当前位置：首页 → 问答吧 → 中左UK POLICE毒救命

中左UK POLICE毒救命

时间：2013-06-09

来源：互联网

HELP....

2013-6-9 11:19 AM, 下载次数: 2

作者: man2111 发布时间: 2013-06-09

开机按F8,入安全模式做Fix checked & OTM 删除。

1.执行Hijackthis > Do a system scan only > 勾选下列项目 > 按Fix Checked (fix checked时关闭所有browsers/程式) > 按"是"。

引用:

F2 - REG:system.ini: Shell=C:\PROGRA~3\iwgol.bat
F3 - REG:win.ini: load=C:\Users\hoi\LOCALS~1\Temp\mscfubw.bat
O2 - BHO: VideoUrlSniffer - {00000ADA-7E0D-47C1-986C-F017D09C4304} - C:\Users\Public\Thunder Network\XMP4\Core\Program\VideoUrlSniffer.2.2.0.131.(741).dll
O2 - BHO: contineuuetyosave - {057E5083-BD53-B484-4ADF-48D167DDD996} - C:\ProgramData\contineuuetyosave\51b2bd9a08305.dll
O2 - BHO: 08F338FF-858A-3156-3DB5-6CB02A4C28C5 Class - {08F338FF-858A-3156-3DB5-6CB02A4C28C5} - c:\program files (x86)\baidu\{08f338ff-858a-3156-3db5-6cb02a4c28c5}\addressbar.dll
O2 - BHO: XlBrowserAddinBho.XlBrowserAddinBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.8.71.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: 瑞俴弝畦温挚狟婥郪璃 - {4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} - C:\Users\hoi\funshion\funshiontools\FunshionHelper.dll
O2 - BHO: ccooNttinuetosave - {5EDC2F55-E21B-F060-23BE-8764262F663E} - C:\ProgramData\ccooNttinuetosave\51b2c4ab6f5a2.dll
O2 - BHO: Baidu Toolbar BHO - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Program Files (x86)\Baidu\Toolbar\BaiduBarX.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.2.10.3694.dll
O2 - BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.86.0\QvodExtend.dll
O2 - BHO: PPVADownloader - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Program Files (x86)\PPLive\PPVA\DownloaderManager.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll
O3 - Toolbar: 啃仅驮捡戏 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files (x86)\Baidu\Toolbar\BaiduBarX.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll" (file missing)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QvodTerminal] "C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe" -autorun
O4 - HKCU\..\Run: [PPAP] "C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe" -background
O4 - HKCU\..\Run: [PPLiveVA] "C:\Program Files (x86)\PPLive\PPVA\PPLiveVA.exe" /LoadModule PPVA.DLL /M REAL /S 0 /T 0
O4 - HKCU\..\Run: [XMP] "C:\Users\Public\THUNDE~1\XMP4\Core\Program\XMP.exe" /embedding /sstartfrom Startup104
O4 - HKCU\..\Run: [wincheck.exe] "\.exeFalse"
O4 - HKCU\..\Run: [winchecks.exe] "\.exeFalse"
O4 - HKCU\..\Run: [winchecker.exe] "\.exeFalse"
O4 - HKCU\..\Run: [NEI3N0NFMzYxQ0MxNUZEME] C:\Users\hoi\ShifWin.exe
O4 - HKCU\..\Run: [swzmku.exe] "C:\Users\hoi\AppData\Roaming\swzmku.exe"
O4 - HKCU\..\Run: [NTI3QjRBMTkxMjA3QTY5MT] C:\Users\hoi\winSP.exe
O4 - HKCU\..\Run: [javadata] "C:\Users\hoi\AppData\Roaming\javajva\javadataupdate.exe"
O4 - HKCU\..\Run: [DC3_FEXEC] C:\Users\hoi\AppData\Roaming\2E7CA4.exe
O4 - HKCU\..\Run: [Mozilla] C:\Users\hoi\AppData\Roaming\222E94.exe
O4 - HKCU\..\Run: [MpcStar] C:\Users\hoi\AppData\Roaming\222E94.exe
O4 - HKCU\..\Run: [Qekwkm] C:\Users\hoi\AppData\Roaming\Qekwkm.exe
O4 - HKCU\..\Run: [egkepxcackaofrwsjvh] C:\Users\hoi\AppData\Roaming\egkepxcackaofrwsjvh.exe
O4 - HKCU\..\Run: [ChromeUpdate] C:\Users\hoi\WinSdns.exe
O4 - HKCU\..\Run: [MSWUpdate] C:\Users\hoi\AppData\Roaming\Microsoft\lsass.exe
O4 - HKCU\..\Run: [gdfggdfgd] C:\Users\hoi\AppData\Roaming\gdfggdfgd.exe
O4 - HKCU\..\Run: [NzgyNzUxNDYxREU2RTc3Mz] C:\Users\hoi\chC_1.exe
O4 - HKCU\..\Run: [MTYwMzhGQ0IzNEQyOEI4OE] C:\Users\hoi\msvmsin.exe
O4 - HKCU\..\Run: [A-2023826384] C:\Users\hoi\AppData\Roaming\A-2023826384.exe
O4 - HKCU\..\Run: [3F3F5B413F3F033FF63F4A1D5148C561125D3F3F263D3F39] C:\Users\hoi\96F686\winlogon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\hoi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe
O4 - HKCU\..\Run: [Funshion] "C:\Program Files (x86)\Funshion Online\Funshion\Funshion.exe" startbywindows tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\logwi.dat,FG00
O4 - HKLM\..\Policies\Explorer\Run: [13808] C:\PROGRA~3\LOCALS~1\Temp\mseffi.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (User 'Default user')
O4 - Startup: myFUNboxx.lnk = C:\Program Files (x86)\myFUNboxx\myFUNboxx\myFUNboxx.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &妏蚚&捃泞烛盄狟婥 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm
O8 - Extra context menu item: &妏蚚&捃泞狟婥 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: &妏蚚&捃泞狟婥窒蝈诿 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\GetAllUrl.htm
O8 - Extra context menu item: Foxy ?? - res://C:\Program Files (x86)\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 下载 - res://C:\Program Files (x86)\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜寻 - res://C:\Program Files (x86)\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm
O9 - Extra button: (no name) - {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra 'Tools' menuitem: ??迅雷看看播放器 - {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra button: 迅雷看看播放器 - {24c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
O9 - Extra button: 迅雷看看 - {5D578929-E74E-46A2-A810-4F33D011DC52} - C:\Program Files (x86)\Common Files\Thunder Network\Kankan\XLStartKankan.exe

O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - C:\Users\hoi\AppData\Local\Temp\f5tmp\urxvpn.cab
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - C:\Users\hoi\AppData\Local\Temp\f5tmp\f5tunsrv.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\Users\hoi\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - C:\Users\hoi\AppData\Local\Temp\f5tmp\urxshost.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - C:\Users\hoi\AppData\Local\Temp\f5tmp\urxhost.cab

O20 - AppInit_DLLs: c:\progra~2\mocaflix\sprote~1.dll c:\progra~2\contin~1\sprote~1.dll c:\progra~2\websea~1\sprote~1.dll

O23 - Service: UUSee Live Update Service - - C:\Program Files (x86)\Common Files\uusee\UUSeeLUS.exe

2. 下载/执行 OTM做删除。
copy & paste 以下项目於Paste Instructions for Items to be Moved的框格内。
按MoveIt > OK > 重启电脑。

引用:

:files
C:\Users\hoi\LOCALS~1\Temp\mscfubw.bat
C:\Users\Public\Thunder Network\XMP4\Core\Program\VideoUrlSniffer.2.2.0.131.(741).dll
C:\ProgramData\contineuuetyosave\51b2bd9a08305.dll
c:\program files (x86)\baidu\{08f338ff-858a-3156-3db5-6cb02a4c28c5}\addressbar.dll
C:\Program Files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.8.71.dll
C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
C:\Users\hoi\funshion\funshiontools\FunshionHelper.dll
C:\ProgramData\ccooNttinuetosave\51b2c4ab6f5a2.dll
C:\Program Files (x86)\Baidu\Toolbar\BaiduBarX.dll
C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.2.10.3694.dll
C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.86.0\QvodExtend.dll
C:\Program Files (x86)\PPLive\PPVA\DownloaderManager.dll
C:\Program Files (x86)\Baidu\Toolbar\BaiduBarX.dll
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe
C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe
C:\Program Files (x86)\PPLive\PPVA\PPLiveVA.exe
C:\Users\Public\THUNDE~1\XMP4\Core\Program\XMP.exe
C:\Users\hoi\ShifWin.exe
C:\Users\hoi\AppData\Roaming\swzmku.exe
C:\Users\hoi\winSP.exe
C:\Users\hoi\AppData\Roaming\javajva\javadataupdate.exe
C:\Users\hoi\AppData\Roaming\2E7CA4.exe
C:\Users\hoi\AppData\Roaming\222E94.exe
C:\Users\hoi\AppData\Roaming\Qekwkm.exe
C:\Users\hoi\AppData\Roaming\egkepxcackaofrwsjvh.exe
C:\Users\hoi\WinSdns.exe
C:\Users\hoi\AppData\Roaming\Microsoft\lsass.exe
C:\Users\hoi\AppData\Roaming\gdfggdfgd.exe
C:\Users\hoi\chC_1.exe
C:\Users\hoi\msvmsin.exe
C:\Users\hoi\AppData\Roaming\A-2023826384.exe
C:\Users\hoi\96F686\winlogon.exe
D:\PPS.tv\PPStream\PPSKernel.exe
C:\Program Files (x86)\Funshion Online\Funshion\Funshion.exe
C:\PROGRA~3\rundll32.exe
C:\PROGRA~3\logwi.dat
C:\PROGRA~3\LOCALS~1\Temp\mseffi.exe
C:\Program Files (x86)\myFUNboxx\myFUNboxx\myFUNboxx.exe
c:\progra~2\mocaflix\sprote~1.dll
c:\progra~2\contin~1\sprote~1.dll
c:\progra~2\websea~1\sprote~1.dll
C:\Program Files (x86)\Common Files\uusee\UUSeeLUS.exe

3. 下载/执行Junkware Removal Tool扫毒。执行扫毒前请关闭所有浏览器同程式。
(JRT会自动删除附於浏览器的恶意程式/档案/登录档)

4. 下载/执行WinSockFix.bat for Win7修正/重设winsock > 重启电脑。

5. 关闭所有防毒软件(包括Windows Defender),下载ComboFix至桌面 ,执行 ComboFix 扫毒。
扫瞄时不要执行其他程式或点击 ComboFix视窗。
(ComboFix扫毒约10 -20分钟,唔使装"修复主控台程式")
完成扫瞄后,ComboFix 报告会自动弹出。

请贴上以下报告:
a. JRT扫毒报告。
b. ComboFix扫毒报告。
c. 新1份Hijackthis扫瞄报告。

作者: SILVESTERABEND 发布时间: 2013-06-09

引用:

原帖由 SILVESTERABEND 於 2013-6-9 08:22 PM 发表
开机按F8,入安全模式做Fix checked & OTM 删除。

1.执行Hijackthis > Do a system scan only > 勾选下列项目 > 按Fix Checked (fix checked时关闭所有browsers/程式) > 按"是"。

2. 下载/执行 OTM做删除。
co ...

is it ok