瑞星卡卡安全论坛

首页 » 综合娱乐区 » 活动专区 » 实习生专区 » 实习生交流区 » 日志分析练习080813
lqqk7 - 2008-8-13 23:26:00
:default6:

======================================
日志分析练习索引:
20080811
20080812
20080813
20080815
======================================

附件: 20080813_1.log

附件: 20080813_2.log

附件: 20080813_3.log
烟柳 - 2008-8-14 10:57:00
第一篇日志好像没有什么问题。
叶陵君 - 2008-8-14 11:41:00
第一篇删除以下
用SRE 启动项目-- 注册表启动项 --删除以下
<bootvidgj.dll><C:\WINDOWS\system32\bootvidgj.dll> 
    <kbdswjr.dll><C:\WINDOWS\system32\kbdswjr.dll>
    <msobjstl.dll><C:\WINDOWS\system32\msobjstl.dll> 
    <rasdlgcq.dll><C:\WINDOWS\system32\rasdlgcq.dll>
    <zkppcvyh.dll><C:\WINDOWS\system32\bzahpuuj.dll>
    <vhdfotay.dll><C:\WINDOWS\system32\bzahpuuj.dll> 
    <imgutilhx2.dll><C:\WINDOWS\system32\imgutilhx2.dll> 
    <cliconfgzx.dll><C:\WINDOWS\system32\cliconfgzx.dll>
    <bzahpuuj.dll><C:\WINDOWS\system32\bzahpuuj.dll>
    <adsntzt.dll><C:\WINDOWS\system32\adsntzt.dll> 
    <slbiopfs2.dll><C:\WINDOWS\system32\slbiopfs2.dll>
    C:\WINDOWS\upxdnd.exe
    C:\Program Files\yok\yok.exe
烟柳 - 2008-8-14 11:41:00
日志2

1.建议使用XDelBox删除以下文件:(XDelBox1.7下载http://bbs.ikaka.com/showtopic-8446160.aspx)
使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入,导入后在要删除

文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动

存储介质(包括U盘,MP3,手机存储卡等)。


2.删除重启后使用SREng修复下面各项:
    启动项目 --注册表之如下项删除:

<{5E907A48-400E-4EA8-9792-FFAE052D59E9}><C:\WINDOWS\system32\pedadt.dll>  []
<{0B846B26-BFE6-4E8E-A948-1DB17B77B483}><C:\WINDOWS\system32\tdfhex.dll>  []
<{841529CB-7F77-4B99-A895-B5441E0D302F}><C:\WINDOWS\system32\jfrwdh.dll>  []


    启动项目 -- 服务 -- 驱动之如下项删除:
[DS1410D / DS1410D][Stopped/Auto Start]
  <SYSTEM32\drivers\DS1410D.SYS><N/A>

    启动项目 -- 服务-- 浏览器加载项之如下项删除:
[]
  {D47A61B8-0EAB-417F-8DF4-5C949982A2AF} <C:\ProgramFiles\Internet Explorer\PLUGINS\Windows64.Sys,

N/A>

开始----运行-----输入 msconfig 确定-----启动-----把 HBService.exe 前面的√ 去掉、确定、即可、

1.建议使用XDelBox删除以下文件:(Xdelbox1.7下载地址:http://www.qispace.com.cn/read.php/1.htm    的工具19)
使用说明:先勾选抑制再生,删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入不检查路径,导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。
[C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
 
    <C:\WINDOWS\system32\dpvvoxmh.dll>  []
    <C:\WINDOWS\system32\bootvidgj.dll>  []
    <C:\WINDOWS\system32\dispexcb.dll>  []
    <C:\WINDOWS\system32\catsrvwl.dll>  []
    <C:\WINDOWS\system32\wklsdd.dll>  []
    <C:\WINDOWS\system32\fofedzyo.dll>  []
    <C:\WINDOWS\system32\jfdses.dll>  []
    <C:\WINDOWS\system32\dntggf.dll>  [N/A]
    <C:\WINDOWS\system32\sgdewg.dll>  [N/A]
    <C:\WINDOWS\system32\hhrdxd.dll>  []
    <C:\WINDOWS\system32\adsntzt.dll>  []
    <C:\WINDOWS\system32\zycdex.dll>  [N/A]
    <C:\WINDOWS\system32\jhfrxz.dll>  []
    <C:\WINDOWS\system32\cliconfgzx.dll>  []
    <C:\WINDOWS\system32\jdsaex.dll>  []
    <C:\WINDOWS\system32\kbdswjr.dll>  []
    <C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys>  []
    <C:\WINDOWS\system32\mttwfh.dll>  []
    <C:\WINDOWS\system32\360mon.dll>  []
    <C:\WINDOWS\system32\wrqszl.dll>  []
    <C:\WINDOWS\system32\zgtwfx.dll>  [N/A]
    <C:\WINDOWS\system32\fsrgeb.dll>  [N/A]
    <C:\WINDOWS\system32\tdggrz.dll>  [N/A]
    <C:\WINDOWS\system32\fmcvxy.dll>  []
    <C:\WINDOWS\system32\wyrsdj.dll>  []
    <C:\WINDOWS\system32\zsdgff.dll>  [N/A]
    <C:\WINDOWS\system32\kgfghd.dll>  []
    <C:\Program Files\Internet Explorer\ExploreNt.Sys>  []
    <C:\Program Files\Internet Explorer\ExploreNt.win>  []
    <C:\Program Files\Internet Explorer\ExploreNt.Dat>  []
    C:\WINDOWS\Fonts\ijdycpaw.dll>  []
    <C:\WINDOWS\system32\certmgrkd.dll>  []
    <C:\WINDOWS\system32\lweurqhx.dll>  []
    <C:\WINDOWS\system32\imgutilhx2.dll>  []
    <C:\WINDOWS\system32\avicapwm.dll>  []
    <C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys>  []
    <C:\WINDOWS\system32\jfrwdh.dll>  [N/A]
    <C:\WINDOWS\system32\ddserh.dll>  []
    <C:\WINDOWS\system32\wzcfsw.dll>  [N/A]

2.删除重启后使用SREng修复下面各项:

    启动项目 -- 注册表之如下项删除:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<{2876D76C-CAAA-4313-AF97-8D1D9A2A1087}><C:\WINDOWS\system32\dpvvoxmh.dll>  []
    <{D3112B69-A745-4805-874E-ABD480EA1299}><C:\WINDOWS\system32\bootvidgj.dll>  []
    <{76D44356-B494-443a-BEDC-AA68DE4255E6}><C:\WINDOWS\system32\dispexcb.dll>  []
    <{AF976DCD-754F-4ac2-BE49-951DC7AA57D2}><C:\WINDOWS\system32\catsrvwl.dll>  []
    <{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}><C:\WINDOWS\system32\wklsdd.dll>  []
    <{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}><C:\WINDOWS\system32\fofedzyo.dll>  []
    <{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}><C:\WINDOWS\system32\jfdses.dll>  []
    <{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}><C:\WINDOWS\system32\dntggf.dll>  [N/A]
    <{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINDOWS\system32\sgdewg.dll>  [N/A]
    <{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}><C:\WINDOWS\system32\hhrdxd.dll>  []
    <{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}><C:\WINDOWS\system32\adsntzt.dll>  []
    <{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><C:\WINDOWS\system32\zycdex.dll>  [N/A]
    <{7914E0AA-ECCB-4311-B584-C49538227824}><C:\WINDOWS\system32\jhfrxz.dll>  []
    <{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}><C:\WINDOWS\system32\cliconfgzx.dll>  []
    <{B29583D8-033A-4B9F-8553-7C5458F3FB8E}><C:\WINDOWS\system32\jdsaex.dll>  []
    <{432BDC7C-DE5B-43f4-AA81-E7F8AFB0182D}><C:\WINDOWS\system32\kbdswjr.dll>  []
    <{21E5BB9B-86BD-43C0-A53F-B94FCA0C9277}><C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys>  []
    <{021F087F-4378-545F-74FA-37D345AD7A8C}><C:\WINDOWS\system32\mttwfh.dll>  []
    <{AEB6717E-7E19-21d2-97EE-00C04FD91972}><C:\WINDOWS\system32\360mon.dll>  []
    <{F99DEFDD-200B-4410-B572-E90883D527D2}><C:\WINDOWS\system32\wrqszl.dll>  []
    <{006CA8A1-61BC-4774-A54C-F49034270BAD}><C:\WINDOWS\system32\zgtwfx.dll>  [N/A]
    <{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}><C:\WINDOWS\system32\fsrgeb.dll>  [N/A]
    <{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}><C:\WINDOWS\system32\tdggrz.dll>  [N/A]
    <{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}><C:\WINDOWS\system32\fmcvxy.dll>  []
    <{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}><C:\WINDOWS\system32\wyrsdj.dll>  []
    <{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}><C:\WINDOWS\system32\zsdgff.dll>  [N/A]
    <{50A8A8C4-EDC9-4ABD-A0A2-2E2418982189}><C:\WINDOWS\system32\kgfghd.dll>  []
    <{0CD9CB21-F56C-4AE1-B188-39F1E8D692AB}><C:\Program Files\Internet Explorer\ExploreNt.Sys>  []
    <{D51510C1-ECEA-45F7-B782-FE0EC2D2535D}><C:\Program Files\Internet Explorer\ExploreNt.win>  []
    <{53AC264F-6DD8-41D9-921F-01FAAEA95C8B}><C:\Program Files\Internet Explorer\ExploreNt.Dat>  []
    <{3A698452-C5D8-C584-C256-C264C987C5A3}><C:\WINDOWS\Fonts\ijdycpaw.dll>  []
    <{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}><C:\WINDOWS\system32\certmgrkd.dll>  []
    <{71A78CD4-E470-4a18-8457-E0E0283DD507}><C:\WINDOWS\system32\lweurqhx.dll>  []
    <{00300030-0030-0030-0030-00300030BB15}><C:\WINDOWS\system32\imgutilhx2.dll>  []
    <{6B9FEAD7-4319-4312-AB05-D8C9CD255BFE}><C:\WINDOWS\system32\avicapwm.dll>  []
    <{86899D14-95D7-4E22-8AB3-7ACC53076FC9}><C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys>  []
    <{841529CB-7F77-4B99-A895-B5441E0D302F}><C:\WINDOWS\system32\jfrwdh.dll>  [N/A]
    <{A9895933-6636-4281-BC58-EE6DE2AF96E3}><C:\WINDOWS\system32\ddserh.dll>  []
    <{28766E1C-74B0-4417-8C75-F12AE309EF35}><C:\WINDOWS\system32\wzcfsw.dll>  [N/A]
    <AppInit_DLLs><HBmhly.dll>  []
  启动项目 -- 服务-- 驱动程序之如下项禁用:
C:\WINDOWS\system32\svchost -k rpcss-->C:\WINDOWS\system32\srpcss.dll><N/A>
c:\windows\system32\svchost.exe rpcss c:\windows\system32\srpcss.dll,srpcss.dll文件为病毒文件,正常文件应为c:\windows\system32\rpcss.dll。病毒文件被杀软删除后该服务被停用,此时就是重新开启服务也是不可能达到的。后通过修改注册表数值来修复该服务,重启后一切恢复正常。

处理方法,先找到rpcss.dll文件进行检查,看文件是否正常。然后打开注册表编辑器,搜索srpcss.dll文件,将所有搜索到的有关srpcss.dll的位置改成rpcss.dll。接下来在运行中打入services.msc,找到Remote Procedure Call (RPC),右键点启动。重启后将一切恢复正常。
以上为网上查到的资料。

.系统修复-- 浏览器加载项之如下项删除:
{0CD9CB21-F56C-4AE1-B188-39F1E8D692AB} <C:\Program Files\Internet Explorer\ExploreNt.Sys, N/A>
[]
  {21E5BB9B-86BD-43C0-A53F-B94FCA0C9277} <C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys,
[]
  {53AC264F-6DD8-41D9-921F-01FAAEA95C8B} <C:\Program Files\Internet Explorer\ExploreNt.Dat, N/A>!!
[]
  {86899D14-95D7-4E22-8AB3-7ACC53076FC9} <C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys, N/A>
{D51510C1-ECEA-45F7-B782-FE0EC2D2535D} <C:\Program Files\Internet Explorer\ExploreNt.win, N/A>
叶陵君 - 2008-8-14 12:05:00
启动项目
注册表删除如下
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
 
<HBService><HBInject.exe>  []
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><HBmhly.dll>  []   
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
 
    <{2876D76C-CAAA-4313-AF97-8D1D9A2A1087}><C:\WINDOWS\system32\dpvvoxmh.dll>  []
    <{D3112B69-A745-4805-874E-ABD480EA1299}><C:\WINDOWS\system32\bootvidgj.dll>  []
    <{76D44356-B494-443a-BEDC-AA68DE4255E6}><C:\WINDOWS\system32\dispexcb.dll>  []
    <{AF976DCD-754F-4ac2-BE49-951DC7AA57D2}><C:\WINDOWS\system32\catsrvwl.dll>  []
    <{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}><C:\WINDOWS\system32\wklsdd.dll>  []
    <{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}><C:\WINDOWS\system32\fofedzyo.dll>  []
    <{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}><C:\WINDOWS\system32\jfdses.dll>  []
    <{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}><C:\WINDOWS\system32\dntggf.dll>  [N/A]
    <{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINDOWS\system32\sgdewg.dll>  [N/A]
    <{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}><C:\WINDOWS\system32\hhrdxd.dll>  []
    <{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}><C:\WINDOWS\system32\adsntzt.dll>  []
    <{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><C:\WINDOWS\system32\zycdex.dll>  [N/A]
    <{7914E0AA-ECCB-4311-B584-C49538227824}><C:\WINDOWS\system32\jhfrxz.dll>  []
    <{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}><C:\WINDOWS\system32\cliconfgzx.dll>  []
    <{B29583D8-033A-4B9F-8553-7C5458F3FB8E}><C:\WINDOWS\system32\jdsaex.dll>  []
    <{432BDC7C-DE5B-43f4-AA81-E7F8AFB0182D}><C:\WINDOWS\system32\kbdswjr.dll>  []
    <{21E5BB9B-86BD-43C0-A53F-B94FCA0C9277}><C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys>  []
    <{021F087F-4378-545F-74FA-37D345AD7A8C}><C:\WINDOWS\system32\mttwfh.dll>  []
    <{AEB6717E-7E19-21d2-97EE-00C04FD91972}><C:\WINDOWS\system32\360mon.dll>  []
    <{F99DEFDD-200B-4410-B572-E90883D527D2}><C:\WINDOWS\system32\wrqszl.dll>  []
    <{006CA8A1-61BC-4774-A54C-F49034270BAD}><C:\WINDOWS\system32\zgtwfx.dll>  [N/A]
    <{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}><C:\WINDOWS\system32\fsrgeb.dll>  [N/A]
    <{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}><C:\WINDOWS\system32\tdggrz.dll>  [N/A]
    <{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}><C:\WINDOWS\system32\fmcvxy.dll>  []
    <{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}><C:\WINDOWS\system32\wyrsdj.dll>  []
    <{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}><C:\WINDOWS\system32\zsdgff.dll>  [N/A]
    <{50A8A8C4-EDC9-4ABD-A0A2-2E2418982189}><C:\WINDOWS\system32\kgfghd.dll>  []
    <{0CD9CB21-F56C-4AE1-B188-39F1E8D692AB}><C:\Program Files\Internet Explorer\ExploreNt.Sys>  []
    <{D51510C1-ECEA-45F7-B782-FE0EC2D2535D}><C:\Program Files\Internet Explorer\ExploreNt.win>  []
    <{53AC264F-6DD8-41D9-921F-01FAAEA95C8B}><C:\Program Files\Internet Explorer\ExploreNt.Dat>  []
    <{3A698452-C5D8-C584-C256-C264C987C5A3}><C:\WINDOWS\Fonts\ijdycpaw.dll>  []
    <{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}><C:\WINDOWS\system32\certmgrkd.dll>  []
    <{71A78CD4-E470-4a18-8457-E0E0283DD507}><C:\WINDOWS\system32\lweurqhx.dll>  []
    <{00300030-0030-0030-0030-00300030BB15}><C:\WINDOWS\system32\imgutilhx2.dll>  []
    <{6B9FEAD7-4319-4312-AB05-D8C9CD255BFE}><C:\WINDOWS\system32\avicapwm.dll>  []
    <{86899D14-95D7-4E22-8AB3-7ACC53076FC9}><C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys>  []
    <{841529CB-7F77-4B99-A895-B5441E0D302F}><C:\WINDOWS\system32\jfrwdh.dll>  [N/A]
    <{A9895933-6636-4281-BC58-EE6DE2AF96E3}><C:\WINDOWS\system32\ddserh.dll>  []
    <{28766E1C-74B0-4417-8C75-F12AE309EF35}><C:\WINDOWS\system32\wzcfsw.dll>  [N/A]
 
==================================
驱动程序删除如下


[HBKernel Driver / HBKernel][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\HBKernel.sys><N/A>
[msiffei / msiffei][Stopped/Manual Start]
  <System32\Drivers\msiffei.sys><N/A>

动态链接库删除如下

    [C:\WINDOWS\system32\gdipro.dll]  [N/A, ]
    [C:\WINDOWS\system32\sys07003.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\dispexcb.dll]  [N/A, ]
    [C:\WINDOWS\system32\catsrvwl.dll]  [N/A, ]
    [C:\WINDOWS\system32\wklsdd.dll]  [N/A, ]
    [C:\WINDOWS\system32\fofedzyo.dll]  [N/A, ]
    [C:\WINDOWS\system32\jfdses.dll]  [N/A, ]
    [C:\WINDOWS\system32\hhrdxd.dll]  [N/A, ]
    [C:\WINDOWS\system32\adsntzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\jhfrxz.dll]  [N/A, ]
    [C:\WINDOWS\system32\cliconfgzx.dll]  [N/A, ]
    [C:\WINDOWS\system32\jdsaex.dll]  [N/A, ]
    [C:\WINDOWS\system32\kbdswjr.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys]  [N/A, ]
    [C:\WINDOWS\system32\mttwfh.dll]  [N/A, ]
    [C:\WINDOWS\system32\wrqszl.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmcvxy.dll]  [N/A, ]
    [C:\WINDOWS\system32\wyrsdj.dll]  [N/A, ]
    [C:\WINDOWS\system32\kgfghd.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\ExploreNt.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\ExploreNt.win]  [N/A, ]
    [C:\Program Files\Internet Explorer\ExploreNt.Dat]  [N/A, ]
    [C:\WINDOWS\Fonts\ijdycpaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\certmgrkd.dll]  [N/A, ]
    [C:\WINDOWS\system32\lweurqhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\imgutilhx2.dll]  [N/A, ]
    [C:\WINDOWS\system32\avicapwm.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys]  [N/A, ]
    [C:\WINDOWS\system32\ddserh.dll]  [N/A, ]
    [C:\WINDOWS\system32\gbynoji.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\nifuvq.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys]  [N/A, ]
    [C:\WINDOWS\system32\avicapwm.dll]  [N/A, ]
    [C:\WINDOWS\system32\imgutilhx2.dll]  [N/A, ]
    [C:\WINDOWS\system32\lweurqhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\certmgrkd.dll]  [N/A, ]
    [C:\WINDOWS\system32\kbdswjr.dll]  [N/A, ]
    [C:\WINDOWS\system32\cliconfgzx.dll]  [N/A, ]
    [C:\WINDOWS\system32\adsntzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\fofedzyo.dll]  [N/A, ]
    [C:\WINDOWS\system32\catsrvwl.dll]  [N/A, ]
    [C:\WINDOWS\system32\dispexcb.dll]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
    C:\WINDOWS\system32\gbynoji.dll
没有眼泪 - 2008-8-14 12:26:00
第一篇日志
使用XDelBox删除以下文件
c:\windows\system32\bootvidgj.dll
c:\windows\system32\kbdswjr.dll
c:\windows\system32\msobjstl.dll
c:\windows\system32\rasdlgcq.dll
c:\windows\system32\bzahpuuj.dll
c:\windows\system32\imgutilhx2.dll
c:\windows\system32\cliconfgzx.dll
c:\windows\system32\adsntzt.dll
c:\windows\system32\slbiopfs2.dll
c:\program files\yok\yok.exe
c:\windows\upxdnd.exe
c:\docume~1\new\locals~1\temp\1.tmp
d:\program files\tencent\qq\npkycryp.sys

删除重启后用icesword找到c:\windows\system32\svchost.xy3,强制删除
启动项目 -- 注册表之如下项删除:
[bootvidgj.dll]    <C:\WINDOWS\system32\bootvidgj.dll>
[kbdswjr.dll]    <C:\WINDOWS\system32\kbdswjr.dll>
[msobjstl.dll]    <C:\WINDOWS\system32\msobjstl.dll>
[rasdlgcq.dll]    <C:\WINDOWS\system32\rasdlgcq.dll>
[zkppcvyh.dll]    <C:\WINDOWS\system32\bzahpuuj.dll>
[vhdfotay.dll]    <C:\WINDOWS\system32\bzahpuuj.dll>
[imgutilhx2.dll]    <C:\WINDOWS\system32\imgutilhx2.dll>
[cliconfgzx.dll]    <C:\WINDOWS\system32\cliconfgzx.dll>
[bzahpuuj.dll]    <C:\WINDOWS\system32\bzahpuuj.dll>
[adsntzt.dll]    <C:\WINDOWS\system32\adsntzt.dll>
[slbiopfs2.dll]    <C:\WINDOWS\system32\slbiopfs2.dll>
[yok.exe]    <; C:\Program Files\yok\yok.exe>
[upxdnd]    <; C:\WINDOWS\upxdnd.exe>
注意该项[Userinit]修改:把<C:\WINDOWS\system32\userinit.exe,svchost.xy3>修改为<C:\WINDOWS\system32\userinit.exe,>逗号不可省略

  启动项目 -- 服务-- 驱动程序之如下项禁用:
[IIS Manager  / IIS Manager ]    <\??\C:\DOCUME~1\new\LOCALS~1\Temp\1.tmp>
[npkycryp / npkycryp]    <\??\D:\Program Files\Tencent\QQ\npkycryp.sys>








