各位高手关注:Trojan.Delf.ncy病毒. bbs.ikaka.com

懒虫88 - 2006-9-12 12:52:00

Trojan.Delf.ncy 今天我机器上发现了这病毒,去搜索相光信息的时候.
百度和瑞星引擎都无法搜索到相关的资料,这是个新病毒吗?还请高手指点怎么样才查杀
这病毒,或者详细介绍下这病毒的相关内容.

谢谢

deadmanzj - 2006-9-12 12:53:00

请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改

懒虫88 - 2006-9-12 16:45:00

deadmanzj 你好我这就把扫描后日志里的资料发上来，你帮我分析下，谢谢！
2006-09-12,16:28:11

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Camfrog><"D:\Program Files\Camfrog\Camfrog Video Chat 3.72\CamfrogNet.exe" 1 D:\Program Files\Camfrog\Camfrog Video Chat 3.72\Camfrog Video Chat.exe> []
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<BigDogPath><; C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<DuoDuo><; C:\Program Files\9158IM\99Lover.exe> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NetPlayerAgent><; C:\Program Files\TMPlayer\PlayerAgent.exe> []
<QuickTime Task><; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<spoolsv><; > []
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> []

==================================
启动文件夹
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk><N>

懒虫88 - 2006-9-12 16:46:00

==================================
服务
[IMAPI CD-Burning COM Service / ImapiService]
<C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[Macromedia Licensing Service / Macromedia Licensing Service]
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Update Service For Windows / SoftUpdate]
<C:\WINDOWS\SoftUpdate.exe><N/A>
[Ulead Burning Helper / UleadBurningHelper]
<C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>

==================================
浏览器加载项
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper200687_8033.dll, N/A>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[NewWebController Class]
{9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINDOWS\system32\AdvSC.dll, N/A>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <E:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[]
{E730189A-9973-4121-B046-AD1C161EC3AF} <C:\WINDOWS\system32\37211.dll, N/A>
[启动迅雷]
{0062C9BD-B349-40DE-91A0-755F37ACD559} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Camfrog Toolbar]
{AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} <C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll, Camshare LC>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
<F:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
<E:\Program Files\KuGoo3\KuGoo3DownX.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<F:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<F:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<F:\Program Files\Tencent\qq\SendMMS.htm, N/A>

==================================

懒虫88 - 2006-9-12 16:47:00

==================================
正在运行的进程
[PID: 412][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 460][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 484][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 528][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 540][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 700][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 752][C:\Program Files\Rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 768][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 900][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 976][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1000][C:\Program Files\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 35>
[C:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[C:\Program Files\Rising\Rav\HOOKSYS.dll] <Beijing Rising Technology Co., Ltd.><18, 1, 0, 11>
[C:\Program Files\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 32>
[C:\Program Files\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[C:\Program Files\Rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\Program Files\Rising\Rav\HookWeb.dll] <rising><18, 0, 0, 2>

与时拒进 - 2006-9-12 16:48:00

引用:

【懒虫88的贴子】deadmanzj 你好我这就把扫描后日志里的资料发上来，你帮我分析下，谢谢！
2006-09-12,16:28:11

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

他也不会

懒虫88 - 2006-9-12 16:50:00

[C:\Program Files\Rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[C:\Program Files\Rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\Rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6>
[C:\Program Files\Rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 34>
[C:\Program Files\Rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 15>
[C:\Program Files\Rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[C:\Program Files\Rising\Rav\RSUnpack.dll] <Beijing Rising Technology Co., Ltd.><1, 0, 0, 13>
[C:\Program Files\Rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\Rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[C:\Program Files\Rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[C:\Program Files\Rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RsStore.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\Program Files\Rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[PID: 1164][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[d:\Program Files\Media Player Classic\Codecs\mmfinfo.dll] <N/A><N/A>
[d:\Program Files\Media Player Classic\Codecs\mkunicode.dll] <N/A><N/A>
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[PID: 1268][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
[PID: 1360][C:\Program Files\Rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1516][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1576][C:\WINDOWS\SoftUpdate.exe] <N/A><N/A>
[PID: 1704][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1724][C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe] <Ulead Systems, Inc.><1, 0, 0, 3>
[PID: 1764][C:\WINDOWS\System32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 184][C:\Program Files\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[PID: 228][C:\Program Files\Rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
[C:\Program Files\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
[C:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 248][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1096][F:\Program Files\Tencent\qq\QQ.exe] <TENCENT><0, 0, 0, 0>
[F:\Program Files\Tencent\qq\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\QQHelperDll.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\BasicCtrlDll.dll] <Tencent><5, 0, 200, 160>
[F:\Program Files\Tencent\qq\QQAPI.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\TIMProxy.dll] <tencent><0, 3, 2, 4>
[F:\Program Files\Tencent\qq\LoginCtrl.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 3, 2, 1>
[F:\Program Files\Tencent\qq\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[F:\Program Files\Tencent\qq\QQRes.dll] <tencent><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\QQMainFrame.dll] <N/A><N/A>
[F:\Program Files\Tencent\qq\CQQApplication.dll] <N/A><N/A>
[F:\Program Files\Tencent\qq\NewSkin.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\HostingMgr.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\CameraDll.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\MailSummary.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINDOWS\System32\msdmo.dll] <N/A><N/A>
[F:\Program Files\Tencent\qq\QQGroupMng.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\GroupLive.dll] <N/A><N/A>
[F:\Program Files\Tencent\qq\LongConnection.dll] <tencent><5, 0, 200, 160>
[F:\Program Files\Tencent\qq\QQPlugin.dll] <N/A><N/A>
[F:\Program Files\Tencent\qq\QQAllInOne.dll] <N/A><N/A>
[F:\Program Files\Tencent\qq\SCCore.dll] <N/A><N/A>
[F:\Program Files\Tencent\qq\QQCustomFace.dll] <N/A><N/A>
[F:\Program Files\Tencent\qq\UserDefinedHead.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\QQConfigPlugin.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\FlashAvatarDll.dll] <><1, 4, 0, 1>
[F:\Program Files\Tencent\qq\QQAvatar.dll] <N/A><N/A>
[F:\Program Files\Tencent\qq\GroupConnection.dll] <Tencent><5, 0, 202, 170>
[F:\Program Files\Tencent\qq\QQPet.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\OEMApplication.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\QRingMng.dll] <N/A><N/A>
[F:\Program Files\Tencent\qq\PhoneAPI.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[F:\Program Files\Tencent\qq\QQSysMsgMng.dll] <N/A><N/A>
[F:\Program Files\Tencent\qq\BQQApplication.dll] <N/A><N/A>
[F:\Program Files\Tencent\qq\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
[F:\Program Files\Tencent\qq\QQSceneMng.dll] <N/A><N/A>
[F:\Program Files\Tencent\qq\ImageOle.dll] <TODO: <Company name>><1.0.0.1>
[F:\Program Files\Tencent\qq\CommercesMng.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\QQUdpGetFileLib.dll] <tencent><0, 2, 2, 3>
[F:\Program Files\Tencent\qq\QQAddr.dll] <深圳市腾讯计算机系统有限公司><5, 0, 101, 200>
[F:\Program Files\Tencent\qq\QQPhoneHelper.dll] <腾讯科技（深圳）有限公司><2, 0, 6, 60>
[F:\Program Files\Tencent\qq\QQMagicFace.dll] <><1, 0, 0, 1>
[F:\Program Files\Tencent\qq\QQZip.dll] <tencent><0, 3, 2, 4>
[PID: 1664][F:\Program Files\Tencent\qq\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[F:\Program Files\Tencent\qq\TIMProxy.dll] <tencent><0, 3, 2, 4>

