我们学校最近感染了可怕的病毒！整个局域网内大部分机子都中招了！
  中毒后症状：系统文件被破坏，在各个分区自动生成很多莫名其妙图标的快捷方式。用瑞星查杀出很多后缀名为.pif的病毒。注册表，命令行，任务管理器等都无法打开！开机特别慢，使用关机重启命令后要等很久才执行，关机也特别慢。很多应用程序都被破坏，无法打开，尤其是杀毒软件和安全工具。我把其中一台电脑重装系统后用最新版瑞星查杀后，第二天该电脑又感染！
以下附件是我用瑞星听诊器和sreng扫描的日志。

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; QQDownload 1.7; .NET CLR 1.1.4322)

自己先顶一个！！！！

C:\WINDOWS\SYSTEM32\HBMHLY.DLL
C:\WINDOWS\SYSTEM32\HBDNF.DLL
C:\WINDOWS\SYSTEM32\HBTL.DLL
C:\WINDOWS\SYSTEM32\HBQQSG.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\53U1TTME.2YS
C:\WINDOWS\SYSTEM32\DAUXMMBW.DLL
C:\WINDOWS\SYSTEM32\YEWIYAUT.DLL
C:\WINDOWS\SYSTEM32\CDTENJJJ.DLL
C:\WINDOWS\SYSTEM32\HBSO2.DLL
0003f5cb = C:\WINDOWS\SYSTEM32\DRIVERS\0003F5CB.SYS
4c70249 = C:\WINDOWS\SYSTEM32\4C70249.SYS
8882fa1 = C:\WINDOWS\SYSTEM32\8882FA1.SYS
c56bcc1 = C:\WINDOWS\SYSTEM32\C56BCC1.SYS
将这些文件复制出来，压缩打包，提交以下地址：
[url]http://mailcenter.rising.com.cn/uploadnew.aspx[/url]

和我一个电脑一样.....我有2个电脑瘫痪...

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <boot-hf><c:\windows\BOOT-hf.exe>  []
    <svcshare><C:\WINDOWS\system32\drivers\spoclsv.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <HBService32><System.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <internetnet><C:\WINDOWS\system32\wuauclt.exe>  [(Verified)]
    <mub12><mub12.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><HBmhly.dll,HBSO2.dll,HBZHUXIAN.dll,HBWOW.dll,HBDNF.dll,HBTL.dll,HBQQSG.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{3474A8C2-BEF9-46C8-983A-A26A0030EC30}><3474A8C2.dll>  [N/A]
    <{D91BC61E-7D78-4A2A-A336-7B97E8E52F0B}><D91BC61E.dll>  [N/A]
    <{2CB77746-8ECC-40ca-8217-10CA8BE5EFC8}><C:\WINDOWS\system32\detlsghs.dll>  [File is missing]
    <{7ADC2AB1-5C6A-4178-82DA-94863354AF7C}><7ADC2AB1.dll>  [N/A]
    <{53360697-E270-4F80-AD5D-6FB518F03D24}><53360697.dll>  [N/A]
    <{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}><C:\WINDOWS\system32\idzaxswt.dll>  [File is missing]
    <{EBE50EA1-89C8-463A-998A-69A05ECD2D26}><EBE50EA1.dll>  [N/A]
    <{D3112B69-A745-4805-874E-ABD480EA1299}><C:\WINDOWS\system32\wwssubrg.dll>  [File is missing]
    <{4BF9CBA3-8DEE-41A1-8BDB-FC28D30E949F}><4BF9CBA3.dll>  [N/A]
    <{F0930A2F-D971-4828-8209-B7DFD266ED44}><C:\WINDOWS\system32\qjkogxsw.dll>  [File is missing]
    <{495271CA-D0C6-4052-ABE6-5B01C73CDFB0}><495271CA.dll>  [N/A]
    <{A2C3BA54-DF75-4881-8EB3-E54B26BBBBC9}><C:\WINDOWS\system32\ixbtryrx.dll>  [File is missing]
    <{9CA963CA-107C-4089-B0AB-31380F90D7E3}><9CA963CA.dll>  [N/A]
    <{93A892AF-3614-47b5-A2A6-77C56CE05288}><C:\WINDOWS\system32\scrruncqsj.dll>  [File is missing]
    <{434FA69C-5F0A-42e1-82B8-10AF2C8E53C6}><C:\WINDOWS\system32\cdtenjjj.dll>  []
    <{5184B75C-E5FF-48A3-83FE-44336678D83E}><5184B75C.dll>  [N/A]
    <{E4814792-EFA3-4C20-93D0-8B130A59F9A8}><E4814792.dll>  [N/A]
    <{BB4E3499-0132-4d3f-849A-2BE1B26D84E1}><C:\WINDOWS\system32\nrvibzqb.dll>  [File is missing]
    <{4EFDDEBE-303C-4D1A-8C9E-E4F215C43651}><4EFDDEBE.dll>  [N/A]
    <{8566F82E-03A4-416E-AEAC-66600D8881F1}><8566F82E.dll>  [N/A]
    <{D1CC9DC6-F0BC-40fc-9552-E497B05E05B8}><C:\WINDOWS\system32\yewiyaut.dll>  []
    <{F6A454AE-156A-415E-9F89-3795677A8A91}><C:\Program Files\Internet Explorer\53u1ttMe.2ys>  []
    <{76D44356-B494-443a-BEDC-AA68DE4255E6}><C:\WINDOWS\system32\jubbayag.dll>  [File is missing]
    <{432BDC7C-DE5B-43f4-AA81-E7F8AFB0182D}><C:\WINDOWS\system32\tgpmtwxk.dll>  [File is missing]
    <{F0C9FBC2-6FA2-479d-B65D-F9D65C613ECC}><C:\WINDOWS\system32\dauxmmbw.dll>  []
    <{6AECFF9B-2EA0-44CB-A158-9B5667C60F00}><6AECFF9B.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <tsaroemx.dll><C:\WINDOWS\system32\detlsghs.dll>  [File is missing]
    <hlljmogc.dll><C:\WINDOWS\system32\idzaxswt.dll>  [File is missing]
    <vmebsxbp.dll><C:\WINDOWS\system32\wwssubrg.dll>  [File is missing]
    <psxxdtun.dll><C:\WINDOWS\system32\qjkogxsw.dll>  [File is missing]
    <aankjcwh.dll><C:\WINDOWS\system32\ixbtryrx.dll>  [File is missing]
    <scrruncqsj.dll><C:\WINDOWS\system32\scrruncqsj.dll>  [File is missing]
    <ehtqnnlj.dll><C:\WINDOWS\system32\cdtenjjj.dll>  []
    <tvavyvyk.dll><C:\WINDOWS\system32\detlsghs.dll>  [File is missing]
    <dpggrtuv.dll><C:\WINDOWS\system32\idzaxswt.dll>  [File is missing]
    <gowghhoe.dll><C:\WINDOWS\system32\wwssubrg.dll>  [File is missing]
    <gdincnyt.dll><C:\WINDOWS\system32\qjkogxsw.dll>  [File is missing]
    <dwgbjgqw.dll><C:\WINDOWS\system32\ixbtryrx.dll>  [File is missing]
    <twainyy.dll><C:\WINDOWS\system32\cdtenjjj.dll>  []
    <ipjooorj.dll><C:\WINDOWS\system32\detlsghs.dll>  [File is missing]
    <wbuludqv.dll><C:\WINDOWS\system32\idzaxswt.dll>  [File is missing]
    <jmniazpa.dll><C:\WINDOWS\system32\wwssubrg.dll>  [File is missing]
    <gyhqnuxv.dll><C:\WINDOWS\system32\qjkogxsw.dll>  [File is missing]
    <amauzqrk.dll><C:\WINDOWS\system32\ixbtryrx.dll>  [File is missing]
    <poetiycw.dll><C:\WINDOWS\system32\detlsghs.dll>  [File is missing]
    <tvvlyuom.dll><C:\WINDOWS\system32\idzaxswt.dll>  [File is missing]
    <zegryrsf.dll><C:\WINDOWS\system32\wwssubrg.dll>  [File is missing]
    <dwmclqug.dll><C:\WINDOWS\system32\qjkogxsw.dll>  [File is missing]
    <aprrtjmi.dll><C:\WINDOWS\system32\ixbtryrx.dll>  [File is missing]
    <nrvibzqb.dll><C:\WINDOWS\system32\nrvibzqb.dll>  [File is missing]
    <detlsghs.dll><C:\WINDOWS\system32\detlsghs.dll>  [File is missing]
    <idzaxswt.dll><C:\WINDOWS\system32\idzaxswt.dll>  [File is missing]
    <wwssubrg.dll><C:\WINDOWS\system32\wwssubrg.dll>  [File is missing]
    <qjkogxsw.dll><C:\WINDOWS\system32\qjkogxsw.dll>  [File is missing]
    <yewiyaut.dll><C:\WINDOWS\system32\yewiyaut.dll>  []
    <ixbtryrx.dll><C:\WINDOWS\system32\ixbtryrx.dll>  [File is missing]
    <jubbayag.dll><C:\WINDOWS\system32\jubbayag.dll>  [File is missing]
    <tgpmtwxk.dll><C:\WINDOWS\system32\tgpmtwxk.dll>  [File is missing]
    <dauxmmbw.dll><C:\WINDOWS\system32\dauxmmbw.dll>  []
    <rebvplqs.dll><C:\WINDOWS\system32\cdtenjjj.dll>  []
    <klunqbpm.dll><C:\WINDOWS\system32\nrvibzqb.dll>  [File is missing]
    <jxsqhigd.dll><C:\WINDOWS\system32\detlsghs.dll>  [File is missing]
    <nwyxluee.dll><C:\WINDOWS\system32\idzaxswt.dll>  [File is missing]
    <ynpkrcyh.dll><C:\WINDOWS\system32\wwssubrg.dll>  [File is missing]
    <sspfcqzw.dll><C:\WINDOWS\system32\qjkogxsw.dll>  [File is missing]
    <qyccyagf.dll><C:\WINDOWS\system32\scrruncqsj.dll>  [File is missing]
    <arpnrydr.dll><C:\WINDOWS\system32\ixbtryrx.dll>  [File is missing]
    <ywoxixui.dll><C:\WINDOWS\system32\jubbayag.dll>  [File is missing]
    <iqbibvqu.dll><C:\WINDOWS\system32\tgpmtwxk.dll>  [File is missing]
    <cdtenjjj.dll><C:\WINDOWS\system32\cdtenjjj.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.EXE]
    <IFEO[360rpt.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.EXE]
    <IFEO[360safe.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.EXE]
    <IFEO[360safebox.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
...................................
.........................
..............
==================================
启动文件夹
[3]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\3.pif -->  [File is missing]><N>
==================================
驱动程序
[0003f5cb / 0003f5cb][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\0003f5cb.sys><N/A>

[4c70249 / 4c70249][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\4c70249.sys><N/A>

[8882fa1 / 8882fa1][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\8882fa1.sys><N/A>

[acpidisk / acpidisk][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>

[aecff9 / aecff9][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\aecff9.sys><N/A>

[c56bcc1 / c56bcc1][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\c56bcc1.sys><N/A>

[d4f876 / d4f876][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\d4f876.sys><N/A>

[d7ba6e / d7ba6e][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\d7ba6e.sys><N/A>

[HBKernel32 Driver / HBKernel32][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\HBKernel32.sys><N/A>

[msIffei / msIffei][Stopped/Manual Start]
  <System32\Drivers\msIffei.sys><N/A>

[sys_hkt / sys_hkt][Others/Disabled]
  <\??\C:\DOCUME~1\new\LOCALS~1\Temp\~43.tmp><N/A>

[dog0725 / dog0725][Running/Disabled]
  <\??\C:\Documents and Settings\new\桌面\obj2.sys><N/A>
==================================
浏览器加载项
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\PushWare\cpush0.dll, >
[]
  {F6A454AE-156A-415E-9F89-3795677A8A91} <C:\Program Files\Internet Explorer\53u1ttMe.2ys, N/A>
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\PushWare\cpush0.dll, >
[]
  {F6A454AE-156A-415E-9F89-3795677A8A91} <C:\Program Files\Internet Explorer\53u1ttMe.2ys, N/A
==================================
正在运行的进程
[PID: 588 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBSO2.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBZHUXIAN.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBDNF.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQSG.dll]  [N/A, ]
[PID: 1188 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBSO2.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBZHUXIAN.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBDNF.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQSG.dll]  [N/A, ]
[PID: 1296 / SYSTEM][C:\Program Files\StormII\stormliv.exe]  [北京暴风网际科技有限公司, 3, 8, 3, 15]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBSO2.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBZHUXIAN.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBDNF.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQSG.dll]  [N/A, ]
[PID: 1372 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBSO2.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBZHUXIAN.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBDNF.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQSG.dll]  [N/A, ]
[PID: 1760 / new][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBSO2.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBZHUXIAN.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBDNF.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQSG.dll]  [N/A, ]
    [C:\WINDOWS\system32\cdtenjjj.dll]  [N/A, ]
    [C:\WINDOWS\system32\yewiyaut.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\53u1ttMe.2ys]  [N/A, ]
    [C:\WINDOWS\system32\dauxmmbw.dll]  [N/A, ]
[PID: 488 / new][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5, 8, 3, 2469]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBDNF.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQSG.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\53u1ttMe.2ys]  [N/A, ]
    [C:\WINDOWS\system32\dauxmmbw.dll]  [N/A, ]
    [C:\WINDOWS\system32\yewiyaut.dll]  [N/A, ]
    [C:\WINDOWS\system32\cdtenjjj.dll]  [N/A, ]
[PID: 532 / new][C:\WINDOWS\RTHDCPL.EXE]  [Realtek Semiconductor Corp., 2.0.9.8]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBDNF.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQSG.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\53u1ttMe.2ys]  [N/A, ]
    [C:\WINDOWS\system32\dauxmmbw.dll]  [N/A, ]
    [C:\WINDOWS\system32\yewiyaut.dll]  [N/A, ]
    [C:\WINDOWS\system32\cdtenjjj.dll]  [N/A, ]
[PID: 548 / new][C:\WINDOWS\system32\VTTimer.exe]  [S3 Graphics, Inc., 2.00.01-0307]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBDNF.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQSG.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\53u1ttMe.2ys]  [N/A, ]
    [C:\WINDOWS\system32\dauxmmbw.dll]  [N/A, ]
    [C:\WINDOWS\system32\yewiyaut.dll]  [N/A, ]
    [C:\WINDOWS\system32\cdtenjjj.dll]  [N/A, ]
[PID: 568 / new][C:\WINDOWS\system32\VTtrayp.exe]  [S3 Graphics Co., Ltd., 2.00.54-0710]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBDNF.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQSG.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\53u1ttMe.2ys]  [N/A, ]
    [C:\WINDOWS\system32\dauxmmbw.dll]  [N/A, ]
    [C:\WINDOWS\system32\yewiyaut.dll]  [N/A, ]
    [C:\WINDOWS\system32\cdtenjjj.dll]  [N/A, ]
[PID: 824 / new][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBSO2.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBZHUXIAN.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBDNF.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQSG.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\53u1ttMe.2ys]  [N/A, ]
    [C:\WINDOWS\system32\dauxmmbw.dll]  [N/A, ]
    [C:\WINDOWS\system32\yewiyaut.dll]  [N/A, ]
    [C:\WINDOWS\system32\cdtenjjj.dll]  [N/A, ]
[PID: 1704 / new][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\DBMSSOCNS.DLL]  [N/A, ]
[PID: 2236 / new][c:\j.pif]  [Microsoft Corporation, 5, 8, 3, 2469]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBSO2.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBZHUXIAN.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBDNF.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQSG.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\53u1ttMe.2ys]  [N/A, ]
    [C:\WINDOWS\system32\dauxmmbw.dll]  [N/A, ]
    [C:\WINDOWS\system32\yewiyaut.dll]  [N/A, ]
    [C:\WINDOWS\system32\cdtenjjj.dll]  [N/A, ]
[PID: 2416 / new][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBDNF.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQSG.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\53u1ttMe.2ys]  [N/A, ]
    [C:\WINDOWS\system32\dauxmmbw.dll]  [N/A, ]
    [C:\WINDOWS\system32\yewiyaut.dll]  [N/A, ]
    [C:\WINDOWS\system32\cdtenjjj.dll]  [N/A, ]
[PID: 2568 / new][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\DBMSSOCNS.DLL]  [N/A, ]
[PID: 2696 / new][C:\Documents and Settings\new\桌面\X.PIF]  [N/A, ]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBDNF.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQSG.dll]  [N/A, ]
[PID: 3156 / new][C:\Documents and Settings\new\桌面\45465465\SRE1a10268b.EXE]  [Smallfrogs Studio, 2.6.12.1018]
    [C:\Program Files\Internet Explorer\53u1ttMe.2ys]  [N/A, ]
    [C:\WINDOWS\system32\dauxmmbw.dll]  [N/A, ]
    [C:\WINDOWS\system32\yewiyaut.dll]  [N/A, ]
    [C:\WINDOWS\system32\cdtenjjj.dll]  [N/A,
==================================
Autorun.inf
[C:\]
[AutoRun]

shell\open=打开(&O)

shell\open\Command=GSR.PIF

shell\open\Default=1

shell\explore=资源管理器(&X)

shell\explore\command=GSR.PIF
[D:\]
[AutoRun]

shell\open=打开(&O)

shell\open\Command=GSR.PIF

shell\open\Default=1

shell\explore=资源管理器(&X)

shell\explore\command=GSR.PIF
[E:\]
[AutoRun]

shell\open=打开(&O)

shell\open\Command=GSR.PIF

shell\open\Default=1

shell\explore=资源管理器(&X)

shell\explore\command=GSR.PIF
[F:\]
[AutoRun]

shell\open=打开(&O)

shell\open\Command=GSR.PIF

shell\open\Default=1

shell\explore=资源管理器(&X)

shell\explore\command=GSR.PIF
==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 488, C:\WINDOWS\SYSTEM32\WUAUCLT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 488, C:\WINDOWS\SYSTEM32\WUAUCLT.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2236, C:\J.PIF]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2236, C:\J.PIF]
特殊特权被允许： SeDebugPrivilege [PID = 2696, C:\DOCUMENTS AND SETTINGS\NEW\桌面\X.PIF]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2696, C:\DOCUMENTS AND SETTINGS\NEW\桌面\X.PIF]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3148, C:\DOCUMENTS AND SETTINGS\NEW\桌面\45465465\KOKDR.EXE]

上面的就是异常项目

其中最重要的就是每个盘根目录下的那个Autorun.inf和GSR.PIF两文件。

你重装系统后，进新系统的第一次，绝不使用原机文件，绝不打开任何磁盘

先去用解压工具WinRAR打开除系统外的其他盘，删除根目录下的Autorun.inf和GSR.PIF两文件。

然后重启电脑，进系统后还是不使用任何原机文件

直接上网下载杀毒软件，安装升级全盘杀毒。

就这么简单而已。

局域网内还需要考虑其他中毒电脑影响你。

所有类似电脑可能都需要这样处理。

此毒替换系统文件，可能依靠杀毒软件难以达到理想化的杀毒效果。

可能插过类似情况的电脑的所有移动存储设备都被注入这Autorun.inf和GSR.PIF两文件了。

蝗虫军团

我想知道这毒叫什么名字…………

现在网络上就那么称呼
没有你想的理想化的专杀

就叫蝗虫军团？！