查看: 6030|回复: 11
收起左侧

[讨论] 电脑中毒了

[复制链接]
alicelijing1
发表于 2007-5-30 12:24:16 | 显示全部楼层 |阅读模式
卡巴斯基  不停地提示 Trojan.generic !!!!运行进程。。。
只能隔离  完了之后卡巴斯基  提示要修复  估计是修复那个setup.exe文件    又提示修复失败!!!
之后  所有的硬盘都成了这样  !!! 只要是双击    卡巴斯基就不停地提示 !!
上网搜了 搜    说是什么间谍软件???!!!有没有专杀工具 ???怎么删除??
请各位朋友帮忙!!!万分感谢!!!

2007-5-30 13:00:12 运行进程 C:\WINDOWS\system32\veckdld.exe: 检测到新变种风险软件 'Trojan.generic'.

[ 本帖最后由 alicelijing1 于 2007-5-30 17:50 编辑 ]

SRE扫描文件.rar

4.46 KB, 下载次数: 61

xffsfy
发表于 2007-5-30 12:37:12 | 显示全部楼层
原帖由 alicelijing1 于 2007-5-30 12:24 发表
卡巴斯基  不停地提示 Trojan.generic !!!!运行进程。。。
只能隔离  完了之后卡巴斯基  提示要修复  估计是修复那个setup.exe文件    又提示修复失败!!!
之后  所有的硬盘都成了这样  !!! 只要是 ...

打开分区不要直接双击,选择右键菜单中的“打开”选项
用SRE扫报告,大家帮你瞅瞅
alicelijing1
 楼主| 发表于 2007-5-30 12:54:21 | 显示全部楼层
SRE扫描结果如下:
  1. 2007-05-30,12:50:45
  2. System Repair Engineer 2.4.12.806
  3. Smallfrogs (http://www.KZTechs.com)
  4. Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
  5. 以下内容被选中:
  6.     所有的启动项目(包括注册表、启动文件夹、服务等)
  7.     浏览器加载项
  8.     正在运行的进程(包括进程模块信息)
  9.     文件关联
  10.     Winsock 提供者
  11.     Autorun.inf
  12.     HOSTS 文件

  13. 启动项目
  14. 注册表
  15. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  16.     <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
  17.     <bgswitch><C:\WINDOWS\system32\bgswitch.exe>  []
  18. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  19.     <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  20.     <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  21.     <Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd>  [N/A]
  22.     <STDSB><C:\WINDOWS\system32\STDSB.exe>  []
  23.     <SynTPLpr><C:\Program Files\Synaptics\SynTP\SynTPLpr.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  24.     <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Microsoft Windows Publisher]
  25.     <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
  26.     <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
  27.     <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
  28.     <360Safetray><C:\Program Files\360safe\safemon\360Tray.exe /start>  [奇虎网]
  29.     <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
  30.     <WebThunder><C:\Program Files\Thunder Network\WebThunder\WebThunder.exe>  [(Verified)ShenZhen Thunder Networking Technologies Ltd.]
  31.     <ymfqplr><C:\WINDOWS\system32\oduxyym.exe>  []
  32.     <kudxrkr><C:\WINDOWS\system32\veckdld.exe>  []
  33. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  34.     <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
  35.     <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
  36.     <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
  37. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
  38.     <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]
  39. [HKEY_CURRENT_USER\Control Panel\Desktop]
  40.     <SCRNSAVE.EXE><""C:\Program Files\Herosoft\Hero 9\解霸屏保.SCR"">  [N/A]
  41. ==================================
  42. 启动文件夹
  43. [Adobe Reader Speed Launch]
  44.   <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
  45. ==================================
  46. 服务
  47. [卡巴斯基反病毒6.0个人版 / AVP][Running/Auto Start]
  48.   <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
  49. [Human Interface Device Access / HidServ][Stopped/Disabled]
  50.   <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
  51. [Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  52.   <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
  53. [Rising Personal Firewall Service / RfwService][Running/Auto Start]
  54.   <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
  55. [SmartLinkService / SLService][Running/Auto Start]
  56.   <slserv.exe><>
  57. ==================================
  58. 驱动程序
  59. [Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  60.   <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
  61. [C-Media WDM Audio Interface / cmuda][Running/Manual Start]
  62.   <system32\drivers\cmuda.sys><C-Media Inc>
  63. [VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
  64.   <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
  65. [HookUrl / HookUrl][Running/Auto Start]
  66.   <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
  67. [ialm / ialm][Running/Manual Start]
  68.   <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
  69. [kl1 / kl1][Running/Boot Start]
  70.   <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
  71. [klif / klif][Running/System Start]
  72.   <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
  73. [mProcRs / mProcRs][Running/Auto Start]
  74.   <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
  75. [Scroll Bar Driver / MTC0003_STDSB][Running/Auto Start]
  76.   <system32\STDSB.sys><>
  77. [Mtlmnt5 / Mtlmnt5][Running/Manual Start]
  78.   <system32\DRIVERS\Mtlmnt5.sys><>
  79. [Mtlstrm / Mtlstrm][Stopped/Manual Start]
  80.   <system32\DRIVERS\Mtlstrm.sys><>
  81. [NtMtlFax / NtMtlFax][Stopped/Manual Start]
  82.   <system32\DRIVERS\NtMtlFax.sys><>
  83. [NTSIM / NTSIM][Stopped/Manual Start]
  84.   <\??\C:\WINDOWS\system32\ntsim.sys><VIA Technologies, Inc.>
  85. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  86.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
  87. [RecAgent / RecAgent][Stopped/Manual Start]
  88.   <\??\C:\WINDOWS\system32\DRIVERS\RecAgent.sys><Smart Link>
  89. [RsFwDrv / RsFwDrv][Running/Auto Start]
  90.   <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
  91. [Secdrv / Secdrv][Stopped/Manual Start]
  92.   <system32\DRIVERS\secdrv.sys><N/A>
  93. [SmartLink AMR_PCI Driver / Slntamr][Running/Manual Start]
  94.   <system32\DRIVERS\slntamr.sys><>
  95. [SlNtHal / SlNtHal][Stopped/Manual Start]
  96.   <system32\DRIVERS\Slnthal.sys><>
  97. [SlWdmSup / SlWdmSup][Running/Manual Start]
  98.   <system32\DRIVERS\SlWdmSup.sys><Vireo Software>
  99. [Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  100.   <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
  101. [Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  102.   <system32\drivers\ialmsbw.sys><Intel Corporation>
  103. [Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  104.   <system32\drivers\ialmkchw.sys><Intel Corporation>
  105. [360TimeProt / 360TimeProt][Running/Auto Start]
  106.   <\??\C:\WINDOWS\system32\drivers\360TimeProt.sys><N/A>
  107. ==================================
  108. 浏览器加载项
  109. [WebThunder Browser Helper]
  110.   {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
  111. [NavigatMon Class]
  112.   {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, >
  113. [Web反病毒统计]
  114.   {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
  115. [信息检索(&R)]
  116.   {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
  117. [启动Web迅雷]
  118.   {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
  119. [QQ]
  120.   {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
  121. [Messenger]
  122.   {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
  123. [WebThunder Browser Helper]
  124.   {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
  125. [WebThunder Class]
  126.   {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
  127. [Windows Media Player]
  128.   {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
  129. [SearchAssistantOC]
  130.   {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
  131. [NavigatMon Class]
  132.   {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, >
  133. [Shockwave Flash Object]
  134.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
  135. [上传到QQ网络硬盘]
  136.   <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
  137. [使用Web迅雷下载]
  138.   <C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
  139. [使用Web迅雷下载全部链接]
  140.   <C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
  141. [使用超级解霸播放]
  142.   <C:\Program Files\Herosoft\Hero 9\MPURLGET.HTM, N/A>
  143. [导出到 Microsoft Office Excel(&X)]
  144.   <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
  145. [添加到QQ自定义面板]
  146.   <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
  147. [添加到QQ表情]
  148.   <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
  149. [用QQ彩信发送该图片]
  150.   <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
  151. ==================================
  152. 正在运行的进程
  153. [PID: 624][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  154. [PID: 676][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  155. [PID: 704][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  156.     [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.2.621]
  157.     [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  158. [PID: 748][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  159. [PID: 760][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  160. [PID: 916][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  161. [PID: 1012][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  162. [PID: 1052][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  163. [PID: 1544][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  164.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