第二篇日志
使用XDelBox删除以下文件
c:\windows\system32\hbinject.exe
c:\windows\system32\squ\svchost.exe
c:\program files\internet explorer\explorent.dat
c:\program files\internet explorer\explorent.sys
c:\program files\internet explorer\explorent.win
c:\program files\internet explorer\plugins\unixsys08.sys
c:\program files\internet explorer\plugins\winnt64.sys
c:\windows\system32\360mon.dll
c:\windows\system32\adsntzt.dll
c:\windows\system32\avicapwm.dll
c:\windows\system32\bootvidgj.dll
c:\windows\system32\catsrvwl.dll
c:\windows\system32\certmgrkd.dll
c:\windows\system32\cliconfgzx.dll
c:\windows\system32\ddserh.dll
c:\windows\system32\dispexcb.dll
c:\windows\system32\dpvvoxmh.dll
c:\windows\system32\fmcvxy.dll
c:\windows\system32\fofedzyo.dll
c:\windows\system32\gbynoji.dll
c:\windows\system32\hbmhly.dll
c:\windows\system32\hhrdxd.dll
c:\windows\system32\imgutilhx2.dll
c:\windows\system32\jdsaex.dll
c:\windows\system32\jfdses.dll
c:\windows\system32\jhfrxz.dll
c:\windows\system32\kbdswjr.dll
c:\windows\system32\kgfghd.dll
c:\windows\system32\lweurqhx.dll
c:\windows\system32\mttwfh.dll
c:\windows\system32\wklsdd.dll
c:\windows\system32\wrqszl.dll
c:\windows\system32\wyrsdj.dll
c:\windows\fonts\ijdycpaw.dll
c:\windows\system32\wzcfsw.dll
c:\windows\system32\jfrwdh.dll
c:\windows\system32\zsdgff.dll
c:\windows\system32\tdggrz.dll
c:\windows\system32\fsrgeb.dll
c:\windows\system32\zgtwfx.dll
c:\windows\system32\zycdex.dll
c:\windows\system32\sgdewg.dll
c:\windows\system32\dntggf.dll
c:\windows\system32\hbmhly.dll
c:\windows\system32\kncer32.exe
c:\windows\system32\srpcss.dll
c:\windows\system32\drivers\msiffei.sys
c:\windows\system32\drivers\hbkernel.sys

2.删除重启后使用SREng修复下面各项:

    启动项目 -- 注册表之如下项删除:
[{28766E1C-74B0-4417-8C75-F12AE309EF35}]    <C:\WINDOWS\system32\wzcfsw.dll>
[{A9895933-6636-4281-BC58-EE6DE2AF96E3}]    <C:\WINDOWS\system32\ddserh.dll>
[{841529CB-7F77-4B99-A895-B5441E0D302F}]    <C:\WINDOWS\system32\jfrwdh.dll>
[{86899D14-95D7-4E22-8AB3-7ACC53076FC9}]    <C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys>
[{6B9FEAD7-4319-4312-AB05-D8C9CD255BFE}]    <C:\WINDOWS\system32\avicapwm.dll>
[{00300030-0030-0030-0030-00300030BB15}]    <C:\WINDOWS\system32\imgutilhx2.dll>
[{71A78CD4-E470-4a18-8457-E0E0283DD507}]    <C:\WINDOWS\system32\lweurqhx.dll>
[{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}]    <C:\WINDOWS\system32\certmgrkd.dll>
[{3A698452-C5D8-C584-C256-C264C987C5A3}]    <C:\WINDOWS\Fonts\ijdycpaw.dll>
[{53AC264F-6DD8-41D9-921F-01FAAEA95C8B}]    <C:\Program Files\Internet Explorer\ExploreNt.Dat>
[{D51510C1-ECEA-45F7-B782-FE0EC2D2535D}]    <C:\Program Files\Internet Explorer\ExploreNt.win>
[{0CD9CB21-F56C-4AE1-B188-39F1E8D692AB}]    <C:\Program Files\Internet Explorer\ExploreNt.Sys>
[{50A8A8C4-EDC9-4ABD-A0A2-2E2418982189}]    <C:\WINDOWS\system32\kgfghd.dll>
[{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}]    <C:\WINDOWS\system32\zsdgff.dll>
[{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}]    <C:\WINDOWS\system32\wyrsdj.dll>
[{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}]    <C:\WINDOWS\system32\fmcvxy.dll>
[{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}]    <C:\WINDOWS\system32\tdggrz.dll>
[{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}]    <C:\WINDOWS\system32\fsrgeb.dll>
[{006CA8A1-61BC-4774-A54C-F49034270BAD}]    <C:\WINDOWS\system32\zgtwfx.dll>
[{F99DEFDD-200B-4410-B572-E90883D527D2}]    <C:\WINDOWS\system32\wrqszl.dll>
[{AEB6717E-7E19-21d2-97EE-00C04FD91972}]    <C:\WINDOWS\system32\360mon.dll>
[{021F087F-4378-545F-74FA-37D345AD7A8C}]    <C:\WINDOWS\system32\mttwfh.dll>
[{21E5BB9B-86BD-43C0-A53F-B94FCA0C9277}]    <C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys>
[{432BDC7C-DE5B-43f4-AA81-E7F8AFB0182D}]    <C:\WINDOWS\system32\kbdswjr.dll>
[{B29583D8-033A-4B9F-8553-7C5458F3FB8E}]    <C:\WINDOWS\system32\jdsaex.dll>
[{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}]    <C:\WINDOWS\system32\cliconfgzx.dll>
[{7914E0AA-ECCB-4311-B584-C49538227824}]    <C:\WINDOWS\system32\jhfrxz.dll>
[{45AADFAA-DD36-42AB-83AD-0521BBF58C24}]    <C:\WINDOWS\system32\zycdex.dll>
[{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}]    <C:\WINDOWS\system32\adsntzt.dll>
[{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}]    <C:\WINDOWS\system32\hhrdxd.dll>
[{8C41B7F7-3168-400D-A702-0E7EFE0BA304}]    <C:\WINDOWS\system32\sgdewg.dll>
[{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}]    <C:\WINDOWS\system32\dntggf.dll>
[{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}]    <C:\WINDOWS\system32\jfdses.dll>
[{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}]    <C:\WINDOWS\system32\fofedzyo.dll>
[{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}]    <C:\WINDOWS\system32\wklsdd.dll>
[{AF976DCD-754F-4ac2-BE49-951DC7AA57D2}]    <C:\WINDOWS\system32\catsrvwl.dll>
[{76D44356-B494-443a-BEDC-AA68DE4255E6}]    <C:\WINDOWS\system32\dispexcb.dll>
[{D3112B69-A745-4805-874E-ABD480EA1299}]    <C:\WINDOWS\system32\bootvidgj.dll>
[{2876D76C-CAAA-4313-AF97-8D1D9A2A1087}]    <C:\WINDOWS\system32\dpvvoxmh.dll>
[kcien32]    <kncer32.exe>
注意该项[AppInit_DLLs]修改:把<HBmhly.dll>修改为<>即清空
 

    启动项目 -- 服务-- 驱动程序之如下项禁用:
[msiffei / msiffei]    <System32\Drivers\msiffei.sys>
[HBKernel Driver / HBKernel]    <\SystemRoot\system32\DRIVERS\HBKernel.sys>

用Windows清理助手升级后可以自动修复这个服务
[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]
  <C:\WINDOWS\system32\svchost -k rpcss-->C:\WINDOWS\system32\srpcss.dll><N/A>






第三篇日志
使用XDelBox删除以下文件
c:\netapi000.sys
c:\windows\system32\d32dx9.sys
启动项目 -- 注册表之如下项删除:
[uepugifk.dll]    <>
[cliconfgzx.dll]    <>
[rasdlgcq.dll]    <>
[midimapmy]    <>
[{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}]    <>
[{45AADFAA-DD36-42AB-83AD-0521BBF58C24}]    <>

启动项目 -- 服务-- 驱动程序之如下项禁用:
[NetApi000 / NetApi000]    <\??\C:\NetApi000.sys>
[HiddFldy / HiddFldy]    <\??\C:\WINDOWS\system32\d32dx9.sys>
雨君009 - 2008-8-14 14:49:00
第1篇日志

1.建议使用XDelBox删除以下文件

; c:\windows\upxdnd.exe
c:\windows\system32\bootvidgj.dll
c:\windows\system32\kbdswjr.dll
c:\windows\system32\msobjstl.dll
c:\windows\system32\rasdlgcq.dll
c:\windows\system32\bzahpuuj.dll
c:\windows\system32\imgutilhx2.dll
c:\windows\system32\cliconfgzx.dll
c:\windows\system32\adsntzt.dll
c:\windows\system32\slbiopfs2.dll

2.删除重启后使用SREng修复下面各项:

    启动项目 -- 注册表之如下项删除:
[upxdnd]    <; C:\WINDOWS\upxdnd.exe>
[bootvidgj.dll]    <C:\WINDOWS\system32\bootvidgj.dll>
[kbdswjr.dll]    <C:\WINDOWS\system32\kbdswjr.dll>
[msobjstl.dll]    <C:\WINDOWS\system32\msobjstl.dll>
[rasdlgcq.dll]    <C:\WINDOWS\system32\rasdlgcq.dll>
[zkppcvyh.dll]    <C:\WINDOWS\system32\bzahpuuj.dll>
[vhdfotay.dll]    <C:\WINDOWS\system32\bzahpuuj.dll>
[imgutilhx2.dll]    <C:\WINDOWS\system32\imgutilhx2.dll>
[cliconfgzx.dll]    <C:\WINDOWS\system32\cliconfgzx.dll>
[bzahpuuj.dll]    <C:\WINDOWS\system32\bzahpuuj.dll>
[adsntzt.dll]    <C:\WINDOWS\system32\adsntzt.dll>
[slbiopfs2.dll]    <C:\WINDOWS\system32\slbiopfs2.dll>

svchost.xy3
雨君009 - 2008-8-14 15:07:00
第二个日志
1.建议使用XDelBox删除以下文件
HBmhly.dll
c:\windows\system32\gdipro.dll
c:\windows\system32\sys07003.dll
c:\windows\fonts\ijdycpaw.dll
c:\windows\system32\360mon.dll
c:\windows\system32\adsntzt.dll
c:\windows\system32\avicapwm.dll
c:\windows\system32\bootvidgj.dll
c:\windows\system32\catsrvwl.dll
c:\windows\system32\certmgrkd.dll
c:\windows\system32\cliconfgzx.dll
c:\windows\system32\ddserh.dll
c:\windows\system32\dispexcb.dll
c:\windows\system32\dpvvoxmh.dll
c:\windows\system32\fmcvxy.dll
c:\windows\system32\fofedzyo.dll
c:\windows\system32\gbynoji.dll
c:\windows\system32\hbmhly.dll
c:\windows\system32\hhrdxd.dll
c:\windows\system32\imgutilhx2.dll
c:\windows\system32\jdsaex.dll
c:\windows\system32\jfdses.dll
c:\windows\system32\jhfrxz.dll
c:\windows\system32\kbdswjr.dll
c:\windows\system32\kgfghd.dll
c:\windows\system32\lweurqhx.dll
c:\windows\system32\mttwfh.dll
c:\windows\system32\wklsdd.dll
c:\windows\system32\wrqszl.dll
c:\windows\system32\wyrsdj.dll
c:\program files\internet explorer\explorent.dat
c:\program files\internet explorer\explorent.sys
c:\program files\internet explorer\explorent.win
c:\program files\internet explorer\plugins\unixsys08.sys
c:\program files\internet explorer\plugins\winnt64.sys
c:\windows\system32\zsdgff.dll
c:\windows\system32\tdggrz.dll
c:\windows\system32\fsrgeb.dll
c:\windows\system32\zgtwfx.dll
c:\windows\system32\zycdex.dll
c:\windows\system32\sgdewg.dll
c:\windows\system32\dntggf.dll
kncer32.exe
c:\program files\sohutv_web\systrayicon.exe "c:\program files\sohutv_web" "4459cccfdc0a444d7eb4f49e09981772" "1.0.0.4" ""
hbinject.exe
c:\windows\system32\svchost -k rpcss-->c:\windows\system32\srpcss.dll
c:\windows\system32\drivers\secdrv.sys
c:\windows\system32\drivers\msiffei.sys
c:\windows\downlo~1\inputc~1.dll
c:\windows\system32\drivers\hbkernel.sys

