电脑疑似中毒
时间:2014-05-28
来源:互联网
部电机唔知点解有时会好似一直禁住alt制同shift制咁
姐系一拣野就同时拣左好多
打1234就自动变!@#$
跟住试过蚊左个keyboard佢拣野都系咁
用完Malwarebytes Anti-Malware删毒都系无用
附上hijackthis求救
[ 本帖最后由 亮叔 於 2014-5-22 02:27 PM 编辑 ]
hijackthis.log (12.34 KB)
姐系一拣野就同时拣左好多
打1234就自动变!@#$
跟住试过蚊左个keyboard佢拣野都系咁
用完Malwarebytes Anti-Malware删毒都系无用
附上hijackthis求救
[ 本帖最后由 亮叔 於 2014-5-22 02:27 PM 编辑 ]
hijackthis.log (12.34 KB)
2014-5-21 10:14 AM, 下载次数: 3
作者: 亮叔 发布时间: 2014-05-28
引用:原帖由 亮叔 於 2014-5-21 10:14 AM 发表
部电机唔知点解有时会好似一直禁住alt制同shift制咁
姐系一拣野就同时拣左好多
打1234就自动变!@#$
跟住试过蚊左个keyboard佢拣野都系咁
用完Malwarebytes Anti-Malware删毒都系无用
附上hijackthis求救: ...
有冇试换过个keyboard?部电机唔知点解有时会好似一直禁住alt制同shift制咁
姐系一拣野就同时拣左好多
打1234就自动变!@#$
跟住试过蚊左个keyboard佢拣野都系咁
用完Malwarebytes Anti-Malware删毒都系无用
附上hijackthis求救
: ...
我先帮你删除系统恶意程式/adwares。
作者: SILVESTERABEND 发布时间: 2014-05-28
之前都换过
但系都系无用
但系都系无用
作者: 亮叔 发布时间: 2014-05-28
开机按F8,入安全模式做Fix checked & OTM 删除。
1. 执行Hijackthis > Do a system scan only > 勾选下列项目 > 按Fix Checked (fix checked时关闭所有browsers/程式) > 按"是"。
copy & paste 以下项目於Paste Instructions for Items to be Moved的框格内。
按MoveIt > OK > 重启电脑。
(JRT会自动删除附於浏览器的恶意程式/档案/登录档)
4. 关闭所有防毒软件(包括Windows Defender),下载ComboFix至桌面 ,执行 ComboFix 扫毒。
扫瞄时不要执行其他程式或点击 ComboFix视窗。
完成扫瞄后,ComboFix 报告会自动弹出。
5. 下载 OTL.exe於桌面。双按OTL.exe > 按Run Scan > 完成后请将OTL扫瞄报告(OTL.txt)贴上。
(OTL扫瞄需时较长,请耐心等候)
请贴上以下报告:
a. JRT扫毒报告。
b. ComboFix扫毒报告。
c. OTL.txt扫瞄报告。
1. 执行Hijackthis > Do a system scan only > 勾选下列项目 > 按Fix Checked (fix checked时关闭所有browsers/程式) > 按"是"。
引用:
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - f:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: BrowserHelper - {4BF2CB0E-658A-442B-AC83-A64EC2150BFC} - F:\Documents and Settings\All Users\Application Data\PPBrowserHelper\BHO\TipsBHO.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - F:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.9.16.4670.dll
O2 - BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - F:\Program Files\QvodPlayer\QvodExtend.dll (file missing)
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - F:\Documents and Settings\Administrator\Application Data\FlashGetBHO\FlashGetBHO.dll
O2 - BHO: Xunlei BHO Platform - {DE05CF4A-7B0A-4775-B5E5-396244938679} - F:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QvodTerminal] "F:\Program Files\QvodPlayer\QvodTerminal.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [kuping] 162
O4 - HKLM\..\Run: [mobilegeni daemon] F:\Program Files\Mobogenie\DaemonProcess.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [GarenaPlus] "F:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - HKCU\..\Run: [] F:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Pando Media Booster] F:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [DAEMON Tools Ultra Agent] "F:\Program Files\DAEMON Tools Ultra\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [se] "F:\Documents and Settings\Administrator\Application Data\SkypEmoticons\SE.exe" /minimized
O8 - Extra context menu item: &使用BitComet下载本页视讯 - res://F:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &使用迅雷下载 - F:\Program Files\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - F:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm
O8 - Extra context menu item: &使用迅雷离线下载 - F:\Program Files\Thunder Network\Thunder\BHO\OfflineDownload.htm
O8 - Extra context menu item: Foxy ?r?q - res://F:\Documents and Settings\Administrator\桌面\Foxy.exe/search.htm
O8 - Extra context menu item: Foxy ?? - res://F:\Documents and Settings\Administrator\桌面\Foxy.exe/download.htm
