Help!!! 防毒软件开唔到!!!
时间:2014-03-09
来源:互联网
Please help
I can't type chinese since the toolbar is disappeared and all the antivirus and antimalware are not working. I try to copy and paste others article below this since I can't type chinese.
1. Cannot download Combofix.
2. Cannot open Avast.
3. I tried SAS in safe mode. When i click quick scan, I saw many threats at once but then the software closed accidentally. Then when i try to open again. It shows SAS is not a correct Win32 Programme.
4. I tried OTL and the log files are attached in the post. Thank you.
好多防毒软件都开唔到,系统还原都系找不到
好多防毒软件都download唔到
Hijack download左又install唔到,话找不到
:029: :029:
希望有人可以帮到我,万分感谢!
Extras.Txt (81.11 KB)
OTL.Txt (111.39 KB)
[ 本帖最后由 kennythk 於 2014-2-24 01:11 PM 编辑 ]
I can't type chinese since the toolbar is disappeared and all the antivirus and antimalware are not working. I try to copy and paste others article below this since I can't type chinese.1. Cannot download Combofix.
2. Cannot open Avast.
3. I tried SAS in safe mode. When i click quick scan, I saw many threats at once but then the software closed accidentally. Then when i try to open again. It shows SAS is not a correct Win32 Programme.
4. I tried OTL and the log files are attached in the post. Thank you.
好多防毒软件都开唔到,系统还原都系找不到
好多防毒软件都download唔到
Hijack download左又install唔到,话找不到
:029: :029:希望有人可以帮到我,万分感谢!
Extras.Txt (81.11 KB) OTL.Txt (111.39 KB)[ 本帖最后由 kennythk 於 2014-2-24 01:11 PM 编辑 ]
作者: kennythk 发布时间: 2014-03-09
引用:原帖由 kennythk 於 2014-2-22 05:16 AM 发表
Please help I can't type chinese since the toolbar is disappeared and all the antivirus and antimalware are not working. I try to copy and paste others article below this since I can't typ ...
唔好再尝试安装防毒软件;中毒后去安装防毒软件删毒'於事无补',祗会令问题更恶化,随时冲击系统资源令系统瘫痪(开唔到机)! Please help
I can't type chinese since the toolbar is disappeared and all the antivirus and antimalware are not working. I try to copy and paste others article below this since I can't typ ...
作者: SILVESTERABEND 发布时间: 2014-03-09
开机按F8入安全模式执行OTL run fix。
双按OTL.exe > 将下列档案copy & paste 到Custom Scans/Fixes框架内 > 按左上角[Run Fix];执行fix前要关闭浏览器。
成功fixed (删除)会有通知(Fix complete! Click OK to open the fix log.) >按OK > 重启电脑。
请将OTL fix log贴上。
双按OTL.exe > 将下列档案copy & paste 到Custom Scans/Fixes框架内 > 按左上角[Run Fix];执行fix前要关闭浏览器。
成功fixed (删除)会有通知(Fix complete! Click OK to open the fix log.) >按OK > 重启电脑。
请将OTL fix log贴上。
引用:
:OTL
PRC - [2014/02/22 00:00:42 | 000,180,736 | RHS- | M] (Eidos Inc.) -- C:\ProgramData\load32.exe
PRC - [2007/01/05 10:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
SRV - [2007/01/05 10:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
IE - HKLM\..\SearchScopes,DefaultScope = {6C43B49E-649A-42B9-BC35-7B169315EADF}
IE - HKLM\..\SearchScopes\{6C43B49E-649A-42B9-BC35-7B169315EADF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{1FF7973D-AB0A-496d-82C1-4EADBBA11E7B}: "URL" = http://www.soso.com/q?sc=web&cid=th.ub&w={searchTerms}&cin=MgQXmKbLW4mAbjpq!tgHKS401gc60g00&lr=&ie={inputEncoding}&unc=y400372_2
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={501DA8BF-7B49-40AF-9DFE-904372B9D81C}&mid=a30507c02e1b4835802a292179bcffe5-8edc2c602187061dec7216fe0c4a837b9cebcbfc&lang=en&ds=fp011&pr=sa&d=2013-12-01 20:49:57&v=17.1.3.1&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
O2 - BHO: (ShowHKToolbar Class) - {06433BFE-4946-4E89-823D-CD359C81CD06} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (Hong Kong Commercial Broadcasting Co. Ltd.)
