不断蓝mon之后自动reboot
时间:2014-03-12
来源:互联网
应该中左毒,成日出现蓝mon之后自动reboot,但其他操作上都无咩问题
thanks
[ 本帖最后由 少见不怪 於 2014-2-26 11:34 PM 编辑 ]
thanks
[ 本帖最后由 少见不怪 於 2014-2-26 11:34 PM 编辑 ]
作者: 少见不怪 发布时间: 2014-03-12
引用:原帖由 少见不怪 於 2014-2-22 12:11 AM 发表
应该中左毒,成日出现蓝mon之后自动reboot,但其他操作上都无咩问题
请ching帮帮忙,就黎离开香港想搞掂先走
thanks
下载 Hijackthis至桌面 > 按 Install > 按[ Accept] > 按 [Do a system scan and save a logfile ] > 完成扫瞄系统,hijackthis会弹出报告。应该中左毒,成日出现蓝mon之后自动reboot,但其他操作上都无咩问题
请ching帮帮忙,就黎离开香港想搞掂先走
thanks
储存该扫瞄报告於桌面。请把Hijackthis 扫瞄报告贴上。
作者: SILVESTERABEND 发布时间: 2014-03-12
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:20, on 22/2/2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Lenovo\Lenovo MuteSync\MuteSync.exe
C:\Program Files\BisonCam\Monitor.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Retro PC Calculator\ntvmon32.exe
C:\Windows\system32\conhost.exe
C:\Program Files\ShopperPro\JSDriver\1.0.0.19\JSDRV.EXE
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\on\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
D:\九方\Q92k.exe
D:\九方\QTRAYIME.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Scan saved at 11:30:20, on 22/2/2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Lenovo\Lenovo MuteSync\MuteSync.exe
C:\Program Files\BisonCam\Monitor.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Retro PC Calculator\ntvmon32.exe
C:\Windows\system32\conhost.exe
C:\Program Files\ShopperPro\JSDriver\1.0.0.19\JSDRV.EXE
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\on\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
D:\九方\Q92k.exe
D:\九方\QTRAYIME.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
作者: 少见不怪 发布时间: 2014-03-12
O2 - BHO: CrossriderApp0032850 - {11111111-1111-1111-1111-110311281150} - C:\Program Files\Object Browser\Object Browser-bho.dll
O2 - BHO: CrossriderApp0035510 - {11111111-1111-1111-1111-110311551110} - C:\Program Files\iWebar\iWebar-bho.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: ShopperProBHO - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O2 - BHO: CrossriderApp0035510 - {11111111-1111-1111-1111-110311551110} - C:\Program Files\iWebar\iWebar-bho.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: ShopperProBHO - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
作者: 少见不怪 发布时间: 2014-03-12
O4 - HKLM\..\Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\Utility.exe
O4 - HKLM\..\Run: [OnekeyStudio] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
O4 - HKLM\..\Run: [IME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [MuteSync] C:\PROGRA~1\Lenovo\LENOVO~1\MuteSync.exe
O4 - HKLM\..\Run: [S_Monitor] C:\Program Files\BisonCam\Monitor.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows NTV Host Monitor] C:\Program Files\Retro PC Calculator\ntvmon32.exe
O4 - HKLM\..\Run: [YTDownloader] "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
O4 - HKLM\..\Run: [SPDriver] C:\Program Files\ShopperPro\JSDRIVER\1.0.0.19\JSDRV.EXE
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [SpeedItupFree] "C:\Program Files\SpeedItup Free\speeditupfree.exe"
O4 - HKCU\..\Run: [SPDriver] C:\Program Files\ShopperPro\JSDRIVER\1.0.0.19\JSDRV.EXE
O4 - HKUS\S-1-5-21-58335498-3418410875-321181323-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-58335498-3418410875-321181323-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = C:\Users\on\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: 传送至 OneNote(&N) - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: 汇出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: 新增到卡巴斯基广告横幅防护清单 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ie_banner_deny.htm