2.删除重启后使用SREng修复下面各项:

    启动项目 -- 注册表之如下项删除:
[{50A8A8C4-EDC9-4ABD-A0A2-2E2418982189}]    <C:\WINDOWS\system32\kgfghd.dll>
[{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}]    <C:\WINDOWS\system32\zsdgff.dll>
[{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}]    <C:\WINDOWS\system32\wyrsdj.dll>
[{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}]    <C:\WINDOWS\system32\fmcvxy.dll>
[{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}]    <C:\WINDOWS\system32\tdggrz.dll>
[{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}]    <C:\WINDOWS\system32\fsrgeb.dll>
[{006CA8A1-61BC-4774-A54C-F49034270BAD}]    <C:\WINDOWS\system32\zgtwfx.dll>
[{F99DEFDD-200B-4410-B572-E90883D527D2}]    <C:\WINDOWS\system32\wrqszl.dll>
[{AEB6717E-7E19-21d2-97EE-00C04FD91972}]    <C:\WINDOWS\system32\360mon.dll>
[{021F087F-4378-545F-74FA-37D345AD7A8C}]    <C:\WINDOWS\system32\mttwfh.dll>
[{21E5BB9B-86BD-43C0-A53F-B94FCA0C9277}]    <C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys>
[{432BDC7C-DE5B-43f4-AA81-E7F8AFB0182D}]    <C:\WINDOWS\system32\kbdswjr.dll>
[{B29583D8-033A-4B9F-8553-7C5458F3FB8E}]    <C:\WINDOWS\system32\jdsaex.dll>
[{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}]    <C:\WINDOWS\system32\cliconfgzx.dll>
[{7914E0AA-ECCB-4311-B584-C49538227824}]    <C:\WINDOWS\system32\jhfrxz.dll>
[{45AADFAA-DD36-42AB-83AD-0521BBF58C24}]    <C:\WINDOWS\system32\zycdex.dll>
[{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}]    <C:\WINDOWS\system32\adsntzt.dll>
[{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}]    <C:\WINDOWS\system32\hhrdxd.dll>
[{8C41B7F7-3168-400D-A702-0E7EFE0BA304}]    <C:\WINDOWS\system32\sgdewg.dll>
[{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}]    <C:\WINDOWS\system32\dntggf.dll>
[{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}]    <C:\WINDOWS\system32\jfdses.dll>
[{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}]    <C:\WINDOWS\system32\fofedzyo.dll>
[{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}]    <C:\WINDOWS\system32\wklsdd.dll>
[{AF976DCD-754F-4ac2-BE49-951DC7AA57D2}]    <C:\WINDOWS\system32\catsrvwl.dll>
[{AF976DCD-754F-4ac2-BE49-951DC7AA57D2}]    <C:\WINDOWS\system32\catsrvwl.dll>
[{76D44356-B494-443a-BEDC-AA68DE4255E6}]    <C:\WINDOWS\system32\dispexcb.dll>
[{D3112B69-A745-4805-874E-ABD480EA1299}]    <C:\WINDOWS\system32\bootvidgj.dll>
[{2876D76C-CAAA-4313-AF97-8D1D9A2A1087}]    <C:\WINDOWS\system32\dpvvoxmh.dll>
[kcien32]    <kncer32.exe>
[搜狐彩电网页版]    <C:\Program Files\sohutv_web\SysTrayIcon.exe "C:\Program Files\sohutv_web" "4459cccfdc0a444d7eb4f49e09981772" "1.0.0.4" "">
[HBService]    <HBInject.exe>

    启动项目 -- 服务 -- Win32服务应用程序之如下项删除:
[Remote Procedure Call (RPC) / RpcSs]    <C:\WINDOWS\system32\svchost -k rpcss-->C:\WINDOWS\system32\srpcss.dll>

    启动项目 -- 服务-- 驱动程序之如下项删除:
[Secdrv / Secdrv]    <system32\DRIVERS\secdrv.sys>
[msiffei / msiffei]    <System32\Drivers\msiffei.sys>
[HBKernel Driver / HBKernel]    <\SystemRoot\system32\DRIVERS\HBKernel.sys>

    系统修复-- 浏览器加载项之如下项删除:
[]    <C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys>
[AxInputControl Class]    <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL>
[]    <C:\Program Files\Internet Explorer\ExploreNt.Dat>
[]    <C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys>
[]    <C:\Program Files\Internet Explorer\ExploreNt.Sys>
[]    <C:\Program Files\Internet Explorer\ExploreNt.win>
[]    <C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys>
[]    <C:\Program Files\Internet Explorer\ExploreNt.Dat>
[]    <C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys>
[]    <C:\Program Files\Internet Explorer\ExploreNt.Sys>
雨君009 - 2008-8-14 15:13:00
第3遍日志
1.建议使用XDelBox删除以下文件

c:\netapi000.sys
c:\windows\system32\d32dx9.sys

2.删除重启后使用SREng修复下面各项:

    启动项目 -- 注册表之如下项删除:
[uepugifk.dll]    <>
[cliconfgzx.dll]    <>
[rasdlgcq.dll]    <>
[midimapmy]    <>
[{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}]    <>
[{45AADFAA-DD36-42AB-83AD-0521BBF58C24}]    <>

    启动项目 -- 服务-- 驱动程序之如下项删除:
[NetApi000 / NetApi000]    <\??\C:\NetApi000.sys>
[HiddFldy / HiddFldy]    <\??\C:\WINDOWS\system32\d32dx9.sys>
heiyeuiu - 2008-8-14 17:51:00
日志1
修改注册表中启动项
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <Userinit><C:\WINDOWS\system32\userinit.exe,svchost.xy3> 修改为
    <Userinit><C:\WINDOWS\system32\userinit.exe,> 在注册表中删除以下项,这些项中的文件已经被删除了,只是还有没用的启动项。
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <bootvidgj.dll><C:\WINDOWS\system32\bootvidgj.dll>    <kbdswjr.dll><C:\WINDOWS\system32\kbdswjr.dll>
    <msobjstl.dll><C:\WINDOWS\system32\msobjstl.dll>      <rasdlgcq.dll><C:\WINDOWS\system32\rasdlgcq.dll>      <zkppcvyh.dll><C:\WINDOWS\system32\bzahpuuj.dll>    <vhdfotay.dll><C:\WINDOWS\system32\bzahpuuj.dll>      <imgutilhx2.dll><C:\WINDOWS\system32\imgutilhx2.dll>      <cliconfgzx.dll><C:\WINDOWS\system32\cliconfgzx.dll>      <bzahpuuj.dll><C:\WINDOWS\system32\bzahpuuj.dll>      <adsntzt.dll><C:\WINDOWS\system32\adsntzt.dll>      <slbiopfs2.dll><C:\WINDOWS\system32\slbiopfs2.dll>  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Alitalk><; C:\PROGRA~1\阿里巴巴\贸易通\AliTalk.EXE> 
    <Anti-Spy Tools><; C:\Documents and Settings\new\桌面\ast_PConline\ast\AST.exe -min>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <NVDispDrv><; C:\WINDOWS\NVDispDrv.exe> 
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <QQDownload><; "C:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <upxdnd><; C:\WINDOWS\upxdnd.exe> 
    <WangWang><; "C:\Program Files\Alisoft\WangWang\WangWang.EXE"> 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <yok.exe><; C:\Program Files\yok\yok.exe> 

删除文件
C:\WINDOWS\system32\svchost.xy3
清空C:\DOCUME~1\new\LOCALS~1\Temp\下的所有文件
heiyeuiu - 2008-8-14 18:27:00
日志2

这很明显不只种了一种木马,所以首先建议断开网络,然后使用windows清理专家对系统进行清理,然后建议使用XDelBox删除以下文件:
C:\WINDOWS\system32\HBInject.exe
C:\WINDOWS\system32\kncer32.exe
C:\WINDOWS\system32\HBmhly.dll
C:\WINDOWS\system32\BLISS.SCR

