居然把瑞星都杀掉了,启动项多了HBInJect.exe,麻烦高手看看，指点解决方法

xiexie

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

终于通过审核了，昨晚发贴到电脑中毒，输入法也出问题，所以没说的很详细。

已经下载了Xdelbox，但是不知道该删那些文件，使用Sreng在注册表启动项目中删除 也没使用过，希望能说的详细点，谢谢

1.使用Xdelbox删除
C:\WINDOWS\system32\explore.exe
C:\WINDOWS\system32\knx32.exe
C:\WINDOWS\knx32.exe
C:\WINDOWS\system32\inetresdxc.dll
C:\WINDOWS\system32\lweurqhx.dll
C:\WINDOWS\system32\cliconfgzx.dll
C:\WINDOWS\system32\mstimewd.dll
C:\WINDOWS\system32\bootvidgj.dll
C:\WINDOWS\system32\adsntzt.dll
C:\WINDOWS\system32\xolehlpjh.dll
C:\WINDOWS\system32\dispexcb.dll
C:\WINDOWS\system32\tscfgwmijxsj.dll
C:\WINDOWS\system32\slbiopfs2.dll
C:\WINDOWS\system32\tdfhex.dll
C:\WINDOWS\system32\scrruncqsj.dll
C:\WINDOWS\system32\certmgrkd.dll
C:\WINDOWS\system32\qpismdhp.dll
C:\WINDOWS\system32\cedafb.dll
C:\WINDOWS\system32\sgdewg.dll
C:\WINDOWS\system32\imgutilhx2.dll
C:\WINDOWS\system32\C578B618.dll
C:\WINDOWS\system32\HBmhly.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_tmp.bat
C:\WINDOWS\system32\DRIVERS\HBKernel.sys
C:\WINDOWS\system32\Drivers\msiffei.sys
2.在Sreng的启动项目/注册表中删除
<HBService><explore.exe>  []
<kcodn><knx32.exe>  []
<{CD561258-45F3-A451-F908-A258458226DC}><C:\WINDOWS\system32\kvdxslma.dll>  [File is missing]
    <{12FAACDE-34DA-CCD4-AB4D-DA34485A3421}><C:\WINDOWS\system32\rsjzapm.dll>  [File is missing]
    <{BB681598-AD5F-BC8C-77DC-748FAC8D3FBB}><C:\WINDOWS\system32\kafykzy.dll>  [File is missing]
    <{7A321487-4977-D98A-C8D5-6488257545A7}><C:\WINDOWS\system32\kapjgzy.dll>  [File is missing]
    <{1C098A56-F90F-A789-901F-8906546720C1}><C:\WINDOWS\system32\gjtmayc.dll>  [File is missing]
    <{D859245F-345D-BC13-AC4F-145D47DA34FD}><C:\WINDOWS\system32\avzxmmn.dll>  [File is missing]
    <{9960356A-458E-DE24-BD50-268F589A56A9}><C:\WINDOWS\system32\avwlimn.dll>  [File is missing]
    <{792FADFA-BCDE-ACDF-CDEF-21054865CBA7}><C:\WINDOWS\system32\wsmsezx.dll>  [File is missing]
    <{8A1247C1-53DA-FF43-ABD3-345F323A48D8}><C:\WINDOWS\system32\avwghmn.dll>  [File is missing]
    <{CC87A354-ABC3-DEDE-FF33-3213FD7447CC}><C:\WINDOWS\system32\kvdxlma.dll>  [File is missing]
    <{1D908534-AD45-920F-AC89-4024FA9D26D1}><C:\WINDOWS\system32\gjfhayc.dll>  [File is missing]
<{2876D76C-CAAA-4313-AF97-8D1D9A2A1087}><C:\WINDOWS\system32\dpvvoxmh.dll>  [File is missing]
    <{BB4E3499-0132-4d3f-849A-2BE1B26D84E1}><C:\WINDOWS\system32\inetresdxc.dll>  []
    <{71A78CD4-E470-4a18-8457-E0E0283DD507}><C:\WINDOWS\system32\lweurqhx.dll>  []
    <{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}><C:\WINDOWS\system32\cliconfgzx.dll>  []
    <{65056902-6E7B-4bd7-95BA-688DB5FA5BEB}><C:\WINDOWS\system32\mstimewd.dll>  []