O9 - Extra button: 传送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: 传送至 OneNote(&N) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote 连结笔记(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote 连结笔记(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O4 - HKLM\..\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\Utility.exe
O4 - HKLM\..\Run: [OnekeyStudio] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
O4 - HKLM\..\Run: [IME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [MuteSync] C:\PROGRA~1\Lenovo\LENOVO~1\MuteSync.exe
O4 - HKLM\..\Run: [S_Monitor] C:\Program Files\BisonCam\Monitor.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows NTV Host Monitor] C:\Program Files\Retro PC Calculator\ntvmon32.exe
O4 - HKLM\..\Run: [YTDownloader] "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
O4 - HKLM\..\Run: [SPDriver] C:\Program Files\ShopperPro\JSDRIVER\1.0.0.19\JSDRV.EXE
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [SpeedItupFree] "C:\Program Files\SpeedItup Free\speeditupfree.exe"
O4 - HKCU\..\Run: [SPDriver] C:\Program Files\ShopperPro\JSDRIVER\1.0.0.19\JSDRV.EXE
O4 - HKUS\S-1-5-21-58335498-3418410875-321181323-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-58335498-3418410875-321181323-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = C:\Users\on\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: 传送至 OneNote(&N) - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: 汇出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: 新增到卡巴斯基广告横幅防护清单 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ie_banner_deny.htm
O9 - Extra button: 传送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: 传送至 OneNote(&N) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote 连结笔记(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote 连结笔记(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
作者: 少见不怪 发布时间: 2014-03-12
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: 检查网址(&H) - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {8F796202-72B7-45E3-9F61-C6DC4922D224} (AllatPayENAtl Class) - https://tx.allatpay.com/component/AllatPayEN.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC5B3F2-D61E-4124-98E7-1AC76DE5DECC}: NameServer = 147.8.2.2 147.8.145.30
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AC5B3F2-D61E-4124-98E7-1AC76DE5DECC}: NameServer = 147.8.2.2 147.8.145.30
O17 - HKLM\System\CS2\Services\Tcpip\..\{1AC5B3F2-D61E-4124-98E7-1AC76DE5DECC}: NameServer = 147.8.2.2 147.8.145.30
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\System32\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus服务 (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
O23 - Service: Bonjour 服务 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/无线 WiMAX Red Bend 装置管理服务 (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google更新 服务 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google更新 服务 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod 服务 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Intel(R) PROSet/无线 WiMAX 服务 (WiMAXAppSrv) - Intel(R) Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
O23 - Service: Intel(R) PROSet/Wireless ZeroConfig Service (ZcfgSvc7) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
--
End of file - 12578 bytes
O9 - Extra button: 检查网址(&H) - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {8F796202-72B7-45E3-9F61-C6DC4922D224} (AllatPayENAtl Class) - https://tx.allatpay.com/component/AllatPayEN.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC5B3F2-D61E-4124-98E7-1AC76DE5DECC}: NameServer = 147.8.2.2 147.8.145.30
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AC5B3F2-D61E-4124-98E7-1AC76DE5DECC}: NameServer = 147.8.2.2 147.8.145.30
