当前位置：首页 → 问答吧 → 中左wuaudit.exe病毒不停黑屏

中左wuaudit.exe病毒不停黑屏

时间：2013-09-30

来源：互联网

已爬过其他文章貌似每部电脑方法不同？已被此病毒困扰多日……求高人帮忙
avast不停报毒，显示卡经常停止运作。

[ 本帖最后由六月猫於 2013-9-19 05:25 PM 编辑 ]

作者: 六月猫发布时间: 2013-09-30

引用:原帖由六月猫於 2013-9-16 12:28 AM 发表
已爬过其他文章貌似每部电脑方法不同？已被此病毒困扰多日……求高人帮忙
avast不停报毒，显示卡经常停止运作。

http://computer.uwants.com/viewthread.php?tid=16448391

作者: luckystrike2008 发布时间: 2013-09-30

请先做份Hijackthis扫瞄报告贴上。

作者: SILVESTERABEND 发布时间: 2013-09-30

感谢补上了

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 18:16:03, on 16/9/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)

Boot mode: Normal
Running processes:
D:\Windows\system32\Dwm.exe
D:\Windows\system32\taskhost.exe
D:\Windows\Explorer.EXE
D:\Program Files\alipay\SafeTransaction\Alipaybsm.exe
D:\Program Files\AVAST Software\Avast\AvastUI.exe
D:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\QvodPlayer\QvodTerminal.exe
D:\Program Files\NVIDIA Corporation\Display\nvtray.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\其他程式\PPStream\PPSKernel.exe
D:\Program Files\GridService\peer.exe
D:\Program Files\Pando Networks\Media Booster\PMB.exe
D:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
D:\Windows\System32\rundll32.exe
D:\Windows\system32\RunDll32.exe
D:\Program Files\DuoMi\DuoMi.exe
D:\Program Files\alipay\SafeTransaction\AlipaySafeTran.exe
D:\Windows\system32\wuauclt.exe
D:\其他程式\QQ\Bin\QQ.exe
D:\其他程式\SogouExplorer\sogouexplorer.exe
D:\其他程式\SogouExplorer\sogouexplorer.exe
D:\其他程式\SogouExplorer\sogouexplorer.exe
D:\其他程式\QQ\Bin\TXPlatform.exe
D:\其他程式\QQ\Bin\QQExternal.exe
D:\其他程式\SogouExplorer\sogouexplorer.exe
D:\Users\CeLia Chu\Desktop\HijackThis.exe
D:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
D:\Windows\system32\SearchProtocolHost.exe

[ 本帖最后由六月猫於 2013-9-16 06:16 PM 编辑 ]

作者: 六月猫发布时间: 2013-09-30

O2 - BHO: QQCycloneHelper - {00000000-12C9-4305-82F9-43058F20E8D2} - D:\其他程式\QQDownload\QQIEHelper01.dll
O2 - BHO: XlBrowserAddinBho.XlBrowserAddinBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - D:\坻最宒\捃泞\BHO\XlBrowserAddin1.0.8.71.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\坻最宒\捃泞\BHO\XunleiBHO7.2.9.3634.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - D:\Users\CELIAC~1\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: iToolsBHO - {E1499FE7-129D-4B6E-B681-DDF21E14172C} - D:\Users\CeLia Chu\Documents\iTools\Plugin\iToolsBHO.dll
O2 - BHO: 肮祭珨莹假蚾盓厥 - {F72C8153-7140-4FEE-8F69-CA4579D71195} - D:\Program Files\Tongbu\Addin\tbIEAddin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "D:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IME14 CHS Setup] D:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHS /Log
O4 - HKLM\..\Run: [BCSSync] "D:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [APSDaemon] "D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "D:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] D:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "D:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NUSB3MON] "D:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QvodTerminal] "D:\Program Files\QvodPlayer\QvodTerminal.exe" -autorun
O4 - HKLM\..\Run: [duomi] D:\Program Files\DuoMi\DuoMi.exe /hide
O4 - HKLM\..\Run: [duomitip] D:\Program Files\DuoMi\dmdeskbox.exe /hide
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\其他程式\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

[ 本帖最后由六月猫於 2013-9-16 06:16 PM 编辑 ]

作者: 六月猫发布时间: 2013-09-30

O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [XMP] "D:\其他程式\迅雷看看\program\XMP.exe" /embedding /sstartfrom Startup
O4 - HKCU\..\Run: [PPS Accelerator] D:\其他程式\PPStream\PPSKernel.exe
O4 - HKCU\..\Run: [EPSON TX110 Series] D:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBP.EXE /FU "D:\Windows\TEMP\E_S47BB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EA Core] "D:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Grid Service] "D:\Program Files\GridService\peer.exe" -n Grid
O4 - HKCU\..\Run: [Pando Media Booster] D:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [PPAP] "D:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background
O4 - HKCU\..\Run: [Steam] "D:\GAME\STEAM\Steam.exe" -silent
O4 - HKCU\..\Run: [UnInstallShell] D:\Users\CELIAC~1\AppData\Local\Temp\Uninstall.exe uuu "D:\其他程式\MSNShell\"
O4 - HKCU\..\Run: [tsiVideo] rundll32.exe D:\Users\CELIAC~1\AppData\Local\Temp\\tsiVi032.dll,start
O4 - HKUS\S-1-5-18\..\Run: [PPS Accelerator] D:\其他程式\PPStream\PPSKernel.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PPS Accelerator] D:\其他程式\PPStream\PPSKernel.exe (User 'Default user')
O4 - Startup: 百度云管家.lnk = C:\Program Files\BaiduYunGuanjia\BaiduYunGuanjia.exe
O4 - Startup: 监视墨水警示 - HP Deskjet 1050 J410 series.lnk = ?ProgramFiles%\HP\HP Deskjet 1050 J410 series\bin\HPStatusUI.dll
O8 - Extra context menu item: &妏蚚&捃泞烛盄狟婥 - D:\坻最宒\捃泞\BHO\OfflineDownload.htm
O8 - Extra context menu item: &妏蚚&捃泞狟婥 - D:\坻最宒\捃泞\BHO\geturl.htm
O8 - Extra context menu item: &妏蚚&捃泞狟婥窒蝈诿 - D:\坻最宒\捃泞\BHO\GetAllUrl.htm
O8 - Extra context menu item: 使用迅雷看看播放器播放 - D:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm
O8 - Extra context menu item: 使用电驴下载 - D:\其他程式\easyMule\IE2EM.htm
O8 - Extra context menu item: 妏蚚捃泞艘艘畦温畦温 - D:\ProgramData\Thunder Network\XMP4\core\program\XmpIEMenu.htm
O9 - Extra button: (no name) - {14c1d00e-0b92-4379-880b-444fa2d740dd} - D:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra 'Tools' menuitem: ??迅雷看看播放器 - {14c1d00e-0b92-4379-880b-444fa2d740dd} - D:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra button: ??迅雷看看播放器 - {24c1d00e-0b92-4379-880b-444fa2d740dd} - D:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
O9 - Extra button: ?送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ?送至 OneNote(&N) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote ?接??(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote ?接??(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

作者: 六月猫发布时间: 2013-09-30

O10 - Unknown file in Winsock LSP: d:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\prxerdrv.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.taobao.com
O15 - Trusted Zone: http://*.alipay.com (HKLM)
O15 - Trusted Zone: http://*.alisoft.com (HKLM)
O15 - Trusted Zone: http://*.taobao.com (HKLM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: HighSpeedDownloadIE - http://st1.dbank.com/netdisk/plugin/1106/DBankPlugin.CAB
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://labo.erinn.biz/cs/mabiweb.2012.04.25.0.cab
O16 - DPF: {8AFB38D0-67A4-49D3-8822-401755FC6573} (BFServiceX Control) - http://hk.beanfun.com/beanfun_block/embeds/BFService.cab
O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} (Game Starter Control) - https://gash.gamania.co.jp/acxauth/cab/2.0.1/lcjggame.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.co ... s/flash/swflash.cab
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://download1.pplive.com/config/pplite/pluginsetup.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\Windows\System32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - D:\Windows\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - D:\Windows\System32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - D:\Windows\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - D:\Windows\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - D:\Windows\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - D:\Windows\system32\urlmon.dll
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\Windows\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\Windows\System32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - D:\Windows\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - D:\Windows\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - D:\Windows\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - D:\Windows\system32\urlmon.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\Windows\System32\itss.dll
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - D:\Windows\System32\mshtml.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - D:\Windows\System32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\Windows\System32\mshtml.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

