查看: 2770|回复: 8
收起左侧

[已解决] Trojan-PSW.win32.OnlineGames.nn杀不掉啊,急!!!

[复制链接]
水木年华
发表于 2007-6-10 14:23:13 | 显示全部楼层 |阅读模式
Trojan-PSW.win32.OnlineGames.nn卡巴斯基可以检测到,并提示已删掉,但重启后依然存在,用AVG Anti-Spyware V7.5.0.50加强版也无法删掉,改怎么办,急啊

[ 本帖最后由 水木年华 于 2007-6-10 18:40 编辑 ]
xffsfy
发表于 2007-6-10 15:58:01 | 显示全部楼层
用SRE扫报告
水木年华
 楼主| 发表于 2007-6-10 16:11:17 | 显示全部楼层
报告来了:



  1. 2007-06-10,16:11:42

  2. System Repair Engineer 2.4.12.806
  3. Smallfrogs ([url]http://www.KZTechs.com[/url])

  4. Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

  5. 以下内容被选中:
  6.     所有的启动项目(包括注册表、启动文件夹、服务等)
  7.     浏览器加载项
  8.     正在运行的进程(包括进程模块信息)
  9.     文件关联
  10.     Winsock 提供者
  11.     Autorun.inf
  12.     HOSTS 文件


  13. 启动项目
  14. 注册表
  15. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  16.     <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
  17. [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  18.     <load><>  [N/A]
  19.     <run><>  [N/A]
  20. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  21.     <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  22.     <kav><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
  23.     <AVPSrv><C:\WINDOWS\AVPSrv.exe>  [N/A]
  24.     <!AVG Anti-Spyware><"D:\安装软件\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [Anti-Malware Development a.s.]
  25. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  26.     <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
  27.     <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
  28.     <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
  29. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  30.     <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><D:\安装软件\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [Anti-Malware Development a.s.]
  31. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
  32.     <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]
  33. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  34.     <alpha><; %windir%\temp\2.vbs>  [N/A]
  35. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  36.     <eMuleAutoStart><; D:\软件\电驴\eMule\emule.exe -AutoStart>  [N/A]
  37. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  38.     <helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  [N/A]
  39.     <hxgame><; C:\Program Files\\hxupdate\\hxgame-update.exe>  [N/A]
  40.     <hxgame-update><; C:\Program Files\hxupdate\hxgame-update.exe>  [N/A]
  41. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  42.     <iexplore><; C:\Progra~1\Eset\iexplore.exe>  [N/A]
  43. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  44.     <ISUSPM Startup><; C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup>  [InstallShield Software Corporation]
  45.     <ISUSScheduler><; "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start>  [InstallShield Software Corporation]
  46. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  47.     <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows XP Publisher]
  48.     <MsnMsgr><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background>  [Microsoft Corporation]
  49. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  50.     <nwiz><; nwiz.exe /install>  [NVIDIA Corporation]
  51. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  52.     <q75jwcb><; C:\DOCUME~1\user\LOCALS~1\Temp\c0nime.exe>  [N/A]
  53. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  54.     <StormCodec_Helper><; "C:\Documents and Settings\user\My Documents\Storm Codec\StormSet.exe" /S /opti>  []
  55. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  56.     <swg><; C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe>  [(Verified)Google Inc]
  57. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  58.     <wcmdmgr><; C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch>  [WildTangent, Inc.]
  59.     <yassistse><; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  [N/A]
  60.     <YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [N/A]

  61. ==================================
  62. 启动文件夹
  63. N/A

  64. ==================================
  65. 服务
  66. [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  67.   <D:\安装软件\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
  68. [Kaspersky Anti-Virus 6.0 / AVP][Running/Auto Start]
  69.   <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
  70. [CAC03559 / CAC03559][Stopped/Auto Start]
  71.   <C:\WINDOWS\system32\8F2DA66B.EXE -d><Microsoft Corporation>
  72. [Google Updater Service / gusvc][Stopped/Manual Start]
  73.   <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
  74. [Human Interface Device Access / HidServ][Stopped/Disabled]
  75.   <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
  76. [NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  77.   <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
  78. [Windows zjqq RunThem / zjqq][Running/Auto Start]
  79.   <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\uell\eovv.dll>< >

  80. ==================================
  81. 驱动程序
  82. [ababpc / ababpc][Running/Boot Start]
  83.   <\SystemRoot\system32\drivers\ababpc.sys><N/A>
  84. [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  85.   <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
  86. [AliIde / AliIde][Stopped/Boot Start]
  87.   <\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
  88. [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  89.   <\??\D:\安装软件\AVG Anti-Spyware 7.5\guard.sys><N/A>
  90. [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  91.   <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
  92. [CmdIde / CmdIde][Running/Boot Start]
  93.   <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
  94. [cpuz / cpuz][Stopped/Manual Start]
  95.   <\??\C:\WINDOWS\system32\cpuz.sys><N/A>
  96. [dfngie / dfngie][Stopped/Auto Start]
  97.   <\??\C:\WINDOWS\system32\drivers\dfngie.sys><N/A>
  98. [dump_wmimmc / dump_wmimmc][Stopped/Manual Start]
  99.   <\??\C:\WINDOWS\system32\drivers\dump_wmimmc.sys><N/A>
  100. [EagleNT / EagleNT][Stopped/Manual Start]
  101.   <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
  102. [eptob / eptobc][Running/Boot Start]
  103.   <\SystemRoot\System32\DRIVERS\eptobc.sys><N/A>
  104. [gwiopm / gwiopm][Stopped/Manual Start]
  105.   <\??\C:\Program Files\Wom\gwiopm.sys><N/A>
  106. [IsDrv120 / IsDrv120][Running/Boot Start]
  107.   <2 - 系统找不到指定的文件。
  108. ><N/A>
  109. [kl1 / kl1][Running/Boot Start]
  110.   <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
  111. [klif / klif][Running/System Start]
  112.   <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
  113. [kmsinput / kmsinput][Stopped/Manual Start]
  114.   <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
  115. [MegaIDE / MegaIDE][Running/Boot Start]
  116.   <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
  117. [npkcrypt / npkcrypt][Running/Auto Start]
  118.   <\??\D:\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
  119. [npkcusb / npkcusb][Running/Manual Start]
  120.   <\??\D:\Tencent\QQ\npkcusb.sys><INCA Internet Co., Ltd.>
  121. [nv / nv][Running/Manual Start]
  122.   <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
  123. [NVIDIA Disk Cache Filter Driver / nvcchflt][Running/Boot Start]
  124.   <\SystemRoot\system32\DRIVERS\nvcchflt.sys><NVIDIA Corporation>
  125. [NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  126.   <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
  127. [NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  128.   <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
  129. [NVIDIA nForce(tm) RAID Class Driver / nvraid][Running/Boot Start]
  130.   <\SystemRoot\system32\DRIVERS\nvraid.sys><NVIDIA Corporation>
  131. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  132.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
  133. [R2A / R2A][Stopped/Manual Start]
  134.   <\??\C:\WINDOWS\system32a2.sys><N/A>
  135. [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  136.   <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
  137. [Secdrv / Secdrv][Stopped/Manual Start]
  138.   <system32\DRIVERS\secdrv.sys><N/A>
  139. [Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  140.   <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
  141. [veadl / veadlf][Running/Boot Start]
  142.   <\SystemRoot\System32\DRIVERS\veadlf.sys><N/A>
  143. [ViaIde / ViaIde][Running/Boot Start]
  144.   <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>

  145. ==================================
  146. 浏览器加载项
  147. [Thunder Browser Helper]
  148.   {0005A87B-D626-4B3A-84F9-1D9571695F55} <D:\安装软件\迅雷\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
  149. [ThunderIEHelper Class]
  150.   {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
  151. [QQBrowserHelperObject Class]
  152.   {54EBD53A-9BC1-480B-966A-843A333CA162} <d:\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
  153. [Google Toolbar Helper]
  154.   {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
  155. [ff Class]
  156.   {FAAAC0F6-94BE-4466-934B-7C53666A2F41} <C:\WINDOWS\system32\c131.dll, TODO: <公司名>>
  157. [启动迅雷5]
  158.   {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\软件\迅雷\Thunder.exe, Thunder Networking Technologies,LTD>
  159. [扑克]
  160.   {12341234-1234-5678-9012-123456789012} <, N/A>
  161. [Web Anti-Virus]
  162.   {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
  163. [豪杰超级解霸V8]
  164.   {367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\Herosoft\HeroV8\STHSDVD.EXE, herosoft>
  165. [JUJU猫]
  166.   {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <[url]http://www.jujumao.net[/url], N/A>
  167. [QQ]
  168.   {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Tencent\QQ\QQ.EXE, TENCENT>
  169. [QQIEFloatBarCfgCmd Class]
  170.   {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <d:\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
  171. [Messenger]
  172.   {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
  173. [&Google]
  174.   {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
  175. [Shockwave Flash Object]
  176.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
  177. [Thunder Browser Helper]
  178.   {0005A87B-D626-4B3A-84F9-1D9571695F55} <D:\安装软件\迅雷\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
  179. [ThunderIEHelper Class]
  180.   {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
  181. [QQBrowserHelperObject Class]
  182.   {54EBD53A-9BC1-480B-966A-843A333CA162} <d:\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
  183. [Active Desktop Mover]
  184.   {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
  185. [Google Toolbar Helper]
  186.   {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
  187. [ff Class]
  188.   {FAAAC0F6-94BE-4466-934B-7C53666A2F41} <C:\WINDOWS\system32\c131.dll, TODO: <公司名>>
  189. [&使用迅雷下载]
  190.   <D:\安装软件\迅雷\Program\geturl.htm, N/A>
  191. [&使用迅雷下载全部链接]
  192.   <D:\安装软件\迅雷\Program\getallurl.htm, N/A>
  193. [上传到QQ网络硬盘]
  194.   <D:\Tencent\QQ\AddToNetDisk.htm, N/A>
  195. [导出到 Microsoft Office Excel(&X)]
  196.   <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
  197. [添加到QQ自定义面板]
  198.   <D:\Tencent\QQ\AddPanel.htm, N/A>
  199. [添加到QQ表情]
  200.   <D:\Tencent\QQ\AddEmotion.htm, N/A>
  201. [用QQ彩信发送该图片]
  202.   <D:\Tencent\QQ\SendMMS.htm, N/A>

  203. ==================================
  204. 正在运行的进程
  205. [PID: 612][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  206. [PID: 700][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  207. [PID: 724][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  208.     [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
  209.     [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  210. [PID: 776][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  211. [PID: 788][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  212. [PID: 940][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  213. [PID: 988][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  214. [PID: 1084][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  215. [PID: 1200][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  216. [PID: 1256][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  217. [PID: 1592][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  218.     [D:\安装软件\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [Anti-Malware Development a.s., 7, 5, 0, 47]
  219.     [C:\WINDOWS\system32\veadlf.dll]  [N/A, ]
  220.     [C:\WINDOWS\system32\eptobc.dll]  [N/A, ]
  221.     [c:\progra~1\uell\hryy.dll]  [, 5, 0, 0, 4]
  222.     [c:\progra~1\uell\mwdd.dll]  [ , 5, 0, 0, 4]
  223.     [C:\WINDOWS\system32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.10035]
  224.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
  225.     [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
  226.     [D:\安装软件\AVG Anti-Spyware 7.5\context.dll]  [Anti-Malware Development a.s., 7, 5, 0, 49]
  227.     [C:\WINDOWS\system32\xunleibho_v14.dll]  [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
  228.     [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  229. [PID: 1852][D:\安装软件\AVG Anti-Spyware 7.5\avgas.exe]  [Anti-Malware Development a.s., 7, 5, 0, 50]
  230.     [D:\安装软件\AVG Anti-Spyware 7.5\engine.dll]  [Anti-Malware Development a.s., 4, 2, 0, 15]
  231.     [c:\progra~1\uell\hryy.dll]  [, 5, 0, 0, 4]
  232.     [c:\progra~1\uell\mwdd.dll]  [ , 5, 0, 0, 4]
  233. [PID: 1864][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  234. [PID: 3560][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  235.     [C:\WINDOWS\system32\3c1.dll]  [  , 1, 0, 0, 3]
  236.     [c:\progra~1\uell\hryy.dll]  [, 5, 0, 0, 4]
  237.     [c:\progra~1\uell\mwdd.dll]  [ , 5, 0, 0, 4]
  238. [PID: 3840][C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.078\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
  239.     [c:\progra~1\uell\hryy.dll]  [, 5, 0, 0, 4]
  240.     [c:\progra~1\uell\mwdd.dll]  [ , 5, 0, 0, 4]

  241. ==================================
  242. 文件关联
  243. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  244. .EXE  OK. ["%1" %*]
  245. .COM  OK. ["%1" %*]
  246. .PIF  OK. ["%1" %*]
  247. .REG  OK. [regedit.exe "%1"]
  248. .BAT  OK. ["%1" %*]
  249. .SCR  OK. ["%1" /S]
  250. .CHM  Error. ["hh.exe" %1]
  251. .HLP  Error. [winhlp32.exe %1]
  252. .INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
  253. .INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
  254. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  255. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  256. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]

  257. ==================================
  258. Winsock 提供者
  259. N/A

  260. ==================================
  261. Autorun.inf
  262. N/A

  263. ==================================
  264. HOSTS 文件
  265. N/A

  266. ==================================
  267. API HOOK
  268. RVA  错误: LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF5440B25)
  269. RVA  错误: LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF5440D67)
  270. RVA  错误: LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF5440F0B)
  271. RVA  错误: LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF5440C49)
  272. RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xF5440E8F)

  273. ==================================
  274. 隐藏进程
  275. N/A

  276. ==================================


复制代码
zhaonimm
发表于 2007-6-10 16:49:38 | 显示全部楼层
**************以下分析报告由SREngLog分析助手提供******************

根据SREng扫描日志请按照如下步骤,尝试删除和修复

1.建议使用XDelBox删除以下文件:(XDelBox下载)
使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入,导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。

c:\progra~1\uell\hryy.dll
c:\progra~1\uell\mwdd.dll
c:\windows\system32\eptobc.dll
c:\windows\system32\veadlf.dll
c:\windows\system32\3c1.dll
; c:\docume~1\user\locals~1\temp\c0nime.exe
; c:\progra~1\eset\iexplore.exe
; %windir%\temp\2.vbs
c:\windows\avpsrv.exe
c:\progra~1\uell\eovv.dll
c:\windows\system32\8f2da66b.exe -d
c:\windows\system32\drivers\ababpc.sys
c:\windows\system32\drivers\veadlf.sys
c:\windows\system32a2.sys
c:\windows\system32\drivers\eptobc.sys
c:\windows\system32\drivers\eaglent.sys
c:\windows\system32\drivers\dfngie.sys

2.删除重启后使用SREng修复下面各项:

    启动项目 -- 注册表之如下项删除:
[q75jwcb]    <; C:\DOCUME~1\user\LOCALS~1\Temp\c0nime.exe>
[iexplore]    <; C:\Progra~1\Eset\iexplore.exe>
[alpha]    <; %windir%\temp\2.vbs>
[AVPSrv]    <C:\WINDOWS\AVPSrv.exe>

    启动项目 -- 服务 -- Win32服务应用程序之如下项删除:
[Windows zjqq RunThem / zjqq]    <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\uell\eovv.dll>
[CAC03559 / CAC03559]    <C:\WINDOWS\system32\8F2DA66B.EXE -d>

    启动项目 -- 服务-- 驱动程序之如下项删除:
[ababpc / ababpc]    <\SystemRoot\system32\drivers\ababpc.sys>
[veadl / veadlf]    <\SystemRoot\System32\DRIVERS\veadlf.sys>
[R2A / R2A]    <\??\C:\WINDOWS\system32a2.sys>
[IsDrv120 / IsDrv120]    <>
[eptob / eptobc]    <\SystemRoot\System32\DRIVERS\eptobc.sys>
[EagleNT / EagleNT]    <\??\C:\WINDOWS\system32\drivers\EagleNT.sys>
[dfngie / dfngie]    <\??\C:\WINDOWS\system32\drivers\dfngie.sys>

**************以上分析报告由SREngLog分析助手提供******************
分析:草莽书生
时间:2007-6-10
SREngLog分析助手 1.2 (20070420 更新 BY 草莽书生)

[EagleNT / EagleNT]    <\??\C:\WINDOWS\system32\drivers\EagleNT.sys>  注意这个  你要是有“街头蓝球”你不要删除 注意啊!!!

关闭系统还原 清理系统临时文件!!!


忘了 你的电脑还有  3721  雅虎助手  谷歌工具条。。。。。。。。建议用360安全  删除!!!

[ 本帖最后由 zhaonimm 于 2007-6-10 16:51 编辑 ]
水木年华
 楼主| 发表于 2007-6-10 16:56:20 | 显示全部楼层
谢了,试试先
水木年华
 楼主| 发表于 2007-6-10 18:04:42 | 显示全部楼层
晕啊,按照上面操作完成后,用卡巴斯基再次杀毒,又发现6个木马,这是杀毒后的截图,估计卡巴杀不掉这些木马的
11.jpg
zhaonimm
发表于 2007-6-10 18:24:52 | 显示全部楼层
。。。。。。。。。。。
楼主换这个网址登陆  现在图片看不到。。。。。
http://bbs.kafan.cn
看看是什么文件!!
水木年华
 楼主| 发表于 2007-6-10 18:36:06 | 显示全部楼层
谢谢zhaonimm啦,卡巴杀完后没有再提示还有木马,用AVG查杀也没有病毒了,可能是病毒残余部分吧。十分感谢!
houjueshidabao
发表于 2007-6-11 00:54:45 | 显示全部楼层
撒大的
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-23 16:31 , Processed in 0.139255 second(s), 20 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表