O17 - HKLM\System\CS2\Services\Tcpip\..\{1AC5B3F2-D61E-4124-98E7-1AC76DE5DECC}: NameServer = 147.8.2.2 147.8.145.30
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\System32\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus服务 (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
O23 - Service: Bonjour 服务 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/无线 WiMAX Red Bend 装置管理服务 (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google更新 服务 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google更新 服务 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod 服务 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Intel(R) PROSet/无线 WiMAX 服务 (WiMAXAppSrv) - Intel(R) Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
O23 - Service: Intel(R) PROSet/Wireless ZeroConfig Service (ZcfgSvc7) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
--
End of file - 12578 bytes
作者: 少见不怪 发布时间: 2014-03-12
开机按F8,入安全模式做Fix checked & OTM 删除。
1. 执行Hijackthis > Do a system scan only > 勾选下列项目 > 按Fix Checked (fix checked时关闭所有browsers/程式) > 按"是"。
copy & paste 以下项目於Paste Instructions for Items to be Moved的框格内。
按MoveIt > OK > 重启电脑。
(JRT会自动删除附於浏览器的恶意程式/档案/登录档)
4. 关闭所有防毒软件(包括Windows Defender),下载ComboFix至桌面 ,执行 ComboFix 扫毒。
扫瞄时不要执行其他程式或点击 ComboFix视窗。
完成扫瞄后,ComboFix 报告会自动弹出。
请贴上以下报告:
a. JRT扫毒报告。
b. ComboFix扫毒报告。
c. 新1份Hijackthis扫瞄报告。
PS:建议去程式集移除以下程式:
YTDownloader
Retro PC Calculator
ShopperPro
Object Browser
iWebar
1. 执行Hijackthis > Do a system scan only > 勾选下列项目 > 按Fix Checked (fix checked时关闭所有browsers/程式) > 按"是"。
引用:
O2 - BHO: CrossriderApp0032850 - {11111111-1111-1111-1111-110311281150} - C:\Program Files\Object Browser\Object Browser-bho.dll
O2 - BHO: CrossriderApp0035510 - {11111111-1111-1111-1111-110311551110} - C:\Program Files\iWebar\iWebar-bho.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: ShopperProBHO - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro.dll
O4 - HKLM\..\Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows NTV Host Monitor] C:\Program Files\Retro PC Calculator\ntvmon32.exe
O4 - HKLM\..\Run: [YTDownloader] "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
O4 - HKLM\..\Run: [SPDriver] C:\Program Files\ShopperPro\JSDRIVER\1.0.0.19\JSDRV.EXE
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [SpeedItupFree] "C:\Program Files\SpeedItup Free\speeditupfree.exe"
O4 - HKCU\..\Run: [SPDriver] C:\Program Files\ShopperPro\JSDRIVER\1.0.0.19\JSDRV.EXE
O4 - HKUS\S-1-5-21-58335498-3418410875-321181323-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = C:\Users\on\AppData\Roaming\Dropbox\bin\Dropbox.exe
O16 - DPF: {8F796202-72B7-45E3-9F61-C6DC4922D224} (AllatPayENAtl Class) - https://tx.allatpay.com/component/AllatPayEN.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC5B3F2-D61E-4124-98E7-1AC76DE5DECC}: NameServer = 147.8.2.2 147.8.145.30
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AC5B3F2-D61E-4124-98E7-1AC76DE5DECC}: NameServer = 147.8.2.2 147.8.145.30
O17 - HKLM\System\CS2\Services\Tcpip\..\{1AC5B3F2-D61E-4124-98E7-1AC76DE5DECC}: NameServer = 147.8.2.2 147.8.145.30
2. 下载/执行 OTM做删除。O2 - BHO: CrossriderApp0032850 - {11111111-1111-1111-1111-110311281150} - C:\Program Files\Object Browser\Object Browser-bho.dll
O2 - BHO: CrossriderApp0035510 - {11111111-1111-1111-1111-110311551110} - C:\Program Files\iWebar\iWebar-bho.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: ShopperProBHO - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro.dll
O4 - HKLM\..\Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows NTV Host Monitor] C:\Program Files\Retro PC Calculator\ntvmon32.exe
O4 - HKLM\..\Run: [YTDownloader] "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
O4 - HKLM\..\Run: [SPDriver] C:\Program Files\ShopperPro\JSDRIVER\1.0.0.19\JSDRV.EXE
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [SpeedItupFree] "C:\Program Files\SpeedItup Free\speeditupfree.exe"
O4 - HKCU\..\Run: [SPDriver] C:\Program Files\ShopperPro\JSDRIVER\1.0.0.19\JSDRV.EXE
O4 - HKUS\S-1-5-21-58335498-3418410875-321181323-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = C:\Users\on\AppData\Roaming\Dropbox\bin\Dropbox.exe
O16 - DPF: {8F796202-72B7-45E3-9F61-C6DC4922D224} (AllatPayENAtl Class) - https://tx.allatpay.com/component/AllatPayEN.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC5B3F2-D61E-4124-98E7-1AC76DE5DECC}: NameServer = 147.8.2.2 147.8.145.30
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AC5B3F2-D61E-4124-98E7-1AC76DE5DECC}: NameServer = 147.8.2.2 147.8.145.30
O17 - HKLM\System\CS2\Services\Tcpip\..\{1AC5B3F2-D61E-4124-98E7-1AC76DE5DECC}: NameServer = 147.8.2.2 147.8.145.30
copy & paste 以下项目於Paste Instructions for Items to be Moved的框格内。
按MoveIt > OK > 重启电脑。
引用:
:files
C:\Program Files\ShopperPro\JSDriver\1.0.0.19\JSDRV.EXE
C:\Program Files\Object Browser\Object Browser-bho.dll
C:\Program Files\iWebar\iWebar-bho.dll
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
C:\ProgramData\ShopperPro\ShopperPro.dll
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Retro PC Calculator\ntvmon32.exe
C:\Program Files\YTDownloader\YTDownloader.exe
C:\Program Files\SpeedItup Free\speeditupfree.exe
3. 下载/执行Junkware Removal Tool扫毒。执行扫毒前请关闭所有浏览器同程式。:files
C:\Program Files\ShopperPro\JSDriver\1.0.0.19\JSDRV.EXE
C:\Program Files\Object Browser\Object Browser-bho.dll
C:\Program Files\iWebar\iWebar-bho.dll
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
C:\ProgramData\ShopperPro\ShopperPro.dll
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Retro PC Calculator\ntvmon32.exe
C:\Program Files\YTDownloader\YTDownloader.exe
C:\Program Files\SpeedItup Free\speeditupfree.exe
(JRT会自动删除附於浏览器的恶意程式/档案/登录档)
4. 关闭所有防毒软件(包括Windows Defender),下载ComboFix至桌面 ,执行 ComboFix 扫毒。
扫瞄时不要执行其他程式或点击 ComboFix视窗。
完成扫瞄后,ComboFix 报告会自动弹出。
请贴上以下报告:
a. JRT扫毒报告。
b. ComboFix扫毒报告。
c. 新1份Hijackthis扫瞄报告。
PS:建议去程式集移除以下程式:
YTDownloader
Retro PC Calculator
ShopperPro
Object Browser
iWebar
作者: SILVESTERABEND 发布时间: 2014-03-12
thanks ching
但我系程式集搵唔到YTdownloader同retro PC Calculator
report如下:
hijackthis 2.txt (12.35 KB)
ComboFix 1.txt (15.12 KB)
JRT.txt (5.01 KB)
但我系程式集搵唔到YTdownloader同retro PC Calculator
report如下:
hijackthis 2.txt (12.35 KB)
2014-2-26 01:34 AM, 下载次数: 3
ComboFix 1.txt (15.12 KB)
2014-2-26 01:34 AM, 下载次数: 5
JRT.txt (5.01 KB)
2014-2-26 01:34 AM, 下载次数: 5
作者: 少见不怪 发布时间: 2014-03-12
引用:原帖由 少见不怪 於 2014-2-26 01:34 AM 发表
thanks ching
但我系程式集搵唔到YTdownloader同retro PC Calculator
report如下:
搵唔到冇问题,用以下扫毒程式搵同删除。thanks ching
但我系程式集搵唔到YTdownloader同retro PC Calculator
report如下:
1. 下载/执行 AdwCleaner (Xplode) 扫毒。(先按Scan扫瞄,扫到毒按[Clean] 删除)
(执行AdwCleaner关闭所有浏览器/程式)
2. 下载/安装Malwarebytes Anti-Malware Free 扫毒。更新后做全面扫瞄,扫到毒按Select all > 再按Remove Selected做删除。
3. 下载 OTL.exe於桌面。双按OTL.exe > 按Run Scan > 完成后请将OTL扫瞄报告(OTL.txt)贴上。
(OTL扫瞄需时较长,请耐心等候)
请贴上以下报告:
a. AdwCleaner删毒报告。
b. MBAM扫毒报告。
c. OTL.txt扫瞄报告。
作者: SILVESTERABEND 发布时间: 2014-03-12
我dl左AdwCleaner (Xplode)但佢话AdwCleaner (Xplode)不是正确的win32应用程式
作者: 少见不怪 发布时间: 2014-03-12
引用:原帖由 少见不怪 於 2014-2-26 11:23 PM 发表
我dl左AdwCleaner (Xplode)但佢话AdwCleaner (Xplode)不是正确的win32应用程式
1. 入安全模式执行AdwCleaner。我dl左AdwCleaner (Xplode)但佢话AdwCleaner (Xplode)不是正确的win32应用程式
2. 装唔装到MBAM扫毒?
作者: SILVESTERABEND 发布时间: 2014-03-12
引用:原帖由 SILVESTERABEND 於 2014-2-27 09:50 AM 发表
1. 入安全模式执行AdwCleaner。
2. 装唔装到MBAM扫毒?
1.入安全模式都run唔到2.装到,upload左report1. 入安全模式执行AdwCleaner。
2. 装唔装到MBAM扫毒?
thanks ching
[ 本帖最后由 少见不怪 於 2014-2-27 01:58 PM 编辑 ]
mbam-log-2014-02-26 (23-24-17).txt (3.02 KB)
2014-2-27 01:34 PM, 下载次数: 4
MBAM-log-2014-02-27 (13-04-54).txt (3.02 KB)
2014-2-27 01:34 PM, 下载次数: 4
OTL.Txt (93.63 KB)
2014-2-27 01:58 PM, 下载次数: 5
作者: 少见不怪 发布时间: 2014-03-12
双按OTL.exe > 将下列档案copy & paste 到Custom Scans/Fixes框架内 > 按左上角[Run Fix];执行fix前要关闭浏览器。
成功fixed (删除)会有通知(Fix complete! Click OK to open the fix log.) >按OK > 重启电脑。
成功fixed (删除)会有通知(Fix complete! Click OK to open the fix log.) >按OK > 重启电脑。
引用:
:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
:Files
C:\Program Files\DownLite
C:\Users\on\AppData\Local\Installer
C:\Users\Public\Documents\ShopperPro
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Retro PC Calculator
C:\Program Files\Retro PC Calculator
C:\Users\on\AppData\Local\Programs
C:\Users\on\AppData\Local\CrashRpt
C:\Users\on\.android
C:\Users\on\AppData\Local\cache
C:\Users\on\AppData\Local\genienext
C:\Users\on\Documents\Mobogenie
C:\Users\on\AppData\Local\Mobogenie
C:\Users\on\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\37wan蚔牁笢陑
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\37wan蚔牁笢陑
C:\ProgramData\37wan
C:\Program Files\Mobogenie
C:\Program Files\zipnew.dat
C:\Program Files\rarnew.dat
C:\Program Files\WinRAR.chm
C:\Program Files\Default.SFX
C:\Program Files\Zip.SFX
C:\Program Files\WinCon.SFX
C:\Program Files\Order.htm
C:\Program Files\RarFiles.lst
C:\Program Files\Descript.ion
C:\Program Files\Uninstall.lst
C:\Program Files\File_Id.diz
ipconfig /flushdns /c
:Commands
[PURITY]
[EMPTYTEMP]
[reboot]
:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
:Files
C:\Program Files\DownLite
C:\Users\on\AppData\Local\Installer
C:\Users\Public\Documents\ShopperPro
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Retro PC Calculator
C:\Program Files\Retro PC Calculator
C:\Users\on\AppData\Local\Programs
C:\Users\on\AppData\Local\CrashRpt
C:\Users\on\.android
C:\Users\on\AppData\Local\cache
C:\Users\on\AppData\Local\genienext
C:\Users\on\Documents\Mobogenie
C:\Users\on\AppData\Local\Mobogenie
C:\Users\on\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\37wan蚔牁笢陑
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\37wan蚔牁笢陑
C:\ProgramData\37wan
C:\Program Files\Mobogenie
C:\Program Files\zipnew.dat
C:\Program Files\rarnew.dat
C:\Program Files\WinRAR.chm
C:\Program Files\Default.SFX
C:\Program Files\Zip.SFX
C:\Program Files\WinCon.SFX
C:\Program Files\Order.htm
C:\Program Files\RarFiles.lst
C:\Program Files\Descript.ion
C:\Program Files\Uninstall.lst
C:\Program Files\File_Id.diz
ipconfig /flushdns /c
:Commands
[PURITY]
[EMPTYTEMP]
[reboot]
作者: SILVESTERABEND 发布时间: 2014-03-12
引用:原帖由 SILVESTERABEND 於 2014-2-27 07:59 PM 发表
双按OTL.exe > 将下列档案copy & paste 到Custom Scans/Fixes框架内 > 按左上角[Run Fix];执行fix前要关闭浏览器。
成功fixed (删除)会有通知(Fix complete! Click OK to open the fix log.) >按OK > 重启电脑。
我禁左ok重埋reboot啦,系咪无report嫁?因为佢无弹野出黎双按OTL.exe > 将下列档案copy & paste 到Custom Scans/Fixes框架内 > 按左上角[Run Fix];执行fix前要关闭浏览器。
成功fixed (删除)会有通知(Fix complete! Click OK to open the fix log.) >按OK > 重启电脑。
thanks ching
作者: 少见不怪 发布时间: 2014-03-12
引用:原帖由 少见不怪 於 2014-2-28 12:12 AM 发表
我禁左ok重埋reboot啦,系咪无report嫁?因为佢无弹野出黎
thanks ching
路过........我禁左ok重埋reboot啦,系咪无report嫁?因为佢无弹野出黎
thanks ching
检查C:\_OTL\MovedFiles.