懒虫88 - 2006-9-12 16:51:00

[PID: 148][C:\Program Files\SaynSay 4.x\SaynSay 4.x.exe] <Saeha Soft Co., Ltd.><4, 0, 4, 3>
[C:\Program Files\SaynSay 4.x\VOSaeha.dll] <><1, 4, 0, 1>
[C:\Program Files\SaynSay 4.x\SHPictureEx.dll] <><1, 0, 0, 2>
[C:\Program Files\SaynSay 4.x\SHFTP.dll] <><1, 0, 5, 7>
[C:\Program Files\SaynSay 4.x\SHNatManager.dll] <><1, 0, 5, 4>
[C:\Program Files\SaynSay 4.x\Res_Chn.dll] <Saeha Soft Co., Ltd.><4, 0, 3, 6>
[C:\Documents and Settings\wrd\桌面\新oSaynsay\oSaynsayDll.dll] <N/A><N/A>
[C:\PROGRA~1\SAYNSA~1.X\SHVideo.ocx] <><1, 0, 2, 9>
[C:\PROGRA~1\SAYNSA~1.X\SHVIDE~1.OCX] <?????><1, 0, 0, 2>
[C:\Program Files\SaynSay 4.x\SHVideo_Wavelet.dll] <><1, 0, 0, 7>
[C:\Program Files\SaynSay 4.x\encoderdll.dll] <><1, 0, 0, 1>
[C:\Program Files\SaynSay 4.x\decoderdll.dll] <><1, 0, 0, 1>
[C:\WINDOWS\System32\msdmo.dll] <N/A><N/A>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[d:\Program Files\K-Lite Codec Pack\filters\vsfilter.dll] <Gabest><1, 0, 1, 3>
[d:\Program Files\K-Lite Codec Pack\filters\MP4Splitter.ax] <Gabest><1, 0, 0, 2>
[d:\Program Files\K-Lite Codec Pack\Real\RealMediaSplitter.ax] <Gabest><1, 0, 1, 1>
[d:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax] <N/A><1.0.2.2012>
[d:\Program Files\Media Player Classic\codecs\TTL2Dec.dll] <N/A><N/A>
[d:\Program Files\K-Lite Codec Pack\filters\FLVSplitter.ax] <Gabest><1, 0, 0, 0>
[d:\Program Files\Media Player Classic\codecs\empgdmx.ax] <Elecard Ltd.><1, 0, 19, 51017>
[C:\Program Files\Common Files\Ulead Systems\MPEG\ulspmpeg.ax] <ULead Systems><1, 0, 0, 69>
[C:\Program Files\Common Files\Ulead Systems\MPEG\mcmpgdec.dll] <Ulead Systems, Inc.><official release build>
[C:\Program Files\Common Files\Ulead Systems\MPEG\mpegin.dll] <Ulead Systems, Inc><official release build>
[d:\Program Files\K-Lite Codec Pack\filters\ac3filter.ax] <><1.01a>
[d:\Program Files\K-Lite Codec Pack\ffdshow\libavcodec.dll] <N/A><N/A>
[d:\Program Files\K-Lite Codec Pack\ffdshow\libmplayer.dll] <N/A><N/A>
[PID: 2580][C:\Program Files\Tencent\TT\TTraveler.exe] <腾讯公司><3.1.0.256>
[C:\Program Files\Tencent\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll] <腾讯公司><1, 1, 0, 5>
[C:\Program Files\Tencent\TT\Plugins\TWeather\TWeather.dll] <><1, 0, 0, 3>
[C:\Program Files\Tencent\TT\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 4>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[PID: 328][D:\Program Files\Jiao System, Ltd\VCDCut Bak\942t.exe] <Jiao System, Ltd.><1, 1, 0, 2>
[D:\Program Files\Jiao System, Ltd\VCDCut Bak\hook.dll] <N/A><N/A>
[D:\Program Files\Jiao System, Ltd\VCDCut Bak\jiaoaud.dll] <><1, 0, 0, 1>
[C:\WINDOWS\System32\msdmo.dll] <N/A><N/A>
[D:\Program Files\Jiao System, Ltd\VCDCut Bak\jiaodsp.dll] <Jiao System, Ltd.><1, 0, 0, 1>
[D:\Program Files\Jiao System, Ltd\VCDCut Bak\language.dll] <N/A><N/A>
[D:\Program Files\Jiao System, Ltd\VCDCut Bak\nlame.dll] <N/A><N/A>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\WINDOWS\System32\VM31bPrp.Ax] <VM><4.2.815.31>
[PID: 3976][C:\Documents and Settings\wrd\桌面\新oSaynsay\oSaynsay.exe] <N/A><N/A>
[C:\Documents and Settings\wrd\桌面\新oSaynsay\oSaynsayDll.dll] <N/A><N/A>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 3780][C:\Documents and Settings\wrd\桌面\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

westbeck - 2006-9-12 16:54:00

SoftUpdate.exe
参考:http://forum.ikaka.com/topic.asp?board=28&artid=8166191

细胞终结者 - 2006-9-12 16:56:00

关闭系统还原

重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
运行(双击)System Repair Engineer，点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务Update Service For Windows / SoftUpdate选择“删除服务”点“设置”选择“否”
删除:
<C:\WINDOWS\SoftUpdate.exe>

westbeck - 2006-9-12 17:03:00

重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
运行System Repair Engineer，使用“启动项目，注册表”来删除以下选项
DuoDuo><; C:\Program Files\9158IM\99Lover.exe>
运行System Repair Engineer，使用“系统修复，浏览器加载项”来删除以下选项
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper200687_8033.dll, N/A>
[NewWebController Class]
{9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINDOWS\system32\AdvSC.dll, N/A>
[]
{E730189A-9973-4121-B046-AD1C161EC3AF} <C:\WINDOWS\system32\37211.dll, N/A>
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，在隐藏文件和文件夹选项里选择显示所有文件和文件夹清除“隐藏已知文件类型的扩展名
删除:
C:\Program Files\9158IM\99Lover.exe
C:\WINDOWS\system32\AdvSC.dll
C:\WINDOWS\system32\37211.dll
清空IE临时文件
下载超级兔子。
http://www.pctutu.com/srmsdown.asp
运行超级兔子,打开“超级兔子清理王”“专业卸载,卸载所有提示的垃圾软件，卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载(安全模式)

westbeck - 2006-9-12 17:05:00

C:\Documents and Settings\wrd\桌面\新oSaynsay\oSaynsay.exe
请问楼主知不知道是什么?

westbeck - 2006-9-12 17:05:00

请按那贴子说得做,才删得干净

1

查看完整版本: 各位高手关注:Trojan.Delf.ncy病毒.

瑞星卡卡安全论坛