查看完整版本: 中左redirect pop-up網去廣告網既毒, help! (附HijackThis)

TDTID 2013-2-12 12:16 AM

中左redirect pop-up網去廣告網既毒, help! (附HijackThis)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:14:20 AM, on 12/02/2013
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Users\Boey\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Users\Boey\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Users\Boey\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Users\Boey\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Boey\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Boey\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Boey\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Boey\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Boey\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Boey\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Boey\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Boey\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Boey\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Users\Boey\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Boey\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Boey\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Boey\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Boey\Downloads\HijackThis.exe
O2 - BHO: ShowHKToolbar Class - {06433BFE-4946-4E89-823D-CD359C81CD06} - C:\Program Files (x86)\881903\IETOOLBAR\hktbar.dll
O2 - BHO: IE2EMBHO Class - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - C:\Users\Boey\Desktop\EMULE\modules\IE2EM.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files (x86)\881903\IETOOLBAR\hktbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Download and Sa - {B72A7740-99B7-840C-6532-F189049FC413} - C:\ProgramData\Download and Sa\50b7a985ccb9c.ocx
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files (x86)\881903\IETOOLBAR\hktbar.dll
O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [IME14 CHT Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Boey\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Boey\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [chromium] C:\Users\Boey\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'Default user')
O4 - Startup: Dropbox.lnk = Boey\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: SafeConnect.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
O8 - Extra context menu item: Download by easyMule - C:\Users\Boey\Desktop\EMULE\IE2EM.htm
O8 - Extra context menu item: 傳送至 OneNote(&N) - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: 傳送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: 傳送至 OneNote(&N) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote 連結筆記(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote 連結筆記(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

[[i] 本帖最後由 TDTID 於 2013-3-17 02:55 AM 編輯 [/i]]

TDTID 2013-2-12 12:17 AM

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.pps.tv
O15 - Trusted Zone: http://*.ppstream.com
O15 - Trusted Zone: http://*.webscache.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O15 - ESC Trusted Zone: http://*.pps.tv
O15 - ESC Trusted Zone: http://*.ppstream.com
O15 - ESC Trusted Zone: http://*.webscache.com
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - [url]http://messenger.zone.msn.com/MessengerGamesContent/GameContent/zh-Hant/uno1/GAME_UNO1.cab[/url]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab[/url]
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll c:\progra~2\kasper~1\kasper~1.0fo\adialhk.dll c:\progra~2\kasper~1\kasper~1.0fo\kloehk.dll c:\progra~2\mocaflix\sprote~1.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14235 bytes

anlth2010 2013-2-12 10:46 PM

[u][color=red]Step 1 : 開啟 HijackThis 修復項目[/color][/u]

[list][*]開啟 [color=blue]HijackThis[/color],按一下 [color=darkgreen]Do a system scan only[/color][*]在左方的小格,勾選以下項目:
[quote]
O2 - BHO: Download and Sa - {B72A7740-99B7-840C-6532-F189049FC413} - C:\ProgramData\Download and Sa\50b7a985ccb9c.ocx

O20 - AppInit_DLLs: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll c:\progra~2\kasper~1\kasper~1.0fo\adialhk.dll c:\progra~2\kasper~1\kasper~1.0fo\kloehk.dll c:\progra~2\mocaflix\sprote~1.dll
[/quote][*]接一下 [color=darkgreen]Fix checked[/color],然後再按[color=darkgreen]是[/color][*]關閉 [color=blue]HijackThis[/color][/list]
[u][color=red]Step 2 : 重新啟動電腦[/color][/u]

[list][*]重新啟動電腦[*]請進入[color=blue]安全模式[/color][/list]
[u][color=red]Step 3 : 刪除檔案[/color][/u]

[list][*]下載 [url=http://oldtimer.geekstogo.com/OTM.exe]OTM[/url] 至桌面,並執行 [color=blue]OTM[/color][*]複製下列文字,並貼上於 [color=darkgreen]Paste Instructions for Items to be Moved[/color] 之框格內:
[quote]
:files
C:\ProgramData\Download and Sa\50b7a985ccb9c.ocx
c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
c:\progra~2\mocaflix\sprote~1.dll
[/quote][*]按一下 [color=darkgreen]MoveIt![/color],再按 [color=darkgreen]OK[/color],並重新啟動電腦[/list]
[u][color=red]Step 4 : 簡述情況及貼上報告[/color][/u]

[list][*]請簡述一下閣下電腦的狀況[*]請上傳下列報告至 [url=http://www.sendspace.com/]Sendspace[/url]:[/list]
[list=1][*][color=blue]HijackThis[/color][/list]

