瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 我看到了专家的回复但不知道该如何操作

1   1  /  1  页   跳转

[已解决] 我看到了专家的回复但不知道该如何操作

我看到了专家的回复但不知道该如何操作

手工杀毒操作方法看我签名
删除启动项
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]下支持吗项目及对应文件
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [File is missing]
    <bndfxdh><C:\WINDOWS\system32\bndfxdh.exe>  [File is missing]
    <HBmhly><"C:\WINDOWS\system32\HBmhly.exe" -r>  [File is missing]
修改启动项
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe,und15.exe,icp15.exe,,hicp15.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,svchost.xy3>  [(Verified)Microsoft Windows Publisher]
为  <shell><Explorer.exe>
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]


改注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><wcomipe.dll longasus.dll sctzxy.dll mssddyn.dll comremo.dll welycz.dll joliom.dll follwel.dll pcibexl.dll ceshleo.dll,kmon.dll>  [N/A]
为    <AppInit_DLLs><>
删除启动项
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]下注册表项目及<>内的DLL文件
    <{8C8D1401-A58D-A81C-CD24-A5915C4517C8}><C:\WINDOWS\system32\mnmhhsrv.dll>  [File is missing]
    <{00170017-0017-0017-0017-00170017BB15}><C:\WINDOWS\system32\msobjstl.dll>  []
    <{8FD45A54-9875-698F-E56E-65102358FDF8}><C:\WINDOWS\system32\apsghjba.dll>  [File is missing]
    <{00050005-0005-0005-0005-00050005BB15}><C:\WINDOWS\system32\cliconfgzx.dll>  []
    <{00230023-0023-0023-0023-00230023BB15}><C:\WINDOWS\system32\rasdlgcq.dll>  []
    <{00330033-0033-0033-0033-00330033BB15}><C:\WINDOWS\system32\tscfgwmijxsj.dll>  []
    <{2A698452-C5D8-C584-C256-C264C987C5A2}><C:\WINDOWS\system32\ijdybpaw.dll>  [File is missing]
    <{00010001-0001-0001-0001-00010001BB15}><C:\WINDOWS\system32\adsntzt.dll>  []
    <{00040004-0004-0004-0004-00040004BB15}><C:\WINDOWS\system32\catsrvwl.dll>  []
    <{00030003-0003-0003-0003-00030003BB15}><C:\WINDOWS\system32\bootvidgj.dll>  []
    <{4D698451-2015-6358-9871-2015987452D4}><C:\WINDOWS\system32\apzhdtde.dll>  [File is missing]
    <{7C648541-1025-9650-9057-6541258720C7}><C:\WINDOWS\system32\mndhgdwd.dll>  [File is missing]
    <{00120012-0012-0012-0012-00120012BB15}><C:\WINDOWS\system32\kbdswjr.dll>  []
    <{00060006-0006-0006-0006-00060006BB15}><C:\WINDOWS\system32\dispexcb.dll>  []
    <{57AC9076-C898-B098-D098-A18319080975}><C:\WINDOWS\system32\nhmxejkl.dll>  [File is missing]
    <{00270027-0027-0027-0027-00270027BB15}><C:\WINDOWS\system32\wmpuiqhx.dll>  []
    <{00320032-0032-0032-0032-00320032BB15}><C:\WINDOWS\system32\xolehlpjh.dll>  []
    <{64FAE856-AD58-20CB-A025-CD4895FA6E46}><C:\WINDOWS\system32\pjjxfdwd.dll>  [File is missing]
    <{00250025-0025-0025-0025-00250025BB15}><C:\WINDOWS\system32\slbiopfs2.dll>  []
    <{6A069845-2036-6084-9054-6087502480A6}><C:\WINDOWS\system32\ozfyfbyt.dll>  [File is missing]
    <{25FD6584-698F-BCD2-602C-698745210352}><C:\WINDOWS\system32\rijxbkin.dll>  [File is missing]
    <{00310031-0031-0031-0031-00310031BB15}><C:\WINDOWS\system32\cryptuiwlqx.dll>  []
    <{49109876-7619-9101-7012-901938475194}><C:\WINDOWS\system32\ietzdpaq.dll>  [File is missing]
    <{48093456-9012-4568-9076-908765467184}><C:\WINDOWS\system32\tisqdtyu.dll>  [File is missing]
    <{00210021-0021-0021-0021-00210021BB15}><C:\WINDOWS\system32\olecli32pt.dll>  []
    <{52023698-6984-8541-9654-698745012525}><C:\WINDOWS\system32\skqnebib.dll>  [File is missing]
    <{00300030-0030-0030-0030-00300030BB15}><C:\WINDOWS\system32\imgutilhx2.dll>  []
    <{000F087F-4378-545F-74FA-37D345AD7A8C}><C:\WINDOWS\system32\mttwfh.dll>  [File is missing]
    <{000030AE-0380-4351-8244-EE98A3240370}><C:\WINDOWS\system32\mghefy.dll>  [File is missing]
    <{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}><C:\WINDOWS\system32\wklsdd.dll>  [File is missing]
    <{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINDOWS\system32\sgdewg.dll>  [File is missing]
    <{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}><C:\WINDOWS\system32\jfdses.dll>  [File is missing]
    <{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}><C:\WINDOWS\system32\dndsaf.dll>  [File is missing]
    <{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><>  [N/A]
    <{A9895933-6636-4281-BC58-EE6DE2AF96E3}><C:\WINDOWS\system32\ddserh.dll>  [File is missing]
    <{84143967-B645-4BFF-B873-DA1DC886E9A7}><C:\WINDOWS\system32\cedafb.dll>  [File is missing]
    <{841529CB-7F77-4B99-A895-B5441E0D302F}><C:\WINDOWS\system32\jfrwdh.dll>  [File is missing]
    <{B29583D8-033A-4B9F-8553-7C5458F3FB8E}><C:\WINDOWS\system32\jdsaex.dll>  [File is missing]
    <{0B846B26-BFE6-4E8E-A948-1DB17B77B483}><C:\WINDOWS\system32\tdfhex.dll>  [File is missing]
    <{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}><C:\WINDOWS\system32\fsrgeb.dll>  [File is missing]
    <{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}><C:\WINDOWS\system32\fmcvxy.dll>  [File is missing]
    <{5E907A48-400E-4EA8-9792-FFAE052D59E9}><C:\WINDOWS\system32\pedadt.dll>  [File is missing]
    <{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}><C:\WINDOWS\system32\tdggrz.dll>  [File is missing]
删除启动项
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]下注册表项目及<>内的DLL文件
    <msobjstl.dll><C:\WINDOWS\system32\msobjstl.dll>  []
    <cliconfgzx.dll><C:\WINDOWS\system32\cliconfgzx.dll>  []
    <rasdlgcq.dll><C:\WINDOWS\system32\rasdlgcq.dll>  []
    <tscfgwmijxsj.dll><C:\WINDOWS\system32\tscfgwmijxsj.dll>  []
    <adsntzt.dll><C:\WINDOWS\system32\adsntzt.dll>  []
    <catsrvwl.dll><C:\WINDOWS\system32\catsrvwl.dll>  []
    <bootvidgj.dll><C:\WINDOWS\system32\bootvidgj.dll>  []
    <kbdswjr.dll><C:\WINDOWS\system32\kbdswjr.dll>  []
    <dispexcb.dll><C:\WINDOWS\system32\dispexcb.dll>  []
    <wmpuiqhx.dll><C:\WINDOWS\system32\wmpuiqhx.dll>  []
    <xolehlpjh.dll><C:\WINDOWS\system32\xolehlpjh.dll>  []
    <slbiopfs2.dll><C:\WINDOWS\system32\slbiopfs2.dll>  []
    <cryptuiwlqx.dll><C:\WINDOWS\system32\cryptuiwlqx.dll>  []
    <olecli32pt.dll><C:\WINDOWS\system32\olecli32pt.dll>  []
    <imgutilhx2.dll><C:\WINDOWS\system32\imgutilhx2.dll>  []
删除驱动及驱动对应文件
[HBKernel Driver / HBKernel][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\HBKernel.sys><N/A>
[HiddFldy / HiddFldy][Running/Auto Start]
  <\??\C:\WINDOWS\system32\d32dx9.sys><N/A>
[obj2 / obj2][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\DRIVERS\obj2.sys><N/A>
删除文件C:\WINDOWS\system32\HBmhly.exe
C:\WINDOWS\system32\exyp15.exe
C:\WINDOWS\system32\wcomipek.exe
C:\WINDOWS\system32\exyp15.exe
C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys
C:\WINDOWS\system32\hicp15.exe


这是专家给的答复,请问谁能用简单的语言或图告诉我,谢谢叻!

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
最后编辑俹当 最后编辑于 2008-07-20 07:39:04
分享到:
gototop
 

回复:我看到了专家的回复但不知道该如何操作

不能
我签名里有

如不会
1.重装系统
2.到站务区申请一帮一
gototop
 

回复:我看到了专家的回复但不知道该如何操作

1.用XDelBox勾选抑制再生后删除以下文件:(XDelBox1.7支持奥运版下载)
使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入不检查路径,导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。

c:\windows\system32\hicp15.exe
c:\windows\system32\exyp15.exe
c:\windows\system32\zsqf.dll
c:\windows\system32\wcomipek.exe
c:\windows\system32\hbmhly.exe
c:\windows\system32\bndfxdh.dll
c:\windows\system32\ghjsw.dll
c:\windows\system32\zxdtye.dll
c:\windows\system32\adsntzt.dll
c:\windows\system32\bootvidgj.dll
c:\windows\system32\catsrvwl.dll
c:\windows\system32\cliconfgzx.dll
c:\windows\system32\cryptuiwlqx.dll
c:\windows\system32\dispexcb.dll
c:\windows\system32\imgutilhx2.dll
c:\windows\system32\kbdswjr.dll
c:\windows\system32\msobjstl.dll
c:\windows\system32\olecli32pt.dll
c:\windows\system32\rasdlgcq.dll
c:\windows\system32\slbiopfs2.dll
c:\windows\system32\tisqdtyu.dll
c:\windows\system32\tscfgwmijxsj.dll
c:\windows\system32\wmpuiqhx.dll
c:\windows\system32\xolehlpjh.dll
c:\windows\system32\cedafb.dll
c:\windows\system32\ddserh.dll
c:\windows\system32\dndsaf.dll
c:\windows\system32\fmcvxy.dll
c:\windows\system32\fsrgeb.dll
c:\windows\system32\jdsaex.dll
c:\windows\system32\jfdses.dll
c:\windows\system32\jfrwdh.dll
c:\windows\system32\mghefy.dll
c:\windows\system32\mttwfh.dll
c:\windows\system32\pedadt.dll
c:\windows\system32\pthreadcg3.dll
c:\windows\system32\sgdewg.dll
c:\windows\system32\tdfhex.dll
c:\windows\system32\tdggrz.dll
c:\windows\system32\wklsdd.dll
c:\windows\system32\zycdex.dll
c:\windows\system32\nhmxejkl.dll
c:\windows\system32\skqnebib.dll
c:\program files\internet explorer\plugins\unixsys08.sys
c:\windows\system32\ozfyfbyt.dll
c:\windows\system32\rijxbkin.dll
c:\windows\system32\ietzdpaq.dll
c:\windows\system32\mnmhhsrv.dll
c:\windows\system32\apsghjba.dll
c:\windows\system32\ijdybpaw.dll
c:\windows\system32\bndfxdh.exe
c:\windows\system32\hbmhly.exe
c:\windows\system32\apzhdtde.dll
c:\windows\system32\mndhgdwd.dll
c:\windows\system32\pjjxfdwd.dll
c:\windows\system32\pthreadcg3.dll
c:\windows\system32\drivers\obj2.sys
c:\windows\system32\d32dx9.sys
c:\windows\system32\drivers\hbkernel.sys

2.删除重启后使用SREng修复下面各项:

    启动项目 -- 注册表之如下项删除:
[imgutilhx2.dll] 
[olecli32pt.dll] 
[cryptuiwlqx.dll]
[slbiopfs2.dll] 
[xolehlpjh.dll] 
[wmpuiqhx.dll]   
[dispexcb.dll]   
[kbdswjr.dll]   
[bootvidgj.dll] 
[catsrvwl.dll]   
[adsntzt.dll]   
[tscfgwmijxsj.dll]
[rasdlgcq.dll]   
[cliconfgzx.dll] 
[msobjstl.dll]   
[{45AADFAA-DD36-42AB-83AD-0521BBF58C24}]   
[{00300030-0030-0030-0030-00300030BB15}] 
[{00210021-0021-0021-0021-00210021BB15}] 
[{00310031-0031-0031-0031-00310031BB15}] 
[{00250025-0025-0025-0025-00250025BB15}] 
[{00320032-0032-0032-0032-00320032BB15}] 
[{00270027-0027-0027-0027-00270027BB15}] 
[{00060006-0006-0006-0006-00060006BB15}] 
[{00120012-0012-0012-0012-00120012BB15}] 
[{00030003-0003-0003-0003-00030003BB15}] 
[{00040004-0004-0004-0004-00040004BB15}] 
[{00010001-0001-0001-0001-00010001BB15}] 
[{00330033-0033-0033-0033-00330033BB15}] 
[{00230023-0023-0023-0023-00230023BB15}] 
[{00050005-0005-0005-0005-00050005BB15}] 
[{00170017-0017-0017-0017-00170017BB15}] 
注意该项[AppInit_DLLs]修改:把<wcomipe.dll longasus.dll sctzxy.dll mssddyn.dll comremo.dll welycz.dll joliom.dll follwel.dll pcibexl.dll ceshleo.dll,kmon.dll>修改为<>即清空
注意该项[shell]修改:把<Explorer.exe,und15.exe,icp15.exe,,hicp15.exe>修改为<Explorer.exe>即清除Explorer.exe后面的内容
注意该项[Userinit]修改:把<C:\WINDOWS\system32\userinit.exe,svchost.xy3>修改为<C:\WINDOWS\system32\userinit.exe,>逗号不可省略
[{6A069845-2036-6084-9054-6087502480A6}] 
[{25FD6584-698F-BCD2-602C-698745210352}] 
[{49109876-7619-9101-7012-901938475194}] 
[{48093456-9012-4568-9076-908765467184}] 
[{8C8D1401-A58D-A81C-CD24-A5915C4517C8}] 
[{52023698-6984-8541-9654-698745012525}] 
[{000F087F-4378-545F-74FA-37D345AD7A8C}] 
[{000030AE-0380-4351-8244-EE98A3240370}] 
[{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}] 
[{8C41B7F7-3168-400D-A702-0E7EFE0BA304}] 
[{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}] 
[{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}] 
[{8FD45A54-9875-698F-E56E-65102358FDF8}] 
[{A9895933-6636-4281-BC58-EE6DE2AF96E3}] 
[{84143967-B645-4BFF-B873-DA1DC886E9A7}] 
[{841529CB-7F77-4B99-A895-B5441E0D302F}] 
[{B29583D8-033A-4B9F-8553-7C5458F3FB8E}] 
[{0B846B26-BFE6-4E8E-A948-1DB17B77B483}] 
[{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}] 
[{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}] 
[{5E907A48-400E-4EA8-9792-FFAE052D59E9}] 
[{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}] 
[{2A698452-C5D8-C584-C256-C264C987C5A2}] 
[bndfxdh] 
[HBmhly]   
[{4D698451-2015-6358-9871-2015987452D4}] 
[{7C648541-1025-9650-9057-6541258720C7}] 
[{57AC9076-C898-B098-D098-A18319080975}] 
[{64FAE856-AD58-20CB-A025-CD4895FA6E46}] 

    启动项目 -- 服务 -- Win32服务应用程序之如下项删除:
[Security Control / seictrl]   

    启动项目 -- 服务-- 驱动程序之如下项删除:
[obj2 / obj2] 
[HiddFldy / HiddFldy] 
[HBKernel Driver / HBKernel]   

做完下载以下工具清理一次并更新杀毒软件至最新进行全盘杀毒

清理系统临时文件和IE临时文件夹
http://www.atribune.org/public-beta/ATF-Cleaner.exe
用金山清理专家清理恶意软件
http://www.duba.net/zt/ksc/down.shtml
下载 windows清理助手清理一遍
http://www.arswp.com/download/arswp2/arswp2.zip
本帖被评分 1 次
最后编辑豪斯登堡新郎 最后编辑于 2008-07-19 23:59:03
不认识我没关系,因为我也不认识你。
gototop
 

回复:我看到了专家的回复但不知道该如何操作

该用户帖子内容已被屏蔽
gototop
 
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT