【求助】这几天老中同一个木马，求解决方法 bbs.ikaka.com

喜欢飞的感觉 - 2006-11-25 12:29:00

木马程序 Trojan-PSW.Win32.Nilage.awa运行模块: rundll32.exe\rundll32.exe
用卡巴删除了，重起后又会有
怎样彻底解决。

谢谢

newcenturymoon - 2006-11-25 12:33:00

下载 System Repair Engineer，
http://www.kztechs.com/sreng/sreng2.zip
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改

喜欢飞的感觉 - 2006-11-25 12:53:00

Windows XP Home Edition (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<nwiz><nwiz.exe /install> [N/A]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<kav><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [(Verified)NVIDIA Corporation]
<ISUSScheduler><"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start> [InstallShield Software Corporation]
<!AVG Anti-Spyware><"d:\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [N/A]
<r><C:\WINDOWS\down\rundll32.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><c:\windows\system32\userinit.exe,c:\windows\system32\rundll32.exe i,> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{06A48AD9-FF57-4E73-937B-B493E72F4226}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\System32\klogon.dll> [Kaspersky Lab]

==================================
启动文件夹
[腾讯QQ]
<C:\Documents and Settings\linxiuting\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\qq\QQ.exe [TENCENT]><N>

==================================
服务
[Application Management / AppMgmt]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[卡巴斯基反病毒软件6.0 / AVP]
<C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -r><Kaspersky Lab>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService]
<C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd]
<"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[Svchost.exe / Svchost.exe]
<C:\WINDOWS\Hacker.com.cn.exe><N/A>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[kl1 / kl1]
<\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif]
<\??\C:\WINDOWS\System32\drivers\klif.sys><Kaspersky Lab>
[NetGroup Packet Filter Driver / NPF]
<system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt]
<\??\D:\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware]
<\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<System32\DRIVERS\secdrv.sys><N/A>
[TSP / TSP]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>

==================================
浏览器加载项
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\System32\xunleibho_v8.dll, Thunder Networking Technologies,LTD>
[BhoHelperApp Class]
{0B3D9626-CEB1-4534-AA62-AB7FE505DDC2} <C:\WINDOWS\System32\dmadv.dll, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Web反病毒保护]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[MMCPlayer Class]
{05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[PicUploadCtrl Class]
{BF8C499A-AC6E-4F58-82EA-9E5FCC41C34B} <C:\WINDOWS\Downloaded Program Files\PicUpload.dll, Sohu.com Inc.>
[Tencent Safety Online Base Module]
{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\System32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
<d:\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<d:\Thunder\getallurl.htm, N/A>
[上传到QQ网络硬盘]
<D:\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<D:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\qq\SendMMS.htm, N/A>

喜欢飞的感觉 - 2006-11-25 13:02:00

==================================
正在运行的进程
[PID: 468][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 536][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 560][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\klogon.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 604][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 616][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 776][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 840][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 992][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1012][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1240][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk] [N/A, N/A]
[C:\WINDOWS\System32\xunleibho_v8.dll] [Thunder Networking Technologies,LTD, 4, 5, 1, 33]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 1284][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1444][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3292]
[PID: 1452][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\FSSync.dll] [Kaspersky Lab, 6.0.5.0]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\AVPGS.PPL] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avpgui.ppl] [Kaspersky Lab, 6.0.0.300]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\basegui.dll] [Kaspersky Lab, 6.0.0.300]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\thpimpl.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\qb.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\inflate.ppl] [Kaspersky Lab, 6.0.0.16]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\report.ppl] [Kaspersky Lab, 6.0.0.299]
[PID: 1496][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1576][C:\WINDOWS\System32\conime.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1668][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1680][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\FSSync.dll] [Kaspersky Lab, 6.0.5.0]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\AVPGS.PPL] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tm.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\bl.ppl] [Kaspersky Lab, 6.0.0.300]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\wmihlpr.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\ndetect.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\crpthlpr.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\schedule.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\timer.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\thpimpl.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\lic60.ppl] [Kaspersky Lab, 6.0.0.300]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\report.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\hashmd5.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avs.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avpmgr.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\wdiskio.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avlib.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avspm.ppl] [Kaspersky Lab, 6.0.0.299]

喜欢飞的感觉 - 2006-11-25 13:04:00

[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp3info.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pdm.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\og.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\procmon.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\oas.ppl] [Kaspersky Lab, 6.0.0.300]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\httpscan.ppl] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klaveng.dll] [N/A, N/A]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\sc.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\dtreg.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\prutil.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\sfdb.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp1.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\l_llio.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\ichk2.ppl] [Kaspersky Lab, 6.0.0.300]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\icheckersa.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\httpanlz.ppl] [Kaspersky Lab, 6.0.0.300]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\trafficmonitor2.ppl] [N/A, N/A]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\CKAHUM.dll] [Kaspersky Lab, 6.0.0.1]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\CKAHComm.dll] [Kaspersky Lab, 6.0.0.1]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ckahrule.dll] [Kaspersky Lab, 6.0.0.1]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\hashcont.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\hccmp.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\iwgen.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\uniarc.ppl] [Kaspersky Lab, 6.0.0.16]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\minizip.ppl] [Kaspersky Lab, 6.0.0.16]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\cab.ppl] [Kaspersky Lab, 6.0.0.16]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\arj.ppl] [Kaspersky Lab, 6.0.0.16]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\rar.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\lha.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\mdb.ppl] [Kaspersky Lab, 6.0.0.300]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\msoe.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\ods.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\buffer.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\memscan.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\memmodsc.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\ntfsstrm.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\btdisk.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\qb.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\startupenum2.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\inifile.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\btimages.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\prseqio.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\inflate.ppl] [Kaspersky Lab, 6.0.0.16]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\unstored.ppl] [Kaspersky Lab, 6.0.0.16]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\mc.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\smtpprotocoller.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pop3protocoller.ppl] [Kaspersky Lab, 6.0.0.300]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\imapprotocoller.ppl] [Kaspersky Lab, 6.0.0.300]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nntpprotocoller.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\unlzx.ppl] [Kaspersky Lab, 6.0.0.16]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\mdmap.ppl] [Kaspersky Lab, 6.0.0.16]
[PID: 1700][C:\WINDOWS\System32\cisvc.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1748][C:\WINDOWS\System32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.8185]

