有高手能搞定这个吗？

okokqsj

偶用了卡巴6.0和江民2007扫描电脑都没有问题！但是每次重起电脑后或刚开机打开IE浏览器随便点哪个网址就会转到http://d.qbbd.com/0.exe  然后马上转到你要去的网址！杀毒软件就扫描到trojan/psw.gamepass.cnl  这个病毒！系统还会弹出个框显示WINDOS找不到svchost.vbs！我用360查出1个3721助手！重起又是一样的！求高手帮忙解决一下啊！教教我怎么办！先谢谢了！该用的杀毒软件都用了！搞了2天了还是没好！到底有人会搞这个病毒吗？会的教下我！说仔细点！

wangjay1980

扫报告

okokqsj

扫描了没有1点问题

wangjay1980

用这个扫

okokqsj

Logfile of HijackThis v1.99.1
Scan saved at 14:01:49, on 2007-3-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
F:\JiangMin\AntiVirus\KVWSC.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\My Documents\ha_hijackthis_1991\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - F:\JiangMin\AntiVirus\KVshell.dll
O3 - Toolbar: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - F:\JiangMin\AntiVirus\KVshell.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [KVMON] F:\JiangMin\AntiVirus\KVMonXP.kxp
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下载 - D:\迅雷\Program\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\迅雷\Program\getallurl.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/re ... cver2007/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B464CD4B-5DBF-4477-A001-297AB88E35C8}: NameServer = 218.6.200.139 61.139.2.69
O23 - Service: KVSrvXP - Jiangmin Co., Ltd. - F:\JiangMin\AntiVirus\kvsrvxp.exe
O23 - Service: KVWSC - Jiangmin Co.,Ltd - F:\JiangMin\AntiVirus\KVWSC.exe

okokqsj

2007-03-19,14:13:28

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)]
    <KVMON><F:\JiangMin\AntiVirus\KVMonXP.kxp>  [Jiangmin Co.Ltd]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)]
    <UIHost><logonui.exe>  [(Verified)]

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[KVSrvXP / KVSrvXP][Running/Auto Start]
  <F:\JiangMin\AntiVirus\kvsrvxp.exe /Service><Jiangmin Co., Ltd.>
[KVWSC / KVWSC][Running/Auto Start]
  <"F:\JiangMin\AntiVirus\KVWSC.exe"><Jiangmin Co.,Ltd>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[bootdrv / bootdrv][Stopped/Boot Start]
  <\SystemRoot\System32\Drivers\bootdrv.sys><N/A>
[BsDeamon / BsDeamon][Running/System Start]
  <\??\F:\JiangMin\ANTIVI~1\BsDeamon.sys><Jiangmin Co.,Ltd.>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
  <\??\G:\INSTALL\GMSIPCI.SYS><N/A>
[HdFw_slot / HdFw_slot][Running/Manual Start]
  <\??\F:\JiangMin\KVFW\HdFw.sys><Jiangmin Co., Ltd.>
[KAnalyser / KAnalyser][Stopped/System Start]
  <\??\F:\JiangMin\ANTIVI~1\KANALY~1.SYS><Jiangmin Co.,Ltd.>
[KPGuard / KPGuard][Running/System Start]
  <\??\F:\JiangMin\AntiVirus\KPGuard.sys><Jiangmin Co., Ltd.>
[KRegEx / KRegEx][Running/System Start]
  <\??\F:\JiangMin\ANTIVI~1\KRegEx.sys><Jiangmin Co. Ltd.>
[Jiangmin Antivirus Software / KSysCall][Running/System Start]
  <\??\F:\JiangMin\common\KSysCall.sys><Jiangmin Co.,  Ltd.>
[KSysMon / KSysMon][Running/System Start]
  <\??\F:\JiangMin\ANTIVI~1\KSysMon.sys><Jiangmin Co. Ltd.>
[KVDP / KVDP][Running/Manual Start]
  <\??\F:\JiangMin\AntiVirus\KVDP.sys><Jiangmin Co., Ltd.>
[KvMemon / KvMemon][Stopped/Manual Start]
  <\??\D:\KV2006\KvMemon.sys><N/A>
[KVRedir / KVRedir][Running/System Start]
  <\??\F:\JiangMin\AntiVirus\KVREDIR.SYS><Jiangmin Co., Ltd.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PProtect / PProtect][Stopped/System Start]
  <\??\D:\KV2006\PProtect.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>

==================================
浏览器加载项
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <F:\JiangMin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <F:\JiangMin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <F:\JiangMin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[&使用迅雷下载]
  <D:\迅雷\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\迅雷\Program\getallurl.htm, N/A>

==================================
正在运行的进程
[PID: 444][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 512][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 536][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 592][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 752][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1404][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [F:\JiangMin\AntiVirus\KVshell.dll]  [Jiangmin Co.Ltd, 1, 0, 7, 312]
    [C:\WINDOWS\system32\HiveBase.dll]  [Jiangmin Co., Ltd., 1, 0, 7, 226]
    [F:\JiangMin\AntiVirus\lang\kvxp0804.lng]  [N/A, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[PID: 1504][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 356][C:\WINDOWS\system32\DllHost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [F:\JiangMin\common\ComUI.dll]  [Jiangmin Co,.Ltd, 1, 0, 7, 112]
    [F:\JiangMin\common\ComUIPS.dll]  [Jiangmin Co.Ltd, 1.0.0.808]
    [C:\WINDOWS\system32\HiveBase.dll]  [Jiangmin Co., Ltd., 1, 0, 7, 226]
    [F:\JiangMin\common\GUIEXT.DLL]  [Jiangmin Co.Ltd, 1, 0, 6, 1201]
    [F:\JiangMin\common\lang\guiext0804.lng]  [JiangMin Ltd., 7, 1, 0, 200]
[PID: 1636][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [F:\JiangMin\AntiVirus\KVshell.dll]  [Jiangmin Co.Ltd, 1, 0, 7, 312]
    [C:\WINDOWS\system32\HiveBase.dll]  [Jiangmin Co., Ltd., 1, 0, 7, 226]
    [F:\JiangMin\AntiVirus\lang\kvxp0804.lng]  [N/A, ]
    [C:\WINDOWS\system32\macromed\flash\Flash.ocx]  [Macromedia, Inc., 7,0,19,0]
[PID: 3848][C:\Documents and Settings\Administrator\My Documents\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. [C:\WINDOWS\hh.exe %1]
.HLP  Error. [C:\WINDOWS\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF  Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
    [1481] F:\JiangMin\AntiVirus\KVMonXP.kxp
    [1797] F:\JiangMin\AntiVirus\kvsrvxp.exe

==================================

kshwsm

不明白，帮你顶一下。