瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 冒着病毒传播的危险上来发这个病毒的信息!!!!!!严重求助

1   1  /  1  页   跳转

[求助] 冒着病毒传播的危险上来发这个病毒的信息!!!!!!严重求助

收藏
frederick1020
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2008-12-25
  • 来自:
发表于: 2008-12-27 11:44 | 只看楼主 短消息 资料
字号: 1楼

冒着病毒传播的危险上来发这个病毒的信息!!!!!!严重求助

病毒名称:Trojan.PSW.Win32.GameOL.thi
系统盘格式化后仍然出现
出现问题:1)打开"我的电脑"无法显示 2)瑞星软件和防火墙自动关闭 3)瑞星软件可以打开杀毒,但无法清除 4)上网后病毒自主复制,出现更多病毒 5)安全模式 也无法清楚
有哪位高人帮忙解决一下啊,谢谢了
附上一个瑞星的诊断报告在附件

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

附件附件:

下载次数:380
文件类型:application/octet-stream
文件大小:
上传时间:2008-12-27 11:44:21
描述:rar
分享到:
gototop
 
aaccbbdd
头像
卡卡巡查
  • 帖子:45933
  • 注册: 2007-11-17
  • 来自:蜀山仙剑派
论坛8周年活动礼物卡卡名人堂祖国六十华诞09欢乐圣诞吃货勋章2012我眼中的你们幸福玫瑰
发表于: 2008-12-27 11:47 | 短消息 资料
字号: 2楼

回复:冒着病毒传播的危险上来发这个病毒的信息!!!!!!严重求助

HB木马群

请上传sreng
以便楼主操作


请严格按照以下步骤操作

1.扫日志前建议清理助手清理系统
清理助手下载
升级清理助手,全盘扫描,只清理报为病毒的高危险项目,其他项目请自己判断
同时观察清理助手是否报告系统文件被替换。(注:如发现系统文件被替换,请将情况报上来,勿自己随意操作。如自己私自替换的,导致不能进系统,责任自负)
如清理无效

2.扫日志前关闭无用进程,如QQ,迅雷及播放器程序
3.Sreng官方下载
SREng/智能扫描(记得勾选“检查进程的数字签名)
等扫描完成,保存日志(LOG格式)
PS:如主程序SREng**.exe无法运行,导致无法扫描日志
将主程序改名为小狮子.bat
或小狮子.scr
4.金山清理专家官方下载  | 免安装版直接运行版金山清理专家下载
金山清理专家-在线系统诊断(隐藏安全项)-导出诊断报告-(全选)-导出报告
5.2份日志/报告以附件上传(点击我回的贴的右下角的“引用”,然后就应该知道怎么以附件发了),贴到反病毒/反流氓软件论坛.如已发帖的请跟贴,勿另开新帖。

建议2份日志同时上传,起到互补的作用(原因:金山和SRENG都能扫出另一个不能扫出的内容)!!
gototop
 
帅哥阿福
头像
雄霸杖朝狮
  • 帖子:21071
  • 注册: 2006-03-29
  • 来自:米兰
论坛8周年活动礼物祖国六十华诞09欢乐圣诞
发表于: 2008-12-27 11:49 | 短消息 资料
字号: 3楼

回复:冒着病毒传播的危险上来发这个病毒的信息!!!!!!严重求助

C:\WINDOWS\SYSTEM32\HBDNF.DLL
C:\WINDOWS\SYSTEM32\HBASKTAO.DLL
C:\WINDOWS\SYSTEM32\HBXMJ.DLL
C:\WINDOWS\SYSTEM32\HBJXSJ.DLL
C:\WINDOWS\SYSTEM32\HBZHUXIAN.DLL
C:\WINDOWS\SYSTEM32\HBW2I.DLL
C:\WINDOWS\SYSTEM32\HBWOW.DLL
C:\WINDOWS\SYSTEM32\HBQQXX.DLL
C:\WINDOWS\SYSTEM32\HBLYFX.DLL
C:\WINDOWS\SYSTEM32\HBXY2.DLL
C:\WINDOWS\SYSTEM32\HBBO.DLL
C:\WINDOWS\SYSTEM32\HBWULIN2.DLL
C:\WINDOWS\SYSTEM32\HBSO2.DLL
C:\WINDOWS\SYSTEM32\8572F939.DLL
C:\WINDOWS\SYSTEM32\HBSHQ.DLL
C:\WINDOWS\SYSTEM32\HBKDXY.DLL
C:\WINDOWS\SYSTEM32\HBCHIBI.DLL
C:\WINDOWS\SYSTEM32\HBYY.DLL
C:\WINDOWS\SYSTEM32\8572F939.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\JET0NNT64.987
C:\WINDOWS\TEMP\514703.TXT
C:\TEMP\KTAQH8688.EXE
C:\WINDOWS\SYSTEM32\SYSTEM.EXE
ALIWE32.EXE
C:\WINDOWS\SYSTEM32\ACS.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.SYS
提交到这里,或者提交给瑞星,地址如下:http://mailcenter.rising.com.cn/index.shtml
╭∩╮(︶︿︶)╭∩╮
gototop
 
frederick1020
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2008-12-25
  • 来自:
发表于: 2008-12-27 12:15 | 只看楼主 短消息 资料
字号: 4楼

回复: 冒着病毒传播的危险上来发这个病毒的信息!!!!!!严重求助

[CODE]

2008-12-27,12:14:40

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <HControl><C:\WINDOWS\ATK0100\HControl.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <High Definition Audio 属性页快捷方式><HDAShCut.exe>  [(Verified)Microsoft Windows XP Publisher]
    <AlcWzrd><ALCWZRD.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Alcmtr><ALCMTR.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxtray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxpers><C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <RavTray><"C:\Program Files\Rising\Rav\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <RFWTray><"C:\Program Files\Rising\RFW\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <TWCU><"C:\Program Files\TP-LINK\TL-WN310G_350G_351Gv5.0_TL-WN360Gv1.0\TWCU.exe" -nogui>  []
    <HBService32><System.exe>  [HB Software]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <Alcmtr><aliwe32.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><HBDNF.dll,HBASKTAO.dll,HBXMJ.dll,HBJXSJ.dll,HBZHUXIAN.dll,HBW2I.dll,HBWOW.dll,HBQQXX.dll,HBLYFX.dll,HBXY2.dll,HBBO.dll,HBWULIN2.dll,HBSO2.dll,8572F939.dll,HBSHQ.dll,HBKDXY.dll,HBCHIBI.dll,HBYY.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Publisher]
    <{8572F939-E4F4-4D8E-87B0-9019324ACE9F}><C:\WINDOWS\system32\8572F939.dll>  []
    <{A75103D2-B808-443E-8F4E-8F65F04D1FD4}><C:\Program Files\Internet Explorer\Jet0nNt64.987>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
    <8572F939><C:\WINDOWS\system32\8572F939.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe]
    <IFEO[360safe.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe]
    <IFEO[360safebox.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACKWIN32.exe]
    <IFEO[ACKWIN32.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTI-TROJAN.exe]
    <IFEO[ANTI-TROJAN.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti.exe]
    <IFEO[anti.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivir.exe]
    <IFEO[antivir.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atrack.exe]
    <IFEO[atrack.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AUTODOWN.exe]
    <IFEO[AUTODOWN.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avast.exe]
    <IFEO[avast.exe]><IFEOFILE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe]
    <IFEO[avcenter.exe]><IFEOFILE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.exe]
    <IFEO[AVCONSOL.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVE32.exe]
    <IFEO[AVE32.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGCTRL.exe]
    <IFEO[AVGCTRL.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe]
    <IFEO[avguard.exe]><IFEOFILE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avk.exe]
    <IFEO[avk.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVKSERV.exe]
    <IFEO[AVKSERV.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
    <IFEO[avp.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPUPD.exe]
    <IFEO[AVPUPD.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCHED32.exe]
    <IFEO[AVSCHED32.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe]
    <IFEO[avsynmgr.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWIN95.exe]
    <IFEO[AVWIN95.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxonsol.exe]
    <IFEO[avxonsol.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKD.exe]
    <IFEO[BLACKD.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKICE.exe]
    <IFEO[BLACKICE.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
    <IFEO[CCenter.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIADMIN.exe]
    <IFEO[CFIADMIN.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIAUDIT.exe]
    <IFEO[CFIAUDIT.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIND.exe]
    <IFEO[CFIND.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe]
    <IFEO[cfinet.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe]
    <IFEO[cfinet32.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLAW95.exe]
    <IFEO[CLAW95.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLAW95CT.exe]
    <IFEO[CLAW95CT.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLEANER.exe]
    <IFEO[CLEANER.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLEANER3.exe]
    <IFEO[CLEANER3.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DAVPFW.exe]
    <IFEO[DAVPFW.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dbg.exe]
    <IFEO[dbg.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\debu.exe]
    <IFEO[debu.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DV95.exe]
    <IFEO[DV95.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DV95_O.exe]
    <IFEO[DV95_O.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DVP95.exe]
    <IFEO[DVP95.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ECENGINE.exe]
    <IFEO[ECENGINE.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EFINET32.exe]
    <IFEO[EFINET32.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ESAFE.exe]
    <IFEO[ESAFE.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ESPWATCH.exe]
    <IFEO[ESPWATCH.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorewclass.exe]
    <IFEO[explorewclass.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-AGNT95.exe]
    <IFEO[F-AGNT95.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-PROT.exe]
    <IFEO[F-PROT.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe]
    <IFEO[f-prot95.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe]
    <IFEO[f-stopw.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FINDVIRU.exe]
    <IFEO[FINDVIRU.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fir.exe]
    <IFEO[fir.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe]
    <IFEO[fp-win.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FRW.exe]
    <IFEO[FRW.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe]
    <IFEO[guard.exe]><IFEOFILE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMAPP.exe]
    <IFEO[IAMAPP.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMSERV.exe]
    <IFEO[IAMSERV.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IBMASN.exe]

附件附件:

文件名:SREngLOG.log
下载次数:135
文件类型:application/octet-stream
文件大小:
上传时间:2008-12-27 12:15:11
描述:log
gototop
 
frederick1020
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2008-12-25
  • 来自:
发表于: 2008-12-27 12:21 | 只看楼主 短消息 资料
字号: 5楼

回复: 冒着病毒传播的危险上来发这个病毒的信息!!!!!!严重求助

已经在附件中上传...
大师们快帮帮我
谢谢了

附件附件:

文件名:SREngLOG.log
下载次数:83
文件类型:application/octet-stream
文件大小:
上传时间:2008-12-27 12:20:36
描述:log
gototop
 
sytu_sj1988
头像
自信弱冠狮
  • 帖子:349
  • 注册: 2008-12-23
  • 来自:
发表于: 2008-12-27 12:31 | 短消息 资料
字号: 6楼

回复:冒着病毒传播的危险上来发这个病毒的信息!!!!!!严重求助

怎么又是HB。。。。
要做的操作很多,不想写了。前天才帮一个人解决过,症状基本一样,用QQ一步一步告诉他的,要不你加我QQ好了。
这是一个与AUTORUN.INFU盘病毒关联的HB****.DLL木马群。

先试试后面我传的QQKAV能不能搞定。用注入查杀,桌面会消失一段时间,正常的。

附件附件:

下载次数:148
文件类型:application/octet-stream
文件大小:
上传时间:2008-12-27 12:41:19
描述:rar

附件附件:

文件名:qqkav.rar
下载次数:203
文件类型:application/octet-stream
文件大小:
上传时间:2008-12-27 12:48:03
描述:rar

最后编辑sytu_sj1988 最后编辑于 2008-12-27 12:52:21
gototop
 
sytu_sj1988
头像
自信弱冠狮
  • 帖子:349
  • 注册: 2008-12-23
  • 来自:
发表于: 2008-12-27 12:56 | 短消息 资料
字号: 7楼

回复:冒着病毒传播的危险上来发这个病毒的信息!!!!!!严重求助

先用上面的QQKAV注入查杀试试,或在进程中结束SYSTEM.EXE以后用修复劫持工具,再打开瑞星杀。上面如果无法解决可以加我QQ。
gototop
 
aaccbbdd
头像
卡卡巡查
  • 帖子:45933
  • 注册: 2007-11-17
  • 来自:蜀山仙剑派
论坛8周年活动礼物卡卡名人堂祖国六十华诞09欢乐圣诞吃货勋章2012我眼中的你们幸福玫瑰
发表于: 2008-12-27 13:25 | 短消息 资料
字号: 8楼

回复 5F frederick1020 的帖子

1.断开网络,开始—运行—输入services.msc,把下列服务设置为“禁用”:Application Management,Task Scheduler,System Restore Service,Windows Image Acquisition (WIA),Windows Time
2.打开%SystemRoot%\system32\dllcache文件夹 依次找到

schedsvc.dll

appmgmts.dll

srsvc.dll

w32time.dll

wiaservc.dll
文件

分别覆盖掉%SystemRoot%\system32\schedsvc.dll

%SystemRoot%\System32\appmgmts.dll

%SystemRoot%\System32\srsvc.dll

%SystemRoot%\System32\w32time.dll

%SystemRoot%\system32\wiaservc.dll

注:
%SystemRoot%代表本机C:\Windows文件夹

3建议使用XDelBox删除以下文件Xdelbox1.8下载地址
使用说明:先勾选抑制再生删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入不检查路径,导入后在要删除文件上点击右键,选择立刻重启删除(不论文件是否存在,继续操作重启删除
),电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。

C:\autorun.inf
D:\autorun.inf
E:\autorun.inf
F:\autorun.inf
C:\system.dll
D:\system.dll
E:\system.dll
F:\system.dll
c:\temp\ktaqh8688.exe
c:\windows\temp\514703.txt
c:\windows\system32\csrss.dll
c:\windows\system32\sh05014.dll
c:\windows\system32\sh09019.dll
c:\windows\system32\sh14035.dll
c:\windows\system32\sh19027.dll
c:\windows\system32\sh28010.dll
c:\windows\system32\aliwe32.dll
c:\program files\internet explorer\jet0nnt64.987
c:\windows\system32\8572f939.dll
c:\windows\system32\hbasktao.dll
c:\windows\system32\hbdnf.dll
c:\windows\system32\hbjxsj.dll
c:\windows\system32\hbw2i.dll
c:\windows\system32\hbwow.dll
c:\windows\system32\hbxmj.dll
c:\windows\system32\hbzhuxian.dll
c:\windows\system32\appwinproc.dll
c:\windows\system32\hbbo.dll
c:\windows\system32\hbchibi.dll
c:\windows\system32\hbkdxy.dll
c:\windows\system32\hblyfx.dll
c:\windows\system32\hbqqxx.dll
c:\windows\system32\hbshq.dll
c:\windows\system32\hbso2.dll
c:\windows\system32\hbwulin2.dll
c:\windows\system32\hbxy2.dll
c:\windows\system32\hbyy.dll
c:\windows\system32\drivers\qfyr.sys
c:\windows\system32\drivers\msiffei.sys
c:\windows\system32\nspass3.sys
c:\windows\system32\nspass1.sys
c:\windows\system32\nskhelper2.sys
c:\windows\system32\nspass4.sys
c:\windows\system32\nspass2.sys
c:\windows\system32\nspass0.sys
c:\windows\sony\baiduc.dll

4.删除重启后使用SREng修复下面各项:
启动项目 -- 注册表之如下项删除:
  <HBService32><System.exe>  [HB Software]   
<Alcmtr><aliwe32.exe>  []
  <{8572F939-E4F4-4D8E-87B0-9019324ACE9F}><C:\WINDOWS\system32\8572F939.dll>  []
    <{A75103D2-B808-443E-8F4E-8F65F04D1FD4}><C:\Program Files\Internet Explorer\Jet0nNt64.987>  []
    <8572F939><C:\WINDOWS\system32\8572F939.dll>  []
注意:
<AppInit_DLLs><HBDNF.dll,HBASKTAO.dll,HBXMJ.dll,HBJXSJ.dll,HBZHUXIAN.dll,HBW2I.dll,HBWOW.dll,HBQQXX.dll,HBLYFX.dll,HBXY2.dll,HBBO.dll,HBWULIN2.dll,HBSO2.dll,8572F939.dll,HBSHQ.dll,HBKDXY.dll,HBCHIBI.dll,HBYY.dll>  []
改为
<AppInit_DLLs><>即空
    启动项目 -- 服务-- 驱动程序之如下项禁用:
[lfyxsq / lfyxsq]    <\SystemRoot\system32\drivers\qfyr.sys>
[msiffei / msiffei]    <System32\Drivers\msiffei.sys>
[nsPsDk03 / nsPsDk03]    <\??\C:\WINDOWS\system32\nsPass3.sys>
[nsPsDk01 / nsPsDk01]    <\??\C:\WINDOWS\system32\nsPass1.sys>
[NsDlRK250 / NsDlRK250]    <\??\C:\WINDOWS\system32\Nskhelper2.sys>
[nsPsDk04 / nsPsDk04]    <\??\C:\WINDOWS\system32\nsPass4.sys>
[nsPsDk02 / nsPsDk02]    <\??\C:\WINDOWS\system32\nsPass2.sys>
[nsPsDk00 / nsPsDk00]    <\??\C:\WINDOWS\system32\nsPass0.sys>

    系统修复-- 浏览器加载项之如下项删除:
[]    <C:\Program Files\Internet Explorer\Jet0nNt64.987>
[Info cache]    <C:\WINDOWS\sony\baiduc.dll>
[]    <C:\Program Files\Internet Explorer\Jet0nNt64.987>
[Info cache]    <C:\WINDOWS\sony\baiduc.dll>

附件清除映像劫持项

附件附件:

下载次数:166
文件类型:application/rar
文件大小:
上传时间:2008-12-27 13:25:57
描述:rar
gototop
 
夲號ヱ被ジ盜
头像
叱咤花甲狮
  • 帖子:7083
  • 注册: 2008-08-21
  • 来自:昆仑琼华派
论坛8周年活动礼物就爱不长大论坛9周年纪念冰激凌10温馨圣诞十周年国庆61周年十一周年勋章
发表于: 2008-12-27 13:26 | 短消息 资料
字号: 9楼

回复:冒着病毒传播的危险上来发这个病毒的信息!!!!!!严重求助

超!级!A!V!下!载!器!
有QQPASS
GameOL
N!SDownloaser
方法1:
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/setup_7.0.0.290_26.12.2008_11-34.exe
我在虚拟机用过,可以的,不知道能不能下
方法2(无效)在毒!霸下!载系1统急1救!箱
方法3:
把!瑞!星!改成1.exe
最后编辑夲號ヱ被ジ盜 最后编辑于 2008-12-27 13:34:27
gototop
 
aaccbbdd
头像
卡卡巡查
  • 帖子:45933
  • 注册: 2007-11-17
  • 来自:蜀山仙剑派
论坛8周年活动礼物卡卡名人堂祖国六十华诞09欢乐圣诞吃货勋章2012我眼中的你们幸福玫瑰
发表于: 2008-12-27 13:28 | 短消息 资料
字号: 10楼

回复:冒着病毒传播的危险上来发这个病毒的信息!!!!!!严重求助

把!瑞!星!改成1.exe
怕是没用

方法2(无效)在毒!霸下!载系1统急1救!箱
不建议
金山的东东bug超多
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT