怀疑中了广告病毒
时间:2014-04-20
来源:互联网
怀疑中了广告病毒, 求解除, 附上以下文件. Thanks
[ 本帖最后由 tomfufu 於 2014-3-31 12:03 AM 编辑 ]
JRT.txt (7.35 KB)
AdwCleaner[S0].txt (5.53 KB)
combo.txt (35.02 KB)
OTL.Txt (131 KB)
[ 本帖最后由 tomfufu 於 2014-3-31 12:03 AM 编辑 ]
JRT.txt (7.35 KB)
2014-3-26 12:46 AM, 下载次数: 2
AdwCleaner[S0].txt (5.53 KB)
2014-3-26 12:46 AM, 下载次数: 3
combo.txt (35.02 KB)
2014-3-26 12:46 AM, 下载次数: 6
OTL.Txt (131 KB)
2014-3-26 12:46 AM, 下载次数: 3
作者: tomfufu 发布时间: 2014-04-20
双按OTL.exe > 将下列档案copy & paste 到Custom Scans/Fixes框架内 > 按左上角[Run Fix];执行fix前要关闭浏览器。
成功fixed (删除)会有通知(Fix complete! Click OK to open the fix log.) >按OK > 重启电脑。
请将OTL fix log贴上。
成功fixed (删除)会有通知(Fix complete! Click OK to open the fix log.) >按OK > 重启电脑。
请将OTL fix log贴上。
引用:
:OTL
PRC - [2014/03/10 18:17:10 | 003,448,608 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe
PRC - [2014/02/11 17:08:58 | 002,288,928 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
PRC - [2014/02/11 13:46:16 | 000,781,088 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
PRC - [2014/01/14 14:50:06 | 000,881,952 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
PRC - [2013/12/11 01:12:15 | 000,835,072 | ---- | M] (Hong Kong Commercial Broadcasting Co. Ltd.) -- C:\Program Files\881903\IETOOLBAR\hkmgr.exe
PRC - [2013/10/25 12:07:24 | 002,151,200 | ---- | M] (IObit) -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
PRC - [2013/07/13 01:05:45 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/09/28 09:25:56 | 000,586,904 | ---- | M] (PandoraTV) -- C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
PRC - [2012/09/28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
PRC - [2012/06/17 16:32:16 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2012/06/17 16:32:16 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
PRC - [2010/05/18 14:27:54 | 000,108,080 | ---- | M] () -- C:\Program Files\FlashG@@@@2013-08-09work\FlashGet 3\mxhelper.exe
SRV - File not found [Auto | Stopped] -- C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe -- (SecureUpdateSvc)
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{8517C444-6815-40E2-92A1-C53724083FB3}: "URL" = }
IE - HKCU\..\SearchScopes\{A825EFCC-4DCD-46F2-8AF3-7EEFC94C94A2}: "URL" = }
IE - HKCU\..\SearchScopes\{E94C090A-7804-4786-8380-838EE261E383}: "URL" =
FF - prefs.js..extensions.enabledAddons: %7B34712C68-7391-4c47-94F3-8F88D49AD632%7D:1.3.0
FF - prefs.js..extensions.enabledAddons: exify%40dev13.version:1.2
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: speeddial%40instair.net:1.4.2
FF - prefs.js..extensions.enabledAddons: iobitapps%40mybrowserbar.com:8.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: "="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files\QvodPlayer\npQvodInsert.dll File not found
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files\QvodPlayer\npShareModule.dll File not found
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files\QvodPlayer\npQvodInsert.dll File not found
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: C:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll File not found
O2 - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Hong Kong Toolbar) - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (Hong Kong Commercial Broadcasting Co. Ltd.)
O4 - HKLM..\Run: [HKToolbarManager] C:\Program Files\881903\IETOOLBAR\hkmgr.exe (Hong Kong Commercial Broadcasting Co. Ltd.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvBackend] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Seagate Scheduler2 服务] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [ShadowPlay] C:\Windows\System32\nvspcap.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 7] C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe (IObit)
O4 - HKCU..\Run: [FlashGetBHO] C:\Program Files\FlashG@@@@2013-08-09work\FlashGet 3\mxhelper.exe ()
O4 - HKCU..\Run: [HKToolbarManager] C:\Program Files\881903\IETOOLBAR\hkmgr.exe (Hong Kong Commercial Broadcasting Co. Ltd.)
O4 - Startup: C:\Users\Tak Fu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tak Fu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用BitComet下载 - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &使用BitComet下载全部连结 - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm ()
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Users\TAKFU~1\AppData\Local\Temp\Rar$EXa0.371\FlashGet 3.5\GetUrl.htm File not found
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\TAKFU~1\AppData\Local\Temp\Rar$EXa0.371\FlashGet 3.5\GetAllUrl.htm File not found
O8 - Extra context menu item: 使用快车3下载 - C:\Users\Tak Fu\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链结 - C:\Users\Tak Fu\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: 使用快播按图找片 - C:\Program Files\QvodPlayer\AddIn\ImgSeed.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26A8CEC2-E760-4104-964C-A08979FC3A00}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C633D336-68FA-407D-A015-50828A5B5F62}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F33AAA62-FCD5-4FE2-B14F-4F0A972FEC78}: DhcpNameServer = 192.168.42.129
:Files
C:\Users\Tak Fu\AppData\Roaming\TuneUp Software
C:\ProgramData\TuneUp Software
C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
C:\ProgramData\Common Files
C:\Windows\System32\drivers\wStLib.sys
C:\Program Files\Jotzey
ipconfig /flushdns /c
:Commands
[RESETHOSTS]
[PURITY]
[EMPTYTEMP]
[reboot]
:OTL
PRC - [2014/03/10 18:17:10 | 003,448,608 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe
PRC - [2014/02/11 17:08:58 | 002,288,928 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
PRC - [2014/02/11 13:46:16 | 000,781,088 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
PRC - [2014/01/14 14:50:06 | 000,881,952 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
PRC - [2013/12/11 01:12:15 | 000,835,072 | ---- | M] (Hong Kong Commercial Broadcasting Co. Ltd.) -- C:\Program Files\881903\IETOOLBAR\hkmgr.exe
PRC - [2013/10/25 12:07:24 | 002,151,200 | ---- | M] (IObit) -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
PRC - [2013/07/13 01:05:45 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/09/28 09:25:56 | 000,586,904 | ---- | M] (PandoraTV) -- C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
PRC - [2012/09/28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
PRC - [2012/06/17 16:32:16 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2012/06/17 16:32:16 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
PRC - [2010/05/18 14:27:54 | 000,108,080 | ---- | M] () -- C:\Program Files\FlashG@@@@2013-08-09work\FlashGet 3\mxhelper.exe
SRV - File not found [Auto | Stopped] -- C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe -- (SecureUpdateSvc)
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{8517C444-6815-40E2-92A1-C53724083FB3}: "URL" = }
IE - HKCU\..\SearchScopes\{A825EFCC-4DCD-46F2-8AF3-7EEFC94C94A2}: "URL" = }
IE - HKCU\..\SearchScopes\{E94C090A-7804-4786-8380-838EE261E383}: "URL" =
FF - prefs.js..extensions.enabledAddons: %7B34712C68-7391-4c47-94F3-8F88D49AD632%7D:1.3.0
FF - prefs.js..extensions.enabledAddons: exify%40dev13.version:1.2
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: speeddial%40instair.net:1.4.2
FF - prefs.js..extensions.enabledAddons: iobitapps%40mybrowserbar.com:8.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: "="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files\QvodPlayer\npQvodInsert.dll File not found
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files\QvodPlayer\npShareModule.dll File not found
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files\QvodPlayer\npQvodInsert.dll File not found
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: C:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll File not found
O2 - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Hong Kong Toolbar) - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (Hong Kong Commercial Broadcasting Co. Ltd.)
O4 - HKLM..\Run: [HKToolbarManager] C:\Program Files\881903\IETOOLBAR\hkmgr.exe (Hong Kong Commercial Broadcasting Co. Ltd.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvBackend] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Seagate Scheduler2 服务] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [ShadowPlay] C:\Windows\System32\nvspcap.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 7] C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe (IObit)
O4 - HKCU..\Run: [FlashGetBHO] C:\Program Files\FlashG@@@@2013-08-09work\FlashGet 3\mxhelper.exe ()
O4 - HKCU..\Run: [HKToolbarManager] C:\Program Files\881903\IETOOLBAR\hkmgr.exe (Hong Kong Commercial Broadcasting Co. Ltd.)
O4 - Startup: C:\Users\Tak Fu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tak Fu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用BitComet下载 - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &使用BitComet下载全部连结 - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm ()
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Users\TAKFU~1\AppData\Local\Temp\Rar$EXa0.371\FlashGet 3.5\GetUrl.htm File not found
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\TAKFU~1\AppData\Local\Temp\Rar$EXa0.371\FlashGet 3.5\GetAllUrl.htm File not found
O8 - Extra context menu item: 使用快车3下载 - C:\Users\Tak Fu\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链结 - C:\Users\Tak Fu\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: 使用快播按图找片 - C:\Program Files\QvodPlayer\AddIn\ImgSeed.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26A8CEC2-E760-4104-964C-A08979FC3A00}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C633D336-68FA-407D-A015-50828A5B5F62}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F33AAA62-FCD5-4FE2-B14F-4F0A972FEC78}: DhcpNameServer = 192.168.42.129
:Files
C:\Users\Tak Fu\AppData\Roaming\TuneUp Software
C:\ProgramData\TuneUp Software
C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
C:\ProgramData\Common Files
C:\Windows\System32\drivers\wStLib.sys
C:\Program Files\Jotzey
ipconfig /flushdns /c
:Commands
[RESETHOSTS]
[PURITY]
[EMPTYTEMP]
[reboot]
作者: SILVESTERABEND 发布时间: 2014-04-20
完成, 现附上OTL fix log. Thanks
03262014_231551.log (23.53 KB)
03262014_231551.log (23.53 KB)
2014-3-26 11:27 PM, 下载次数: 5
作者: tomfufu 发布时间: 2014-04-20
重有冇弹广告?
作者: SILVESTERABEND 发布时间: 2014-04-20
没有了, 感谢!!
作者: tomfufu 发布时间: 2014-04-20
引用:原帖由 tomfufu 於 2014-3-27 10:43 PM 发表
没有了, 感谢!!
You're welcome.没有了, 感谢!!
1. 如果系统运作正常,冇再弹广告,请跟#8帖移除Hijackthis/ComboFix等等的扫瞄软件。
http://computer.uwants.com/viewthread.php?tid=12999541&extra=page%3D1
2. 请用CCleaner Free删除temp files/登录档,用Windows预载defrag功能,做番1次磁碟重组(defrag)。
3. 请将[病毒移除]主题改为[已解决]。Tks.
作者: SILVESTERABEND 发布时间: 2014-04-20
作者: tomfufu 发布时间: 2014-04-20
相关阅读 更多
热门阅读
-
office 2019专业增强版最新2021版激活秘钥/序列号/激活码推荐 附激活工具
阅读:74
-
如何安装mysql8.0
阅读:31
-
Word快速设置标题样式步骤详解
阅读:28
-
20+道必知必会的Vue面试题(附答案解析)
阅读:37
-
HTML如何制作表单
阅读:22
-
百词斩可以改天数吗?当然可以,4个步骤轻松修改天数!
阅读:31
-
ET文件格式和XLS格式文件之间如何转化?
阅读:24
-
react和vue的区别及优缺点是什么
阅读:121
-
支付宝人脸识别如何关闭?
阅读:21
-
腾讯微云怎么修改照片或视频备份路径?
阅读:28