O2 - BHO: (Hong Kong Toolbar) - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (Hong Kong Commercial Broadcasting Co. Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (PPStream Video Acc Helper) - {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} - D:\PPS.tv\PPStream\plugins\IEHelper.dll (PPStream Inc.)
O3 - HKLM\..\Toolbar: (Hong Kong Toolbar) - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (Hong Kong Commercial Broadcasting Co. Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Hong Kong Toolbar) - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (Hong Kong Commercial Broadcasting Co. Ltd.)
O4 - HKLM..\Run: [NT Kernel Service] C:\ProgramData\load32.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows" File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Extraram] C:\Program Files\Extra RAM\ExtraRAM.exe ()
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe ()
O4 - HKCU..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (PPStream Inc.)
O4 - Startup: C:\Users\Lenovo's User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk = File not found
O4 - Startup: C:\Users\Lenovo's User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url ()
F3 - HKCU WinNT: Load - (C:\Users\LENOVO~1\AppData\Local\Temp\yvsgchnqvtr.exe) - C:\Users\LENOVO~1\AppData\Local\Temp\yvsgchnqvtr.exe ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{059E76AD-FDD1-4139-8BD9-5F3C711F7DBB}: DhcpNameServer = 172.20.93.2 172.20.93.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C67D439-ABF0-4412-916B-62E45E79FBA8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7425047F-21DE-4FEB-98D1-C55EF3AAAA57}: NameServer = 192.168.64.101 192.168.64.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA2D6D3C-759C-4BDF-AB25-70AF54D43829}: DhcpNameServer = 192.168.8.1
:Files
C:\Windows\PIF
C:\NTKernel
C:\ProgramData\NTKernel
C:\ProgramData\xQ4e5dFM40
C:\Users\Lenovo's User\AppData\Roaming\PPSProtect
C:\Users\Lenovo's User\Documents\315load32.exe
C:\Users\Lenovo's User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url
C:\ProgramData\load32.exe
C:\Windows\tasks\PPSProtect.job
C:\Windows\tasks\SystemToolsDailyTest.job
C:\Windows\tasks\AVG-Secure-Search-Update_0214b_rmv.job
C:\Windows\tasks\AVG-Secure-Search-Update_0214b_rel.job
C:\Users\Lenovo's User\Desktop\20131201Xie.rar
C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
C:\Windows\tasks\AVG-Secure-Search-Update_0214b_rmv.job
C:\Windows\tasks\AVG-Secure-Search-Update_0214b_rel.job
ipconfig /flushdns /c
:Commands
[PURITY]
[EMPTYTEMP]
[reboot]
:OTL
PRC - [2014/02/22 00:00:42 | 000,180,736 | RHS- | M] (Eidos Inc.) -- C:\ProgramData\load32.exe
PRC - [2007/01/05 10:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
SRV - [2007/01/05 10:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
IE - HKLM\..\SearchScopes,DefaultScope = {6C43B49E-649A-42B9-BC35-7B169315EADF}
IE - HKLM\..\SearchScopes\{6C43B49E-649A-42B9-BC35-7B169315EADF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{1FF7973D-AB0A-496d-82C1-4EADBBA11E7B}: "URL" = http://www.soso.com/q?sc=web&cid=th.ub&w={searchTerms}&cin=MgQXmKbLW4mAbjpq!tgHKS401gc60g00&lr=&ie={inputEncoding}&unc=y400372_2
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={501DA8BF-7B49-40AF-9DFE-904372B9D81C}&mid=a30507c02e1b4835802a292179bcffe5-8edc2c602187061dec7216fe0c4a837b9cebcbfc&lang=en&ds=fp011&pr=sa&d=2013-12-01 20:49:57&v=17.1.3.1&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
O2 - BHO: (ShowHKToolbar Class) - {06433BFE-4946-4E89-823D-CD359C81CD06} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (Hong Kong Commercial Broadcasting Co. Ltd.)
O2 - BHO: (Hong Kong Toolbar) - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (Hong Kong Commercial Broadcasting Co. Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (PPStream Video Acc Helper) - {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} - D:\PPS.tv\PPStream\plugins\IEHelper.dll (PPStream Inc.)
O3 - HKLM\..\Toolbar: (Hong Kong Toolbar) - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (Hong Kong Commercial Broadcasting Co. Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Hong Kong Toolbar) - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (Hong Kong Commercial Broadcasting Co. Ltd.)
