查看: 2612|回复: 8
收起左侧

木马程序 Trojan-PSW.Win32.OnLineGames.nn

[复制链接]
wailx
发表于 2007-6-27 14:26:33 | 显示全部楼层 |阅读模式
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.nn 文件: C:\Documents and Settings\Administrator\Local Settings\Temp\LYLOADER.EXE//PE_Patch//UPack
卡巴杀不掉这个木马,重启依旧存在,谁有办法啊!
红心王子
发表于 2007-6-27 14:57:19 | 显示全部楼层
先查看系统进程,如果有异常进程,建议先结束相关的异常进程。
然后再杀毒,如果问题照旧,建议你选择在线扫描看看是否可以查处病毒
zhangjianbing
发表于 2007-6-27 14:58:04 | 显示全部楼层
盗号木马,建议在安全模式下查杀,或去找个专杀,百度一下就有的,这个病毒是早在几个月前很疯狂
wangjay1980
发表于 2007-6-27 15:19:14 | 显示全部楼层
bossline
发表于 2007-6-27 17:42:17 | 显示全部楼层
呵呵。。。我以前也中过这个毒。。不过我中的是网络脚本,每次打开IE防毒软件就提示有木马程序,有时不能打开网页。
我无奈之下只好将C盘格式化重装了。
zhaonimm
发表于 2007-6-27 19:59:35 | 显示全部楼层
要是还没有解决的话   下载SRENG  运行 扫描个报告发上来!!!
wailx
 楼主| 发表于 2007-6-28 15:36:38 | 显示全部楼层
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <bgswitch><C:\WINDOWS\system32\bgswitch.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <MSDEG32><LYLoader.exe>  []
    <MSDWG32><LYLoadbr.exe>  [N/A]
    <MSDCG32    ><LYLeador.exe>  [N/A]
    <MSDOG32><LYLoador.exe>  [N/A]
    <MSDSG32><LYLoadar.exe>  [N/A]
    <MSDMG32><LYLoadmr.exe>  [N/A]
    <MSDHG32><LYLoadhr.exe>  [N/A]
    <MSDQG32><LYLoadqr.exe>  [N/A]
    <twin><C:\WINDOWS\system32\ctfnom.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><tlepri.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{942BC423-3713-224D-3F55-32B35C62B1E9}><C:\WINDOWS\system32\tlepri.dll>  []

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Kaspersky Anti-Virus 6.0 / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[EA98CC2 / EA98CC2][Stopped/Auto Start]
  <C:\WINDOWS\system32\844A4624.EXE -d><Microsoft Corporation>
[Remote Route Service / Framework][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\prrwf.dll><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Fax 2Client / ms_2fax][Running/Auto Start]
  <C:\WINDOWS\system32\9a041.exe><N/A>
[Win32 Display Driver / Win32DDS][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe windds32.dll,input><Microsoft Corporation>
[WMI Performance API / WMIApiSrv][Stopped/Manual Start]
  <2 - 系统找不到指定的文件。
><N/A>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>

==================================
驱动程序
[4e62a / 4e62a7][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\4e62a7.sys><N/A>
[56j9u / 56j9u][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\56j9u.sys><N/A>
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[ATICDSDr / ATICDSDr][Stopped/Manual Start]
  <\??\C:\Program Files\ATI Technologies\ATI Control Panel\atiicdxx.sys><ATI Technologies Inc.>
[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Running/Manual Start]
  <system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>

==================================
浏览器加载项
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[ff Class]
  {FAAAC0F6-94BE-4466-934B-7C53666A2F41} <C:\WINDOWS\system32\19a1.dll, TODO: <公司名>>
[Web Anti-Virus]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[易趣购物]
  {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} <http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-151?cn=song;icon;hp&mpro=http://www.ebay.com.cn, N/A>
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[ff Class]
  {FAAAC0F6-94BE-4466-934B-7C53666A2F41} <C:\WINDOWS\system32\19a1.dll, TODO: <公司名>>

==================================
正在运行的进程
[PID: 528][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 604][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\844A4624.DLL]  [Microsoft Corporation, ]
[PID: 628][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\tlepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4110]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.1.411]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\winlib .dll]  [N/A, ]
    [C:\WINDOWS\system32\844A4624.DLL]  [Microsoft Corporation, ]
[PID: 676][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\tlepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\LYMANGR.DLL]  [N/A, ]
    [C:\WINDOWS\system32\844A4624.DLL]  [Microsoft Corporation, ]
[PID: 688][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\tlepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\844A4624.DLL]  [Microsoft Corporation, ]
[PID: 840][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4110]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2495]
    [C:\WINDOWS\system32\844A4624.DLL]  [Microsoft Corporation, ]
    [c:\progra~1\knnm\xaaz.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\knnm\cffe.dll]  [ , 5, 0, 0, 4]
[PID: 864][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\tlepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\844A4624.DLL]  [Microsoft Corporation, ]
[PID: 300][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\tlepri.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll]  [Kaspersky Lab, 1.0.6.411]
    [C:\WINDOWS\system32\7ee4iexi6s.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\844A4624.DLL]  [Microsoft Corporation, ]
    [c:\progra~1\knnm\xaaz.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\knnm\cffe.dll]  [ , 5, 0, 0, 4]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll]  [Kaspersky Lab, 6.0.1.411]
    [c:\windows\system32\prrwf.dll]  [Microsoft Corporation, 5.1.2600.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll]  [Kaspersky Lab, 6.0.1.411]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.1.411]
    [C:\WINDOWS\system32\19a1.dll]  [TODO: <公司名>, 1.0.0.1]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
[PID: 580][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe]  [Kaspersky Lab, 6.0.1.411]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll]  [Kaspersky Lab, 6.0.1.411]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\FSSync.dll]  [Kaspersky Lab, 6.0.5.0]
    [C:\WINDOWS\system32\tlepri.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\AVPGS.PPL]  [Kaspersky Lab, 6.0.1.411]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.1.411]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.1.411]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.1.411]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.1.411]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl]  [Kaspersky Lab, 6.0.1.411]
    [C:\WINDOWS\system32\844A4624.DLL]  [Microsoft Corporation, ]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avpgui.ppl]  [Kaspersky Lab, 6.0.1.411]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.1.411]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.1.411]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\basegui.ppl]  [Crsky, 6.0.1]
    [c:\progra~1\knnm\xaaz.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\knnm\cffe.dll]  [ , 5, 0, 0, 4]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\thpimpl.ppl]  [Kaspersky Lab, 6.0.1.411]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\qb.ppl]  [Kaspersky Lab, 6.0.1.411]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\report.ppl]  [Kaspersky Lab, 6.0.1.411]
[PID: 584][C:\WINDOWS\system32\CTFMON.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\tlepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\844A4624.DLL]  [Microsoft Corporation, ]
    [c:\progra~1\knnm\xaaz.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\knnm\cffe.dll]  [ , 5, 0, 0, 4]
[PID: 3344][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\windds32.dll]  [N/A, ]
    [C:\WINDOWS\system32\e11.dll]  [  , 1, 0, 0, 3]
    [c:\progra~1\knnm\xaaz.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\knnm\cffe.dll]  [ , 5, 0, 0, 4]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll]  [Kaspersky Lab, 1.0.6.411]
[PID: 1708][C:\WINDOWS\system32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\tlepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\windds32.dll]  [N/A, ]
    [c:\progra~1\knnm\xaaz.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\knnm\cffe.dll]  [ , 5, 0, 0, 4]
[PID: 4088][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\tlepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\windds32.dll]  [N/A, ]
    [c:\progra~1\knnm\xaaz.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\knnm\cffe.dll]  [ , 5, 0, 0, 4]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll]  [Kaspersky Lab, 1.0.6.411]
    [C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll]  [金泰丰(广州)科技有限公司, 2, 3, 0, 0]
    [C:\WINDOWS\system32\19a1.dll]  [TODO: <公司名>, 1.0.0.1]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.1.411]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll]  [Kaspersky Lab, 6.0.1.411]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.1.411]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.1.411]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.1.411]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.1.411]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.1.411]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.1.411]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.1.411]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\basegui.ppl]  [Crsky, 6.0.1]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl]  [Kaspersky Lab, 6.0.1.411]
[PID: 520][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\tlepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\windds32.dll]  [N/A, ]
    [c:\progra~1\knnm\xaaz.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\knnm\cffe.dll]  [ , 5, 0, 0, 4]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll]  [Kaspersky Lab, 1.0.6.411]
    [C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll]  [金泰丰(广州)科技有限公司, 2, 3, 0, 0]
    [C:\WINDOWS\system32\19a1.dll]  [TODO: <公司名>, 1.0.0.1]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.1.411]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll]  [Kaspersky Lab, 6.0.1.411]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.1.411]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.1.411]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.1.411]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.1.411]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.1.411]
    [C:\WINDOWS\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.0 alpha 21225]
    [C:\WINDOWS\system32\upengine.dll]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.1.411]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.1.411]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\basegui.ppl]  [Crsky, 6.0.1]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl]  [Kaspersky Lab, 6.0.1.411]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  [Macromedia, Inc., 8,0,22,0]
[PID: 668][C:\WINDOWS\system32\cmd.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\windds32.dll]  [N/A, ]
[PID: 3584][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\windds32.dll]  [N/A, ]
    [c:\progra~1\knnm\xaaz.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\knnm\cffe.dll]  [ , 5, 0, 0, 4]
[PID: 2144][G:\新建文件夹 (3)\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\tlepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\windds32.dll]  [N/A, ]
    [c:\progra~1\knnm\xaaz.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\knnm\cffe.dll]  [ , 5, 0, 0, 4]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost

==================================
API HOOK
RVA  错误: LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xEEC65B25)
RVA  错误: LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xEEC65D67)
RVA  错误: LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xEEC65F0B)
RVA  错误: LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xEEC65C49)
RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xEEC65E8F)

==================================
隐藏进程
    [228] C:\WINDOWS\system32\usrinit.exe

郁闷死了,弄了2天都杀不了。克隆C盘几次了,装好卡巴还是提示C盘有病毒!高手指点下啊~
ll153037297
发表于 2007-6-28 17:03:38 | 显示全部楼层
一样     同命!
zhaonimm
发表于 2007-6-29 09:59:08 | 显示全部楼层
<{942BC423-3713-224D-3F55-32B35C62B1E9}><C:\WINDOWS\system32\tlepri.dll>  []
    <AppInit_DLLs><tlepri.dll>  []
    <MSDEG32><LYLoader.exe>  []
    <MSDWG32><LYLoadbr.exe>  [N/A]
    <MSDCG32    ><LYLeador.exe>  [N/A]
    <MSDOG32><LYLoador.exe>  [N/A]
    <MSDSG32><LYLoadar.exe>  [N/A]
    <MSDMG32><LYLoadmr.exe>  [N/A]
    <MSDHG32><LYLoadhr.exe>  [N/A]
    <MSDQG32><LYLoadqr.exe>  [N/A]
以上启动项用SRENG清除!!!

[EA98CC2 / EA98CC2][Stopped/Auto Start]
  <C:\WINDOWS\system32\844A4624.EXE -d><Microsoft Corporation>
[Fax 2Client / ms_2fax][Running/Auto Start]
  <C:\WINDOWS\system32\9a041.exe><N/A>
[Win32 Display Driver / Win32DDS][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe windds32.dll,input><Microsoft Corporation>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>
以上服务清除!!!

[4e62a / 4e62a7][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\4e62a7.sys><N/A>
[56j9u / 56j9u][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\56j9u.sys><N/A>
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
以上驱动文件删除  最好用冰刃!!!这些驱动创建的服务一起删除!!!!

C:\WINDOWS\system32\9a041.exe
[C:\WINDOWS\system32\844A4624.DLL]
[C:\WINDOWS\system32\tlepri.dll]  [N/A, ]
[C:\WINDOWS\system32\winlib .dll]  [N/A, ]
[C:\WINDOWS\system32\LYMANGR.DLL]  [N/A, ]
[c:\progra~1\knnm\xaaz.dll]  [, 5, 0, 0, 4]
[c:\progra~1\knnm\cffe.dll]  [ , 5, 0, 0, 4]
[C:\WINDOWS\system32\19a1.dll]  [TODO: <公司名>, 1.0.0.1]
[C:\WINDOWS\system32\7ee4iexi6s.dll]
[C:\WINDOWS\system32\windds32.dll]  [N/A, ]
[C:\WINDOWS\system32\e11.dll]  [  , 1, 0, 0, 3]
C:\WINDOWS\system32\usrinit.exe
netsrvcs.dll
以上文件用冰刃强制删除!!!!
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-23 20:19 , Processed in 0.126816 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表