!!求助反病毒高手呀!!为什么Deepdo这个病毒删除不了.... bbs.ikaka.com

hongmaofu - 2006-8-10 17:01:00

本人不知道何原因中了这个该死的deepdo病毒,在网上也查了相关删除的方法,什么超级兔子呀,完美卸载,流氓软件卸载等,删除注册表呀,本人反复在安全模式下删除了又删除,就是删除不掉,气呀......好像真的没有办法对付它了,网上相关的文章也少,不知道各位大侠有没有别的好的办法...救助各位呀,本人也曾经向中国计算机病毒中心投诉了,可是没见什么答复,本人估计计算机病毒中心也没什么厉害的高手...........各位靠你们了...现发张图片为证...........

附件: 7250702006810165400.jpg

阿拉伯伯 - 2006-8-10 17:03:00

你发个HJ日志上来看看吧!

hongmaofu - 2006-8-23 16:32:00

我不知道如何上传什么日记呀,
麻烦教我"你发个HJ日志上来看看吧!"

hongmaofu - 2006-8-23 16:33:00

我估计这个病毒是杀不掉的,气呀

hongmaofu - 2006-8-23 16:34:00

麻烦各位高手教我上传"HJ日志",我把这个病毒杀掉

hongmaofu - 2006-8-23 16:51:00

本人现在上传日记给各位高手,麻烦了...
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation]
<msnmsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<_rx><C:\WINDOWS\command\rundll32.exe> []
<17lelestart><; C:\WINDOWS\windcheck2.exe COPYVNETEXE;c:\Program Files\VisionNet\17lele\system\17lele.exe> []
<bgoomain.exe><; > []
<BinaryData><; ∑???qt> []
<CARPService><; carpserv.exe> [Conexant Systems]
<Desktop><; C:\WINDOWS\System32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll> []
<DeviceDiscovery><; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe> [Hewlett-Packard]
<helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> []
<HP Software Update><; C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe> []
<HPDJ Taskbar Utility><; C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe> [HP]
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<LongData><; 蚟ngqt> []
<PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<QQ><; C:\Program Files\system\bo.exe> [ping]
<RichMedia><; C:\WINDOWS\System32\Rundll32.exe "C:\PROGRA~1\hbclient\hbhelper.dll",WaitWindows> []
<SiS KHooker><; > []
<SiSUSBRG><; C:\WINDOWS\sisUSBrg.exe> [Silicon Integrated Systems Corp.]
<spoolsv><; > []
<StatusClient><; C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto> [Hewlett-Packard]
<Str3><; hongqt> []
<TomcatStartup><; C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe> [Hewlett-Packard]
<WinampAgent><; C:\Program Files\Winamp\winampa.exe> []
<yassistse><; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"> []
<YLive.exe><; > []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<KernelFaultCheck><C:\WINDOWS\System32\msime.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\System32\userinit.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]

hongmaofu - 2006-8-23 16:53:00

启动文件夹
[datacenter]
<C:\Documents and Settings\ly\「开始」菜单\程序\启动\datacenter.lnk><N>

==================================
服务
[ Input HID Service / Input HID Service]
<C:\WINDOWS\System32\win.exe><N/A>
[pcAnywhere Host Service / awhost32]
<C:\Program Files\Symantec\pcAnywhere\awhost32.exe><Symantec Corporation>
[IMAPI CD-Burning COM Service / ImapiService]
<C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[NetworkTimeProtocol / NetworkTimeProtocol]
<C:\WINDOWS\System32\ntpd.exe><N/A>
[Pml Driver HPZ12 / Pml Driver HPZ12]
<C:\WINDOWS\System32\HPZipm12.exe><HP>
[Shadow MS SoftwareCopy Provid / Shadow MS SoftwareCopy Provid]
<C:\WINDOWS\win32.exe><N/A>
[Window Services Pack Installe / Spullerpdsvc]
<C:\Program Files\Common Files\spupdsvc.exe><N/A>

==================================
浏览器加载项
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <, N/A>
[FavHook Class]
{CD8BFE70-5809-4C73-9EEE-E5672C2B79D7} <C:\Program Files\Deepdo\DeepdoBar\Favorite\FavBlock.dll, Deepdo.com, Inc.>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Deepdo 工具栏]
{00BE86F6-2E61-4c1e-A36B-AE233EE21FA1} <C:\Program Files\Deepdo\DeepdoBar\DeepdoBar.dll, Deepdo.com, Inc.>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\System32\CMBEdit.dll, >
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[Qzone Media Tools]
{A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} <d:\PROGRA~1\Tencent\QQ\QZone\QZONEM~1.OCX, Tencent Technology (Shenzhen) Company Limited>
[MsnMessengerSetupDownloadControl Class]
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
<D:\program files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用影音传送带下载]
<C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
<C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>
[使用网际快车下载]
<, N/A>
[使用网际快车下载全部链接]
<, N/A>
[添加到QQ自定义面板]
<D:\program files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\program files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\program files\Tencent\QQ\SendMMS.htm, N/A>

hongmaofu - 2006-8-23 16:54:00

正在运行的进程
[PID: 368][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 432][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 456][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 500][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 512][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 672][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 716][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 768][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 780][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 868][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
[C:\WINDOWS\system32\HPBMMON.DLL] <Hewlett-Packard><10.00.16>
[C:\WINDOWS\system32\hppamon0.dll] <HP><5, 0, 5, 0>
[C:\WINDOWS\system32\hpdomon.dll] <Hewlett-Packard><03.42.00>
[C:\WINDOWS\system32\HPBHealr.dll] <N/A><N/A>
[C:\WINDOWS\system32\ZLhp1020.DLL] <Zenographics, Inc.><5, 53, 2317, 0>
[C:\WINDOWS\system32\ZLM.dll] <Zenographics, Inc.><5, 50, 1416, 0>
[C:\WINDOWS\system32\hpzsnt08.dll] <HP><2,223,0,0>
[C:\WINDOWS\system32\awmon.dll] <Symantec Corporation><9.2.1>
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL] <Zenographics, Inc.><5, 54, 330, 0>
[C:\WINDOWS\system32\Imf32.dll] <Zenographics, Inc.><5, 60, 1204, 0>
[C:\WINDOWS\system32\ZTAG32.dll] <Zenographics, Inc.><5, 60, 1210, 0>
[C:\WINDOWS\system32\ZSPOOL.dll] <Zenographics, Inc.><5, 51, 709, 0>
[C:\WINDOWS\system32\hppadt40.dll] <HP><5, 0, 5, 0>
[C:\WINDOWS\system32\HPZidr12.dll] <HP><5, 0, 5, 0>
[C:\WINDOWS\system32\hpbmmjno.dll] <Hewlett-Packard><00.01.00>
[C:\WINDOWS\system32\icm32.dll] <Microsoft Corporation><5.00>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDNT5UI.DLL] <Zenographics, Inc.><5.60.709.0>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDM32.DLL] <Zenographics, Inc.><5, 60, 2629, 0>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZGDI32.dll] <Zenographics, Inc.><5, 60, 709, 0>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDMUI.DLL] <Zenographics, Inc.><5, 60, 2209, 0>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SR32.dll] <Zenographics, Inc.><6, 0, 909, 0>
[PID: 1136][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
[C:\WINDOWS\System32\dllz.dll] <N/A><N/A>
[C:\WINDOWS\System32\mp3infp.dll] <win32lab.com><2.50.5.0>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[D:\program files\Tencent\QQ\qdshm.dll] <><1, 0, 1, 2>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[PID: 1224][C:\WINDOWS\System32\msime.exe] <Microsoft Corporation><5.1.2600.2180>
[C:\WINDOWS\System32\dllz.dll] <N/A><N/A>
[PID: 1276][C:\WINDOWS\System32\ntpd.exe] <N/A><N/A>
[PID: 1324][C:\WINDOWS\command\rundll32.exe] <N/A><N/A>
[C:\WINDOWS\System32\dllz.dll] <N/A><N/A>
[PID: 1368][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\WINDOWS\System32\dllz.dll] <N/A><N/A>
[PID: 1376][C:\Program Files\MSN Messenger\msnmsgr.exe] <Microsoft Corporation><7.5.0311>
[C:\WINDOWS\System32\dllz.dll] <N/A><N/A>
[C:\WINDOWS\System32\msdmo.dll] <N/A><N/A>
[PID: 1392][C:\Program Files\polytel\bookstore\datacenter.exe] <N/A><N/A>
[C:\WINDOWS\System32\dllz.dll] <N/A><N/A>
[PID: 1548][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1560][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
[C:\Program Files\Deepdo\DeepdoBar\DeepdoBar.dll] <Deepdo.com, Inc.><1, 0, 0, 1>
[C:\Program Files\Deepdo\DeepdoBar\CenterDll.dll] <N/A><N/A>
[C:\Program Files\Deepdo\DeepdoBar\Favorite\FavBlock.dll] <Deepdo.com, Inc.><1, 0, 0, 1>
[C:\Program Files\Deepdo\DeepdoBar\Favorite\Favorite.dll] <Deepdo.com, Inc.><1, 0, 0, 1>
[C:\Program Files\Common Files\spupdsvc.DLL] <N/A><N/A>
[PID: 408][C:\Program Files\Skype\Phone\Skype.exe] <N/A><N/A>
[C:\WINDOWS\System32\dllz.dll] <N/A><N/A>
[C:\WINDOWS\System32\JPWB.IME] <常诚研制><4.00.950>
[PID: 624][C:\Program Files\Skype\Phone\ContentFilter.exe] <TOM Online Inc.><1.0.2.0>
[C:\WINDOWS\System32\dllz.dll] <N/A><N/A>
[PID: 1780][D:\program files\Tencent\QQ\QQ.exe] <TENCENT><0, 0, 0, 0>
[D:\program files\Tencent\QQ\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[D:\program files\Tencent\QQ\QQHelperDll.dll] <><1, 0, 0, 1>
[D:\program files\Tencent\QQ\BasicCtrlDll.dll] <Tencent><5, 0, 200, 14>
[D:\program files\Tencent\QQ\QQAPI.dll] <><1, 0, 0, 1>
[D:\program files\Tencent\QQ\TMDlls\TIMProxy.dll] <tencent><0, 3, 2, 4>
[C:\WINDOWS\System32\dllz.dll] <N/A><N/A>
[D:\program files\Tencent\QQ\LoginCtrl.dll] <><1, 0, 0, 1>
[D:\program files\Tencent\QQ\npkcntc.dll] <INCA Internet Co., Ltd.><2005, 9, 1, 1>
[D:\program files\Tencent\QQ\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[D:\program files\Tencent\QQ\QQRes.dll] <tencent><1, 0, 0, 1>
[D:\program files\Tencent\QQ\QQMainFrame.dll] <N/A><N/A>
[D:\program files\Tencent\QQ\CQQApplication.dll] <N/A><N/A>
[D:\program files\Tencent\QQ\NewSkin.dll] <><1, 0, 0, 1>
[D:\program files\Tencent\QQ\HostingMgr.dll] <><1, 0, 0, 1>
[D:\program files\Tencent\QQ\CameraDll.dll] <><1, 0, 0, 1>
[D:\program files\Tencent\QQ\MailSummary.dll] <><1, 0, 0, 1>
[D:\program files\Tencent\QQ\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINDOWS\System32\msdmo.dll] <N/A><N/A>
[D:\program files\Tencent\QQ\QQGroupMng.dll] <><1, 0, 0, 1>
[D:\program files\Tencent\QQ\QQConfigPlugin.dll] <><1, 0, 0, 1>
[D:\program files\Tencent\QQ\UserDefinedHead.dll] <><1, 0, 0, 1>
[D:\program files\Tencent\QQ\QRingMng.dll] <N/A><N/A>
[D:\program files\Tencent\QQ\PhoneAPI.dll] <><1, 0, 0, 1>
[D:\program files\Tencent\QQ\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[D:\program files\Tencent\QQ\QQAvatar.dll] <N/A><N/A>
[D:\program files\Tencent\QQ\FlashAvatarDll.dll] <><1, 4, 0, 1>
[D:\program files\Tencent\QQ\LongConnection.dll] <tencent><0, 3, 3, 8>
[D:\program files\Tencent\QQ\QQPet.dll] <><1, 0, 0, 1>
[D:\program files\Tencent\QQ\BQQApplication.dll] <N/A><N/A>
[D:\program files\Tencent\QQ\QQPlugin.dll] <N/A><N/A>
[D:\program files\Tencent\QQ\QQSysMsgMng.dll] <N/A><N/A>
[D:\program files\Tencent\QQ\CommercesMng.dll] <><1, 0, 0, 1>
[D:\program files\Tencent\QQ\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
[D:\program files\Tencent\QQ\QQUdpGetFileLib.dll] <tencent><0, 2, 2, 3>
[D:\program files\Tencent\QQ\QQAddr.dll] <深圳市腾讯计算机系统有限公司><5, 0, 101, 141>
[D:\program files\Tencent\QQ\QQSceneMng.dll] <N/A><N/A>
[D:\program files\Tencent\QQ\QQPhoneHelper.dll] <腾讯科技（深圳）有限公司><2, 0, 6, 60>
[C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[D:\program files\Tencent\QQ\QQAllInOne.dll] <N/A><N/A>
[D:\program files\Tencent\QQ\SCCore.dll] <N/A><N/A>
[D:\program files\Tencent\QQ\QQCustomFace.dll] <N/A><N/A>
[D:\program files\Tencent\QQ\ImageOle.dll] <TODO: <Company name>><1.0.0.1>
[C:\WINDOWS\System32\JPWB.IME] <常诚研制><4.00.950>
[D:\program files\Tencent\QQ\GroupConnection.dll] <Tencent><0, 3, 3, 5>
[D:\program files\Tencent\QQ\QQMagicFace.dll] <><1, 0, 0, 1>
[D:\program files\Tencent\QQ\QQZip.dll] <tencent><0, 3, 2, 4>
[D:\program files\Tencent\QQ\QQFileTransfer.dll] <Tencent><0, 3, 3, 5>
[D:\program files\Tencent\QQ\QQSettingCtrl.dll] <><1, 0, 0, 1>
[PID: 1872][D:\program files\Tencent\QQ\TIMPlatform.exe] <tencent><0, 3, 1, 8>