TDTID 2013-2-12 11:58 PM

問題依然存在, 例如開恆生E-BANKING時會彈出一個POP UP式視窗, 但會立刻被re-direct到一些廣告網頁

[url]http://www.sendspace.com/file/ur1bl8[/url]

HELP & THANKS!

anlth2010 2013-2-14 12:02 AM

[u][color=red]Step 1 : 下載及安裝 Malwarebytes' Anti-Malware[/color][/u]

[list][*]下載 [color=blue]Malwarebytes' Anti-Malware
[/color][url=http://www.malwarebytes.org/mbam-download.php]http://www.malwarebytes.org/mbam-download.php[/url][*]儲存 [color=red]mbam-setup.exe[/color] 至桌面[*]執行 [color=red]mbam-setup.exe[/color] 開始進行安裝,安裝時請選擇 [color=darkgreen]English[/color] 作為安裝語言[*]按 [color=darkgreen]Next[/color],勾選 [color=darkgreen]I accept the agreement[/color] 後再按 [color=darkgreen]Next[/color][*]然後全部都按 [color=darkgreen]Next[/color],不需要更改任何設定[*]按 [color=darkgreen]Install[/color] 後等候安裝[*]按 [color=darkgreen]Finish[/color] 完成安裝,並進行更新[/list]
[u][color=red]Step 2 : 使用 Malwarebytes' Anti-Malware[/color][/u]

[list][*]勾選 [color=darkgreen]Perform full scan[/color],然後按 [color=darkgreen]Scan[/color][*]再按 [color=darkgreen]Scan[/color],進行掃瞄[*]等待掃瞄完成,按 [color=darkgreen]Show Results[/color],再按 [color=darkgreen]Remove Selected[/color] 進行清理[*]完成清理後會彈出掃描紀錄,請儲存掃描紀錄至桌面[*]關閉 [color=blue]Malwarebytes' Anti-Malware[/color][/list]
[u][color=red]Step 3 : 簡述情況及貼上報告[/color][/u]

[list][*]請簡述一下閣下電腦的狀況[*]請上傳下列報告至 [url=http://www.sendspace.com/]Sendspace[/url]:[/list]
[list=1][*][color=blue]HijackThis[/color][*][color=blue]Malwarebytes' Anti-Malware[/color][/list]

TDTID 2013-2-14 02:36 AM

Malwarebytes' Anti-Malware並沒有detect到任何問題啊...help!

[url]http://www.sendspace.com/file/t944e7[/url]
[url]http://www.sendspace.com/file/lfprv8[/url]

helphelphelp TT thanks

anlth2010 2013-2-15 01:10 AM

[u][color=red]Step 1 : 下載及執行 SREng[/color][/u]

[list][*]下載 [url=http://www.kztechs.com/sreng/download.html]SREng[/url] 至桌面,並解壓縮檔案[*]執行 [color=blue]SREng[/color],並按一下[color=darkgreen]智慧掃瞄[/color][*]按一下[color=darkgreen]掃瞄[/color],[color=blue]SREng[/color] 會進行掃瞄,請耐心等待[*]按[color=darkgreen]保存報告[/color],並儲存它[/list]
[u][color=red]Step 2 : 簡述情況及貼上報告[/color][/u]

[list][*]請簡述一下閣下電腦的狀況[*]請上傳下列報告至 [url=http://www.sendspace.com/]Sendspace[/url]:[/list]
[list=1][*][color=blue]HijackThis[/color][*][color=blue]SREng[/color][/list]

TDTID 2013-2-16 02:06 AM

[url]http://www.sendspace.com/filegroup/KXBITjTPtUhHuHI1GiHLpA[/url]

thanks!

anlth2010 2013-2-16 02:47 AM

去看看 [color=red]C:\Program Files\[color=blue]browse???[/color]\22643~1.41[/color],裡面有一個 [color=blue]{16cdf[/color] 字頭的資料夾,請告訴該資料夾的全名。

TDTID 2013-2-16 09:51 PM

我找不到"browse???\22643~1.41"的位置..., 只去到這: C:\Program Files\

anlth2010 2013-2-17 01:07 AM

[quote]原帖由 [i]TDTID[/i] 於 2013-2-16 09:51 PM 發表 [url=http://computer.discuss.com.hk/redirect.php?goto=findpost&pid=353947010&ptid=21496456][img]http://computer.discuss.com.hk/images/common/back.gif[/img][/url]
我找不到"browse???\22643~1.41"的位置..., 只去到這: C:\Program Files\ [/quote]OK,請再貼上新的 HijackThis 紀錄。

TDTID 2013-2-17 03:32 AM

[url]http://www.sendspace.com/file/nybxut[/url]

thanks

anlth2010 2013-2-19 12:20 AM

先 Update Malwarebytes' Anti-Malware 的病毒資料庫再掃瞄。

[u][color=red]Step 1 : 使用 Malwarebytes' Anti-Malware[/color][/u]

[list][*]先 Update 病毒資料庫[*]勾選 [color=darkgreen]Perform full scan[/color],然後按 [color=darkgreen]Scan[/color][*]再按 [color=darkgreen]Scan[/color],進行掃瞄[*]等待掃瞄完成,按 [color=darkgreen]Show Results[/color],再按 [color=darkgreen]Remove Selected[/color] 進行清理[*]完成清理後會彈出掃描紀錄,請儲存掃描紀錄至桌面[*]關閉 [color=blue]Malwarebytes' Anti-Malware[/color][/list]
[u][color=red]Step 2 : 簡述情況及貼上報告[/color][/u]

[list][*]請簡述一下閣下電腦的狀況[*]請上傳下列報告至 [url=http://www.sendspace.com/]Sendspace[/url]:[/list]
[list=1][*][color=blue]HijackThis[/color][*][color=blue]Malwarebytes' Anti-Malware[/color][/list]

samtch 2013-2-19 05:12 PM

我都中左招

掃描類型: 完全掃描 (C:\|D:\|F:\|I:\|J:\|K:\|)
啟用掃描選項: 記憶體 | 啟動 | 登錄檔 | 檔案系統 | 啟發式/額外 | 啟發式/Shuriken 引擎 | PUP | PUM
停用掃描選項: P2P
被掃描物件數量: 672235
總共掃描時間: 1 小時, 10 分鐘, 23 秒

被檢測到記憶體進程數量: 0
(沒有檢測到有害項目)

被檢測到記憶體模組數量: 0
(沒有檢測到有害項目)

被檢測到登錄檔項目數量: 41
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> 沒有採取任何行動
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> 沒有採取任何行動
HKCR\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> 沒有採取任何行動
HKCR\TypeLib\{F9BC0421-BB5C-447D-8547-BB45AFA80A4D} (PUP.Funshion) -> 沒有採取任何行動
HKCR\Interface\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58} (PUP.Funshion) -> 沒有採取任何行動
HKCR\CLSID\{42F2EC31-4F11-2BF0-2C06-390FD30D7304} (PUP.Funshion) -> 沒有採取任何行動
HKCR\42F2EC31-4F11-2BF0-2C06-390FD30D7304.Addr.1 (PUP.Funshion) -> 沒有採取任何行動
HKCR\42F2EC31-4F11-2BF0-2C06-390FD30D7304.Addr (PUP.Funshion) -> 沒有採取任何行動
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42F2EC31-4F11-2BF0-2C06-390FD30D7304} (PUP.Funshion) -> 沒有採取任何行動
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42F2EC31-4F11-2BF0-2C06-390FD30D7304} (PUP.Funshion) -> 沒有採取任何行動
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2EC31-4F11-2BF0-2C06-390FD30D7304} (PUP.Funshion) -> 沒有採取任何行動
HKCR\AddressSearch.JsObject.1 (PUP.Funshion) -> 沒有採取任何行動
HKCR\AddressSearch.JsObject (PUP.Funshion) -> 沒有採取任何行動
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> 沒有採取任何行動
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> 沒有採取任何行動
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> 沒有採取任何行動
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> 沒有採取任何行動
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> 沒有採取任何行動
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> 沒有採取任何行動
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> 沒有採取任何行動
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> 沒有採取任何行動
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> 沒有採取任何行動
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> 沒有採取任何行動
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> 沒有採取任何行動
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> 沒有採取任何行動
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> 沒有採取任何行動
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> 沒有採取任何行動
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> 沒有採取任何行動
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> 沒有採取任何行動
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> 沒有採取任何行動
HKCR\TypeLib\{D02E3AB9-7796-40CB-BDFC-20D834FE1F75} (PUP.Funshion) -> 沒有採取任何行動
HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> 沒有採取任何行動
HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> 沒有採取任何行動
HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> 沒有採取任何行動
HKCR\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (PUP.Funshion) -> 沒有採取任何行動
HKCR\AddressSearch.SnavHttpProtocol.1 (PUP.Funshion) -> 沒有採取任何行動
HKCR\AddressSearch.SnavHttpProtocol (PUP.Funshion) -> 沒有採取任何行動
HKCR\thunder (Trojan.Agent) -> 沒有採取任何行動
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\UUSEE_BASE (PUP.ChinAd) -> 沒有採取任何行動
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> 沒有採取任何行動
HKLM\SYSTEM\CurrentControlSet\Services\sina_live_deamon (PUP.ChinAd) -> 沒有採取任何行動

被檢測到登錄檔值數量: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> 數據: ;愨z?XA?闣?蟋Redir -> 沒有採取任何行動
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> 數據: VShareTB -> 沒有採取任何行動
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> 數據:  -> 沒有採取任何行動
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> 數據:  -> 沒有採取任何行動
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UUSEE_base|URLInfoAbout (PUP.ChinAd) -> 數據: [url]http://www.uusee.com[/url] -> 沒有採取任何行動

被檢測到登錄檔資料項目數量: 0
(沒有檢測到有害項目)

被檢測到資料夾數量: 4
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> 沒有採取任何行動
C:\ProgramData\UUSee (PUP.ChinAd) -> 沒有採取任何行動
C:\ProgramData\UUSee\Pic (PUP.ChinAd) -> 沒有採取任何行動
C:\ProgramData\UUSee\update (PUP.ChinAd) -> 沒有採取任何行動

被檢測到檔案數量: 7
C:\Program Files (x86)\QvodPlayer\AddIn\{42F2EC31-4F11-2BF0-2C06-390FD30D7304}\QvodAddr.dll (PUP.Funshion) -> 沒有採取任何行動
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> 沒有採取任何行動
C:\Program Files (x86)\QvodPlayer\AddIn\{42F2EC31-4F11-2BF0-2C06-390FD30D7304}\ASBarBroker.exe (PUP.Funshion) -> 沒有採取任何行動
F:\desktop\cHANGEIP\無界瀏覽\u1017.exe (PUP.HackTool.Proxy) -> 沒有採取任何行動
F:\Downloads\PowerDVD 12 Ultra v12.0.1312.54 PreActivated ADHDerby.exe.exe (PUP.Offerware) -> 沒有採取任何行動
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> 沒有採取任何行動
C:\ProgramData\UUSee\data.xml (PUP.ChinAd) -> 沒有採取任何行動

﹝結束﹞

anlth2010 2013-2-19 11:18 PM

進行清理後情況如何?

TDTID 2013-2-20 11:58 AM

情況無變, 佢又係咩都detect唔到...

[url]http://www.sendspace.com/filegroup/8Gh7wOPpansbA3qZmi%2Fx5g[/url]

help TT

anlth2010 2013-2-22 12:03 AM

[u][color=red]Step 1 : 下載及執行 SystemLook[/color][/u]

[list][*]下載 [url=http://jpshortstuff.247fixes.com/SystemLook.exe][color=#000000]SystemLook[/color][/url] 至桌面,並執行 [color=blue]SystemLook[/color][*]於視窗內貼上以下內容,然後按 [color=darkgreen]Look[/color]
[quote]
:regfind
sprote~1.dll
browse~1.dll
mocaflix
[/quote][*]然後會彈出 [color=blue]SystemLook[/color] 報告,把它儲存[/list]
[u][color=red]Step 2 : 簡述情況及貼上報告[/color][/u]

[list][*]請簡述一下閣下電腦的狀況[*]請上傳下列報告至 [url=http://www.sendspace.com/]Sendspace[/url]:[/list]
[list=1][*][color=blue]HijackThis[/color][*][color=blue]SystemLook[/color][/list]

TDTID 2013-2-23 12:30 AM

情況依舊
[url]http://www.sendspace.com/filegroup/aqE0R4cGjqj6WHOiEuO0dw[/url]

Thanks!

anlth2010 2013-2-23 09:56 PM

[u][color=red]Step 1 : 刪除檔案[/color][/u]

[list][*]下載 [url=http://oldtimer.geekstogo.com/OTM.exe]OTM[/url] 至桌面,並執行 [color=blue]OTM[/color][*]複製下列文字,並貼上於 [color=darkgreen]Paste Instructions for Items to be Moved[/color] 之框格內:
[quote]
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~2\kasper~1\kasper~1.0fo\adialhk.dll c:\progra~2\kasper~1\kasper~1.0fo\kloehk.dll"

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mocaflix.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Start Page"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_8e4eb48d]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~2\kasper~1\kasper~1.0fo\adialhk.dll c:\progra~2\kasper~1\kasper~1.0fo\kloehk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SP Global]
"0e20a748"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\SProtector\_8e4eb48d]
[-HKEY_USERS\S-1-5-21-3895895576-4114955646-3660757218-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mocaflix.com]
[HKEY_USERS\S-1-5-21-3895895576-4114955646-3660757218-1001\Software\Microsoft\Internet Explorer\Main]
"Start Page"=-
[-HKEY_USERS\S-1-5-21-3895895576-4114955646-3660757218-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}]

:files
c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
c:\progra~2\mocaflix\sprote~1.dll
[/quote][*]按一下 [color=darkgreen]MoveIt![/color],再按 [color=darkgreen]OK[/color],並重新啟動電腦[/list]
[u][color=red]Step 2 : 簡述情況[/color][/u]

[list][*]請簡述一下閣下電腦的狀況[/list]

TDTID 2013-2-25 10:49 AM

情況依舊...
一開彈出式網頁 (e.g. hang seng ebanking)就會被redirect到:[url]http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=800x440&section=3974998&pub_url=&_rffr=px.pluginh[/url]

anlth2010 2013-2-25 11:22 PM

[u][color=red]Step 1 : 使用 Malwarebytes' Anti-Malware[/color][/u]

[list][*]勾選 [color=darkgreen]Perform full scan[/color],然後按 [color=darkgreen]Scan[/color][*]再按 [color=darkgreen]Scan[/color],進行掃瞄[*]等待掃瞄完成,按 [color=darkgreen]Show Results[/color],再按 [color=darkgreen]Remove Selected[/color] 進行清理[*]完成清理後會彈出掃描紀錄,請儲存掃描紀錄至桌面[*]關閉 [color=blue]Malwarebytes' Anti-Malware[/color][/list]
[u][color=red]Step 2 : 簡述情況及貼上報告[/color][/u]

[list][*]請簡述一下閣下電腦的狀況[*]請上傳下列報告至 [url=http://www.sendspace.com/]Sendspace[/url]:[/list]
[list=1][*][color=blue]HijackThis[/color][*][color=blue]ComboFix[/color][/list]

TDTID 2013-2-26 11:24 PM

Malwarebytes' Anti-Malware detect不到任何threats
甚麼是combofix?

anlth2010 2013-2-27 03:57 PM

打錯了 ComboFix,可以不用理會。

[u][color=red]Step 1 : 下載及安裝 360 安全衛士[/color][/u]

[list][*]下載及安裝 [color=blue]360 安全衛士[/color][*]使用 [color=blue]360 安全衛士[/color] 掃瞄電腦[*][color=blue]360 安全衛士[/color] 使用教學:[url=http://computer.discuss.com.hk/viewthread.php?tid=944141]http://computer.discuss.com.hk/viewthread.php?tid=944141[/url][/list]

TDTID 2013-3-1 03:33 PM

都是沒用....是不是沒救了? TT

anlth2010 2013-3-3 11:00 PM

請貼上新的 HijackThis 紀錄。

TDTID 2013-3-4 12:20 AM

http://www.sendspace.com/file/rp0d5o

TDTID 2013-3-4 12:21 AM

[url]http://www.sendspace.com/file/rp0d5o[/url]
謝謝!

anlth2010 2013-3-5 11:24 PM

[u][color=red]Step 1 : 下載及執行 SystemLook[/color][/u]

[list][*]下載 [url=http://jpshortstuff.247fixes.com/SystemLook.exe][color=#000000]SystemLook[/color][/url] 至桌面,並執行 [color=blue]SystemLook[/color][*]於視窗內貼上以下內容,然後按 [color=darkgreen]Look[/color]
[quote]
:regfind
BB74DE59-BC4C-4172-9AC4-73315F71CFFE[/quote][*]然後會彈出 [color=blue]SystemLook[/color] 報告,把它儲存[/list]
[u][color=red]Step 2 : 簡述情況及貼上報告[/color][/u]

[list][*]請簡述一下閣下電腦的狀況[*]請上傳下列報告至 [url=http://www.sendspace.com/]Sendspace[/url]:[/list]
[list=1][*][color=blue]HijackThis[/color][*][color=blue]SystemLook[/color][/list]

TDTID 2013-3-6 04:58 PM

same situation
[url]http://www.sendspace.com/filegroup/7DJv5X4BSki7uclsVMWyiw[/url]
thanks!

anlth2010 2013-3-7 11:48 PM

紀錄顯示正常。

[u][color=red]Step 1 : 下載及執行 ATF-Cleaner[/color][/u]

[list][*]下載 [url=http://www.atribune.org/ccount/click.php?id=1]ATF-Cleaner[/url] 至桌面,並執行 [color=blue]ATF-Cleaner[/color][*]勾選 [color=darkgreen]Select All[/color],後按 [color=darkgreen]Empty Selected[/color] 進行清理[*]最後關閉 [color=blue]ATF-Cleaner[/color][/list]
頁: [1] 2
查看完整版本: 中左redirect pop-up網去廣告網既毒, help! (附HijackThis)