当前位置：首页 → 问答吧 → 下载所有档案都一直显示包含病毒且已被删除

下载所有档案都一直显示包含病毒且已被删除

时间：2014-01-30

来源：互联网

试过转过用google chrome 都系同样情况

有师兄可以帮手吗急急

万分感激~~~
[img]http://computer.discuss.com.hk/

[/img]

作者: jack010667 发布时间: 2014-01-30

你好 ~
楼主中左ZeroAccess Rootkit
有新闻自己睇睇:

如果可以嘅话当然系格式化并重装Windows
但系如果你话唔识重装嘅话我尽量帮下你移除病毒

如果你做到任何一步唔识做要停落嚟
唔好继续做落去

STEP 1) 夺回下载权
左下角开始 > 电脑 > C DRIVE > Program Files > 搵「Windows Defender」资料夹 > 右键重新命名为「Windows Defender.old」

STEP 2) 下载软件
下载以下软件到桌面:
HitmanPro： http://get.hitmanpro.com/
RogueKiller: http://tigzy.geekstogo.com/Tools/RogueKillerX64.exe
Combofix: http://www.bleepingcomputer.com/download/combofix/dl/12/
Malwarebytes: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/dl/7/
ESET Service Repair:
AdwCleaner:http://www.bleepingcomputer.com/download/adwcleaner/dl/125/

STEP 3) 回复原状
左下角开始 > 电脑 > C DRIVE > Program Files > 搵「Windows Defender」资料夹 > 右键重新命名为「Windows Defender」

STEP 4) 执行HitmanPro
请记下以下步骤执行时所有程式会被关闭
按实键盘左面的[Ctrl] > 双击执行HitmanPro > 如果使用者控制中途弹出继续按实[Ctrl] 并按[继续] > 按下[Next] > 勾选[Accept] 按下[Next] >
勾选[No,I .......] 按下[Next] > 等候扫描完成 > 按下[Next] > 按下[Activate Free License] > 填入简单资料作登记 > 等候清理完成 > (有需要的话重启电脑) > 完成后会有报告弹出 > 将佢贴上嚟

STEP 5) 再次执行HitmanPro
按实键盘左面的[Ctrl] > 双击执行HitmanPro > 如果使用者控制中途弹出继续按实[Ctrl] 并按[继续] > 按下[Next] > 等候扫描完成 > 如果无病毒嘅话就直接关咗佢

STEP 6) 执行Combofix
执行前请先关闭所有防毒软件
(无需安装主控台)
扫瞄时不要执行其他程式或点击 ComboFix视窗。
完成扫瞄后,ComboFix 报告会自动弹出。
请将报告贴上。

[ 本帖最后由 GoodestEngilsh 於 2014-1-14 10:01 PM 编辑 ]

作者: GoodestEngilsh 发布时间: 2014-01-30

食饭先食完饭再返嚟继续写教学

作者: GoodestEngilsh 发布时间: 2014-01-30

RougeKiller果D down完洛泥唔洗开住??

作者: jack010667 发布时间: 2014-01-30

run咗我教你个啲先？
然后贴个log上来先我再教你

作者: GoodestEngilsh 发布时间: 2014-01-30

复制内容到剪贴板代码:HitmanPro 3.7.8.208
www.hitmanpro.com

Computer name . . . . : WIN7USE-Q7MKVCQ
Windows . . . . . . . : 6.1.1.7601.X86/4
User name . . . . . . : WIN7USE-Q7MKVCQ\Administrator
UAC . . . . . . . . . : Disabled
License . . . . . . . : Trial (30 days left)

Scan date . . . . . . : 2014-01-04 13:47:11
Scan mode . . . . . . : Normal
Scan duration . . . . : 7m 46s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 12
Traces . . . . . . . : 48

Objects scanned . . . : 1,435,550
Files scanned . . . . : 83,800
Remnants scanned . . : 503,818 files / 847,932 keys

Miniport ____________________________________________________________________

Primary
DriverObject . . . : 9EA75650
DriverName . . . . : \Driver\atapi
DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
StartIo . . . . . : 00000000 +0
IRP_MJ_SCSI . . . : 9E9F91F8 +0
Solution
DriverObject . . . : 9EA75650
DriverName . . . . : \Driver\atapi
DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
StartIo . . . . . : 00000000 +0
IRP_MJ_SCSI . . . : A51B644E \SystemRoot\system32\drivers\ataport.SYS+25678