hongmaofu - 2006-8-23 16:54:00

[C:\WINDOWS\System32\dllz.dll] <N/A><N/A>
[D:\program files\Tencent\QQ\TMDlls\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 1696][C:\DOCUME~1\ly\LOCALS~1\Temp\Rar$EX01.315\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\System32\dllz.dll] <N/A><N/A>
[C:\DOCUME~1\ly\LOCALS~1\Temp\Rar$EX01.315\SREng2\Plugins\SREngPluginDemo.SRE] <Smallfrogs Studio><1, 1, 1, 0>
[PID: 272][C:\Program Files\Deepdo\DeepdoBar\CtrlCenter.exe] <Deepdo.com, Inc.><1.0.0.1>
[C:\Program Files\Deepdo\DeepdoBar\CENTERDLL.DLL] <N/A><N/A>
[C:\Program Files\Deepdo\DeepdoBar\Notes.dll] <N/A><N/A>
[PID: 428][C:\Program Files\Deepdo\DeepdoBar\Update.exe] <Deepdo.com, Inc.><1, 0, 0, 1>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [notepad.exe %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

hongmaofu - 2006-8-23 16:56:00

==================================
浏览器加载项
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <, N/A>
[FavHook Class]
{CD8BFE70-5809-4C73-9EEE-E5672C2B79D7} <C:\Program Files\Deepdo\DeepdoBar\Favorite\FavBlock.dll, Deepdo.com, Inc.>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Deepdo 工具栏]
{00BE86F6-2E61-4c1e-A36B-AE233EE21FA1} <C:\Program Files\Deepdo\DeepdoBar\DeepdoBar.dll, Deepdo.com, Inc.>

==================================
主要是这里啦,各位靠你们了,文件夹我怎么删除都删除不掉

瑞星卡卡安全论坛