O4 - HKLM..\Run: [NT Kernel Service] C:\ProgramData\load32.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows" File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Extraram] C:\Program Files\Extra RAM\ExtraRAM.exe ()
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe ()
O4 - HKCU..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (PPStream Inc.)
O4 - Startup: C:\Users\Lenovo's User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk = File not found
O4 - Startup: C:\Users\Lenovo's User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url ()
F3 - HKCU WinNT: Load - (C:\Users\LENOVO~1\AppData\Local\Temp\yvsgchnqvtr.exe) - C:\Users\LENOVO~1\AppData\Local\Temp\yvsgchnqvtr.exe ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{059E76AD-FDD1-4139-8BD9-5F3C711F7DBB}: DhcpNameServer = 172.20.93.2 172.20.93.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C67D439-ABF0-4412-916B-62E45E79FBA8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7425047F-21DE-4FEB-98D1-C55EF3AAAA57}: NameServer = 192.168.64.101 192.168.64.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA2D6D3C-759C-4BDF-AB25-70AF54D43829}: DhcpNameServer = 192.168.8.1
:Files
C:\Windows\PIF
C:\NTKernel
C:\ProgramData\NTKernel
C:\ProgramData\xQ4e5dFM40
C:\Users\Lenovo's User\AppData\Roaming\PPSProtect
C:\Users\Lenovo's User\Documents\315load32.exe
C:\Users\Lenovo's User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url
C:\ProgramData\load32.exe
C:\Windows\tasks\PPSProtect.job
C:\Windows\tasks\SystemToolsDailyTest.job
C:\Windows\tasks\AVG-Secure-Search-Update_0214b_rmv.job
C:\Windows\tasks\AVG-Secure-Search-Update_0214b_rel.job
C:\Users\Lenovo's User\Desktop\20131201Xie.rar
C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
C:\Windows\tasks\AVG-Secure-Search-Update_0214b_rmv.job
C:\Windows\tasks\AVG-Secure-Search-Update_0214b_rel.job
ipconfig /flushdns /c
:Commands
[PURITY]
[EMPTYTEMP]
[reboot]
作者: SILVESTERABEND 发布时间: 2014-03-09
继续再做多1次OTL run fix:
双按OTL.exe > 将下列档案copy & paste 到Custom Scans/Fixes框架内 > 按左上角[Run Fix];执行fix前要关闭浏览器。
成功fixed (删除)会有通知(Fix complete! Click OK to open the fix log.) >按OK > 重启电脑。
[ 本帖最后由 SILVESTERABEND 於 2014-2-22 10:49 AM 编辑 ]
双按OTL.exe > 将下列档案copy & paste 到Custom Scans/Fixes框架内 > 按左上角[Run Fix];执行fix前要关闭浏览器。
成功fixed (删除)会有通知(Fix complete! Click OK to open the fix log.) >按OK > 重启电脑。
引用::OTL
O20 - HKCU Winlogon: Shell - ("C:\ProgramData\load32.exe") - C:\ProgramData\load32.exe (Eidos Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\AvastSvc.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\AvastUI.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\avcenter.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\avconfig.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\avgcsrvx.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\avgidsagent.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\avgnt.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\avgrsx.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\avguard.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\avgui.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\avgwdsvc.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\avp.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\avscan.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\bdagent.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\BTHSSecurityMgr.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\ccuac.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\ComboFix.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\egui.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\hijackthis.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\instup.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\keyscrambler.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\mbam.exe: Debugger - hwxt.exe File not found
O27 - HKLM IFEO\mbamgui.exe: Debugger - bpvt.exe File not found
O27 - HKLM IFEO\mbampt.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\mbamscheduler.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\mbamservice.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\MSASCui.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\MsMpEng.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\msseces.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\rstrui.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\sas_enum_cookies.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\spybotsd.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\SUPERAntiSpyware.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\ToolbarUpdater.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\wireshark.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\zlclient.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