喜欢飞的感觉 - 2006-11-25 13:06:00

[PID: 2028][C:\WINDOWS\System32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 2032][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[PID: 2420][C:\WINDOWS\System32\cidaemon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2744][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\WINDOWS\System32\KakaTool.dll] [Beijing Rising Technology Co., Ltd., 2, 0, 2, 1]
[C:\WINDOWS\System32\xunleibho_v8.dll] [Thunder Networking Technologies,LTD, 4, 5, 1, 33]
[C:\WINDOWS\System32\dmadv.dll] [, 5, 2006, 10, 2]
[D:\qq\QQIEHelper.dll] [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[PID: 1828][d:\Thunder\Thunder.exe] [Thunder Networking Technologies,LTD, 5.0.6.98]
[d:\Thunder\UpdateDownload.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
[d:\Thunder\download_interface.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
[d:\Thunder\log4cplus.dll] [, 1, 0, 2, 1]
[d:\Thunder\stlport_vc646.dll] [STLport Consulting, Inc., 4.6.2003.1031]
[d:\Thunder\historyinfo_manage.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 73]
[d:\Thunder\iThunder.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 30]
[d:\Thunder\RegisterDll.dll] [Thunder Networking Technologies,LTD, 1, 0, 1, 4]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk] [N/A, N/A]
[PID: 2180][D:\sreng2(1)\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]

喜欢飞的感觉 - 2006-11-25 13:06:00

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
61.141.31.11 www.kzdh.com
61.141.31.11 www.7255.com
61.141.31.11 www.7322.com
61.141.31.11 www.7939.com
61.141.31.11 www.piaoxue.com
61.141.31.11 www.feixu.net
61.141.31.11 www.6781.com
61.141.31.11 www.7b.com.cn
61.141.31.11 7b.com.cn
61.141.31.11 www.918188.com
61.141.31.11 hao.allxue.com
61.141.31.11 good.allxue.com
61.141.31.11 baby.allxue.com
61.141.31.11 www.allxue.com
61.141.31.11 about.lank.la
61.141.31.11 www.x114x.com
61.141.31.11 www.37ss.com
61.141.31.11 www.7k.cc
61.141.31.11 www.73ss.com
61.141.31.11 www.hao123.com
61.141.31.11 www.81915.com
61.141.31.11 222.88.90.22
61.141.31.11 www.9991.com
61.141.31.11 www.my123.com
61.141.31.11 www.haokan123.com
61.141.31.11 www.5566.net
61.141.31.11 www.gjj.cc
61.141.31.11 www.2345.com
61.141.31.11 dl.hao318.com
61.141.31.11 www.123wa.com
61.141.31.11 www.ku886.com
61.141.31.11 www.5icrack.com
61.141.31.11 www.jjol.cn

==================================

喜欢飞的感觉 - 2006-11-25 13:07:00

终于贴好了,高手看一下啊

天健行者 - 2006-11-25 13:11:00

学习

红夜鬼1 - 2006-11-25 13:14:00

运行SREng2,使用“启动项目”－－注册表－－删除
C:\WINDOWS\down\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><c:\windows\system32\userinit.exe,c:\windows\system32\rundll32.exe i,> [N/A]
红色的不要

运行(双击)SRENG2，点“启动项目，服务，点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
Svchost.exe
Remote Packet Capture Protocol v.0
，选择“删除服务”
点“设置”选择“否”
重启按F８进入安全模式下
显示隐藏文件
删除：
C:\WINDOWS\down\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk
C:\Program Files\WinPcap\rpcapd.exe"
"C:\Program Files\WinPcap\rpcapd.ini
C:\WINDOWS\Hacker.com.cn.exe

查找HOSTS文件，用记事打开，清除里面的
只留这一项：127.0.0.1

喜欢飞的感觉 - 2006-11-25 13:55:00

C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk
"C:\Program Files\WinPcap\rpcapd.ini
C:\WINDOWS\Hacker.com.cn.exe
上面三个没找到怎么办
查找HOSTS文件
没有127.0.0.1其他都删了

红夜鬼1 - 2006-11-25 13:57:00

用WINRAR找找

喜欢飞的感觉 - 2006-11-25 14:22:00

郁闷，用WINRAR只找到一个
还有两个找不到C:\Program Files\WinPcap\rpcapd.ini
C:\WINDOWS\Hacker.com.cn.exe
，怎么办啊，红鬼老大还要麻烦你了

红夜鬼1 - 2006-11-25 14:28:00

我的电脑,工具,文件夹选项,查看,隐藏受保护的操作系统的文件推荐,勾去掉,再去找,找不到就算了

喜欢飞的感觉 - 2006-11-25 14:49:00

终于找到了Hacker.com.cn.exe
谢谢红老大了

愚蓝 - 2006-11-25 15:14:00

C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk
这一项也是病毒吗？

瑞星卡卡安全论坛