Malware _____________________________________________________________________

C:\Program Files\P2Psearcher\p2psearcher.exe -> Quarantined
Size . . . . . . . : 1,114,112 bytes
Age . . . . . . . : 0.4 days (2014-01-04 03:00:06)
Entropy . . . . . : 6.6
SHA-256 . . . . . : FA3D9296730AA07354A548A2B14EC2596911C678478B7218EDFCF295913DC892
> Bitdefender . . . : Trojan.GenericKD.1479366
Fuzzy . . . . . . : 96.0
References
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale\p2psearcher.lnk
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\P2Psearcher\P2Psearcher.lnk
C:\Users\Administrator\Desktop\P2Psearcher.lnk
Forensic Cluster
-6.5s C:\Program Files\P2Psearcher\
-6.5s C:\Program Files\P2Psearcher\
-5.5s C:\Users\Administrator\AppData\Roaming\P2Psearcher\
0.0s C:\Program Files\P2Psearcher\p2psearcher.exe
0.0s C:\Program Files\P2Psearcher\p2psearcher.exe
0.0s C:\Program Files\P2Psearcher\AutoUpdate.exe
0.1s C:\Users\Administrator\AppData\Roaming\P2Psearcher\~Report
0.1s C:\Users\Administrator\AppData\Roaming\P2Psearcher\~Report
1.8s C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\P2Psearcher\
1.9s C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\P2Psearcher\迠婥\
1.9s C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\P2Psearcher\P2Psearcher.lnk
1.9s C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\P2Psearcher\迠婥\迠婥.lnk
1.9s C:\Program Files\P2Psearcher\Uninst.exe
1.9s C:\Program Files\P2Psearcher\Uninst.exe
6.3s C:\Users\Administrator\Desktop\P2Psearcher.lnk
6.3s C:\Users\Administrator\Desktop\P2Psearcher.lnk
6.3s C:\Users\Administrator\Desktop\P2Psearcher.lnk
6.3s C:\Users\Administrator\Desktop\P2Psearcher.lnk

Suspicious files ____________________________________________________________

C:\Windows\system32\GameMon.des
Size . . . . . . . : 5,070,648 bytes
Age . . . . . . . : 392.5 days (2012-12-08 01:15:45)
Entropy . . . . . : 7.9
SHA-256 . . . . . : C2D44C7785A84F436E2AC69E3D1526E740631761AA0ADC1CD139EBEE8B2EA0CF
Product . . . . . : nProtect Game Monitor
Publisher . . . . : INCA Internet Co., Ltd.
Description . . . : nProtect Game Monitor Rev 1897
Version . . . . . : 2012.9.7.1
Copyright . . . . : Copyright ⓒ 2000-2011 INCA Internet
RSA Key Size . . . : 2048
Service . . . . . : npggsvc
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The file name extension of this program is not common.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Starts automatically as a service during system bootup.
Program is code signed with a valid Authenticode certificate.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\npggsvc\

Malware remnants ____________________________________________________________

C:\$Recycle.Bin\S-1-5-18\$654e8d13ebeb4cc23731dbeb0994aefa\@ (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-18\$654e8d13ebeb4cc23731dbeb0994aefa\L\ (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-18\$654e8d13ebeb4cc23731dbeb0994aefa\L\00000004.@ (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-18\$654e8d13ebeb4cc23731dbeb0994aefa\L\201d3dde (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-18\$654e8d13ebeb4cc23731dbeb0994aefa\L\6715e287 (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-18\$654e8d13ebeb4cc23731dbeb0994aefa\L\76603ac3 (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-18\$654e8d13ebeb4cc23731dbeb0994aefa\U\ (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-18\$654e8d13ebeb4cc23731dbeb0994aefa\U\00000008.@ (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-21-3300305761-2336801639-417502467-500\$654e8d13ebeb4cc23731dbeb0994aefa\@ (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-21-3300305761-2336801639-417502467-500\$654e8d13ebeb4cc23731dbeb0994aefa\L\ (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-21-3300305761-2336801639-417502467-500\$654e8d13ebeb4cc23731dbeb0994aefa\U\ (ZeroAccess) -> Deleted

