【求助】我的電腦中了virusheat病毒，各位兄弟請幫幫忙啊！ bbs.ikaka.com

韓楓向斌 - 2008-3-31 19:12:00

我的電腦地右下方前幾天出現一個不斷閃爍的盾刑圖標，最早還不知道是什麼東西，後來在百度一查才知道中了一種叫virusheat的病毒，請各位朋友幫下我看看是怎麼回事，這裏多謝了！

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

附件: 10338482008331185955.txt

秋叶濛濛 - 2008-3-31 19:45:00

先用工具清理下系统然后扫描完整SRE日志报告

清理系统临时文件和IE临时文件夹
http://www.atribune.org/public-beta/ATF-Cleaner.exe
用金山清理专家清理恶意软件
http://www.duba.net/zt/ksc/down.shtml
下载windows清理助手清理一遍
http://www.arswp.com/download/arswp2/arswp2.zip

下载Sreng，解压缩运行

1.先把不相关的软件关闭
2.智能扫描(记得勾上数字签名选项）=》扫描=》保存报告
3.把日志SREngLOG.log中的报告完整复制粘贴上来，[全选(Ctrl+a) >>复制(Ctrl+c) >>粘贴(Ctrl+v)] 上来或者粘贴到记事本中已附件形式上传上来

SRE下载地址
http://www.kztechs.com/sreng/sreng928.zip
PS:如果下载后不能运行请删除已下载的,然后重新下载.下载后首先不要运行先将下载的SREng.exe重命名为SREng.com(SREng.scr\SREng.bat\SREng.pif)或者abc.exe运行

韓楓向斌 - 2008-4-1 8:31:00

[CODE]

2008-04-01,08:05:39

System Repair Engineer 2.6.2.928
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195) - 管理許可權用戶 - 完整功能

以下內容被選中：
所有的啟動項目（包括註冊表、開機檔案夾、服務等）
流覽器載入項
正在運行的進程（包括進程模組資訊）
文件關聯
Winsock 提供者
Autorun.inf
HOSTS 文件
進程特權掃描

啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<acdseemc.exe><C:\Program Files\Common Files\ACD Systems\ACDSeeMC.EXE> [File is missing]
<3303tv7iy><; C:\WINNT\system.exe> [File is missing]
<6q61xrcl89l0kdm><; C:\WINNT\iexpl0re.exe> [File is missing]
<Foxmail><; E:\fox\Foxmail.exe -min> [File is missing]
<kr325rm><; C:\WINNT\iexp1ore.exe> [File is missing]
<NvMediaCenter><; RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<seekmo><; "c:\program files\seekmo\seekmo.exe"> [File is missing]
<svc><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\logsony.exe> [File is missing]
<swg><; C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe> [File is missing]
<w46k79sk3><; C:\WINNT\winlog0n.exe> [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Windows 2000 Publisher]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<WebThunder><; C:\xiazai\新資料夾\WebThunder.exe> [File is missing]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited]
<HPDJ Taskbar Utility><; C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb03.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher, E=""]
<NvCplDaemon><; RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<nwiz><; nwiz.exe /install> [NVIDIA Corporation]
<NvMediaCenter><RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<Thunder><"C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s> [Thunder Networking Technologies,LTD]
<YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [(Verified)"Beijing Yahoo! Information and Technology Co., Ltd."]
<yassistse><; C:\progra~1\yahoo!\assistant\yassistse.exe> [(Verified)"Beijing Yahoo! Information and Technology Co., Ltd."]
<FlashGet><; C:\xiazai\FlashGet.exe /min> [File is missing]
<HF_GameClient><; C:\Program Files\瘋源勤桵怢\gameclient.exe> [File is missing]
<IMSCMIG40W><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log> [Microsoft Corporation]
<miniQQLive><; "E:\sweet\我的文檔\xian\MiniQQLive.exe"> [File is missing]
<ms><; C:\Program Files\Microsoft\svhost32.exe> [File is missing]
<nbbpens><; C:\Program Files\Internet Explorer\CSRSS.exe> [File is missing]
<OrderReminder><; C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe> [Hewlett-Packard]
<PHIMETIPSYNC><; C:\Program Files\Common Files\Microsoft Shared\IME\IMTC60\Phonetic\TINTLCFG.EXE /PHIMETIPSync> [File is missing]
<PPGDown><; C:\PROGRA~1\PPGOUS~1\PPGou\PPGou.exe Auto> [File is missing]
<RavTimeXP><; C:\WINNT\Mstray.exe> [File is missing]
<Super Rabbit SRRestore><; C:\Program Files\Super Rabbit\magicset\srrest.exe /autosave> [Super Rabbit Soft]
<Tray><; C:\WINNT\command\rundll32.exe> [File is missing]
<upxdnd1><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd1.exe> [File is missing]
<WinsSystem><; C:\Program Files\Internet Explorer\syssmss.exe> [File is missing]
<wsttr><; C:\WINNT\wsttr.exe> [File is missing]
<zt><; C:\WINNT\Intel\rundll32.exe> [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><EXPLORER.EXE> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><userinit.exe> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll> [(Verified)Beijing Rising Science and Technology Corporation Limited]
<{2D49692C-A5FD-4E29-A3CD-37E9B182FCC6}><C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys> [File is missing]
<{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll> [File is missing]
<{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINNT\DOWNLO~1\CnsHook.dll> [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD"]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<DLMon><C:\WINNT\system32\DLMain.dll> [File is missing]
<DVDBurn><C:\WINNT\Downloaded Program Files\AfxEdit.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{d70e9b0f-aabc-4066-8176-c6de84d92fa1}><C:\WINNT\system32\kknwg.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer 存取><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express 存取><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2bf41072-b2b1-21c1-b5c1-0305f4155515}]
<N/A><C:\WINNT\SCVHOST.exe> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%Prog

瑞星卡卡安全论坛