    <{D3112B69-A745-4805-874E-ABD480EA1299}><C:\WINDOWS\system32\bootvidgj.dll>  []
    <{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}><C:\WINDOWS\system32\adsntzt.dll>  []
    <{F0930A2F-D971-4828-8209-B7DFD266ED44}><C:\WINDOWS\system32\xolehlpjh.dll>  []
    <{76D44356-B494-443a-BEDC-AA68DE4255E6}><C:\WINDOWS\system32\dispexcb.dll>  []
    <{2CB77746-8ECC-40ca-8217-10CA8BE5EFC8}><C:\WINDOWS\system32\tscfgwmijxsj.dll>  []
    <{EB9660D8-E1CD-4ff0-B4A9-00CD907F928A}><C:\WINDOWS\system32\slbiopfs2.dll>  []
    <{0B846B26-BFE6-4E8E-A948-1DB17B77B483}><C:\WINDOWS\system32\tdfhex.dll>  []
    <{00240024-0024-0024-0024-00240024BB15}><C:\WINDOWS\system32\scrruncqsj.dll>  []
    <{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}><C:\WINDOWS\system32\certmgrkd.dll>  []
    <{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}><C:\WINDOWS\system32\qpismdhp.dll>  []
    <{84143967-B645-4BFF-B873-DA1DC886E9A7}><C:\WINDOWS\system32\cedafb.dll>  []
    <{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINDOWS\system32\sgdewg.dll>  []
    <{DA56B183-A731-402b-9235-2CB8803E212D}><C:\WINDOWS\system32\imgutilhx2.dll>  []
    <{C578B618-FAF7-4D46-BD55-50655B94FEF7}><C578B618.dll>  []
<dpvvoxmh.dll><C:\WINDOWS\system32\dpvvoxmh.dll>  [File is missing]
    <inetresdxc.dll><C:\WINDOWS\system32\inetresdxc.dll>  []
    <lweurqhx.dll><C:\WINDOWS\system32\lweurqhx.dll>  []
    <cliconfgzx.dll><C:\WINDOWS\system32\cliconfgzx.dll>  []
    <mstimewd.dll><C:\WINDOWS\system32\mstimewd.dll>  []
    <bootvidgj.dll><C:\WINDOWS\system32\bootvidgj.dll>  []
    <adsntzt.dll><C:\WINDOWS\system32\adsntzt.dll>  []
    <xolehlpjh.dll><C:\WINDOWS\system32\xolehlpjh.dll>  []
    <dispexcb.dll><C:\WINDOWS\system32\dispexcb.dll>  []
    <tscfgwmijxsj.dll><C:\WINDOWS\system32\tscfgwmijxsj.dll>  []
    <slbiopfs2.dll><C:\WINDOWS\system32\slbiopfs2.dll>  []
    <scrruncqsj.dll><C:\WINDOWS\system32\scrruncqsj.dll>  []
    <certmgrkd.dll><C:\WINDOWS\system32\certmgrkd.dll>  []
    <wapyoaia.dll><C:\WINDOWS\system32\qpismdhp.dll>  []
    <imgutilhx2.dll><C:\WINDOWS\system32\imgutilhx2.dll>  []
    <wnokobto.dll><C:\WINDOWS\system32\qpismdhp.dll>  []
    <nsduhwub.dll><C:\WINDOWS\system32\qpismdhp.dll>  []
    <qpismdhp.dll><C:\WINDOWS\system32\qpismdhp.dll>  []
将 <Userinit><C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sichost.exe>改成<Userinit><C:\WINDOWS\system32\userinit.exe,>注意逗号是必需的！！！
将<AppInit_DLLs><mduaey.dll candayl.dll wllame.dll catower.dll kandaof.dll,aaa.dll,HBmhly.dll,kmon.dll>  [N/A]改成<AppInit_DLLs><kmon.dll>
3.使用附件的东东
4.使用windows清理助手清理系统
5.再上传一份新日志

对，关于那个输入法问题，病毒删除了你的ctfmon.exe，你在system32\dllcache找到ctfmon.exe复制到system32文件夹下就可以了。找不到可以到其他电脑拷一个也行

谢谢rainyblue，是家里的电脑中毒，晚上回去试试，操作完再上传一份新的日志报告一下

按照上面的步骤操作后，出现了以下问题，

1，用XDelBox1[1].6 删除时，提示找不到C:\WINDOWS\knx32.exe 和 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_tmp.bat
2，用Sreng删除时，以下删除完重启后又出现
<{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}><C:\WINDOWS\system32\certmgrkd.dll>  []
    <{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}><C:\WINDOWS\system32\qpismdhp.dll>  []
    <{84143967-B645-4BFF-B873-DA1DC886E9A7}><C:\WINDOWS\system32\cedafb.dll>  []
    <{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINDOWS\system32\sgdewg.dll>  []
    <{DA56B183-A731-402b-9235-2CB8803E212D}><C:\WINDOWS\system32\imgutilhx2.dll>  []
    <{C578B618-FAF7-4D46-BD55-50655B94FEF7}><C578B618.dll>  []
<dpvvoxmh.dll><C:\WINDOWS\system32\dpvvoxmh.dll>  [File is missing]
    <inetresdxc.dll><C:\WINDOWS\system32\inetresdxc.dll>  []
    <lweurqhx.dll><C:\WINDOWS\system32\lweurqhx.dll>  []
    <cliconfgzx.dll><C:\WINDOWS\system32\cliconfgzx.dll>  []
    <mstimewd.dll><C:\WINDOWS\system32\mstimewd.dll>  []
    <bootvidgj.dll><C:\WINDOWS\system32\bootvidgj.dll>  []
    <adsntzt.dll><C:\WINDOWS\system32\adsntzt.dll>  []
    <xolehlpjh.dll><C:\WINDOWS\system32\xolehlpjh.dll>  []
    <dispexcb.dll><C:\WINDOWS\system32\dispexcb.dll>  []
    <tscfgwmijxsj.dll><C:\WINDOWS\system32\tscfgwmijxsj.dll>  []
    <slbiopfs2.dll><C:\WINDOWS\system32\slbiopfs2.dll>  []
    <scrruncqsj.dll><C:\WINDOWS\system32\scrruncqsj.dll>  []
    <certmgrkd.dll><C:\WINDOWS\system32\certmgrkd.dll>  []
    <wapyoaia.dll><C:\WINDOWS\system32\qpismdhp.dll>  []
    <imgutilhx2.dll><C:\WINDOWS\system32\imgutilhx2.dll>  []
    <wnokobto.dll><C:\WINDOWS\system32\qpismdhp.dll>  []
    <nsduhwub.dll><C:\WINDOWS\system32\qpismdhp.dll>  []
    <qpismdhp.dll><C:\WINDOWS\system32\qpismdhp.dll>  []

3，不懂如何修改一下这两项，现在还没改
将 <Userinit><C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sichost.exe>改成<Userinit><C:\WINDOWS\system32\userinit.exe,>注意逗号是必需的！！！
将<AppInit_DLLs><mduaey.dll candayl.dll wllame.dll catower.dll kandaof.dll,aaa.dll,HBmhly.dll,kmon.dll>  [N/A]改成<AppInit_DLLs><kmon.dll>

附件是重新扫描的日志，请再帮忙查看下要如何进一步杀毒。

非常感谢

正常了，使用Sreng删除
<slbiopfs2.dll><>  [N/A]
    <inetresdxc.dll><>  [N/A]
    <certmgrkd.dll><>  [N/A]
    <tscfgwmijxsj.dll><>  [N/A]
    <xolehlpjh.dll><>  [N/A]
    <tgwjbwjo.dll><>  [N/A]
    <bootvidgj.dll><>  [N/A]
    <imgutilhx2.dll><>  [N/A]
    <scrruncqsj.dll><>  [N/A]
    <cliconfgzx.dll><>  [N/A]
删除驱动[msiffei / msiffei][Stopped/Manual Start]
  <System32\Drivers\msiffei.sys><N/A>


<Userinit>不用改了，windows清理助手改了