作者: Luchriste 发布时间: 2014-03-12
引用:原帖由 少见不怪 於 2014-2-28 12:12 AM 发表
我禁左ok重埋reboot啦,系咪无report嫁?因为佢无弹野出黎
thanks ching
重有冇[蓝屏]出现? 我禁左ok重埋reboot啦,系咪无report嫁?因为佢无弹野出黎
thanks ching
作者: SILVESTERABEND 发布时间: 2014-03-12
引用:原帖由 Luchriste 於 2014-2-28 03:29 PM 发表
路过........
检查C:\_OTL\MovedFiles.
请问点样叫检查?路过........
检查C:\_OTL\MovedFiles.
作者: 少见不怪 发布时间: 2014-03-12
引用:原帖由 SILVESTERABEND 於 2014-2-28 09:50 PM 发表
重有冇[蓝屏]出现?
暂时都无重有冇[蓝屏]出现?
作者: 少见不怪 发布时间: 2014-03-12
观察多1两天睇重有冇问题。
作者: SILVESTERABEND 发布时间: 2014-03-12
我岩岩发现我唔见左成个my music,想问下系咪删毒既时候删埋,我唔识睇d report thanks ching
thanks ching 作者: 少见不怪 发布时间: 2014-03-12
引用:原帖由 少见不怪 於 2014-3-4 02:40 AM 发表
我岩岩发现我唔见左成个my music,想问下系咪删毒既时候删埋,我唔识睇d report thanks ching
My music个folder属於边套软件?我岩岩发现我唔见左成个my music,想问下系咪删毒既时候删埋,我唔识睇d report
thanks ching
扫毒报告见唔到有删除。
作者: SILVESTERABEND 发布时间: 2014-03-12
引用:原帖由 SILVESTERABEND 於 2014-3-4 10:29 AM 发表
My music个folder属於边套软件?
扫毒报告见唔到有删除。
普通mp3黎嫁咋用window media player开My music个folder属於边套软件?
扫毒报告见唔到有删除。
佢突然成个唔见左ˊ_>ˋ连资源回收筒都无有无方法可以回复番
[ 本帖最后由 少见不怪 於 2014-3-4 01:10 PM 编辑 ]
作者: 少见不怪 发布时间: 2014-03-12
引用:原帖由 少见不怪 於 2014-3-4 12:37 PM 发表
普通mp3黎嫁咋用window media player开
佢突然成个唔见左ˊ_>ˋ连资源回收筒都无有无方法可以回复番
上述扫毒程式冇删过mp3,会唔唔同Funshion一齐被删? 普通mp3黎嫁咋用window media player开
佢突然成个唔见左ˊ_>ˋ连资源回收筒都无有无方法可以回复番
作者: SILVESTERABEND 发布时间: 2014-03-12
我唔知丫但系咪无得救(T_T)
作者: 少见不怪 发布时间: 2014-03-12
引用:原帖由 少见不怪 於 2014-3-4 07:15 PM 发表
我唔知丫但系咪无得救(T_T)
你可以尝试用还原软件Recuva Free搵。 我唔知丫但系咪无得救(T_T)
作者: SILVESTERABEND 发布时间: 2014-03-12
相关阅读 更多
热门阅读
-
office 2019专业增强版最新2021版激活秘钥/序列号/激活码推荐 附激活工具
阅读:74
-
如何安装mysql8.0
阅读:31
-
Word快速设置标题样式步骤详解
阅读:28
-
20+道必知必会的Vue面试题(附答案解析)
阅读:37
-
HTML如何制作表单
阅读:22
-
百词斩可以改天数吗?当然可以,4个步骤轻松修改天数!
阅读:31
-
ET文件格式和XLS格式文件之间如何转化?
阅读:24
-
react和vue的区别及优缺点是什么
阅读:121
-
支付宝人脸识别如何关闭?
阅读:21
-
腾讯微云怎么修改照片或视频备份路径?
阅读:28