Potential Unwanted Programs _________________________________________________

C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml (Babylon)
C:\ProgramData\Babylon\ (Babylon)
C:\Users\Administrator\AppData\Roaming\Babylon\ (Babylon)
C:\Users\Administrator\AppData\Roaming\Babylon\log_file.txt (Babylon)
C:\Users\Administrator\AppData\Roaming\OpenCandy\ (Conduit)
C:\Users\Administrator\AppData\Roaming\OpenCandy\36DF401D6CA4422DAB2AAFCE6164645B\ (Conduit)
C:\Users\Administrator\AppData\Roaming\OpenCandy\36DF401D6CA4422DAB2AAFCE6164645B\TuneUpUtilities2012_zh-CN.exe (Conduit)
Size . . . . . . . : 27,725,248 bytes
Age . . . . . . . : 531.9 days (2012-07-21 16:33:17)
Entropy . . . . . : 8.0
SHA-256 . . . . . : DF694596BFCA964C1A6E36C10ED2994F38CB12D499CA81F15AC4891F285D9335
Product . . . . . : TuneUp Utilities 2012
Publisher . . . . : TuneUp Software
Description . . . : TuneUp Utilities 2012
Version . . . . . : 12.0.3600.108
Copyright
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : -4.0

HKLM\SOFTWARE\Babylon\ (Babylon)
HKLM\SOFTWARE\Classes\Prod.cap\ (Claro)
HKLM\SOFTWARE\DataMngr\ (SearchQU)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\ (AskBar)
HKU\S-1-5-21-3300305761-2336801639-417502467-500\Software\BabylonToolbar\ (Babylon)
HKU\S-1-5-21-3300305761-2336801639-417502467-500\Software\DataMngr\ (SearchQU)
HKU\S-1-5-21-3300305761-2336801639-417502467-500\Software\Softonic\ (Softonic)

Cookies _____________________________________________________________________

C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\04U3S8YX.txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\3PCXNE33.txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\4J95GQ45.txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\4QSMY1GW.txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\4X2PB20Y.txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\5PCQ8KTW.txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\7W2Q389Q.txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\DH6ZMM06.txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\FA1D0YGY.txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\H0KBNGGF.txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\H9RY2BHT.txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\I9I5XCCA.txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\ISWY85OQ.txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\ONJN3D2K.txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\RLCO87L1.txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\UM42FX4O.txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\WVMQWANW.txt

作者: jack010667 发布时间: 2014-01-30

http://www.sendspace.com/file/z9ppmw comboFix.TXT

作者: jack010667 发布时间: 2014-01-30

STEP 1) 卸载360所有软件
开始 > 控制台 > 程式集 > 卸载应用程式

STEP 2) 执行RogueKiller
等候初次扫描完成 > 按下[扫描] > 按下[删除] > 贴报告

STEP 3) 安装/执行Malwarebytes
安装Malwarebytes > 问及是否需升级到Pro版请拒绝 > 执行完整扫描 > 贴报告

[ 本帖最后由 GoodestEngilsh 於 2014-1-14 10:02 PM 编辑 ]

作者: GoodestEngilsh 发布时间: 2014-01-30

http://www.sendspace.com/file/qxdmza RK log

作者: jack010667 发布时间: 2014-01-30

malwarebytes

作者: jack010667 发布时间: 2014-01-30

STEP 1) 做ESET Online Scan

>Turn off the real time scanner of any existing antivirus program while performing the online scan (关闭防毒软件)
>click on the Run ESET Online Scanner button (按下[Run ESET Online Scanner]制)
>Tick the box next to YES, I accept the Terms of Use. (勾选[YES.....])
>Click Start(按下[Start]制)
>When asked, allow the add/on to be installed (当被问及，允许扩充插件安装)
>Click Start(按下[Start]制)
>Make sure that the option Remove found threats is unticked (请确保[Remove found threats]是没有勾选)
>Click on Advanced Settings, ensure the options (按下[Advanced Settings制)
>「Scan for potentially unwanted applications」, 「Scan for potentially unsafe applications」, and 「Enable Anti-Stealth Technology」系勾选咗
>Click Start(按下[Start]制)
>wait for the virus definitions to be downloaded (等候病毒定义下载)
>Wait for the scan to finish (等候扫描完成)

