查看: 2594|回复: 5
收起左侧

电脑中毒了,是这二个病毒.

[复制链接]
信飞鸟
发表于 2007-6-18 12:09:41 | 显示全部楼层 |阅读模式
卡吧检测到,但是删除不了,总是提示重启后杀毒,重启后还是这样

计算机重启后删除: 木马程序 Trojan.Win32.Agent.abe        文件: C:\windows\system32\drivers\kdrdbi33.sys
计算机重启后删除: 木马程序 Trojan-Downloader.Win32.Agent.bbb        文件: C:\windows\system32\drivers\qhqvk.sys
zhaonimm
发表于 2007-6-18 12:46:15 | 显示全部楼层
下载SRENG然后扫描个报告发上来!!!
信飞鸟
 楼主| 发表于 2007-6-18 23:49:43 | 显示全部楼层
[CODE]

2007-06-18,23:50:57

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\windows\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <StormCodec_Helper><"D:\常用工具\暴风语音\Storm Codec\StormSet.exe" /S /opti>  []
    <kis><"D:\系统保护工具\kis\avp.exe">  [Kaspersky Lab]
    <RunShadowTip><C:\WINDOWS\system32\shadow\ShadowTip.exe>  [PowerShadow]
    <SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
    <WebThunder><; D:\常用工具\迅雷\WebThunder.exe>  [(Verified)ShenZhen Thunder Networking Technologies Ltd.]
    <DAEMON Tools><; "D:\常用工具\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DAEMON Tools Code Signing Services]
    <IdnSvr><C:\Program Files\OCINS\idnsvr.exe>  [(Verified)China Internet Network Information Center]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\windows\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><D:\系统保~1\kis\adialhk.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]

==================================
启动文件夹
[服务管理器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MICROS~3\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><H>

==================================
服务
[卡巴斯基互联网安全套装 6.0 / AVP][Running/Auto Start]
  <D:\系统保护工具\kis\avp.exe -r><Kaspersky Lab>
[System Event Logger / BUZOR][Running/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE C:\WINDOWS\SYSTEM32\WBEM\NOJKJ.DLL,DllRegisterServer 1087><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <e:\sqleval\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[Shadow System Service / ShadowSystemService][Running/Auto Start]
  <C:\WINDOWS\system32\shadow\ShadowService.exe><N/A>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
  <e:\sqleval\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[Visual Studio Analyzer RPC bridge / Visual Studio Analyzer RPC bridge][Stopped/Manual Start]
  <C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[cnprov / cnprov][Running/Boot Start]
  <\SystemRoot\system32\drivers\cnprov.sys><中国互联网络信息中心(CNNIC)>
[dtscsi / dtscsi][Running/Manual Start]
  <\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[idnaux / idnaux][Running/Auto Start]
  <system32\drivers\idnaux.sys><中国互联网络信息中心(CNNIC)>
[ipdbldr / ipdbldrv][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ipdbldrv.sys><N/A>
[kdrdbi3 / kdrdbi33][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\kdrdbi33.sys><N/A>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Netgroup Packet Filter / NPF][Running/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\常用工具\IPQQ2007_v5.0\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[qhqv / qhqvk][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\qhqvk.sys><N/A>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[SysTdSvr / SysTdSvr][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\SysTdSvr.sys><N/A>
信飞鸟
 楼主| 发表于 2007-6-18 23:50:14 | 显示全部楼层
浏览器加载项
[LpkHlpr Class]
  {00C104F7-0F5C-470C-ABCF-A5B2E70752F1} <C:\windows\system32\apphlp.dll, Microsoft Corporation>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\系统保护工具\kis\scieplugin.dll, Kaspersky Lab>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[中文上网]
  {B012491E-8FA4-4851-AA9B-22E33784FBAD} <C:\Program Files\OCINS\config.exe, 中国互联网络信息中心(CNNIC)>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Java Plug-in 1.6.0_01]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.4.1_01]
  {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_08]
  {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
  {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll, Sun Microsystems, Inc.>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\常用工具\迅雷\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[LpkHlpr Class]
  {00C104F7-0F5C-470C-ABCF-A5B2E70752F1} <C:\windows\system32\apphlp.dll, Microsoft Corporation>
[WebThunder Class]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\windows\system32\msjava.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[IEAux Class]
  {7605CC7C-00FD-4A5F-BAFD-828342DE6279} <C:\PROGRA~1\OCINS\ieaux.dll, 中国互联网络信息中心(CNNIC)>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&访问通用网址]
  <C:\Program Files\OCINS\cnrbtn.html, N/A>
[上传到QQ网络硬盘]
  <D:\常用工具\传美QQ\qq\AddToNetDisk.htm, N/A>
[使用iTudou下载节目]
  <D:\常用工具\iTudou\iTudou_Link.HTM, N/A>
[使用Web迅雷下载]
  <D:\常用工具\迅雷\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <D:\常用工具\迅雷\GetAllUrl.htm, N/A>
[添加到QQ自定义面板]
  <D:\常用工具\传美QQ\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\常用工具\传美QQ\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\常用工具\传美QQ\qq\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 564][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 640][\??\C:\windows\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 664][\??\C:\windows\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\windows\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [C:\windows\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 712][C:\windows\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 724][C:\windows\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 880][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 940][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1008][C:\windows\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\系统保护工具\kis\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 1096][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1204][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1316][C:\windows\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1612][C:\windows\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [C:\windows\system32\lapiw.dll]  [N/A, ]
    [C:\windows\system32\kdrdbi33.dll]  [N/A, ]
    [C:\windows\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\windows\system32\TudouUpload.dll]  [www.Tudou.com, 1.1.0.0]
    [D:\系统保护工具\kis\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 1640][C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINDOWS\SYSTEM32\WBEM\NOJKJ.DLL]  [Microsoft Corporation, 5, 1, 2600, 2709]
[PID: 1700][C:\windows\system32\inetsrv\inetinfo.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll]  [Microsoft Corporation, 2.0.50727.101 (QFE.050727-1000)]
[PID: 1744][C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe]  [Microsoft Corporation, 2005.090.1399.00]
    [C:\windows\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [C:\Program Files\OCINS\idnsvr.dll]  [中国互联网信息中心(CNNIC), 2, 6, 0, 0]
[PID: 1908][C:\windows\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\JPWB.IME]  [常诚研制, 4.00.950]
[PID: 2020][e:\sqleval\MSSQL\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [e:\sqleval\MSSQL\binn\OPENDS60.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [e:\sqleval\MSSQL\binn\UMS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [e:\sqleval\MSSQL\binn\SQLSORT.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [e:\sqleval\MSSQL\binn\Resources\2052\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [e:\sqleval\MSSQL\binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [e:\sqleval\MSSQL\binn\SSNMPN70.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [e:\sqleval\MSSQL\binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.0194.00]
[PID: 336][C:\WINDOWS\system32\shadow\ShadowService.exe]  [N/A, ]
[PID: 376][C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe]  [Microsoft Corporation, 2005.090.1399.00]
    [C:\Program Files\Microsoft SQL Server\90\Shared\instapi.dll]  [Microsoft Corporation, 2005.090.1399.00]
[PID: 2160][C:\windows\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2240][C:\windows\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\JPWB.IME]  [常诚研制, 4.00.950]
[PID: 2488][D:\Program Files\zte\ZTE Supplicant\ZTESupplicant.exe]  [N/A, ]
    [D:\Program Files\zte\ZTE Supplicant\packet.dll]  [CACE Technologies, 3, 1, 0, 27]
    [D:\Program Files\zte\ZTE Supplicant\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\zte\ZTE Supplicant\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\zte\ZTE Supplicant\Hlp8021x.dll]  [, 1, 0, 1, ]
    [C:\windows\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [D:\系统保护工具\kis\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 2136][C:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.8.1.4: 2007051502]
    [C:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
    [C:\Program Files\Mozilla Firefox\nspr4.dll]  [Netscape Communications Corporation, 4.6.7]
    [C:\Program Files\Mozilla Firefox\xpcom_core.dll]  [Mozilla Foundation, 1.8.1.4: 2007051502]
    [C:\Program Files\Mozilla Firefox\plc4.dll]  [Netscape Communications Corporation, 4.6.7]
    [C:\Program Files\Mozilla Firefox\plds4.dll]  [Netscape Communications Corporation, 4.6.7]
    [C:\Program Files\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.11.5 Basic ECC]
    [C:\Program Files\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.11.5 Basic ECC]
    [C:\Program Files\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]
    [C:\Program Files\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.11.5 Basic ECC]
    [C:\Program Files\Mozilla Firefox\xpcom_compat.dll]  [Mozilla Foundation, 1.8.1.4: 2007051502]
    [C:\windows\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [C:\Program Files\Mozilla Firefox\components\jar50.dll]  [Mozilla Foundation, 1.8.1.4: 2007051502]
    [C:\Program Files\Mozilla Firefox\components\jsd3250.dll]  [Mozilla Foundation, 1.8.1.4: 2007051502]
    [C:\Program Files\Mozilla Firefox\components\myspell.dll]  [Mozilla Foundation, 1.8.1.4: 2007051502]
    [C:\Program Files\Mozilla Firefox\components\spellchk.dll]  [Mozilla Foundation, 1.8.1.4: 2007051502]
    [C:\Program Files\Mozilla Firefox\components\xpinstal.dll]  [Mozilla Foundation, 1.8.1.4: 2007051502]
    [C:\Program Files\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]
    [C:\Program Files\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.62]
[PID: 2600][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll]  [Xiang Feng Technology, 2, 2, 0, 1612]
    [C:\windows\system32\apphlp.dll]  [Microsoft Corporation, 1, 0, 2, 1]
    [C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll]  [Sun Microsystems, Inc., 6.0.10.6]
    [C:\Program Files\Java\jre1.6.0_01\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\系统保护工具\kis\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [D:\系统保护工具\kis\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\系统保护工具\kis\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\系统保护工具\kis\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\系统保护工具\kis\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
    [d:\系统保护工具\kis\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\系统保护工具\kis\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\系统保护工具\kis\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [D:\系统保护工具\kis\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\windows\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [d:\系统保护工具\kis\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\系统保护工具\kis\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [C:\windows\system32\Macromed\Common\SwSupport.dll]  [Macromedia, Inc., 10.0r210]
[PID: 1812][D:\常用工具\迅雷\WebThunder.exe]  [深圳市迅雷网络技术有限公司, 1, 8, 4, 130]
    [D:\常用工具\迅雷\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 13, 4, 58]
    [D:\常用工具\迅雷\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\windows\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [D:\常用工具\迅雷\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 1, 1, 24]
    [D:\常用工具\迅雷\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 15, 2, 98]
    [D:\常用工具\迅雷\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [D:\常用工具\迅雷\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 15, 2, 98]
    [D:\常用工具\迅雷\Inmedia\iEmbedShell.dll]  [ , 1, 0, 0, 19]
    [D:\常用工具\迅雷\InMedia\iEmbed10.dll]  [ , 3, 3, 1, 83]
    [D:\常用工具\迅雷\CacheServer.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Common Files\Microsoft Shared\VS7Debug\pdm.dll]  [Microsoft Corporation, 8.0.50727.42 (RTM.050727-4200)]
    [C:\Program Files\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll]  [Microsoft Corporation, 8.0.50727.42 (RTM.050727-4200)]
    [D:\系统保护工具\kis\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [D:\系统保护工具\kis\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\系统保护工具\kis\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\系统保护工具\kis\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\系统保护工具\kis\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
    [d:\系统保护工具\kis\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\系统保护工具\kis\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\系统保护工具\kis\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [D:\系统保护工具\kis\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [C:\windows\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [d:\系统保护工具\kis\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\系统保护工具\kis\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
[PID: 468][C:\WINDOWS\system32\mdm.exe]  [Microsoft Corporation, 6.00.8149]
    [C:\Program Files\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll]  [Microsoft Corporation, 8.0.50727.42 (RTM.050727-4200)]
[PID: 3868][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\windows\system32\JPWB.IME]  [常诚研制, 4.00.950]
[PID: 3980][C:\DOCUME~1\xing\LOCALS~1\Temp\Rar$EX00.125\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\windows\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [D:\系统保护工具\kis\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\windows\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[E:\]
[AutoRun]
open=autorun.exe
icon=autorun.exe

==================================
HOSTS 文件
127.0.0.1       localhost

==================================
API HOOK
RVA  错误: LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB2724B25)
RVA  错误: LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB2724D67)
RVA  错误: LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB2724F0B)
RVA  错误: LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB2724C49)
RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xB2724E8F)

==================================
隐藏进程
N/A

==================================
zhaonimm
发表于 2007-6-19 10:14:34 | 显示全部楼层
**************以下分析报告由SREngLog分析助手提供******************

根据SREng扫描日志请按照如下步骤,尝试删除和修复

1.建议使用冰刃删除如下文件!!!

c:\windows\system32\lapiw.dll
c:\windows\system32\kdrdbi33.dll
c:\program files\ocins\idnsvr.exe
system32\\drivers\\systdsvr.sys
system32\drivers\qhqvk.sys
system32\drivers\kdrdbi33.sys
system32\drivers\ipdbldrv.sys
system32\drivers\npf.sys
system32\drivers\idnaux.sys
system32\drivers\cnprov.sys
c:\program files\ocins\config.exe
c:\progra~1\ocins\ieaux.dll

2.删除重启后使用SREng修复下面各项:

    启动项目 -- 注册表之如下项删除:
[IdnSvr]    <C:\Program Files\OCINS\idnsvr.exe>

    启动项目 -- 服务-- 驱动程序之如下项删除:
[SysTdSvr / SysTdSvr]    <\SystemRoot\system32\\drivers\\SysTdSvr.sys>
[qhqv / qhqvk]    <\SystemRoot\System32\DRIVERS\qhqvk.sys>
[kdrdbi3 / kdrdbi33]    <\SystemRoot\System32\DRIVERS\kdrdbi33.sys>
[ipdbldr / ipdbldrv]    <\SystemRoot\System32\DRIVERS\ipdbldrv.sys>
[Netgroup Packet Filter / NPF]    <system32\drivers\npf.sys>
[idnaux / idnaux]    <system32\drivers\idnaux.sys>
[cnprov / cnprov]    <\SystemRoot\system32\drivers\cnprov.sys>

    系统修复-- 浏览器加载项之如下项删除:
[中文上网]    <C:\Program Files\OCINS\config.exe>
[IEAux Class]    <C:\PROGRA~1\OCINS\ieaux.dll>

**************以上分析报告由SREngLog分析助手提供******************
分析:草莽书生
时间:2007-6-19
SREngLog分析助手 1.2 (20070420 更新 BY 草莽书生)


删除E盘下的autorun.inf和一个autorun.exe文件!!!用冰刃啊!!
最后在下载个windows清理助手查查就差不多了!!!


[ 本帖最后由 zhaonimm 于 2007-6-19 10:16 编辑 ]
信飞鸟
 楼主| 发表于 2007-6-19 12:13:21 | 显示全部楼层
试试,谢谢了
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-23 15:23 , Processed in 0.158802 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表