL: 43C7218D - {43C7218D-1CEB-4CD5-8775-2C8BB392FBEA} - C:\WINDOWS\system32\kjcnihod.dll
O21 - SSODL: 4270CE5F - {4270CE5F-10E9-453F-8380-6682A7B63CB2} - C:\WINDOWS\system32\kingcelf.dll
O21 - SSODL: F864345B - {F864345B-607A-48FB-BA70-202F0BED94E5} - C:\WINDOWS\system32\fomkjklb.dll
O21 - SSODL: 7F1744D3 - {7F1744D3-1A4F-428D-B8F2-23B590A9C8D3} - C:\WINDOWS\system32\nfhnkkdj.dll
O21 - SSODL: C4A0B595 - {C4A0B595-FC6E-4253-B1E2-C1CCFD2BBAEF} - C:\WINDOWS\system32\ckagblpl.dll
O21 - SSODL: EE90C9B6 - {EE90C9B6-D166-4CD1-B8FF-1047B5D68FDE} - C:\WINDOWS\system32\eepgcpbm.dll
O21 - SSODL: 42D22944 - {42D22944-B489-4539-8467-E9A5F577F9E7} - C:\WINDOWS\system32\kidiipkk.dll
O21 - SSODL: 6F6C2C9A - {6F6C2C9A-6021-4671-A6F2-27191BBDA579} - C:\WINDOWS\system32\mfmcicpa.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 13310 bytes


同埋而家個startup完住用唔到, 係start up想關機/restart都唔得.

TOP

fanatic

二星fun會員

Rank: 3Rank: 3
5# 發表於 2009-1-27 18:46  只看該作者
剛剛終於都用到f secure的online scan, complete scan左一次加clean左佢掃的野
現附上report, 希望有幫助.

F-Secure Online Scanner 3_3_1 - Scanning Report.txt

http://www.sendspace.com/file/9ke7x4

TOP

kichiYY

版主

Rank: 9Rank: 9Rank: 9
6# 發表於 2009-1-28 14:23  只看該作者
Step: HiJackThis Scan & Fix

    關閉瀏覽器,開啟 HiJackThis ,按 do a system scan only 勾選以下內容:
    O1 - Hosts: 60.173.10.253 www.sznews.com
    O1 - Hosts: 60.173.10.253 www.baidu.com
    O1 - Hosts: 60.173.10.253 www.idoer.org
    O1 - Hosts: 60.173.10.253 baidu.com
    O1 - Hosts: 60.173.10.253 www.lhgz.com.cn
    O1 - Hosts: 60.173.10.253 qq123.d189.5kweb.cn
    O1 - Hosts: 60.173.10.253 www.taxexpert.com.cn
    O1 - Hosts: 60.173.10.253 web.szds.gov.cn
    O1 - Hosts: 60.173.10.253 www.szgs.gov.cn
    O1 - Hosts: 60.173.10.253 www.szds.gov.cn
    O1 - Hosts: 60.173.10.253 www.qz315.cn
    O1 - Hosts: 60.173.10.253 www.315safe.com
    O1 - Hosts: 60.173.10.253 www.315.gov.cn
    O1 - Hosts: 60.173.10.253 www.315wm.com
    O1 - Hosts: 60.173.10.253 www.ca315.com.cn
    O1 - Hosts: 60.173.10.253 www.315ts.net
    O1 - Hosts: 60.173.10.253 szgz.gov.cn
    O1 - Hosts: 60.173.10.253 www.szgz.gov.cn
    O1 - Hosts: 60.173.10.253 wenwen.soso.com
    O1 - Hosts: 60.173.10.253 qbar.qq.com
    O1 - Hosts: 60.173.10.253 imsafe.qq.com
    O1 - Hosts: 60.173.10.253 service.qq.com
    O1 - Hosts: 60.173.10.253 qq.com
    O1 - Hosts: 60.173.10.253 www.qq.com

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: (no name) - {CAB2E13E-848E-4DA0-A97D-53245C25449A} - C:\Program Files\Internet Explorer\UzzzKtzNt.Ozg
    O2 - BHO: (no name) - {CBD9FCD6-0F8C-4596-9B3F-2F6974FFE672} - C:\Program Files\Internet Explorer\RsenRz.R91

    O4 - HKLM\..\Policies\Explorer\Run: [qq] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\343370

    O20 - AppInit_DLLs: npbdiign.dll,ioofcnol.dll,ijhacchp.dll,fomkjklb.dll,kingcelf.dll,kjcnihod.dll,lmgkifpn.dll,ebaknhih.dll,dhmdiilb.dll,jkfdpdkc.dll,anolonii.dll,nfhnkkdj.dll,ckagblpl.dll,eepgcpbm.dll,kidiipkk.dll,mfmcicpa.dll

    O21 - SSODL: F46C687F - {F46C687F-0B22-40E8-A84E-0BD4B9A68249} - (no file)
    O21 - SSODL: 028FFECE - {028FFECE-5979-4F34-A5E3-7FBE587F0ABF} - (no file)
    O21 - SSODL: F311903F - {F311903F-DD9B-466F-AB6F-9F292563B5C9} - (no file)
    O21 - SSODL: A5A34612 - {A5A34612-8B2B-4141-9481-D42F47582C5B} - (no file)
    O21 - SSODL: 38B409AA - {38B409AA-939A-4F9B-8A21-632743620474} - (no file)
    O21 - SSODL: F7F1AC5B - {F7F1AC5B-C67E-4444-B92F-9BCEE1EBF0A5} - (no file)
    O21 - SSODL: A56783DD - {A56783DD-F2D4-47C5-9566-78528CFD338A} - (no file)
    O21 - SSODL: 042852EA - {042852EA-46AA-4BF8-904B-B84440F0132C} - (no file)
    O21 - SSODL: 6FE8AB94 - {6FE8AB94-894A-4ADE-A76E-FE405CFD531E} - (no file)
    O21 - SSODL: 193311A1 - {193311A1-9DD0-4DEA-B368-C142D6E9D937} - (no file)
    O21 - SSODL: 05A4B9D9 - {05A4B9D9-7632-4BF0-8DEF-77EF5CA3E066} - (no file)
    O21 - SSODL: C8368AA1 - {C8368AA1-4308-418B-B1C6-20E16E81C8FC} - (no file)
    O21 - SSODL: E8388316 - {E8388316-153A-4310-AF0E-BD88F37874AA} - (no file)
    O21 - SSODL: CEC5A543 - {CEC5A543-54C7-4A13-B733-CE0329FB9719} - (no file)
    O21 - SSODL: B821A44D - {B821A44D-16B2-40E2-9B00-5BBD7426C5AA} - (no file)
    O21 - SSODL: 20B7BE99 - {20B7BE99-B765-4143-B28F-7B05795E37AF} - (no file)
    O21 - SSODL: 6956518B - {6956518B-C494-44B1-8E71-D3E80C3D510A} - (no file)
    O21 - SSODL: 4F579D4E - {4F579D4E-008D-4EC3-97EB-FF3E45CD1A93} - (no file)
    O21 - SSODL: D8B3117A - {D8B3117A-1AB4-49EA-91FE-171737F9C107} - (no file)
    O21 - SSODL: 32564541 - {32564541-2905-4732-96B5-230308C8AF9E} - (no file)
    O21 - SSODL: 7421A77E - {7421A77E-FE8A-4512-A11B-54D34EBA8568} - (no file)
    O21 - SSODL: 5B1C3DCE - {5B1C3DCE-977A-4864-9633-72A012491D39} - (no file)
    O21 - SSODL: 05013B75 - {05013B75-29A9-464A-B3A0-54A5BB8E297E} - (no file)
    O21 - SSODL: C8B94C06 - {C8B94C06-09D6-4DDF-B31A-81B6725F7DA7} - (no file)
    O21 - SSODL: 48E297B2 - {48E297B2-A5EF-477E-BCF6-F9E620992C65} - (no file)
    O21 - SSODL: 0C87763D - {0C87763D-FE7D-4CBF-88AC-17F8C5385E76} - (no file)
    O21 - SSODL: 79BD2207 - {79BD2207-50B2-4242-AD57-ABCBC1494C2E} - C:\WINDOWS\system32\npbdiign.dll
    O21 - SSODL: FF04478F - {FF04478F-E842-4CE7-8583-B802B395860D} - (no file)
    O21 - SSODL: 1FB81D23 - {1FB81D23-C89A-40A2-9788-4008F1BAFBCF} - (no file)
    O21 - SSODL: 1BD2D38C - {1BD2D38C-B818-4591-97A5-55B24C13D205} - (no file)
    O21 - SSODL: 0E957DCC - {0E957DCC-C945-49E8-81DE-15FF0C3CD9F5} - (no file)
    O21 - SSODL: 6EC7C2E6 - {6EC7C2E6-DB0D-4262-9879-3B32C1B769EB} - (no file)
    O21 - SSODL: CACDF8D9 - {CACDF8D9-2C4C-40F0-8036-0640BA10EF0C} - (no file)
    O21 - SSODL: AC5AE035 - {AC5AE035-2626-416C-B586-412CEA47320E} - (no file)
    O21 - SSODL: 18E26383 - {18E26383-16CF-41EF-A945-6F52185563E3} - (no file)
    O21 - SSODL: 288FC785 - {288FC785-B27F-4604-A7C1-04EDBEA95364} - C:\WINDOWS\system32\ioofcnol.dll
    O21 - SSODL: 231ACC19 - {231ACC19-1D8D-4BB7-A4F9-AEAE7B067641} - C:\WINDOWS\system32\ijhacchp.dll
    O21 - SSODL: A7858722 - {A7858722-C8B6-47A3-A9F4-570FF79BF3BA} - C:\WINDOWS\system32\anolonii.dll
    O21 - SSODL: 34FD9D4C - {34FD9D4C-CD79-44DC-B983-A9C40FF835F6} - C:\WINDOWS\system32\jkfdpdkc.dll
    O21 - SSODL: D16D225B - {D16D225B-BDA9-4A53-A89D-48362E8EBDDC} - C:\WINDOWS\system32\dhmdiilb.dll
    O21 - SSODL: EBA47121 - {EBA47121-2DC1-4940-95BA-7B9971B634AF} - C:\WINDOWS\system32\ebaknhih.dll
    O21 - SSODL: 56042F97 - {56042F97-7B03-4074-8EFC-0AC85DC457AF} - C:\WINDOWS\system32\lmgkifpn.dll
    O21 - SSODL: 43C7218D - {43C7218D-1CEB-4CD5-8775-2C8BB392FBEA} - C:\WINDOWS\system32\kjcnihod.dll
    O21 - SSODL: 4270CE5F - {4270CE5F-10E9-453F-8380-6682A7B63CB2} - C:\WINDOWS\system32\kingcelf.dll
    O21 - SSODL: F864345B - {F864345B-607A-48FB-BA70-202F0BED94E5} - C:\WINDOWS\system32\fomkjklb.dll
    O21 - SSODL: 7F1744D3 - {7F1744D3-1A4F-428D-B8F2-23B590A9C8D3} - C:\WINDOWS\system32\nfhnkkdj.dll
    O21 - SSODL: C4A0B595 - {C4A0B595-FC6E-4253-B1E2-C1CCFD2BBAEF} - C:\WINDOWS\system32\ckagblpl.dll
    O21 - SSODL: EE90C9B6 - {EE90C9B6-D166-4CD1-B8FF-1047B5D68FDE} - C:\WINDOWS\system32\eepgcpbm.dll
    O21 - SSODL: 42D22944 - {42D22944-B489-4539-8467-E9A5F577F9E7} - C:\WINDOWS\system32\kidiipkk.dll
    O21 - SSODL: 6F6C2C9A - {6F6C2C9A-6021-4671-A6F2-27191BBDA579} - C:\WINDOWS\system32\mfmcicpa.dll
    按 fix checked ,關閉 HiJackThis