作者: GoodestEngilsh 发布时间: 2014-01-30

ESET LOG

Line 1
2012-06-22 16:43:14 : [2404] -- 0001 -- File:[Wrapper-postboot.au3], line:[54], Processing command line arguments
2012-06-22 16:43:14 : [2404] -- 0002 -- File:[Wrapper-postboot.au3], line:[82], @@ Debug(-1) : $RegLogFile = C:\ProgramData\ESET\ESET-installation-phase1.log
2012-06-22 16:43:14 : [2404] -- 0003 -- File:[Wrapper-postboot.au3], line:[87], $MyVersion = 3.10.11.10.0
2012-06-22 16:43:14 : [2404] -- 0004 -- File:[Wrapper-postboot.au3], line:[92], $prodCodeKey = HKLM\SOFTWARE\Eset\ESET Security\CurrentVersion\Info
2012-06-22 16:43:14 : [2404] -- 0005 -- File:[Wrapper-postboot.au3], line:[94], $prodCodeValue = {919E015A-AA2A-4D60-8CCA-4641833BB33A}
2012-06-22 16:43:14 : [2404] -- 0006 -- File:[Wrapper-postboot.au3], line:[128], $setuid =
2012-06-22 16:43:14 : [2404] -- 0007 -- File:[Wrapper-postboot.au3], line:[133], Log file(s) will be created at C:\Users\Administrator\Documents\ESET-installation-phase2.log
2012-06-22 16:43:14 : [2404] -- 0008 -- File:[Wrapper-postboot.au3], line:[134], Temp file(s) will be created at C:\ProgramData\ESET\temp-2404
2012-06-22 16:43:14 : [2404] -- 0009 -- File:[Wrapper-postboot.au3], line:[135], OS language = CHS
2012-06-22 16:43:14 : [2404] -- 0010 -- File:[Wrapper-postboot.au3], line:[140], Downloading Activator,Checking the registry in case a URL was requested by the CLI
2012-06-22 16:43:14 : [2404] -- 0011 -- File:[Wrapper-postboot.au3], line:[154], trying with hard coded URL
2012-06-22 16:43:33 : [2404] -- 0012 -- File:[Wrapper-postboot.au3], line:[156], Download Result [success <> 0]: 548708
2012-06-22 16:43:33 : [2404] -- 0013 -- File:[Wrapper-postboot.au3], line:[186], Unzipping Activator and Language Files
2012-06-22 16:43:33 : [2404] -- 0014 -- File:[Wrapper-postboot.au3], line:[190], Attempted to UNZIP the Activator file,result = 0; [success = 0]
2012-06-22 16:43:33 : [2404] -- 0015 -- File:[Wrapper-postboot.au3], line:[195], Duplicating Spanish config file (ESP->ESN),Result = 1 [success = 1]
2012-06-22 16:43:33 : [2404] -- 0016 -- File:[Wrapper-postboot.au3], line:[199], Looking for the Activator Language file in OS language (CHS)
2012-06-22 16:43:33 : [2404] -- 0017 -- File:[Wrapper-postboot.au3], line:[202], ActivatorConfigFile = C:\ProgramData\ESET\temp-2404\config_chs.xml
2012-06-22 16:43:33 : [2404] -- 0018 -- File:[Wrapper-postboot.au3], line:[204], ActivatorConfigFileENU = C:\ProgramData\ESET\temp-2404\config_enu.xml
2012-06-22 16:43:33 : [2404] -- 0019 -- File:[Wrapper-postboot.au3], line:[220], found the language file C:\ProgramData\ESET\temp-2404\config_chs.xml
2012-06-22 16:43:53 : [2404] -- 0020 -- File:[Wrapper-postboot.au3], line:[261], $activationAccepted = 2
2012-06-22 16:43:53 : [2404] -- 0021 -- File:[Wrapper-postboot.au3], line:[45], ---------END-POSTBOOT-(Phase 2)-----------------------------------------------Exit code = 1,Exit method = 1
Line 1
2012-06-22 16:56:16 : [2572] -- 0001 -- File:[Wrapper-postboot.au3], line:[54], Processing command line arguments
2012-06-22 16:56:16 : [2572] -- 0002 -- File:[Wrapper-postboot.au3], line:[82], @@ Debug(-1) : $RegLogFile = C:\ProgramData\ESET\ESET-installation-phase1.log
2012-06-22 16:56:16 : [2572] -- 0003 -- File:[Wrapper-postboot.au3], line:[87], $MyVersion = 3.10.11.10.0
2012-06-22 16:56:16 : [2572] -- 0004 -- File:[Wrapper-postboot.au3], line:[92], $prodCodeKey = HKLM\SOFTWARE\Eset\ESET Security\CurrentVersion\Info
2012-06-22 16:56:16 : [2572] -- 0005 -- File:[Wrapper-postboot.au3], line:[94], $prodCodeValue = {919E015A-AA2A-4D60-8CCA-4641833BB33A}
2012-06-22 16:56:16 : [2572] -- 0006 -- File:[Wrapper-postboot.au3], line:[128], $setuid =