:Commands
[PURITY]
[EMPTYTEMP]
[reboot]
请做新1份OTL.txt扫瞄报告贴上。O20 - HKCU Winlogon: Shell - ("C:\ProgramData\load32.exe") - C:\ProgramData\load32.exe (Eidos Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\AvastSvc.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\AvastUI.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\avcenter.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\avconfig.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\avgcsrvx.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\avgidsagent.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\avgnt.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\avgrsx.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\avguard.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\avgui.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\avgwdsvc.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\avp.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\avscan.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\bdagent.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\BTHSSecurityMgr.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\ccuac.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\ComboFix.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\egui.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\hijackthis.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\instup.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\keyscrambler.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\mbam.exe: Debugger - hwxt.exe File not found
O27 - HKLM IFEO\mbamgui.exe: Debugger - bpvt.exe File not found
O27 - HKLM IFEO\mbampt.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\mbamscheduler.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\mbamservice.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\MSASCui.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\MsMpEng.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\msseces.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\rstrui.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\sas_enum_cookies.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\spybotsd.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\SUPERAntiSpyware.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\ToolbarUpdater.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\wireshark.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
O27 - HKLM IFEO\zlclient.exe: Debugger - C:\Users\Lenovo's User\Documents\315load32.exe ()
:Commands
[PURITY]
[EMPTYTEMP]
[reboot]
[ 本帖最后由 SILVESTERABEND 於 2014-2-22 10:49 AM 编辑 ]
作者: SILVESTERABEND 发布时间: 2014-03-09
引用:原帖由 SILVESTERABEND 於 2014-2-22 10:43 AM 发表
开机按F8入安全模式执行OTL run fix。
双按OTL.exe > 将下列档案copy & paste 到Custom Scans/Fixes框架内 > 按左上角[Run Fix];执行fix前要关闭浏览器。
成功fixed (删除)会有通知(Fix complete! Click OK to o ...
I have tried this. But after reboot. I can't open otl again. It said i dun have permission.开机按F8入安全模式执行OTL run fix。
双按OTL.exe > 将下列档案copy & paste 到Custom Scans/Fixes框架内 > 按左上角[Run Fix];执行fix前要关闭浏览器。
成功fixed (删除)会有通知(Fix complete! Click OK to o ...
afterotlreboot.png (203.03 KB)
2014-2-22 03:04 PM
作者: kennythk 发布时间: 2014-03-09
o i found this log file
02222014_145107.log (19.41 KB)
02222014_145107.log (19.41 KB) 作者: kennythk 发布时间: 2014-03-09
this is the log file after the second fix.
02222014_151052.log (19.11 KB)
02222014_151052.log (19.11 KB) 作者: kennythk 发布时间: 2014-03-09
右按OTL以管理员身份执行扫瞄就可以。
作者: SILVESTERABEND 发布时间: 2014-03-09
楼主试执行以下程式扫毒:
1. 下载/执行Junkware Removal Tool扫毒。执行扫毒前请关闭所有浏览器同程式。
(JRT会自动删除附於浏览器的恶意程式/档案/登录档)
2. 下载/执行 AdwCleaner (Xplode) 扫毒。(先按Scan扫瞄,扫到毒按[Clean] 删除)
(执行AdwCleaner关闭所有浏览器/程式)
3. 关闭所有防毒软件(包括Windows Defender),下载ComboFix至桌面 ,执行 ComboFix 扫毒。
扫瞄时不要执行其他程式或点击 ComboFix视窗。
完成扫瞄后,ComboFix 报告会自动弹出。
请贴上以下报告:
a. JRT扫毒报告。
b. AdwCleaner删毒报告。
c. ComboFix扫毒报告。
d. 新1份OTL.txt扫瞄报告。
1. 下载/执行Junkware Removal Tool扫毒。执行扫毒前请关闭所有浏览器同程式。
(JRT会自动删除附於浏览器的恶意程式/档案/登录档)
2. 下载/执行 AdwCleaner (Xplode) 扫毒。(先按Scan扫瞄,扫到毒按[Clean] 删除)
(执行AdwCleaner关闭所有浏览器/程式)
3. 关闭所有防毒软件(包括Windows Defender),下载ComboFix至桌面 ,执行 ComboFix 扫毒。
扫瞄时不要执行其他程式或点击 ComboFix视窗。
完成扫瞄后,ComboFix 报告会自动弹出。
请贴上以下报告:
a. JRT扫毒报告。
b. AdwCleaner删毒报告。
c. ComboFix扫毒报告。
d. 新1份OTL.txt扫瞄报告。
作者: SILVESTERABEND 发布时间: 2014-03-09
i am doing the combofix part...thanks..
But actually how can i find the languange input toolbar? coz i can't type chinese at this moment
JRT.txt (4.97 KB)
AdwCleaner[S0].txt (3.2 KB)
But actually how can i find the languange input toolbar? coz i can't type chinese at this moment
JRT.txt (4.97 KB) AdwCleaner[S0].txt (3.2 KB) 作者: kennythk 发布时间: 2014-03-09
ComboFix.txt (17.48 KB) 作者: kennythk 发布时间: 2014-03-09
引用:原帖由 kennythk 於 2014-2-22 04:05 PM 发表
i am doing the combofix part...thanks..
But actually how can i find the languange input toolbar? coz i can't type chinese at this moment
9465779
9465780
1. 去控制台 > 时钟、语言和区域 > 地区及语言 > 键盘及语言 > 按[变更键盘] > 设定中文输入法.....i am doing the combofix part...thanks..
But actually how can i find the languange input toolbar? coz i can't type chinese at this moment
9465779
9465780
2. 在「文字服务和输入语言」 > 语言列 > 勾选「固定在工作列」> 按[确定]。
作者: SILVESTERABEND 发布时间: 2014-03-09
引用:原帖由 kennythk 於 2014-2-22 04:28 PM 发表
9465842
现在开唔开到Avast ? 9465842
作者: SILVESTERABEND 发布时间: 2014-03-09
OTL.Txt (90.81 KB) 作者: kennythk 发布时间: 2014-03-09
I have already made this 1. 去控制台 > 时钟、语言和区域 > 地区及语言 > 键盘及语言 > 按[变更键盘] > 设定中文输入法.....
2. 在「文字服务和输入语言」 > 语言列 > 勾选「固定在工作列」> 按[确定]。
But the toolbar is still missing...
2. 在「文字服务和输入语言」 > 语言列 > 勾选「固定在工作列」> 按[确定]。
But the toolbar is still missing...
作者: kennythk 发布时间: 2014-03-09
still cannot open avast...
avast startmenu.png (368.36 KB)
2014-2-22 04:53 PM
2014-2-22 04:53 PM
2014-2-22 04:53 PM
作者: kennythk 发布时间: 2014-03-09
引用:原帖由 kennythk 於 2014-2-22 04:38 PM 发表
9465858
1. 开始 > 输入 services.msc > 按Enter。9465858
重新启动Avast/SAS。
双按Avast / SUPERAntispyware所有服务 > 按「自动」> 按「确定」。
2. 如果在上述服务栏仍然开唔到,唯有移除Avast/SAS再重装。
3. 建议移除Firefox (不要保留萧设定) > 重启电脑 > 重新安装Firefox。
作者: SILVESTERABEND 发布时间: 2014-03-09
i cannot open the avast folder...are there any other method to uninstall the programme?
作者: kennythk 发布时间: 2014-03-09
i am really confused because the chinese toolbar is still missing and i can't even open the avast folder
作者: kennythk 发布时间: 2014-03-09
引用:原帖由 kennythk 於 2014-2-22 05:06 PM 发表
i cannot open the avast folder...are there any other method to uninstall the programme?
下载/执行Avast Uninstall Utility (avastclear.exe) 移除Avast (要在安全模式执行)。 i cannot open the avast folder...are there any other method to uninstall the programme?
作者: SILVESTERABEND 发布时间: 2014-03-09
引用:原帖由 kennythk 於 2014-2-22 05:08 PM 发表
i am really confused because the chinese toolbar is still missing and i can't even open the avast folder
试下载/执行 Portable Windows Repair AIO修正以下各项:i am really confused because the chinese toolbar is still missing and i can't even open the avast folder
Reset Registry Permissions
Reset File Permissions
Register System Files
Repair Internet Explorer
Remove Policies Set By Infections
Remove Temp Files
作者: SILVESTERABEND 发布时间: 2014-03-09
打得番中文喇!!! 但系AVAST UNINSTALL左个FOLDER都仲响度..同埋唔俾我开...话我无PERMISSION...
作者: kennythk 发布时间: 2014-03-09
引用:原帖由 SILVESTERABEND 於 2014-2-22 06:44 PM 发表
下载/执行Avast Uninstall Utility (avastclear.exe) 移除Avast (要在安全模式执行)。
版主大人, 我用AVAST UNINSTALL UTILITY uninstall左AVAST但个FOLDER仲响度..DELETE佢又话我无PERMISSION...
