作者jodawa (jodaway)
看板Browsers
标题Fw: [求救] adwcleaner扫完之後 chrome灌不回来 QQ
时间Tue May 16 20:01:17 2017
※ [本文转录自 AntiVirus 看板 #1P6kY37a ]
作者: jodawa (jodaway) 看板: AntiVirus
标题: [求救] adwcleaner扫完之後 chrome灌不回来 QQ
时间: Tue May 16 19:54:39 2017
因为近日有疑似网路中毒的问题,
所以用了adwcleaner ,
一时手快,直接按第一个选项把它说要删的东西全删了...
以下是删掉东西的纪录QQ:
--------------------
# AdwCleaner v6.046 - 记录档已建立 16/05/2017 於 10:56:31
# 已更新於 24/04/2017 由 Malwarebytes
# 资料库 : 2017-05-15.1 [伺服器]
# 作业系统 : Windows 10 Pro (X64)
# 使用者名称 : USER - USER-PC
# 执行自 : D:\adwcleaner\AdwCleanerPortable\adwcleaner_6.046.exe
# 模式: 扫描
# 支援 :
https://www.malwarebytes.com/support
***** [ 服务 ] *****
服务已找到: iSafeKrnl
服务已找到: iSafeKrnlBoot
服务已找到: iSafeKrnlKit
服务已找到: iSafeKrnlMon
服务已找到: iSafeKrnlR3
服务已找到: iSafeNetFilter
服务已找到: iSafeService
服务已找到: WinSAPSvc
服务已找到: isafekrnl
服务已找到: isafekrnlboot
服务已找到: isafekrnlkit
服务已找到: isafekrnlmon
服务已找到: isafekrnlr3
服务已找到: isafenetfilter
服务已找到: isafeservice
服务已找到: SNARE
服务已找到: Kitty
服务已找到: SNAREA
服务已找到: BIT
服务已找到: ANSARE
服务已找到: WANARE
服务已找到: VNASRE
服务已找到: IISvr
服务已找到: NPASRE
服务已找到: CWASRE
***** [ 资料夹 ] *****
资料夹已找到: C:\USERs\USER\SupTab
资料夹已找到: C:\USERs\USER\AppData\Local\FileViewPro
资料夹已找到: C:\USERs\USER\AppData\Local\genienext
资料夹已找到: C:\USERs\USER\AppData\Local\Mobogenie
资料夹已找到: C:\USERs\USER\AppData\Local\Rising
资料夹已找到: C:\USERs\USER\AppData\Local\SNAREA
资料夹已找到: C:\USERs\USER\AppData\Local\ANSARE
资料夹已找到: C:\USERs\USER\AppData\Local\WANARE
资料夹已找到: C:\USERs\USER\AppData\Local\VNASRE
资料夹已找到: C:\USERs\USER\AppData\Local\Dayglad
资料夹已找到: C:\USERs\USER\AppData\Local\background_fault
资料夹已找到: C:\USERs\USER\AppData\Local\NPASRE
资料夹已找到: C:\USERs\USER\AppData\Local\CWASRE
资料夹已找到: C:\USERs\USER\AppData\Roaming\Elex-tech
资料夹已找到: C:\USERs\USER\AppData\Roaming\WinZipper
资料夹已找到: C:\USERs\USER\AppData\Roaming\Tencent
资料夹已找到: C:\USERs\USER\AppData\Roaming\WinSAPSvc
资料夹已找到: C:\USERs\USER\AppData\Roaming\Dayglad
资料夹已找到: C:\USERs\USER\Documents\Mobogenie
资料夹已找到: C:\Program Files\Common Files\Tencent
资料夹已找到: C:\USERs\USER\AppData\Local\VirtualStore\Program Files
(x86)\Tencent
资料夹已找到: C:\ProgramData\IHProtectUpDate
资料夹已找到: C:\ProgramData\QvodPlayer
资料夹已找到: C:\ProgramData\Rising
资料夹已找到: C:\ProgramData\Tencent
资料夹已找到: C:\ProgramData\Application Data\IHProtectUpDate
资料夹已找到: C:\ProgramData\Application Data\QvodPlayer
资料夹已找到: C:\ProgramData\Application Data\Rising
资料夹已找到: C:\ProgramData\Application Data\Tencent
资料夹已找到: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
资料夹已找到: C:\Program Files (x86)\Elex-tech
资料夹已找到: C:\Program Files (x86)\QvodPlayer
资料夹已找到: C:\Program Files (x86)\Rising
资料夹已找到: C:\Program Files (x86)\Tencent
资料夹已找到: C:\Program Files (x86)\Dayglad
资料夹已找到: C:\Program Files (x86)\Common Files\Tencent
资料夹已找到: C:\Program Files (x86)\Firefox
资料夹已找到: C:\Users\USER\AppData\Roaming\Firefox
资料夹已找到: C:\Users\USER\AppData\Local\Firefox
资料夹已找到: C:\Users\USER\AppData\Local\SNARE
资料夹已找到: C:\Users\USER\AppData\Local\Kitty
资料夹已找到: C:\ProgramData\BIT
资料夹已找到:
C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\gdi9cssz.default\extensions\
[email protected]
资料夹已找到:
C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\gdi9cssz.default\extensions\
[email protected]
资料夹已找到:
C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\gdi9cssz.default\extensions\
[email protected]
资料夹已找到:
C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\gdi9cssz.default\extensions\
[email protected]
资料夹已找到:
C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\gdi9cssz.default\extensions\
[email protected]
***** [ 档案 ] *****
档案已找到: C:\USERs\USER\daemonprocess.txt