作者: 六月猫发布时间: 2013-09-30

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - D:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Alipay security service (AlipaySecSvc) - Alipay Inc. - D:\Program Files\alipay\alieditplus\AlipaySecSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour 服务 (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google更新服务 (gupdate) (gupdate) - Unknown owner - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google更新服务 (gupdatem) (gupdatem) - Unknown owner - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\其他程式\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod 服务 (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: 办蚚扢掘督昢 (KYDeviceServer) - 北京悠然天地科技有限公司 - D:\其他程式\kuaiyong\DRM\KYDeviceServer.exe
O23 - Service: MSCSPTISRV - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Steam Client Service - Valve Corporation - D:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - D:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - D:\Windows\system32\SearchIndexer.exe
O23 - Service: Yontoo Desktop Updater - Unknown owner - D:\Program Files\Yontoo\Y2Desktop.Updater.exe (file missing)

--
End of file - 14363 bytes

作者: 六月猫发布时间: 2013-09-30

开机按F8,入安全模式做Fix checked & OTM 删除。
1.执行Hijackthis > Do a system scan only > 勾选下列项目 > 按Fix Checked (fix checked时关闭所有browsers/程式) > 按"是"。

引用:
O2 - BHO: QQCycloneHelper - {00000000-12C9-4305-82F9-43058F20E8D2} - D:\其他程式\QQDownload\QQIEHelper01.dll
O2 - BHO: XlBrowserAddinBho.XlBrowserAddinBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - D:\坻最宒\捃泞\BHO\XlBrowserAddin1.0.8.71.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\坻最宒\捃泞\BHO\XunleiBHO7.2.9.3634.dll
O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - D:\Users\CELIAC~1\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL (file missing)
O2 - BHO: iToolsBHO - {E1499FE7-129D-4B6E-B681-DDF21E14172C} - D:\Users\CeLia Chu\Documents\iTools\Plugin\iToolsBHO.dll
O2 - BHO: 肮祭珨莹假蚾盓厥 - {F72C8153-7140-4FEE-8F69-CA4579D71195} - D:\Program Files\Tongbu\Addin\tbIEAddin.dll

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "D:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] D:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "D:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QvodTerminal] "D:\Program Files\QvodPlayer\QvodTerminal.exe" -autorun
O4 - HKLM\..\Run: [duomi] D:\Program Files\DuoMi\DuoMi.exe /hide
O4 - HKLM\..\Run: [duomitip] D:\Program Files\DuoMi\dmdeskbox.exe /hide
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\其他程式\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [XMP] "D:\其他程式\迅雷看看\program\XMP.exe" /embedding /sstartfrom Startup
O4 - HKCU\..\Run: [PPS Accelerator] D:\其他程式\PPStream\PPSKernel.exe
O4 - HKCU\..\Run: [Pando Media Booster] D:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [PPAP] "D:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background
O4 - HKCU\..\Run: [Steam] "D:\GAME\STEAM\Steam.exe" -silent
O4 - HKCU\..\Run: [UnInstallShell] D:\Users\CELIAC~1\AppData\Local\Temp\Uninstall.exe uuu "D:\其他程式\MSNShell\"
O4 - HKCU\..\Run: [tsiVideo] rundll32.exe D:\Users\CELIAC~1\AppData\Local\Temp\\tsiVi032.dll,start
O4 - HKUS\S-1-5-18\..\Run: [PPS Accelerator] D:\其他程式\PPStream\PPSKernel.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PPS Accelerator] D:\其他程式\PPStream\PPSKernel.exe (User 'Default user')
O4 - Startup: 百度云管家.lnk = C:\Program Files\BaiduYunGuanjia\BaiduYunGuanjia.exe

O8 - Extra context menu item: &妏蚚&捃泞烛盄狟婥 - D:\坻最宒\捃泞\BHO\OfflineDownload.htm
O8 - Extra context menu item: &妏蚚&捃泞狟婥 - D:\坻最宒\捃泞\BHO\geturl.htm
O8 - Extra context menu item: &妏蚚&捃泞狟婥窒蝈诿 - D:\坻最宒\捃泞\BHO\GetAllUrl.htm
O8 - Extra context menu item: 使用迅雷看看播放器播放 - D:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm
O8 - Extra context menu item: 使用电驴下载 - D:\其他程式\easyMule\IE2EM.htm
O8 - Extra context menu item: 妏蚚捃泞艘艘畦温畦温 - D:\ProgramData\Thunder Network\XMP4\core\program\XmpIEMenu.htm
O9 - Extra button: (no name) - {14c1d00e-0b92-4379-880b-444fa2d740dd} - D:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra 'Tools' menuitem: ??迅雷看看播放器 - {14c1d00e-0b92-4379-880b-444fa2d740dd} - D:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra button: ??迅雷看看播放器 - {24c1d00e-0b92-4379-880b-444fa2d740dd} - D:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\Windows\System32\mshtml.dll
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\其他程式\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Yontoo Desktop Updater - Unknown owner - D:\Program Files\Yontoo\Y2Desktop.Updater.exe (file missing)

2. 下载/执行 OTM做删除。
copy & paste 以下项目於Paste Instructions for Items to be Moved的框格内。
按MoveIt > OK > 重启电脑。

引用:
:files
D:\Program Files\QvodPlayer\QvodTerminal.exe
D:\Program Files\Pando Networks\Media Booster\PMB.exe
D:\Users\CeLia Chu\Documents\iTools\Plugin\iToolsBHO.dll
D:\Program Files\Tongbu\Addin\tbIEAddin.dll
D:\Program Files\DuoMi\DuoMi.exe
D:\Program Files\DuoMi\dmdeskbox.exe
D:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
D:\Users\CELIAC~1\AppData\Local\Temp\Uninstall.exe
D:\Users\CELIAC~1\AppData\Local\Temp\\tsiVi032.dll

3. 下载/执行Junkware Removal Tool扫毒。执行扫毒前请关闭所有浏览器同程式。
(JRT会自动删除附於浏览器的恶意程式/档案/登录档)

4. 关闭所有防毒软件(包括Windows Defender),下载ComboFix至桌面 ,执行 ComboFix 扫毒。
扫瞄时不要执行其他程式或点击 ComboFix视窗。
完成扫瞄后,ComboFix 报告会自动弹出。

请贴上以下报告:
a. JRT扫毒报告。
b. ComboFix扫毒报告。
c. 新1份Hijackthis扫瞄报告。

作者: SILVESTERABEND 发布时间: 2013-09-30

感谢版主貌似已经清除左病毒
无再弹出警告及黑屏，非常感谢！

作者: 六月猫发布时间: 2013-09-30

引用:原帖由六月猫於 2013-9-18 11:27 PM 发表
感谢版主貌似已经清除左病毒
无再弹出警告及黑屏，非常感谢！

You're welcome !

如果有其他跟进问题,可以随时发帖讨论。

1. 如果系统运作正常,请跟#8帖移除Hijackthis/ComboFix等等的扫瞄软件。
http://computer.uwants.com/viewthread.php?tid=12999541&extra=page%3D1

2. 请用CCleaner Free删除temp files/登录档,用Windows预载defrag功能,做番1次磁碟重组(defrag)。

3. 请将[求助]主题改为[已解决]。Tks.

作者: SILVESTERABEND 发布时间: 2013-09-30