C:\WINDOWS\system32\dpvvoxmh.dll
C:\WINDOWS\system32\bootvidgj.dll> 
C:\WINDOWS\system32\dispexcb.dll>
C:\WINDOWS\system32\catsrvwl.dll>
C:\WINDOWS\system32\wklsdd.dll> 
C:\WINDOWS\system32\fofedzyo.dll>
C:\WINDOWS\system32\jfdses.dll> 
C:\WINDOWS\system32\dntggf.dll> 
C:\WINDOWS\system32\sgdewg.dll>
C:\WINDOWS\system32\hhrdxd.dll> 
C:\WINDOWS\system32\adsntzt.dll> 
C:\WINDOWS\system32\zycdex.dll>
C:\WINDOWS\system32\jhfrxz.dll> 
C:\WINDOWS\system32\cliconfgzx.dll>
C:\WINDOWS\system32\jdsaex.dll> 
C:\WINDOWS\system32\kbdswjr.dll> 
C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys>
C:\WINDOWS\system32\mttwfh.dll> 
C:\WINDOWS\system32\360mon.dll>
C:\WINDOWS\system32\wrqszl.dll>
C:\WINDOWS\system32\zgtwfx.dll>
C:\WINDOWS\system32\fsrgeb.dll>
C:\WINDOWS\system32\tdggrz.dll>
C:\WINDOWS\system32\fmcvxy.dll>
C:\WINDOWS\system32\wyrsdj.dll> 
C:\WINDOWS\system32\zsdgff.dll>
C:\WINDOWS\system32\kgfghd.dll>
C:\Program Files\Internet Explorer\ExploreNt.Sys> 
C:\Program Files\Internet Explorer\ExploreNt.win>
C:\Program Files\Internet Explorer\ExploreNt.Dat>
C:\WINDOWS\Fonts\ijdycpaw.dll> 
C:\WINDOWS\system32\certmgrkd.dll> 
C:\WINDOWS\system32\lweurqhx.dll> 
C:\WINDOWS\system32\imgutilhx2.dll>
C:\WINDOWS\system32\avicapwm.dll> 
C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys> 
C:\WINDOWS\system32\jfrwdh.dll> 
c:\WINDOWS\system32\ddserh.dll> 
C:\WINDOWS\system32\wzcfsw.dll> 
在删除时如果一个个找太麻烦,可以找到对文件进行时间排序,一般这些木马文件都在一起。
        然后使用SREng清除清册表启动项中的以下项
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <HBService><HBInject.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <kcien32><kncer32.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{2876D76C-CAAA-4313-AF97-8D1D9A2A1087}><C:\WINDOWS\system32\dpvvoxmh.dll>  []
    <{D3112B69-A745-4805-874E-ABD480EA1299}><C:\WINDOWS\system32\bootvidgj.dll>  []
    <{76D44356-B494-443a-BEDC-AA68DE4255E6}><C:\WINDOWS\system32\dispexcb.dll>  []
    <{AF976DCD-754F-4ac2-BE49-951DC7AA57D2}><C:\WINDOWS\system32\catsrvwl.dll>  []
    <{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}><C:\WINDOWS\system32\wklsdd.dll>  []
    <{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}><C:\WINDOWS\system32\fofedzyo.dll>  []
    <{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}><C:\WINDOWS\system32\jfdses.dll>  []
    <{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}><C:\WINDOWS\system32\dntggf.dll>  [N/A]
    <{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINDOWS\system32\sgdewg.dll>  [N/A]
    <{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}><C:\WINDOWS\system32\hhrdxd.dll>  []
    <{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}><C:\WINDOWS\system32\adsntzt.dll>  []
    <{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><C:\WINDOWS\system32\zycdex.dll>  [N/A]
    <{7914E0AA-ECCB-4311-B584-C49538227824}><C:\WINDOWS\system32\jhfrxz.dll>  []
    <{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}><C:\WINDOWS\system32\cliconfgzx.dll>  []
    <{B29583D8-033A-4B9F-8553-7C5458F3FB8E}><C:\WINDOWS\system32\jdsaex.dll>  []
    <{432BDC7C-DE5B-43f4-AA81-E7F8AFB0182D}><C:\WINDOWS\system32\kbdswjr.dll>  []
    <{21E5BB9B-86BD-43C0-A53F-B94FCA0C9277}><C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys>  []
    <{021F087F-4378-545F-74FA-37D345AD7A8C}><C:\WINDOWS\system32\mttwfh.dll>  []
    <{AEB6717E-7E19-21d2-97EE-00C04FD91972}><C:\WINDOWS\system32\360mon.dll>  []
    <{F99DEFDD-200B-4410-B572-E90883D527D2}><C:\WINDOWS\system32\wrqszl.dll>  []
    <{006CA8A1-61BC-4774-A54C-F49034270BAD}><C:\WINDOWS\system32\zgtwfx.dll>  [N/A]
    <{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}><C:\WINDOWS\system32\fsrgeb.dll>  [N/A]
    <{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}><C:\WINDOWS\system32\tdggrz.dll>  [N/A]
    <{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}><C:\WINDOWS\system32\fmcvxy.dll>  []
    <{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}><C:\WINDOWS\system32\wyrsdj.dll>  []
    <{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}><C:\WINDOWS\system32\zsdgff.dll>  [N/A]
    <{50A8A8C4-EDC9-4ABD-A0A2-2E2418982189}><C:\WINDOWS\system32\kgfghd.dll>  []
    <{0CD9CB21-F56C-4AE1-B188-39F1E8D692AB}><C:\Program Files\Internet Explorer\ExploreNt.Sys>  []
    <{D51510C1-ECEA-45F7-B782-FE0EC2D2535D}><C:\Program Files\Internet Explorer\ExploreNt.win>  []
    <{53AC264F-6DD8-41D9-921F-01FAAEA95C8B}><C:\Program Files\Internet Explorer\ExploreNt.Dat>  []
    <{3A698452-C5D8-C584-C256-C264C987C5A3}><C:\WINDOWS\Fonts\ijdycpaw.dll>  []
    <{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}><C:\WINDOWS\system32\certmgrkd.dll>  []
    <{71A78CD4-E470-4a18-8457-E0E0283DD507}><C:\WINDOWS\system32\lweurqhx.dll>  []
    <{00300030-0030-0030-0030-00300030BB15}><C:\WINDOWS\system32\imgutilhx2.dll>  []
    <{6B9FEAD7-4319-4312-AB05-D8C9CD255BFE}><C:\WINDOWS\system32\avicapwm.dll>  []
    <{86899D14-95D7-4E22-8AB3-7ACC53076FC9}><C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys>  []
    <{841529CB-7F77-4B99-A895-B5441E0D302F}><C:\WINDOWS\system32\jfrwdh.dll>  [N/A]
    <{A9895933-6636-4281-BC58-EE6DE2AF96E3}><C:\WINDOWS\system32\ddserh.dll>  []
    <{28766E1C-74B0-4417-8C75-F12AE309EF35}><C:\WINDOWS\system32\wzcfsw.dll>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\BLISS.SCR>  [Microsoft]

修改
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><HBmhly.dll>  []为  <AppInit_DLLs>
这里在启动SRENG时会自动提醒你。

最后修改下面这项
[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]
  <C:\WINDOWS\system32\svchost -k rpcss-->C:\WINDOWS\system32\srpcss.dll><N/A>

这个服务项,不能随便动它
在处理完其他以后,用Windows清理助手升级后可以自动修复它。(转载自天月来了http://bbs.ikaka.com/showtopic-8535283.aspx)也可以用以下方法:
先找到rpcss.dll文件进行检查,看文件是否正常。然后打开注册表编辑器,搜索srpcss.dll文件,将所有搜索到的有关srpcss.dll的位置改成rpcss.dll。接下来在运行中打入services.msc,找到Remote Procedure Call (RPC),右键点启动。重启后将一切恢复正常。(转载自http://blog.163.com/js4461751@126/blog/static/2365588820085284443690/

然后重启电脑。
heiyeuiu - 2008-8-14 21:09:00
日志3

这个日志主要问题就在驱动中,
C:\WINDOWS\system32\d32dx9.sys
C:\NetApi000.sys
这两个文件最为可疑,应该重点检查!

建议备份这两个文件后使用xdelbox将其删除。
然后使用SRENG清除注册表启动项:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <yassistse><; C:\Program Files\Yahoo!\Assistant\yAssistSe.exe>  [File is missing]
    <YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <midimapmy><>  [N/A]
    <rasdlgcq.dll><>  [N/A]
    <cliconfgzx.dll><>  [N/A]
    <uepugifk.dll><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
清除服务项:
[HiddFldy / HiddFldy][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\d32dx9.sys><N/A>
[NetApi000 / NetApi000][Stopped/Manual Start]
  <\??\C:\NetApi000.sys><N/A>
fillix - 2008-8-14 22:16:00
No.1
Xdelbox删除
c:\windows\system32\bootvidgj.dll
c:\windows\system32\kbdswjr.dll
c:\windows\system32\msobjstl.dll
c:\windows\system32\rasdlgcq.dll
c:\windows\system32\bzahpuuj.dll
c:\windows\system32\imgutilhx2.dll
c:\windows\system32\cliconfgzx.dll
c:\windows\system32\adsntzt.dll
c:\windows\system32\slbiopfs2.dll
; c:\windows\nvdispdrv.exe
; c:\windows\upxdnd.exe
; c:\program files\yok\yok.exe
c:\docume~1\new\locals~1\temp\1.tmp
c:\program files\tencent\qq\qdshm.dll

SREng修复

启动项目 -- 注册表之如下项删除:

[bootvidgj.dll]    <C:\WINDOWS\system32\bootvidgj.dll>
[kbdswjr.dll]    <C:\WINDOWS\system32\kbdswjr.dll>
[msobjstl.dll]    <C:\WINDOWS\system32\msobjstl.dll>
[rasdlgcq.dll]    <C:\WINDOWS\system32\rasdlgcq.dll>
[zkppcvyh.dll]    <C:\WINDOWS\system32\bzahpuuj.dll>
[vhdfotay.dll]    <C:\WINDOWS\system32\bzahpuuj.dll>
[imgutilhx2.dll]    <C:\WINDOWS\system32\imgutilhx2.dll>
[cliconfgzx.dll]    <C:\WINDOWS\system32\cliconfgzx.dll>
[bzahpuuj.dll]    <C:\WINDOWS\system32\bzahpuuj.dll>
[adsntzt.dll]    <C:\WINDOWS\system32\adsntzt.dll>
[slbiopfs2.dll]    <C:\WINDOWS\system32\slbiopfs2.dll>
[NVDispDrv]    <; C:\WINDOWS\NVDispDrv.exe>
[upxdnd]    <; C:\WINDOWS\upxdnd.exe>
[yok.exe]    <; C:\Program Files\yok\yok.exe>
[Userinit]修改:把<C:\WINDOWS\system32\userinit.exe,svchost.xy3>修改为<C:\WINDOWS\system32\userinit.exe,>

启动项目 -- 服务-- 驱动程序之如下项禁用:
[IIS Manager  / IIS Manager ]    <\??\C:\DOCUME~1\new\LOCALS~1\Temp\1.tmp>
fillix - 2008-8-14 22:42:00
No.2

Xdelbox删除

c:\windows\system32\wzcfsw.dll
c:\windows\system32\ddserh.dll
c:\windows\system32\jfrwdh.dll
c:\program files\internet explorer\plugins\winnt64.sys
c:\windows\system32\avicapwm.dll
c:\windows\system32\imgutilhx2.dll
c:\windows\system32\lweurqhx.dll
c:\windows\system32\certmgrkd.dll
c:\windows\fonts\ijdycpaw.dll
c:\program files\internet explorer\explorent.dat
c:\program files\internet explorer\explorent.win
c:\program files\internet explorer\explorent.sys
c:\windows\system32\kgfghd.dll
c:\windows\system32\zsdgff.dll
c:\windows\system32\wyrsdj.dll
c:\windows\system32\fmcvxy.dll
c:\windows\system32\tdggrz.dll
c:\windows\system32\fsrgeb.dll
c:\windows\system32\zgtwfx.dll
c:\windows\system32\wrqszl.dll
c:\windows\system32\360mon.dll
c:\windows\system32\mttwfh.dll
c:\program files\internet explorer\plugins\unixsys08.sys
c:\windows\system32\kbdswjr.dll
c:\windows\system32\jdsaex.dll
c:\windows\system32\cliconfgzx.dll
c:\windows\system32\jhfrxz.dll
c:\windows\system32\zycdex.dll
c:\windows\system32\adsntzt.dll
c:\windows\system32\hhrdxd.dll
c:\windows\system32\sgdewg.dll
c:\windows\system32\dntggf.dll
c:\windows\system32\jfdses.dll
c:\windows\system32\fofedzyo.dll
c:\windows\system32\wklsdd.dll
c:\windows\system32\catsrvwl.dll
c:\windows\system32\dispexcb.dll
c:\windows\system32\bootvidgj.dll
c:\windows\system32\dpvvoxmh.dll
c:\windows\system32\hbmhly.dll
c:\windows\system32\kncer32.exe
c:\windows\system32\hbinject.exe
c:\windows\system32\drivers\msiffei.sys
c:\windows\system32\drivers\hbkernel.sys
c:\windows\system32\gdipro.dll
c:\windows\system32\sys07003.dll
c:\windows\system32\squ\svchost.exe
c:\program files\tencent\qq\nifuvq.dll
c:\windows\system32\gbynoji.dll

sreng修复

启动项目 -- 注册表之如下项删除:

[{28766E1C-74B0-4417-8C75-F12AE309EF35}]    <C:\WINDOWS\system32\wzcfsw.dll>
[{A9895933-6636-4281-BC58-EE6DE2AF96E3}]    <C:\WINDOWS\system32\ddserh.dll>
[{841529CB-7F77-4B99-A895-B5441E0D302F}]    <C:\WINDOWS\system32\jfrwdh.dll>
[{86899D14-95D7-4E22-8AB3-7ACC53076FC9}]    <C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys>
[{6B9FEAD7-4319-4312-AB05-D8C9CD255BFE}]    <C:\WINDOWS\system32\avicapwm.dll>
[{00300030-0030-0030-0030-00300030BB15}]    <C:\WINDOWS\system32\imgutilhx2.dll>
[{71A78CD4-E470-4a18-8457-E0E0283DD507}]    <C:\WINDOWS\system32\lweurqhx.dll>
[{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}]    <C:\WINDOWS\system32\certmgrkd.dll>
[{3A698452-C5D8-C584-C256-C264C987C5A3}]    <C:\WINDOWS\Fonts\ijdycpaw.dll>
[{53AC264F-6DD8-41D9-921F-01FAAEA95C8B}]    <C:\Program Files\Internet Explorer\ExploreNt.Dat>
[{D51510C1-ECEA-45F7-B782-FE0EC2D2535D}]    <C:\Program Files\Internet Explorer\ExploreNt.win>
[{0CD9CB21-F56C-4AE1-B188-39F1E8D692AB}]    <C:\Program Files\Internet Explorer\ExploreNt.Sys>
[{50A8A8C4-EDC9-4ABD-A0A2-2E2418982189}]    <C:\WINDOWS\system32\kgfghd.dll>
[{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}]    <C:\WINDOWS\system32\zsdgff.dll>
[{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}]    <C:\WINDOWS\system32\wyrsdj.dll>
[{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}]    <C:\WINDOWS\system32\fmcvxy.dll>
[{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}]    <C:\WINDOWS\system32\tdggrz.dll>
[{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}]    <C:\WINDOWS\system32\fsrgeb.dll>
[{006CA8A1-61BC-4774-A54C-F49034270BAD}]    <C:\WINDOWS\system32\zgtwfx.dll>
[{F99DEFDD-200B-4410-B572-E90883D527D2}]    <C:\WINDOWS\system32\wrqszl.dll>
[{AEB6717E-7E19-21d2-97EE-00C04FD91972}]    <C:\WINDOWS\system32\360mon.dll>
[{021F087F-4378-545F-74FA-37D345AD7A8C}]    <C:\WINDOWS\system32\mttwfh.dll>
[{21E5BB9B-86BD-43C0-A53F-B94FCA0C9277}]    <C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys>
[{432BDC7C-DE5B-43f4-AA81-E7F8AFB0182D}]    <C:\WINDOWS\system32\kbdswjr.dll>
[{B29583D8-033A-4B9F-8553-7C5458F3FB8E}]    <C:\WINDOWS\system32\jdsaex.dll>
[{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}]    <C:\WINDOWS\system32\cliconfgzx.dll>
[{7914E0AA-ECCB-4311-B584-C49538227824}]    <C:\WINDOWS\system32\jhfrxz.dll>
[{45AADFAA-DD36-42AB-83AD-0521BBF58C24}]    <C:\WINDOWS\system32\zycdex.dll>
[{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}]    <C:\WINDOWS\system32\adsntzt.dll>
[{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}]    <C:\WINDOWS\system32\hhrdxd.dll>
[{8C41B7F7-3168-400D-A702-0E7EFE0BA304}]    <C:\WINDOWS\system32\sgdewg.dll>
[{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}]    <C:\WINDOWS\system32\dntggf.dll>
[{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}]    <C:\WINDOWS\system32\jfdses.dll>
[{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}]    <C:\WINDOWS\system32\fofedzyo.dll>
[{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}]    <C:\WINDOWS\system32\wklsdd.dll>
[{AF976DCD-754F-4ac2-BE49-951DC7AA57D2}]    <C:\WINDOWS\system32\catsrvwl.dll>
[{76D44356-B494-443a-BEDC-AA68DE4255E6}]    <C:\WINDOWS\system32\dispexcb.dll>
[{D3112B69-A745-4805-874E-ABD480EA1299}]    <C:\WINDOWS\system32\bootvidgj.dll>
[{2876D76C-CAAA-4313-AF97-8D1D9A2A1087}]    <C:\WINDOWS\system32\dpvvoxmh.dll>
[kcien32]    <kncer32.exe>
[HBService]    <HBInject.exe>
[WinlogonNotify: xy3safe]    <C:\WINDOWS\system32\360mon.dll>
[AppInit_DLLs]修改:把<HBmhly.dll>修改为<>即清空

启动项目 -- 服务-- 驱动程序之如下项禁用:
[msiffei / msiffei]    <System32\Drivers\msiffei.sys>
[HBKernel Driver / HBKernel]    <\SystemRoot\system32\DRIVERS\HBKernel.sys>

    系统修复-- 浏览器加载项之如下项删除:
[]    <C:\Program Files\Internet Explorer\ExploreNt.win>
[]    <C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys>
[]    <C:\Program Files\Internet Explorer\ExploreNt.Dat>
[]    <C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys>
[]    <C:\Program Files\Internet Explorer\ExploreNt.Sys>
[]    <C:\Program Files\Internet Explorer\ExploreNt.win>
[]    <C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys>
[]    <C:\Program Files\Internet Explorer\ExploreNt.Dat>
[]    <C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys>
[]    <C:\Program Files\Internet Explorer\ExploreNt.Sys>

windows清理助手清理可自动修复服务项
[Remote Procedure Call (RPC) / RpcSs]   
<C:\WINDOWS\system32\svchost -k rpcss-->C:\WINDOWS\system32\srpcss.dll>
金星王子 - 2008-8-14 23:03:00
日志1:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <bootvidgj.dll><C:\WINDOWS\system32\bootvidgj.dll>  [File is missing]
    <kbdswjr.dll><C:\WINDOWS\system32\kbdswjr.dll>  [File is missing]
    <msobjstl.dll><C:\WINDOWS\system32\msobjstl.dll>  [File is missing]
    <rasdlgcq.dll><C:\WINDOWS\system32\rasdlgcq.dll>  [File is missing]
    <zkppcvyh.dll><C:\WINDOWS\system32\bzahpuuj.dll>  [File is missing]
    <vhdfotay.dll><C:\WINDOWS\system32\bzahpuuj.dll>  [File is missing]
    <imgutilhx2.dll><C:\WINDOWS\system32\imgutilhx2.dll>  [File is missing]
    <cliconfgzx.dll><C:\WINDOWS\system32\cliconfgzx.dll>  [File is missing]
    <bzahpuuj.dll><C:\WINDOWS\system32\bzahpuuj.dll>  [File is missing]
    <adsntzt.dll><C:\WINDOWS\system32\adsntzt.dll>  [File is missing]
    <slbiopfs2.dll><C:\WINDOWS\system32\slbiopfs2.dll>  [File is missing]这些位置的键值删除
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing] 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Alitalk><; C:\PROGRA~1\阿里巴巴\贸易通\AliTalk.EXE>  [File is missing]
    <Anti-Spy Tools><; C:\Documents and Settings\new\桌面\ast_PConline\ast\AST.exe -min>  [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <NVDispDrv><; C:\WINDOWS\NVDispDrv.exe>  [File is missing]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [File is missing]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [File is missing]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <SysExplr><; C:\Program Files\haojie\SuperPlayer3000\SYSEXPLR.EXE>  []
    <upxdnd><; C:\WINDOWS\upxdnd.exe>  [File is missing]
    <WangWang><; "C:\Program Files\Alisoft\WangWang\WangWang.EXE">  [File is missing]    这些位置需要修复,其中<upxdnd><; C:\WINDOWS\upxdnd.exe>  [File is missing]  是病毒残余的,删除
; C:\Program Files\yok\yok.exe 是病毒,建议通过XDelBox删除
[IIS Manager  / IIS Manager ][Stopped/Manual Start]
  <\??\C:\DOCUME~1\new\LOCALS~1\Temp\1.tmp><N/A>  该键值有问题,删除
\SystemRoot\System32\DRIVERS\ql1080.sys
\SystemRoot\System32\DRIVERS\ql12160.sys
\SystemRoot\System32\DRIVERS\ql1280.sys
\SystemRoot\System32\DRIVERS\sparrow.sys
\SystemRoot\System32\DRIVERS\sptrak.sys
\SystemRoot\System32\DRIVERS\symc810.sys
\SystemRoot\System32\DRIVERS\symc8xx.sys
\SystemRoot\System32\DRIVERS\sym_u3.sys 这些键值有些可疑,有可能是感染病毒后导致出现问题,修复一下。
fillix - 2008-8-14 23:12:00
No.3

Xdelbox删除

c:\windows\system32\d32dx9.sys
c:\netapi000.sys

sreng修复

启动项目 -- 注册表之如下项删除:
[uepugifk.dll]    <>
[cliconfgzx.dll]    <>
[rasdlgcq.dll]    <>
[midimapmy]    <>
[{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}]    <>
[{45AADFAA-DD36-42AB-83AD-0521BBF58C24}]    <>

    启动项目 -- 服务-- 驱动程序之如下项禁用:
[HiddFldy / HiddFldy]    <\??\C:\WINDOWS\system32\d32dx9.sys>
[NetApi000 / NetApi000]    <\??\C:\NetApi000.sys>
金星王子 - 2008-8-14 23:15:00
日志2:
c:\windows\system32\wklsdd.dll
c:\windows\system32\wrqszl.dll
c:\windows\system32\wyrsdj.dll
c:\windows\system32\hbmhly.dll
c:\windows\system32\hhrdxd.dll
c:\windows\system32\imgutilhx2.dll
c:\windows\system32\jdsaex.dll
c:\windows\system32\jfdses.dll
c:\windows\system32\jhfrxz.dll
c:\windows\system32\kbdswjr.dll
c:\windows\system32\kgfghd.dll
c:\windows\system32\lweurqhx.dll
c:\windows\system32\mttwfh.dll
c:\windows\system32\360mon.dll
c:\windows\system32\adsntzt.dll
c:\windows\system32\avicapwm.dll
c:\windows\system32\bootvidgj.dll
c:\windows\system32\catsrvwl.dll
c:\windows\system32\certmgrkd.dll
c:\windows\system32\cliconfgzx.dll
c:\windows\system32\ddserh.dll
c:\windows\system32\dispexcb.dll
c:\windows\system32\dpvvoxmh.dll
c:\windows\system32\fmcvxy.dll
c:\windows\system32\fofedzyo.dll
c:\windows\system32\gbynoji.dll
c:\windows\fonts\ijdycpaw.dll
c:\program files\internet explorer\plugins\winnt64.sys
c:\program files\internet explorer\explorent.dat
c:\program files\internet explorer\explorent.sys
c:\program files\internet explorer\explorent.win
c:\program files\internet explorer\plugins\unixsys08.sys
c:\program files\tencent\qq\nifuvq.dll
c:\windows\system32\wzcfsw.dll
c:\windows\system32\jfrwdh.dll
c:\windows\system32\zsdgff.dll
c:\windows\system32\tdggrz.dll
c:\windows\system32\fsrgeb.dll
c:\windows\system32\zgtwfx.dll
c:\windows\system32\zycdex.dll
c:\windows\system32\sgdewg.dll
c:\windows\system32\dntggf.dll
hbmhly.dll
kncer32.exe
hbinject.exe    需要删除,如果手工删不掉,需配合XDelBox。
[WinlogonNotify: xy3safe]    <C:\WINDOWS\system32\360mon.dll>
[{28766E1C-74B0-4417-8C75-F12AE309EF35}]    <C:\WINDOWS\system32\wzcfsw.dll>
[{A9895933-6636-4281-BC58-EE6DE2AF96E3}]    <C:\WINDOWS\system32\ddserh.dll>
[{841529CB-7F77-4B99-A895-B5441E0D302F}]    <C:\WINDOWS\system32\jfrwdh.dll>
[{86899D14-95D7-4E22-8AB3-7ACC53076FC9}]    <C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys>
[{00300030-0030-0030-0030-00300030BB15}]    <C:\WINDOWS\system32\imgutilhx2.dll>
[{71A78CD4-E470-4a18-8457-E0E0283DD507}]    <C:\WINDOWS\system32\lweurqhx.dll>
[{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}]    <C:\WINDOWS\system32\certmgrkd.dll>
[{3A698452-C5D8-C584-C256-C264C987C5A3}]    <C:\WINDOWS\Fonts\ijdycpaw.dll>
[{53AC264F-6DD8-41D9-921F-01FAAEA95C8B}]    <C:\Program Files\Internet Explorer\ExploreNt.Dat>
[{D51510C1-ECEA-45F7-B782-FE0EC2D2535D}]    <C:\Program Files\Internet Explorer\ExploreNt.win>
[{0CD9CB21-F56C-4AE1-B188-39F1E8D692AB}]    <C:\Program Files\Internet Explorer\ExploreNt.Sys>
[{50A8A8C4-EDC9-4ABD-A0A2-2E2418982189}]    <C:\WINDOWS\system32\kgfghd.dll>
[{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}]    <C:\WINDOWS\system32\zsdgff.dll>
[{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}]    <C:\WINDOWS\system32\wyrsdj.dll>
[{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}]    <C:\WINDOWS\system32\fmcvxy.dll>
[{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}]    <C:\WINDOWS\system32\tdggrz.dll>
[{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}]    <C:\WINDOWS\system32\fsrgeb.dll>
[{006CA8A1-61BC-4774-A54C-F49034270BAD}]    <C:\WINDOWS\system32\zgtwfx.dll>
[{F99DEFDD-200B-4410-B572-E90883D527D2}]    <C:\WINDOWS\system32\wrqszl.dll>
[{AEB6717E-7E19-21d2-97EE-00C04FD91972}]    <C:\WINDOWS\system32\360mon.dll>
[{021F087F-4378-545F-74FA-37D345AD7A8C}]    <C:\WINDOWS\system32\mttwfh.dll>
[{21E5BB9B-86BD-43C0-A53F-B94FCA0C9277}]    <C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys>
[{432BDC7C-DE5B-43f4-AA81-E7F8AFB0182D}]    <C:\WINDOWS\system32\kbdswjr.dll>
[{B29583D8-033A-4B9F-8553-7C5458F3FB8E}]    <C:\WINDOWS\system32\jdsaex.dll>
[{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}]    <C:\WINDOWS\system32\cliconfgzx.dll>
[{7914E0AA-ECCB-4311-B584-C49538227824}]    <C:\WINDOWS\system32\jhfrxz.dll>
[{7914E0AA-ECCB-4311-B584-C49538227824}]    <C:\WINDOWS\system32\jhfrxz.dll>
[{45AADFAA-DD36-42AB-83AD-0521BBF58C24}]    <C:\WINDOWS\system32\zycdex.dll>
[{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}]    <C:\WINDOWS\system32\adsntzt.dll>
[{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}]    <C:\WINDOWS\system32\hhrdxd.dll>
[{8C41B7F7-3168-400D-A702-0E7EFE0BA304}]    <C:\WINDOWS\system32\sgdewg.dll>
[{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}]    <C:\WINDOWS\system32\dntggf.dll>
[{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}]    <C:\WINDOWS\system32\jfdses.dll>
[{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}]    <C:\WINDOWS\system32\fofedzyo.dll>
[{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}]    <C:\WINDOWS\system32\wklsdd.dll>
[{AF976DCD-754F-4ac2-BE49-951DC7AA57D2}]    <C:\WINDOWS\system32\catsrvwl.dll>
[{76D44356-B494-443a-BEDC-AA68DE4255E6}]    <C:\WINDOWS\system32\dispexcb.dll>
[{D3112B69-A745-4805-874E-ABD480EA1299}]    <C:\WINDOWS\system32\bootvidgj.dll>
[{2876D76C-CAAA-4313-AF97-8D1D9A2A1087}]    <C:\WINDOWS\system32\dpvvoxmh.dll>
注意该项[AppInit_DLLs]修改:把<HBmhly.dll>修改为<>即清空
[kcien32]    <kncer32.exe>
[load]    <>
[HBService]    <HBInject.exe>  删除后重新启动,用SREng进行修复
[]    <C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys>
[]    <C:\Program Files\Internet Explorer\ExploreNt.Sys>
[]    <C:\Program Files\Internet Explorer\ExploreNt.win>
[]    <C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys>
[]    <C:\Program Files\Internet Explorer\ExploreNt.Dat>
[]    <C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys>
[]    <C:\Program Files\Internet Explorer\ExploreNt.Sys>  将键值删除后用金山清理专家或是卡卡安全助手、SREng辅助修复
瓶子里没有水 - 2008-8-15 9:07:00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <bootvidgj.dll><C:\WINDOWS\system32\bootvidgj.dll>  [File is missing]
    <kbdswjr.dll><C:\WINDOWS\system32\kbdswjr.dll>  [File is missing]
    <msobjstl.dll><C:\WINDOWS\system32\msobjstl.dll>  [File is missing]
    <rasdlgcq.dll><C:\WINDOWS\system32\rasdlgcq.dll>  [File is missing]
    <zkppcvyh.dll><C:\WINDOWS\system32\bzahpuuj.dll>  [File is missing]
    <vhdfotay.dll><C:\WINDOWS\system32\bzahpuuj.dll>  [File is missing]
    <imgutilhx2.dll><C:\WINDOWS\system32\imgutilhx2.dll>  [File is missing]
    <cliconfgzx.dll><C:\WINDOWS\system32\cliconfgzx.dll>  [File is missing]
    <bzahpuuj.dll><C:\WINDOWS\system32\bzahpuuj.dll>  [File is missing]
    <adsntzt.dll><C:\WINDOWS\system32\adsntzt.dll>  [File is missing]
    <slbiopfs2.dll><C:\WINDOWS\system32\slbiopfs2.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <yok.exe><; C:\Program Files\yok\yok.exe>  [File is missing]
瓶子里没有水 - 2008-8-15 10:13:00
第二个,注册表中~
<HBService><HBInject.exe>  []



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <kcien32><kncer32.exe>  []


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><HBmhly.dll>  []


    <{2876D76C-CAAA-4313-AF97-8D1D9A2A1087}><C:\WINDOWS\system32\dpvvoxmh.dll>  []
    <{D3112B69-A745-4805-874E-ABD480EA1299}><C:\WINDOWS\system32\bootvidgj.dll>  []
    <{76D44356-B494-443a-BEDC-AA68DE4255E6}><C:\WINDOWS\system32\dispexcb.dll>  []
    <{AF976DCD-754F-4ac2-BE49-951DC7AA57D2}><C:\WINDOWS\system32\catsrvwl.dll>  []
    <{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}><C:\WINDOWS\system32\wklsdd.dll>  []
    <{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}><C:\WINDOWS\system32\fofedzyo.dll>  []
    <{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}><C:\WINDOWS\system32\jfdses.dll>  []
    <{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}><C:\WINDOWS\system32\dntggf.dll>  [N/A]
    <{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINDOWS\system32\sgdewg.dll>  [N/A]
    <{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}><C:\WINDOWS\system32\hhrdxd.dll>  []
    <{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}><C:\WINDOWS\system32\adsntzt.dll>  []
    <{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><C:\WINDOWS\system32\zycdex.dll>  [N/A]
    <{7914E0AA-ECCB-4311-B584-C49538227824}><C:\WINDOWS\system32\jhfrxz.dll>  []
    <{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}><C:\WINDOWS\system32\cliconfgzx.dll>  []
    <{B29583D8-033A-4B9F-8553-7C5458F3FB8E}><C:\WINDOWS\system32\jdsaex.dll>  []
    <{432BDC7C-DE5B-43f4-AA81-E7F8AFB0182D}><C:\WINDOWS\system32\kbdswjr.dll>  []
    <{21E5BB9B-86BD-43C0-A53F-B94FCA0C9277}><C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys>  []
    <{021F087F-4378-545F-74FA-37D345AD7A8C}><C:\WINDOWS\system32\mttwfh.dll>  []
    <{AEB6717E-7E19-21d2-97EE-00C04FD91972}><C:\WINDOWS\system32\360mon.dll>  []
    <{F99DEFDD-200B-4410-B572-E90883D527D2}><C:\WINDOWS\system32\wrqszl.dll>  []
    <{006CA8A1-61BC-4774-A54C-F49034270BAD}><C:\WINDOWS\system32\zgtwfx.dll>  [N/A]
    <{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}><C:\WINDOWS\system32\fsrgeb.dll>  [N/A]
    <{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}><C:\WINDOWS\system32\tdggrz.dll>  [N/A]
    <{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}><C:\WINDOWS\system32\fmcvxy.dll>  []
    <{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}><C:\WINDOWS\system32\wyrsdj.dll>  []
    <{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}><C:\WINDOWS\system32\zsdgff.dll>  [N/A]
    <{50A8A8C4-EDC9-4ABD-A0A2-2E2418982189}><C:\WINDOWS\system32\kgfghd.dll>  []
    <{0CD9CB21-F56C-4AE1-B188-39F1E8D692AB}><C:\Program Files\Internet Explorer\ExploreNt.Sys>  []
    <{D51510C1-ECEA-45F7-B782-FE0EC2D2535D}><C:\Program Files\Internet Explorer\ExploreNt.win>  []
    <{53AC264F-6DD8-41D9-921F-01FAAEA95C8B}><C:\Program Files\Internet Explorer\ExploreNt.Dat>  []
    <{3A698452-C5D8-C584-C256-C264C987C5A3}><C:\WINDOWS\Fonts\ijdycpaw.dll>  []
    <{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}><C:\WINDOWS\system32\certmgrkd.dll>  []
    <{71A78CD4-E470-4a18-8457-E0E0283DD507}><C:\WINDOWS\system32\lweurqhx.dll>  []
    <{00300030-0030-0030-0030-00300030BB15}><C:\WINDOWS\system32\imgutilhx2.dll>  []
    <{6B9FEAD7-4319-4312-AB05-D8C9CD255BFE}><C:\WINDOWS\system32\avicapwm.dll>  []
    <{86899D14-95D7-4E22-8AB3-7ACC53076FC9}><C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys>  []
    <{841529CB-7F77-4B99-A895-B5441E0D302F}><C:\WINDOWS\system32\jfrwdh.dll>  [N/A]
    <{A9895933-6636-4281-BC58-EE6DE2AF96E3}><C:\WINDOWS\system32\ddserh.dll>  []
    <{28766E1C-74B0-4417-8C75-F12AE309EF35}><C:\WINDOWS\system32\wzcfsw.dll>  [N/A]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xy3safe]
    <WinlogonNotify: xy3safe><C:\WINDOWS\system32\360mon.dll>  []
fairsentence - 2008-8-15 10:47:00
第一篇
b]1.建议使用XDelBox删除以下文件:(XDelBox1.6下载)
使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入,导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。

c:\windows\system32\bootvidgj.dll
c:\windows\system32\kbdswjr.dll
c:\windows\system32\msobjstl.dll
c:\windows\system32\rasdlgcq.dll
c:\windows\system32\bzahpuuj.dll
c:\windows\system32\imgutilhx2.dll
c:\windows\system32\cliconfgzx.dll
c:\windows\system32\adsntzt.dll
c:\windows\system32\slbiopfs2.dll
; c:\windows\nvdispdrv.exe
; c:\windows\upxdnd.exe

2.删除重启后使用SREng修复下面各项:

    启动项目 -- 注册表之如下项删除:
[bootvidgj.dll]    <C:\WINDOWS\system32\bootvidgj.dll>
[kbdswjr.dll]    <C:\WINDOWS\system32\kbdswjr.dll>
[msobjstl.dll]    <C:\WINDOWS\system32\msobjstl.dll>
[rasdlgcq.dll]    <C:\WINDOWS\system32\rasdlgcq.dll>
[zkppcvyh.dll]    <C:\WINDOWS\system32\bzahpuuj.dll>
[vhdfotay.dll]    <C:\WINDOWS\system32\bzahpuuj.dll>
[imgutilhx2.dll]    <C:\WINDOWS\system32\imgutilhx2.dll>
[cliconfgzx.dll]    <C:\WINDOWS\system32\cliconfgzx.dll>
[bzahpuuj.dll]    <C:\WINDOWS\system32\bzahpuuj.dll>
[adsntzt.dll]    <C:\WINDOWS\system32\adsntzt.dll>
[slbiopfs2.dll]    <C:\WINDOWS\system32\slbiopfs2.dll>
[NVDispDrv]    <; C:\WINDOWS\NVDispDrv.exe>
[upxdnd]    <; C:\WINDOWS\upxdnd.exe>
[NVDispDrv]    <; C:\WINDOWS\NVDispDrv.exe>
注意该项[Userinit]修改:把<C:\WINDOWS\system32\userinit.exe,svchost.xy3>修改为<C:\WINDOWS\system32\userinit.exe,>逗号不可省略
fairsentence - 2008-8-15 14:21:00
第三篇
1.建议使用XDelBox删除以下文件:(XDelBox1.6下载)
使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入,导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。


; c:\program files\yahoo!\assistant\yassistse.exe
c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe
c:\netapi000.sys
c:\windows\system32\d32dx9.sys

2.删除重启后使用SREng修复下面各项:

    启动项目 -- 注册表之如下项删除:
[uepugifk.dll]    <>
[cliconfgzx.dll]    <>
[rasdlgcq.dll]    <>
[midimapmy]    <>
[{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}]    <>
[{45AADFAA-DD36-42AB-83AD-0521BBF58C24}]    <>
[yassistse]    <; C:\Program Files\Yahoo!\Assistant\yAssistSe.exe>

    启动项目 -- 服务 -- Win32服务应用程序之如下项禁用:
[HiddFldy / HiddFldy][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\d32dx9.sys><N/A>
[oration>
[NetApi000 / NetApi000][Stopped/Manual Start]
  <\??\C:\NetApi000.sys><N/A

    启动项目 -- 服务-- 驱动程序之如下项禁用:
[NetApi000 / NetApi000]    <\??\C:\NetApi000.sys>
[HiddFldy / HiddFldy]    <\??\C:\WINDOWS\system32\d32dx9.sys>
fairsentence - 2008-8-15 15:01:00
第二篇


1.建议使用XDelBox删除以下文件:(XDelBox1.6下载)
使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入,导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。

c:\windows\system32\hbinject.exe
c:\windows\system32\gdipro.dll
c:\windows\system32\sys07003.dll
c:\program files\internet explorer\explorent.dat
c:\program files\internet explorer\explorent.sys
c:\program files\internet explorer\explorent.win
c:\windows\system32\squ\svchost.exe
c:\program files\internet explorer\plugins\unixsys08.sys
c:\program files\internet explorer\plugins\winnt64.sys
c:\windows\fonts\ijdycpaw.dll
c:\windows\system32\360mon.dll
c:\windows\system32\adsntzt.dll
c:\windows\system32\bootvidgj.dll
c:\windows\system32\avicapwm.dll
c:\windows\system32\catsrvwl.dll
c:\windows\system32\certmgrkd.dll
c:\windows\system32\cliconfgzx.dll
c:\windows\system32\ddserh.dll
c:\windows\system32\dispexcb.dll
c:\windows\system32\dpvvoxmh.dll
c:\windows\system32\fmcvxy.dll
c:\windows\system32\fofedzyo.dll
c:\windows\system32\gbynoji.dll
c:\windows\system32\hbmhly.dll
c:\windows\system32\hhrdxd.dll
c:\windows\system32\imgutilhx2.dll
c:\windows\system32\jdsaex.dll
c:\windows\system32\jhfrxz.dll
c:\windows\system32\jfdses.dll
c:\windows\system32\kbdswjr.dll
c:\windows\system32\kgfghd.dll
c:\windows\system32\lweurqhx.dll
c:\windows\system32\mttwfh.dll
c:\windows\system32\wklsdd.dll
c:\windows\system32\wrqszl.dll
c:\windows\system32\wyrsdj.dll
c:\windows\system32\wzcfsw.dll
c:\windows\system32\jfrwdh.dll
c:\windows\system32\zsdgff.dll
c:\windows\system32\tdggrz.dll
c:\windows\system32\fsrgeb.dll
c:\windows\system32\zgtwfx.dll
c:\windows\system32\zycdex.dll
c:\windows\system32\sgdewg.dll
c:\windows\system32\dntggf.dll
搜索hbmhly.dll
kncer32.exe
hbinject.exe路径,导入xdelbox
c:\windows\system32\srpcss.dll
c:\windows\system32\drivers\msiffei.sys
c:\windows\system32\drivers\msiffei.sys
c:\windows\system32\drivers\hbkernel.sys
c:\windows\system32\drivers\msiffei.sys
c:\windows\system32\drivers\hbkernel.sys


2.删除重启后使用SREng修复下面各项:

    启动项目 -- 注册表之如下项删除:
[WinlogonNotify: xy3safe]    <C:\WINDOWS\system32\360mon.dll>
[{28766E1C-74B0-4417-8C75-F12AE309EF35}]    <C:\WINDOWS\system32\wzcfsw.dll>
[{A9895933-6636-4281-BC58-EE6DE2AF96E3}]    <C:\WINDOWS\system32\ddserh.dll>
[{841529CB-7F77-4B99-A895-B5441E0D302F}]    <C:\WINDOWS\system32\jfrwdh.dll>
[{86899D14-95D7-4E22-8AB3-7ACC53076FC9}]    <C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys>
[{6B9FEAD7-4319-4312-AB05-D8C9CD255BFE}]    <C:\WINDOWS\system32\avicapwm.dll>
[{00300030-0030-0030-0030-00300030BB15}]    <C:\WINDOWS\system32\imgutilhx2.dll>
[{71A78CD4-E470-4a18-8457-E0E0283DD507}]    <C:\WINDOWS\system32\lweurqhx.dll>
[{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}]    <C:\WINDOWS\system32\certmgrkd.dll>
[{3A698452-C5D8-C584-C256-C264C987C5A3}]    <C:\WINDOWS\Fonts\ijdycpaw.dll>
[{53AC264F-6DD8-41D9-921F-01FAAEA95C8B}]    <C:\Program Files\Internet Explorer\ExploreNt.Dat>
[{D51510C1-ECEA-45F7-B782-FE0EC2D2535D}]    <C:\Program Files\Internet Explorer\ExploreNt.win>
[{0CD9CB21-F56C-4AE1-B188-39F1E8D692AB}]    <C:\Program Files\Internet Explorer\ExploreNt.Sys>
[{50A8A8C4-EDC9-4ABD-A0A2-2E2418982189}]    <C:\WINDOWS\system32\kgfghd.dll>
[{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}]    <C:\WINDOWS\system32\zsdgff.dll>
[{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}]    <C:\WINDOWS\system32\wyrsdj.dll>
[{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}]    <C:\WINDOWS\system32\fmcvxy.dll>
[{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}]    <C:\WINDOWS\system32\tdggrz.dll>
[{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}]    <C:\WINDOWS\system32\fsrgeb.dll>
[{006CA8A1-61BC-4774-A54C-F49034270BAD}]    <C:\WINDOWS\system32\zgtwfx.dll>
[{F99DEFDD-200B-4410-B572-E90883D527D2}]    <C:\WINDOWS\system32\wrqszl.dll>
[{AEB6717E-7E19-21d2-97EE-00C04FD91972}]    <C:\WINDOWS\system32\360mon.dll>
[{021F087F-4378-545F-74FA-37D345AD7A8C}]    <C:\WINDOWS\system32\mttwfh.dll>
[{21E5BB9B-86BD-43C0-A53F-B94FCA0C9277}]    <C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys>
[{432BDC7C-DE5B-43f4-AA81-E7F8AFB0182D}]    <C:\WINDOWS\system32\kbdswjr.dll>
[{B29583D8-033A-4B9F-8553-7C5458F3FB8E}]    <C:\WINDOWS\system32\jdsaex.dll>
[{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}]    <C:\WINDOWS\system32\cliconfgzx.dll>
[{7914E0AA-ECCB-4311-B584-C49538227824}]    <C:\WINDOWS\system32\jhfrxz.dll>
[{45AADFAA-DD36-42AB-83AD-0521BBF58C24}]    <C:\WINDOWS\system32\zycdex.dll>
[{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}]    <C:\WINDOWS\system32\hhrdxd.dll>
[{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}]    <C:\WINDOWS\system32\adsntzt.dll>
[{8C41B7F7-3168-400D-A702-0E7EFE0BA304}]    <C:\WINDOWS\system32\sgdewg.dll>
[{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}]    <C:\WINDOWS\system32\dntggf.dll>
[{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}]    <C:\WINDOWS\system32\jfdses.dll>
[{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}]    <C:\WINDOWS\system32\fofedzyo.dll>
[{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}]    <C:\WINDOWS\system32\wklsdd.dll>
[{AF976DCD-754F-4ac2-BE49-951DC7AA57D2}]    <C:\WINDOWS\system32\catsrvwl.dll>
[{76D44356-B494-443a-BEDC-AA68DE4255E6}]    <C:\WINDOWS\system32\dispexcb.dll>
[{D3112B69-A745-4805-874E-ABD480EA1299}]    <C:\WINDOWS\system32\bootvidgj.dll>
[{2876D76C-CAAA-4313-AF97-8D1D9A2A1087}]    <C:\WINDOWS\system32\dpvvoxmh.dll>
注意该项[AppInit_DLLs]修改:把<HBmhly.dll>修改为<>即清空
[kcien32]    <kncer32.exe>
[HBService]    <HBInject.exe>
[kcien32]    <kncer32.exe>
[HBService]    <HBInject.exe>
[load]    <>

    启动项目 -- 服务 -- Win32服务应用程序之如下项禁用:
[Remote Procedure Call (RPC) / RpcSs]    <C:\WINDOWS\system32\svchost -k rpcss-->C:\WINDOWS\system32\srpcss.dll>

    启动项目 -- 服务-- 驱动程序之如下项禁用:
[msiffei / msiffei]    <System32\Drivers\msiffei.sys>
[msiffei / msiffei]    <System32\Drivers\msiffei.sys>
[HBKernel Driver / HBKernel]    <\SystemRoot\system32\DRIVERS\HBKernel.sys>
[msiffei / msiffei]    <System32\Drivers\msiffei.sys>
[HBKernel Driver / HBKernel]    <\SystemRoot\system32\DRIVERS\HBKernel.sys>


.将下面文字导入保存为1.reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
1
查看完整版本: 日志分析练习080813
© 2000 - 2026 Rising Corp. Ltd.