Step: Download & RUN ComboFix

  • 下載 ComboxFix 至桌面.

    注意: ComboxFix 運作其間不要用滑鼠點擊程式視窗.

    • 執行 ComboxFix 並依提示操作
    • ComboxFix 將會自動完成操作.
    • 執行完會有報告於C:\ComboFix.txt.



Step: Report Back
<ul>
貼上 以下報告
如果報告太長,可以上傳到 這裡

ComboFix 掃描報告 {C:\ComboFix.txt}

TOP

fanatic

二星fun會員

Rank: 3Rank: 3
7# 發表於 2009-1-28 19:46  只看該作者
combo report:
http://www.sendspace.com/file/n1wt65

都仲係有d問題, 例如double click所有folder都開唔到, start up 裡面的icon都係開唔到.

thanks a lot !

TOP

kichiYY

版主

Rank: 9Rank: 9Rank: 9
8# 發表於 2009-1-29 22:48  只看該作者
Step: Download & Install Malwarebytes' Anti-Malware

  • 下載 Malwarebytes' Anti-Malware
  • 執行 mbam-setup.exe ,並安裝 Malwarebytes' Anti-Malware ,選擇英文安裝 .
  • 確定以下兩個選項已選取

    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware

  • Finish
  • 更新完成後
  • 選取 Perform full scan
  • Scan
  • 掃描完成後 ,按 OK, 將會顯示結果.
  • 選取所有項目(如有) , 按 Remove Selected.
  • 完成後 , 將會彈出掃描報告.儲存報告內容到桌面.


Step: Download & Run System Repair Engineer

  • 下載 System Repair Engineer (SREng)

    • 解壓並執行 SREngPS.exe
    • 按 Smart Scan,確認已選取所有項目,按 Scan
    • 最後,按 Save Reports ----> 儲存到桌面, SREngLOG.log



Step: Report Back
<ul>
貼上 以下報告
如果報告太長,可以上傳到 這裡

新System Repair Engineer 掃描報告 {SREngLOG.log}
Malwarebytes' Anti-Malware

TOP

‹‹ 上一主題 | 下一主題 ››
發新話題
最近訪問的版塊