下载/执行Avast Uninstall Utility (avastclear.exe) 移除Avast (要在安全模式执行)。
admin.png (287.15 KB)
2014-2-23 03:03 AM
作者: kennythk 发布时间: 2014-03-09
同埋想问下版主我部电脑系中病毒定咩? 因为我无DOWNLOAD过野佢自己无啦啦死左..有日无端端弹左个BOX出黎话我SYSTEM少左个D唔知咩FILE(但系简单字). 禁完之后就开始全部防毒开唔到...无左输入法....
作者: kennythk 发布时间: 2014-03-09
引用:原帖由 kennythk 於 2014-2-23 03:03 AM 发表
版主大人, 我用AVAST UNINSTALL UTILITY uninstall左AVAST但个FOLDER仲响度..DELETE佢又话我无PERMISSION...
入安全模式,右按个Avast folder以管理员身份执行删除。 版主大人, 我用AVAST UNINSTALL UTILITY uninstall左AVAST但个FOLDER仲响度..DELETE佢又话我无PERMISSION...
作者: SILVESTERABEND 发布时间: 2014-03-09
引用:原帖由 kennythk 於 2014-2-23 03:06 AM 发表
同埋想问下版主我部电脑系中病毒定咩? 因为我无DOWNLOAD过野佢自己无啦啦死左..有日无端端弹左个BOX出黎话我SYSTEM少左个D唔知咩FILE(但系简单字). 禁完之后就开始全部防毒开唔到...无左输入法....
系统中左毒,部份系统执行程式被image hijack / hijacking executables。同埋想问下版主我部电脑系中病毒定咩? 因为我无DOWNLOAD过野佢自己无啦啦死左..有日无端端弹左个BOX出黎话我SYSTEM少左个D唔知咩FILE(但系简单字). 禁完之后就开始全部防毒开唔到...无左输入法....
个视窗通知可能系rogueware (流氓软件);有可能系被之前装落软件插件暗中引入。
作者: SILVESTERABEND 发布时间: 2014-03-09
入左SAFE MODE DELETE都系咁
safemode.png (100.6 KB)
2014-2-23 02:12 PM
作者: kennythk 发布时间: 2014-03-09
作者: SILVESTERABEND 发布时间: 2014-03-09
OOO...版主我DELETE到个FOLDER喇...我而家应该点样CHECK下部电脑仲有冇病毒?
作者: kennythk 发布时间: 2014-03-09
基本上上述报告显示系统已经冇毒。
1. 试做1次Bitdefender Online Scan。
3. 开始 > 输入 MRT > 按Enter。
用 Microsoft Windows Malicious Software Removal Tool 做1次[完整扫瞄]。
2. 安装完新防毒软件后,再做1次complete scan。
1. 试做1次Bitdefender Online Scan。
3. 开始 > 输入 MRT > 按Enter。
用 Microsoft Windows Malicious Software Removal Tool 做1次[完整扫瞄]。
2. 安装完新防毒软件后,再做1次complete scan。
作者: SILVESTERABEND 发布时间: 2014-03-09
唔该哂板主!!! 谢谢你
作者: kennythk 发布时间: 2014-03-09
引用:原帖由 kennythk 於 2014-2-23 03:52 PM 发表
唔该哂板主!!! 谢谢你
You're welcome.唔该哂板主!!! 谢谢你
1. 如果系统运作回复正常,请跟#8帖移除Hijackthis/ComboFix等等的扫瞄软件。
http://computer.uwants.com/viewthread.php?tid=12999541&extra=page%3D1
2. 请用CCleaner Free删除temp files/登录档,用Windows预载defrag功能,做番1次磁碟重组(defrag)。
3. 请将[病毒移除]主题改为[已解决]。Tks.
作者: SILVESTERABEND 发布时间: 2014-03-09
唔该哂版主!!!
作者: kennythk 发布时间: 2014-03-09
相关阅读 更多
热门阅读
-
office 2019专业增强版最新2021版激活秘钥/序列号/激活码推荐 附激活工具
阅读:74
-
如何安装mysql8.0
阅读:31
-
Word快速设置标题样式步骤详解
阅读:28
-
20+道必知必会的Vue面试题(附答案解析)
阅读:37
-
HTML如何制作表单
阅读:22
-
百词斩可以改天数吗?当然可以,4个步骤轻松修改天数!
阅读:31
-
ET文件格式和XLS格式文件之间如何转化?
阅读:24
-
react和vue的区别及优缺点是什么
阅读:121
-
支付宝人脸识别如何关闭?
阅读:21
-
腾讯微云怎么修改照片或视频备份路径?
阅读:28