O8 - Extra context menu item: Search the Web - F:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O8 - Extra context menu item: 使用BitComet下载全部连结 - res://F:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下载连结(&B) - res://F:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {0A155D3C-68E2-4215-A47A-E800A446447A} - F:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
O9 - Extra button: 发布至部落格 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
O9 - Extra button: 店??弦 - {4248FE82-7FCB-46AC-B270-339F08212110} - F:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
O9 - Extra button: 浪琩呼? - {CCF151D8-D089-449F-A5A4-D9909053F20F} - F:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://F:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O23 - Service: IviRegMgr - InterVideo - F:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - F:\WINDOWS\system32\GameMon.des.exe (file missing)
2. 下载/执行 OTM做删除。O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - f:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: BrowserHelper - {4BF2CB0E-658A-442B-AC83-A64EC2150BFC} - F:\Documents and Settings\All Users\Application Data\PPBrowserHelper\BHO\TipsBHO.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - F:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.9.16.4670.dll
O2 - BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - F:\Program Files\QvodPlayer\QvodExtend.dll (file missing)
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - F:\Documents and Settings\Administrator\Application Data\FlashGetBHO\FlashGetBHO.dll
O2 - BHO: Xunlei BHO Platform - {DE05CF4A-7B0A-4775-B5E5-396244938679} - F:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QvodTerminal] "F:\Program Files\QvodPlayer\QvodTerminal.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [kuping] 162
O4 - HKLM\..\Run: [mobilegeni daemon] F:\Program Files\Mobogenie\DaemonProcess.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [GarenaPlus] "F:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - HKCU\..\Run: [] F:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Pando Media Booster] F:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [DAEMON Tools Ultra Agent] "F:\Program Files\DAEMON Tools Ultra\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [se] "F:\Documents and Settings\Administrator\Application Data\SkypEmoticons\SE.exe" /minimized
O8 - Extra context menu item: &使用BitComet下载本页视讯 - res://F:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &使用迅雷下载 - F:\Program Files\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - F:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm
O8 - Extra context menu item: &使用迅雷离线下载 - F:\Program Files\Thunder Network\Thunder\BHO\OfflineDownload.htm
O8 - Extra context menu item: Foxy ?r?q - res://F:\Documents and Settings\Administrator\桌面\Foxy.exe/search.htm
O8 - Extra context menu item: Foxy ?? - res://F:\Documents and Settings\Administrator\桌面\Foxy.exe/download.htm
O8 - Extra context menu item: Search the Web - F:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O8 - Extra context menu item: 使用BitComet下载全部连结 - res://F:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下载连结(&B) - res://F:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {0A155D3C-68E2-4215-A47A-E800A446447A} - F:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
O9 - Extra button: 发布至部落格 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
O9 - Extra button: 店??弦 - {4248FE82-7FCB-46AC-B270-339F08212110} - F:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
O9 - Extra button: 浪琩呼? - {CCF151D8-D089-449F-A5A4-D9909053F20F} - F:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://F:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O23 - Service: IviRegMgr - InterVideo - F:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - F:\WINDOWS\system32\GameMon.des.exe (file missing)
copy & paste 以下项目於Paste Instructions for Items to be Moved的框格内。
按MoveIt > OK > 重启电脑。
引用:
:files
f:\program files\real\realplayer\rpbrowserrecordplugin.dll
F:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
F:\Documents and Settings\All Users\Application Data\PPBrowserHelper\BHO\TipsBHO.dll
F:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.9.16.4670.dll
F:\Documents and Settings\Administrator\Application Data\FlashGetBHO\FlashGetBHO.dll
F:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
F:\Program Files\QvodPlayer\QvodTerminal.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Pando Networks\Media Booster\PMB.exe
F:\Documents and Settings\Administrator\Application Data\SkypEmoticons\SE.exe
3. 下载/执行Junkware Removal Tool扫毒。执行扫毒前请关闭所有浏览器同程式。:files
f:\program files\real\realplayer\rpbrowserrecordplugin.dll
F:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
F:\Documents and Settings\All Users\Application Data\PPBrowserHelper\BHO\TipsBHO.dll
F:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.9.16.4670.dll
F:\Documents and Settings\Administrator\Application Data\FlashGetBHO\FlashGetBHO.dll
F:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
F:\Program Files\QvodPlayer\QvodTerminal.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Pando Networks\Media Booster\PMB.exe
F:\Documents and Settings\Administrator\Application Data\SkypEmoticons\SE.exe
(JRT会自动删除附於浏览器的恶意程式/档案/登录档)
4. 关闭所有防毒软件(包括Windows Defender),下载ComboFix至桌面 ,执行 ComboFix 扫毒。
扫瞄时不要执行其他程式或点击 ComboFix视窗。
完成扫瞄后,ComboFix 报告会自动弹出。
5. 下载 OTL.exe於桌面。双按OTL.exe > 按Run Scan > 完成后请将OTL扫瞄报告(OTL.txt)贴上。
(OTL扫瞄需时较长,请耐心等候)
请贴上以下报告:
a. JRT扫毒报告。
b. ComboFix扫毒报告。
c. OTL.txt扫瞄报告。
作者: SILVESTERABEND 发布时间: 2014-05-28
唔知点解JRT无办法系安全模式到开
结果系正常模式下扫
OTL.Txt (76.6 KB)
JRT.txt (5.57 KB)
log.txt (26.1 KB)
结果系正常模式下扫
OTL.Txt (76.6 KB)
2014-5-21 09:03 PM, 下载次数: 3
JRT.txt (5.57 KB)
2014-5-21 09:03 PM, 下载次数: 3
log.txt (26.1 KB)
2014-5-21 09:03 PM, 下载次数: 3
作者: 亮叔 发布时间: 2014-05-28
1. 双按OTL.exe > 将下列档案copy & paste 到Custom Scans/Fixes框架内 > 按左上角[Run Fix];执行fix前要关闭浏览器。
成功fixed (删除)会有通知(Fix complete! Click OK to open the fix log.) >按OK > 重启电脑。
请将OTL fix log贴上。
(执行AdwCleaner关闭所有浏览器/程式)
3. 下载/安装Malwarebytes Anti-Malware Free 扫毒。更新后做[Threat Scan]扫瞄,扫到毒按Select all > 再按Remove Selected做删除。
请贴上以下报告:
a. AdwCleaner删毒报告。
b. MBAM扫毒报告。
c. 新1份OTL.txt扫瞄报告。
PS:请依次序做上述扫瞄。
成功fixed (删除)会有通知(Fix complete! Click OK to open the fix log.) >按OK > 重启电脑。
请将OTL fix log贴上。
引用:
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=34&r=2014/03/29&hid=7366470573040629675&lg=EN&cc=HK&unqvl=51
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.hao123.com/?tn=62002018_5_hao_pg [binary data]
IE - HKCU\..\SearchScopes\{1FF7973D-AB0A-496d-82C1-4EADBBA11E7B}: "URL" = http://www.soso.com/q?sc=web&cid=th.ub&w={searchTerms}&cin=eFZ3Ru2LDG3kNsP7wlKaug0000c30g00&lr=&ie={inputEncoding}&unc=y400372_95
IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&bar=13&tn=synacast_cb
FF - HKLM\Software\MozillaPlugins\@pps.tv/npWebPlayer: F:\Program Files\PPStream\npWebPlayer.dll File not found
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: F:\Program Files\QvodPlayer\npQvodInsert.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
CHR - plugin: Error reading preferences file
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {65F8A3D2-4C22-4A33-9633-73167EAEEC45} - No CLSID value found.
O4 - Startup: F:\Documents and Settings\All Users\「开始」功能表\程式集\启动\McAfee Security Scan Plus.lnk = F:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &ィマ・ホィウケp、Uク - Reg Error: Key error. File not found
O8 - Extra context menu item: &ィマ・ホィウケp、Uク・ウ。テ・オ - F:\Program Files\Thunder Network\Thunder\BHO\getAllurl.htm ()
O8 - Extra context menu item: &ィマ・ホィウケpツ?[u、Uク - Reg Error: Key error. File not found
O8 - Extra context menu item: &使用优蛋下载 - F:\Program Files\UDown\getUrl.htm File not found
O8 - Extra context menu item: &使用优蛋下载全部链接 - F:\Program Files\UDown\getAllUrl.htm File not found
O8 - Extra context menu item: ハケモテソ・オ3マツヤリ - F:\Program Files\FlashG@@@@2013-08-09work\FlashGet 3\BHO\fdgeturl.htm File not found
O8 - Extra context menu item: ハケモテソ・オ3マツヤリオアヌーハモニオ - F:\Program Files\FlashG@@@@2013-08-09work\FlashGet 3\BHO\fdgetflvurl.htm File not found
O8 - Extra context menu item: ハケモテソ・オ3マツヤリネォイソチエスモ - F:\Program Files\FlashG@@@@2013-08-09work\FlashGet 3\BHO\fdgetallurl.htm File not found
O8 - Extra context menu item: ハケモテソ・オ3マツヤリネォイソハモニオ - F:\Program Files\FlashG@@@@2013-08-09work\FlashGet 3\BHO\fdgetallflvurl.htm File not found
@Alternate Data Stream - 139 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:F47F54AA
:Files
F:\WINDOWS\tasks\SW.Booster-S-872270714.job
F:\WINDOWS\tasks\User_Feed_Synchronization-{3691A6D1-4313-41B3-84AB-A395DB748699}.job
F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1563985344-1801674531-500UA.job
F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1563985344-1801674531-500Core.job
ipconfig /flushdns /c
:Commands
[PURITY]
[EMPTYTEMP]
[reboot]
2. 下载/执行 AdwCleaner (Xplode) 扫毒。(按[Clean] 扫毒/删除):OTL
IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=34&r=2014/03/29&hid=7366470573040629675&lg=EN&cc=HK&unqvl=51
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.hao123.com/?tn=62002018_5_hao_pg [binary data]
IE - HKCU\..\SearchScopes\{1FF7973D-AB0A-496d-82C1-4EADBBA11E7B}: "URL" = http://www.soso.com/q?sc=web&cid=th.ub&w={searchTerms}&cin=eFZ3Ru2LDG3kNsP7wlKaug0000c30g00&lr=&ie={inputEncoding}&unc=y400372_95
IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&bar=13&tn=synacast_cb
FF - HKLM\Software\MozillaPlugins\@pps.tv/npWebPlayer: F:\Program Files\PPStream\npWebPlayer.dll File not found
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: F:\Program Files\QvodPlayer\npQvodInsert.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
CHR - plugin: Error reading preferences file
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {65F8A3D2-4C22-4A33-9633-73167EAEEC45} - No CLSID value found.
O4 - Startup: F:\Documents and Settings\All Users\「开始」功能表\程式集\启动\McAfee Security Scan Plus.lnk = F:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &ィマ・ホィウケp、Uク - Reg Error: Key error. File not found
O8 - Extra context menu item: &ィマ・ホィウケp、Uク・ウ。テ・オ - F:\Program Files\Thunder Network\Thunder\BHO\getAllurl.htm ()
O8 - Extra context menu item: &ィマ・ホィウケpツ?[u、Uク - Reg Error: Key error. File not found
O8 - Extra context menu item: &使用优蛋下载 - F:\Program Files\UDown\getUrl.htm File not found
O8 - Extra context menu item: &使用优蛋下载全部链接 - F:\Program Files\UDown\getAllUrl.htm File not found
O8 - Extra context menu item: ハケモテソ・オ3マツヤリ - F:\Program Files\FlashG@@@@2013-08-09work\FlashGet 3\BHO\fdgeturl.htm File not found
O8 - Extra context menu item: ハケモテソ・オ3マツヤリオアヌーハモニオ - F:\Program Files\FlashG@@@@2013-08-09work\FlashGet 3\BHO\fdgetflvurl.htm File not found
O8 - Extra context menu item: ハケモテソ・オ3マツヤリネォイソチエスモ - F:\Program Files\FlashG@@@@2013-08-09work\FlashGet 3\BHO\fdgetallurl.htm File not found
O8 - Extra context menu item: ハケモテソ・オ3マツヤリネォイソハモニオ - F:\Program Files\FlashG@@@@2013-08-09work\FlashGet 3\BHO\fdgetallflvurl.htm File not found
@Alternate Data Stream - 139 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:F47F54AA
:Files
F:\WINDOWS\tasks\SW.Booster-S-872270714.job
F:\WINDOWS\tasks\User_Feed_Synchronization-{3691A6D1-4313-41B3-84AB-A395DB748699}.job
F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1563985344-1801674531-500UA.job
F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1563985344-1801674531-500Core.job
ipconfig /flushdns /c
:Commands
[PURITY]
[EMPTYTEMP]
[reboot]
(执行AdwCleaner关闭所有浏览器/程式)
3. 下载/安装Malwarebytes Anti-Malware Free 扫毒。更新后做[Threat Scan]扫瞄,扫到毒按Select all > 再按Remove Selected做删除。
请贴上以下报告:
a. AdwCleaner删毒报告。
b. MBAM扫毒报告。
c. 新1份OTL.txt扫瞄报告。
PS:请依次序做上述扫瞄。
作者: SILVESTERABEND 发布时间: 2014-05-28
感觉部机快番好多
AdwCleaner[S0].txt (7.56 KB)
mbam log.txt (1.04 KB)
OTL.Txt (75.93 KB)
AdwCleaner[S0].txt (7.56 KB)
2014-5-21 11:30 PM, 下载次数: 3
mbam log.txt (1.04 KB)
2014-5-21 11:30 PM, 下载次数: 3
OTL.Txt (75.93 KB)
2014-5-21 11:30 PM, 下载次数: 3
作者: 亮叔 发布时间: 2014-05-28
引用:原帖由 亮叔 於 2014-5-21 11:30 PM 发表
感觉部机快番好多
keyboard数字键回复正常未? 感觉部机快番好多
作者: SILVESTERABEND 发布时间: 2014-05-28
正常番了
唔该晒
唔该晒
作者: 亮叔 发布时间: 2014-05-28
引用:原帖由 亮叔 於 2014-5-22 02:26 PM 发表
正常番了
唔该晒
You're welcome.正常番了
唔该晒
1. 如果系统运作回复正常,请跟#8帖移除Hijackthis/ComboFix等等的扫瞄软件。
http://computer.uwants.com/viewthread.php?tid=12999541&extra=page%3D1
2. 请用CCleaner Free删除temp files/登录档,用Windows预载defrag功能,做番1次磁碟重组(defrag)。
3. 请将[病毒移除]主题改为[已解决]。Tks.
作者: SILVESTERABEND 发布时间: 2014-05-28
相关阅读 更多
热门阅读
-
office 2019专业增强版最新2021版激活秘钥/序列号/激活码推荐 附激活工具
阅读:74
-
如何安装mysql8.0
阅读:31
-
Word快速设置标题样式步骤详解
阅读:28
-
20+道必知必会的Vue面试题(附答案解析)
阅读:37
-
HTML如何制作表单
阅读:22
-
百词斩可以改天数吗?当然可以,4个步骤轻松修改天数!
阅读:31
-
ET文件格式和XLS格式文件之间如何转化?
阅读:24
-
react和vue的区别及优缺点是什么
阅读:121
-
支付宝人脸识别如何关闭?
阅读:21
-
腾讯微云怎么修改照片或视频备份路径?
阅读:28