档案已找到: C:\WINDOWS\SysNative\log\iSafeKrnlCall.log
档案已找到: C:\WINDOWS\SysNative\roboot64.exe
档案已找到: C:\WINDOWS\SysNative\drivers\iSafeKrnlBoot.sys
档案已找到: C:\WINDOWS\SysNative\drivers\iSafeNetFilter.sys
档案已找到: C:\Users\Public\Documents\temp.dat
档案已找到: C:\Users\Public\Documents\report.dat
档案已找到:
C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\gdi9cssz.default\extensions\
[email protected]
档案已找到:
C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\gdi9cssz.default\searchplugins\nice.xml
档案已找到:
C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\gdi9cssz.default\searchplugins\luck.xml
档案已找到:
C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\gdi9cssz.default\searchplugins\ourluckysites.xml
***** [ DLL ] *****
未找到恶意 DLL。
***** [ WMI ] *****
未找到恶意机码。
***** [ 捷径 ] *****
已感染捷径: C:\USERs\USER\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Accessories\Internet Explorer.lnk (
hxxp://www.ourluckysites.com/?type=sc&ts=1493999810&z=5acd83534584b96636c6b8dgezbtdc6t2tct3mdtcw
已感染捷径: C:\USERs\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick
Launch\I1ternHt EVplorir.lnk (
hxxp://www.ourluckysites.com/?type=sc&ts=1493999810&z=5acd83534584b96636c6b8dgezbtdc6t2tct3mdtcw&from=che
已感染捷径: C:\USERs\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick
Launch\Launch Internet Explorer Browser.lnk (
hxxp://www.ourluckysites.com/?type=sc&ts=1493999810&z=5acd83534584b96636c6b8dgezbtdc6t2tct
***** [ 排程工作 ] *****
排程工作已找到: LaunchSignup
排程工作已找到: Milimili
排程工作已找到: launchsignup
排程工作已找到: Windows-PG
***** [ 登录档 ] *****
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.001
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.7z
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.arj
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.bz2
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.bzip2
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.cab
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.cpio
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.deb
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.dmg
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.fat
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.gz
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.gzip
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.hfs
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.iso
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.lha
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.lzh
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.lzma
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.ntfs
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.rar
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.rpm
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.squashfs
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.swm
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.tar
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.taz
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.tbz
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.tbz2
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.tgz
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.tpz
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.txz
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.vhd
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.wim
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.xar
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.xz
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.z
机码已找到: HKLM\SOFTWARE\Classes\WinZipper.zip
机码已找到:
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowsMangerProtect
机码已找到: [x64]
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowsMangerProtect
机码已找到:
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
机码已找到: [x64]
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
机码已找到:
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\PicexaService
机码已找到: [x64]
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\PicexaService
机码已找到:
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\windowsmangerprotect
机码已找到: [x64]
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\windowsmangerprotect
机码已找到: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
机码已找到: [x64]
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
机码已找到:
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNAREA
机码已找到: [x64]
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNAREA
机码已找到:
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ANSARE
机码已找到: [x64]
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ANSARE
机码已找到:
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WANARE
机码已找到: [x64]
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WANARE
机码已找到:
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\VNASRE
机码已找到: [x64]
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\VNASRE
机码已找到:
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\NPASRE
机码已找到: [x64]
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\NPASRE
机码已找到:
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CWASRE
机码已找到: [x64]
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CWASRE
机码已找到:
HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
机码已找到:
HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
机码已找到:
HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
机码已找到:
HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
机码已找到:
HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
机码已找到:
HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
机码已找到:
HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
登录已找到:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
[{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
机码已找到: HKU\.DEFAULT\Software\Elex-tech
机码已找到:
HKU\S-1-5-21-2907024254-2848664714-3585611830-1000\Software\InstallCore
机码已找到:
HKU\S-1-5-21-2907024254-2848664714-3585611830-1000\Software\Mozilla\Extends
机码已找到:
HKU\S-1-5-21-2907024254-2848664714-3585611830-1000\Software\simplytech
机码已找到: HKU\S-1-5-21-2907024254-2848664714-3585611830-1000\Software\TNT2
机码已找到: HKU\S-1-5-21-2907024254-2848664714-3585611830-1000\Software\V9
机码已找到:
HKU\S-1-5-21-2907024254-2848664714-3585611830-1000\Software\QvodPlayer
机码已找到:
HKU\S-1-5-21-2907024254-2848664714-3585611830-1000\Software\SIMPLYTECH
机码已找到:
HKU\S-1-5-21-2907024254-2848664714-3585611830-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
机码已找到:
HKU\S-1-5-21-2907024254-2848664714-3585611830-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
机码已找到:
HKU\S-1-5-21-2907024254-2848664714-3585611830-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
机码已找到:
HKU\S-1-5-21-2907024254-2848664714-3585611830-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
机码已找到:
HKU\S-1-5-21-2907024254-2848664714-3585611830-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
机码已找到:
HKU\S-1-5-21-2907024254-2848664714-3585611830-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
机码已找到:
HKU\S-1-5-21-2907024254-2848664714-3585611830-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
机码已找到:
HKU\S-1-5-21-2907024254-2848664714-3585611830-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\SEARCHPROTECT
