瑞星卡卡安全论坛

菜鸟求助rojan.PSW.Win32.GameOL
我电脑中了rojan.PSW.Win32.GameOL.moq
SRENG扫描报告在附件里请专家帮忙看一下 谢谢

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)


附件: 10077992008326222356.txt

引用:

【幸福雪儿的贴子】菜鸟求助rojan.PSW.Win32.GameOL 我电脑中了rojan.PSW.Win32.GameOL.moq SRENG扫描报告在附件里请专家帮忙看一下 谢谢 [用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ………………

附件: 10077992008326222455.jpg

上面是扫描记录

==

=================================

用xdelbox删除以下文件
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1C.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp17.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp29.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp31.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp83.tmp
C:\WINDOWS\system32\hgfhk.dll
C:\WINDOWS\system32\jwlah.dll
C:\WINDOWS\system32\xfgnxfn.dll
C:\WINDOWS\system32\zfdzb.dll
C:\WINDOWS\system32\msosiocp.dll
C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys
C:\WINDOWS\system32\xgnfn.dll
C:\WINDOWS\system32\ijougiemnaw.dll
C:\WINDOWS\system32\taflwbgdj.dll
C:\WINDOWS\system32\pahzij.dll
C:\WINDOWS\system32\duygnef.dll
C:\WINDOWS\system32\mgmgmm.dll
C:\WINDOWS\system32\WSockDrv32.dll
C:\WINDOWS\system32\MsIMMs32.dll
C:\WINDOWS\system32\mppds.dll
C:\WINDOWS\system32\AVPSrv.dll
C:\WINDOWS\system32\upxdnd.dll
C:\WINDOWS\system32\tciocp32.dll
C:\WINDOWS\system32\DbgHlp32.dlL
C:\WINDOWS\system32\msccrt.dll
C:\WINDOWS\system32\cmdbcs.dll
C:\WINDOWS\system32\yuwvcmoh.dll
C:\WINDOWS\system32\mvvzuy.dll
C:\WINDOWS\system32\climnq.dll
C:\WINDOWS\system32\huqhvv.dll
C:\WINDOWS\system32\Kvsc3.dll
C:\WINDOWS\system32\WINSvr32.dll
C:\WINDOWS\system32\Setup\en_1072.bin
C:\WINDOWS\system32\5785.com
C:\WINDOWS\system32\SOUNDMAN.EXE
C:\WINDOWS\PTSShell.exe
C:\WINDOWS\WINSvr32.exE
C:\WINDOWS\system32\msosiocp.dll


=================================
打开SREng-》启动项目->注册表->删除
    <SoundMan><SOUNDMAN.EXE>  [1]
    <PTSShell><C:\WINDOWS\PTSShell.exe>  [N/A]
    <WINSvr32><C:\WINDOWS\WINSvr32.exE>  [N/A]
    <{50632D5C-B71B-4ba0-B012-3DC6F15C011B}><C:\WINDOWS\system32\msosiocp.dll>  []
    <{D29DCEE0-457B-45A2-A92D-741B95B7723B}><C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys>  []
    <IFEO[ctfmon.exe]><SoundMan.exe>  [1]
    <IFEO[IceSword]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
    <IFEO[ras]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
    <IFEO[runiep]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
    <IFEO[taskmgr.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]

=================================
删除服务
[TSECleanUpAssist / TSECleanUpAssist][Stopped/Auto Start]
  <C:\WINDOWS\system32\5785.com><N/A>
================================
删除驱动程序
[cqit / cqit][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1C.tmp><N/A>
[dohs / dohs][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp17.tmp><N/A>
[fpids32 / fpids32][Stopped/Boot Start]
  <2 - 系统找不到指定的文件。
><N/A>
[mhfp / mhfp][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp29.tmp><N/A>
[mnsf / mnsf][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp31.tmp><N/A>
[jtio / jtio][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp83.tmp><N/A>
=================================
SRE--系统修复--浏览器加载项--删除

[]
  {D29DCEE0-457B-45A2-A92D-741B95B7723B} <C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys, N/A>
[]
  {D29DCEE0-457B-45A2-A92D-741B95B7723B} <C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys, N/A>

谢谢