2012-06-22 16:56:16 : [2572] -- 0007 -- File:[Wrapper-postboot.au3], line:[133], Log file(s) will be created at C:\Users\Administrator\Documents\ESET-installation-phase2.log
2012-06-22 16:56:16 : [2572] -- 0008 -- File:[Wrapper-postboot.au3], line:[134], Temp file(s) will be created at C:\ProgramData\ESET\temp-2572
2012-06-22 16:56:16 : [2572] -- 0009 -- File:[Wrapper-postboot.au3], line:[135], OS language = CHS
2012-06-22 16:56:16 : [2572] -- 0010 -- File:[Wrapper-postboot.au3], line:[140], Downloading Activator,Checking the registry in case a URL was requested by the CLI
2012-06-22 16:56:16 : [2572] -- 0011 -- File:[Wrapper-postboot.au3], line:[154], trying with hard coded URL
2012-06-22 16:56:26 : [2572] -- 0012 -- File:[Wrapper-postboot.au3], line:[156], Download Result [success <> 0]: 548708
2012-06-22 16:56:26 : [2572] -- 0013 -- File:[Wrapper-postboot.au3], line:[186], Unzipping Activator and Language Files
2012-06-22 16:56:27 : [2572] -- 0014 -- File:[Wrapper-postboot.au3], line:[190], Attempted to UNZIP the Activator file,result = 0; [success = 0]
2012-06-22 16:56:27 : [2572] -- 0015 -- File:[Wrapper-postboot.au3], line:[195], Duplicating Spanish config file (ESP->ESN),Result = 1 [success = 1]
2012-06-22 16:56:27 : [2572] -- 0016 -- File:[Wrapper-postboot.au3], line:[199], Looking for the Activator Language file in OS language (CHS)
2012-06-22 16:56:27 : [2572] -- 0017 -- File:[Wrapper-postboot.au3], line:[202], ActivatorConfigFile = C:\ProgramData\ESET\temp-2572\config_chs.xml
2012-06-22 16:56:27 : [2572] -- 0018 -- File:[Wrapper-postboot.au3], line:[204], ActivatorConfigFileENU = C:\ProgramData\ESET\temp-2572\config_enu.xml
2012-06-22 16:56:27 : [2572] -- 0019 -- File:[Wrapper-postboot.au3], line:[220], found the language file C:\ProgramData\ESET\temp-2572\config_chs.xml
2012-06-22 16:56:29 : [2572] -- 0020 -- File:[Wrapper-postboot.au3], line:[261], $activationAccepted = 2
2012-06-22 16:56:29 : [2572] -- 0021 -- File:[Wrapper-postboot.au3], line:[45], ---------END-POSTBOOT-(Phase 2)-----------------------------------------------Exit code = 1,Exit method = 1
Line 1
2012-06-22 17:43:27 : [2380] -- 0001 -- File:[Wrapper-postboot.au3], line:[54], Processing command line arguments
2012-06-22 17:43:27 : [2380] -- 0002 -- File:[Wrapper-postboot.au3], line:[82], @@ Debug(-1) : $RegLogFile =
2012-06-22 17:43:27 : [2380] -- 0003 -- File:[Wrapper-postboot.au3], line:[87], $MyVersion = 3.10.11.10.0
2012-06-22 17:43:27 : [2380] -- 0004 -- File:[Wrapper-postboot.au3], line:[92], $prodCodeKey = HKLM\SOFTWARE\Eset\ESET Security\CurrentVersion\Info
2012-06-22 17:43:27 : [2380] -- 0005 -- File:[Wrapper-postboot.au3], line:[94], $prodCodeValue =
2012-06-22 17:43:27 : [2380] -- 0006 -- File:[Wrapper-postboot.au3], line:[99], Setting up to clean the remaining ESET stuff after reboot
2012-06-22 17:43:27 : [2380] -- 0007 -- File:[Wrapper-postboot.au3], line:[101], cleanup command 0 = C:\Windows\system32\cmd.exe /c rd /q/s "C:\Program Files\ESET"
2012-06-22 17:43:27 : [2380] -- 0008 -- File:[Wrapper-postboot.au3], line:[105], cleanup command 1 = C:\Windows\system32\cmd.exe /c rd /q/s "C:\ProgramData\ESET"
2012-06-22 17:43:27 : [2380] -- 0009 -- File:[Wrapper-postboot.au3], line:[109], cleanup command 2 = C:\Windows\system32\cmd.exe /c rd /q/s "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET"
2012-06-22 17:43:27 : [2380] -- 0010 -- File:[Wrapper-postboot.au3], line:[113], $x86pos = 0
2012-06-22 17:43:27 : [2380] -- 0011 -- File:[Wrapper-postboot.au3], line:[45], ---------END-POSTBOOT-(Phase 2)-----------------------------------------------Exit code = 0,Exit method = 1

作者: jack010667 发布时间: 2014-01-30

下载所有档案都一直显示包含病毒且已被删除

热门阅读

热门下载