机码已找到: HKU\S-1-5-18\Software\Elex-tech
机码已找到: HKCU\Software\InstallCore
机码已找到: HKCU\Software\Mozilla\Extends
机码已找到: HKCU\Software\simplytech
机码已找到: HKCU\Software\TNT2
机码已找到: HKCU\Software\V9
机码已找到: HKCU\Software\QvodPlayer
机码已找到: HKCU\Software\SIMPLYTECH
机码已找到: HKLM\SOFTWARE\delta-homesSoftware
机码已找到: HKLM\SOFTWARE\Elex-tech
机码已找到: HKLM\SOFTWARE\FFPluginHp
机码已找到: HKLM\SOFTWARE\hdcode
机码已找到: HKLM\SOFTWARE\IHProtect
机码已找到: HKLM\SOFTWARE\PicexaSvc
机码已找到: HKLM\SOFTWARE\sweet-pageSoftware
机码已找到: HKLM\SOFTWARE\V9
机码已找到: HKLM\SOFTWARE\winzipersvc
机码已找到: HKLM\SOFTWARE\ScreenShot
机码已找到: HKLM\SOFTWARE\ourluckysitesSoftware
机码已找到:
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
机码已找到:
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
机码已找到:
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
机码已找到: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
机码已找到:
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
机码已找到:
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
机码已找到:
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
机码已找到:
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SEARCHPROTECT
机码已找到: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
机码已找到: [x64] HKCU\Software\InstallCore
机码已找到: [x64] HKCU\Software\Mozilla\Extends
机码已找到: [x64] HKCU\Software\simplytech
机码已找到: [x64] HKCU\Software\TNT2
机码已找到: [x64] HKCU\Software\V9
机码已找到: [x64] HKCU\Software\QvodPlayer
机码已找到: [x64] HKCU\Software\SIMPLYTECH
机码已找到: [x64] HKLM\SOFTWARE\InterSect Alliance
机码已找到: [x64]
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
机码已找到: [x64]
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
机码已找到: [x64]
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
机码已找到: [x64]
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
机码已找到: [x64]
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
机码已找到: [x64]
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
机码已找到: [x64]
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
机码已找到: [x64]
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SEARCHPROTECT
资料已找到:
HKU\S-1-5-21-2907024254-2848664714-3585611830-1000\Software\Microsoft\Internet
Explorer\Main [Search Page] -
hxxp://search.delta-homes.com/web/?type=ds&ts=1426769253&from=wpm031932&uid=WDCXWD10EZEX-08
资料已找到:
HKU\S-1-5-21-2907024254-2848664714-3585611830-1000\Software\Microsoft\Internet
Explorer\Main [Default_Page_URL] -
hxxp://www.ourluckysites.com/?type=hp&ts=1493999810&z=5acd83534584b96636c6b8dgezbtdc6t
资料已找到:
HKU\S-1-5-21-2907024254-2848664714-3585611830-1000\Software\Microsoft\Internet
Explorer\Main [Default_Search_URL] -
hxxp://search.delta-homes.com/web/?type=ds&ts=1426769253&from=wpm031932&uid=WDCXWD10
资料已找到:
HKU\S-1-5-21-2907024254-2848664714-3585611830-1000\Software\Microsoft\Internet
Explorer\Main [Start Page] -
hxxp://www.ourluckysites.com/?type=hp&ts=1493999810&z=5acd83534584b96636c6b8dgezbtdc6t2tct3m
资料已找到: HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] -
hxxp://search.delta-homes.com/web/?type=ds&ts=1426769253&from=wpm031932&uid=WDCXWD10EZEX-08M2NA0_WD-WMC3F107078970789&q={searchTerms}
资料已找到: HKCU\Software\Microsoft\Internet Explorer\Main
[Default_Page_URL] -
hxxp://www.ourluckysites.com/?type=hp&ts=1493999810&z=5acd83534584b96636c6b8dgezbtdc6t2tct3mdtcw&from=che0812&uid=WDCXWD10EZEX-08M2N
资料已找到: HKCU\Software\Microsoft\Internet Explorer\Main
[Default_Search_URL] -
hxxp://search.delta-homes.com/web/?type=ds&ts=1426769253&from=wpm031932&uid=WDCXWD10EZEX-08M2NA0_WD-WMC3F107078970789&q={searchTer
资料已找到: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] -
