人已憔悴，病毒仍在，有SRE日志，求助高手帮忙~~~~~ - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛人已憔悴，病毒仍在，有SRE日志，求助高手帮忙~~~~~

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

人已憔悴，病毒仍在，有SRE日志，求助高手帮忙~~~~~

无悔de人生初生襁褓狮帖子:30 注册: 2008-03-28 来自:	发表于： 2008-03-30 22:26 \| 只看楼主短消息资料字号：小中大 1楼人已憔悴，病毒仍在，有SRE日志，求助高手帮忙~~~~~ 好多病毒啊，杀了开机又有了，杀也杀不玩。求高手支个招。注意把过程说详细些，我有点白痴啊！！呵呵。太深奥的听不懂，呵呵！！！ -----精确扫描硬盘[2008-03-29\|16:34:17]-------- 本次扫描到112个木马病毒或广告间谍 C:\WINDOWS\mppds.exe (Trojan.Upack113895.e) C:\WINDOWS\upxdnd.exe (Trojan.Upack113895.e) C:\WINDOWS\tciocp32.exe (Trojan.Upack113895.e) C:\WINDOWS\cmdbcs.exe (Trojan.Upack113895.e) C:\WINDOWS\PTSShell.exe (Trojan.Upack113895.e) C:\WINDOWS\MsIMMs32.exE (Trojan.Upack113895.e) C:\WINDOWS\popo.exe (Hacker.fsg5773.e) C:\WINDOWS\system32\mseion.sys (Virus.Mnless8320.s) C:\WINDOWS\system32\ssave.exe (Hacker.fsg5773.e) C:\WINDOWS\system32\qoq.exe (Trojan.Agent8192.e) C:\WINDOWS\system32\jyjlt.dll (Trojan.Upack113895.e) C:\WINDOWS\system32\msepbe.dll (Trojan.Upack113895.e) C:\WINDOWS\system32\crugd.dll (Trojan.Upack113895.e) C:\WINDOWS\system32\MsIMMs32.dll (Trojan.Delf34816.d) C:\WINDOWS\system32\Com\hei20.exe (Hacker.fsg5773.e) C:\WINDOWS\Temp\tmp6.tmp (Trojan.Upack113895.e) C:\WINDOWS\Temp\tmpE.tmp (Trojan.Upack113895.e) C:\WINDOWS\Temp\install\hookdll.dll (Trojan.hookdll73728.d) C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JXPCT4FY\2[1].exe (Trojan.Upack113895.e) C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JXPCT4FY\6[1].exe (Trojan.Upack113895.e) C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JXPCT4FY\9[1].exe (Trojan.Upack113895.e) C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4X2VOPQB\rav[1].jpg (Hacker.fsg5773.e) C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4X2VOPQB\1[1].exe (Trojan.Upack113895.e) C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4X2VOPQB\1[2].exe (Trojan.Upack113895.e) C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4X2VOPQB\7[1].exe (Trojan.Upack113895.e) C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GLIJG9EZ\ssave[1].jpg (Hacker.fsg5773.e) C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GLIJG9EZ\4[1].exe (Trojan.Upack113895.e) C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GLIJG9EZ\ssave[2].jpg (Hacker.fsg5773.e) C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GLIJG9EZ\3[1].exe (Trojan.Upack113895.e) C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0DQZS5IF\20[1].exe (Hacker.fsg5773.e) C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0DQZS5IF\4[1].exe (Trojan.Upack113895.e) C:\Documents and Settings\Administrator\Local Settings\Temp\48\cdnforie.dll (Adware.cdn196608.d) C:\Documents and Settings\Administrator\Local Settings\Temp\48\cdnns.dll (Adware.cdnns22016.d) C:\Documents and Settings\Administrator\Local Settings\Temp\48\cdntdns.dll (Adware.CDN69888.d) C:\Documents and Settings\Administrator\Local Settings\Temp\48\cdntran.sys (Adware.CDN14657.s) C:\Documents and Settings\Administrator\Local Settings\Temp\48\idnconv.dll (Adware.CDN233472.d) C:\Documents and Settings\Administrator\Local Settings\Temp\48\iesrch.dll (Adware.cnnic32768.d) C:\Documents and Settings\Administrator\Local Settings\Temp\48\setup.exe (Adware.Setup29440.e) C:\Documents and Settings\Administrator\Local Settings\Temp\48\wmhlpr.dll (Adware.CDN66240.d) C:\Program Files\Common Files\Real\CNNIC\setup-real.exe (Adware.Setup560128.e) C:\Program Files\Tencent\SSPlus\SPlus.dll (Adware.tencent159744.d) C:\System Volume Information\_restore{9E34F2E3-5E93-4CFC-9FC1-E2F2ED81722D}\RP217\A0072284.exe (Trojan.Agent8192.e) C:\System Volume Information\_restore{9E34F2E3-5E93-4CFC-9FC1-E2F2ED81722D}\RP217\A0072285.exe (Hacker.fsg5773.e) C:\System Volume Information\_restore{9E34F2E3-5E93-4CFC-9FC1-E2F2ED81722D}\RP217\A0076683.exe (Hacker.fsg5773.e) C:\System Volume Information\_restore{9E34F2E3-5E93-4CFC-9FC1-E2F2ED81722D}\RP217\A0072339.sys (Trojan.OnLineGames3200.s) C:\System Volume Information\_restore{9E34F2E3-5E93-4CFC-9FC1-E2F2ED81722D}\RP217\A0076791.dll (Trojan.Delf34816.d) C:\System Volume Information\_restore{9E34F2E3-5E93-4CFC-9FC1-E2F2ED81722D}\RP217\A0076796.dll (Trojan.Upack113895.e) C:\System Volume Information\_restore{9E34F2E3-5E93-4CFC-9FC1-E2F2ED81722D}\RP217\A0076797.dll (Trojan.Upack113895.e) C:\System Volume Information\_restore{9E34F2E3-5E93-4CFC-9FC1-E2F2ED81722D}\RP217\A0076798.dll (Trojan.Upack113895.e) C:\System Volume Information\_restore{9E34F2E3-5E93-4CFC-9FC1-E2F2ED81722D}\RP217\A0073358.dll (Trojan.Rodog17408.d) C:\System Volume Information\_restore{9E34F2E3-5E93-4CFC-9FC1-E2F2ED81722D}\RP217\A0076803.exe (Hacker.fsg5773.e) C:\System Volume Information\_restore{9E34F2E3-5E93-4CFC-9FC1-E2F2ED81722D}\RP217\A0073368.exe (Hacker.fsg5773.e) C:\System Volume Information\_restore{9E34F2E3-5E93-4CFC-9FC1-E2F2ED81722D}\RP217\A0076808.dll (Trojan.Delf34816.d) C:\System Volume Information\_restore{9E34F2E3-5E93-4CFC-9FC1-E2F2ED81722D}\RP217\A0076814.exe (Trojan.Upack113895.e) C:\System Volume Information\_restore{9E34F2E3-5E93-4CFC-9FC1-E2F2ED81722D}\RP217\A0076815.exe (Trojan.Upack113895.e) C:\System Volume Information\_restore{9E34F2E3-5E93-4CFC-9FC1-E2F2ED81722D}\RP217\A0076816.exE (Trojan.Upack113895.e) C:\System Volume Information\_restore{9E34F2E3-5E93-4CFC-9FC1-E2F2ED81722D}\RP217\A0076821.exe (Hacker.fsg5773.e) C:\System Volume Information\_restore{9E34F2E3-5E93-4CFC-9FC1-E2F2ED81722D}\RP217\A0074404.exe (Hacker.fsg5773.e) C:\System Volume Information\_restore{9E34F2E3-5E93-4CFC-9FC1-E2F2ED81722D}\RP217\A0076826.sys (Virus.Mnless8320.s) C:\System Volume Information\_restore{9E34F2E3-5E93-4CFC-9FC1-E2F2ED81722D}\RP217\A0075388.exe (Trojan.Agent8192.e) C:\System Volume Information\_restore{9E34F2E3-5E93-4CFC-9FC [用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) 附件: 文件名:10323032008330221448.txt 下载次数:103 文件类型:application/octet-stream 文件大小: 上传时间:2008-3-30 22:26:54 描述: 2008-03-31 00:25:39
无悔de人生初生襁褓狮帖子:30 注册: 2008-03-28 来自:	分享到：

火影忍者横据古稀狮帖子:7855 注册: 2006-06-29 来自:火星	发表于： 2008-03-31 00:24 \| 短消息资料字号：小中大 2楼用XDelBox删除 C:\WINDOWS\system32\msosmhfp00.dll C:\WINDOWS\system32\msosdohs00.dll C:\WINDOWS\system32\DRIVERS\atikoghb.sys 打开SRE 启动项目--注册表--删除 <AppInit_DLLs><msosmhfp00.dll,msosdohs00.dll>><> [N/A] ================================== 驱动程序 [atikoghb / atikoghb][Stopped/Boot Start] <\SystemRoot\System32\DRIVERS\atikoghb.sys><N/A> ==================================
火影忍者横据古稀狮帖子:7855 注册: 2006-06-29 来自:火星

侠者秋水快乐黄口狮帖子:205 注册: 2007-06-14 来自:	发表于： 2008-03-31 00:37 \| 短消息资料字号：小中大 3楼断开网络1.建议使用XDelBox删除以下文件http://www.dodudou.com/down/index.php(XDelBox1.6下载) 使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择勾上抑制再生，从剪贴板导入不检查路径，导入后在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等）。 c:\windows\system32\msosmhfp00.dll c:\windows\system32\msosdohs00.dll c:\windows\system32\drivers\atikoghb.sys c:\windows\system32\drivers\bootdrv.sys 2.删除重启后使用SREng修复下面各项：启动项目－－注册表之如下项删除： [AppInit_DLLs] <msosmhfp00.dll,msosdohs00.dll> 启动项目－－服务－－驱动程序之如下项禁用： [atikoghb / atikoghb] <\SystemRoot\System32\DRIVERS\atikoghb.sys> [bootdrv / bootdrv] <\SystemRoot\System32\Drivers\bootdrv.sys> 关闭系统还原
侠者秋水快乐黄口狮帖子:205 注册: 2007-06-14 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT