貌似中了艾尼病毒杀不掉

aprilzhimahu 发表于 2008-4-28 10:20:13

电脑开机时会自动运行一个 Exprer.exe的程序插入U盘则会出现一个 exe 的安装文件点击会出现“不要再点我了你把我杀了吧” 的弹框 用了网上所说的清楚艾尼的方法试了一下都不行 麻烦高手帮忙看一下     <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]     <MsnMsgr><"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]     <XDeskShow2><E:\安装路径\鱼鱼桌面秀\鱼鱼桌面秀2\XDeskShow2.exe>  [鱼鱼软件]     <ATICCC><"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime>      <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]     <AVP><"E:\安装路径\卡巴\avp.exe">  [(Verified)Kaspersky Lab]     <!AVG Anti-Spyware><"E:\安装路径\AVG\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [(Verified)GRISOFT LTD]     <360Safetray><E:\安装路径\360\360safe\safemon\360Tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]     <BigDog305><C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)>      <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]     <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]     <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]     <UIHost><"logonui.exe">  [(Verified)Microsoft Windows Publisher]     <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]     <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]     <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]     <WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]     <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]     <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Publisher]     <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]     <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]     <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]     <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [(Verified)Kaspersky Lab]     <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]     <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]     <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]     <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows XP Publisher]     <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]     <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]     <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Publisher]     <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Publisher]     <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Publisher]     <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Publisher]     <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]     <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]     <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]     <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>      <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>      <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]     <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]     <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>      <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]     <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Publisher]     <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>      <SCRNSAVE.EXE><C:\WINDOWS\system32\logon.scr>  [(Verified)Microsoft Windows Publisher]================================== 启动文件夹   <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\ATI CATALYST System Tray.lnk --> C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe ><N>================================== 服务   <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>   <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>   <E:\安装路径\AVG\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.> [卡巴斯基互联网安全套装 7.0 / AVP]   <E:\安装路径\卡巴\avp.exe -r><Kaspersky Lab>   <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>   <E:\安装路径\暴风影音3.15万能版\stormliv.exe /asservice><北京暴风网际科技有限公司>   <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>   <"C:\Program Files\Common Files\LightScribe\LSSrvc.exe"><Hewlett-Packard Company>   <C:\WINDOWS\system32\msiexec.exe /V><Microsoft Corporation>   <"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"><Nero AG>   <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><Microsoft Corporation>================================== 驱动程序   <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>   <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>   <\??\E:\安装路径\AVG\AVG Anti-Spyware 7.5\guard.sys><N/A>   <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>   <\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>   <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>   <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>   <system32\DRIVERS\klim5.sys><Kaspersky Lab>   <\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>   <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>   <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>   <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>   <system32\DRIVERS\tcpip.sys><Microsoft Corporation>   <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>   <System32\Drivers\usbVM305.sys><Vimicro Corporation>================================== 浏览器加载项   {01443AEC-0FD1-40fd-9C87-E93D1494C233} <E:\安装路径\迅雷5.7.9.463\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>   {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <E:\安装路径\Adobe Acrobat 7.01 pro\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>   {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\安装路径\迅雷5.7.9.463\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>   {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>   {AE7CD045-E861-484f-8273-0445EE161910} <E:\安装路径\Adobe Acrobat 7.01 pro\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>   {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\安装路径\360\360safe\safemon\safemon.dll, 360.CN> [启动迅雷5]   {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <E:\安装路径\迅雷5.7.9.463\Thunder.exe, Thunder Networking Technologies,LTD>   {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <E:\安装路径\卡巴\SCIEPlgn.dll, Kaspersky Lab>   {95B3F550-91C4-4627-BCC4-521288C52977} <E:\安装路径\pplive\PPLive.exe, N/A>   {47833539-D0C5-4125-9FA8-0819E2EAAC93} <E:\安装路径\Adobe Acrobat 7.01 pro\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>   {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >   {7FC1B346-83E6-4774-8D20-1A6B09B0E737} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>   {01443AEC-0FD1-40FD-9C87-E93D1494C233} <E:\安装路径\迅雷5.7.9.463\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>   {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <E:\安装路径\Adobe Acrobat 7.01 pro\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>   {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <E:\安装路径\迅雷5.7.9.463\Components\InMedia\peerid.dll, >   {1DE88635-1C72-401E-B23B-93FA86D30F3B} <C:\WINDOWS\system32\ssreaderplug.dll, 北京超星>   {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>   {3359C0B1-2363-40B3-AFCA-1ABC799AC486} <C:\WINDOWS\system32\SSREAD~1.OCX, CX>   {47833539-D0C5-4125-9FA8-0819E2EAAC93} <E:\安装路径\Adobe Acrobat 7.01 pro\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>   {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>   {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <E:\安装路径\迅雷5.7.9.463\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>   {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>   {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>   {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >   {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >   {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>   {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <E:\安装路径\迅雷5.7.9.463\Components\InMedia\MediaAddin16.dll, Thunder Networking Technologies,LTD>   {87515F61-A66C-4319-A0E0-D416CB8059E3} <E:\安装路径\360\360safe\live.dll, 360.cn>   {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>   {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\安装路径\迅雷5.7.9.463\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>   {88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation>   {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>   {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>   {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.1.6.5710.37.142.dll, ShenZhen Thunder Networking Technologies Ltd.>   {AE7CD045-E861-484F-8273-0445EE161910} <E:\安装路径\Adobe Acrobat 7.01 pro\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>   {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\安装路径\360\360safe\safemon\safemon.dll, 360.CN>   {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>   {CD108273-D434-43E6-AA90-1469F97EB398} <E:\安装路径\腾讯\QzoneMusic.dll, 腾讯科技>   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.> []   {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL, Microsoft Corporation>   {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>   {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <E:\安装路径\迅雷5.7.9.463\Components\DownAndPlay\DapPlayer3.0.578.69.119.dll, ShenZhen Thunder Networking Technologies Ltd.>   {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>   {F5078F32-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>   {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation> [使用迅雷下载]   <E:\安装路径\迅雷5.7.9.463\Program\geturl.htm, N/A> [使用迅雷下载全部链接]   <E:\安装路径\迅雷5.7.9.463\Program\getallurl.htm, N/A> [导出到 Microsoft Office Excel(&X)]   <res://E:\安装路径\office\OFFICE11\EXCEL.EXE/3000, N/A> [查看当前站点排名]   <<a target=_blank href="http://alexa.chinaz.com/alexa.htm">http://alexa.chinaz.com/alexa.htm</a>, N/A> [添加到QQ表情]   <E:\安装路径\腾讯\AddEmotion.htm, N/A> [转换为 Adobe PDF]   <res://E:\安装路径\Adobe Acrobat 7.01 pro\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A> [转换为现有 PDF]   <res://E:\安装路径\Adobe Acrobat 7.01 pro\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A> [转换选定的链接为 Adobe PDF]   <res://E:\安装路径\Adobe Acrobat 7.01 pro\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A> [转换选定的链接为现有 PDF]   <res://E:\安装路径\Adobe Acrobat 7.01 pro\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A> [转换选项为 Adobe PDF]   <res://E:\安装路径\Adobe Acrobat 7.01 pro\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A> [转换选项为现有 PDF]   <res://E:\安装路径\Adobe Acrobat 7.01 pro\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A> [转换链接目标为 Adobe PDF]   <res://E:\安装路径\Adobe Acrobat 7.01 pro\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A> [转换链接目标为现有 PDF]   <res://E:\安装路径\Adobe Acrobat 7.01 pro\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>================================== 正在运行的进程 [\SystemRoot\System32\smss.exe]        [\??\C:\WINDOWS\system32\csrss.exe]                                                                                            [\??\C:\WINDOWS\system32\winlogon.exe]

aprilzhimahu 发表于 2008-4-28 10:21:12

[, 1, 0, 0, 1]

aprilzhimahu 发表于 2008-4-28 10:21:37

================================== 文件关联 .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE  OK. ["%1" %*] .COM  OK. ["%1" %*] .PIF  OK. ["%1" %*] .REG  OK. .BAT  OK. ["%1" %*] .SCR  OK. ["%1" /S] .CHM  OK. ["C:\WINDOWS\hh.exe" %1] .HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK  OK. [{00021401-0000-0000-C000-000000000046}]================================== Winsock 提供者 N/A================================== Autorun.inf N/A================================== HOSTS 文件 127.0.0.1       localhost 127.0.0.1  yu.8s7.net 127.0.0.1  1.jopanqc.com 127.0.0.1  2.joppnqq.com 127.0.0.1  wg.47255.com 127.0.0.1  1.joppnqq.com 127.0.0.1  xxx.m111.biz 127.0.0.1  1.jopenqc.com 127.0.0.1  1.jopenkk.com 127.0.0.1  xxx.vh7.biz 127.0.0.1  xxx.j41m.com 127.0.0.1  3.joppnqq.com 127.0.0.1  d.93se.com 127.0.0.1  <a target=_blank href="http://www.868wg.com">www.868wg.com</a> 127.0.0.1  xxx.mmma.biz 127.0.0.1  ilove.com 127.0.0.1  tp.shpzhan.cn 127.0.0.1  <a target=_blank href="http://www.tomwg.com">www.tomwg.com</a> 127.0.0.1  <a target=_blank href="http://www.cike007.cn">www.cike007.cn</a> 127.0.0.1  <a target=_blank href="http://www.22aaa.com">www.22aaa.com</a> 127.0.0.1  xx.exiao01.com 127.0.0.1  <a target=_blank href="http://www.exiao01.com">www.exiao01.com</a> 127.0.0.1  <a target=_blank href="http://www.exiao01.com">www.exiao01.com</a> 127.0.0.1  new.749571.com 127.0.0.1  xtx.kv8.info 127.0.0.1  cao.kv8.info 127.0.0.1  1.jopmmqq.com 127.0.0.1  171817.171817.com 127.0.0.1  d2.llsging.com 127.0.0.1  down.malasc.cn 127.0.0.1  llboss.com 127.0.0.1  nx.51ylb.cn 127.0.0.1  my.531jx.cn 127.0.0.1  qqq.dzydhx.com 127.0.0.1  qqq.hao1658.com 127.0.0.1  <a target=_blank href="http://www.333292.com">www.333292.com</a> 127.0.0.1  down.18dd.net 127.0.0.1  up.22x44.com 127.0.0.1  aaa.faba01.com 127.0.0.1  bad.tqdlt.cn 127.0.0.1  1.chsipo.com 127.0.0.1  c3.aishangai.net 127.0.0.1  c2.aishangai.net 127.0.0.1  xxx.188dm.com 127.0.0.1  x2.1a2b3c1.com 127.0.0.1  d1.163500.net 127.0.0.1  down.google-serv.cn================================== 进程特权扫描 N/A================================== API HOOK N/A================================== 隐藏进程 N/A==================================

弱电初学者 发表于 2008-4-28 10:54:17

1、下载 此程序后，进入安全模式，双击运行此批处理，然后在IE图标上，右键--属性---清空IE缓存目录中TEMP目录内全部内容，重启电脑。2、进入安全模式，使用“360安全卫士”最新版查杀。

fhg1118 发表于 2008-4-28 11:53:40

同意楼上建议，不然就格了重装

页: [1]

弱电论坛's Archiver

貌似中了艾尼病毒 杀不掉

貌似中了艾尼病毒杀不掉