hxxp://www.ourluckysites.com/?type=hp&ts=1493999810&z=5acd83534584b96636c6b8dgezbtdc6t2tct3mdtcw&from=che0812&uid=WDCXWD10EZEX-08M2NA0_WD-
资料已找到: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
[Default_Page_URL] -
hxxp://www.ourluckysites.com/?type=hp&ts=1493999810&z=5acd83534584b96636c6b8dgezbtdc6t2tct3mdtcw&from=che0812&uid=WDCXWD10EZEX-08M2N
资料已找到: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
[Default_Search_URL] -
hxxp://www.ourluckysites.com/search/?type=ds&ts=1493999810&z=5acd83534584b96636c6b8dgezbtdc6t2tct3mdtcw&from=che0812&uid=WDCXWD10E
资料已找到: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] -
hxxp://www.ourluckysites.com/search/?type=ds&ts=1493999810&z=5acd83534584b96636c6b8dgezbtdc6t2tct3mdtcw&from=che0812&uid=WDCXWD10EZEX-08M
资料已找到: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] -
hxxp://www.ourluckysites.com/?type=hp&ts=1493999810&z=5acd83534584b96636c6b8dgezbtdc6t2tct3mdtcw&from=che0812&uid=WDCXWD10EZEX-08M2NA0_WD-
资料已找到: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search
Page] -
hxxp://search.delta-homes.com/web/?type=ds&ts=1426769253&from=wpm031932&uid=WDCXWD10EZEX-08M2NA0_WD-WMC3F107078970789&q={searchTerms}
资料已找到: [x64] HKCU\Software\Microsoft\Internet Explorer\Main
[Default_Page_URL] -
hxxp://www.ourluckysites.com/?type=hp&ts=1493999810&z=5acd83534584b96636c6b8dgezbtdc6t2tct3mdtcw&from=che0812&uid=WDCXWD10EZEX-08M
资料已找到: [x64] HKCU\Software\Microsoft\Internet Explorer\Main
[Default_Search_URL] -
hxxp://search.delta-homes.com/web/?type=ds&ts=1426769253&from=wpm031932&uid=WDCXWD10EZEX-08M2NA0_WD-WMC3F107078970789&q={searchT
资料已找到: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start
Page] -
hxxp://www.ourluckysites.com/?type=hp&ts=1493999810&z=5acd83534584b96636c6b8dgezbtdc6t2tct3mdtcw&from=che0812&uid=WDCXWD10EZEX-08M2NA0_W
资料已找到: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
[Default_Page_URL] -
hxxp://www.ourluckysites.com/?type=hp&ts=1493999810&z=5acd83534584b96636c6b8dgezbtdc6t2tct3mdtcw&from=che0812&uid=WDCXWD10EZEX-08M
资料已找到: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start
Page] -
hxxp://www.ourluckysites.com/?type=hp&ts=1493999810&z=5acd83534584b96636c6b8dgezbtdc6t2tct3mdtcw&from=che0812&uid=WDCXWD10EZEX-08M2NA0_W
资料已找到: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
[Default_Search_URL] -
hxxp://www.sweet-page.com/web/?type=ds&ts=1419169890&from=cor&uid=WDCXWD10EZEX-08M2NA0_WD-WMC3F107078970789&q={searchTerms}
资料已找到: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search
Page] -
hxxp://www.sweet-page.com/web/?type=ds&ts=1419169890&from=cor&uid=WDCXWD10EZEX-08M2NA0_WD-WMC3F107078970789&q={searchTerms}
机码已找到:
HKU\S-1-5-21-2907024254-2848664714-3585611830-1000\Software\Microsoft\Internet
Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
资料已找到:
HKU\S-1-5-21-2907024254-2848664714-3585611830-1000\Software\Microsoft\Internet
Explorer\SearchScopes [DefaultScope] -
机码已找到:
HKU\S-1-5-21-2907024254-2848664714-3585611830-1000\Software\Microsoft\Internet
Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
机码已找到: HKCU\Software\Microsoft\Internet
Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
资料已找到: HKCU\Software\Microsoft\Internet Explorer\SearchScopes
[DefaultScope] -
机码已找到: HKCU\Software\Microsoft\Internet
Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
机码已找到: HKLM\SOFTWARE\Microsoft\Internet
Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
资料已找到: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
[DefaultScope] -
机码已找到: [x64] HKCU\Software\Microsoft\Internet
Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
