请问这个病毒！

显示全部楼层 · 发表于 2007-12-6 12:20:18

什么样的工具能够管这个病毒win32.trojandownloder.small

显示全部楼层 · 发表于 2007-12-6 23:32:26

说明报毒具体路径...

下载SREng 扫描一个log贴上来,,扫描时请尽量关闭其他手动打开的程序

解压sreng2.zip-->运行SREngPS.exe-->智能扫描-->勾选‘检查进程模块的数字签名’-->扫描-->保存报告

把报告(SREngLOG.log)完整贴上来注意不要作任何改动!! [全选(Ctrl+a)-->复制(Ctrl+c)-->粘贴(Ctrl+v)]

显示全部楼层 · 发表于 2007-12-11 17:36:11

[CODE]

2007-12-11,15:22:28

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
<Antispy ARP><C:\Program Files\Kingsoft\Antiarp\KASArp.EXE>  [(Verified)KINGSOFT CORPORATION]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<igfxtray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Publisher]
<igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<igfxpers><C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<Panasonic Device Monitor Wakeup><C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe>  [Panasonic Communications Co., Ltd.]
<Panasonic Device Manager for KX-FLB800/FLM650 Series><C:\Program Files\Panasonic\KX-FLB800_FLM650系列\ResPcDev.exe>  [Panasonic Communications Co.,Ltd.]
<Panasonic PCFAX for KX-FLB800/FLM650 Series><C:\Program Files\Panasonic\KX-FLB800_FLM650系列\KmPcFax.exe -1>  [Panasonic Communications Co.,Ltd.]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Computer, Inc.]
<KavStart><"C:\Kingsoft Internet Security 2008\KAVStart.exe" -startup>  [(Verified)KINGSOFT CORPORATION]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
<CertAutoRegX><C:\PROGRA~1\M&WXMI~1\CertRegX.exe>  [M&W]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\Userinit.exe>  [(Verified)Microsoft Windows Publisher]
<UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
<WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\system32\BUBBLES.SCR>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [N/A]
<McAfeeUpdaterUI><; "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey>  [Network Associates, Inc.]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]

==================================
启动文件夹
[QQ游戏启动加速程序]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> C:\PROGRA~1\Tencent\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[EFS service / efsservice][Running/Auto Start]
  <efsserv.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Internet Security Common Service / KISSvc][Running/Auto Start]
  <C:\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
  <"C:\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
[McAfee Framework 服务 / McAfeeFramework][Stopped/Auto Start]
  <C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart><Network Associates, Inc.>
[Panasonic Local Printer Service / Panasonic Local Printer Service][Running/Auto Start]
  <C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe><Panasonic Communications Co., Ltd.>
[Panasonic Trap Monitor Service / Panasonic Trap Monitor Service][Running/Auto Start]
  <C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe><Panasonic>
[Ulead Burning Helper / UleadBurningHelper][Running/Auto Start]
  <C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>

显示全部楼层 · 发表于 2007-12-11 17:38:54

==================================
驱动程序
[2310_00 / 2310_00][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\2310_00.sys><HighPoint Technologies, Inc.>
[3WAREDRV / 3WAREDRV][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\3WAREDRV.SYS><N/A>
[3WAREGSM / 3WAREGSM][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\3waregsm.sys><N/A>
[3WDRV100 / 3WDRV100][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\3WDRV100.SYS><N/A>
[A320RAID / A320RAID][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\a320raid.sys><Adaptec, Inc.>
[AAC / AAC][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AAC.SYS><Adaptec, Inc.>
[AACSAS / AACSAS][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aacsas.sys><Adaptec, Inc.>
[AARSI3X / AARSI3X][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aarsi3x.sys><Adaptec, Inc.>
[abp480n5 / abp480n5][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\abp480n5.sys><Microsoft Corporation>
[adpu160m / adpu160m][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[ADPU320 / ADPU320][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\adpu320.sys><Adaptec, Inc.>
[ACARD AEC6210UF UltraDMA33 Controller / AEC6210][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aec6210.sys><ACARD Technology Corp.>
[ACARD AEC6260 UltraDMA-66 Controller / AEC6260][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aec6260.sys><ACARD Technology Corp.>
[AEC6280 / AEC6280][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aec6280.sys><ACARD Technology Corp.>
[AEC67160 / AEC67160][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AEC67160.SYS><ACARD Technology Corp.>
[AEC67162 / AEC67162][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aec67162.sys><ACARD Technology Corp.>
[AEC671X / AEC671X][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AEC671X.SYS><ACARD Technology Corp.>
[AEC6880 / AEC6880][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AEC6880.SYS><ACARD Technology Corp.>
[AEC6890 / AEC6890][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AEC6890.sys><ACARD Technology Corp.>
[AEC6897 / AEC6897][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aec6897.sys><ACARD Technology Corp.>
[AEC68X5 / AEC68X5][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aec68x5.sys><ACARD Technology Corp.>
[aic78u2 / aic78u2][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[arc / arc][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ARC.SYS><N/A>
[ARCM_X86 / ARCM_X86][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\arcm_x86.sys><ARECA  Technology Corporation>
[asc / asc][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[BCHTSW32 / BCHTSW32][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\bchtsw32.sys><Broadcom Corporation>
[BCRAID / BCRAID][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\BCRAID.sys><Broadcom Corporation>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[CPQARRY2 / CPQARRY2][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\cpqarry2.sys><Hewlett-Packard Company>
[CPQCISSM / CPQCISSM][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\cpqcissm.sys><Hewlett-Packard Company>
[CSB6IDE / CSB6IDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\csb6ide.sys><ServerWorks Corporation>
[dac2w2k / dac2w2k][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[efsnt / efsnt][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\efsnt.sys><N/A>
[elxstor / elxstor][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[FASTSX / FASTSX][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\FASTSX.SYS><Promise Technology, Inc.>
[FASTTRAK / FASTTRAK][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\fasttrak.sys><Promise Technology, Inc.>
[FASTTX2K / FASTTX2K][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\fasttx2k.sys><Promise Technology, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[FT8300 / FT8300][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ft8300.sys><Promise Technology, Inc.>
[FTSATA2 / FTSATA2][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ftsata2.sys><Promise Technology, Inc.>
[GD31244 / GD31244][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\gd31244.sys><Intel Corporation>
[HpCISSs / HpCISSs][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[HPCISSS2 / HPCISSS2][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\hpcisss2.sys><Hewlett-Packard Company>
[HPT371 / HPT371][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\HPT371.sys><HighPoint Technologies, Inc.>
[HPT374 / HPT374][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\hpt374.sys><HighPoint Technologies, Inc.>
[HPT3XX / HPT3XX][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\hpt3xx.sys><HighPoint Technologies, Inc.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Intel Integrated RAID / IASTOR][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\iaStor.sys><Intel Corporation>
[ini910u / ini910u][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ini910u.sys><Microsoft Corporation>
[INIA100 / INIA100][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\INIA100.sys><Initio corp.>
[IPSRAIDN / IPSRAIDN][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ipsraidn.sys><IBM Corporation>
[ITERAID / ITERAID][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\iteraid.sys><Integrated Technology Express, Inc.>
[JRAID / JRAID][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\JRAID.SYS><JMicron Technology Corp.>
[Kingsoft AntiARP NIDS Driver / KAntiarp][Running/Manual Start]
  <system32\DRIVERS\kantiarp.sys><Kingsoft Corporation>
[KAVBase / KAVBase][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
[KAVBootC / KAVBootC][Running/Boot Start]
  <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[M5228 / M5228][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\m5228.sys><ALi Corporation.>
[M5281 / M5281][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\m5281.sys><ALi Corporation>
[M5287 / M5287][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\m5287.sys><ULi Electronics Inc.>
[M5288 / M5288][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\m5288.sys><ULi Electronics Inc.>
[M5289 / M5289][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\m5289.sys><ULi Electronics Inc.>
[MEGAIDE / MEGAIDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[megasas / megasas][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[mraid2k / mraid2k][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\mraid2k.sys><American Megatrends, Inc.>
[mraid35x / mraid35x][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[NFRD960 / NFRD960][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[NVATABUS / NVATABUS][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\NVATABUS.SYS><NVIDIA Corporation>
[NVIDIA nForce(tm) RAID Class Driver / NVRAID][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\nvraid.sys><NVIDIA Corporation>
[PNP649R / PNP649R][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\PNP649R.SYS><CMD Technology, Inc.>
[SiI 680 ATA Controller / PNP680][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\pnp680.sys><Silicon Image, Inc.>
[Silicon Image SiI 0680 Medley Raid Controller / PNP680R][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\pnp680r.sys><Silicon Image, Inc>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
[QLogic Fibre Channel SCSI Miniport Driver / ql2300][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[RAIDSRC / RAIDSRC][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\RAIDSRC.SYS><Intel/ICP>
[RR232X / RR232X][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\rr232x.sys><HighPoint Technologies, Inc.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[S150SX8 / S150SX8][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\S150SX8.SYS><Promise Technology, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SiI-3512 SATALink Controller / SI3112][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3112.sys><Silicon Image, Inc.>
[Silicon Image SiI 3512 SATARaid Controller / SI3112R][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3112r.sys><Silicon Image, Inc>
[SiI-3114 SATALink Controller / SI3114][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3114.sys><Silicon Image, Inc.>
[SiI-3114 SATARaid Controller / SI3114R][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3114R.sys><Silicon Image, Inc>
[SI3114R5 / SI3114R5][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\Si3114r5.sys><Silicon Image, Inc>
[SiI-3124 SATALink Controller / SI3124][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3124.sys><Silicon Image, Inc.>
[SiI-3124 SATARaid Controller / SI3124R][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3124R.sys><Silicon Image, Inc>
[SI3124R5 / SI3124R5][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\Si3124r5.sys><Silicon Image, Inc>
[SI3132 / SI3132][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3132.sys><Silicon Image, Inc.>
[SI3132R5 / SI3132R5][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\Si3132r5.sys><Silicon Image, Inc>
[SATALink driver accelerator / SiFilter][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SISIDE / SISIDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\SISIDE.SYS><Silicon Integrated Systems Corp.>
[SISRAID / SISRAID][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SiSRaid.sys><Silicon Integrated Systems>
[SISRAID2 / SISRAID2][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SiSRaid2.sys><Silicon Integrated Systems Corp>
[SISRAID4 / SISRAID4][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SiSRaid4.sys><Silicon Integrated Systems>
[Sparrow / Sparrow][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[SPTRAK / SPTRAK][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\sptrak.sys><Promise Technology, Inc.>
[ST8350 / ST8350][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\st8350.sys><Promise Technology, Inc.>
[symc810 / symc810][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\symc8xx.sys><LSI Logic>
[SYMMPI / SYMMPI][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SYMMPI.SYS><LSI Logic>
[sym_hi / sym_hi][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\sym_u3.sys><LSI Logic>
[TRM3X5 / TRM3X5][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\trm3x5.sys><Tekram Technology Co., Ltd.>
[TwoTrack Compatible Device / TwoTrack][Stopped/Manual Start]
  <System32\DRIVERS\TwoTrack.sys><IBM Corporation>
[SafeNet China UGA Driver / UGA][Running/Manual Start]
  <System32\Drivers\rcugawdm.sys><SafeNet China Ltd.>
[ULSATA / ULSATA][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ulsata.sys><Promise Technology, Inc.>
[ULSATA2 / ULSATA2][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ulsata2.sys><Promise Technology, Inc.>
[ULTIMA / ULTIMA][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\Ultima.sys><Aralion INC.>
[ULTIMARX / ULTIMARX][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\UltimaRX.sys><Aralion INC.>
[ultra / ultra][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[USB eKey / UsbKDev][Stopped/Manual Start]
  <system32\DRIVERS\UsbKDev.sys><Mingwah Aohan High Technology Corp.>
[VIAMRAID / VIAMRAID][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[VIA ATA/ATAPI Host Controller / viapdsk][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\viapdsk.sys><VIA Technologies, Inc.>
[vmscsi / vmscsi][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\vmscsi.sys><VMware, Inc.>
[Vone Virtual Video / VONECAP][Stopped/Auto Start]
  <system32\DRIVERS\vonecap.sys><Windows (R) 2000 DDK provider>
[WD7296A / WD7296A][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\wd7296a.sys><Western Digital Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[Kingsoft Trojan Webshield]
  {4E8A5278-C04E-4FE3-BF78-8A7CCD6EF333} <C:\Kingsoft Internet Security 2008\Antispy\IEBuddy.DLL, Kingsoft Corporation>
[Thunder Browser Helper]
  {80BF4636-D65B-43F3-BB60-C5DD3D5FB7B9} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\李阳的材料\工具\360safe\safemon\safemon.dll, 奇虎网>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[IEBuddyExtControl Class]
  {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Kingsoft Internet Security 2008\Antispy\IEBuddyExt.DLL, Kingsoft Corporation>
[雨林木风]
  {C686555D-886B-4592-B6E4-BF9094CE445D} <http://www.ylmf.com, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[IEBuddyExtControl Class]
  {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Kingsoft Internet Security 2008\Antispy\IEBuddyExt.DLL, Kingsoft Corporation>
[Kingsoft Trojan Webshield]
  {4E8A5278-C04E-4FE3-BF78-8A7CCD6EF333} <C:\Kingsoft Internet Security 2008\Antispy\IEBuddy.DLL, Kingsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {80BF4636-D65B-43F3-BB60-C5DD3D5FB7B9} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[GlobalLink Chat Control]
  {AE93C5DF-A990-11D1-AEBD-5254ABDD2B69} <C:\PROGRA~1\GLOBAL~1\Game\Share\GLChat.ocx, GlobalLink>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\李阳的材料\工具\360safe\safemon\safemon.dll, 奇虎网>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 628 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 692 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 764 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 776 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 928 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1008 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1092 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1180 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1304 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1536 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2007,10,15,65]
[C:\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2007,10,15,65]
[C:\Kingsoft Internet Security 2008\KAVEXT.DLL]  [Kingsoft Corporation, 2007,10,15,65]
[C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]

显示全部楼层 · 发表于 2007-12-11 17:39:37

[E:\李阳的材料\工具\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
[PID: 1636 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\PI86FXLMON.DLL]  [Panasonic Communications Co., Ltd., 5.03.1636.1]
[C:\WINDOWS\system32\T1DL2K.DLL]  [pcc, 1, 0, 0, 1]
[PID: 1740 / Administrator][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3.0.0.4396]
[C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4396]
[C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4396]
[C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4396]
[C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4396]
[PID: 1748 / Administrator][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4396]
[C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4396]
[C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4396]
[C:\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2007,10,15,65]
[C:\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2007,10,15,65]
[C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4396]
[PID: 1760 / Administrator][C:\WINDOWS\system32\igfxpers.exe]  [Intel Corporation, 3.0.0.4396]
[C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4396]
[C:\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2007,10,15,65]
[C:\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2007,10,15,65]
[PID: 1788 / Administrator][C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe]  [Panasonic Communications Co., Ltd., 1.02]
[C:\Program Files\Panasonic\Device Monitor\dcpi.dll]  [Panasonic Communications Co., Ltd., 1.01]
[C:\Program Files\Panasonic\Device Monitor\pccini.dll]  [Panasonic Communications Co., Ltd., 1.03]
[C:\Program Files\Panasonic\Device Monitor\pccxml.dll]  [Panasonic Communications Co., Ltd., 1.04]
[C:\Program Files\Panasonic\Device Monitor\stdms.dll]  [Panasonic Communications Co., Ltd., 1.00]
[C:\Program Files\Panasonic\Device Monitor\stdsn.dll]  [Panasonic Communications Co., Ltd., 1.02]
[C:\Program Files\Panasonic\Device Monitor\pccsnmp.dll]  [Panasonic Communications Co., Ltd., 1.09]
[C:\Program Files\Panasonic\Device Monitor\kxfl86lo.dll]  [Panasonic Communications Co., Ltd., 0, 2, 0, 1]
[C:\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2007,10,15,65]
[C:\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2007,10,15,65]
[PID: 1864 / Administrator][C:\Program Files\QuickTime\qttask.exe]  [Apple Computer, Inc., 6.5.1]
[PID: 1900 / Administrator][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3510]
[PID: 1920 / Administrator][C:\PROGRA~1\M&WXMI~1\CertRegX.exe]  [M&W, 2, 0, 0, 1]
[C:\WINDOWS\system32\xcsp_eclib.dll]  [M&W L.t.d, 2, 4, 0, 2]
[C:\WINDOWS\system32\XUsbAnsiDll.dll]  [N/A, ]
[C:\WINDOWS\system32\HookDev.dll]  [mw, 2, 3, 14, 1]
[C:\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2007,10,15,65]
[C:\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2007,10,15,65]
[PID: 1940 / Administrator][C:\Program Files\Panasonic\KX-FLB800_FLM650系列\ResPcDev.exe]  [Panasonic Communications Co.,Ltd., 1, 0, 3, 1]
[C:\Program Files\Panasonic\KX-FLB800_FLM650系列\fl851nwk.dll]  [Panosonic Communications Co., Ltd., 1, 0, 0, 2]
[C:\Program Files\Panasonic\KX-FLB800_FLM650系列\fl851sel.dll]  [Panasonic Communications Co., Ltd., 1, 0, 0, 6]
[PID: 1952 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2007,10,15,65]
[C:\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2007,10,15,65]
[PID: 1976 / Administrator][C:\Program Files\Kingsoft\Antiarp\KASArp.EXE]  [Kingsoft Corporation, 2007,12,05,108]
[C:\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2007,10,15,65]
[C:\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2007,10,15,65]
[C:\Program Files\Kingsoft\Antiarp\kantiarpdevc.dll]  [Kingsoft Corporation, 2007,11,30,100]
[C:\Program Files\Kingsoft\Antiarp\NetConfig.dll]  [Kingsoft Corporation, 2007,12,05,106]
[PID: 400 / SYSTEM][C:\WINDOWS\system32\efsserv.exe]  [N/A, ]
[PID: 532 / SYSTEM][C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe]  [Panasonic Communications Co., Ltd., 0.80]
[PID: 576 / SYSTEM][C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe]  [Panasonic, 1.09]
[PID: 280 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 672 / SYSTEM][C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe]  [Ulead Systems, Inc., 1, 0, 0, 4]
[PID: 620 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3240 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
[C:\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2007,10,15,65]
[C:\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2007,10,15,65]
[C:\Documents and Settings\Administrator\桌面\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1788, C:\PROGRAM FILES\PANASONIC\DEVICE MONITOR\DMWAKEUP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1900, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1920, C:\PROGRA~1\M&WXMI~1\CERTREGX.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1940, C:\PROGRAM FILES\PANASONIC\KX-FLB800_FLM650系列\RESPCDEV.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

显示全部楼层 · 发表于 2007-12-11 20:12:07

请附上杀软报毒完整路径。

显示全部楼层 · 发表于 2007-12-13 15:06:33

既然病毒已经被命名就有杀软能杀

显示全部楼层 · 发表于 2007-12-13 19:27:00

b]1.建议使用XDelBox删除以下文件：(XDelBox1.6下载)
使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择从剪贴板导入，导入后在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等）。

c:\program files\tencent\qq\npkcrypt.sys

%systemroot%\system32\shmgrate.exe ocinstalluserconfigoe
%systemroot%\system32\shmgrate.exe ocinstalluserconfigie

2.删除重启后使用SREng修复下面各项：

启动项目－－注册表之如下项删除：
[load] <>
[Outlook Express] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>
[Internet Explorer] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>

启动项目－－服务－－驱动程序之如下项禁用：
[npkcrypt / npkcrypt] <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys>

**************以上分析报告由SREngLog分析助手提供******************
分析：铁木真 (仅可参考找出的还是上次的那个 shmgrate.exe 真是奇怪 ) 时间：2007-12-13

显示全部楼层 · 发表于 2007-12-13 19:35:32

更大胆一点,可以这样处理,不知道如何~
1.建议使用XDelBox删除以下文件：(XDelBox1.6下载)
使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择从剪贴板导入，导入后在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等）。

c:\program files\tencent\qq\npkcrypt.sys

%systemroot%\system32\shmgrate.exe ocinstalluserconfigoe
%systemroot%\system32\shmgrate.exe ocinstalluserconfigie
c:\windows\system32\t1dl2k.dll
c:\windows\system32\pi86fxlmon.dll
c:\windows\system32\xusbansidll.dll

2.删除重启后使用SREng修复下面各项：

启动项目－－注册表之如下项删除：
[load] <>
[Outlook Express] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>
[Internet Explorer] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>

启动项目－－服务－－驱动程序之如下项禁用：
[npkcrypt / npkcrypt] <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys>

**************以上分析报告由SREngLog分析助手提供******************
分析：草莽书生
时间：2007-12-13

请问这个病毒！

分两段吧太长了不能上传

这是第二段了没修改过

还有第三段

请问这个病毒！

分两段吧 太长了 不能上传

这是第二段了 没修改过

还有第三段

分两段吧太长了不能上传

这是第二段了没修改过