  165.     [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  166.     [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.4.4 27Mar03]
  167.     [C:\WINDOWS\system32\mxkeybd.dll]  [N/A, ]
  168.     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
  169.     [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
  170.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll]  [Kaspersky Lab, 6.0.2.621]
  171.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
  172.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
  173.     [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.2172]
  174.     [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.2172]
  175.     [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.2172]
  176.     [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.2172]
  177.     [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.2172]
  178.     [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.2172]
  179.     [C:\WINDOWS\system32\msdmo.dll]  [, ]
  180.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll]  [Kaspersky Lab, 6.0.2.621]
  181.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.2.621]
  182. [PID: 244][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3.0.0.2172]
  183.     [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.2172]
  184.     [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.2172]
  185.     [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.2172]
  186.     [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.2172]
  187.     [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.2172]
  188. [PID: 252][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.2172]
  189.     [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.2172]
  190.     [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.2172]
  191.     [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.2172]
  192.     [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.2172]
  193.     [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.2172]
  194.     [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.4.4 27Mar03]
  195. [PID: 268][C:\WINDOWS\system32\STDSB.exe]  [N/A, ]
  196.     [C:\WINDOWS\system32\mxkeybd.dll]  [N/A, ]
  197. [PID: 276][C:\Program Files\Synaptics\SynTP\SynTPLpr.exe]  [Synaptics, Inc., 7.4.4 27Mar03]
  198.     [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.4.4 27Mar03]
  199. [PID: 284][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe]  [Synaptics, Inc., 7.4.4 27Mar03]
  200.     [C:\WINDOWS\system32\SynCOM.dll]  [Synaptics, Inc., 7.4.4 27Mar03]
  201.     [C:\WINDOWS\system32\SynTPAPI.dll]  [Synaptics, Inc., 7.4.4 27Mar03]
  202.     [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.4.4 27Mar03]
  203. [PID: 340][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3510]
  204. [PID: 424][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  205.     [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.4.4 27Mar03]
  206. [PID: 3832][c:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 66]
  207.     [c:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 31]
  208.     [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
  209.     [c:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
  210.     [c:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
  211.     [c:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
  212.     [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.4.4 27Mar03]
  213. [PID: 560][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  214.     [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.4.4 27Mar03]
  215. [PID: 988][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  216.     [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.4.4 27Mar03]
  217.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
  218.     [C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
  219.     [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 4, 0, 1001]
  220.     [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
  221.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.2.621]
  222.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
  223.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll]  [Kaspersky Lab, 6.0.2.621]
  224.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
  225.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.2.621]
  226.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.2.621]
  227.     [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.2.621]
  228.     [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.2.621]
  229.     [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.2.621]
  230.     [C:\WINDOWS\system32\mxkeybd.dll]  [N/A, ]
  231.     [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.2.621]
  232.     [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.2.621]
  233.     [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\basegui.ppl]  [Kaspersky Lab, 6.0.2.621]
  234.     [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\thpimpl.ppl]  [Kaspersky Lab, 6.0.2.621]
  235.     [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\FSSync.dll]  [Kaspersky Lab, 6.0.5.621]
  236.     [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl]  [Kaspersky Lab, 6.0.2.621]
  237.     [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  238.     [C:\WINDOWS\system32\IMSC40A.IME]  [Microsoft Corporation, 6.0.0.2527]
  239.     [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
  240. [PID: 3656][D:\Download\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
  241.     [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.4.4 27Mar03]
  242. ==================================
  243. 文件关联
  244. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  245. .EXE  OK. ["%1" %*]
  246. .COM  OK. ["%1" %*]
  247. .PIF  OK. ["%1" %*]
  248. .REG  OK. [regedit.exe "%1"]
  249. .BAT  OK. ["%1" %*]
  250. .SCR  OK. ["%1" /S]
  251. .CHM  OK. ["C:\WINDOWS\hh.exe" %1]
  252. .HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
  253. .INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
  254. .INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
  255. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  256. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  257. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]
  258. ==================================
  259. Winsock 提供者
  260. N/A
  261. ==================================
  262. Autorun.inf
  263. [D:\]
  264. [AutoRun]
  265. open=ymfqplr.exe
  266. shell\open=打开(&O)
  267. shell\open\Command=ymfqplr.exe
  268. shell\open\Default=1
  269. shell\explore=资源管理器(&X)
  270. shell\explore\Command=ymfqplr.exe
  271. [F:\]
  272. [AutoRun]
  273. open=ymfqplr.exe
  274. shell\open=打开(&O)
  275. shell\open\Command=ymfqplr.exe
  276. shell\open\Default=1
  277. shell\explore=资源管理器(&X)
  278. shell\explore\Command=ymfqplr.exe
  279. [G:\]
  280. [AutoRun]
  281. open=ymfqplr.exe
  282. shell\open=打开(&O)
  283. shell\open\Command=ymfqplr.exe
  284. shell\open\Default=1
  285. shell\explore=资源管理器(&X)
  286. shell\explore\Command=ymfqplr.exe
  287. ==================================
  288. HOSTS 文件
  289. 127.0.0.1       localhost
  290. ==================================
  291. API HOOK
  292. RVA  错误: LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF0C55AF0)
  293. RVA  错误: LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF0C55CD0)
  294. RVA  错误: LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF0C55E30)
  295. RVA  错误: LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF0C55BE0)
  296. RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xF0C55DE0)
  297. ==================================
  298. 隐藏进程
  299. N/A
  300. ==================================
复制代码

[ 本帖最后由 alicelijing1 于 2007-5-30 16:27 编辑 ]
xffsfy
发表于 2007-5-30 13:48:56 | 显示全部楼层
看了你的报告,参照http://bbs.kafan.cn/viewthread.php?tid=88745解决吧....最近这毒很猖狂
你的电脑中的那3个病毒文件是:
c:\windows\system32\veckdld.exe
c:\windows\system32\oduxyym.exe
c:\windows\system32\bgswitch.exe(疑似)

[ 本帖最后由 xffsfy 于 2007-5-31 14:58 编辑 ]
wangjay1980
发表于 2007-5-30 15:27:17 | 显示全部楼层
先用求助区置顶提供的USB专杀和WINGDOWS清理助手进行查杀,然后再用SRE扫个报告
alicelijing1
 楼主| 发表于 2007-5-30 16:30:30 | 显示全部楼层

回复 #4 xffsfy 的帖子

不好意思,还是没杀掉。
xffsfy
发表于 2007-5-30 16:34:32 | 显示全部楼层
原帖由 alicelijing1 于 2007-5-30 16:30 发表
不好意思,还是没杀掉。

  具体什么现象?
batti
发表于 2007-5-30 17:04:29 | 显示全部楼层
先运行SRENG和ICESWORD,结束进程EXPLORER.EXE,IEXPLORER.EXE

使用SRENG删除以下
启动
<STDSB><C:\WINDOWS\system32\STDSB.exe>
<ymfqplr><C:\WINDOWS\system32\oduxyym.exe>
<kudxrkr><C:\WINDOWS\system32\veckdld.exe>

服务
[SmartLinkService / SLService][Running/Auto Start]
  <slserv.exe>

驱动
[Scroll Bar Driver / MTC0003_STDSB][Running/Auto Start]
  <system32\STDSB.sys>
[Mtlmnt5 / Mtlmnt5][Running/Manual Start]
  <system32\DRIVERS\Mtlmnt5.sys>
[Mtlstrm / Mtlstrm][Stopped/Manual Start]
  <system32\DRIVERS\Mtlstrm.sys>
[NtMtlFax / NtMtlFax][Stopped/Manual Start]
  <system32\DRIVERS\NtMtlFax.sys>

重启后删除以上提及的文件以及
C:\WINDOWS\system32\mxkeybd.dll

运行AUTORUNS(一个工具),在点到"驱动器"标签,删除下面列表的自动运行
shuipao
发表于 2007-5-30 17:39:19 | 显示全部楼层
病毒清除前请不要双击任何盘符,可以通过鼠标右键选择打开。

**************以下分析报告由SREngLog分析助手提供******************

根据SREng扫描日志请按照如下步骤,尝试删除和修复

1.建议使用XDelBox删除以下文件:(XDelBox下载)
使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入,导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。

c:\windows\system32\stdsb.exe      此项也有人说是笔记本的一个滚屏程序,请自行决定要不要删除
c:\windows\system32\mxkeybd.dll    此为上面的相关程序
c:\windows\system32\veckdld.exe
c:\windows\system32\oduxyym.exe
c:\windows\system32\stdsb.sys     此为第一项的相关驱动
d:\ymfqplr.exe
d:\autorun.inf
f:\ymfqplr.exe
f:\autorun.inf
g:\ymfqplr.exe
g:\autorun.inf

2.删除重启后使用SREng修复下面各项:

    启动项目 -- 注册表之如下项删除:
[kudxrkr]    <C:\WINDOWS\system32\veckdld.exe>
[ymfqplr]    <C:\WINDOWS\system32\oduxyym.exe>

    启动项目 -- 服务-- 驱动程序之如下项删除:
[Scroll Bar Driver / MTC0003_STDSB]    <system32\STDSB.sys>

3.下载windows清理助手清理恶意软件
http://www.arswp.com/download/arswp/arswp.rar

**************以上分析报告由SREngLog分析助手提供******************
分析:shuipao
时间:2007-5-30
SREngLog分析助手 1.2 (20070420 更新 BY 草莽书生)


[ 本帖最后由 shuipao 于 2007-5-30 17:40 编辑 ]
alicelijing1
 楼主| 发表于 2007-5-30 18:40:26 | 显示全部楼层
终于杀掉了,谢谢大家!!!
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-23 11:53 , Processed in 0.143013 second(s), 20 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表