资料已找到: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes
[DefaultScope] -
机码已找到: [x64] HKCU\Software\Microsoft\Internet
Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
资料已找到:
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] -
"c:\program files\internet explorer\iexplore.exe"
hxxp://www.ourluckysites.com/?type=sc&ts=1494853244&z=8498990a91e6593b1f9
资料已找到: HKLM\SOFTWARE\Clients\StartMenuInternet\Google
Chrome\shell\open\command [] - "c:\program files
(x86)\google\chrome\application\chrome.exe"
hxxp://www.ourluckysites.com/?type=sc&ts=1494853244&z=849899
资料已找到: [x64] HKLM\SOFTWARE\Clients\StartMenuInternet\Google
Chrome\shell\open\command [] - "c:\program files
(x86)\google\chrome\application\chrome.exe"
hxxp://www.ourluckysites.com/?type=sc&ts=1494853244&z=8498
资料已找到:
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [] -
"c:\program files (x86)\mozilla firefox\firefox.exe"
hxxp://www.ourluckysites.com/?type=sc&ts=1494853244&z=8498990a91e6593b1
机码已找到: HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\EdpDomStorage\adnetworkperforma
机码已找到: HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\EdpDomStorage\mp.weixin.qq.com
机码已找到: HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\EdpDomStorage\ourluckysites.com
机码已找到: HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\EdpDomStorage\qq.com
机码已找到: HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\EdpDomStorage\v.qq.com
机码已找到: HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\EdpDomStorage\www.adnetworkperf
机码已找到: HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\EdpDomStorage\www.ourluckysites
机码已找到: HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\DOMStorage\adnetworkperformance
机码已找到: HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\DOMStorage\mp.weixin.qq.com
机码已找到: HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\DOMStorage\ourluckysites.com
机码已找到: HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\DOMStorage\qq.com
机码已找到: HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\DOMStorage\v.qq.com
机码已找到: HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\DOMStorage\www.adnetworkperform
机码已找到: HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\DOMStorage\www.ourluckysites.co
机码已找到: [x64] HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\EdpDomStorage\adnetworkperfor
机码已找到: [x64] HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\EdpDomStorage\mp.weixin.qq.co
机码已找到: [x64] HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\EdpDomStorage\ourluckysites.c
机码已找到: [x64] HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\EdpDomStorage\qq.com
机码已找到: [x64] HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\EdpDomStorage\v.qq.com
机码已找到: [x64] HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\EdpDomStorage\www.adnetworkpe
机码已找到: [x64] HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\EdpDomStorage\www.ourluckysit
机码已找到: [x64] HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\DOMStorage\adnetworkperforman
机码已找到: [x64] HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\DOMStorage\mp.weixin.qq.com
机码已找到: [x64] HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\DOMStorage\ourluckysites.com
机码已找到: [x64] HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\DOMStorage\qq.com
机码已找到: [x64] HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\DOMStorage\v.qq.com
机码已找到: [x64] HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\DOMStorage\www.adnetworkperfo
机码已找到: [x64] HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet
Explorer\DOMStorage\www.ourluckysites.
机码已找到: [x64] HKLM\SOFTWARE\Microsoft\Shared
Tools\MsConfig\StartupReg\QvodTerminal
登录已找到:
HKU\S-1-5-21-2907024254-2848664714-3585611830-1000\Software\Microsoft\Windows\CurrentVersion\Run
[background_fault]
登录已找到:
HKU\S-1-5-21-2907024254-2848664714-3585611830-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
[background_fault]
登录已找到: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
[background_fault]
登录已找到: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run
[background_fault]
机码已找到: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App
Paths\MobogenieAdd
登录已找到: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost
[WinSAPSvc]
机码已找到: HKCU\SOFTWARE\Classes\ChromeHTML
机码已找到: HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML
登录已找到: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [Kitty]
登录已找到: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [BIT]
登录已找到: HKLM\SOFTWARE\Mozilla\Firefox\Extensions
[
[email protected]]
登录已找到: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [
[email protected]]
登录已找到: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [
[email protected]]
登录已找到: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [
[email protected]]
登录已找到: HKLM\SOFTWARE\Mozilla\Firefox\Extensions
[
[email protected]]
登录已找到: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [
[email protected]]
登录已找到: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [
[email protected]]
登录已找到: HKLM\SOFTWARE\Mozilla\Firefox\Extensions
[
[email protected]]
登录已找到: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [
[email protected]]
登录已找到: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [
[email protected]]
***** [ 网页浏览器 ] *****
Firefox 已找到:
[C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\gdi9cssz.default\prefs.js]
- "browser.newtab.url" - "chrome://quick_start/content/index.html"
Firefox 已找到:
[C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\gdi9cssz.default\prefs.js]
- "browser.search.defaultenginename" - "nice"
Firefox 已找到:
[C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\gdi9cssz.default\prefs.js]
- "browser.search.order.1" - "nice"
Firefox 已找到:
[C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\gdi9cssz.default\prefs.js]
- "browser.search.searchengine.iconURL" -
"hxxp://www.luckysearch123.com/favicon.ico?t=1"
Firefox 已找到:
[C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\gdi9cssz.default\prefs.js]
- "browser.search.searchengine.url" -
"hxxp://www.luckysearch123.com/search.php?type=ds&ts=1494490340&from=c8350511&u
Firefox 已找到:
[C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\gdi9cssz.default\prefs.js]
- "browser.search.selectedEngine" - "nice"
Firefox 已找到:
[C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\gdi9cssz.default\prefs.js]
- "browser.startup.homepage" -
"hxxp://www.nicesearches.com?type=hp&ts=1459156390&from=10637238&uid=wdcxwd10ezex-08m2
Firefox 已找到:
[C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\gdi9cssz.default\prefs.js]
- "extensions.quick_start.enable_search1" - false
Firefox 已找到:
[C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\gdi9cssz.default\prefs.js]
- "extensions.quick_start.sd.closeWindowWithLastTab_prev_state" - false
Chromium 已找到: [C:\Users\USER\AppData\Local\Google\Chrome\User
Data\Default\Web data] - v9_
Chromium 已找到: [C:\Users\USER\AppData\Local\Google\Chrome\User
Data\Default\Web data] - v9__
Chromium 已找到: [C:\Users\USER\AppData\Local\Google\Chrome\User
Data\Default\Web data] - v9___
Chromium 已找到: [C:\Users\USER\AppData\Local\Google\Chrome\User
Data\Default\Web data] - v9____
Chromium 已找到: [C:\Users\USER\AppData\Local\Google\Chrome\User
Data\Default\Web data] - v9
Chromium 已找到: [C:\Users\USER\AppData\Local\Google\Chrome\User
Data\Default\Web data] - nicesearches.com
Chromium 已找到: [C:\Users\USER\AppData\Local\Google\Chrome\User
Data\Default\Web data] - nice_
Chromium 已找到: [C:\Users\USER\AppData\Local\Google\Chrome\User
Data\Default\Web data] - nice__
Chromium 已找到: [C:\Users\USER\AppData\Local\Google\Chrome\User
Data\Default\Web data] - nice___
Chromium 已找到: [C:\Users\USER\AppData\Local\Google\Chrome\User
Data\Default\Web data] - nice____
Chromium 已找到: [C:\Users\USER\AppData\Local\Google\Chrome\User
Data\Default\Web data] - nice_____
Chromium 已找到: [C:\Users\USER\AppData\Local\Google\Chrome\User
Data\Default\Web data] - nice______
Chromium 已找到: [C:\Users\USER\AppData\Local\Google\Chrome\User
Data\Default\Web data] - nice
Chromium 已找到: [C:\Users\USER\AppData\Local\Google\Chrome\User
Data\Default\Web data] - luckysearch123.com
Chromium 已找到: [C:\Users\USER\AppData\Local\Google\Chrome\User
Data\Default\Web data] - luck_
Chromium 已找到: [C:\Users\USER\AppData\Local\Google\Chrome\User
Data\Default\Web data] - luck__
Chromium 已找到: [C:\Users\USER\AppData\Local\Google\Chrome\User
Data\Default\Web data] - luck___
Chromium 已找到: [C:\Users\USER\AppData\Local\Google\Chrome\User
Data\Default\Web data] - luck____
Chromium 已找到: [C:\Users\USER\AppData\Local\Google\Chrome\User
Data\Default\Web data] - luck_____
Chromium 已找到: [C:\Users\USER\AppData\Local\Google\Chrome\User
Data\Default\Web data] - luck
Chromium 已找到: [C:\Users\USER\AppData\Local\Google\Chrome\User
Data\Default\Secure Preferences] -
hxxp://www.nicesearches.com?type=hp&ts=1462263787&from=86490503&uid=wdcxwd10ezex-08m2na0_wd-wmc3f107078970789&z=839b4b
Chromium 已找到: [C:\Users\USER\AppData\Local\Google\Chrome\User
Data\Default\Secure Preferences] -
hxxp://search.delta-homes.com/webfavicon.ico
Chromium 已找到: [C:\Users\USER\AppData\Local\Google\Chrome\User
Data\Default\Secure Preferences ] -
hxxp://www.nicesearches.com?type=hp&ts=1462263787&from=86490503&uid=wdcxwd10ezex-08m2na0_wd-wmc3f107078970789&z=839b4
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [34198 位元组] - [16/05/2017 10:56:31]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [34276 位元组] ##########
-------------
感谢各位大大观赏
删完之後,
google chrome无法开了,火狐也无法开了。
疑似有删除不完整的状况。
所以我按了系统还原,想还原到clean之前的状态,
没想到也不断还原失败,
分别有0x800070091跟0x80070005的错误讯息,
试过一些方法都没用。
想直接重灌chrome,
但下载下来的chrome安装档: ChromeSetup 跟 ChromeStandaloneSetup64
都是点两下之後,
滑鼠稍微跑一下(蓝色圆圈),
就跟没事发生一样,连错误讯息也没有...。
在"软体安装与解除"那里,已经没有chrome的痕迹了
也试过用ccleaner修复登录档等问题,
也试过关服毒软体再灌,
也试过去program file把google的资料夹删掉再灌,
都没用。
这该如何解决呢... 跪求高手大大解救,
将奉上500P 币作为谢酬,
拜托了QQ
--
※ 发信站: 批踢踢实业坊(ptt.cc), 来自: 118.233.157.118
※ 文章网址: https://webptt.com/cn.aspx?n=bbs/AntiVirus/M.1494935683.A.1E4.html
1F:推 blink173: 服务 有个kitty XDDD 那是什麽 05/16 19:56
不知道耶..
※ 编辑: jodawa (118.233.157.118), 05/16/2017 19:59:21
2F:→ starsun135: 楼上认真看完了!!!??? 05/16 20:00
※ 发信站: 批踢踢实业坊(ptt.cc)
※ 转录者: jodawa (118.233.157.118), 05/16/2017 20:01:17
3F:推 kaoh08: 毒蛊..我看你还是重灌好了 05/17 03:01
4F:→ squrar: 看最前面iSafeXXX 就觉得一点都不安全了 05/17 13:27
已重灌了...,不过主要不是因为中毒,而是因为adwcleaner把chrome跟acrobat也摧毁了
,再灌不能,感谢...
※ 编辑: jodawa (118.233.157.118), 05/18/2017 11:00:42